gm-skill 2.0.1477 → 2.0.1478

package/AGENTS.md

@@ -34,11 +34,11 @@ Agents dispatch verbs by writing to `.gm/exec-spool/in/<verb>/<N>.txt` (request
 
 **Orchestrator verbs**: `instruction`, `transition`, `phase-status`, `mutable-resolve`, `memorize-fire`, `residual-scan`, `auto-recall`.
 
-**Wasm-direct verbs**: `fs_read`, `fs_write`, `fs_stat`, `fs_readdir`, `kv_get`, `kv_put`, `kv_query`, `fetch`, `exec_js`, `env_get`, `recall`, `codesearch`, `memorize`, `memorize-prune`, `health`, `filter`, `git_status`, `branch_status`, `git_push`.
+**Wasm-direct verbs**: `fs_read`, `fs_write`, `fs_stat`, `fs_readdir`, `kv_get`, `kv_put`, `kv_query`, `fetch`, `exec_js`, `env_get`, `recall`, `codesearch`, `memorize`, `memorize-prune`, `health`, `filter`, `git_status`, `branch_status`, `git_push`, `git_add`, `git_commit`, `git_finalize`, `git_log`, `git_diff`, `git_show`, `git_fetch`, `git_branch`, `git_checkout`, `git_rm`, `git_revert`, `git_reset`.
 
 **memorize-prune verb**: deletes bad/superseded memories, pruning bad memory matters more than preserving good memory, since a wrong recall hit is worse than a miss. Two modes: explicit `{key}`/`{keys:[...]}` deletes exactly those mem keys (text + `-vec` embedding sibling) via the `host_kv_delete` host import; `{query}` returns review-only candidates (vector_top_k hits with keys) for the agent to judge, then re-dispatch with the stale `{keys:[...]}`. Query mode never auto-deletes by similarity, a blind similarity-delete is itself a bad-memory generator; the destructive step stays under agent judgment. Emits `memory.pruned` per deletion.
 
-**git verbs**: `git_status` returns `{dirty, modified, untracked, deleted, staged}` from `git status --porcelain`. `branch_status` returns `{branch, ahead, behind, remote}`, the `remote-pushed` witness. `git_push` is the ONLY admissible push surface, it gates on `git_porcelain()` non-empty (refuses dirty), emits `deviation.push-dirty` on attempt, and shells the push only when clean. A raw `git push` via Bash bypasses the gate and is itself a deviation; ccsniff `--git-discipline` flags it.
+**git verbs**: git is a first-class spool surface, never a shell command. Inspect: `git_status` returns `{dirty, modified, untracked, deleted, staged}`; `branch_status` returns `{branch, ahead, behind, remote}` (the `remote-pushed` witness); `git_log {count}` → `{commits:[{sha,subject}]}`; `git_diff {staged?,path?}`; `git_show {ref,stat?}`; `git_branch` → `{current,branches}`. Mutate: `git_add {paths|default -A}`; `git_commit {message,allow_empty?}` (argv-array, no shell quoting, porcelain-pre-checked → `nothing_to_commit`); `git_checkout {ref,create?}`; `git_fetch {remote}`; `git_rm {paths,cached?}`; `git_revert {paths→discard | ref→revert-commit}`; `git_reset {ref,mode}` (hard guarded behind explicit `mode:hard`). Push: `git_push` is the ONLY admissible raw push, gates on `git_porcelain()` (refuses dirty, emits `deviation.push-dirty`), rebase-retries on remote-moved. **`git_finalize {message}` is the bundled COMPLETE-phase surface**: add-all → commit → porcelain-clean-gate → `git_push`, emitting `git.commit`/`git.push` witnesses, in ONE dispatch instead of 4+ Bash events (token/turn conservation); nothing-to-commit still pushes unpushed commits. All git verbs route through the `host_git` import, which resolves `git`→`git.exe` (no `.cmd`-shim terminal flash on Windows) and accepts a JSON argv array (no commit-message shattering). A `bash`/`sh`/`shell`/`powershell` body whose command is git-dominant is gated at `check_dispatch` (rs-plugkit `gates.rs`) and mirrored in `lib/spool-dispatch.js`, emitting `deviation.bash-git-bypass` and naming the equivalent verb; raw git via Bash bypasses the porcelain gate and the witness ledger.
 
 **filter verb**: pure stdout → compact-stdout transformation. Body `{kind, input, ...opts}` where kind is one of `grep`, `ls`, `tree`, `json`, `diff`, `git-status`, `log`. Returns `{output, stats:{bytes_in, bytes_out, saved_pct, ...}}`. Pipe raw command output through filter before letting it enter context, in-wasm, no subprocess. The bootstrap fetches only `plugkit.wasm`, there is no separate filter/rtk binary download.
 

package/gm-plugkit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-plugkit",
-  "version": "2.0.1477",
+  "version": "2.0.1478",
   "description": "Bootstrap and daemon-spawn tool for gm plugkit binary. Downloads the correct platform binary, verifies SHA256, and starts the spool watcher daemon. Includes plugkit-wasm-wrapper for WASM-based spool watching.",
   "main": "index.js",
   "bin": {

package/gm-plugkit/plugkit-wasm-wrapper.js

@@ -1894,8 +1894,16 @@ function makeHostFunctions(instanceRef) {
         const args = readWasmStr(instanceRef.value, argsPtr, argsLen);
         const cwdStr = readWasmStr(instanceRef.value, cwdPtr, cwdLen);
         const cwd = cwdStr || process.cwd();
-        const argv = args.trim().split(/\s+/);
-        const result = _rawSpawnSync('git', argv, { encoding: 'utf-8', timeout: 30000, cwd, windowsHide: true });
+        let argv;
+        const trimmed = args.trim();
+        if (trimmed.startsWith('[')) {
+          try { argv = JSON.parse(trimmed); } catch { argv = trimmed.split(/\s+/); }
+          if (!Array.isArray(argv)) argv = String(argv).split(/\s+/);
+        } else {
+          argv = trimmed.split(/\s+/);
+        }
+        const gitBin = resolveWindowsExeLocal('git');
+        const result = _rawSpawnSync(gitBin, argv, { encoding: 'utf-8', timeout: 60000, cwd, windowsHide: true, stdio: ['ignore', 'pipe', 'pipe'] });
         return writeWasmJson(instanceRef.value, {
           stdout: result.stdout || '',
           stderr: result.stderr || '',

package/gm.json

@@ -1,6 +1,6 @@
 {
   "name": "gm",
-  "version": "2.0.1477",
+  "version": "2.0.1478",
   "description": "Spool-dispatch orchestration engine with unified state machine, skills, and automated git enforcement",
   "author": "AnEntrypoint",
   "license": "MIT",

package/lib/spool-dispatch.js

@@ -282,6 +282,19 @@ function checkDispatchGates(sessionId, operation, extra) {
         pending_step_id: pending.step_id,
       };
     }
+
+    if (['bash', 'sh', 'shell', 'zsh', 'powershell', 'ps1'].includes(extra.verb)) {
+      const cmd = String((extra.body && (extra.body.command || extra.body.code || extra.body.script)) || extra.command || '').trim();
+      const first = cmd.split(/\s+/)[0] || '';
+      const gitDominant = first === 'git' || /[\\/]git$/.test(first) || cmd.startsWith('git ');
+      if (gitDominant) {
+        logDeviation('deviation.bash-git-bypass', { verb: extra.verb, cmd: cmd.slice(0, 80) });
+        return {
+          allowed: false,
+          reason: `bash-git-bypass: a \`${extra.verb}\` verb invoking \`git\` is denied — git is a first-class spool surface, not a shell command. Use the git verb: git_status/git_log/git_diff/git_show/git_branch (inspect); git_add/git_commit/git_finalize/git_push (stage/commit/push); git_checkout/git_fetch/git_rm/git_revert/git_reset (mutate). git_finalize {message} bundles add→commit→porcelain-gate→push in ONE dispatch.`,
+        };
+      }
+    }
   }
 
   if (['stop', 'complete'].includes(operation)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-skill",
-  "version": "2.0.1477",
+  "version": "2.0.1478",
   "description": "Canonical universal harness — AI-native software engineering via skill-driven orchestration; bootstraps plugkit for task execution and session isolation. Install in any AI coding agent host.",
   "author": "AnEntrypoint",
   "license": "MIT",

package/skills/gm-skill/SKILL.md

@@ -26,7 +26,7 @@ Every turn: dispatch `instruction` (you are the one dispatching it), read the re
 
 **Search routes through the spool, never a platform search agent.** For any code, file, or symbol search — whereabouts, "where is X defined", "what calls Y", grepping the tree — you dispatch the `codesearch` verb (`.gm/exec-spool/in/codesearch/<N>.txt` with `{"query":"..."}`), and for prior-knowledge you dispatch `recall`. You do NOT reach for the platform's Explore agent, a Task/general-purpose search subagent, raw `grep`/`Glob`, or any host-native code-search; those are not substitutes for `codesearch`, exactly as puppeteer is not a substitute for the `browser` verb. They bypass the spool, the committed code-search index, and the recall-grounded discipline — the search becomes invisible to gmsniff, ungrounded in what the project already learned, and non-portable across harnesses. The orient fan-out at PLAN is `recall` + `codesearch` in parallel; every ad-hoc lookup mid-EXECUTE is a `codesearch` dispatch too. Reaching outside the spool for search is the same drift as reaching outside it for the browser: the capability exists as a verb, so you use the verb.
 
-**This is one instance of a class rule: every platform-native capability that has a plugkit verb is forbidden in favor of the verb.** Your `allowed-tools` already blocks raw shell beyond the boot commands, but a harness can still offer the capability as its own first-class tool or subagent that slips past that restriction — a search/Explore agent, a web-fetch or web-search tool, a plan/architect subagent, a notebook editor. For each, the plugkit verb is the only admissible surface: code/file/symbol search → `codesearch`; prior knowledge → `recall`; fetching a URL or searching the web → the `fetch` verb (`.gm/exec-spool/in/fetch/`); running code → `exec_js` / the exec spool; a real browser → the `browser` verb; persisting memory → `memorize-fire`. The native tool is never the substitute, for the same three reasons every time: it bypasses the spool (invisible to the ledger), it bypasses the project's committed index and learned memory (ungrounded), and it is non-portable across harnesses (a different agent host has a different native tool, so a discipline built on the native tool does not transport — only the verb does). When you reach for any capability, the question is not "what tool does my platform give me" but "what verb does plugkit expose for this"; if a verb exists, the native tool is off-limits, and if no verb exists the gap is a missing verb to add, not a license to reach around the spool.
+**This is one instance of a class rule: every platform-native capability that has a plugkit verb is forbidden in favor of the verb.** Your `allowed-tools` already blocks raw shell beyond the boot commands, but a harness can still offer the capability as its own first-class tool or subagent that slips past that restriction — a search/Explore agent, a web-fetch or web-search tool, a plan/architect subagent, a notebook editor. For each, the plugkit verb is the only admissible surface: code/file/symbol search → `codesearch`; prior knowledge → `recall`; fetching a URL or searching the web → the `fetch` verb (`.gm/exec-spool/in/fetch/`); running code → `exec_js` / the exec spool; a real browser → the `browser` verb; persisting memory → `memorize-fire`; **any git operation → the git verbs** (`git_status`/`git_log`/`git_diff`/`git_show`/`git_branch` to inspect, `git_add`/`git_commit`/`git_finalize`/`git_push` to stage-commit-push, `git_checkout`/`git_fetch`/`git_rm`/`git_revert`/`git_reset` to mutate) — `git_finalize {message}` bundles add→commit→porcelain-gate→push in ONE dispatch and is the COMPLETE-phase push surface, so you never shell `git` via Bash and never spend 4 tool-use events on what is one verb; a `bash`/`sh`/`powershell` body that invokes git is gated (`deviation.bash-git-bypass`). The native tool is never the substitute, for the same three reasons every time: it bypasses the spool (invisible to the ledger), it bypasses the project's committed index and learned memory (ungrounded), and it is non-portable across harnesses (a different agent host has a different native tool, so a discipline built on the native tool does not transport — only the verb does). When you reach for any capability, the question is not "what tool does my platform give me" but "what verb does plugkit expose for this"; if a verb exists, the native tool is off-limits, and if no verb exists the gap is a missing verb to add, not a license to reach around the spool.
 
 **Boot before dispatching. Always check first.** Writing to `.gm/exec-spool/in/instruction/N.txt` while the watcher is dead is the canonical cold-start failure, the request sits forever, you read no response, you fabricate the chain from memory of the prose. The spool directory's existence does NOT mean the watcher is alive; `.status.json` mtime within the last 15s does. The leftover `.status.json` from yesterday's dead watcher is the most common trap.
 

package/lib/git.js

@@ -1,331 +0,0 @@
-const path = require('path');
-const fs = require('fs');
-const os = require('os');
-
-const GIT_USER = 'lanmower';
-const GIT_EMAIL = 'almagestfraternite@gmail.com';
-
-function emitGitEvent(severity, message, data = {}) {
-  const logDir = path.join(os.homedir(), '.claude', 'gm-log', new Date().toISOString().split('T')[0]);
-  if (!fs.existsSync(logDir)) {
-    try { fs.mkdirSync(logDir, { recursive: true }); } catch (e) {}
-  }
-  const logFile = path.join(logDir, 'git.jsonl');
-  try {
-    fs.appendFileSync(logFile, JSON.stringify({
-      ts: new Date().toISOString(),
-      subsystem: 'git',
-      severity,
-      message,
-      ...data,
-    }) + '\n');
-  } catch (e) {}
-}
-
-function escapeShellArg(arg) {
-  if (os.platform() === 'win32') {
-    if (!arg) return '""';
-    if (/^[a-zA-Z0-9._\-/:=\\]+$/.test(arg)) return arg;
-    return '"' + arg.replace(/"/g, '\\"').replace(/\$/g, '\\$').replace(/`/g, '\\`') + '"';
-  }
-  if (!arg) return "''";
-  if (/^[a-zA-Z0-9._\-/:=]+$/.test(arg)) return arg;
-  return "'" + arg.replace(/'/g, "'\"'\"'") + "'";
-}
-
-function parseGitStatus(porcelain) {
-  const isDirty = porcelain.trim().length > 0;
-  const lines = porcelain.trim().split('\n').filter(l => l.length > 0);
-  const modified = lines.filter(l => /^[ AM][MD]/.test(l)).map(l => l.substring(3));
-  const untracked = lines.filter(l => /^\?\?/.test(l)).map(l => l.substring(3));
-  const deleted = lines.filter(l => /^[ A]D/.test(l)).map(l => l.substring(3));
-  return { isDirty, modified, untracked, deleted, all: modified.concat(untracked, deleted) };
-}
-
-async function sendSpoolRequest(lang, code, timeoutMs = 30000) {
-  const gmDir = path.join(process.cwd(), '.gm');
-  const spoolIn = path.join(gmDir, 'exec-spool', 'in', lang);
-  const spoolOut = path.join(gmDir, 'exec-spool', 'out');
-
-  if (!fs.existsSync(spoolIn)) {
-    try { fs.mkdirSync(spoolIn, { recursive: true }); } catch (e) {}
-  }
-
-  let taskId = '';
-  try {
-    taskId = fs.readdirSync(spoolOut).filter(f => f.endsWith('.json')).length + 1;
-  } catch (e) {
-    taskId = Math.random().toString(36).substring(7);
-  }
-
-  const ext = lang === 'bash' ? 'sh' : 'js';
-  const inPath = path.join(spoolIn, `${taskId}.${ext}`);
-  const outPath = path.join(spoolOut, `${taskId}.out`);
-  const errPath = path.join(spoolOut, `${taskId}.err`);
-  const jsonPath = path.join(spoolOut, `${taskId}.json`);
-
-  try {
-    fs.writeFileSync(inPath, code, 'utf8');
-  } catch (e) {
-    emitGitEvent('error', 'Could not write spool file', { path: inPath, error: e.message });
-    throw new Error(`Could not write spool request: ${e.message}`);
-  }
-
-  const startTime = Date.now();
-  const deadline = startTime + timeoutMs;
-
-  while (Date.now() < deadline) {
-    if (fs.existsSync(jsonPath)) {
-      try {
-        const metadata = JSON.parse(fs.readFileSync(jsonPath, 'utf8'));
-        const stdout = fs.existsSync(outPath) ? fs.readFileSync(outPath, 'utf8') : '';
-        const stderr = fs.existsSync(errPath) ? fs.readFileSync(errPath, 'utf8') : '';
-        return { ok: !metadata.timedOut && metadata.exitCode === 0, stdout, stderr, exitCode: metadata.exitCode, durationMs: metadata.durationMs };
-      } catch (e) {
-        emitGitEvent('error', 'Could not parse spool response', { path: jsonPath, error: e.message });
-      }
-    }
-    await new Promise(r => setTimeout(r, 100));
-  }
-
-  throw new Error(`Spool request timed out after ${timeoutMs}ms`);
-}
-
-async function commit(message, files = [], sessionId = 'unknown') {
-  emitGitEvent('info', 'commit() called', { message: message.substring(0, 72), fileCount: files.length, sessionId });
-
-  if (!message || message.trim().length === 0) {
-    emitGitEvent('error', 'commit message required', { sessionId });
-    throw new Error('Commit message required');
-  }
-
-  const summary = message.split('\n')[0];
-  if (summary.length > 72) {
-    emitGitEvent('warn', 'commit summary exceeds 72 chars', { length: summary.length, sessionId });
-  }
-
-  const filesToStage = files && files.length > 0 ? files : ['.'];
-  const stageCmd = filesToStage.map(f => `git add ${escapeShellArg(f)}`).join(' && ');
-  const commitMsg = message.replace(/"/g, '\\"').replace(/\$/g, '\\$').replace(/`/g, '\\`');
-  const commitCmd = `git -c user.name=${escapeShellArg(GIT_USER)} -c user.email=${escapeShellArg(GIT_EMAIL)} commit -m "${commitMsg}"`;
-
-  const script = `${stageCmd} && ${commitCmd}`;
-
-  try {
-    const result = await sendSpoolRequest('bash', script, 30000);
-    if (!result.ok) {
-      const err = result.stderr || result.stdout || 'unknown error';
-      emitGitEvent('error', 'commit failed', { error: err.substring(0, 200), sessionId });
-      throw new Error(`Commit failed: ${err}`);
-    }
-    emitGitEvent('info', 'commit succeeded', { message: summary, fileCount: files.length, sessionId });
-    return { ok: true, message: summary };
-  } catch (e) {
-    emitGitEvent('error', 'commit error', { error: e.message, sessionId });
-    throw e;
-  }
-}
-
-async function push(branch = 'main', sessionId = 'unknown') {
-  emitGitEvent('info', 'push() called', { branch, sessionId });
-
-  const pushCmd = `git push origin ${escapeShellArg(branch)} 2>&1`;
-
-  try {
-    const result = await sendSpoolRequest('bash', pushCmd, 60000);
-    if (!result.ok || result.stderr.includes('fatal') || result.stdout.includes('fatal')) {
-      const err = result.stderr || result.stdout || 'unknown error';
-
-      if (err.includes('remote: error') || err.includes('Permission denied')) {
-        emitGitEvent('error', 'push auth failed', { branch, sessionId });
-        throw new Error(`Push authentication failed. Check credentials for branch: ${branch}\n${err}`);
-      }
-      if (err.includes('no changes added') || err.includes('nothing to commit')) {
-        emitGitEvent('info', 'push: nothing to push', { branch, sessionId });
-        return { ok: true, message: 'nothing to push' };
-      }
-      emitGitEvent('error', 'push failed', { error: err.substring(0, 200), branch, sessionId });
-      throw new Error(`Push failed: ${err}`);
-    }
-    emitGitEvent('info', 'push succeeded', { branch, sessionId });
-    return { ok: true, message: `pushed ${branch}` };
-  } catch (e) {
-    emitGitEvent('error', 'push error', { error: e.message, branch, sessionId });
-    throw e;
-  }
-}
-
-async function status(sessionId = 'unknown') {
-  emitGitEvent('info', 'status() called', { sessionId });
-
-  const statusCmd = 'git status --porcelain';
-
-  try {
-    const result = await sendSpoolRequest('bash', statusCmd, 10000);
-    if (!result.ok) {
-      emitGitEvent('error', 'status failed', { error: result.stderr, sessionId });
-      throw new Error(`Status check failed: ${result.stderr}`);
-    }
-
-    const parsed = parseGitStatus(result.stdout);
-    emitGitEvent('info', 'status retrieved', { isDirty: parsed.isDirty, modifiedCount: parsed.modified.length, sessionId });
-    return { ok: true, ...parsed };
-  } catch (e) {
-    emitGitEvent('error', 'status error', { error: e.message, sessionId });
-    throw e;
-  }
-}
-
-async function diff(sessionId = 'unknown') {
-  emitGitEvent('info', 'diff() called', { sessionId });
-
-  const diffCmd = 'git diff HEAD';
-
-  try {
-    const result = await sendSpoolRequest('bash', diffCmd, 30000);
-    if (!result.ok && !result.stdout) {
-      emitGitEvent('error', 'diff failed', { error: result.stderr, sessionId });
-      throw new Error(`Diff failed: ${result.stderr}`);
-    }
-
-    emitGitEvent('info', 'diff retrieved', { hasChanges: result.stdout.length > 0, sessionId });
-    return { ok: true, diff: result.stdout };
-  } catch (e) {
-    emitGitEvent('error', 'diff error', { error: e.message, sessionId });
-    throw e;
-  }
-}
-
-async function log(sessionId = 'unknown', count = 10) {
-  emitGitEvent('info', 'log() called', { count, sessionId });
-
-  const logCmd = `git log -${count} --oneline`;
-
-  try {
-    const result = await sendSpoolRequest('bash', logCmd, 10000);
-    if (!result.ok) {
-      emitGitEvent('error', 'log failed', { error: result.stderr, sessionId });
-      throw new Error(`Log failed: ${result.stderr}`);
-    }
-
-    const commits = result.stdout.trim().split('\n').filter(l => l.length > 0);
-    emitGitEvent('info', 'log retrieved', { commitCount: commits.length, sessionId });
-    return { ok: true, commits };
-  } catch (e) {
-    emitGitEvent('error', 'log error', { error: e.message, sessionId });
-    throw e;
-  }
-}
-
-async function checkout(branch, sessionId = 'unknown') {
-  emitGitEvent('info', 'checkout() called', { branch, sessionId });
-
-  if (!branch || branch.trim().length === 0) {
-    emitGitEvent('error', 'branch name required', { sessionId });
-    throw new Error('Branch name required');
-  }
-
-  const checkCmd = `git rev-parse --verify ${escapeShellArg(branch)} 2>&1`;
-
-  try {
-    const checkResult = await sendSpoolRequest('bash', checkCmd, 10000);
-    if (!checkResult.ok || checkResult.stderr.includes('fatal') || checkResult.stdout.includes('fatal')) {
-      emitGitEvent('error', 'checkout: branch not found', { branch, sessionId });
-      throw new Error(`Branch not found: ${branch}`);
-    }
-
-    const checkoutCmd = `git checkout ${escapeShellArg(branch)}`;
-    const result = await sendSpoolRequest('bash', checkoutCmd, 10000);
-
-    if (!result.ok) {
-      emitGitEvent('error', 'checkout failed', { error: result.stderr, branch, sessionId });
-      throw new Error(`Checkout failed: ${result.stderr}`);
-    }
-
-    emitGitEvent('info', 'checkout succeeded', { branch, sessionId });
-    return { ok: true, branch };
-  } catch (e) {
-    emitGitEvent('error', 'checkout error', { error: e.message, branch, sessionId });
-    throw e;
-  }
-}
-
-async function rebase(upstream, sessionId = 'unknown') {
-  emitGitEvent('info', 'rebase() called', { upstream, sessionId });
-
-  if (!upstream || upstream.trim().length === 0) {
-    emitGitEvent('error', 'upstream branch required', { sessionId });
-    throw new Error('Upstream branch required');
-  }
-
-  const rebaseCmd = `git rebase ${escapeShellArg(upstream)} 2>&1`;
-
-  try {
-    const result = await sendSpoolRequest('bash', rebaseCmd, 60000);
-
-    if (result.stderr.includes('CONFLICT') || result.stdout.includes('CONFLICT')) {
-      emitGitEvent('warn', 'rebase: conflicts detected', { upstream, sessionId });
-      const statusCmd = 'git status --porcelain';
-      const statusResult = await sendSpoolRequest('bash', statusCmd, 10000);
-      const conflicts = statusResult.stdout.split('\n').filter(l => l.startsWith('UU') || l.startsWith('AA') || l.startsWith('DD'));
-      return { ok: false, conflicts: true, conflictFiles: conflicts, message: 'Rebase halted due to conflicts. Resolve conflicts and run git rebase --continue' };
-    }
-
-    if (!result.ok) {
-      emitGitEvent('error', 'rebase failed', { error: result.stderr, upstream, sessionId });
-      throw new Error(`Rebase failed: ${result.stderr}`);
-    }
-
-    emitGitEvent('info', 'rebase succeeded', { upstream, sessionId });
-    return { ok: true, upstream };
-  } catch (e) {
-    emitGitEvent('error', 'rebase error', { error: e.message, upstream, sessionId });
-    throw e;
-  }
-}
-
-async function cherryPick(commit, sessionId = 'unknown') {
-  emitGitEvent('info', 'cherryPick() called', { commit, sessionId });
-
-  if (!commit || commit.trim().length === 0) {
-    emitGitEvent('error', 'commit hash required', { sessionId });
-    throw new Error('Commit hash required');
-  }
-
-  const pickCmd = `git cherry-pick ${escapeShellArg(commit)} 2>&1`;
-
-  try {
-    const result = await sendSpoolRequest('bash', pickCmd, 60000);
-
-    if (result.stderr.includes('CONFLICT') || result.stdout.includes('CONFLICT')) {
-      emitGitEvent('warn', 'cherry-pick: conflicts detected', { commit, sessionId });
-      return { ok: false, conflicts: true, message: 'Cherry-pick halted due to conflicts. Resolve conflicts and run git cherry-pick --continue' };
-    }
-
-    if (!result.ok) {
-      emitGitEvent('error', 'cherry-pick failed', { error: result.stderr, commit, sessionId });
-      throw new Error(`Cherry-pick failed: ${result.stderr}`);
-    }
-
-    emitGitEvent('info', 'cherry-pick succeeded', { commit, sessionId });
-    return { ok: true, commit };
-  } catch (e) {
-    emitGitEvent('error', 'cherry-pick error', { error: e.message, commit, sessionId });
-    throw e;
-  }
-}
-
-module.exports = {
-  commit,
-  push,
-  status,
-  diff,
-  log,
-  checkout,
-  rebase,
-  cherryPick,
-  escapeShellArg,
-  parseGitStatus,
-  GIT_USER,
-  GIT_EMAIL,
-};