gsd-antigravity-kit 1.27.3 → 1.30.0

package/.agent/skills/gsd/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: gsd
-version: 1.28.0
+version: 1.30.0
 description: "Antigravity GSD (Get Stuff Done) - A spec-driven hierarchical planning and execution system. Triggers on project planning, phase management, and GSD slash commands."
 ---
 
@@ -183,4 +183,4 @@ General documentation on the GSD philosophy, usage patterns, and configuration.
 5.  **CLI Invocation**: `gsd-tools` is **NOT** a global command. Always invoke it with the full node path: `node .agent/skills/gsd/bin/gsd-tools.cjs <command> [args]`. Never run `gsd-tools` bare.
 
 ---
-*Generated by gsd-converter on 2026-03-22*
+*Generated by gsd-converter on 2026-03-28*

package/.agent/skills/gsd/assets/templates/config.json

@@ -39,5 +39,6 @@
   },
   "hooks": {
     "context_warnings": true
-  }
+  },
+  "agent_skills": {}
 }

package/.agent/skills/gsd/bin/gsd-tools.cjs

@@ -458,6 +458,11 @@ async function runCommand(command, args, cwd, raw) {
     break;
   }
 
+  case 'agent-skills': {
+    init.cmdAgentSkills(cwd, args[1], raw);
+    break;
+  }
+
   case 'history-digest': {
     commands.cmdHistoryDigest(cwd, raw);
     break;
@@ -553,8 +558,10 @@ async function runCommand(command, args, cwd, raw) {
     } else if (subcommand === 'health') {
     const repairFlag = args.includes('--repair');
     verify.cmdValidateHealth(cwd, { repair: repairFlag }, raw);
+    } else if (subcommand === 'agents') {
+    verify.cmdValidateAgents(cwd, raw);
     } else {
-    error('Unknown validate subcommand. Available: consistency, health');
+    error('Unknown validate subcommand. Available: consistency, health, agents');
     }
     break;
   }
@@ -571,6 +578,18 @@ async function runCommand(command, args, cwd, raw) {
     break;
   }
 
+  case 'uat': {
+    const subcommand = args[1];
+    const uat = require('./lib/uat.cjs');
+    if (subcommand === 'render-checkpoint') {
+    const options = parseNamedArgs(args, ['file']);
+    uat.cmdRenderCheckpoint(cwd, options, raw);
+    } else {
+    error('Unknown uat subcommand. Available: render-checkpoint');
+    }
+    break;
+  }
+
   case 'stats': {
     const subcommand = args[1] || 'json';
     commands.cmdStats(cwd, subcommand, raw);

package/.agent/skills/gsd/bin/help-manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.28.0",
+  "version": "1.30.0",
   "commands": {
     "add-backlog": {
       "description": "Add an idea to the backlog parking lot (999.x numbering)"

package/.agent/skills/gsd/bin/hooks/gsd-check-update.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// gsd-hook-version: 1.28.0
+// gsd-hook-version: 1.30.0
 // Check for GSD updates in background, write result to cache
 // Called by SessionStart hook - runs once per session
 

package/.agent/skills/gsd/bin/hooks/gsd-context-monitor.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// gsd-hook-version: 1.28.0
+// gsd-hook-version: 1.30.0
 // Context Monitor - PostToolUse/AfterTool hook (Gemini uses AfterTool)
 // Reads context metrics from the statusline bridge file and injects
 // warnings when context usage is high. This makes the AGENT aware of

package/.agent/skills/gsd/bin/hooks/gsd-prompt-guard.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// gsd-hook-version: 1.28.0
+// gsd-hook-version: 1.30.0
 // GSD Prompt Injection Guard — PreToolUse hook
 // Scans file content being written to .planning/ for prompt injection patterns.
 // Defense-in-depth: catches injected instructions before they enter agent context.

package/.agent/skills/gsd/bin/hooks/gsd-statusline.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// gsd-hook-version: 1.28.0
+// gsd-hook-version: 1.30.0
 // Antigravity Statusline - GSD Edition
 // Shows: model | current task | directory | context usage
 

package/.agent/skills/gsd/bin/hooks/gsd-workflow-guard.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-// gsd-hook-version: 1.28.0
+// gsd-hook-version: 1.30.0
 // GSD Workflow Guard — PreToolUse hook
 // Detects when Antigravity attempts file edits outside a GSD workflow context
 // (no active /gsd: command or Task subagent) and injects an advisory warning.

package/.agent/skills/gsd/bin/lib/config.cjs

@@ -27,6 +27,18 @@ const VALID_CONFIG_KEYS = new Set([
   'hooks.context_warnings',
 ]);
 
+/**
+ * Check whether a config key path is valid.
+ * Supports exact matches from VALID_CONFIG_KEYS plus dynamic patterns
+ * like `agent_skills.<agent-type>` where the sub-key is freeform.
+ */
+function isValidConfigKey(keyPath) {
+  if (VALID_CONFIG_KEYS.has(keyPath)) return true;
+  // Allow agent_skills.<agent-type> with any agent type string
+  if (/^agent_skills\.[a-zA-Z0-9_-]+$/.test(keyPath)) return true;
+  return false;
+}
+
 const CONFIG_KEY_SUGGESTIONS = {
   'workflow.nyquist_validation_enabled': 'workflow.nyquist_validation',
   'agents.nyquist_validation_enabled': 'workflow.nyquist_validation',
@@ -120,6 +132,7 @@ function buildNewProjectConfig(userChoices) {
   hooks: {
     context_warnings: true,
   },
+  agent_skills: {},
   };
 
   // Three-level deep merge: hardcoded <- userDefaults <- choices
@@ -142,6 +155,11 @@ function buildNewProjectConfig(userChoices) {
     ...(userDefaults.hooks || {}),
     ...(choices.hooks || {}),
   },
+  agent_skills: {
+    ...hardcoded.agent_skills,
+    ...(userDefaults.agent_skills || {}),
+    ...(choices.agent_skills || {}),
+  },
   };
 }
 
@@ -298,15 +316,18 @@ function cmdConfigSet(cwd, keyPath, value, raw) {
 
   validateKnownConfigKeyPath(keyPath);
 
-  if (!VALID_CONFIG_KEYS.has(keyPath)) {
-  error(`Unknown config key: "${keyPath}". Valid keys: ${[...VALID_CONFIG_KEYS].sort().join(', ')}`);
+  if (!isValidConfigKey(keyPath)) {
+  error(`Unknown config key: "${keyPath}". Valid keys: ${[...VALID_CONFIG_KEYS].sort().join(', ')}, agent_skills.<agent-type>`);
   }
 
-  // Parse value (handle booleans and numbers)
+  // Parse value (handle booleans, numbers, and JSON arrays/objects)
   let parsedValue = value;
   if (value === 'true') parsedValue = true;
   else if (value === 'false') parsedValue = false;
   else if (!isNaN(value) && value !== '') parsedValue = Number(value);
+  else if (typeof value === 'string' && (value.startsWith('[') || value.startsWith('{'))) {
+  try { parsedValue = JSON.parse(value); } catch { /* keep as string */ }
+  }
 
   const setConfigValueResult = setConfigValue(cwd, keyPath, parsedValue);
   output(setConfigValueResult, raw, `${keyPath}=${parsedValue}`);

package/.agent/skills/gsd/bin/lib/core.cjs

@@ -58,13 +58,22 @@ function findProjectRoot(startDir) {
   const root = path.parse(resolved).root;
   const homedir = require('os').homedir();
 
-  // Check if startDir or any of its ancestors (up to but not including a
+  // If startDir already contains .planning/, it IS the project root.
+  // Do not walk up to a parent workspace that also has .planning/ (#1362).
+  const ownPlanning = path.join(resolved, '.planning');
+  if (fs.existsSync(ownPlanning) && fs.statSync(ownPlanning).isDirectory()) {
+  return startDir;
+  }
+
+  // Check if startDir or any of its ancestors (up to AND including the
   // candidate project root) contains a .git directory. This handles both
-  // `backend/` (direct sub-repo) and `backend/src/modules/` (nested inside).
+  // `backend/` (direct sub-repo) and `backend/src/modules/` (nested inside),
+  // as well as the common case where .git lives at the same level as .planning/.
   function isInsideGitRepo(candidateParent) {
   let d = resolved;
-  while (d !== candidateParent && d !== root) {
+  while (d !== root) {
     if (fs.existsSync(path.join(d, '.git'))) return true;
+    if (d === candidateParent) break;
     d = path.dirname(d);
   }
   return false;
@@ -355,6 +364,7 @@ function loadConfig(cwd) {
     context_window: get('context_window') ?? defaults.context_window,
     phase_naming: get('phase_naming') ?? defaults.phase_naming,
     model_overrides: parsed.model_overrides || null,
+    agent_skills: parsed.agent_skills || {},
   };
   } catch {
   return defaults;
@@ -977,6 +987,58 @@ function getRoadmapPhaseInternal(cwd, phaseNum) {
   }
 }
 
+// ─── Agent installation validation (#1371) ───────────────────────────────────
+
+/**
+ * Resolve the agents directory from the GSD install location.
+ * gsd-tools.cjs lives at <configDir>/get-shit-done/bin/gsd-tools.cjs,
+ * so agents/ is at <configDir>/agents/.
+ *
+ * @returns {string} Absolute path to the agents directory
+ */
+function getAgentsDir() {
+  // __dirname is get-shit-done/bin/lib/ → go up 3 levels to configDir
+  return path.join(__dirname, '..', '..', '..', 'agents');
+}
+
+/**
+ * Check which GSD agents are installed on disk.
+ * Returns an object with installation status and details.
+ *
+ * @returns {{ agents_installed: boolean, missing_agents: string[], installed_agents: string[], agents_dir: string }}
+ */
+function checkAgentsInstalled() {
+  const agentsDir = getAgentsDir();
+  const expectedAgents = Object.keys(MODEL_PROFILES);
+  const installed = [];
+  const missing = [];
+
+  if (!fs.existsSync(agentsDir)) {
+  return {
+    agents_installed: false,
+    missing_agents: expectedAgents,
+    installed_agents: [],
+    agents_dir: agentsDir,
+  };
+  }
+
+  for (const agent of expectedAgents) {
+  const agentFile = path.join(agentsDir, `${agent}.md`);
+  if (fs.existsSync(agentFile)) {
+    installed.push(agent);
+  } else {
+    missing.push(agent);
+  }
+  }
+
+  return {
+  agents_installed: installed.length > 0 && missing.length === 0,
+  missing_agents: missing,
+  installed_agents: installed,
+  agents_dir: agentsDir,
+  };
+}
+
 // ─── Model alias resolution ───────────────────────────────────────────────────
 
 /**
@@ -1222,4 +1284,6 @@ module.exports = {
   filterSummaryFiles,
   getPhaseFileStats,
   readSubdirectories,
+  getAgentsDir,
+  checkAgentsInstalled,
 };

package/.agent/skills/gsd/bin/lib/frontmatter.cjs

@@ -167,57 +167,86 @@ function parseMustHavesBlock(content, blockName) {
   if (!fmMatch) return [];
 
   const yaml = fmMatch[1];
-  // Find the block (e.g., "truths:", "artifacts:", "key_links:")
-  const blockPattern = new RegExp(`^\\s{4}${blockName}:\\s*$`, 'm');
-  const blockStart = yaml.search(blockPattern);
+
+  // Find must_haves: first to detect its indentation level
+  const mustHavesMatch = yaml.match(/^(\s*)must_haves:\s*$/m);
+  if (!mustHavesMatch) return [];
+  const mustHavesIndent = mustHavesMatch[1].length;
+
+  // Find the block (e.g., "truths:", "artifacts:", "key_links:") under must_haves
+  // It must be indented more than must_haves but we detect the actual indent dynamically
+  const blockPattern = new RegExp(`^(\\s+)${blockName}:\\s*$`, 'm');
+  const blockMatch = yaml.match(blockPattern);
+  if (!blockMatch) return [];
+
+  const blockIndent = blockMatch[1].length;
+  // The block must be nested under must_haves (more indented)
+  if (blockIndent <= mustHavesIndent) return [];
+
+  // Find where the block starts in the yaml string
+  const blockStart = yaml.indexOf(blockMatch[0]);
   if (blockStart === -1) return [];
 
   const afterBlock = yaml.slice(blockStart);
   const blockLines = afterBlock.split(/\r?\n/).slice(1); // skip the header line
 
+  // List items are indented one level deeper than blockIndent
+  // Continuation KVs are indented one level deeper than list items
   const items = [];
   let current = null;
+  let listItemIndent = -1; // detected from first "- " line
 
   for (const line of blockLines) {
-  // Stop at same or lower indent level (non-continuation)
+  // Skip empty lines
   if (line.trim() === '') continue;
   const indent = line.match(/^(\s*)/)[1].length;
-  if (indent <= 4 && line.trim() !== '') break; // back to must_haves level or higher
+  // Stop at same or lower indent level than the block header
+  if (indent <= blockIndent && line.trim() !== '') break;
+
+  const trimmed = line.trim();
 
-  if (line.match(/^\s{6}-\s+/)) {
-    // New list item at 6-space indent
+  if (trimmed.startsWith('- ')) {
+    // Detect list item indent from the first occurrence
+    if (listItemIndent === -1) listItemIndent = indent;
+
+    // Only treat as a top-level list item if at the expected indent
+    if (indent === listItemIndent) {
     if (current) items.push(current);
     current = {};
-    // Check if it's a simple string item
-    const simpleMatch = line.match(/^\s{6}-\s+"?([^"]+)"?\s*$/);
-    if (simpleMatch && !line.includes(':')) {
-    current = simpleMatch[1];
+    const afterDash = trimmed.slice(2);
+    // Check if it's a simple string item (no colon means not a key-value)
+    if (!afterDash.includes(':')) {
+      current = afterDash.replace(/^["']|["']$/g, '');
     } else {
-    // Key-value on same line as dash: "- path: value"
-    const kvMatch = line.match(/^\s{6}-\s+(\w+):\s*"?([^"]*)"?\s*$/);
-    if (kvMatch) {
+      // Key-value on same line as dash: "- path: value"
+      const kvMatch = afterDash.match(/^(\w+):\s*"?([^"]*)"?\s*$/);
+      if (kvMatch) {
       current = {};
       current[kvMatch[1]] = kvMatch[2];
+      }
     }
+    continue;
     }
-  } else if (current && typeof current === 'object') {
-    // Continuation key-value at 8+ space indent
-    const kvMatch = line.match(/^\s{8,}(\w+):\s*"?([^"]*)"?\s*$/);
-    if (kvMatch) {
-    const val = kvMatch[2];
-    // Try to parse as number
-    current[kvMatch[1]] = /^\d+$/.test(val) ? parseInt(val, 10) : val;
-    }
-    // Array items under a key
-    const arrMatch = line.match(/^\s{10,}-\s+"?([^"]+)"?\s*$/);
-    if (arrMatch) {
-    // Find the last key added and convert to array
+  }
+
+  if (current && typeof current === 'object' && indent > listItemIndent) {
+    // Continuation key-value or nested array item
+    if (trimmed.startsWith('- ')) {
+    // Array item under a key
+    const arrVal = trimmed.slice(2).replace(/^["']|["']$/g, '');
     const keys = Object.keys(current);
     const lastKey = keys[keys.length - 1];
     if (lastKey && !Array.isArray(current[lastKey])) {
       current[lastKey] = current[lastKey] ? [current[lastKey]] : [];
     }
-    if (lastKey) current[lastKey].push(arrMatch[1]);
+    if (lastKey) current[lastKey].push(arrVal);
+    } else {
+    const kvMatch = trimmed.match(/^(\w+):\s*"?([^"]*)"?\s*$/);
+    if (kvMatch) {
+      const val = kvMatch[2];
+      // Try to parse as number
+      current[kvMatch[1]] = /^\d+$/.test(val) ? parseInt(val, 10) : val;
+    }
     }
   }
   }

package/.agent/skills/gsd/bin/lib/init.cjs

@@ -5,7 +5,7 @@
 const fs = require('fs');
 const path = require('path');
 const { execSync } = require('child_process');
-const { loadConfig, resolveModelInternal, findPhaseInternal, getRoadmapPhaseInternal, pathExistsInternal, generateSlugInternal, getMilestoneInfo, getMilestonePhaseFilter, stripShippedMilestones, extractCurrentMilestone, normalizePhaseName, planningPaths, planningDir, planningRoot, toPosixPath, output, error , buildPhaseBase, applyIncludes } = require('./core.cjs');
+const { loadConfig, resolveModelInternal, findPhaseInternal, getRoadmapPhaseInternal, pathExistsInternal, generateSlugInternal, getMilestoneInfo, getMilestonePhaseFilter, stripShippedMilestones, extractCurrentMilestone, normalizePhaseName, planningPaths, planningDir, planningRoot, toPosixPath, output, error, checkAgentsInstalled , buildPhaseBase, applyIncludes } = require('./core.cjs');
 
 function getLatestCompletedMilestone(cwd) {
   const milestonesPath = path.join(planningRoot(cwd), 'MILESTONES.md');
@@ -31,6 +31,12 @@ function getLatestCompletedMilestone(cwd) {
  */
 function withProjectRoot(cwd, result) {
   result.project_root = cwd;
+  // Inject agent installation status into all init outputs (#1371).
+  // Workflows that spawn named subagents use this to detect when agents
+  // are missing and would silently fall back to general-purpose.
+  const agentStatus = checkAgentsInstalled();
+  result.agents_installed = agentStatus.agents_installed;
+  result.missing_agents = agentStatus.missing_agents;
   return result;
 }
 
@@ -242,7 +248,23 @@ function cmdInitNewProject(cwd, raw) {
   let hasCode = false;
   let hasPackageFile = false;
   try {
-  const codeExtensions = new Set(['.ts', '.js', '.py', '.go', '.rs', '.swift', '.java']);
+  const codeExtensions = new Set([
+    '.ts', '.js', '.py', '.go', '.rs', '.swift', '.java',
+    '.kt', '.kts',           // Kotlin (Android, server-side)
+    '.c', '.cpp', '.h',      // C/C++
+    '.cs',                   // C#
+    '.rb',                   // Ruby
+    '.php',                  // PHP
+    '.dart',                 // Dart (Flutter)
+    '.m', '.mm',             // Objective-C / Objective-C++
+    '.scala',                // Scala
+    '.groovy',               // Groovy (Gradle build scripts)
+    '.lua',                  // Lua
+    '.r', '.R',              // R
+    '.zig',                  // Zig
+    '.ex', '.exs',           // Elixir
+    '.clj',                  // Clojure
+  ]);
   const skipDirs = new Set(['node_modules', '.git', '.planning', '.antigravity', '__pycache__', 'target', 'dist', 'build']);
   function findCodeFiles(dir, depth) {
     if (depth > 3) return false;
@@ -263,7 +285,18 @@ function cmdInitNewProject(cwd, raw) {
            pathExistsInternal(cwd, 'requirements.txt') ||
            pathExistsInternal(cwd, 'Cargo.toml') ||
            pathExistsInternal(cwd, 'go.mod') ||
-           pathExistsInternal(cwd, 'Package.swift');
+           pathExistsInternal(cwd, 'Package.swift') ||
+           pathExistsInternal(cwd, 'build.gradle') ||
+           pathExistsInternal(cwd, 'build.gradle.kts') ||
+           pathExistsInternal(cwd, 'pom.xml') ||
+           pathExistsInternal(cwd, 'Gemfile') ||
+           pathExistsInternal(cwd, 'composer.json') ||
+           pathExistsInternal(cwd, 'pubspec.yaml') ||
+           pathExistsInternal(cwd, 'CMakeLists.txt') ||
+           pathExistsInternal(cwd, 'Makefile') ||
+           pathExistsInternal(cwd, 'build.zig') ||
+           pathExistsInternal(cwd, 'mix.exs') ||
+           pathExistsInternal(cwd, 'project.clj');
 
   const result = {
   // Models
@@ -1301,6 +1334,77 @@ function cmdInitRemoveWorkspace(cwd, name, raw) {
   output(result, raw);
 }
 
+/**
+ * Build a formatted agent skills block for injection into Task() prompts.
+ *
+ * Reads `config.agent_skills[agentType]` and validates each skill path exists
+ * within the project root. Returns a formatted `<agent_skills>` block or empty
+ * string if no skills are configured.
+ *
+ * @param {object} config - Loaded project config
+ * @param {string} agentType - The agent type (e.g., 'gsd-executor', 'gsd-planner')
+ * @param {string} projectRoot - Absolute path to project root (for path validation)
+ * @returns {string} Formatted skills block or empty string
+ */
+function buildAgentSkillsBlock(config, agentType, projectRoot) {
+  const { validatePath } = require('./security.cjs');
+
+  if (!config || !config.agent_skills || !agentType) return '';
+
+  let skillPaths = config.agent_skills[agentType];
+  if (!skillPaths) return '';
+
+  // Normalize single string to array
+  if (typeof skillPaths === 'string') skillPaths = [skillPaths];
+  if (!Array.isArray(skillPaths) || skillPaths.length === 0) return '';
+
+  const validPaths = [];
+  for (const skillPath of skillPaths) {
+  if (typeof skillPath !== 'string') continue;
+
+  // Validate path safety — must resolve within project root
+  const pathCheck = validatePath(skillPath, projectRoot);
+  if (!pathCheck.safe) {
+    process.stderr.write(`[agent-skills] WARNING: Skipping unsafe path "${skillPath}": ${pathCheck.error}\n`);
+    continue;
+  }
+
+  // Check that the skill directory and SKILL.md exist
+  const skillMdPath = path.join(projectRoot, skillPath, 'SKILL.md');
+  if (!fs.existsSync(skillMdPath)) {
+    process.stderr.write(`[agent-skills] WARNING: Skill not found at "${skillPath}/SKILL.md" — skipping\n`);
+    continue;
+  }
+
+  validPaths.push(skillPath);
+  }
+
+  if (validPaths.length === 0) return '';
+
+  const lines = validPaths.map(p => `- @${p}/SKILL.md`).join('\n');
+  return `<agent_skills>\nRead these user-configured skills:\n${lines}\n</agent_skills>`;
+}
+
+/**
+ * Command: output the agent skills block for a given agent type.
+ * Used by workflows: SKILLS=$(node "$TOOLS" agent-skills gsd-executor 2>/dev/null)
+ */
+function cmdAgentSkills(cwd, agentType, raw) {
+  if (!agentType) {
+  // No agent type — output empty string silently
+  output('', raw, '');
+  return;
+  }
+
+  const config = loadConfig(cwd);
+  const block = buildAgentSkillsBlock(config, agentType, cwd);
+  // Output raw text (not JSON) so workflows can embed it directly
+  if (block) {
+  process.stdout.write(block);
+  }
+  process.exit(0);
+}
+
 module.exports = {
   cmdInitExecutePhase,
   cmdInitPlanPhase,
@@ -1319,4 +1423,6 @@ module.exports = {
   cmdInitListWorkspaces,
   cmdInitRemoveWorkspace,
   detectChildRepos,
+  buildAgentSkillsBlock,
+  cmdAgentSkills,
 };

package/.agent/skills/gsd/bin/lib/security.cjs

@@ -223,6 +223,31 @@ function sanitizeForPrompt(text) {
   return sanitized;
 }
 
+/**
+ * Sanitize text that will be displayed back to the user.
+ * Removes protocol-like leak markers that should never surface in checkpoints.
+ *
+ * @param {string} text - Text to sanitize
+ * @returns {string} Sanitized text
+ */
+function sanitizeForDisplay(text) {
+  if (!text || typeof text !== 'string') return text;
+
+  let sanitized = sanitizeForPrompt(text);
+
+  const protocolLeakPatterns = [
+  /^\s*(?:assistant|user|system)\s+to=[^:\s]+:[^\n]+$/i,
+  /^\s*<\|(?:assistant|user|system)[^|]*\|>\s*$/i,
+  ];
+
+  sanitized = sanitized
+  .split('\n')
+  .filter(line => !protocolLeakPatterns.some(pattern => pattern.test(line)))
+  .join('\n');
+
+  return sanitized;
+}
+
 // ─── Shell Safety ───────────────────────────────────────────────────────────
 
 /**
@@ -343,6 +368,7 @@ module.exports = {
   INJECTION_PATTERNS,
   scanForInjection,
   sanitizeForPrompt,
+  sanitizeForDisplay,
 
   // Shell safety
   validateShellArg,