gsd-lite 0.5.13 → 0.5.14

package/.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "gsd",
       "source": "./",
       "description": "AI orchestration tool — GSD management shell + Superpowers quality core. 5 commands, 4 agents, 5 workflows, MCP server, context monitoring.",
-      "version": "0.5.13",
+      "version": "0.5.14",
       "keywords": [
         "orchestration",
         "mcp",

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gsd",
-  "version": "0.5.13",
+  "version": "0.5.14",
   "description": "AI orchestration tool for Claude Code — GSD management shell + Superpowers quality core",
   "author": {
     "name": "sdsrss",

package/README.md

@@ -17,7 +17,7 @@ GSD-Lite is an AI orchestration tool for [Claude Code](https://docs.anthropic.co
 ### Quality Discipline (Built-in, Not Optional)
 - **TDD enforcement** — "No production code without a failing test first" baked into every executor dispatch
 - **Anti-rationalization guards** — Red-flag checklists inline in every agent prompt, blocking common excuses to skip process
-- **Multi-level code review** — L0 self-review / L1 phase-batch review / L2 immediate independent review
+- **Multi-level code review** — L0 self-review / L1 phase-batch review / L2 immediate independent review / phase review retry limit
 - **Contract change propagation** — When an API contract changes, downstream tasks automatically invalidate
 
 ### Intelligent Failure Recovery
@@ -27,7 +27,7 @@ GSD-Lite is an AI orchestration tool for [Claude Code](https://docs.anthropic.co
 - **Rework propagation** — Critical review issues cascade invalidation to dependent tasks
 
 ### Adaptive Review & Parallel Execution
-- **Confidence-based review adjustment** — Executor self-assesses confidence (high/medium/low); orchestrator auto-adjusts review level accordingly
+- **Confidence-based review adjustment** — Executor self-assesses confidence (high/medium/low); orchestrator auto-adjusts review level with evidence cross-validation
 - **Impact analysis before review** — Reviewer runs impact analysis on multi-file changes to catch missed downstream effects
 - **Parallel task scheduling** — Independent tasks within the same phase are identified for concurrent dispatch
 - **Auto PR suggestion** — Phase/project completion prompts PR creation with evidence summary
@@ -249,7 +249,7 @@ gsd-lite/
 ├── references/             # 8 reference docs
 ├── hooks/                  # Session lifecycle (StatusLine + PostToolUse + SessionStart + Stop + AutoUpdate)
 │   └── lib/               # Shared hook utilities (gsd-finder)
-├── tests/                  # 822 tests (unit + simulation + E2E)
+├── tests/                  # 826 tests (unit + simulation + E2E)
 ├── cli.js                  # Install/uninstall CLI entry
 ├── install.js              # Installation script
 └── uninstall.js            # Uninstall script
@@ -258,8 +258,8 @@ gsd-lite/
 ## Testing
 
 ```bash
-npm test                    # Run all 822 tests
-npm run test:coverage       # Tests + coverage report (94%+ lines, 81%+ branches)
+npm test                    # Run all 826 tests
+npm run test:coverage       # Tests + coverage report (94%+ lines, 83%+ branches)
 npm run lint                # Biome lint
 node --test tests/file.js   # Run a single test file
 ```

package/hooks/gsd-statusline.cjs

@@ -6,24 +6,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const os = require('node:os');
-
-/**
- * Walk from startDir up to filesystem root looking for a .gsd directory.
- * Returns the absolute path to .gsd if found, or null.
- */
-function findGsdDir(startDir) {
-  let dir = startDir;
-  while (true) {
-    const candidate = path.join(dir, '.gsd');
-    try {
-      if (fs.statSync(candidate).isDirectory()) return candidate;
-    } catch {
-      const parent = path.dirname(dir);
-      if (parent === dir) return null; // reached filesystem root
-      dir = parent;
-    }
-  }
-}
+const { findGsdDir } = require('./lib/gsd-finder.cjs');
 
 let input = '';
 const stdinTimeout = setTimeout(() => process.exit(0), 3000);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gsd-lite",
-  "version": "0.5.13",
+  "version": "0.5.14",
   "description": "AI orchestration tool for Claude Code — GSD management shell + Superpowers quality core",
   "type": "module",
   "bin": {

package/src/tools/orchestrator/debugger.js

@@ -16,6 +16,8 @@ export async function handleDebuggerResult({ result, basePath = process.cwd() }
     return { error: true, message: `Invalid debugger result: ${validation.errors.join('; ')}` };
   }
 
+  // Note: read() is outside the state lock — safe under single-session sequential execution.
+  // See executor.js for rationale.
   const state = await read({ basePath });
   if (state.error) return state;
   const { phase, task } = getPhaseAndTask(state, result.task_id);

package/src/tools/orchestrator/executor.js

@@ -20,6 +20,9 @@ export async function handleExecutorResult({ result, basePath = process.cwd() }
     return { error: true, message: `Invalid executor result: ${validation.errors.join('; ')}` };
   }
 
+  // Note: read() is outside the state lock. This is safe because the MCP server
+  // processes tool calls sequentially (single-session, promise-queue serialized).
+  // persist() below re-acquires the lock and applies changes atomically.
   const state = await read({ basePath });
   if (state.error) return state;
   const { phase, task } = getPhaseAndTask(state, result.task_id);

package/src/tools/orchestrator/helpers.js

@@ -10,6 +10,7 @@ import { getGitHead, getGsdDir } from '../../utils.js';
 const MAX_DEBUG_RETRY = 3;
 const MAX_RESUME_DEPTH = 3;
 const CONTEXT_RESUME_THRESHOLD = 40;
+const MAX_PHASE_REVIEW_RETRY = 5;
 
 // ── Result Contracts ──
 // Provided in dispatch responses so agents produce valid results on the first call.
@@ -424,6 +425,7 @@ export {
   MAX_DEBUG_RETRY,
   MAX_RESUME_DEPTH,
   CONTEXT_RESUME_THRESHOLD,
+  MAX_PHASE_REVIEW_RETRY,
   RESULT_CONTRACTS,
   isTerminalWorkflowMode,
   parseTimestamp,

package/src/tools/orchestrator/researcher.js

@@ -1,6 +1,5 @@
 import { storeResearch } from '../state/index.js';
 import { validateResearcherResult } from '../../schema.js';
-import { resumeWorkflow } from './resume.js';
 
 export async function handleResearcherResult({ result, artifacts, decision_index, basePath = process.cwd() } = {}) {
   if (!result || typeof result !== 'object' || Array.isArray(result)) {
@@ -15,11 +14,10 @@ export async function handleResearcherResult({ result, artifacts, decision_index
   const persisted = await storeResearch({ result, artifacts, decision_index, basePath });
   if (persisted.error) return persisted;
 
-  const resumed = await resumeWorkflow({ basePath });
-  if (resumed.error) return resumed;
-
   return {
-    ...resumed,
+    success: true,
+    action: 'research_stored',
+    workflow_mode: persisted.workflow_mode,
     stored_files: persisted.stored_files,
     decision_ids: persisted.decision_ids,
     research_warnings: persisted.warnings,

package/src/tools/orchestrator/reviewer.js

@@ -1,6 +1,7 @@
 import { read } from '../state/index.js';
 import { validateReviewerResult } from '../../schema.js';
 import {
+  MAX_PHASE_REVIEW_RETRY,
   getCurrentPhase,
   getTaskById,
   persist,
@@ -15,6 +16,8 @@ export async function handleReviewerResult({ result, basePath = process.cwd() }
     return { error: true, message: `Invalid reviewer result: ${validation.errors.join('; ')}` };
   }
 
+  // Note: read() is outside the state lock — safe under single-session sequential execution.
+  // See executor.js for rationale.
   const state = await read({ basePath });
   if (state.error) return state;
 
@@ -70,6 +73,40 @@ export async function handleReviewerResult({ result, basePath = process.cwd() }
   const specFailed = result.spec_passed === false;
   const qualityFailed = result.quality_passed === false;
   const needsRework = hasCritical || specFailed || qualityFailed;
+
+  // Compute retry count once for both exhaustion check and state update
+  const currentRetryCount = phase.phase_review?.retry_count || 0;
+  const nextRetryCount = needsRework ? currentRetryCount + 1 : 0;
+
+  // Phase review retry limit: prevent infinite reviewing↔active cycles
+  if (needsRework && nextRetryCount > MAX_PHASE_REVIEW_RETRY) {
+    const persistError = await persist(basePath, {
+      workflow_mode: 'awaiting_user',
+      current_task: null,
+      current_review: {
+        scope: 'phase',
+        scope_id: phase.id,
+        stage: 'review_retry_exhausted',
+        retry_count: nextRetryCount,
+      },
+      phases: [{
+        id: phase.id,
+        lifecycle: phase.lifecycle === 'reviewing' ? 'active' : phase.lifecycle,
+        phase_review: { status: 'rework_required', retry_count: nextRetryCount },
+      }],
+    });
+    if (persistError) return persistError;
+
+    return {
+      success: true,
+      action: 'review_retry_exhausted',
+      workflow_mode: 'awaiting_user',
+      phase_id: phase.id,
+      retry_count: nextRetryCount,
+      message: `Phase ${phase.id} review failed ${nextRetryCount} times (limit: ${MAX_PHASE_REVIEW_RETRY}). User intervention required.`,
+    };
+  }
+
   const reviewStatus = needsRework ? 'rework_required' : 'accepted';
 
   // done is auto-recomputed by update() — no manual tracking needed
@@ -77,9 +114,7 @@ export async function handleReviewerResult({ result, basePath = process.cwd() }
     id: phase.id,
     phase_review: {
       status: reviewStatus,
-      ...(needsRework
-        ? { retry_count: (phase.phase_review?.retry_count || 0) + 1 }
-        : { retry_count: 0 }),
+      retry_count: nextRetryCount,
     },
     todo: taskPatches,
   };

package/src/tools/state/crud.js

@@ -12,7 +12,6 @@ import {
   createInitialState,
   migrateState,
 } from '../../schema.js';
-import { runAll } from '../verify.js';
 import {
   ERROR_CODES,
   MAX_EVIDENCE_ENTRIES,
@@ -29,6 +28,11 @@ export async function init({ project, phases, research, force = false, basePath
   if (!project || typeof project !== 'string') {
     return { error: true, code: ERROR_CODES.INVALID_INPUT, message: 'project must be a non-empty string' };
   }
+  // Sanitize: strip HTML comment delimiters (could break marker-based CLAUDE.md injection) and cap length
+  project = project.replace(/<!--|-->/g, '').trim().slice(0, 200);
+  if (!project) {
+    return { error: true, code: ERROR_CODES.INVALID_INPUT, message: 'project name is empty after sanitization' };
+  }
   if (!Array.isArray(phases)) {
     return { error: true, code: ERROR_CODES.INVALID_INPUT, message: 'phases must be an array' };
   }
@@ -420,7 +424,14 @@ export async function phaseComplete({
       };
     }
 
-    const verificationResult = verification || (run_verify ? await runAll(basePath) : null);
+    if (run_verify && !verification) {
+      return {
+        error: true,
+        code: ERROR_CODES.INVALID_INPUT,
+        message: 'run_verify requires verification results to be passed via the verification parameter; the state layer does not execute external tools',
+      };
+    }
+    const verificationResult = verification || null;
     const testsPassed = verificationResult
       ? verificationPassed(verificationResult)
       : phase.phase_handoff.tests_passed === true;

package/src/tools/state/logic.js

@@ -269,9 +269,17 @@ export function reclassifyReviewLevel(task, executorResult) {
   }
 
   // High confidence on non-sensitive L1 tasks → downgrade to L0 (self-review sufficient)
+  // Cross-validate: require objective evidence before trusting self-reported confidence.
+  // Without evidence or with failed tests, confidence claim is not credible.
   if (executorResult.confidence === 'high' && currentLevel === 'L1'
       && !executorResult.contract_changed) {
-    return 'L0';
+    const hasEvidence = Array.isArray(executorResult.evidence) && executorResult.evidence.length > 0;
+    const hasTestFailure = Array.isArray(executorResult.evidence)
+      && executorResult.evidence.some(e => e && e.type === 'test' && e.passed === false);
+    if (hasEvidence && !hasTestFailure) {
+      return 'L0';
+    }
+    // Insufficient evidence or test failure — stay at L1 despite high confidence claim
   }
 
   return currentLevel;

package/src/utils.js

@@ -65,6 +65,7 @@ const LOCK_MAX_RETRIES = 100; // 5 seconds total
  */
 export async function withFileLock(lockPath, fn) {
   let acquired = false;
+  let nonLockError = false;
   for (let i = 0; i < LOCK_MAX_RETRIES; i++) {
     try {
       await writeFile(lockPath, String(process.pid), { flag: 'wx' });
@@ -84,11 +85,21 @@ export async function withFileLock(lockPath, fn) {
         }
         await new Promise(r => setTimeout(r, LOCK_RETRY_MS));
       } else {
-        break; // Non-EEXIST error — proceed without lock
+        // Non-EEXIST error (e.g., read-only fs) — proceed without lock
+        nonLockError = true;
+        break;
       }
     }
   }
 
+  // Lock exhaustion (retries depleted while another process held the lock):
+  // throw to prevent concurrent unlocked writes that cause data corruption.
+  // Non-EEXIST errors (read-only fs, permission denied) still proceed without lock
+  // since locking is physically impossible in those environments.
+  if (!acquired && !nonLockError) {
+    throw new Error(`Lock acquisition timeout: could not acquire ${lockPath} after ${LOCK_MAX_RETRIES} retries (${LOCK_MAX_RETRIES * LOCK_RETRY_MS}ms)`);
+  }
+
   try {
     return await fn();
   } finally {