gsd-pi 2.28.0-dev.e19bf89 → 2.29.0-dev.2ccf3fb

package/src/resources/extensions/gsd/verification-gate.ts

@@ -112,7 +112,9 @@ const MAX_FAILURE_CONTEXT_CHARS = 10_000;
  * Returns an empty string when all checks pass or the checks array is empty.
  */
 export function formatFailureContext(result: VerificationResult): string {
-  const failures = result.checks.filter((c) => c.exitCode !== 0);
+  // Only include blocking failures in retry context — non-blocking (advisory) failures
+  // should not be injected into retry prompts to avoid noise pollution.
+  const failures = result.checks.filter((c) => c.exitCode !== 0 && c.blocking);
   if (failures.length === 0) return "";
 
   const blocks: string[] = [];
@@ -256,6 +258,10 @@ export function runVerificationGate(options: RunVerificationGateOptions): Verifi
     };
   }
 
+  // Commands from preference and task-plan sources are blocking;
+  // package-json discovered commands are advisory (non-blocking).
+  const blocking = source === "preference" || source === "task-plan";
+
   const checks: VerificationCheck[] = [];
 
   for (const command of commands) {
@@ -291,11 +297,16 @@ export function runVerificationGate(options: RunVerificationGateOptions): Verifi
       stdout: truncate(result.stdout, MAX_OUTPUT_BYTES),
       stderr,
       durationMs,
+      blocking,
     });
   }
 
+  // Gate passes if all blocking checks pass (non-blocking failures are advisory)
+  const blockingChecks = checks.filter(c => c.blocking);
+  const passed = blockingChecks.length === 0 || blockingChecks.every(c => c.exitCode === 0);
+
   return {
-    passed: checks.every(c => c.exitCode === 0),
+    passed,
     checks,
     discoverySource: source,
     timestamp,

package/src/resources/extensions/gsd/workflow-templates/bugfix.md

@@ -0,0 +1,87 @@
+# Bugfix Workflow
+
+<template_meta>
+name: bugfix
+version: 1
+requires_project: false
+artifact_dir: .gsd/workflows/bugfixes/
+</template_meta>
+
+<purpose>
+Fix a bug from identification through to PR submission. Designed for issues reported
+via GitHub, user reports, or developer discovery. Emphasizes root cause analysis
+before jumping to fixes.
+</purpose>
+
+<phases>
+1. triage    — Identify root cause, reproduce the bug
+2. fix       — Implement the fix with tests
+3. verify    — Run full test suite, check for regressions
+4. ship      — Create PR with detailed explanation
+</phases>
+
+<process>
+
+## Phase 1: Triage
+
+**Goal:** Understand the bug before touching any code.
+
+1. **Gather context:**
+   - If a GitHub issue was referenced, read the issue description, labels, and comments
+   - Identify the expected behavior vs actual behavior
+   - Note any error messages, stack traces, or reproduction steps provided
+
+2. **Reproduce:**
+   - Find the minimal reproduction path
+   - Identify the affected code paths (files, functions, lines)
+   - If the bug is intermittent, note the conditions that trigger it
+
+3. **Root cause analysis:**
+   - Trace the bug to its root cause (not just the symptom)
+   - Identify when the bug was introduced if possible (git blame/log)
+   - Assess blast radius: what else could be affected?
+
+4. **Produce:** Write a brief `TRIAGE.md` in the artifact directory with:
+   - Root cause explanation
+   - Reproduction steps
+   - Affected files/functions
+   - Proposed fix approach
+
+5. **Gate:** Present the triage findings and proposed fix to the user for confirmation.
+
+## Phase 2: Fix
+
+**Goal:** Implement a clean, tested fix.
+
+1. **Plan the fix:** Write a brief plan (1-3 tasks max)
+2. **Write the fix:** Implement the code change
+3. **Write tests:** Add or update tests that:
+   - Reproduce the original bug (test fails without fix)
+   - Verify the fix works
+   - Cover edge cases
+4. **Commit:** Atomic commit with message: `fix(<scope>): <description>`
+
+## Phase 3: Verify
+
+**Goal:** Ensure the fix doesn't break anything else.
+
+1. Run the project's full test suite
+2. Run the build (if applicable)
+3. Run the linter (if applicable)
+4. Check for regressions in related functionality
+5. If any failures, fix them before proceeding
+
+## Phase 4: Ship
+
+**Goal:** Create a well-documented PR.
+
+1. Ensure all changes are committed on the workflow branch
+2. Build the PR body:
+   - Link to the original issue (if applicable)
+   - Explain the root cause
+   - Describe the fix approach
+   - List the test coverage added
+3. Present the PR details to the user for review
+4. Create the PR via `gh pr create` (with user approval)
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/dep-upgrade.md

@@ -0,0 +1,74 @@
+# Dependency Upgrade Workflow
+
+<template_meta>
+name: dep-upgrade
+version: 1
+requires_project: false
+artifact_dir: .gsd/workflows/upgrades/
+</template_meta>
+
+<purpose>
+Upgrade project dependencies safely. Assess breaking changes before upgrading,
+fix issues incrementally, and verify everything works. Handles both single-package
+upgrades and bulk dependency refresh.
+</purpose>
+
+<phases>
+1. assess  — Analyze what's outdated and what will break
+2. upgrade — Apply upgrades incrementally
+3. fix     — Resolve breaking changes
+4. verify  — Full test suite and build validation
+</phases>
+
+<process>
+
+## Phase 1: Assess
+
+**Goal:** Know what you're getting into before changing versions.
+
+1. **List outdated dependencies:** Run `npm outdated` / equivalent
+2. **For each target upgrade:**
+   - Read the changelog / release notes
+   - Identify breaking changes
+   - Check for known migration guides
+   - Assess impact on the codebase (grep for affected APIs)
+3. **Prioritize:** Which upgrades to do now, which to defer
+4. **Produce:** Write `ASSESSMENT.md` with:
+   - Dependency list with current → target versions
+   - Breaking changes per dependency
+   - Upgrade order (dependencies before dependents)
+   - Risk assessment
+
+5. **Gate:** Review assessment with user. Confirm upgrade scope.
+
+## Phase 2: Upgrade
+
+**Goal:** Apply version bumps incrementally.
+
+1. Upgrade one dependency (or one group of related dependencies) at a time
+2. Run tests after each upgrade
+3. Commit each upgrade: `chore(deps): upgrade <package> to <version>`
+4. If tests fail, move to Phase 3 for that dependency before continuing
+
+## Phase 3: Fix
+
+**Goal:** Resolve any breaking changes from upgrades.
+
+1. Fix API changes, type errors, deprecations
+2. Update configuration if needed
+3. Commit fixes separately from the upgrade: `fix(deps): adapt to <package> v<version> changes`
+
+## Phase 4: Verify
+
+**Goal:** Ensure everything works together.
+
+1. Run the full test suite
+2. Run the build
+3. Run the linter
+4. Check for deprecation warnings in output
+5. **Produce:** Write `SUMMARY.md` with:
+   - Dependencies upgraded (from → to)
+   - Breaking changes encountered and how they were resolved
+   - Any deferred upgrades and why
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/full-project.md

@@ -0,0 +1,41 @@
+# Full Project Workflow
+
+<template_meta>
+name: full-project
+version: 1
+requires_project: true
+artifact_dir: .gsd/
+</template_meta>
+
+<purpose>
+The complete GSD workflow with full ceremony: roadmap, milestones, slices, tasks,
+research, planning, execution, and verification. Use for greenfield projects or
+major features that need the full planning apparatus.
+
+This template wraps the existing GSD workflow for registry completeness.
+When selected, it routes to the standard /gsd init → /gsd auto pipeline.
+</purpose>
+
+<phases>
+1. init    — Initialize project, detect stack, create .gsd/
+2. discuss — Define requirements, decisions, and architecture
+3. plan    — Create roadmap with milestones and slices
+4. execute — Execute slices: research → plan → implement → verify per slice
+5. verify  — Milestone-level verification and completion
+</phases>
+
+<process>
+
+## Routing to Standard GSD
+
+This template is a convenience entry point. When selected via `/gsd start full-project`,
+it should route to the standard GSD workflow:
+
+1. If `.gsd/` doesn't exist: Run `/gsd init` to bootstrap the project
+2. If `.gsd/` exists but no milestones: Start the discuss phase via `/gsd discuss`
+3. If milestones exist: Resume via `/gsd auto` or `/gsd next`
+
+The full GSD workflow protocol is defined in `GSD-WORKFLOW.md` and handles all
+phases, state tracking, and agent orchestration.
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/hotfix.md

@@ -0,0 +1,45 @@
+# Hotfix Workflow
+
+<template_meta>
+name: hotfix
+version: 1
+requires_project: false
+artifact_dir: null
+</template_meta>
+
+<purpose>
+Minimal ceremony for urgent fixes. Fix it, test it, ship it. No planning artifacts,
+no research phase, no lengthy documentation. For when production is broken and
+speed matters.
+</purpose>
+
+<phases>
+1. fix  — Identify and fix the issue
+2. ship — Test, commit, and create PR
+</phases>
+
+<process>
+
+## Phase 1: Fix
+
+**Goal:** Find and fix the issue as fast as possible.
+
+1. Identify the broken behavior
+2. Locate the root cause
+3. Implement the minimal fix
+4. Add a regression test if possible (don't block on this if the fix is urgent)
+5. Commit: `fix(<scope>): <description>`
+
+## Phase 2: Ship
+
+**Goal:** Get the fix deployed.
+
+1. Run tests — fix any failures
+2. Run the build
+3. Push and create PR with:
+   - What broke
+   - What the fix does
+   - How to verify
+4. Present PR to user for approval
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/refactor.md

@@ -0,0 +1,83 @@
+# Refactor / Migration Workflow
+
+<template_meta>
+name: refactor
+version: 1
+requires_project: false
+artifact_dir: .gsd/workflows/refactors/
+</template_meta>
+
+<purpose>
+Systematic code transformation with inventory-driven planning. Designed for
+renames, restructures, pattern migrations, and API modernization. Executes in
+waves to minimize risk and enable incremental verification.
+</purpose>
+
+<phases>
+1. inventory — Catalog everything that needs to change
+2. plan      — Group changes into safe waves
+3. migrate   — Execute waves with verification between each
+4. verify    — Full regression testing and cleanup
+</phases>
+
+<process>
+
+## Phase 1: Inventory
+
+**Goal:** Know the full scope before changing anything.
+
+1. **Scan the codebase:** Find all instances of what needs to change
+   - Files, functions, types, imports, tests, docs, config
+   - Use grep/glob to be exhaustive — don't rely on memory
+2. **Categorize:** Group by type (source, test, config, docs)
+3. **Identify dependencies:** What order must changes happen in?
+4. **Produce:** Write `INVENTORY.md` with:
+   - Complete list of files/locations that need changes
+   - Dependency relationships
+   - Estimated scope (number of files, lines affected)
+
+5. **Gate:** Review inventory with user. Confirm nothing is missing.
+
+## Phase 2: Plan
+
+**Goal:** Break the migration into safe, independently-verifiable waves.
+
+1. **Define waves:** Group related changes so each wave:
+   - Leaves the codebase in a working state
+   - Can be committed and tested independently
+   - Handles dependencies (change the definition before the consumers)
+2. **Typical wave structure:**
+   - Wave 1: Types/interfaces
+   - Wave 2: Core implementation
+   - Wave 3: Consumers/callers
+   - Wave 4: Tests
+   - Wave 5: Documentation and config
+3. **Produce:** Write `PLAN.md` with waves and per-wave file lists
+
+4. **Gate:** Confirm plan with user.
+
+## Phase 3: Migrate
+
+**Goal:** Execute waves one at a time with verification between each.
+
+1. For each wave:
+   - Make the changes
+   - Run tests (at minimum, the build must pass)
+   - Commit: `refactor(<scope>): wave N — <description>`
+2. If a wave introduces failures, fix them before moving to the next wave
+3. If unexpected scope is discovered, update the inventory and plan
+
+## Phase 4: Verify
+
+**Goal:** Ensure the full refactor is complete and clean.
+
+1. Run the complete test suite
+2. Run the build
+3. Run the linter — fix any new warnings
+4. Search for any remnants of the old pattern (grep for old names/patterns)
+5. **Produce:** Write `SUMMARY.md` with:
+   - What was changed and why
+   - Files modified (count and list)
+   - Any remaining follow-up items
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/registry.json

@@ -0,0 +1,85 @@
+{
+  "version": 1,
+  "templates": {
+    "full-project": {
+      "name": "Full Project",
+      "description": "Complete GSD workflow with roadmap, milestones, slices, and full ceremony",
+      "file": "full-project.md",
+      "phases": ["init", "discuss", "plan", "execute", "verify"],
+      "triggers": ["new project", "greenfield", "from scratch", "build an app", "create a new"],
+      "artifact_dir": ".gsd/",
+      "estimated_complexity": "high",
+      "requires_project": true
+    },
+    "bugfix": {
+      "name": "Bug Fix",
+      "description": "Triage, reproduce, fix, test, and ship a bug fix",
+      "file": "bugfix.md",
+      "phases": ["triage", "fix", "verify", "ship"],
+      "triggers": ["bug", "issue", "fix", "broken", "regression", "error", "crash", "failing", "github.com/*/issues/*"],
+      "artifact_dir": ".gsd/workflows/bugfixes/",
+      "estimated_complexity": "low",
+      "requires_project": false
+    },
+    "small-feature": {
+      "name": "Small Feature",
+      "description": "Lightweight feature development with optional discussion and research",
+      "file": "small-feature.md",
+      "phases": ["scope", "plan", "implement", "verify"],
+      "triggers": ["add", "feature", "implement", "build", "create", "new command", "new endpoint"],
+      "artifact_dir": ".gsd/workflows/features/",
+      "estimated_complexity": "medium",
+      "requires_project": false
+    },
+    "refactor": {
+      "name": "Refactor / Migration",
+      "description": "Systematic code transformation with inventory and wave-based execution",
+      "file": "refactor.md",
+      "phases": ["inventory", "plan", "migrate", "verify"],
+      "triggers": ["refactor", "migrate", "rename", "restructure", "move", "reorganize", "clean up"],
+      "artifact_dir": ".gsd/workflows/refactors/",
+      "estimated_complexity": "medium",
+      "requires_project": false
+    },
+    "spike": {
+      "name": "Research Spike",
+      "description": "Investigate a question, prototype, and document findings",
+      "file": "spike.md",
+      "phases": ["scope", "research", "synthesize"],
+      "triggers": ["research", "investigate", "explore", "spike", "compare", "evaluate", "should we", "what if", "how does"],
+      "artifact_dir": ".gsd/workflows/spikes/",
+      "estimated_complexity": "low",
+      "requires_project": false
+    },
+    "hotfix": {
+      "name": "Hotfix",
+      "description": "Minimal ceremony: fix the thing, test it, ship it",
+      "file": "hotfix.md",
+      "phases": ["fix", "ship"],
+      "triggers": ["hotfix", "urgent", "critical", "asap", "production down", "p0"],
+      "artifact_dir": null,
+      "estimated_complexity": "minimal",
+      "requires_project": false
+    },
+    "security-audit": {
+      "name": "Security Audit",
+      "description": "Scan for vulnerabilities, triage findings, remediate, and verify",
+      "file": "security-audit.md",
+      "phases": ["scan", "triage", "remediate", "re-scan"],
+      "triggers": ["security", "audit", "vulnerability", "owasp", "cve", "penetration", "hardening"],
+      "artifact_dir": ".gsd/workflows/audits/",
+      "estimated_complexity": "medium",
+      "requires_project": false
+    },
+    "dep-upgrade": {
+      "name": "Dependency Upgrade",
+      "description": "Assess impact, upgrade dependencies, fix breaking changes",
+      "file": "dep-upgrade.md",
+      "phases": ["assess", "upgrade", "fix", "verify"],
+      "triggers": ["upgrade", "update", "dependency", "deps", "bump", "outdated", "npm update", "renovate"],
+      "artifact_dir": ".gsd/workflows/upgrades/",
+      "estimated_complexity": "medium",
+      "requires_project": false
+    }
+  }
+}

package/src/resources/extensions/gsd/workflow-templates/security-audit.md

@@ -0,0 +1,73 @@
+# Security Audit Workflow
+
+<template_meta>
+name: security-audit
+version: 1
+requires_project: false
+artifact_dir: .gsd/workflows/audits/
+</template_meta>
+
+<purpose>
+Systematic security review of the codebase. Scan for vulnerabilities, triage
+findings by severity, remediate issues, and verify fixes. Covers OWASP Top 10,
+dependency vulnerabilities, and project-specific security concerns.
+</purpose>
+
+<phases>
+1. scan       — Identify potential vulnerabilities
+2. triage     — Prioritize findings by severity and exploitability
+3. remediate  — Fix critical and high-severity issues
+4. re-scan    — Verify fixes and document remaining items
+</phases>
+
+<process>
+
+## Phase 1: Scan
+
+**Goal:** Identify potential security issues across the codebase.
+
+1. **Dependency audit:** Run `npm audit` / `pip audit` / equivalent
+2. **Code review for common vulnerabilities:**
+   - Injection (SQL, command, XSS)
+   - Authentication/authorization flaws
+   - Sensitive data exposure (hardcoded secrets, logs)
+   - Insecure configuration
+   - Missing input validation at boundaries
+3. **Check security headers and CORS** (if web application)
+4. **Review secrets management:** .env files, config, environment variables
+5. **Produce:** Write `SCAN-RESULTS.md` with all findings
+
+## Phase 2: Triage
+
+**Goal:** Prioritize what to fix now vs later.
+
+1. **Rate each finding:**
+   - Critical: exploitable, high impact, fix immediately
+   - High: likely exploitable, fix in this workflow
+   - Medium: lower risk, fix if time allows
+   - Low: informational, document for later
+2. **Assess exploitability:** Is this theoretical or practically exploitable?
+3. **Produce:** Update `SCAN-RESULTS.md` with severity ratings and triage decisions
+
+4. **Gate:** Review triage with user. Agree on what to remediate now.
+
+## Phase 3: Remediate
+
+**Goal:** Fix critical and high-severity issues.
+
+1. Fix each issue with proper testing
+2. Commit each fix individually: `fix(security): <description>`
+3. Don't introduce new functionality — security fixes only
+
+## Phase 4: Re-scan
+
+**Goal:** Verify fixes and document the final state.
+
+1. Re-run the scans from Phase 1
+2. Verify all targeted issues are resolved
+3. **Produce:** Write `AUDIT-REPORT.md` with:
+   - Summary of findings and fixes
+   - Remaining medium/low items for future attention
+   - Recommendations for ongoing security practices
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/small-feature.md

@@ -0,0 +1,81 @@
+# Small Feature Workflow
+
+<template_meta>
+name: small-feature
+version: 1
+requires_project: false
+artifact_dir: .gsd/workflows/features/
+</template_meta>
+
+<purpose>
+Build a small-to-medium feature with lightweight planning. Designed for work that
+needs more structure than /gsd quick but doesn't warrant full milestone ceremony.
+Typical scope: a new command, endpoint, component, or module.
+</purpose>
+
+<phases>
+1. scope      — Define what we're building and confirm boundaries
+2. plan       — Break into 2-5 implementable tasks
+3. implement  — Execute the plan with atomic commits
+4. verify     — Run tests, build, and validate
+</phases>
+
+<process>
+
+## Phase 1: Scope
+
+**Goal:** Align on what to build and what's out of scope.
+
+1. **Understand the request:** Clarify the feature's purpose and user-facing behavior
+2. **Identify gray areas:** Surface 3-4 design decisions that need answers:
+   - API shape / interface design
+   - Where in the codebase this fits
+   - What existing patterns to follow
+   - Edge cases to handle (or explicitly skip)
+3. **Define boundaries:** What's in scope vs out of scope for this workflow
+4. **Produce:** Write a brief `CONTEXT.md` in the artifact directory with:
+   - Feature description
+   - Key decisions made
+   - Scope boundaries
+
+5. **Gate:** Confirm scope with user before planning.
+
+## Phase 2: Plan
+
+**Goal:** Create a clear, executable plan.
+
+1. **Research (if needed):** Read relevant existing code to understand patterns
+2. **Break into tasks:** 2-5 tasks, each independently committable:
+   - Each task should take ~10-30 minutes of AI work
+   - Include file paths and specific changes
+   - Include verification steps per task
+3. **Produce:** Write `PLAN.md` in the artifact directory
+
+4. **Gate:** Present plan to user for approval. Adjust if needed.
+
+## Phase 3: Implement
+
+**Goal:** Build the feature following the plan.
+
+1. Execute tasks in order
+2. After each task:
+   - Verify the specific task's acceptance criteria
+   - Commit with message: `feat(<scope>): <description>`
+3. If a task reveals the plan needs adjustment, note the deviation and adapt
+4. Run incremental tests as you go (don't wait until the end)
+
+## Phase 4: Verify
+
+**Goal:** Ensure everything works together.
+
+1. Run the full test suite
+2. Run the build
+3. Run the linter
+4. Manual smoke check if applicable
+5. **Produce:** Write a brief `SUMMARY.md` with:
+   - What was built
+   - Files changed
+   - How to test/use the feature
+6. Present summary to user
+
+</process>

package/src/resources/extensions/gsd/workflow-templates/spike.md

@@ -0,0 +1,69 @@
+# Research Spike Workflow
+
+<template_meta>
+name: spike
+version: 1
+requires_project: false
+artifact_dir: .gsd/workflows/spikes/
+</template_meta>
+
+<purpose>
+Investigate a question, evaluate options, prototype if needed, and produce a
+clear recommendation. No production code is shipped — the output is knowledge.
+Use for: technology evaluation, architecture decisions, "should we X?" questions.
+</purpose>
+
+<phases>
+1. scope      — Define the question and success criteria
+2. research   — Investigate from multiple angles
+3. synthesize — Combine findings into a recommendation
+</phases>
+
+<process>
+
+## Phase 1: Scope
+
+**Goal:** Define exactly what we're investigating and what a good answer looks like.
+
+1. **Frame the question:** What specific question(s) need answering?
+2. **Define success criteria:** What would a useful answer include?
+   - Comparison criteria (performance, DX, maintenance, ecosystem, etc.)
+   - Constraints (must integrate with X, must support Y)
+   - Decision format (go/no-go, pick from options, tradeoff matrix)
+3. **Identify research angles:** 2-3 distinct approaches to investigate:
+   - e.g., "evaluate library A", "evaluate library B", "evaluate building our own"
+   - e.g., "performance implications", "DX implications", "migration path"
+4. **Produce:** Write `SCOPE.md` in the artifact directory
+
+5. **Gate:** Confirm scope and research angles with user.
+
+## Phase 2: Research
+
+**Goal:** Investigate each angle thoroughly.
+
+1. For each research angle:
+   - Search for relevant documentation, benchmarks, comparisons
+   - Read relevant source code in the project
+   - Build small prototypes or proof-of-concepts if needed
+   - Note pros, cons, risks, and unknowns
+2. **Produce:** Write a research doc per angle in `research/` subdirectory:
+   - `research/ANGLE-1.md`, `research/ANGLE-2.md`, etc.
+   - Each doc: findings, evidence, pros/cons, confidence level
+
+## Phase 3: Synthesize
+
+**Goal:** Combine findings into a clear recommendation.
+
+1. **Compare across angles:** Build a comparison matrix or summary table
+2. **Make a recommendation:** Based on the evidence, what should we do?
+   - Primary recommendation with rationale
+   - Alternative if the primary doesn't work out
+   - What would change the recommendation (risk factors)
+3. **Produce:** Write `RECOMMENDATION.md` with:
+   - Executive summary (1-2 paragraphs)
+   - Comparison matrix
+   - Recommendation with rationale
+   - Next steps if the recommendation is accepted
+4. **Present** the recommendation to the user for discussion
+
+</process>