gsd-pi 2.4.0 → 2.5.1

package/src/resources/extensions/gsd/files.ts

@@ -13,6 +13,7 @@ import type {
   Summary, SummaryFrontmatter, SummaryRequires, FileModified,
   Continue, ContinueFrontmatter, ContinueStatus,
   RequirementCounts,
+  SecretsManifest, SecretsManifestEntry, SecretsManifestEntryStatus,
 } from './types.ts';
 
 // ─── Helpers ───────────────────────────────────────────────────────────────
@@ -263,6 +264,75 @@ export function parseRoadmap(content: string): Roadmap {
   return { title, vision, successCriteria, slices, boundaryMap };
 }
 
+// ─── Secrets Manifest Parser ───────────────────────────────────────────────
+
+const VALID_STATUSES = new Set<SecretsManifestEntryStatus>(['pending', 'collected', 'skipped']);
+
+export function parseSecretsManifest(content: string): SecretsManifest {
+  const milestone = extractBoldField(content, 'Milestone') || '';
+  const generatedAt = extractBoldField(content, 'Generated') || '';
+
+  const h3Sections = extractAllSections(content, 3);
+  const entries: SecretsManifestEntry[] = [];
+
+  for (const [heading, sectionContent] of h3Sections) {
+    const key = heading.trim();
+    if (!key) continue;
+
+    const service = extractBoldField(sectionContent, 'Service') || '';
+    const dashboardUrl = extractBoldField(sectionContent, 'Dashboard') || '';
+    const formatHint = extractBoldField(sectionContent, 'Format hint') || '';
+    const rawStatus = (extractBoldField(sectionContent, 'Status') || 'pending').toLowerCase().trim() as SecretsManifestEntryStatus;
+    const status: SecretsManifestEntryStatus = VALID_STATUSES.has(rawStatus) ? rawStatus : 'pending';
+    const destination = extractBoldField(sectionContent, 'Destination') || 'dotenv';
+
+    // Extract numbered guidance list (lines matching "1. ...", "2. ...", etc.)
+    const guidance: string[] = [];
+    for (const line of sectionContent.split('\n')) {
+      const numMatch = line.match(/^\s*\d+\.\s+(.+)/);
+      if (numMatch) {
+        guidance.push(numMatch[1].trim());
+      }
+    }
+
+    entries.push({ key, service, dashboardUrl, guidance, formatHint, status, destination });
+  }
+
+  return { milestone, generatedAt, entries };
+}
+
+// ─── Secrets Manifest Formatter ───────────────────────────────────────────
+
+export function formatSecretsManifest(manifest: SecretsManifest): string {
+  const lines: string[] = [];
+
+  lines.push('# Secrets Manifest');
+  lines.push('');
+  lines.push(`**Milestone:** ${manifest.milestone}`);
+  lines.push(`**Generated:** ${manifest.generatedAt}`);
+
+  for (const entry of manifest.entries) {
+    lines.push('');
+    lines.push(`### ${entry.key}`);
+    lines.push('');
+    lines.push(`**Service:** ${entry.service}`);
+    if (entry.dashboardUrl) {
+      lines.push(`**Dashboard:** ${entry.dashboardUrl}`);
+    }
+    if (entry.formatHint) {
+      lines.push(`**Format hint:** ${entry.formatHint}`);
+    }
+    lines.push(`**Status:** ${entry.status}`);
+    lines.push(`**Destination:** ${entry.destination}`);
+    lines.push('');
+    for (let i = 0; i < entry.guidance.length; i++) {
+      lines.push(`${i + 1}. ${entry.guidance[i]}`);
+    }
+  }
+
+  return lines.join('\n') + '\n';
+}
+
 // ─── Slice Plan Parser ─────────────────────────────────────────────────────
 
 export function parsePlan(content: string): SlicePlan {

package/src/resources/extensions/gsd/git-service.ts

@@ -39,6 +39,13 @@ export interface MergeSliceResult {
   deletedBranch: boolean;
 }
 
+export interface PreMergeCheckResult {
+  passed: boolean;
+  skipped?: boolean;
+  command?: string;
+  error?: string;
+}
+
 // ─── Constants ─────────────────────────────────────────────────────────────
 
 /**
@@ -61,13 +68,15 @@ export const RUNTIME_EXCLUSION_PATHS: readonly string[] = [
 /**
  * Run a git command in the given directory.
  * Returns trimmed stdout. Throws on non-zero exit unless allowFailure is set.
+ * When `input` is provided, it is piped to stdin.
  */
-export function runGit(basePath: string, args: string[], options: { allowFailure?: boolean } = {}): string {
+export function runGit(basePath: string, args: string[], options: { allowFailure?: boolean; input?: string } = {}): string {
   try {
     return execSync(`git ${args.join(" ")}`, {
       cwd: basePath,
-      stdio: ["ignore", "pipe", "pipe"],
+      stdio: [options.input != null ? "pipe" : "ignore", "pipe", "pipe"],
       encoding: "utf-8",
+      ...(options.input != null ? { input: options.input } : {}),
     }).trim();
   } catch (error) {
     if (options.allowFailure) return "";
@@ -107,7 +116,7 @@ export class GitServiceImpl {
   }
 
   /** Convenience wrapper: run git in this repo's basePath. */
-  private git(args: string[], options: { allowFailure?: boolean } = {}): string {
+  private git(args: string[], options: { allowFailure?: boolean; input?: string } = {}): string {
     return runGit(this.basePath, args, options);
   }
 
@@ -129,6 +138,7 @@ export class GitServiceImpl {
   /**
    * Stage files (smart staging) and commit.
    * Returns the commit message string on success, or null if nothing to commit.
+   * Uses `git commit -F -` with stdin pipe for safe multi-line message handling.
    */
   commit(opts: CommitOptions): string | null {
     this.smartStage();
@@ -137,7 +147,10 @@ export class GitServiceImpl {
     const staged = this.git(["diff", "--cached", "--stat"], { allowFailure: true });
     if (!staged && !opts.allowEmpty) return null;
 
-    this.git(["commit", "-m", JSON.stringify(opts.message), ...(opts.allowEmpty ? ["--allow-empty"] : [])]);
+    this.git(
+      ["commit", "-F", "-", ...(opts.allowEmpty ? ["--allow-empty"] : [])],
+      { input: opts.message },
+    );
     return opts.message;
   }
 
@@ -158,7 +171,7 @@ export class GitServiceImpl {
     if (!staged) return null;
 
     const message = `chore(${unitId}): auto-commit after ${unitType}`;
-    this.git(["commit", "-m", JSON.stringify(message)]);
+    this.git(["commit", "-F", "-"], { input: message });
     return message;
   }
 
@@ -250,6 +263,23 @@ export class GitServiceImpl {
     let created = false;
 
     if (!this.branchExists(branch)) {
+      // Fetch from remote before creating a new branch (best-effort).
+      const remotes = this.git(["remote"], { allowFailure: true });
+      if (remotes) {
+        const remote = this.prefs.remote ?? "origin";
+        const fetchResult = this.git(["fetch", "--prune", remote], { allowFailure: true });
+        if (fetchResult === "" && remotes.split("\n").includes(remote)) {
+          // Check if local is behind upstream (informational only)
+          const behind = this.git(
+            ["rev-list", "--count", "HEAD..@{upstream}"],
+            { allowFailure: true },
+          );
+          if (behind && parseInt(behind, 10) > 0) {
+            console.error(`GitService: local branch is ${behind} commit(s) behind upstream`);
+          }
+        }
+      }
+
       // Branch from current when it's a normal working branch (not a slice).
       // If already on a slice branch, fall back to main to avoid chaining.
       const mainBranch = this.getMainBranch();
@@ -287,11 +317,89 @@ export class GitServiceImpl {
     this.git(["checkout", mainBranch]);
   }
 
+  // ─── S05 Features ─────────────────────────────────────────────────────
+
+  /**
+   * Create a snapshot ref for the given label (typically a slice branch name).
+   * Gated on prefs.snapshots === true. Ref path: refs/gsd/snapshots/<label>/<timestamp>
+   * The ref points at HEAD, capturing the current commit before destructive operations.
+   */
+  createSnapshot(label: string): void {
+    if (this.prefs.snapshots !== true) return;
+
+    const now = new Date();
+    const ts = now.getFullYear().toString()
+      + String(now.getMonth() + 1).padStart(2, "0")
+      + String(now.getDate()).padStart(2, "0")
+      + "-"
+      + String(now.getHours()).padStart(2, "0")
+      + String(now.getMinutes()).padStart(2, "0")
+      + String(now.getSeconds()).padStart(2, "0");
+
+    const refPath = `refs/gsd/snapshots/${label}/${ts}`;
+    this.git(["update-ref", refPath, "HEAD"]);
+  }
+
+  /**
+   * Run pre-merge verification check. Auto-detects test runner from project
+   * files, or uses custom command from prefs.pre_merge_check.
+   * Gated on prefs.pre_merge_check (false = skip, string = custom command).
+   * Stub: to be implemented in T03.
+   */
+  runPreMergeCheck(): PreMergeCheckResult {
+    // TODO(S05/T03): implement pre-merge check
+    return { passed: true, skipped: true };
+  }
+
   // ─── Merge ─────────────────────────────────────────────────────────────
 
+  /**
+   * Build a rich squash-commit message with a task list from branch commits.
+   *
+   * Format:
+   *   type(scope): title
+   *
+   *   Tasks:
+   *   - commit subject 1
+   *   - commit subject 2
+   *
+   *   Branch: gsd/M001/S01
+   */
+  private buildRichCommitMessage(
+    commitType: string,
+    milestoneId: string,
+    sliceId: string,
+    sliceTitle: string,
+    mainBranch: string,
+    branch: string,
+  ): string {
+    const subject = `${commitType}(${milestoneId}/${sliceId}): ${sliceTitle}`;
+
+    // Collect branch commit subjects
+    const logOutput = this.git(
+      ["log", "--oneline", "--format=%s", `${mainBranch}..${branch}`],
+      { allowFailure: true },
+    );
+
+    if (!logOutput) return subject;
+
+    const subjects = logOutput.split("\n").filter(Boolean);
+    const MAX_ENTRIES = 20;
+    const truncated = subjects.length > MAX_ENTRIES;
+    const displayed = truncated ? subjects.slice(0, MAX_ENTRIES) : subjects;
+
+    const taskLines = displayed.map(s => `- ${s}`).join("\n");
+    const truncationLine = truncated ? `\n- ... and ${subjects.length - MAX_ENTRIES} more` : "";
+
+    return `${subject}\n\nTasks:\n${taskLines}${truncationLine}\n\nBranch: ${branch}`;
+  }
+
   /**
    * Squash-merge a slice branch into main and delete it.
    *
+   * Flow: snapshot branch HEAD → squash merge → rich commit via stdin →
+   * auto-push (if enabled) → delete branch.
+   *
    * Must be called from the main branch. Uses `inferCommitType(sliceTitle)`
    * for the conventional commit type instead of hardcoding `feat`.
    *
@@ -328,20 +436,52 @@ export class GitServiceImpl {
       );
     }
 
-    // Squash merge
-    this.git(["merge", "--squash", branch]);
+    // Snapshot the branch HEAD before merge (gated on prefs)
+    // We need to save the ref while the branch still exists
+    this.createSnapshot(branch);
 
-    // Build conventional commit message
+    // Build rich commit message before squash (needs branch history)
     const commitType = inferCommitType(sliceTitle);
-    const message = `${commitType}(${milestoneId}/${sliceId}): ${sliceTitle}`;
-    this.git(["commit", "-m", JSON.stringify(message)]);
+    const message = this.buildRichCommitMessage(
+      commitType, milestoneId, sliceId, sliceTitle, mainBranch, branch,
+    );
+
+    // Squash merge — abort cleanly on conflict so the working tree is never
+    // left in a half-merged state (see: merge-bug-fix).
+    try {
+      this.git(["merge", "--squash", branch]);
+    } catch (mergeError) {
+      // git merge --squash exits non-zero on conflict. The working tree now
+      // has conflict markers and a dirty index. Reset to restore a clean state.
+      this.git(["reset", "--hard", "HEAD"], { allowFailure: true });
+      const msg = mergeError instanceof Error ? mergeError.message : String(mergeError);
+      throw new Error(
+        `Squash-merge of "${branch}" into "${mainBranch}" failed with conflicts. ` +
+        `Working tree has been reset to a clean state. ` +
+        `Resolve manually: git checkout ${mainBranch} && git merge --squash ${branch}\n` +
+        `Original error: ${msg}`,
+      );
+    }
+
+    // Commit with rich message via stdin pipe
+    this.git(["commit", "-F", "-"], { input: message });
 
     // Delete the merged branch
     this.git(["branch", "-D", branch]);
 
+    // Auto-push to remote if enabled
+    if (this.prefs.auto_push === true) {
+      const remote = this.prefs.remote ?? "origin";
+      const pushResult = this.git(["push", remote, mainBranch], { allowFailure: true });
+      if (pushResult === "") {
+        // push succeeded (empty stdout is normal) or failed silently
+        // Verify by checking if remote is reachable — the allowFailure handles errors
+      }
+    }
+
     return {
       branch,
-      mergedCommitMessage: message,
+      mergedCommitMessage: `${commitType}(${milestoneId}/${sliceId}): ${sliceTitle}`,
       deletedBranch: true,
     };
   }

package/src/resources/extensions/gsd/gitignore.ts

@@ -145,6 +145,7 @@ See \`~/.gsd/agent/extensions/gsd/docs/preferences-reference.md\` for full field
 - \`models\`: Model preferences for specific task types
 - \`skill_discovery\`: Automatic skill detection preferences
 - \`auto_supervisor\`: Supervision and gating rules for autonomous modes
+- \`git\`: Git preferences — \`main_branch\` (default branch name for new repos, e.g., "main", "master", "trunk"), \`auto_push\`, \`snapshots\`, etc.
 
 ## Examples
 

package/src/resources/extensions/gsd/guided-flow.ts

@@ -20,8 +20,9 @@ import {
 } from "./paths.js";
 import { join } from "node:path";
 import { readFileSync, existsSync, mkdirSync, readdirSync } from "node:fs";
-import { execSync } from "node:child_process";
+import { execSync, execFileSync } from "node:child_process";
 import { ensureGitignore, ensurePreferences } from "./gitignore.js";
+import { loadEffectiveGSDPreferences } from "./preferences.js";
 
 // ─── Auto-start after discuss ─────────────────────────────────────────────────
 
@@ -444,7 +445,8 @@ export async function showSmartEntry(
   try {
     execSync("git rev-parse --git-dir", { cwd: basePath, stdio: "pipe" });
   } catch {
-    execSync("git init", { cwd: basePath, stdio: "pipe" });
+    const mainBranch = loadEffectiveGSDPreferences()?.preferences?.git?.main_branch || "main";
+    execFileSync("git", ["init", "-b", mainBranch], { cwd: basePath, stdio: "pipe" });
   }
 
   // ── Ensure .gitignore has baseline patterns ──────────────────────────
@@ -609,8 +611,9 @@ export async function showSmartEntry(
       });
 
       if (choice === "plan") {
+        const secretsOutputPath = relMilestoneFile(basePath, milestoneId, "SECRETS");
         dispatchWorkflow(pi, loadPrompt("guided-plan-milestone", {
-          milestoneId, milestoneTitle,
+          milestoneId, milestoneTitle, secretsOutputPath,
         }));
       } else if (choice === "discuss") {
         dispatchWorkflow(pi, loadPrompt("guided-discuss-milestone", {

package/src/resources/extensions/gsd/preferences.ts

@@ -2,6 +2,8 @@ import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
 import { homedir } from "node:os";
 import { isAbsolute, join } from "node:path";
 import { getAgentDir } from "@mariozechner/pi-coding-agent";
+import type { GitPreferences } from "./git-service.ts";
+import { VALID_BRANCH_NAME } from "./git-service.ts";
 
 const GLOBAL_PREFERENCES_PATH = join(homedir(), ".gsd", "preferences.md");
 const LEGACY_GLOBAL_PREFERENCES_PATH = join(homedir(), ".pi", "agent", "gsd-preferences.md");
@@ -51,6 +53,7 @@ export interface GSDPreferences {
   uat_dispatch?: boolean;
   budget_ceiling?: number;
   remote_questions?: RemoteQuestionsConfig;
+  git?: GitPreferences;
 }
 
 export interface LoadedGSDPreferences {
@@ -511,6 +514,9 @@ function mergePreferences(base: GSDPreferences, override: GSDPreferences): GSDPr
     remote_questions: override.remote_questions
       ? { ...(base.remote_questions ?? {}), ...override.remote_questions }
       : base.remote_questions,
+    git: (base.git || override.git)
+      ? { ...(base.git ?? {}), ...(override.git ?? {}) }
+      : undefined,
   };
 }
 
@@ -594,6 +600,59 @@ function validatePreferences(preferences: GSDPreferences): {
     }
   }
 
+  // ─── Git Preferences ───────────────────────────────────────────────────
+  if (preferences.git && typeof preferences.git === "object") {
+    const git: Record<string, unknown> = {};
+    const g = preferences.git as Record<string, unknown>;
+
+    if (g.auto_push !== undefined) {
+      if (typeof g.auto_push === "boolean") git.auto_push = g.auto_push;
+      else errors.push("git.auto_push must be a boolean");
+    }
+    if (g.push_branches !== undefined) {
+      if (typeof g.push_branches === "boolean") git.push_branches = g.push_branches;
+      else errors.push("git.push_branches must be a boolean");
+    }
+    if (g.remote !== undefined) {
+      if (typeof g.remote === "string" && g.remote.trim() !== "") git.remote = g.remote.trim();
+      else errors.push("git.remote must be a non-empty string");
+    }
+    if (g.snapshots !== undefined) {
+      if (typeof g.snapshots === "boolean") git.snapshots = g.snapshots;
+      else errors.push("git.snapshots must be a boolean");
+    }
+    if (g.pre_merge_check !== undefined) {
+      if (typeof g.pre_merge_check === "boolean") {
+        git.pre_merge_check = g.pre_merge_check;
+      } else if (typeof g.pre_merge_check === "string" && g.pre_merge_check.trim() !== "") {
+        git.pre_merge_check = g.pre_merge_check.trim();
+      } else {
+        errors.push("git.pre_merge_check must be a boolean or a non-empty string command");
+      }
+    }
+    if (g.commit_type !== undefined) {
+      const validCommitTypes = new Set([
+        "feat", "fix", "refactor", "docs", "test", "chore", "perf", "ci", "build", "style",
+      ]);
+      if (typeof g.commit_type === "string" && validCommitTypes.has(g.commit_type)) {
+        git.commit_type = g.commit_type;
+      } else {
+        errors.push(`git.commit_type must be one of: feat, fix, refactor, docs, test, chore, perf, ci, build, style`);
+      }
+    }
+    if (g.main_branch !== undefined) {
+      if (typeof g.main_branch === "string" && g.main_branch.trim() !== "" && VALID_BRANCH_NAME.test(g.main_branch)) {
+        git.main_branch = g.main_branch;
+      } else {
+        errors.push("git.main_branch must be a valid branch name (alphanumeric, _, -, /, .)");
+      }
+    }
+
+    if (Object.keys(git).length > 0) {
+      validated.git = git as GitPreferences;
+    }
+  }
+
   return { preferences: validated, errors };
 }
 

package/src/resources/extensions/gsd/prompts/complete-milestone.md

@@ -15,7 +15,7 @@ Then:
 6. Write `{{milestoneSummaryAbsPath}}` using the milestone-summary template. Fill all frontmatter fields and narrative sections. The `requirement_outcomes` field must list every requirement that changed status with `from_status`, `to_status`, and `proof`.
 7. Update `.gsd/REQUIREMENTS.md` if any requirement status transitions were validated in step 5.
 8. Update `.gsd/PROJECT.md` to reflect milestone completion and current project state.
-9. Commit all changes: `git add -A && git commit -m 'feat(gsd): complete {{milestoneId}}'`
+9. Do not commit manually — the system auto-commits your changes after this unit completes.
 10. Update `.gsd/STATE.md`
 
 **Important:** Do NOT skip the success criteria and definition of done verification (steps 3-4). The milestone summary must reflect actual verified outcomes, not assumed success. If any criterion was not met, document it clearly in the summary and do not mark the milestone as passing verification.

package/src/resources/extensions/gsd/prompts/complete-slice.md

@@ -6,19 +6,21 @@ All relevant context has been preloaded below — the slice plan, all task summa
 
 {{inlinedContext}}
 
+**Match effort to complexity.** A simple slice with 1-2 tasks needs a brief summary and lightweight verification. A complex slice with 5 tasks across multiple subsystems needs thorough verification and a detailed summary. Scale the work below accordingly.
+
 Then:
 1. Read the templates:
    - `~/.gsd/agent/extensions/gsd/templates/slice-summary.md`
    - `~/.gsd/agent/extensions/gsd/templates/uat.md`
 2. If a `GSD Skill Preferences` block is present in system context, use it to decide which skills to load and follow during completion, without relaxing required verification or artifact rules
 3. Run all slice-level verification checks defined in the slice plan. All must pass before marking the slice done. If any fail, fix them first.
-4. Confirm the slice's observability/diagnostic surfaces are real and useful where relevant: status inspection works, failure state is externally visible, structured errors/logs are actionable, and hidden failures are not being mistaken for success.
-5. If `.gsd/REQUIREMENTS.md` exists, update it based on what this slice actually proved. Move requirements between Active, Validated, Deferred, Blocked, or Out of Scope only when the evidence from execution supports that change. Surface any new candidate requirements discovered during execution instead of silently dropping them.
-6. Write `{{sliceSummaryAbsPath}}` (compress all task summaries). Fill the requirement-related sections explicitly.
-7. Write `{{sliceUatAbsPath}}`. Fill the new `UAT Type`, `Requirements Proved By This UAT`, and `Not Proven By This UAT` sections explicitly.
-8. Review task summaries for `key_decisions`. Ensure any significant architectural, pattern, or observability decisions are in `.gsd/DECISIONS.md`. If any are missing, append them now.
+4. If the slice plan includes observability/diagnostic surfaces, confirm they work. Skip this for simple slices that don't have observability sections.
+5. If `.gsd/REQUIREMENTS.md` exists, update it based on what this slice actually proved. Move requirements between Active, Validated, Deferred, Blocked, or Out of Scope only when the evidence from execution supports that change.
+6. Write `{{sliceSummaryAbsPath}}` (compress all task summaries).
+7. Write `{{sliceUatAbsPath}}`.
+8. Review task summaries for `key_decisions`. Append any significant decisions to `.gsd/DECISIONS.md` if missing.
 9. Mark {{sliceId}} done in `{{roadmapPath}}` (change `[ ]` to `[x]`)
-10. Commit all remaining slice changes: `git add -A && git commit -m 'feat(gsd): complete {{sliceId}}'`. Do not squash-merge manually; the extension will merge the slice branch back to main after this unit succeeds.
+10. Do not commit or squash-merge manually — the system auto-commits your changes and handles the merge after this unit succeeds.
 11. Update `.gsd/PROJECT.md` if it exists — refresh current state if needed.
 12. Update `.gsd/STATE.md`
 

package/src/resources/extensions/gsd/prompts/discuss.md

@@ -9,7 +9,7 @@ Special handling: if the user message is not a project description (for example,
 After the user describes their idea, **do not ask questions yet**. First, prove you understood by reflecting back:
 
 1. Summarize what you understood in your own words — concretely, not abstractly.
-2. Include a complexity/scale read: "This sounds like [task/project/product] scale — roughly N milestone(s)."
+2. Give an honest size read: roughly how many milestones, roughly how many slices in the first one. Base this on the actual work involved, not a classification label. A config change might be 1 milestone with 1 slice. A social network might be 5 milestones with 8+ slices each. Use your judgment.
 3. Include scope honesty — a bullet list of the major capabilities you're hearing: "Here's what I'm hearing: [bullet list of major capabilities]."
 4. Ask: "Did I get that right, or did I miss something?" — plain text, not `ask_user_questions`. Let them correct freely.
 
@@ -17,18 +17,14 @@ This prevents runaway questioning by forcing comprehension proof before anything
 
 ## Vision Mapping
 
-After reflection is confirmed, classify the scale:
+After reflection is confirmed, decide the approach based on the actual scope — not a label:
 
-- **Task** — a focused piece of work (single milestone, few slices)
-- **Project** — a coherent product with multiple major capabilities (multi-milestone likely)
-- **Product/Platform** — a large vision with distinct phases, audiences, or systems (definitely multi-milestone)
-
-**For Project or Product/Platform scale:** Before drilling into details, map the full landscape:
+**If the work spans multiple milestones:** Before drilling into details, map the full landscape:
 1. Propose a milestone sequence — names, one-line intents, rough dependencies
 2. Present this to the user for confirmation or adjustment
 3. Only then begin the deep Q&A — and scope the Q&A to the full vision, not just M001
 
-**For Task scale:** Proceed directly to questioning.
+**If the work fits in a single milestone:** Proceed directly to questioning.
 
 **Anti-reduction rule:** If the user describes a big vision, plan the big vision. Do not ask "what's the minimum viable version?" or try to reduce scope unless the user explicitly asks for an MVP or minimal version. When something is complex or risky, phase it into a later milestone — do not cut it. The user's ambition is the target, and your job is to sequence it intelligently, not shrink it.
 
@@ -77,15 +73,13 @@ Do NOT offer to proceed until ALL of the following are satisfied. Track these in
 - [ ] **The biggest technical unknowns / risks** — what could fail, what hasn't been proven
 - [ ] **What external systems/services this touches** — APIs, databases, third-party services, hardware
 
-**Minimum round counts before the wrap-up gate is allowed:**
-- **Task scale:** at least 2 full rounds (6+ questions asked and answered)
-- **Project/Product scale:** at least 4 full rounds (12+ questions asked and answered)
+**Questioning depth should match scope.** Simple, well-defined work needs fewer rounds — maybe 1-2. Large, ambiguous visions need more — maybe 4+. Don't pad rounds to hit a number. Stop when the depth checklist is satisfied and you genuinely understand the work.
 
 Do not count the reflection step as a question round. Rounds start after reflection is confirmed.
 
 ## Wrap-up Gate
 
-Only after the depth checklist is fully satisfied AND minimum rounds are hit, offer to proceed.
+Only after the depth checklist is fully satisfied and you genuinely understand the work, offer to proceed.
 
 The wrap-up gate must include a scope reflection:
 "Here's what I'm planning to build: [list of capabilities with rough complexity]. Does this match your vision, or did I miss something?"
@@ -149,9 +143,7 @@ If the project is new or has no `REQUIREMENTS.md`, confirm candidate requirement
 
 ## Scope Assessment
 
-Confirm the scale assessment from Vision Mapping still holds after discussion. If the scope grew or shrank significantly during Q&A, adjust the milestone count accordingly.
-
-If Vision Mapping classified the work as Task but discussion revealed Project-scale complexity, upgrade to multi-milestone and propose the split. If Vision Mapping classified it as Project but the scope narrowed to a single coherent body of work (roughly 2-12 slices), downgrade to single-milestone.
+Before moving to output, confirm the size estimate from your reflection still holds. Discussion often reveals hidden complexity or simplifies things. If the scope grew or shrank significantly during Q&A, adjust the milestone and slice counts accordingly. Be honest — if something you thought was multi-milestone turns out to be 3 slices, plan 3 slices. If something you thought was simple turns out to need multiple milestones, say so.
 
 ## Output Phase
 

package/src/resources/extensions/gsd/prompts/execute-task.md

@@ -24,11 +24,7 @@ Then:
 2. Execute the steps in the inlined task plan
 3. Build the real thing. If the task plan says "create login endpoint", build an endpoint that actually authenticates against a real store, not one that returns a hardcoded success response. If the task plan says "create dashboard page", build a page that renders real data from the API, not a component with hardcoded props. Stubs and mocks are for tests, not for the shipped feature.
 4. Write or update tests as part of execution — tests are verification, not an afterthought. If the slice plan defines test files in its Verification section and this is the first task, create them (they should initially fail).
-5. When implementing non-trivial runtime behavior, add or preserve agent-usable observability:
-   - Prefer structured logs/events, stable error codes/types, and explicit status surfaces over ad hoc console text
-   - Ensure failures are externally inspectable rather than swallowed or hidden
-   - Persist high-value failure state when it materially improves retries, recovery, or later debugging
-   - Never log secrets, tokens, or sensitive raw payloads unnecessarily
+5. When implementing non-trivial runtime behavior (async flows, API boundaries, background processes, error paths), add or preserve agent-usable observability. Skip this for simple changes where it doesn't apply.
 6. Verify must-haves are met by running concrete checks (tests, commands, observable behaviors)
 7. Run the slice-level verification checks defined in the slice plan's Verification section. Track which pass. On the final task of the slice, all must pass before marking done. On intermediate tasks, partial passes are expected — note which ones pass in the summary.
 8. If the task touches UI, browser flows, DOM behavior, or user-visible web state:
@@ -38,7 +34,7 @@ Then:
    - use `browser_diff` when an action's effect is ambiguous
    - use console/network/dialog diagnostics when validating async, stateful, or failure-prone UI
    - record verification in terms of explicit checks passed/failed, not only prose interpretation
-9. If observability or diagnostics were part of this task's scope, verify them directly — e.g. structured errors, status inspection, health endpoints, persisted failure state, browser/network diagnostics, or equivalent.
+9. If the task plan includes an Observability Impact section, verify those signals directly. Skip this step if the task plan omits the section.
 10. **If execution is running long or verification fails:**
 
     **Context budget:** If you've used most of your context and haven't finished all steps, stop implementing and prioritize writing the task summary with clear notes on what's done and what remains. A partial summary that enables clean resumption is more valuable than one more half-finished step with no documentation. Never sacrifice summary quality for one more implementation step.
@@ -55,7 +51,7 @@ Then:
 13. Read the template at `~/.gsd/agent/extensions/gsd/templates/task-summary.md`
 14. Write `{{taskSummaryAbsPath}}`
 15. Mark {{taskId}} done in `{{planPath}}` (change `[ ]` to `[x]`)
-16. Commit your work: `git add -A && git commit -m 'feat({{sliceId}}/{{taskId}}): <what was built>'`. If `git add` silently fails to stage files (a known git worktree stat-cache bug), use this workaround per file: `git update-index --cacheinfo 100644,$(git hash-object -w <file>),<file>` then commit. If that also fails, move on — the system will auto-commit remaining changes after your session ends.
+16. Do not commit manually — the system auto-commits your changes after this unit completes.
 17. Update `.gsd/STATE.md`
 
 You are on the slice branch. All work stays here.

package/src/resources/extensions/gsd/prompts/guided-plan-milestone.md

@@ -21,3 +21,7 @@ Plan milestone {{milestoneId}} ("{{milestoneTitle}}"). Read `.gsd/DECISIONS.md`
 - **Don't invent risks.** If the project is straightforward, skip the proof strategy and just ship value in smart order. Not everything has major unknowns.
 - **Ship features, not proofs.** A completed slice should leave the product in a state where the new capability is actually usable through its real interface. A login flow slice ends with a working login page, not a middleware function. An API slice ends with endpoints that return real data from a real store, not hardcoded fixtures. A dashboard slice ends with a real dashboard rendering real data, not a component that renders mock props. If a slice can't ship the real thing yet because a dependency isn't built, it should ship with realistic stubs that are clearly marked for replacement — but the user-facing surface must be real.
 - **Ambition matches the milestone.** The number and depth of slices should match the milestone's ambition. A milestone promising "core platform with auth, data model, and primary user loop" should have enough slices to actually deliver all three as working features — not two proof-of-concept slices and a note that "the rest will come in the next milestone." If the milestone's context promises an outcome, the roadmap must deliver it.
+
+## Secret Forecasting
+
+After writing the roadmap, analyze the slices and their boundary maps for external service dependencies (third-party APIs, SaaS platforms, cloud providers, databases requiring credentials, OAuth providers, etc.). If this milestone requires any external API keys or secrets, read the template at `~/.gsd/agent/extensions/gsd/templates/secrets-manifest.md` for the expected format and write `{{secretsOutputPath}}` listing every predicted secret as an H3 section with the Service name, a direct Dashboard URL to the console page where the key is created, a Format hint showing what the key looks like, Status set to `pending`, and Destination (`dotenv`, `vercel`, or `convex`). Include numbered step-by-step guidance for obtaining each key. If this milestone does not require any external API keys or secrets, skip this step entirely — do not create an empty manifest.