gsd-pi 2.41.0-dev.cac69f9 → 2.42.0-dev.1df898f

package/dist/resources/extensions/gsd/doctor-checks.js

@@ -1,6 +1,6 @@
 import { existsSync, lstatSync, readdirSync, readFileSync, realpathSync, rmSync, statSync } from "node:fs";
 import { basename, dirname, join, sep } from "node:path";
-import { readRepoMeta, externalProjectsRoot } from "./repo-identity.js";
+import { readRepoMeta, externalProjectsRoot, cleanNumberedGsdVariants } from "./repo-identity.js";
 import { loadFile, parseRoadmap } from "./files.js";
 import { resolveMilestoneFile, milestonesDir, gsdRoot, resolveGsdRootFile } from "./paths.js";
 import { deriveState, isMilestoneComplete } from "./state.js";
@@ -733,6 +733,36 @@ export async function checkRuntimeHealth(basePath, issues, fixesApplied, shouldF
     catch {
         // Non-fatal — external state check failed
     }
+    // ── Numbered .gsd collision variants (#2205) ───────────────────────────
+    // macOS APFS can create ".gsd 2", ".gsd 3" etc. when a directory blocks
+    // symlink creation. These must be removed so the canonical .gsd is used.
+    try {
+        const variantPattern = /^\.gsd \d+$/;
+        const entries = readdirSync(basePath);
+        const variants = entries.filter(e => variantPattern.test(e));
+        if (variants.length > 0) {
+            for (const v of variants) {
+                issues.push({
+                    severity: "warning",
+                    code: "numbered_gsd_variant",
+                    scope: "project",
+                    unitId: "project",
+                    message: `Found macOS collision variant "${v}" — this can cause GSD state to appear deleted.`,
+                    file: v,
+                    fixable: true,
+                });
+            }
+            if (shouldFix("numbered_gsd_variant")) {
+                const removed = cleanNumberedGsdVariants(basePath);
+                for (const name of removed) {
+                    fixesApplied.push(`removed numbered .gsd variant: ${name}`);
+                }
+            }
+        }
+    }
+    catch {
+        // Non-fatal — variant check failed
+    }
     // ── Metrics ledger integrity ───────────────────────────────────────────
     try {
         const metricsPath = join(root, "metrics.json");

package/dist/resources/extensions/gsd/doctor-providers.js

@@ -260,11 +260,21 @@ function checkRemoteQuestionsProvider() {
 function checkOptionalProviders() {
     const optional = ["brave", "tavily", "jina", "context7"];
     const results = [];
+    // Determine which search providers are configured so we can suppress
+    // "not configured" noise for alternative search providers when at least
+    // one is already active (e.g. don't warn about missing BRAVE_API_KEY
+    // when Tavily is configured).
+    const searchProviderIds = ["brave", "tavily"];
+    const hasAnySearchProvider = searchProviderIds.some(id => resolveKey(id).found);
     for (const providerId of optional) {
         const info = PROVIDER_REGISTRY.find(p => p.id === providerId);
         if (!info)
             continue;
         const lookup = resolveKey(providerId);
+        // Skip unconfigured search providers when another search provider is active
+        if (!lookup.found && hasAnySearchProvider && info.category === "search") {
+            continue;
+        }
         results.push({
             name: providerId,
             label: info.label,

package/dist/resources/extensions/gsd/engine-resolver.js

@@ -0,0 +1,40 @@
+/**
+ * engine-resolver.ts — Route sessions to engine/policy pairs.
+ *
+ * Routes `null` and `"dev"` engine IDs to the DevWorkflowEngine/DevExecutionPolicy
+ * pair. Any other non-null engine ID is treated as a custom workflow engine that
+ * reads its state from an `activeRunDir`. Respects `GSD_ENGINE_BYPASS=1` kill
+ * switch to skip the engine layer entirely.
+ */
+import { DevWorkflowEngine } from "./dev-workflow-engine.js";
+import { DevExecutionPolicy } from "./dev-execution-policy.js";
+import { CustomWorkflowEngine } from "./custom-workflow-engine.js";
+import { CustomExecutionPolicy } from "./custom-execution-policy.js";
+/**
+ * Resolve an engine/policy pair for the given session.
+ *
+ * - `null` or `"dev"` → DevWorkflowEngine + DevExecutionPolicy
+ * - any other non-null ID → CustomWorkflowEngine(activeRunDir) + CustomExecutionPolicy()
+ *   (requires activeRunDir to be a non-empty string)
+ *
+ * Note: `GSD_ENGINE_BYPASS=1` is checked in autoLoop before calling this function.
+ */
+export function resolveEngine(session) {
+    const { activeEngineId, activeRunDir } = session;
+    if (activeEngineId === null || activeEngineId === "dev") {
+        return {
+            engine: new DevWorkflowEngine(),
+            policy: new DevExecutionPolicy(),
+        };
+    }
+    // Any non-null, non-"dev" engine ID is a custom workflow engine.
+    // activeRunDir is required — the engine reads GRAPH.yaml from it.
+    if (!activeRunDir || typeof activeRunDir !== "string") {
+        throw new Error(`Custom engine "${activeEngineId}" requires activeRunDir to be a non-empty string, ` +
+            `got: ${JSON.stringify(activeRunDir)}`);
+    }
+    return {
+        engine: new CustomWorkflowEngine(activeRunDir),
+        policy: new CustomExecutionPolicy(activeRunDir),
+    };
+}

package/dist/resources/extensions/gsd/engine-types.js

@@ -0,0 +1,8 @@
+/**
+ * engine-types.ts — Engine-polymorphic type contracts.
+ *
+ * LEAF NODE: This file must have ZERO imports from any GSD module.
+ * Only `node:` imports are permitted. All engine/policy interfaces
+ * depend on these types; nothing here depends on GSD internals.
+ */
+export {};

package/dist/resources/extensions/gsd/execution-policy.js

@@ -0,0 +1,8 @@
+/**
+ * execution-policy.ts — ExecutionPolicy interface.
+ *
+ * Defines the policy layer that governs model selection, verification,
+ * recovery, and closeout for each execution step. Imports only from
+ * the leaf-node engine-types.
+ */
+export {};

package/dist/resources/extensions/gsd/forensics.js

@@ -24,6 +24,70 @@ import { loadPrompt } from "./prompt-loader.js";
 import { gsdRoot } from "./paths.js";
 import { formatDuration } from "../shared/format-utils.js";
 import { getAutoWorktreePath } from "./auto-worktree.js";
+import { loadEffectiveGSDPreferences, loadGlobalGSDPreferences, getGlobalGSDPreferencesPath } from "./preferences.js";
+import { showNextAction } from "../shared/tui.js";
+import { ensurePreferencesFile, serializePreferencesToFrontmatter } from "./commands-prefs-wizard.js";
+// ─── Duplicate Detection ──────────────────────────────────────────────────────
+const DEDUP_PROMPT_SECTION = `
+## Duplicate Detection (REQUIRED before issue creation)
+
+Before offering to create a GitHub issue, you MUST search for existing issues and PRs that may already address this bug. This step uses the user's AI tokens for analysis.
+
+### Search Steps
+
+1. **Search closed issues** for similar keywords from your diagnosis:
+   \`\`\`
+   gh issue list --repo gsd-build/gsd-2 --state closed --search "<keywords from root cause>" --limit 20
+   \`\`\`
+
+2. **Search open PRs** that might contain the fix:
+   \`\`\`
+   gh pr list --repo gsd-build/gsd-2 --state open --search "<keywords>" --limit 10
+   \`\`\`
+
+3. **Search merged PRs** that may have already fixed this:
+   \`\`\`
+   gh pr list --repo gsd-build/gsd-2 --state merged --search "<keywords>" --limit 10
+   \`\`\`
+
+### Analysis
+
+For each result, compare it against your root-cause diagnosis:
+- Does the issue describe the same code path or file?
+- Does the PR modify the same file:line you identified?
+- Is the symptom description semantically similar even if keywords differ?
+
+### Present Findings
+
+If you find potential matches, present them to the user:
+
+1. **"Already fixed by PR #X — skip issue creation"** — when a merged PR or closed issue clearly addresses the same root cause. Explain why you believe it matches.
+2. **"Add my findings to existing issue #Y"** — when an open issue exists for the same bug. Use \`gh issue comment #Y --repo gsd-build/gsd-2\` to add forensic evidence.
+3. **"Create new issue anyway"** — when existing results do not cover this specific failure.
+
+Only proceed to issue creation if no matches were found OR the user explicitly chooses "Create new issue anyway".
+`;
+async function writeForensicsDedupPref(ctx, enabled) {
+    const prefsPath = getGlobalGSDPreferencesPath();
+    await ensurePreferencesFile(prefsPath, ctx, "global");
+    const existing = loadGlobalGSDPreferences();
+    const prefs = existing?.preferences ? { ...existing.preferences } : {};
+    prefs.version = prefs.version || 1;
+    prefs.forensics_dedup = enabled;
+    const frontmatter = serializePreferencesToFrontmatter(prefs);
+    const raw = existsSync(prefsPath) ? readFileSync(prefsPath, "utf-8") : "";
+    let body = "\n# GSD Skill Preferences\n\nSee `~/.gsd/agent/extensions/gsd/docs/preferences-reference.md` for full field documentation and examples.\n";
+    const start = raw.startsWith("---\n") ? 4 : raw.startsWith("---\r\n") ? 5 : -1;
+    if (start !== -1) {
+        const closingIdx = raw.indexOf("\n---", start);
+        if (closingIdx !== -1) {
+            const after = raw.slice(closingIdx + 4);
+            if (after.trim())
+                body = after;
+        }
+    }
+    writeFileSync(prefsPath, `---\n${frontmatter}---${body}`, "utf-8");
+}
 // ─── Entry Point ──────────────────────────────────────────────────────────────
 export async function handleForensics(args, ctx, pi) {
     if (isAutoActive()) {
@@ -44,6 +108,25 @@ export async function handleForensics(args, ctx, pi) {
         ctx.ui.notify("Problem description required for forensic analysis.", "warning");
         return;
     }
+    // ─── Duplicate detection opt-in ─────────────────────────────────────────────
+    const effectivePrefs = loadEffectiveGSDPreferences()?.preferences;
+    let dedupEnabled = effectivePrefs?.forensics_dedup === true;
+    if (effectivePrefs?.forensics_dedup === undefined) {
+        const choice = await showNextAction(ctx, {
+            title: "Duplicate detection available",
+            summary: ["Before filing a GitHub issue, forensics can search existing issues and PRs to avoid duplicates.", "This uses additional AI tokens for analysis."],
+            actions: [
+                { id: "enable", label: "Enable duplicate detection", description: "Search issues/PRs before filing (recommended)", recommended: true },
+                { id: "skip", label: "Skip for now", description: "File without checking for duplicates" },
+            ],
+            notYetMessage: "You can enable this later via preferences (forensics_dedup: true).",
+        });
+        if (choice === "enable") {
+            await writeForensicsDedupPref(ctx, true);
+            dedupEnabled = true;
+        }
+    }
+    const dedupSection = dedupEnabled ? DEDUP_PROMPT_SECTION : "";
     ctx.ui.notify("Building forensic report...", "info");
     const report = await buildForensicReport(basePath);
     const savedPath = saveForensicReport(basePath, report, problemDescription);
@@ -61,6 +144,7 @@ export async function handleForensics(args, ctx, pi) {
         problemDescription,
         forensicData,
         gsdSourceDir,
+        dedupSection,
     });
     ctx.ui.notify(`Forensic report saved: ${relative(basePath, savedPath)}`, "info");
     pi.sendMessage({ customType: "gsd-forensics", content, display: false }, { triggerTurn: true });

package/dist/resources/extensions/gsd/git-constants.js

@@ -7,4 +7,5 @@ export const GIT_NO_PROMPT_ENV = {
     GIT_TERMINAL_PROMPT: "0",
     GIT_ASKPASS: "",
     GIT_SVN_ID: "",
+    LC_ALL: "C", // force English git output so stderr string checks work on all locales (#1997)
 };

package/dist/resources/extensions/gsd/git-service.js

@@ -130,7 +130,7 @@ export function readIntegrationBranch(basePath, milestoneId) {
  */
 /** Regex matching GSD quick-task branches: gsd/quick/<num>-<slug> */
 export const QUICK_BRANCH_RE = /^gsd\/quick\//;
-export function writeIntegrationBranch(basePath, milestoneId, branch, _options) {
+export function writeIntegrationBranch(basePath, milestoneId, branch) {
     // Don't record slice branches as the integration target
     if (SLICE_BRANCH_RE.test(branch))
         return;

package/dist/resources/extensions/gsd/graph.js

@@ -0,0 +1,225 @@
+/**
+ * graph.ts — Pure data module for GRAPH.yaml workflow step tracking.
+ *
+ * Provides types and functions for reading, writing, and querying the
+ * step graph that drives CustomWorkflowEngine. Zero engine dependencies.
+ *
+ * GRAPH.yaml lives in a run directory and tracks step statuses
+ * (pending → active → complete) with optional dependency edges.
+ *
+ * Observability:
+ * - readGraph/writeGraph use YAML on disk — human-readable, diffable,
+ *   inspectable with `cat` or any YAML viewer.
+ * - Each GraphStep has status, startedAt, finishedAt fields visible in GRAPH.yaml.
+ * - writeGraph uses atomic write (tmp + rename) for crash safety.
+ * - All operations are immutable — callers always get a new graph object.
+ */
+import { parse, stringify } from "yaml";
+import { readFileSync, writeFileSync, renameSync, existsSync, mkdirSync } from "node:fs";
+import { join } from "node:path";
+// ─── YAML schema mapping ─────────────────────────────────────────────────
+const GRAPH_FILENAME = "GRAPH.yaml";
+// ─── Functions ───────────────────────────────────────────────────────────
+/**
+ * Read and parse GRAPH.yaml from a run directory.
+ *
+ * @param runDir — directory containing GRAPH.yaml
+ * @returns Parsed workflow graph
+ * @throws Error if file doesn't exist or YAML is malformed
+ */
+export function readGraph(runDir) {
+    const filePath = join(runDir, GRAPH_FILENAME);
+    if (!existsSync(filePath)) {
+        throw new Error(`GRAPH.yaml not found: ${filePath}`);
+    }
+    const raw = readFileSync(filePath, "utf-8");
+    const yaml = parse(raw);
+    if (!yaml?.steps || !Array.isArray(yaml.steps)) {
+        throw new Error(`Invalid GRAPH.yaml: missing or invalid 'steps' array in ${filePath}`);
+    }
+    return {
+        steps: yaml.steps.map((s) => ({
+            id: s.id,
+            title: s.title,
+            status: s.status,
+            prompt: s.prompt,
+            dependsOn: s.depends_on ?? [],
+            ...(s.parent_step_id != null ? { parentStepId: s.parent_step_id } : {}),
+            ...(s.started_at != null ? { startedAt: s.started_at } : {}),
+            ...(s.finished_at != null ? { finishedAt: s.finished_at } : {}),
+        })),
+        metadata: {
+            name: yaml.metadata?.name ?? "unnamed",
+            createdAt: yaml.metadata?.created_at ?? new Date().toISOString(),
+        },
+    };
+}
+/**
+ * Write a workflow graph to GRAPH.yaml in a run directory.
+ * Creates the directory if it doesn't exist. Write is atomic (write + rename).
+ *
+ * @param runDir — directory to write GRAPH.yaml into
+ * @param graph — the workflow graph to serialize
+ */
+export function writeGraph(runDir, graph) {
+    if (!existsSync(runDir)) {
+        mkdirSync(runDir, { recursive: true });
+    }
+    const yamlData = {
+        steps: graph.steps.map((s) => ({
+            id: s.id,
+            title: s.title,
+            status: s.status,
+            prompt: s.prompt,
+            depends_on: s.dependsOn.length > 0 ? s.dependsOn : undefined,
+            parent_step_id: s.parentStepId ?? undefined,
+            started_at: s.startedAt ?? undefined,
+            finished_at: s.finishedAt ?? undefined,
+        })),
+        metadata: {
+            name: graph.metadata.name,
+            created_at: graph.metadata.createdAt,
+        },
+    };
+    const filePath = join(runDir, GRAPH_FILENAME);
+    const tmpPath = filePath + ".tmp";
+    const content = stringify(yamlData);
+    writeFileSync(tmpPath, content, "utf-8");
+    // Atomic rename for crash safety
+    renameSync(tmpPath, filePath);
+}
+/**
+ * Get the next pending step whose dependencies are all complete.
+ *
+ * Returns the first step (in array order) with status "pending" where
+ * every step in its `dependsOn` list has status "complete".
+ *
+ * @param graph — the workflow graph to query
+ * @returns The next dispatchable step, or null if none available
+ */
+export function getNextPendingStep(graph) {
+    const statusMap = new Map(graph.steps.map((s) => [s.id, s.status]));
+    for (const step of graph.steps) {
+        if (step.status !== "pending")
+            continue;
+        const depsComplete = step.dependsOn.every((depId) => statusMap.get(depId) === "complete");
+        if (depsComplete)
+            return step;
+    }
+    return null;
+}
+/**
+ * Return a new graph with the specified step marked as "complete".
+ * Immutable — does not mutate the input graph.
+ *
+ * @param graph — the current workflow graph
+ * @param stepId — ID of the step to mark complete
+ * @returns New graph with the step's status set to "complete"
+ * @throws Error if stepId is not found in the graph
+ */
+export function markStepComplete(graph, stepId) {
+    const found = graph.steps.some((s) => s.id === stepId);
+    if (!found) {
+        throw new Error(`Step not found: ${stepId}`);
+    }
+    return {
+        ...graph,
+        steps: graph.steps.map((s) => s.id === stepId
+            ? { ...s, status: "complete", finishedAt: new Date().toISOString() }
+            : s),
+    };
+}
+// ─── Iteration expansion ─────────────────────────────────────────────────
+/**
+ * Expand an iterate step into concrete instances. Pure and deterministic —
+ * identical inputs always produce identical output.
+ *
+ * Given a parent step with status "pending" and an array of matched items,
+ * creates one instance step per item, marks the parent as "expanded", and
+ * rewrites any downstream dependsOn references from the parent ID to the
+ * full set of instance IDs.
+ *
+ * @param graph — the current workflow graph (not mutated)
+ * @param stepId — ID of the iterate step to expand
+ * @param items — matched items from the source artifact
+ * @param promptTemplate — template with {{item}} placeholders
+ * @returns New WorkflowGraph with instances inserted and deps rewritten
+ * @throws Error if stepId not found or step is not pending
+ */
+export function expandIteration(graph, stepId, items, promptTemplate) {
+    const parentIndex = graph.steps.findIndex((s) => s.id === stepId);
+    if (parentIndex === -1) {
+        throw new Error(`expandIteration: step not found: ${stepId}`);
+    }
+    const parentStep = graph.steps[parentIndex];
+    if (parentStep.status !== "pending") {
+        throw new Error(`expandIteration: step "${stepId}" has status "${parentStep.status}", expected "pending"`);
+    }
+    // Create instance steps
+    const instanceIds = [];
+    const instances = items.map((item, i) => {
+        const instanceId = `${stepId}--${String(i + 1).padStart(3, "0")}`;
+        instanceIds.push(instanceId);
+        return {
+            id: instanceId,
+            title: `${parentStep.title}: ${item}`,
+            status: "pending",
+            prompt: promptTemplate.replace(/\{\{item\}\}/g, () => item),
+            dependsOn: [...parentStep.dependsOn],
+            parentStepId: stepId,
+        };
+    });
+    // Build new steps array: copy everything, mark parent as expanded,
+    // insert instances right after the parent, rewrite downstream deps.
+    const newSteps = [];
+    for (let i = 0; i < graph.steps.length; i++) {
+        if (i === parentIndex) {
+            // Mark parent as expanded
+            newSteps.push({ ...parentStep, status: "expanded" });
+            // Insert instances immediately after parent
+            newSteps.push(...instances);
+        }
+        else {
+            const step = graph.steps[i];
+            // Rewrite dependsOn: replace parent ID with all instance IDs
+            const hasDep = step.dependsOn.includes(stepId);
+            if (hasDep) {
+                const rewritten = step.dependsOn.flatMap((dep) => dep === stepId ? instanceIds : [dep]);
+                newSteps.push({ ...step, dependsOn: rewritten });
+            }
+            else {
+                newSteps.push(step);
+            }
+        }
+    }
+    return {
+        ...graph,
+        steps: newSteps,
+    };
+}
+// ─── Definition → Graph conversion ──────────────────────────────────────
+/**
+ * Convert a parsed WorkflowDefinition into a WorkflowGraph with all
+ * steps in "pending" status. Used by run-manager to generate the initial
+ * GRAPH.yaml for a new run.
+ *
+ * @param def — a validated WorkflowDefinition from definition-loader
+ * @returns WorkflowGraph with pending steps and metadata from the definition
+ */
+export function initializeGraph(def) {
+    return {
+        steps: def.steps.map((s) => ({
+            id: s.id,
+            title: s.name,
+            status: "pending",
+            prompt: s.prompt,
+            dependsOn: s.requires ?? [],
+        })),
+        metadata: {
+            name: def.name,
+            createdAt: new Date().toISOString(),
+        },
+    };
+}
+/** @deprecated Use initializeGraph instead. Kept for backward compatibility. */
+export { initializeGraph as graphFromDefinition };

package/dist/resources/extensions/gsd/native-git-bridge.js

@@ -683,6 +683,7 @@ export function nativeMergeSquash(basePath, branch) {
             cwd: basePath,
             stdio: ["ignore", "pipe", "pipe"],
             encoding: "utf-8",
+            env: GIT_NO_PROMPT_ENV,
         });
         return { success: true, conflicts: [] };
     }

package/dist/resources/extensions/gsd/preferences-types.js

@@ -67,6 +67,7 @@ export const KNOWN_PREFERENCE_KEYS = new Set([
     "reactive_execution",
     "github",
     "service_tier",
+    "forensics_dedup",
 ]);
 /** Canonical list of all dispatch unit types. */
 export const KNOWN_UNIT_TYPES = [

package/dist/resources/extensions/gsd/preferences.js

@@ -129,14 +129,21 @@ function loadPreferencesFile(path, scope) {
 export function parsePreferencesMarkdown(content) {
     // Use indexOf instead of [\s\S]*? regex to avoid backtracking (#468)
     const startMarker = content.startsWith('---\r\n') ? '---\r\n' : '---\n';
-    if (!content.startsWith(startMarker))
-        return null;
-    const searchStart = startMarker.length;
-    const endIdx = content.indexOf('\n---', searchStart);
-    if (endIdx === -1)
-        return null;
-    const block = content.slice(searchStart, endIdx);
-    return parseFrontmatterBlock(block.replace(/\r/g, ''));
+    if (content.startsWith(startMarker)) {
+        const searchStart = startMarker.length;
+        const endIdx = content.indexOf('\n---', searchStart);
+        if (endIdx === -1)
+            return null;
+        const block = content.slice(searchStart, endIdx);
+        return parseFrontmatterBlock(block.replace(/\r/g, ''));
+    }
+    // Fallback: heading+list format (e.g. "## Git\n- isolation: none") (#2036)
+    // GSD agents may write preferences files without frontmatter delimiters.
+    if (/^##\s+\w/m.test(content)) {
+        return parseHeadingListFormat(content);
+    }
+    console.warn("[parsePreferencesMarkdown] preferences.md exists but uses an unrecognized format — skipping.");
+    return null;
 }
 function parseFrontmatterBlock(frontmatter) {
     try {
@@ -151,6 +158,49 @@ function parseFrontmatterBlock(frontmatter) {
         return {};
     }
 }
+/**
+ * Parse heading+list format into a nested object, then cast to GSDPreferences.
+ * Handles markdown like:
+ *   ## Git
+ *   - isolation: none
+ *   - commit_docs: true
+ *   ## Models
+ *   - planner: sonnet
+ */
+function parseHeadingListFormat(content) {
+    const result = {};
+    let currentSection = null;
+    for (const rawLine of content.split('\n')) {
+        const line = rawLine.replace(/\r$/, '');
+        const headingMatch = line.match(/^##\s+(.+)$/);
+        if (headingMatch) {
+            currentSection = headingMatch[1].trim().toLowerCase().replace(/\s+/g, '_');
+            continue;
+        }
+        if (currentSection) {
+            const itemMatch = line.match(/^-\s+([^:]+):\s*(.*)$/);
+            if (itemMatch) {
+                if (!result[currentSection])
+                    result[currentSection] = {};
+                const value = itemMatch[2].trim();
+                // Coerce "true"/"false" strings and numbers
+                result[currentSection][itemMatch[1].trim()] = value;
+            }
+        }
+    }
+    // Convert string values to appropriate types via YAML parser for each section
+    const typed = {};
+    for (const [section, entries] of Object.entries(result)) {
+        const yamlLines = Object.entries(entries).map(([k, v]) => `${k}: ${v}`).join('\n');
+        try {
+            typed[section] = parseYaml(yamlLines);
+        }
+        catch {
+            typed[section] = entries;
+        }
+    }
+    return typed;
+}
 // ─── Merging ────────────────────────────────────────────────────────────────
 /**
  * Apply mode defaults as the lowest-priority layer.
@@ -215,6 +265,7 @@ function mergePreferences(base, override) {
             ? { ...(base.github ?? {}), ...(override.github ?? {}) }
             : undefined,
         service_tier: override.service_tier ?? base.service_tier,
+        forensics_dedup: override.forensics_dedup ?? base.forensics_dedup,
     };
 }
 function mergeStringLists(base, override) {

package/dist/resources/extensions/gsd/prompts/forensics.md

@@ -101,11 +101,19 @@ Explain your findings:
 - **Code snippet** — the problematic code and what it should do instead
 - **Recovery** — what the user can do right now to get unstuck
 
+{{dedupSection}}
+
 Then **offer GitHub issue creation**: "Would you like me to create a GitHub issue for this on gsd-build/gsd-2?"
 
-If yes, create using `gh issue create` with this format:
+**CRITICAL: The `github_issues` tool ONLY targets the current user's repository — it has no `repo` parameter. You MUST use `gh issue create --repo gsd-build/gsd-2` via the `bash` tool to file on the correct repo. Do NOT use the `github_issues` tool for this.**
 
-```
+If yes, create using the `bash` tool:
+
+```bash
+gh issue create --repo gsd-build/gsd-2 \
+  --title "..." \
+  --label "bug" --label "auto-generated" \
+  --body "$(cat <<'EOF'
 ## Problem
 [1-2 sentence summary]
 
@@ -128,11 +136,10 @@ If yes, create using `gh issue create` with this format:
 
 ---
 *Auto-generated by `/gsd forensics`*
+EOF
+)"
 ```
 
-**Repository:** gsd-build/gsd-2
-**Labels:** bug, auto-generated
-
 ### Redaction Rules (CRITICAL)
 
 Before creating the issue, you MUST: