npm - gsd-pi - Versions diffs - 2.41.0-dev.cac69f9 → 2.42.0-dev.97e9e30 - Mend

gsd-pi 2.41.0-dev.cac69f9 → 2.42.0-dev.97e9e30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/src/resources/extensions/gsd/commands/handlers/workflow.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { ExtensionAPI, ExtensionCommandContext } from "@gsd/pi-coding-agent
 import { existsSync, readFileSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
+import { parse as parseYaml } from "yaml";
 import { handleQuick } from "../../quick.js";
 import { showDiscuss, showHeadlessMilestoneCreation, showQueue } from "../../guided-flow.js";
@@ -13,8 +14,171 @@ import { loadEffectiveGSDPreferences } from "../../preferences.js";
 import { nextMilestoneId } from "../../milestone-ids.js";
 import { findMilestoneIds } from "../../guided-flow.js";
 import { projectRoot } from "../context.js";
+import { createRun, listRuns } from "../../run-manager.js";
+import {
+  setActiveEngineId,
+  setActiveRunDir,
+  startAuto,
+  pauseAuto,
+  isAutoActive,
+  getActiveEngineId,
+} from "../../auto.js";
+import { validateDefinition } from "../../definition-loader.js";
+// ─── Custom Workflow Subcommands ─────────────────────────────────────────
+const WORKFLOW_USAGE = [
+  "Usage: /gsd workflow <subcommand>",
+  "",
+  "  new               — Create a new workflow definition (via skill)",
+  "  run <name> [k=v]  — Create a run and start auto-mode",
+  "  list [name]       — List workflow runs (optionally filtered by name)",
+  "  validate <name>   — Validate a workflow definition YAML",
+  "  pause             — Pause custom workflow auto-mode",
+  "  resume            — Resume paused custom workflow auto-mode",
+].join("\n");
+async function handleCustomWorkflow(
+  sub: string,
+  ctx: ExtensionCommandContext,
+  pi: ExtensionAPI,
+): Promise<boolean> {
+  // Bare `/gsd workflow` — show usage
+  if (!sub) {
+    ctx.ui.notify(WORKFLOW_USAGE, "info");
+    return true;
+  }
+  // ── new ──
+  if (sub === "new") {
+    ctx.ui.notify("Use the create-workflow skill: /skill create-workflow", "info");
+    return true;
+  }
+  // ── run <name> [param=value ...] ──
+  if (sub === "run" || sub.startsWith("run ")) {
+    const args = sub.slice("run".length).trim();
+    if (!args) {
+      ctx.ui.notify("Usage: /gsd workflow run <name> [param=value ...]", "warning");
+      return true;
+    }
+    const parts = args.split(/\s+/);
+    const defName = parts[0];
+    const overrides: Record<string, string> = {};
+    for (let i = 1; i < parts.length; i++) {
+      const eqIdx = parts[i].indexOf("=");
+      if (eqIdx > 0) {
+        overrides[parts[i].slice(0, eqIdx)] = parts[i].slice(eqIdx + 1);
+      }
+    }
+    try {
+      const base = projectRoot();
+      const runDir = createRun(base, defName, Object.keys(overrides).length > 0 ? overrides : undefined);
+      setActiveEngineId("custom");
+      setActiveRunDir(runDir);
+      ctx.ui.notify(`Created workflow run: ${defName}\nRun dir: ${runDir}`, "info");
+      await startAuto(ctx, pi, base, false);
+    } catch (err) {
+      // Clean up engine state so a failed workflow run doesn't pollute the next /gsd auto
+      setActiveEngineId(null);
+      setActiveRunDir(null);
+      const msg = err instanceof Error ? err.message : String(err);
+      ctx.ui.notify(`Failed to run workflow "${defName}": ${msg}`, "error");
+    }
+    return true;
+  }
+  // ── list [name] ──
+  if (sub === "list" || sub.startsWith("list ")) {
+    const filterName = sub.slice("list".length).trim() || undefined;
+    const base = projectRoot();
+    const runs = listRuns(base, filterName);
+    if (runs.length === 0) {
+      ctx.ui.notify("No workflow runs found.", "info");
+      return true;
+    }
+    const lines = runs.map((r) => {
+      const stepInfo = `${r.steps.completed}/${r.steps.total} steps`;
+      return `• ${r.name} [${r.timestamp}] — ${r.status} (${stepInfo})`;
+    });
+    ctx.ui.notify(lines.join("\n"), "info");
+    return true;
+  }
+  // ── validate <name> ──
+  if (sub === "validate" || sub.startsWith("validate ")) {
+    const defName = sub.slice("validate".length).trim();
+    if (!defName) {
+      ctx.ui.notify("Usage: /gsd workflow validate <name>", "warning");
+      return true;
+    }
+    const base = projectRoot();
+    const defPath = join(base, ".gsd", "workflow-defs", `${defName}.yaml`);
+    if (!existsSync(defPath)) {
+      ctx.ui.notify(`Definition not found: ${defPath}`, "error");
+      return true;
+    }
+    try {
+      const raw = readFileSync(defPath, "utf-8");
+      const parsed = parseYaml(raw);
+      const result = validateDefinition(parsed);
+      if (result.valid) {
+        ctx.ui.notify(`✓ "${defName}" is a valid workflow definition.`, "info");
+      } else {
+        ctx.ui.notify(`✗ "${defName}" has errors:\n  - ${result.errors.join("\n  - ")}`, "error");
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      ctx.ui.notify(`Failed to validate "${defName}": ${msg}`, "error");
+    }
+    return true;
+  }
+  // ── pause ──
+  if (sub === "pause") {
+    const engineId = getActiveEngineId();
+    if (engineId === "dev" || engineId === null) {
+      ctx.ui.notify("No custom workflow is running. Use /gsd pause for dev workflow.", "warning");
+      return true;
+    }
+    if (!isAutoActive()) {
+      ctx.ui.notify("Auto-mode is not active.", "warning");
+      return true;
+    }
+    await pauseAuto(ctx, pi);
+    ctx.ui.notify("Custom workflow paused.", "info");
+    return true;
+  }
+  // ── resume ──
+  if (sub === "resume") {
+    const engineId = getActiveEngineId();
+    if (engineId === "dev" || engineId === null) {
+      ctx.ui.notify("No custom workflow to resume. Use /gsd auto for dev workflow.", "warning");
+      return true;
+    }
+    try {
+      await startAuto(ctx, pi, projectRoot(), false);
+      ctx.ui.notify("Custom workflow resumed.", "info");
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      ctx.ui.notify(`Failed to resume workflow: ${msg}`, "error");
+    }
+    return true;
+  }
+  // Unknown subcommand — show usage
+  ctx.ui.notify(`Unknown workflow subcommand: "${sub}"\n\n${WORKFLOW_USAGE}`, "warning");
+  return true;
+}
 export async function handleWorkflowCommand(trimmed: string, ctx: ExtensionCommandContext, pi: ExtensionAPI): Promise<boolean> {
+  // ── Custom workflow commands (`/gsd workflow ...`) ──
+  if (trimmed === "workflow" || trimmed.startsWith("workflow ")) {
+    const sub = trimmed.slice("workflow".length).trim();
+    return handleCustomWorkflow(sub, ctx, pi);
+  }
   if (trimmed === "queue") {
     await showQueue(ctx, pi, projectRoot());
     return true;

package/src/resources/extensions/gsd/context-injector.ts ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * context-injector.ts — Inject prior step artifacts as context into step prompts.
+ *
+ * Reads the frozen DEFINITION.yaml from a run directory, finds the current step's
+ * `contextFrom` references, locates each referenced step's `produces` artifacts
+ * on disk, reads their content (truncated to 10k chars), and prepends formatted
+ * context blocks to the step prompt.
+ *
+ * Observability:
+ * - Truncation is logged via console.warn when it occurs, preventing silent overflow.
+ * - Missing artifact files are skipped silently (the step may not have produced them yet).
+ * - Unknown step IDs in contextFrom produce a console.warn for diagnosis.
+ * - The frozen DEFINITION.yaml on disk is the single source of truth for contextFrom config.
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { join, resolve, sep } from "node:path";
+import type { StepDefinition } from "./definition-loader.js";
+import { readFrozenDefinition } from "./custom-workflow-engine.js";
+/** Maximum characters per artifact to prevent context window blowout. */
+const MAX_CONTEXT_CHARS = 10_000;
+/**
+ * Inject context from prior step artifacts into a step's prompt.
+ *
+ * Reads the frozen DEFINITION.yaml from `runDir`, finds the step matching
+ * `stepId`, and for each step ID in its `contextFrom` array, looks up that
+ * step's `produces` paths, reads them from disk (relative to `runDir`),
+ * truncates to MAX_CONTEXT_CHARS, and prepends as labeled context blocks.
+ *
+ * @param runDir — absolute path to the workflow run directory
+ * @param stepId — the step ID whose prompt to enrich
+ * @param prompt — the original step prompt
+ * @returns The prompt with context blocks prepended, or unchanged if no context applies
+ * @throws Error if DEFINITION.yaml is missing or unreadable
+ */
+export function injectContext(
+  runDir: string,
+  stepId: string,
+  prompt: string,
+): string {
+  const def = readFrozenDefinition(runDir);
+  const step = def.steps.find((s: StepDefinition) => s.id === stepId);
+  if (!step || !step.contextFrom || step.contextFrom.length === 0) {
+    return prompt;
+  }
+  const contextBlocks: string[] = [];
+  for (const refStepId of step.contextFrom) {
+    const refStep = def.steps.find((s: StepDefinition) => s.id === refStepId);
+    if (!refStep) {
+      console.warn(
+        `context-injector: step "${stepId}" references unknown step "${refStepId}" in contextFrom — skipping`,
+      );
+      continue;
+    }
+    if (!refStep.produces || refStep.produces.length === 0) {
+      continue;
+    }
+    for (const relPath of refStep.produces) {
+      const absPath = resolve(runDir, relPath);
+      // Path traversal guard: ensure resolved path stays within runDir
+      if (!absPath.startsWith(resolve(runDir) + sep) && absPath !== resolve(runDir)) {
+        console.warn(
+          `context-injector: artifact path "${relPath}" resolves outside runDir — skipping`,
+        );
+        continue;
+      }
+      if (!existsSync(absPath)) {
+        // Artifact not yet produced or optional — skip silently
+        continue;
+      }
+      let content = readFileSync(absPath, "utf-8");
+      if (content.length > MAX_CONTEXT_CHARS) {
+        console.warn(
+          `context-injector: truncating artifact "${relPath}" from step "${refStepId}" ` +
+            `(${content.length} chars → ${MAX_CONTEXT_CHARS} chars)`,
+        );
+        content = content.slice(0, MAX_CONTEXT_CHARS) + "\n...[truncated]";
+      }
+      contextBlocks.push(
+        `--- Context from step "${refStepId}" (file: ${relPath}) ---\n${content}\n---`,
+      );
+    }
+  }
+  if (contextBlocks.length === 0) {
+    return prompt;
+  }
+  return contextBlocks.join("\n\n") + "\n\n" + prompt;
+}

package/src/resources/extensions/gsd/custom-execution-policy.ts ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * custom-execution-policy.ts — ExecutionPolicy for custom workflows.
+ *
+ * Delegates verification to the step-level verification module which reads
+ * the frozen DEFINITION.yaml and dispatches to the appropriate policy handler.
+ *
+ * Observability:
+ * - verify() returns the outcome from runCustomVerification() — four policies
+ *   are supported: content-heuristic, shell-command, prompt-verify, human-review.
+ * - selectModel() returns null — defers to loop defaults.
+ * - recover() returns retry — simple default recovery strategy.
+ */
+import type { ExecutionPolicy } from "./execution-policy.js";
+import type { RecoveryAction, CloseoutResult } from "./engine-types.js";
+import { runCustomVerification } from "./custom-verification.js";
+export class CustomExecutionPolicy implements ExecutionPolicy {
+  private readonly runDir: string;
+  constructor(runDir: string) {
+    this.runDir = runDir;
+  }
+  /** No workspace preparation needed for custom workflows. */
+  async prepareWorkspace(_basePath: string, _milestoneId: string): Promise<void> {
+    // No-op — custom workflows don't need worktree setup
+  }
+  /** Defer model selection to loop defaults. */
+  async selectModel(
+    _unitType: string,
+    _unitId: string,
+    _context: { basePath: string },
+  ): Promise<{ tier: string; modelDowngraded: boolean } | null> {
+    return null;
+  }
+  /**
+   * Verify step output by dispatching to the step's configured verification policy.
+   *
+   * Extracts the step ID from unitId (format: "<workflowName>/<stepId>")
+   * and calls runCustomVerification() which reads the frozen DEFINITION.yaml
+   * to determine which policy to apply.
+   */
+  async verify(
+    _unitType: string,
+    unitId: string,
+    _context: { basePath: string },
+  ): Promise<"continue" | "retry" | "pause"> {
+    const parts = unitId.split("/");
+    const stepId = parts[parts.length - 1];
+    return runCustomVerification(this.runDir, stepId);
+  }
+  /** Default recovery: retry the step. */
+  async recover(
+    _unitType: string,
+    _unitId: string,
+    _context: { basePath: string },
+  ): Promise<RecoveryAction> {
+    return { outcome: "retry", reason: "Default retry" };
+  }
+  /** No-op closeout — no commits or artifact capture. */
+  async closeout(
+    _unitType: string,
+    _unitId: string,
+    _context: { basePath: string; startedAt: number },
+  ): Promise<CloseoutResult> {
+    return { committed: false, artifacts: [] };
+  }
+}

package/src/resources/extensions/gsd/custom-verification.ts ADDED Viewed

@@ -0,0 +1,180 @@
+/**
+ * custom-verification.ts — Step verification for custom workflows.
+ *
+ * Reads the frozen DEFINITION.yaml from a run directory, finds the step's
+ * `verify` policy, and dispatches to the appropriate handler. Four policies:
+ *
+ *   - content-heuristic: file existence + optional minSize + optional pattern match
+ *   - shell-command: spawnSync with 30s timeout, exit 0 → continue, else retry
+ *   - prompt-verify: always "pause" (defers to agent)
+ *   - human-review: always "pause" (waits for manual inspection)
+ *   - (no policy): returns "continue" (passthrough)
+ *
+ * Observability:
+ * - Return value is the typed verification outcome ("continue" | "retry" | "pause").
+ * - shell-command captures stderr from spawnSync — callers can inspect on retry.
+ * - content-heuristic logs the specific failure (missing file, below minSize, pattern mismatch).
+ * - The frozen DEFINITION.yaml on disk is the single source of truth for step policies.
+ */
+import { readFileSync, existsSync, statSync } from "node:fs";
+import { join, resolve, sep } from "node:path";
+import { spawnSync } from "node:child_process";
+import type { StepDefinition, VerifyPolicy } from "./definition-loader.js";
+import { readFrozenDefinition } from "./custom-workflow-engine.js";
+/** Verification outcome type — matches ExecutionPolicy.verify() return type. */
+export type VerificationOutcome = "continue" | "retry" | "pause";
+/**
+ * Run custom verification for a specific step in a workflow run.
+ *
+ * Reads the frozen DEFINITION.yaml from `runDir`, finds the step with the
+ * given `stepId`, and dispatches to the appropriate verification handler
+ * based on the step's `verify.policy` field.
+ *
+ * @param runDir — absolute path to the workflow run directory
+ * @param stepId — the step ID to verify (e.g. "step-1")
+ * @returns "continue" if verification passes, "retry" if it should retry, "pause" if it needs review
+ * @throws Error if DEFINITION.yaml is missing or unreadable
+ */
+export function runCustomVerification(
+  runDir: string,
+  stepId: string,
+): VerificationOutcome {
+  const def = readFrozenDefinition(runDir);
+  const step = def.steps.find((s: StepDefinition) => s.id === stepId);
+  if (!step) {
+    // Step not found in definition — nothing to verify, continue
+    return "continue";
+  }
+  if (!step.verify) {
+    // No verification policy configured — passthrough
+    return "continue";
+  }
+  return dispatchPolicy(runDir, step, step.verify);
+}
+/**
+ * Dispatch to the correct policy handler.
+ */
+function dispatchPolicy(
+  runDir: string,
+  step: StepDefinition,
+  verify: VerifyPolicy,
+): VerificationOutcome {
+  switch (verify.policy) {
+    case "content-heuristic":
+      return handleContentHeuristic(runDir, step, verify);
+    case "shell-command":
+      return handleShellCommand(runDir, verify);
+    case "prompt-verify":
+      return "pause";
+    case "human-review":
+      return "pause";
+    default:
+      // Unknown policy — safe default is pause
+      return "pause";
+  }
+}
+/**
+ * content-heuristic handler.
+ *
+ * For each path in the step's `produces` array:
+ * 1. Check that the file exists (resolved relative to runDir)
+ * 2. If `minSize` is set, check that file size >= minSize bytes
+ * 3. If `pattern` is set, check that file content matches the regex
+ *
+ * Returns "continue" if all checks pass, "pause" if any fail.
+ * If `produces` is empty or undefined, returns "continue" (nothing to check).
+ */
+function handleContentHeuristic(
+  runDir: string,
+  step: StepDefinition,
+  verify: { policy: "content-heuristic"; minSize?: number; pattern?: string },
+): VerificationOutcome {
+  const produces = step.produces;
+  if (!produces || produces.length === 0) {
+    return "continue";
+  }
+  for (const relPath of produces) {
+    const absPath = resolve(runDir, relPath);
+    // Path traversal guard
+    if (!absPath.startsWith(resolve(runDir) + sep) && absPath !== resolve(runDir)) {
+      return "pause";
+    }
+    // 1. File existence
+    if (!existsSync(absPath)) {
+      return "pause";
+    }
+    // 2. Minimum size check
+    if (verify.minSize !== undefined) {
+      const stat = statSync(absPath);
+      if (stat.size < verify.minSize) {
+        return "pause";
+      }
+    }
+    // 3. Pattern match check (with timeout guard against ReDoS)
+    if (verify.pattern !== undefined) {
+      const content = readFileSync(absPath, "utf-8");
+      try {
+        if (!new RegExp(verify.pattern).test(content)) {
+          return "pause";
+        }
+      } catch {
+        // Invalid regex at runtime — treat as verification failure
+        return "pause";
+      }
+    }
+  }
+  return "continue";
+}
+/**
+ * shell-command handler.
+ *
+ * Runs the command via `sh -c` with cwd set to the run directory
+ * and a 30-second timeout. Returns "continue" if exit code 0,
+ * "retry" otherwise (including timeout/signal kills).
+ *
+ * SECURITY: The command string comes from a frozen DEFINITION.yaml written
+ * at run-creation time. The trust boundary is the workflow definition author.
+ * Commands run with the same privileges as the GSD process. Only use
+ * shell-command verification with definitions you trust.
+ */
+function handleShellCommand(
+  runDir: string,
+  verify: { policy: "shell-command"; command: string },
+): VerificationOutcome {
+  // Guard: reject commands containing shell expansion patterns that suggest injection
+  const dangerousPatterns = /\$\(|`|;\s*(rm|curl|wget|nc|bash|sh|eval)\b/;
+  if (dangerousPatterns.test(verify.command)) {
+    console.warn(
+      `custom-verification: shell-command contains suspicious pattern, skipping: ${verify.command}`,
+    );
+    return "pause";
+  }
+  const result = spawnSync("sh", ["-c", verify.command], {
+    cwd: runDir,
+    timeout: 30_000,
+    encoding: "utf-8",
+    stdio: "pipe",
+    env: { ...process.env, PATH: process.env.PATH },
+  });
+  if (result.status === 0) {
+    return "continue";
+  }
+  return "retry";
+}