gsd-pi 2.5.1 → 2.6.0

package/src/resources/extensions/gsd/git-service.ts

@@ -26,8 +26,11 @@ export interface GitPreferences {
   snapshots?: boolean;
   pre_merge_check?: boolean | string;
   commit_type?: string;
+  main_branch?: string;
 }
 
+export const VALID_BRANCH_NAME = /^[a-zA-Z0-9_\-\/.]+$/;
+
 export interface CommitOptions {
   message: string;
   allowEmpty?: boolean;
@@ -123,9 +126,11 @@ export class GitServiceImpl {
   /**
    * Smart staging: `git add -A` excluding GSD runtime paths via pathspec.
    * Falls back to plain `git add -A` if the exclusion pathspec fails.
+   * @param extraExclusions Additional pathspec exclusions beyond RUNTIME_EXCLUSION_PATHS.
    */
-  private smartStage(): void {
-    const excludes = RUNTIME_EXCLUSION_PATHS.map(p => `':(exclude)${p}'`);
+  private smartStage(extraExclusions: readonly string[] = []): void {
+    const allExclusions = [...RUNTIME_EXCLUSION_PATHS, ...extraExclusions];
+    const excludes = allExclusions.map(p => `':(exclude)${p}'`);
     const args = ["add", "-A", "--", ".", ...excludes];
     try {
       this.git(args);
@@ -157,13 +162,14 @@ export class GitServiceImpl {
   /**
    * Auto-commit dirty working tree with a conventional chore message.
    * Returns the commit message on success, or null if nothing to commit.
+   * @param extraExclusions Additional paths to exclude from staging (e.g. [".gsd/"] for pre-switch commits).
    */
-  autoCommit(unitType: string, unitId: string): string | null {
+  autoCommit(unitType: string, unitId: string, extraExclusions: readonly string[] = []): string | null {
     // Quick check: is there anything dirty at all?
     const status = this.git(["status", "--short"], { allowFailure: true });
     if (!status) return null;
 
-    this.smartStage();
+    this.smartStage(extraExclusions);
 
     // After smart staging, check if anything was actually staged
     // (all changes might have been runtime files that got excluded)
@@ -183,6 +189,11 @@ export class GitServiceImpl {
    * In the main tree: origin/HEAD symbolic-ref → main/master fallback → current branch.
    */
   getMainBranch(): string {
+    // Explicit preference takes priority (double-check validity as defense-in-depth)
+    if (this.prefs.main_branch && VALID_BRANCH_NAME.test(this.prefs.main_branch)) {
+      return this.prefs.main_branch;
+    }
+
     const wtName = detectWorktreeName(this.basePath);
     if (wtName) {
       const wtBranch = `worktree/${wtName}`;
@@ -297,8 +308,9 @@ export class GitServiceImpl {
       }
     }
 
-    // Auto-commit dirty state via smart staging before checkout
-    this.autoCommit("pre-switch", current);
+    // Auto-commit dirty state via smart staging before checkout.
+    // Exclude .gsd/ to prevent merge conflicts when both branches modify planning artifacts.
+    this.autoCommit("pre-switch", current, [".gsd/"]);
 
     this.git(["checkout", branch]);
     return created;
@@ -312,7 +324,8 @@ export class GitServiceImpl {
     const current = this.getCurrentBranch();
     if (current === mainBranch) return;
 
-    this.autoCommit("pre-switch", current);
+    // Exclude .gsd/ to prevent merge conflicts when both branches modify planning artifacts.
+    this.autoCommit("pre-switch", current, [".gsd/"]);
 
     this.git(["checkout", mainBranch]);
   }
@@ -347,8 +360,36 @@ export class GitServiceImpl {
    * Stub: to be implemented in T03.
    */
   runPreMergeCheck(): PreMergeCheckResult {
-    // TODO(S05/T03): implement pre-merge check
-    return { passed: true, skipped: true };
+    if (this.prefs.pre_merge_check === false || this.prefs.pre_merge_check === undefined) {
+      return { passed: true, skipped: true };
+    }
+
+    // Determine command: explicit string or auto-detect from package.json
+    let command: string;
+    if (typeof this.prefs.pre_merge_check === "string") {
+      command = this.prefs.pre_merge_check;
+    } else {
+      // Auto-detect: look for package.json with a test script
+      try {
+        const pkg = execSync("cat package.json", { cwd: this.basePath, encoding: "utf-8" });
+        const parsed = JSON.parse(pkg);
+        if (parsed.scripts?.test) {
+          command = "npm test";
+        } else {
+          return { passed: true, skipped: true };
+        }
+      } catch {
+        return { passed: true, skipped: true };
+      }
+    }
+
+    try {
+      execSync(command, { cwd: this.basePath, stdio: "pipe", encoding: "utf-8" });
+      return { passed: true, skipped: false, command };
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return { passed: false, skipped: false, command, error: msg };
+    }
   }
 
   // ─── Merge ─────────────────────────────────────────────────────────────

package/src/resources/extensions/gsd/session-forensics.ts

@@ -18,7 +18,7 @@
  * - Tool results: { role: "toolResult", toolCallId: "toolu_...", toolName: "bash", isError: bool, content: ... }
  */
 
-import { readFileSync, readdirSync, existsSync } from "node:fs";
+import { readFileSync, readdirSync, existsSync, statSync } from "node:fs";
 import { execSync } from "node:child_process";
 import { basename, join } from "node:path";
 
@@ -62,8 +62,16 @@ export interface RecoveryBriefing {
 
 // ─── JSONL Parsing ────────────────────────────────────────────────────────────
 
+/** Max bytes to parse from a JSONL source. Prevents V8 OOM on bloated activity logs. */
+const MAX_JSONL_BYTES = 10 * 1024 * 1024; // 10 MB
+
 function parseJSONL(raw: string): unknown[] {
-  return raw.trim().split("\n").map(line => {
+  // If the file is enormous, only parse the tail (most recent entries).
+  // This prevents the OOM crash path: large file → split → map → parse → OOM.
+  const source = raw.length > MAX_JSONL_BYTES
+    ? raw.slice(-MAX_JSONL_BYTES)
+    : raw;
+  return source.trim().split("\n").map(line => {
     try { return JSON.parse(line); }
     catch { return null; }
   }).filter(Boolean) as unknown[];
@@ -239,10 +247,15 @@ export function synthesizeCrashRecovery(
 
     // Primary source: surviving pi session file
     if (sessionFile && existsSync(sessionFile)) {
-      const raw = readFileSync(sessionFile, "utf-8");
-      const allEntries = parseJSONL(raw);
-      const sessionEntries = extractLastSession(allEntries);
-      trace = extractTrace(sessionEntries);
+      const stat = statSync(sessionFile, { throwIfNoEntry: false });
+      const fileSize = stat?.size ?? 0;
+      // Skip files that would blow up memory; fall back to activity log
+      if (fileSize <= MAX_JSONL_BYTES * 2) {
+        const raw = readFileSync(sessionFile, "utf-8");
+        const allEntries = parseJSONL(raw);
+        const sessionEntries = extractLastSession(allEntries);
+        trace = extractTrace(sessionEntries);
+      }
     }
 
     // Fallback: last GSD activity log

package/src/resources/extensions/gsd/tests/auto-secrets-gate.test.ts

@@ -0,0 +1,196 @@
+/**
+ * Integration tests for the secrets collection gate in startAuto().
+ *
+ * Exercises getManifestStatus() → collectSecretsFromManifest() composition
+ * end-to-end using real filesystem state. Proves the three gate paths:
+ *   1. No manifest exists — gate skips silently
+ *   2. Pending keys exist — gate triggers collection
+ *   3. No pending keys — gate skips silently
+ *
+ * Uses temp directories with real .gsd/milestones/M001/ structure, mirroring
+ * the pattern from manifest-status.test.ts.
+ */
+
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { mkdirSync, writeFileSync, readFileSync, rmSync } from 'node:fs';
+import { join } from 'node:path';
+import { tmpdir } from 'node:os';
+import { getManifestStatus } from '../files.ts';
+import { collectSecretsFromManifest } from '../../get-secrets-from-user.ts';
+
+function makeTempDir(prefix: string): string {
+  const dir = join(tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+
+/** Create the .gsd/milestones/M001/ directory structure and write a secrets manifest. */
+function writeManifest(base: string, content: string): void {
+  const mDir = join(base, '.gsd', 'milestones', 'M001');
+  mkdirSync(mDir, { recursive: true });
+  writeFileSync(join(mDir, 'M001-SECRETS.md'), content);
+}
+
+/** Stub ctx with hasUI: false — collectOneSecret returns null (skip), showSecretsSummary is a no-op. */
+function makeNoUICtx(cwd: string) {
+  return {
+    ui: {},
+    hasUI: false,
+    cwd,
+  };
+}
+
+// ─── Scenario 1: No manifest exists ──────────────────────────────────────────
+
+test('secrets gate: no manifest exists — getManifestStatus returns null', async () => {
+  const tmp = makeTempDir('gate-no-manifest');
+  try {
+    // No .gsd directory at all
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.strictEqual(result, null, 'should return null when no manifest file exists');
+  } finally {
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── Scenario 2: Pending keys exist ─────────────────────────────────────────
+
+test('secrets gate: pending keys exist — gate triggers collection, manifest updated on disk', async () => {
+  const tmp = makeTempDir('gate-pending');
+  const savedA = process.env.GSD_GATE_TEST_EXISTING;
+  try {
+    // Simulate one key already in env
+    process.env.GSD_GATE_TEST_EXISTING = 'already-here';
+
+    // Ensure pending keys are NOT in env
+    delete process.env.GSD_GATE_TEST_PEND_A;
+    delete process.env.GSD_GATE_TEST_PEND_B;
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### GSD_GATE_TEST_PEND_A
+
+**Service:** ServiceA
+**Status:** pending
+**Destination:** dotenv
+
+1. Get key A from dashboard
+
+### GSD_GATE_TEST_PEND_B
+
+**Service:** ServiceB
+**Status:** pending
+**Destination:** dotenv
+
+1. Get key B from dashboard
+
+### GSD_GATE_TEST_EXISTING
+
+**Service:** ServiceC
+**Status:** pending
+**Destination:** dotenv
+
+1. Already in env
+`);
+
+    // (a) Verify getManifestStatus shows pending keys
+    const status = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(status, null, 'manifest should exist');
+    assert.ok(status!.pending.length > 0, 'should have pending keys');
+    assert.deepStrictEqual(status!.pending, ['GSD_GATE_TEST_PEND_A', 'GSD_GATE_TEST_PEND_B']);
+    assert.deepStrictEqual(status!.existing, ['GSD_GATE_TEST_EXISTING']);
+
+    // (b) Call collectSecretsFromManifest with no-UI context
+    // With hasUI: false, collectOneSecret returns null → pending keys become "skipped"
+    const result = await collectSecretsFromManifest(tmp, 'M001', makeNoUICtx(tmp));
+
+    // (c) Verify return shape
+    assert.deepStrictEqual(result.applied, [], 'no keys applied (no UI to enter values)');
+    assert.ok(result.skipped.includes('GSD_GATE_TEST_PEND_A'), 'PEND_A should be skipped');
+    assert.ok(result.skipped.includes('GSD_GATE_TEST_PEND_B'), 'PEND_B should be skipped');
+    assert.deepStrictEqual(result.existingSkipped, ['GSD_GATE_TEST_EXISTING']);
+
+    // (d) Verify manifest on disk was updated — pending entries that went through
+    // collection are now "skipped". The existing-in-env entry retains its manifest
+    // status ("pending") because collectSecretsFromManifest only updates entries
+    // that flow through collectOneSecret. At runtime, getManifestStatus overrides
+    // env-present entries to "existing" regardless of manifest status.
+    const manifestPath = join(tmp, '.gsd', 'milestones', 'M001', 'M001-SECRETS.md');
+    const updatedContent = readFileSync(manifestPath, 'utf8');
+    assert.ok(
+      updatedContent.includes('**Status:** skipped'),
+      'formerly-pending entries should now have status "skipped" in the manifest file',
+    );
+    // Count: PEND_A → skipped, PEND_B → skipped, EXISTING stays pending on disk
+    const skippedMatches = updatedContent.match(/\*\*Status:\*\* skipped/g);
+    assert.strictEqual(skippedMatches?.length, 2, 'two entries should have status "skipped"');
+    const pendingMatches = updatedContent.match(/\*\*Status:\*\* pending/g);
+    assert.strictEqual(pendingMatches?.length, 1, 'one entry (existing-in-env) retains pending on disk');
+
+    // (e) Verify getManifestStatus now shows no pending
+    const statusAfter = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(statusAfter, null);
+    assert.deepStrictEqual(statusAfter!.pending, [], 'no pending keys after collection');
+  } finally {
+    delete process.env.GSD_GATE_TEST_EXISTING;
+    if (savedA !== undefined) process.env.GSD_GATE_TEST_EXISTING = savedA;
+    delete process.env.GSD_GATE_TEST_PEND_A;
+    delete process.env.GSD_GATE_TEST_PEND_B;
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});
+
+// ─── Scenario 3: No pending keys — all collected or in env ──────────────────
+
+test('secrets gate: no pending keys — getManifestStatus shows pending.length === 0', async () => {
+  const tmp = makeTempDir('gate-no-pending');
+  const savedKey = process.env.GSD_GATE_TEST_ENVKEY;
+  try {
+    process.env.GSD_GATE_TEST_ENVKEY = 'some-value';
+
+    writeManifest(tmp, `# Secrets Manifest
+
+**Milestone:** M001
+**Generated:** 2025-06-20T10:00:00Z
+
+### ALREADY_COLLECTED
+
+**Service:** ServiceX
+**Status:** collected
+**Destination:** dotenv
+
+1. Was collected previously
+
+### ALREADY_SKIPPED
+
+**Service:** ServiceY
+**Status:** skipped
+**Destination:** dotenv
+
+1. Not needed
+
+### GSD_GATE_TEST_ENVKEY
+
+**Service:** ServiceZ
+**Status:** pending
+**Destination:** dotenv
+
+1. In env already
+`);
+
+    const result = await getManifestStatus(tmp, 'M001');
+    assert.notStrictEqual(result, null, 'manifest should exist');
+    assert.deepStrictEqual(result!.pending, [], 'no pending keys — gate would skip');
+    assert.deepStrictEqual(result!.collected, ['ALREADY_COLLECTED']);
+    assert.deepStrictEqual(result!.skipped, ['ALREADY_SKIPPED']);
+    assert.deepStrictEqual(result!.existing, ['GSD_GATE_TEST_ENVKEY']);
+  } finally {
+    delete process.env.GSD_GATE_TEST_ENVKEY;
+    if (savedKey !== undefined) process.env.GSD_GATE_TEST_ENVKEY = savedKey;
+    rmSync(tmp, { recursive: true, force: true });
+  }
+});