gsd-pi 2.52.0-dev.585e355 → 2.52.0-dev.655ad8a

package/src/resources/extensions/gsd/tests/phases-merge-error-stops-auto.test.ts

@@ -0,0 +1,103 @@
+/**
+ * phases-merge-error-stops-auto.test.ts — Regression test for #2766.
+ *
+ * When mergeAndExit throws a non-MergeConflictError, the auto loop must
+ * stop instead of continuing with unmerged work. This test verifies that
+ * all catch blocks in auto/phases.ts that handle mergeAndExit errors
+ * call stopAuto and return { action: "break" } for non-conflict errors.
+ */
+
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { createTestContext } from "./test-helpers.ts";
+
+const { assertTrue, report } = createTestContext();
+
+const phasesPath = join(import.meta.dirname, "..", "auto", "phases.ts");
+const phasesSrc = readFileSync(phasesPath, "utf-8");
+
+console.log("\n=== #2766: Non-MergeConflictError stops auto mode ===");
+
+// ── Test 1: phases.ts calls logError for non-conflict merge errors ──────
+
+assertTrue(
+  phasesPath.length > 0 && phasesPath.endsWith("phases.ts"),
+  "phases.ts file exists and is readable",
+);
+
+// Count all mergeAndExit catch blocks by finding "} catch (mergeErr)" patterns
+const mergeErrCatches = [...phasesPath.matchAll(/\} catch \(mergeErr\)/g)];
+// Use the source itself for matching
+const mergeErrCatchCount = [...phasesSrc.matchAll(/\} catch \(mergeErr\)/g)].length;
+assertTrue(
+  mergeErrCatchCount >= 3,
+  `all mergeAndExit call sites have catch (mergeErr) blocks (found ${mergeErrCatchCount}, expected >= 3)`,
+);
+
+// ── Test 2: Every mergeErr catch block handles non-MergeConflictError ───
+
+// Find each catch block and verify it has the non-conflict error handling pattern
+const catchPattern = /\} catch \(mergeErr\) \{/g;
+let match;
+let blocksWithNonConflictHandling = 0;
+let blocksTotal = 0;
+
+while ((match = catchPattern.exec(phasesSrc)) !== null) {
+  blocksTotal++;
+  // Look at the ~800 chars after the catch to find both the MergeConflictError
+  // instanceof check AND the non-conflict handling
+  const afterCatch = phasesSrc.slice(match.index, match.index + 1200);
+
+  const hasInstanceofCheck = afterCatch.includes("instanceof MergeConflictError");
+  const hasNonConflictStop = afterCatch.includes('reason: "merge-failed"');
+  const hasStopAuto = afterCatch.includes("stopAuto");
+  const hasLogError = afterCatch.includes("logError");
+
+  if (hasInstanceofCheck && hasNonConflictStop && hasStopAuto && hasLogError) {
+    blocksWithNonConflictHandling++;
+  }
+}
+
+assertTrue(
+  blocksWithNonConflictHandling === blocksTotal && blocksTotal >= 3,
+  `all ${blocksTotal} mergeAndExit catch blocks stop auto on non-conflict errors (${blocksWithNonConflictHandling}/${blocksTotal})`,
+);
+
+// ── Test 3: Non-conflict handler returns break (does not continue) ──────
+
+// Verify the pattern: after the MergeConflictError instanceof block,
+// the non-conflict path returns { action: "break", reason: "merge-failed" }
+const mergeFailedReasons = [...phasesSrc.matchAll(/reason: "merge-failed"/g)].length;
+assertTrue(
+  mergeFailedReasons >= 3,
+  `all catch blocks return reason: "merge-failed" (found ${mergeFailedReasons}, expected >= 3)`,
+);
+
+// ── Test 4: Non-conflict handler notifies user ──────────────────────────
+
+// Each non-conflict block should call ctx.ui.notify with error severity
+const notifyErrorPattern = /Merge failed:.*Resolve and run \/gsd auto to resume/g;
+const notifyCount = [...phasesSrc.matchAll(notifyErrorPattern)].length;
+assertTrue(
+  notifyCount >= 3,
+  `all catch blocks notify user about merge failure (found ${notifyCount}, expected >= 3)`,
+);
+
+// ── Test 5: logError replaces logWarning for non-conflict merge errors ──
+
+// The old code used logWarning — verify logError is used instead
+const logWarningMergePattern = /logWarning\(.*Milestone merge failed with non-conflict error/g;
+const logWarningCount = [...phasesSrc.matchAll(logWarningMergePattern)].length;
+assertTrue(
+  logWarningCount === 0,
+  "logWarning is no longer used for non-conflict merge errors (replaced by logError)",
+);
+
+const logErrorMergePattern = /logError\(.*Milestone merge failed with non-conflict error/g;
+const logErrorCount = [...phasesSrc.matchAll(logErrorMergePattern)].length;
+assertTrue(
+  logErrorCount >= 3,
+  `logError is used for non-conflict merge errors (found ${logErrorCount}, expected >= 3)`,
+);
+
+report();

package/src/resources/extensions/gsd/tests/rate-limit-model-fallback.test.ts

@@ -0,0 +1,90 @@
+/**
+ * rate-limit-model-fallback.test.ts — Regression test for #2770.
+ *
+ * Rate-limit errors enter the model fallback path before falling through
+ * to pause. This verifies the structural contract in agent-end-recovery.ts.
+ */
+
+import test from "node:test";
+import assert from "node:assert/strict";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const RECOVERY_PATH = join(__dirname, "..", "bootstrap", "agent-end-recovery.ts");
+
+function getRecoverySource(): string {
+  return readFileSync(RECOVERY_PATH, "utf-8");
+}
+
+// ── Rate-limit errors attempt model fallback (#2770) ─────────────────────────
+
+test("rate-limit errors enter the model fallback branch alongside other transient errors", () => {
+  const src = getRecoverySource();
+
+  // The condition that gates model fallback must include rate-limit.
+  // Match the if-condition that contains both "rate-limit" and fallback-related kinds.
+  const fallbackConditionRe = /if\s*\([^)]*cls\.kind\s*===\s*"rate-limit"[^)]*cls\.kind\s*===\s*"network"/;
+  const fallbackConditionReAlt = /if\s*\([^)]*cls\.kind\s*===\s*"network"[^)]*cls\.kind\s*===\s*"rate-limit"/;
+
+  assert.ok(
+    fallbackConditionRe.test(src) || fallbackConditionReAlt.test(src),
+    'rate-limit must appear in the same if-condition as network/server for model fallback (#2770)',
+  );
+});
+
+test("rate-limit errors are NOT short-circuited to pause before model fallback", () => {
+  const src = getRecoverySource();
+
+  // The old code had a dedicated rate-limit early-return block before the fallback block.
+  // Verify it no longer exists.
+  const earlyRateLimitPause = /if\s*\(\s*cls\.kind\s*===\s*"rate-limit"\s*\)\s*\{[^}]*pauseTransientWithBackoff/;
+  assert.ok(
+    !earlyRateLimitPause.test(src),
+    'rate-limit must NOT have a dedicated early pause before the model fallback path (#2770)',
+  );
+});
+
+test("rate-limit errors fall through to pause if no fallback model is available", () => {
+  const src = getRecoverySource();
+
+  // After the fallback block, the transient fallback pause must still fire for rate-limit.
+  // The isTransient check covers rate-limit (verified by error-classifier tests).
+  // Verify pauseTransientWithBackoff is called with isRateLimit derived from cls.kind.
+  assert.ok(
+    src.includes('cls.kind === "rate-limit"'),
+    'agent-end-recovery.ts must reference cls.kind === "rate-limit" for fallback and pause paths (#2770)',
+  );
+
+  // The transient fallback pause must pass the isRateLimit flag correctly.
+  const pauseCallRe = /pauseTransientWithBackoff\([^)]*cls\.kind\s*===\s*"rate-limit"/;
+  assert.ok(
+    pauseCallRe.test(src),
+    'pauseTransientWithBackoff must receive isRateLimit based on cls.kind === "rate-limit" (#2770)',
+  );
+});
+
+test("other transient errors (server, connection, stream) still attempt model fallback", () => {
+  const src = getRecoverySource();
+
+  // All transient kinds must appear in the fallback condition.
+  for (const kind of ["server", "connection", "stream"]) {
+    assert.ok(
+      src.includes(`cls.kind === "${kind}"`),
+      `model fallback condition must include cls.kind === "${kind}"`,
+    );
+  }
+});
+
+test("permanent errors still bypass model fallback and pause indefinitely", () => {
+  const src = getRecoverySource();
+
+  // The permanent/unknown error handler must exist and call pauseAutoForProviderError
+  // with isTransient: false.
+  const permanentPauseRe = /pauseAutoForProviderError[\s\S]{0,300}isTransient:\s*false/;
+  assert.ok(
+    permanentPauseRe.test(src),
+    'permanent errors must pause with isTransient: false (no auto-resume)',
+  );
+});

package/src/resources/extensions/gsd/tests/session-lock-transient-read.test.ts

@@ -95,13 +95,13 @@ async function main(): Promise<void> {
       writeFileSync(lockFile, JSON.stringify(lockData, null, 2));
 
       // Simulate transient unavailability: move file away, spawn a child process
-      // to restore it after 100ms. The child runs outside our event loop so it
-      // fires even during busy-wait retries.
+      // to restore it shortly after. The child runs outside our event loop so it
+      // fires even during busy-wait retries. Give the test extra retry budget so
+      // it stays stable under full-suite CPU contention.
       renameSync(lockFile, tmpFile);
-      spawn('bash', ['-c', `sleep 0.1 && mv "${tmpFile}" "${lockFile}"`], { stdio: 'ignore', detached: true }).unref();
+      spawn('bash', ['-c', `sleep 0.05 && mv "${tmpFile}" "${lockFile}"`], { stdio: 'ignore', detached: true }).unref();
 
-      // With retries (3 attempts, 200ms delay), it should recover on 2nd or 3rd attempt
-      const result = readExistingLockDataWithRetry(lockFile, { maxAttempts: 3, delayMs: 200 });
+      const result = readExistingLockDataWithRetry(lockFile, { maxAttempts: 8, delayMs: 400 });
       assertTrue(result !== null, 'data recovered after transient unavailability');
       if (result) {
         assertEq(result.pid, process.pid, 'correct PID after recovery');
@@ -131,11 +131,12 @@ async function main(): Promise<void> {
       writeFileSync(lockFile, JSON.stringify(lockData, null, 2));
 
       // Remove read permission to simulate NFS/CIFS latency, then spawn a child
-      // to restore permissions after 100ms (runs outside our event loop).
+      // to restore permissions shortly after (runs outside our event loop).
+      // Use the same wider retry window as the rename case for full-suite stability.
       chmodSync(lockFile, 0o000);
-      spawn('bash', ['-c', `sleep 0.1 && chmod 644 "${lockFile}"`], { stdio: 'ignore', detached: true }).unref();
+      spawn('bash', ['-c', `sleep 0.05 && chmod 644 "${lockFile}"`], { stdio: 'ignore', detached: true }).unref();
 
-      const result = readExistingLockDataWithRetry(lockFile, { maxAttempts: 3, delayMs: 200 });
+      const result = readExistingLockDataWithRetry(lockFile, { maxAttempts: 8, delayMs: 400 });
       assertTrue(result !== null, 'data recovered after transient permission error');
       if (result) {
         assertEq(result.pid, process.pid, 'correct PID after permission recovery');

package/src/resources/extensions/gsd/tests/stash-pop-gsd-conflict.test.ts

@@ -0,0 +1,125 @@
+/**
+ * stash-pop-gsd-conflict.test.ts — Regression test for #2766.
+ *
+ * When a squash merge stash-pops and hits conflicts on .gsd/ state files,
+ * the UU entries block every subsequent merge. This test verifies that
+ * mergeMilestoneToMain auto-resolves .gsd/ conflicts by accepting HEAD
+ * and drops the stash, leaving the repo in a clean state.
+ */
+
+import test from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync, mkdirSync, writeFileSync, rmSync, existsSync, readFileSync, realpathSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { execSync } from "node:child_process";
+
+import { createAutoWorktree, mergeMilestoneToMain } from "../auto-worktree.ts";
+
+function run(cmd: string, cwd: string): string {
+  return execSync(cmd, { cwd, stdio: ["ignore", "pipe", "pipe"], encoding: "utf-8" }).trim();
+}
+
+function createTempRepo(): string {
+  const dir = realpathSync(mkdtempSync(join(tmpdir(), "wt-stashpop-test-")));
+  run("git init", dir);
+  run("git config user.email test@test.com", dir);
+  run("git config user.name Test", dir);
+  writeFileSync(join(dir, "README.md"), "# test\n");
+  mkdirSync(join(dir, ".gsd"), { recursive: true });
+  writeFileSync(join(dir, ".gsd", "STATE.md"), "version: 1\n");
+  run("git add .", dir);
+  run("git commit -m init", dir);
+  run("git branch -M main", dir);
+  return dir;
+}
+
+function makeRoadmap(milestoneId: string, title: string, slices: Array<{ id: string; title: string }>): string {
+  const sliceLines = slices.map(s => `- [x] **${s.id}: ${s.title}**`).join("\n");
+  return `# ${milestoneId}: ${title}\n\n## Slices\n${sliceLines}\n`;
+}
+
+test("#2766: stash pop conflict on .gsd/ files is auto-resolved", () => {
+  const repo = createTempRepo();
+  try {
+    const wtPath = createAutoWorktree(repo, "M300");
+
+    // Add a slice with real code on the milestone branch
+    const normalizedPath = wtPath.replaceAll("\\", "/");
+    const worktreeName = normalizedPath.split("/").pop() || "M300";
+    const sliceBranch = `slice/${worktreeName}/S01`;
+    run(`git checkout -b "${sliceBranch}"`, wtPath);
+    writeFileSync(join(wtPath, "feature.ts"), "export const feature = true;\n");
+
+    // Modify .gsd/STATE.md on the milestone branch (diverges from main)
+    writeFileSync(join(wtPath, ".gsd", "STATE.md"), "version: 2-milestone\n");
+    run("git add .", wtPath);
+    run('git commit -m "add feature and update state"', wtPath);
+    run("git checkout milestone/M300", wtPath);
+    run(`git merge --no-ff "${sliceBranch}" -m "merge S01: feature"`, wtPath);
+
+    // Dirty .gsd/STATE.md in the main repo (stash will conflict on pop)
+    writeFileSync(join(repo, ".gsd", "STATE.md"), "version: 2-main-dirty\n");
+
+    const roadmap = makeRoadmap("M300", "Stash pop conflict test", [
+      { id: "S01", title: "Feature" },
+    ]);
+
+    // mergeMilestoneToMain should succeed — .gsd/ conflict auto-resolved
+    const result = mergeMilestoneToMain(repo, "M300", roadmap);
+    assert.ok(
+      result.commitMessage.includes("GSD-Milestone: M300"),
+      "merge succeeds despite stash pop conflict on .gsd/ file",
+    );
+    assert.ok(existsSync(join(repo, "feature.ts")), "milestone code merged to main");
+
+    // Verify repo is clean (no UU entries blocking future merges)
+    const status = run("git status --porcelain", repo);
+    assert.ok(
+      !status.includes("UU "),
+      "no unmerged (UU) entries remain after stash pop conflict resolution",
+    );
+
+    // Stash should be dropped (no remaining stash entries)
+    let stashList = "";
+    try { stashList = run("git stash list", repo); } catch { /* empty stash */ }
+    assert.strictEqual(stashList, "", "stash is empty after .gsd/ conflict auto-resolution");
+  } finally {
+    try { rmSync(repo, { recursive: true, force: true, maxRetries: 3, retryDelay: 100 }); } catch { /* cleanup best-effort */ }
+  }
+});
+
+test("#2766: stash pop conflict on non-.gsd files preserves stash for manual resolution", () => {
+  const repo = createTempRepo();
+  try {
+    const wtPath = createAutoWorktree(repo, "M301");
+
+    // Add a slice that modifies a file also dirty on main
+    const normalizedPath = wtPath.replaceAll("\\", "/");
+    const worktreeName = normalizedPath.split("/").pop() || "M301";
+    const sliceBranch = `slice/${worktreeName}/S01`;
+    run(`git checkout -b "${sliceBranch}"`, wtPath);
+    writeFileSync(join(wtPath, "README.md"), "# milestone version\n");
+    run("git add .", wtPath);
+    run('git commit -m "update readme"', wtPath);
+    run("git checkout milestone/M301", wtPath);
+    run(`git merge --no-ff "${sliceBranch}" -m "merge S01: readme"`, wtPath);
+
+    // Dirty README.md in the main repo — this will conflict on stash pop
+    // and is NOT a .gsd/ file, so it should be left for manual resolution
+    writeFileSync(join(repo, "README.md"), "# locally modified\n");
+
+    const roadmap = makeRoadmap("M301", "Non-gsd stash conflict", [
+      { id: "S01", title: "Readme update" },
+    ]);
+
+    // The merge itself should still succeed (stash pop conflict is non-fatal)
+    const result = mergeMilestoneToMain(repo, "M301", roadmap);
+    assert.ok(
+      result.commitMessage.includes("GSD-Milestone: M301"),
+      "merge succeeds even with non-.gsd stash pop conflict",
+    );
+  } finally {
+    try { rmSync(repo, { recursive: true, force: true, maxRetries: 3, retryDelay: 100 }); } catch { /* cleanup best-effort */ }
+  }
+});

package/src/resources/extensions/gsd/tests/validate-milestone.test.ts

@@ -110,6 +110,16 @@ test("isValidationTerminal returns true for verdict: passed (#1429)", () => {
   assert.equal(isValidationTerminal(content), true);
 });
 
+test("isValidationTerminal returns true for verdict: fail (#2769)", () => {
+  const content = "---\nverdict: fail\nremediation_round: 1\n---\n\n# Validation";
+  assert.equal(isValidationTerminal(content), true);
+});
+
+test("isValidationTerminal returns true for any arbitrary verdict string (#2769)", () => {
+  const content = "---\nverdict: custom-verdict\nremediation_round: 0\n---\n\n# Validation";
+  assert.equal(isValidationTerminal(content), true);
+});
+
 test("isValidationTerminal returns false for missing frontmatter", () => {
   const content = "# Validation\nNo frontmatter here.";
   assert.equal(isValidationTerminal(content), false);
@@ -327,14 +337,14 @@ test("verifyExpectedArtifact rejects VALIDATION with missing verdict field", ()
   }
 });
 
-test("verifyExpectedArtifact rejects VALIDATION with unrecognized verdict", () => {
+test("verifyExpectedArtifact accepts VALIDATION with any extracted verdict", () => {
   const base = makeTmpBase();
   try {
     writeValidation(base, "M001", "---\nverdict: unknown-value\nremediation_round: 0\n---\n\n# Validation");
     clearPathCache();
     clearParseCache();
     const result = verifyExpectedArtifact("validate-milestone", "M001", base);
-    assert.equal(result, false, "VALIDATION with unrecognized verdict should fail verification");
+    assert.equal(result, true, "VALIDATION with any extracted verdict should pass verification");
   } finally {
     cleanup(base);
   }

package/src/resources/extensions/gsd/tests/validation-gate-patterns.test.ts

@@ -0,0 +1,124 @@
+/**
+ * Unit tests for the milestone completion validation gate pattern matching.
+ *
+ * The gate in auto-dispatch accepts two evidence formats:
+ *   1. Structured template: content contains "Operational" AND ("MET" or "N/A")
+ *   2. Prose evidence: matches /[Oo]perational[\s:][^\n]*(?:pass|verified|...)/i
+ *
+ * These tests exercise the exact same expressions used in auto-dispatch.ts
+ * to ensure both formats are correctly recognized, and that content without
+ * operational evidence is properly rejected.
+ */
+
+import test from "node:test";
+import assert from "node:assert/strict";
+
+// ─── Replicate the gate matching logic from auto-dispatch.ts ─────────────────
+
+/**
+ * Returns true when validation content contains acceptable operational
+ * verification evidence (structured or prose).  Mirrors the inline checks
+ * in the "execute → complete-milestone" dispatch rule.
+ */
+function hasOperationalEvidence(validationContent: string): boolean {
+  const structuredMatch =
+    validationContent.includes("Operational") &&
+    (validationContent.includes("MET") || validationContent.includes("N/A"));
+  const proseMatch =
+    /[Oo]perational[\s:][^\n]*(?:pass|verified|confirmed|met|complete|true|yes|addressed|covered|n\/a|not\s+applicable)/i.test(
+      validationContent,
+    );
+  return structuredMatch || proseMatch;
+}
+
+// ─── Structured format ───────────────────────────────────────────────────────
+
+test("structured: Operational + MET passes", () => {
+  const content = `| Criteria       | Status |
+| Operational    | MET    |
+| Functional     | MET    |`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test("structured: Operational + N/A passes", () => {
+  const content = `| Criteria       | Status |
+| Operational    | N/A    |
+| Functional     | MET    |`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test("structured: Operational present with MET on another row still passes (includes is content-wide)", () => {
+  // The structured check uses .includes() across the entire content,
+  // so "MET" on the Functional row satisfies the condition alongside
+  // "Operational" anywhere in the document.
+  const content = `| Criteria       | Status  |
+| Operational    | PENDING |
+| Functional     | MET     |`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test("structured: Operational alone without any MET or N/A anywhere fails", () => {
+  const content = `| Criteria       | Status  |
+| Operational    | PENDING |
+| Functional     | PENDING |`;
+  assert.ok(!hasOperationalEvidence(content));
+});
+
+// ─── Prose format ────────────────────────────────────────────────────────────
+
+test('prose: "Operational: verified" passes', () => {
+  const content = `## Validation Report
+Operational: verified — all endpoints responsive.
+Functional: tests pass.`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test('prose: "Operational checks confirmed" passes', () => {
+  const content = `## Validation Report
+Operational checks confirmed by smoke test suite.`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test('prose: "Operational — pass" passes', () => {
+  const content = `Operational — pass (all services healthy)`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test('prose: "operational: addressed" passes (case-insensitive)', () => {
+  const content = `operational: addressed in CI pipeline run #42.`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test('prose: "Operational: not applicable" passes', () => {
+  const content = `Operational: not applicable for this library-only change.`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test('prose: "Operational: n/a" passes', () => {
+  const content = `Operational: n/a — no runtime components.`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+test('prose: "Operational: complete" passes', () => {
+  const content = `Operational: complete — all health checks green.`;
+  assert.ok(hasOperationalEvidence(content));
+});
+
+// ─── Rejection cases ─────────────────────────────────────────────────────────
+
+test("no operational evidence: unrelated content fails", () => {
+  const content = `## Validation Report
+All functional tests pass.
+Code coverage at 92%.`;
+  assert.ok(!hasOperationalEvidence(content));
+});
+
+test("no operational evidence: word 'operational' buried without qualifying keyword fails", () => {
+  const content = `## Validation Report
+The operational aspects were not evaluated in this round.`;
+  assert.ok(!hasOperationalEvidence(content));
+});
+
+test("no operational evidence: empty content fails", () => {
+  assert.ok(!hasOperationalEvidence(""));
+});

package/src/resources/extensions/shared/rtk.ts

@@ -5,6 +5,7 @@ import { delimiter, join } from "node:path";
 
 const GSD_RTK_PATH_ENV = "GSD_RTK_PATH";
 const GSD_RTK_DISABLED_ENV = "GSD_RTK_DISABLED";
+const GSD_RTK_REWRITE_TIMEOUT_MS_ENV = "GSD_RTK_REWRITE_TIMEOUT_MS";
 const RTK_TELEMETRY_DISABLED_ENV = "RTK_TELEMETRY_DISABLED";
 const RTK_REWRITE_TIMEOUT_MS = 5_000;
 
@@ -14,6 +15,14 @@ function isTruthy(value: string | undefined): boolean {
   return normalized === "1" || normalized === "true" || normalized === "yes";
 }
 
+function getRewriteTimeoutMs(env: NodeJS.ProcessEnv = process.env): number {
+  const configured = Number.parseInt(env[GSD_RTK_REWRITE_TIMEOUT_MS_ENV] ?? "", 10);
+  if (Number.isFinite(configured) && configured > 0) {
+    return configured;
+  }
+  return RTK_REWRITE_TIMEOUT_MS;
+}
+
 export function isRtkEnabled(env: NodeJS.ProcessEnv = process.env): boolean {
   return !isTruthy(env[GSD_RTK_DISABLED_ENV]);
 }
@@ -116,7 +125,7 @@ export function rewriteCommandWithRtk(command: string, options: RewriteCommandOp
     encoding: "utf-8",
     env: buildRtkEnv(env),
     stdio: ["ignore", "pipe", "ignore"],
-    timeout: RTK_REWRITE_TIMEOUT_MS,
+    timeout: getRewriteTimeoutMs(env),
     // .cmd/.bat wrappers (used by fake-rtk in tests) require shell:true on Windows
     shell: /\.(cmd|bat)$/i.test(binaryPath),
   });