gsd-pi 2.58.0-dev.778d6ac → 2.58.0-dev.e002a57

package/dist/resources/extensions/gsd/complexity-classifier.js

@@ -11,14 +11,16 @@ const UNIT_TYPE_TIERS = {
     // Tier 1 — Light: structured summaries, completion, UAT
     "complete-slice": "light",
     "run-uat": "light",
-    // Tier 2 — Standard: research, routine planning, discussion
+    // Tier 2 — Standard: research, routine discussion
     "discuss-milestone": "standard",
     "discuss-slice": "standard",
     "research-milestone": "standard",
     "research-slice": "standard",
-    "plan-milestone": "standard",
-    "plan-slice": "standard",
-    // Tier 3 — Heavy: execution, replanning (requires deep reasoning)
+    // Tier 3 — Heavy: planning, execution, replanning (requires deep reasoning)
+    // Planning is heavy so it uses the best configured model (e.g. Opus) and is
+    // not downgraded by dynamic routing when a capable model is configured.
+    "plan-milestone": "heavy",
+    "plan-slice": "heavy",
     "execute-task": "standard", // default standard, upgraded by metadata
     "replan-slice": "heavy",
     "reassess-roadmap": "heavy",
@@ -124,8 +126,8 @@ function analyzePlanComplexity(unitId, basePath) {
     // Check if this is a milestone-level plan (more complex) vs single slice
     const { milestone: mid, slice: sid } = parseUnitId(unitId);
     if (!sid) {
-        // Milestone-level planning is always at least standard
-        return { tier: "standard", reason: "milestone-level planning" };
+        // Milestone-level planning is always heavy — requires full context and best model
+        return { tier: "heavy", reason: "milestone-level planning" };
     }
     // For slice planning, try to read the context/research to gauge complexity
     // If research exists and is large, bump to heavy

package/dist/resources/extensions/gsd/doctor-git-checks.js

@@ -8,7 +8,7 @@ import { deriveState, isMilestoneComplete } from "./state.js";
 import { listWorktrees, resolveGitDir, worktreesDir } from "./worktree-manager.js";
 import { abortAndReset } from "./git-self-heal.js";
 import { RUNTIME_EXCLUSION_PATHS, resolveMilestoneIntegrationBranch, writeIntegrationBranch } from "./git-service.js";
-import { nativeIsRepo, nativeWorktreeList, nativeWorktreeRemove, nativeBranchList, nativeBranchDelete, nativeLsFiles, nativeRmCached } from "./native-git-bridge.js";
+import { nativeIsRepo, nativeWorktreeList, nativeWorktreeRemove, nativeBranchList, nativeBranchDelete, nativeLsFiles, nativeRmCached, nativeHasChanges, nativeLastCommitEpoch, nativeGetCurrentBranch, nativeAddTracked, nativeCommit } from "./native-git-bridge.js";
 import { getAllWorktreeHealth } from "./worktree-health.js";
 import { loadEffectiveGSDPreferences } from "./preferences.js";
 /**
@@ -359,6 +359,53 @@ export async function checkGitHealth(basePath, issues, fixesApplied, shouldFix,
     catch {
         // Non-fatal — orphaned worktree directory check failed
     }
+    // ── Stale uncommitted changes ────────────────────────────────────────────
+    // If the working tree has uncommitted changes and the last commit was
+    // longer ago than the configured threshold, flag it and optionally
+    // auto-commit a safety snapshot so work isn't lost.
+    try {
+        const prefs = loadEffectiveGSDPreferences()?.preferences ?? {};
+        const thresholdMinutes = prefs.stale_commit_threshold_minutes ?? 30;
+        if (thresholdMinutes > 0) {
+            const dirty = nativeHasChanges(basePath);
+            if (dirty) {
+                const branch = nativeGetCurrentBranch(basePath);
+                const lastEpoch = nativeLastCommitEpoch(basePath, branch || "HEAD");
+                const nowEpoch = Math.floor(Date.now() / 1000);
+                const minutesSinceCommit = lastEpoch > 0 ? (nowEpoch - lastEpoch) / 60 : Infinity;
+                if (minutesSinceCommit >= thresholdMinutes) {
+                    const mins = Math.floor(minutesSinceCommit);
+                    issues.push({
+                        severity: "warning",
+                        code: "stale_uncommitted_changes",
+                        scope: "project",
+                        unitId: "project",
+                        message: `Uncommitted changes detected with no commit in ${mins} minute${mins === 1 ? "" : "s"} (threshold: ${thresholdMinutes}m). Snapshotting tracked files.`,
+                        fixable: true,
+                    });
+                    if (shouldFix("stale_uncommitted_changes")) {
+                        try {
+                            nativeAddTracked(basePath);
+                            const commitMsg = `gsd snapshot: uncommitted changes after ${mins}m inactivity`;
+                            const result = nativeCommit(basePath, commitMsg);
+                            if (result) {
+                                fixesApplied.push(`created gsd snapshot after ${mins}m of uncommitted changes`);
+                            }
+                            else {
+                                fixesApplied.push("gsd snapshot skipped — nothing to commit after staging tracked files");
+                            }
+                        }
+                        catch {
+                            fixesApplied.push("failed to create gsd snapshot commit");
+                        }
+                    }
+                }
+            }
+        }
+    }
+    catch {
+        // Non-fatal — stale commit check failed
+    }
     // ── Worktree lifecycle checks ──────────────────────────────────────────
     // Check GSD-managed worktrees for: merged branches, stale work, dirty
     // state, and unpushed commits. Only worktrees under .gsd/worktrees/.

package/dist/resources/extensions/gsd/doctor-proactive.js

@@ -21,7 +21,7 @@ import { abortAndReset } from "./git-self-heal.js";
 import { rebuildState } from "./doctor.js";
 import { deriveState } from "./state.js";
 import { resolveMilestoneIntegrationBranch } from "./git-service.js";
-import { nativeIsRepo } from "./native-git-bridge.js";
+import { nativeIsRepo, nativeHasChanges, nativeLastCommitEpoch, nativeGetCurrentBranch, nativeAddTracked, nativeCommit } from "./native-git-bridge.js";
 import { loadEffectiveGSDPreferences } from "./preferences.js";
 import { runEnvironmentChecks } from "./doctor-environment.js";
 /** In-memory health history for the current auto-mode session. */
@@ -232,6 +232,39 @@ export async function preDispatchHealthGate(basePath) {
     catch {
         // Non-fatal — dispatch continues if state/branch check fails
     }
+    // ── Stale uncommitted changes — auto-snapshot before dispatch ──
+    // If the working tree is dirty and no commit has happened recently,
+    // create a safety snapshot so work isn't lost if the next unit crashes.
+    try {
+        if (nativeIsRepo(basePath)) {
+            const prefs = loadEffectiveGSDPreferences()?.preferences ?? {};
+            const thresholdMinutes = prefs.stale_commit_threshold_minutes ?? 30;
+            if (thresholdMinutes > 0 && nativeHasChanges(basePath)) {
+                const branch = nativeGetCurrentBranch(basePath);
+                const lastEpoch = nativeLastCommitEpoch(basePath, branch || "HEAD");
+                const nowEpoch = Math.floor(Date.now() / 1000);
+                const minutesSinceCommit = lastEpoch > 0 ? (nowEpoch - lastEpoch) / 60 : Infinity;
+                if (minutesSinceCommit >= thresholdMinutes) {
+                    const mins = Math.floor(minutesSinceCommit);
+                    try {
+                        nativeAddTracked(basePath);
+                        const commitMsg = `gsd snapshot: pre-dispatch, uncommitted changes after ${mins}m inactivity`;
+                        const result = nativeCommit(basePath, commitMsg);
+                        if (result) {
+                            fixesApplied.push(`pre-dispatch: created gsd snapshot after ${mins}m of uncommitted changes`);
+                        }
+                    }
+                    catch {
+                        // Non-blocking — snapshot failed but dispatch can continue
+                        fixesApplied.push("pre-dispatch: gsd snapshot failed");
+                    }
+                }
+            }
+        }
+    }
+    catch {
+        // Non-fatal
+    }
     // ── Disk space check ──
     // Catches low-disk conditions before dispatch rather than letting the unit
     // fail mid-execution with ENOSPC (which wastes a full LLM turn).

package/dist/resources/extensions/gsd/error-classifier.js

@@ -24,7 +24,9 @@ const NETWORK_RE = /network|ECONNRESET|ETIMEDOUT|ECONNREFUSED|socket hang up|fet
 const SERVER_RE = /internal server error|500|502|503|overloaded|server_error|api_error|service.?unavailable/i;
 // ECONNRESET/ECONNREFUSED are in NETWORK_RE (same-model retry first).
 const CONNECTION_RE = /terminated|connection.?refused|other side closed|EPIPE|network.?(?:is\s+)?unavailable|stream_exhausted(?:_without_result)?/i;
-const STREAM_RE = /Unexpected end of JSON|Unexpected token.*JSON|Expected.*in JSON|Unterminated.*in JSON|SyntaxError.*JSON/i;
+// Catch-all for V8 JSON.parse errors: all modern variants end with "in JSON at position \d+".
+// This eliminates the need to enumerate every error message variant individually.
+const STREAM_RE = /in JSON at position \d+|Unexpected end of JSON|SyntaxError.*JSON/i;
 const RESET_DELAY_RE = /reset in (\d+)s/i;
 /**
  * Classify an error message into one of the ErrorClass kinds.
@@ -62,9 +64,6 @@ export function classifyError(errorMsg, retryAfterMs) {
         return { kind: "network", retryAfterMs: retryAfterMs ?? 3_000 };
     }
     // 4. Stream truncation — downstream symptom of connection drop
-    //    Checked before server/connection because JSON parse errors can contain
-    //    substrings like "position 500" (matches SERVER_RE) or "Unterminated"
-    //    (matches CONNECTION_RE's "terminated" pattern).
     if (STREAM_RE.test(errorMsg)) {
         return { kind: "stream", retryAfterMs: retryAfterMs ?? 15_000 };
     }

package/dist/resources/extensions/gsd/git-service.js

@@ -15,7 +15,7 @@ import { GIT_NO_PROMPT_ENV } from "./git-constants.js";
 import { loadEffectiveGSDPreferences } from "./preferences.js";
 import { detectWorktreeName, } from "./worktree.js";
 import { SLICE_BRANCH_RE, QUICK_BRANCH_RE, WORKFLOW_BRANCH_RE } from "./branch-patterns.js";
-import { nativeGetCurrentBranch, nativeDetectMainBranch, nativeBranchExists, nativeHasChanges, nativeAddAllWithExclusions, nativeHasStagedChanges, nativeCommit, nativeRmCached, nativeUpdateRef, } from "./native-git-bridge.js";
+import { nativeGetCurrentBranch, nativeDetectMainBranch, nativeBranchExists, nativeHasChanges, nativeAddAllWithExclusions, nativeHasStagedChanges, nativeCommit, nativeRmCached, nativeUpdateRef, nativeResetSoft, nativeCommitSubject, } from "./native-git-bridge.js";
 import { GSDError, GSD_MERGE_CONFLICT, GSD_GIT_ERROR } from "./errors.js";
 import { getErrorMessage } from "./error-utils.js";
 export const VALID_BRANCH_NAME = /^[a-zA-Z0-9_\-\/.]+$/;
@@ -412,8 +412,89 @@ export class GitServiceImpl {
             ? buildTaskCommitMessage(taskContext)
             : `chore: auto-commit after ${unitType}\n\nGSD-Unit: ${unitId}`;
         nativeCommit(this.basePath, message, { allowEmpty: false });
+        // Absorb any preceding gsd snapshot commits into this real commit.
+        // Walk backwards from HEAD~1 counting consecutive snapshot subjects,
+        // then soft-reset to before them and re-commit with the same message.
+        this.absorbSnapshotCommits(message);
         return message;
     }
+    /**
+     * Squash consecutive `gsd snapshot:` commits that sit immediately below
+     * HEAD into the current HEAD commit. This keeps the git history clean
+     * after automated snapshot commits are superseded by real work.
+     *
+     * Guards:
+     * - Opt-in via `absorb_snapshot_commits` preference (default: true).
+     * - Refuses to rewrite commits that have been pushed to the remote
+     *   tracking branch (checks merge-base ancestry).
+     * - Saves HEAD SHA before reset; restores it if the re-commit fails.
+     *
+     * Does nothing if there are no snapshot commits to absorb.
+     */
+    absorbSnapshotCommits(headMessage) {
+        try {
+            // Opt-in guard — users can disable to keep snapshot commits for forensics
+            if (this.prefs.absorb_snapshot_commits === false)
+                return;
+            const GSD_SNAPSHOT_PREFIX = "gsd snapshot:";
+            let count = 0;
+            // Walk back from HEAD~1 counting consecutive snapshot commits (cap at 10)
+            for (let i = 1; i <= 10; i++) {
+                const subject = nativeCommitSubject(this.basePath, `HEAD~${i}`);
+                if (!subject.startsWith(GSD_SNAPSHOT_PREFIX))
+                    break;
+                count = i;
+            }
+            if (count === 0)
+                return;
+            // Guard: don't rewrite history that has been pushed to the remote.
+            // Check whether the newest snapshot commit (HEAD~1) is already
+            // reachable from the remote tracking branch. If it is, the snapshots
+            // have been pushed and must not be squashed via local history rewrite.
+            // (Checking resetTarget instead would false-positive when the remote
+            // is at the pre-snapshot base but the snapshots themselves are local.)
+            const resetTarget = `HEAD~${count + 1}`;
+            try {
+                const branch = nativeGetCurrentBranch(this.basePath);
+                if (branch) {
+                    const remoteBranch = `origin/${branch}`;
+                    // merge-base --is-ancestor exits 0 if HEAD~1 is ancestor of remote
+                    execFileSync("git", ["merge-base", "--is-ancestor", "HEAD~1", remoteBranch], {
+                        cwd: this.basePath,
+                        stdio: ["ignore", "pipe", "pipe"],
+                    });
+                    // If we get here, newest snapshot IS reachable from remote — already pushed
+                    return;
+                }
+            }
+            catch {
+                // Not an ancestor or remote doesn't exist — safe to proceed
+            }
+            // Save HEAD SHA so we can restore if the re-commit fails
+            const savedHead = execFileSync("git", ["rev-parse", "HEAD"], {
+                cwd: this.basePath,
+                stdio: ["ignore", "pipe", "pipe"],
+                encoding: "utf-8",
+            }).trim();
+            nativeResetSoft(this.basePath, resetTarget);
+            // Re-run smartStage so the same RUNTIME_EXCLUSION_PATHS apply.
+            // Snapshot commits used nativeAddTracked (git add -u) which stages
+            // ALL tracked modifications including .gsd/ state files. Without
+            // re-staging, those .gsd/ changes leak into the absorbed commit.
+            this.smartStage();
+            try {
+                nativeCommit(this.basePath, headMessage, { allowEmpty: false });
+            }
+            catch {
+                // Re-commit failed — restore original HEAD to avoid leaving the
+                // repo in a partially-reset state with no commit
+                nativeResetSoft(this.basePath, savedHead);
+            }
+        }
+        catch {
+            // Non-fatal — if squash fails, the commits remain unsquashed
+        }
+    }
     // ─── Branch Queries ────────────────────────────────────────────────────
     /**
      * Get the integration branch for this repo — the branch that slice

package/dist/resources/extensions/gsd/native-git-bridge.js

@@ -525,6 +525,15 @@ export function nativeAddAll(basePath) {
     }
     gitFileExec(basePath, ["add", "-A"]);
 }
+/**
+ * Stage only already-tracked files (git add -u).
+ * Does NOT add new untracked files — only updates modifications and deletions
+ * for files git already knows about. Safe for automated snapshots where
+ * pulling in unknown untracked files (secrets, binaries) would be dangerous.
+ */
+export function nativeAddTracked(basePath) {
+    gitFileExec(basePath, ["add", "-u"]);
+}
 /**
  * Stage all files with pathspec exclusions (git add -A -- ':!pattern' ...).
  * Excluded paths are never hashed by git, preventing hangs on large
@@ -758,6 +767,19 @@ export function nativeResetHard(basePath) {
     }
     execSync("git reset --hard HEAD", { cwd: basePath, stdio: "pipe" });
 }
+/**
+ * Soft reset to a target ref (git reset --soft <ref>).
+ * Moves HEAD to `target` while keeping all changes staged in the index.
+ * Used to squash snapshot commits back into a single real commit.
+ */
+export function nativeResetSoft(basePath, target) {
+    execFileSync("git", ["reset", "--soft", target], {
+        cwd: basePath,
+        stdio: ["ignore", "pipe", "pipe"],
+        encoding: "utf-8",
+        env: GIT_NO_PROMPT_ENV,
+    });
+}
 /**
  * Get the subject line of a commit (git log -1 --format=%s <ref>).
  * Returns empty string if the ref doesn't exist.

package/dist/resources/extensions/gsd/paths.js

@@ -254,6 +254,7 @@ export const GSD_ROOT_FILES = {
     REQUIREMENTS: "REQUIREMENTS.md",
     OVERRIDES: "OVERRIDES.md",
     KNOWLEDGE: "KNOWLEDGE.md",
+    CODEBASE: "CODEBASE.md",
 };
 const LEGACY_GSD_ROOT_FILES = {
     PROJECT: "project.md",
@@ -263,6 +264,7 @@ const LEGACY_GSD_ROOT_FILES = {
     REQUIREMENTS: "requirements.md",
     OVERRIDES: "overrides.md",
     KNOWLEDGE: "knowledge.md",
+    CODEBASE: "codebase.md",
 };
 // ─── GSD Root Discovery ───────────────────────────────────────────────────────
 const gsdRootCache = new Map();

package/dist/resources/extensions/gsd/preferences-types.js

@@ -70,6 +70,7 @@ export const KNOWN_PREFERENCE_KEYS = new Set([
     "service_tier",
     "forensics_dedup",
     "show_token_cost",
+    "stale_commit_threshold_minutes",
     "experimental",
 ]);
 /** Canonical list of all dispatch unit types. */

package/dist/resources/extensions/gsd/watch/header-renderer.js

@@ -0,0 +1,241 @@
+// GSD Watch — Header renderer: ASCII logo, session info, MCP status, remote questions
+// Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+import { execFileSync } from "node:child_process";
+import { existsSync, readFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { visibleWidth, truncateToWidth } from "@gsd/pi-tui";
+import { loadEffectiveGSDPreferences } from "../preferences.js";
+// ─── Constants ────────────────────────────────────────────────────────────────
+/**
+ * GSD ASCII logo — inlined here because the canonical src/logo.ts is outside
+ * the resources rootDir and cannot be imported directly.
+ */
+const GSD_LOGO = [
+    '   ██████╗ ███████╗██████╗ ',
+    '  ██╔════╝ ██╔════╝██╔══██╗',
+    '  ██║  ███╗███████╗██║  ██║',
+    '  ██║   ██║╚════██║██║  ██║',
+    '  ╚██████╔╝███████║██████╔╝',
+    '   ╚═════╝ ╚══════╝╚═════╝ ',
+];
+/** Separator character for the horizontal divider line. */
+const SEPARATOR_CHAR = "─";
+/** Vertical bar between logo and info panel. */
+const PANEL_DIVIDER = "│";
+/** Label column width for Model/Provider/Directory/Branch rows. */
+const LABEL_COL_WIDTH = 10;
+// ─── Data Readers ─────────────────────────────────────────────────────────────
+/**
+ * Read the configured execution model from GSD preferences.
+ * Falls back through execution -> planning -> research -> first found.
+ * Returns "default" if nothing is configured.
+ */
+export function readModelFromPreferences() {
+    try {
+        const prefs = loadEffectiveGSDPreferences();
+        if (!prefs?.preferences.models)
+            return "default";
+        const m = prefs.preferences.models;
+        // Try common phases in priority order
+        for (const phase of ["execution", "planning", "research", "discuss", "subagent"]) {
+            const val = m[phase];
+            if (typeof val === "string")
+                return val;
+            if (val && typeof val === "object" && "model" in val) {
+                const model = val.model;
+                if (typeof model === "string")
+                    return model;
+            }
+        }
+    }
+    catch {
+        // Non-fatal
+    }
+    return "default";
+}
+/**
+ * Derive provider name from model ID prefix.
+ */
+export function deriveProvider(modelId) {
+    if (modelId.startsWith("claude"))
+        return "anthropic";
+    if (modelId.startsWith("gpt") || modelId.startsWith("o1") || modelId.startsWith("o3"))
+        return "openai";
+    if (modelId.startsWith("gemini"))
+        return "google";
+    if (modelId.startsWith("deepseek"))
+        return "deepseek";
+    if (modelId === "default")
+        return "anthropic";
+    return "unknown";
+}
+/**
+ * Shorten a directory path by replacing the home directory with ~.
+ */
+export function shortenPath(fullPath) {
+    const home = homedir();
+    if (fullPath.startsWith(home)) {
+        return "~" + fullPath.slice(home.length);
+    }
+    return fullPath;
+}
+/**
+ * Read the current git branch name. Returns "unknown" on failure.
+ */
+export function readGitBranch(projectRoot) {
+    try {
+        return execFileSync("git", ["rev-parse", "--abbrev-ref", "HEAD"], {
+            cwd: projectRoot,
+            encoding: "utf-8",
+            timeout: 2000,
+        }).trim();
+    }
+    catch {
+        return "unknown";
+    }
+}
+/**
+ * Read MCP server names from .mcp.json or .gsd/mcp.json.
+ * Returns array of server name strings.
+ */
+export function readMcpServerNames(projectRoot) {
+    const configPaths = [
+        join(projectRoot, ".mcp.json"),
+        join(projectRoot, ".gsd", "mcp.json"),
+    ];
+    const names = [];
+    const seen = new Set();
+    for (const configPath of configPaths) {
+        try {
+            if (!existsSync(configPath))
+                continue;
+            const raw = readFileSync(configPath, "utf-8");
+            const data = JSON.parse(raw);
+            const mcpServers = (data.mcpServers ?? data.servers);
+            if (!mcpServers || typeof mcpServers !== "object")
+                continue;
+            for (const name of Object.keys(mcpServers)) {
+                if (!seen.has(name)) {
+                    seen.add(name);
+                    names.push(name);
+                }
+            }
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    return names;
+}
+/**
+ * Gather all header data from filesystem and preferences.
+ */
+export function gatherHeaderData(projectRoot) {
+    const model = readModelFromPreferences();
+    const provider = deriveProvider(model);
+    const directory = shortenPath(projectRoot);
+    const branch = readGitBranch(projectRoot);
+    const mcpServers = readMcpServerNames(projectRoot);
+    return { model, provider, directory, branch, mcpServers };
+}
+/**
+ * Build an info panel line: "Label     value" with proper padding.
+ * Returns empty string if value is empty.
+ */
+function formatInfoLine(label, value, availableWidth) {
+    const bold = `\x1b[1m${label}\x1b[0m`;
+    const labelVis = visibleWidth(bold);
+    const padding = " ".repeat(Math.max(1, LABEL_COL_WIDTH - labelVis));
+    const maxValueWidth = Math.max(1, availableWidth - LABEL_COL_WIDTH);
+    const truncValue = truncateToWidth(value, maxValueWidth, "…");
+    return bold + padding + truncValue;
+}
+/**
+ * Format MCP server names as a dot-separated row with checkmarks.
+ * e.g. "Brave ✓  ·  Answers ✓  ·  Context7 ✓"
+ */
+export function formatMcpRow(servers, width) {
+    if (servers.length === 0)
+        return "";
+    // Capitalize first letter of each server name
+    const items = servers.map(s => {
+        const cap = s.charAt(0).toUpperCase() + s.slice(1);
+        return `${cap} ✓`;
+    });
+    const full = items.join("  ·  ");
+    if (visibleWidth(full) <= width)
+        return full;
+    // Truncate if too wide
+    return truncateToWidth(full, width, "…");
+}
+/**
+ * Render the full header as an array of terminal-safe strings.
+ *
+ * Layout: GSD ASCII logo on the left, info panel on the right separated by │.
+ * Below: MCP server row, remote questions row, separator line.
+ */
+export function renderHeaderLines(data, width) {
+    const lines = [];
+    // Logo is 6 lines tall. Info panel has: title + blank + model + provider + directory + branch = 6 lines
+    const logoLines = GSD_LOGO;
+    const logoWidth = Math.max(...logoLines.map(l => visibleWidth(l)));
+    // Calculate available width for the info panel
+    // Layout: logo + " " + "│" + " " = logoWidth + 3
+    const dividerOverhead = 3; // " │ "
+    const infoPanelWidth = width - logoWidth - dividerOverhead;
+    // If terminal is too narrow for side-by-side, fall back to stacked layout
+    if (infoPanelWidth < 20) {
+        return renderStackedHeader(data, width);
+    }
+    // Build info panel lines (6 lines to match logo height)
+    const infoLines = [
+        `\x1b[1mGet Shit Done\x1b[0m`,
+        "",
+        formatInfoLine("Model", data.model, infoPanelWidth),
+        formatInfoLine("Provider", data.provider, infoPanelWidth),
+        formatInfoLine("Directory", data.directory, infoPanelWidth),
+        formatInfoLine("Branch", data.branch, infoPanelWidth),
+    ];
+    // Merge logo and info panel side by side
+    const maxLines = Math.max(logoLines.length, infoLines.length);
+    for (let i = 0; i < maxLines; i++) {
+        const logoLine = i < logoLines.length ? logoLines[i] : "";
+        const infoLine = i < infoLines.length ? infoLines[i] : "";
+        // Pad logo line to consistent width
+        const logoPad = " ".repeat(Math.max(0, logoWidth - visibleWidth(logoLine)));
+        lines.push(`${logoLine}${logoPad} ${PANEL_DIVIDER} ${infoLine}`);
+    }
+    // Blank line after logo+info block
+    lines.push("");
+    // MCP server row
+    const mcpRow = formatMcpRow(data.mcpServers, width);
+    if (mcpRow) {
+        lines.push(` ${mcpRow}`);
+    }
+    // Separator line
+    lines.push(SEPARATOR_CHAR.repeat(width));
+    return lines;
+}
+/**
+ * Fallback stacked layout for narrow terminals (< 20 cols for info panel).
+ */
+function renderStackedHeader(data, width) {
+    const lines = [];
+    // Title
+    lines.push(`\x1b[1mGet Shit Done\x1b[0m`);
+    lines.push("");
+    // Info
+    lines.push(formatInfoLine("Model", data.model, width));
+    lines.push(formatInfoLine("Provider", data.provider, width));
+    lines.push(formatInfoLine("Directory", data.directory, width));
+    lines.push(formatInfoLine("Branch", data.branch, width));
+    lines.push("");
+    // MCP
+    const mcpRow = formatMcpRow(data.mcpServers, width);
+    if (mcpRow)
+        lines.push(` ${mcpRow}`);
+    // Separator
+    lines.push(SEPARATOR_CHAR.repeat(width));
+    return lines;
+}

package/dist/resources/extensions/search-the-web/url-utils.js

@@ -18,12 +18,29 @@ const PRIVATE_IP_PATTERNS = [
     /^fd/i,
     /^fe80:/i,
 ];
+/**
+ * Hostnames exempted from SSRF blocking. Set via setFetchAllowedUrls()
+ * from global settings.json or GSD_FETCH_ALLOWED_URLS env var.
+ */
+let fetchAllowedHostnames = new Set();
+/**
+ * Replace the fetch URL allowlist (hostnames exempted from SSRF checks).
+ */
+export function setFetchAllowedUrls(hostnames) {
+    fetchAllowedHostnames = new Set(hostnames.map((h) => h.toLowerCase()));
+}
+/** Get the currently active fetch URL allowlist. */
+export function getFetchAllowedUrls() {
+    return [...fetchAllowedHostnames];
+}
 export function isBlockedUrl(url) {
     try {
         const parsed = new URL(url);
         if (parsed.protocol !== "https:" && parsed.protocol !== "http:")
             return true;
         const hostname = parsed.hostname.toLowerCase();
+        if (fetchAllowedHostnames.has(hostname))
+            return false;
         if (BLOCKED_HOSTNAMES.has(hostname))
             return true;
         for (const pattern of PRIVATE_IP_PATTERNS) {

package/dist/security-overrides.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Apply user-configured security overrides from global settings.json and env vars.
+ *
+ * Both overrides are global-only (not project-level) because the threat model is
+ * malicious project-level config in cloned repos. Global settings and env vars
+ * represent the user's own authority on their machine.
+ *
+ * Precedence: env var > settings.json > built-in defaults
+ */
+import { type SettingsManager } from '@gsd/pi-coding-agent';
+export declare function applySecurityOverrides(settingsManager: SettingsManager): void;

package/dist/security-overrides.js

@@ -0,0 +1,41 @@
+/**
+ * Apply user-configured security overrides from global settings.json and env vars.
+ *
+ * Both overrides are global-only (not project-level) because the threat model is
+ * malicious project-level config in cloned repos. Global settings and env vars
+ * represent the user's own authority on their machine.
+ *
+ * Precedence: env var > settings.json > built-in defaults
+ */
+import { setAllowedCommandPrefixes } from '@gsd/pi-coding-agent';
+import { setFetchAllowedUrls } from './resources/extensions/search-the-web/url-utils.js';
+export function applySecurityOverrides(settingsManager) {
+    // --- Command prefix allowlist ---
+    const envPrefixes = process.env.GSD_ALLOWED_COMMAND_PREFIXES;
+    if (envPrefixes) {
+        const prefixes = envPrefixes.split(',').map(s => s.trim()).filter(Boolean);
+        if (prefixes.length > 0) {
+            setAllowedCommandPrefixes(prefixes);
+        }
+    }
+    else {
+        const settingsPrefixes = settingsManager.getAllowedCommandPrefixes();
+        if (settingsPrefixes && settingsPrefixes.length > 0) {
+            setAllowedCommandPrefixes(settingsPrefixes);
+        }
+    }
+    // --- Fetch URL allowlist (SSRF exemptions) ---
+    const envUrls = process.env.GSD_FETCH_ALLOWED_URLS;
+    if (envUrls) {
+        const urls = envUrls.split(',').map(s => s.trim()).filter(Boolean);
+        if (urls.length > 0) {
+            setFetchAllowedUrls(urls);
+        }
+    }
+    else {
+        const settingsUrls = settingsManager.getFetchAllowedUrls();
+        if (settingsUrls && settingsUrls.length > 0) {
+            setFetchAllowedUrls(settingsUrls);
+        }
+    }
+}

package/dist/web/standalone/.next/BUILD_ID

@@ -1 +1 @@
-R0D4xaIPl5kg93edN7Oo0
+nUA6d2OJrDSVq9RNb-c8b