npm - gsd-pi - Versions diffs - 2.63.0-dev.026d309 → 2.63.0-dev.786f0ff - Mend

gsd-pi 2.63.0-dev.026d309 → 2.63.0-dev.786f0ff

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (350) hide show

package/src/resources/extensions/gsd/prompts/system.md CHANGED Viewed

@@ -24,13 +24,9 @@ Leave the project in a state where the next agent can immediately understand wha
 ## Skills
-GSD ships with bundled skills. Load the relevant skill file with the `read` tool before starting work when the task matches.
+GSD ships with bundled skills. Load the relevant skill file with the `read` tool before starting work when the task matches. Use bare skill names — GSD resolves them to the correct path automatically.
-| Trigger | Skill to load |
-|---|---|
-| Frontend UI - web components, pages, landing pages, dashboards, React/HTML/CSS, styling | `~/.gsd/agent/skills/frontend-design/SKILL.md` |
-| macOS or iOS apps - SwiftUI, Xcode, App Store | `~/.gsd/agent/skills/swiftui/SKILL.md` |
-| Debugging - complex bugs, failing tests, root-cause investigation after standard approaches fail | `~/.gsd/agent/skills/debug-like-expert/SKILL.md` |
+{{bundledSkillsTable}}
 ## Hard Rules
@@ -119,7 +115,7 @@ In all modes, slices commit sequentially on the active branch; there are no per-
 ### Artifact Templates
 Templates showing the expected format for each artifact type are in:
-`~/.gsd/agent/extensions/gsd/templates/`
+`{{templatesDir}}`
 **Always read the relevant template before writing an artifact** to match the expected structure exactly. The parsers that read these files depend on specific formatting:
@@ -175,6 +171,7 @@ Templates showing the expected format for each artifact type are in:
 - Never guess at library APIs from training data — use `get_library_docs`.
 - Never ask the user to run a command, set a variable, or check something you can check yourself.
 - Never await stale async jobs after editing source — `cancel_job` them first, then re-run.
+- Never query `.gsd/gsd.db` directly via `sqlite3`, `better-sqlite3`, or `node -e require('better-sqlite3')` — the database uses a single-writer WAL connection managed by the engine. Direct access causes reader/writer conflicts and bypasses validation logic. Use `gsd_milestone_status`, `gsd_journal_query`, or other `gsd_*` tools exclusively for all DB reads and writes.
 ### Ask vs infer

package/src/resources/extensions/gsd/prompts/validate-milestone.md CHANGED Viewed

@@ -38,6 +38,8 @@ All relevant context has been preloaded below — the roadmap, all slice summari
 **Persist validation results through `gsd_validate_milestone`.** Call it with: `milestoneId`, `verdict`, `remediationRound`, `successCriteriaChecklist`, `sliceDeliveryAudit`, `crossSliceIntegration`, `requirementCoverage`, `verificationClasses` (when non-empty), `verdictRationale`, and `remediationPlan` (if verdict is `needs-remediation`). The tool writes the validation to the DB and renders VALIDATION.md to disk.
+**DB access safety:** Do NOT query `.gsd/gsd.db` directly via `sqlite3` or `node -e require('better-sqlite3')` — the engine owns the WAL connection. Use `gsd_milestone_status` to read milestone and slice state. All data you need is already inlined in the context above or accessible via the `gsd_*` tools. Direct DB access corrupts the WAL and bypasses tool-level validation.
 If verdict is `needs-remediation`:
 - After calling `gsd_validate_milestone`, use `gsd_reassess_roadmap` to add remediation slices. Pass `milestoneId`, a synthetic `completedSliceId` (e.g. "VALIDATION"), `verdict: "roadmap-adjusted"`, `assessment` text, and `sliceChanges` with the new slices in the `added` array. The tool persists the changes to the DB and re-renders ROADMAP.md.
 - These remediation slices will be planned and executed before validation re-runs.

package/src/resources/extensions/gsd/roadmap-mutations.ts CHANGED Viewed

@@ -39,7 +39,7 @@ export function markSliceDoneInRoadmap(basePath: string, mid: string, sid: strin
       new RegExp(`^(#{1,4}\\s+(?:\\*{0,2})(?:Slice\\s+)?${sid}\\*{0,2}[:\\s.\\u2014\\u2013-]+\\s*)(.+)`, "m"),
       (match, prefix, title) => {
         // Already marked done — no-op
-        if (/^\u2713/.test(title) || /\(Complete\)\s*$/i.test(title)) return match;
+        if (/^[\u2713\u2705]/.test(title) || /[\u2705]\s*$/.test(title) || /\(Complete\)\s*$/i.test(title)) return match;
         return `${prefix}\u2713 ${title}`;
       },
     );

package/src/resources/extensions/gsd/roadmap-slices.ts CHANGED Viewed

@@ -82,7 +82,7 @@ function parseTableSlices(section: string): RoadmapSliceEntry[] {
     const fullRow = line.toLowerCase();
     const done =
       /\[x\]/i.test(line) ||
-      /[✅☑✓]/.test(line) ||
+      /[✅☑✓✔]/.test(line) ||
       /\bdone\b/.test(fullRow) ||
       /\bcomplete(?:d)?\b/.test(fullRow);
@@ -222,11 +222,11 @@ function parseProseSliceHeaders(content: string): RoadmapSliceEntry[] {
   // numeric prefixes (e.g., "1.", "(1)"), bracketed IDs (e.g., "[S01]"),
   // optional checkmark completion marker, and optional leading indentation.
   // Separator after the ID is flexible: colon, dash, em/en dash, dot, or just whitespace.
-  const headerPattern = /^\s*#{1,4}\s+\*{0,2}(?:\u2713\s+)?(?:\d+[.)]\s+)?(?:\(\d+\)\s+)?(?:Slice\s+)?\[?(S\d+)\]?\*{0,2}[:\s.\u2014\u2013-]*\s*(.+)/gm;
+  const headerPattern = /^\s*#{1,4}\s+\*{0,2}(?:[\u2713\u2705]\s+)?(?:\d+[.)]\s+)?(?:\(\d+\)\s+)?(?:Slice\s+)?\[?(S\d+)\]?\*{0,2}[:\s.\u2014\u2013-]*\s*(.+)/gm;
   let match: RegExpExecArray | null;
   // Check for checkmark before the slice ID (e.g., "## checkmark S01: Title")
-  const prefixCheckPattern = /^\s*#{1,4}\s+\*{0,2}\u2713\s+/;
+  const prefixCheckPattern = /^\s*#{1,4}\s+\*{0,2}[\u2713\u2705]\s+/;
   while ((match = headerPattern.exec(content)) !== null) {
     const id = match[1]!;
@@ -240,9 +240,14 @@ function parseProseSliceHeaders(content: string): RoadmapSliceEntry[] {
     const line = match[0];
     let done = prefixCheckPattern.test(line);
-    if (!done && title.startsWith("\u2713")) {
+    if (!done && /^[\u2713\u2705]/.test(title)) {
       done = true;
-      title = title.replace(/^\u2713\s*/, "");
+      title = title.replace(/^[\u2713\u2705]\s*/, "");
+    }
+    if (!done && /[\u2705]\s*$/.test(title)) {
+      done = true;
+      title = title.replace(/\s*[\u2705]\s*$/, "");
     }
     if (!done && /\(Complete\)\s*$/i.test(title)) {

package/src/resources/extensions/gsd/safety/content-validator.ts ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Lightweight content validator for auto-mode safety harness.
+ * Validates that high-value unit outputs contain minimum expected content.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { logWarning } from "../workflow-logger.js";
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface ContentViolation {
+  severity: "warning";
+  reason: string;
+}
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Validate content quality for a completed unit.
+ * Returns an array of violations. Empty array = content looks acceptable.
+ *
+ * @param unitType - The type of unit that completed (e.g. "plan-slice")
+ * @param artifactPath - Absolute path to the primary artifact file
+ */
+export function validateContent(
+  unitType: string,
+  artifactPath: string | null,
+): ContentViolation[] {
+  if (!artifactPath || !existsSync(artifactPath)) return [];
+  const validator = VALIDATORS[unitType];
+  if (!validator) return [];
+  try {
+    const content = readFileSync(artifactPath, "utf-8");
+    return validator(content);
+  } catch (e) {
+    logWarning("safety", `content validation read failed: ${(e as Error).message}`);
+    return [];
+  }
+}
+// ─── Validators ─────────────────────────────────────────────────────────────
+type ContentValidatorFn = (content: string) => ContentViolation[];
+const VALIDATORS: Record<string, ContentValidatorFn> = {
+  "plan-slice": validatePlanSlice,
+  "plan-milestone": validatePlanMilestone,
+};
+function validatePlanSlice(content: string): ContentViolation[] {
+  const violations: ContentViolation[] = [];
+  // Must have at least 2 task entries (checkbox pattern)
+  const taskCount = (content.match(/- \[[ x]\] \*\*T\d+/g) || []).length;
+  if (taskCount < 2) {
+    violations.push({
+      severity: "warning",
+      reason: `Slice plan has only ${taskCount} task(s) — expected at least 2`,
+    });
+  }
+  // Should have a Files Likely Touched section
+  if (!content.includes("## Files Likely Touched") && !content.includes("## Files")) {
+    violations.push({
+      severity: "warning",
+      reason: "Slice plan missing 'Files Likely Touched' section",
+    });
+  }
+  // Should have a verification section
+  if (!content.includes("Verify") && !content.includes("verify")) {
+    violations.push({
+      severity: "warning",
+      reason: "Slice plan has no verification instructions",
+    });
+  }
+  return violations;
+}
+function validatePlanMilestone(content: string): ContentViolation[] {
+  const violations: ContentViolation[] = [];
+  // Must have at least 1 slice entry
+  const sliceCount = (content.match(/##\s+S\d+/g) || []).length;
+  if (sliceCount < 1) {
+    violations.push({
+      severity: "warning",
+      reason: `Milestone roadmap has ${sliceCount} slice(s) — expected at least 1`,
+    });
+  }
+  return violations;
+}

package/src/resources/extensions/gsd/safety/destructive-guard.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Destructive command classifier for auto-mode safety harness.
+ * Classifies bash commands and warns on potentially destructive operations.
+ * Does NOT block — only classifies for logging/notification.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+// ─── Pattern Definitions ────────────────────────────────────────────────────
+interface DestructivePattern {
+  pattern: RegExp;
+  label: string;
+}
+const DESTRUCTIVE_PATTERNS: readonly DestructivePattern[] = [
+  { pattern: /\brm\s+(-[^\s]*[rfRF][^\s]*\s+|.*\s+-[^\s]*[rfRF])/, label: "recursive delete" },
+  { pattern: /\bgit\s+push\s+.*--force/, label: "force push" },
+  { pattern: /\bgit\s+push\s+-f\b/, label: "force push" },
+  { pattern: /\bgit\s+reset\s+--hard/, label: "hard reset" },
+  { pattern: /\bgit\s+clean\s+-[^\s]*[fdxFDX]/, label: "git clean" },
+  { pattern: /\bgit\s+checkout\s+--\s+\./, label: "discard all changes" },
+  { pattern: /\bdrop\s+(database|table|index)\b/i, label: "SQL drop" },
+  { pattern: /\btruncate\s+table\b/i, label: "SQL truncate" },
+  { pattern: /\bchmod\s+777\b/, label: "world-writable permissions" },
+  { pattern: /\bcurl\s.*\|\s*(bash|sh|zsh)\b/, label: "pipe to shell" },
+];
+// ─── Public API ─────────────────────────────────────────────────────────────
+export interface CommandClassification {
+  destructive: boolean;
+  labels: string[];
+}
+/**
+ * Classify a bash command for destructive operations.
+ * Returns the list of matched destructive pattern labels.
+ */
+export function classifyCommand(command: string): CommandClassification {
+  const labels: string[] = [];
+  for (const { pattern, label } of DESTRUCTIVE_PATTERNS) {
+    if (pattern.test(command)) {
+      // Deduplicate labels (e.g., two force-push patterns)
+      if (!labels.includes(label)) labels.push(label);
+    }
+  }
+  return { destructive: labels.length > 0, labels };
+}

package/src/resources/extensions/gsd/safety/evidence-collector.ts ADDED Viewed

@@ -0,0 +1,151 @@
+/**
+ * Real-time tool call evidence collector for auto-mode safety harness.
+ * Tracks every bash command, file write, and file edit during a unit execution.
+ * Evidence is compared against LLM completion claims in evidence-cross-ref.ts.
+ *
+ * Follows the same module-level Map pattern as auto-tool-tracking.ts.
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface BashEvidence {
+  kind: "bash";
+  toolCallId: string;
+  command: string;
+  exitCode: number;
+  outputSnippet: string;
+  timestamp: number;
+}
+export interface FileWriteEvidence {
+  kind: "write";
+  toolCallId: string;
+  path: string;
+  timestamp: number;
+}
+export interface FileEditEvidence {
+  kind: "edit";
+  toolCallId: string;
+  path: string;
+  timestamp: number;
+}
+export type EvidenceEntry = BashEvidence | FileWriteEvidence | FileEditEvidence;
+// ─── Module State ───────────────────────────────────────────────────────────
+let unitEvidence: EvidenceEntry[] = [];
+// ─── Public API ─────────────────────────────────────────────────────────────
+/** Reset all evidence for a new unit. Call at unit start. */
+export function resetEvidence(): void {
+  unitEvidence = [];
+}
+/** Get a read-only view of all evidence collected for the current unit. */
+export function getEvidence(): readonly EvidenceEntry[] {
+  return unitEvidence;
+}
+/** Get only bash evidence entries. */
+export function getBashEvidence(): readonly BashEvidence[] {
+  return unitEvidence.filter((e): e is BashEvidence => e.kind === "bash");
+}
+/** Get all file paths touched (write + edit). */
+export function getFilePaths(): string[] {
+  return unitEvidence
+    .filter((e): e is FileWriteEvidence | FileEditEvidence => e.kind === "write" || e.kind === "edit")
+    .map(e => e.path);
+}
+// ─── Recording (called from register-hooks.ts) ─────────────────────────────
+/**
+ * Record a tool call at dispatch time (before execution).
+ * Exit codes and output are filled in by recordToolResult after execution.
+ */
+export function recordToolCall(toolName: string, input: Record<string, unknown>): void {
+  if (toolName === "bash" || toolName === "Bash") {
+    unitEvidence.push({
+      kind: "bash",
+      toolCallId: "",
+      command: String(input.command ?? ""),
+      exitCode: -1,
+      outputSnippet: "",
+      timestamp: Date.now(),
+    });
+  } else if (toolName === "write" || toolName === "Write") {
+    unitEvidence.push({
+      kind: "write",
+      toolCallId: "",
+      path: String(input.file_path ?? input.path ?? ""),
+      timestamp: Date.now(),
+    });
+  } else if (toolName === "edit" || toolName === "Edit") {
+    unitEvidence.push({
+      kind: "edit",
+      toolCallId: "",
+      path: String(input.file_path ?? input.path ?? ""),
+      timestamp: Date.now(),
+    });
+  }
+}
+/**
+ * Record a tool execution result. Matches the most recent unresolved entry
+ * of the same kind and fills in the toolCallId, exit code, and output.
+ */
+export function recordToolResult(
+  toolCallId: string,
+  toolName: string,
+  result: unknown,
+  isError: boolean,
+): void {
+  const normalizedName = toolName.toLowerCase();
+  if (normalizedName === "bash") {
+    const entry = findLastUnresolved("bash") as BashEvidence | undefined;
+    if (entry) {
+      entry.toolCallId = toolCallId;
+      const text = extractResultText(result);
+      entry.outputSnippet = text.slice(0, 500);
+      const exitMatch = text.match(/Command exited with code (\d+)/);
+      entry.exitCode = exitMatch ? Number(exitMatch[1]) : (isError ? 1 : 0);
+    }
+  } else if (normalizedName === "write" || normalizedName === "edit") {
+    const entry = findLastUnresolved(normalizedName as "write" | "edit");
+    if (entry) {
+      entry.toolCallId = toolCallId;
+    }
+  }
+}
+// ─── Internals ──────────────────────────────────────────────────────────────
+function findLastUnresolved(kind: string): EvidenceEntry | undefined {
+  for (let i = unitEvidence.length - 1; i >= 0; i--) {
+    if (unitEvidence[i].kind === kind && unitEvidence[i].toolCallId === "") {
+      return unitEvidence[i];
+    }
+  }
+  return undefined;
+}
+function extractResultText(result: unknown): string {
+  if (typeof result === "string") return result;
+  if (result && typeof result === "object") {
+    const r = result as Record<string, unknown>;
+    if (Array.isArray(r.content)) {
+      const textBlock = r.content.find(
+        (c: unknown) => typeof c === "object" && c !== null && (c as Record<string, unknown>).type === "text",
+      ) as Record<string, unknown> | undefined;
+      if (textBlock && typeof textBlock.text === "string") return textBlock.text;
+    }
+    if (typeof r.text === "string") return r.text;
+  }
+  return String(result ?? "");
+}

package/src/resources/extensions/gsd/safety/evidence-cross-ref.ts ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * Evidence cross-reference for auto-mode safety harness.
+ * Compares the LLM's claimed verification evidence (command + exitCode)
+ * against actual bash tool calls recorded by the evidence collector.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import type { BashEvidence, EvidenceEntry } from "./evidence-collector.js";
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface ClaimedEvidence {
+  command: string;
+  exitCode: number;
+  verdict: string;
+}
+export interface EvidenceMismatch {
+  severity: "warning" | "error";
+  claimed: ClaimedEvidence;
+  actual: BashEvidence | null;
+  reason: string;
+}
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Cross-reference claimed verification evidence against actual bash tool calls.
+ *
+ * Returns an array of mismatches. Empty array = all claims verified.
+ * Skips entries that were coerced from strings (already flagged by db-tools.ts).
+ */
+export function crossReferenceEvidence(
+  claimedEvidence: readonly ClaimedEvidence[],
+  actualEvidence: readonly EvidenceEntry[],
+): EvidenceMismatch[] {
+  const bashCalls = actualEvidence.filter(
+    (e): e is BashEvidence => e.kind === "bash",
+  );
+  const mismatches: EvidenceMismatch[] = [];
+  for (const claimed of claimedEvidence) {
+    // Skip coerced entries — they're already flagged with exitCode: -1
+    // and verdict: "unknown (coerced from string)" by db-tools.ts
+    if (claimed.verdict?.includes("coerced from string")) continue;
+    if (claimed.exitCode === -1) continue;
+    // Skip entries with empty or generic commands
+    if (!claimed.command || claimed.command.length < 3) continue;
+    // Find matching bash call by command substring match
+    const match = findBestMatch(claimed.command, bashCalls);
+    if (!match) {
+      mismatches.push({
+        severity: "warning",
+        claimed,
+        actual: null,
+        reason: `No bash tool call found matching "${claimed.command.slice(0, 80)}"`,
+      });
+      continue;
+    }
+    // Exit code mismatch: LLM claims success but actual command failed
+    if (claimed.exitCode === 0 && match.exitCode !== 0) {
+      mismatches.push({
+        severity: "error",
+        claimed,
+        actual: match,
+        reason: `Claimed exitCode=0 but actual exitCode=${match.exitCode}`,
+      });
+    }
+  }
+  return mismatches;
+}
+// ─── Internals ──────────────────────────────────────────────────────────────
+/**
+ * Find the best matching bash evidence entry for a claimed command.
+ * Uses substring matching — the claimed command may be a shortened version
+ * of the actual command, or vice versa.
+ */
+function findBestMatch(
+  claimedCommand: string,
+  bashCalls: readonly BashEvidence[],
+): BashEvidence | null {
+  const normalized = claimedCommand.trim();
+  // Exact match first
+  const exact = bashCalls.find(b => b.command.trim() === normalized);
+  if (exact) return exact;
+  // Substring match: claimed is contained in actual or actual in claimed
+  const substring = bashCalls.find(
+    b => b.command.includes(normalized) || normalized.includes(b.command),
+  );
+  if (substring) return substring;
+  // Token match: split on whitespace and check significant overlap
+  const claimedTokens = normalized.split(/\s+/).filter(t => t.length > 2);
+  if (claimedTokens.length === 0) return null;
+  let bestMatch: BashEvidence | null = null;
+  let bestScore = 0;
+  for (const call of bashCalls) {
+    const callTokens = new Set(call.command.split(/\s+/));
+    const matchCount = claimedTokens.filter(t => callTokens.has(t)).length;
+    const score = matchCount / claimedTokens.length;
+    if (score > bestScore && score >= 0.5) {
+      bestScore = score;
+      bestMatch = call;
+    }
+  }
+  return bestMatch;
+}

package/src/resources/extensions/gsd/safety/file-change-validator.ts ADDED Viewed

@@ -0,0 +1,108 @@
+/**
+ * Post-unit file change validator for auto-mode safety harness.
+ * Compares actual git diff against the task plan's expected output files.
+ *
+ * Uses tasks.expected_output (DB column, populated from per-task ## Expected Output)
+ * and tasks.files (from slice PLAN.md - Files: subline) as the expected set.
+ * Compares against git diff HEAD~1 --name-only after auto-commit.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import { execFileSync } from "node:child_process";
+import { logWarning } from "../workflow-logger.js";
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface FileViolation {
+  severity: "info" | "warning";
+  file: string;
+  reason: string;
+}
+export interface FileChangeAudit {
+  expectedFiles: string[];
+  actualFiles: string[];
+  unexpectedFiles: string[];
+  missingFiles: string[];
+  violations: FileViolation[];
+}
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Validate file changes after auto-commit for an execute-task unit.
+ * Returns null if task data is unavailable or DB is not loaded.
+ *
+ * @param basePath - Working directory (worktree or project root)
+ * @param expectedOutput - JSON array from tasks.expected_output DB column
+ * @param plannedFiles - JSON array from tasks.files DB column
+ */
+export function validateFileChanges(
+  basePath: string,
+  expectedOutput: string[],
+  plannedFiles: string[],
+): FileChangeAudit | null {
+  const allExpected = new Set([...expectedOutput, ...plannedFiles]);
+  // If no expected files were planned, skip validation
+  if (allExpected.size === 0) return null;
+  // Get actual changed files from last commit
+  const actualFiles = getChangedFilesFromLastCommit(basePath);
+  if (!actualFiles) return null;
+  // Filter out .gsd/ internal files — only validate project source files
+  const projectFiles = actualFiles.filter(f => !f.startsWith(".gsd/") && !f.startsWith(".gsd\\"));
+  // Normalize expected paths (strip leading ./ or /)
+  const normalizedExpected = new Set(
+    [...allExpected].map(f => f.replace(/^\.\//, "").replace(/^\//, "")),
+  );
+  // Compute symmetric difference
+  const unexpectedFiles = projectFiles.filter(f => !normalizedExpected.has(f));
+  const missingFiles = [...normalizedExpected].filter(f => !projectFiles.includes(f));
+  const violations: FileViolation[] = [];
+  for (const f of unexpectedFiles) {
+    violations.push({
+      severity: "warning",
+      file: f,
+      reason: "Modified but not in task plan's expected output",
+    });
+  }
+  for (const f of missingFiles) {
+    violations.push({
+      severity: "info",
+      file: f,
+      reason: "Listed in task plan but not modified",
+    });
+  }
+  return {
+    expectedFiles: [...normalizedExpected],
+    actualFiles: projectFiles,
+    unexpectedFiles,
+    missingFiles,
+    violations,
+  };
+}
+// ─── Internals ──────────────────────────────────────────────────────────────
+function getChangedFilesFromLastCommit(basePath: string): string[] | null {
+  try {
+    const result = execFileSync(
+      "git",
+      ["diff", "--name-only", "HEAD~1", "HEAD"],
+      { cwd: basePath, stdio: ["ignore", "pipe", "pipe"], encoding: "utf-8" },
+    ).trim();
+    return result ? result.split("\n").filter(Boolean) : [];
+  } catch (e) {
+    logWarning("safety", `git diff failed in file-change-validator: ${(e as Error).message}`);
+    return null;
+  }
+}