gsd-pi 2.63.0-dev.026d309 → 2.63.0-dev.786f0ff

package/dist/resources/extensions/gsd/worktree-manager.js

@@ -65,6 +65,21 @@ export function worktreePath(basePath, name) {
 export function worktreeBranchName(name) {
     return `worktree/${name}`;
 }
+/**
+ * Validate that a path is inside the .gsd/worktrees/ directory.
+ * Resolves symlinks and normalizes ".." traversals before comparison
+ * so that a symlink-resolved or crafted path cannot escape containment.
+ *
+ * Used as a safety gate before any destructive operation (rmSync,
+ * nativeWorktreeRemove --force) to prevent #2365-style data loss.
+ */
+export function isInsideWorktreesDir(basePath, targetPath) {
+    const wtDir = resolve(worktreesDir(basePath));
+    const resolved = resolve(targetPath);
+    // The resolved path must start with the worktrees dir followed by a separator,
+    // not merely be a prefix match (e.g. ".gsd/worktrees-extra" must not match).
+    return resolved === wtDir || resolved.startsWith(wtDir + sep);
+}
 // ─── Core Operations ───────────────────────────────────────────────────────
 /**
  * Create a new git worktree under .gsd/worktrees/<name>/ with branch worktree/<name>.
@@ -286,17 +301,40 @@ export function removeWorktree(basePath, name, opts = {}) {
     // time, so its registered path points to the resolved external location.
     // If syncStateToProjectRoot later creates a real .gsd/ directory that
     // shadows the symlink, the computed path diverges from git's record.
+    let gitReportedPath = null;
     try {
         const entries = nativeWorktreeList(basePath);
         const entry = entries.find(e => e.branch === branch);
         if (entry?.path) {
-            wtPath = entry.path;
+            gitReportedPath = entry.path;
         }
     }
     catch (e) {
         logWarning("worktree", `nativeWorktreeList parse failed: ${e.message}`);
     }
+    // Safety gate (#2365): only use the git-reported path if it is actually
+    // inside .gsd/worktrees/.  When .gsd/ was a symlink, git may have resolved
+    // it to an external directory (e.g. a project data folder).  Using that
+    // path for removal would destroy user data.
+    if (gitReportedPath && isInsideWorktreesDir(basePath, gitReportedPath)) {
+        wtPath = gitReportedPath;
+    }
+    else if (gitReportedPath) {
+        console.error(`[GSD] WARNING: git worktree list reported path outside .gsd/worktrees/: ${gitReportedPath}\n` +
+            `  Refusing to use it for removal — falling back to computed path: ${wtPath}`);
+        // Still tell git to unregister the worktree entry via its reported path,
+        // but do NOT use force and do NOT fall back to rmSync on this path.
+        try {
+            nativeWorktreeRemove(basePath, gitReportedPath, false);
+        }
+        catch (e) {
+            logWarning("worktree", `non-force worktree remove failed for ${gitReportedPath}: ${e instanceof Error ? e.message : String(e)}`);
+        }
+    }
     const resolvedWtPath = existsSync(wtPath) ? realpathSync(wtPath) : wtPath;
+    // Double-check: the resolved path (after symlink resolution) must also be
+    // inside .gsd/worktrees/ — a symlink inside the directory could point out.
+    const resolvedPathSafe = isInsideWorktreesDir(basePath, resolvedWtPath);
     // If we're inside the worktree, move out first — git can't remove an in-use directory
     const cwd = process.cwd();
     const resolvedCwd = existsSync(cwd) ? realpathSync(cwd) : cwd;
@@ -360,41 +398,56 @@ export function removeWorktree(basePath, name, opts = {}) {
             }
         }
     }
-    // Remove worktree: try non-force first when submodules have changes,
-    // falling back to force only after submodule state has been preserved.
-    const useForce = hasSubmoduleChanges ? false : force;
-    try {
-        nativeWorktreeRemove(basePath, resolvedWtPath, useForce);
-    }
-    catch (e) {
-        logWarning("worktree", `nativeWorktreeRemove failed: ${e.message}`);
-    }
-    // If the directory is still there (e.g. locked), try harder with force
-    if (existsSync(resolvedWtPath)) {
+    // Remove worktree — only use force/rmSync when the path is safely contained
+    if (resolvedPathSafe) {
+        // Remove worktree: try non-force first when submodules have changes,
+        // falling back to force only after submodule state has been preserved.
+        const useForce = hasSubmoduleChanges ? false : force;
         try {
-            nativeWorktreeRemove(basePath, resolvedWtPath, true);
+            nativeWorktreeRemove(basePath, resolvedWtPath, useForce);
         }
         catch (e) {
-            logWarning("worktree", `nativeWorktreeRemove (force) failed: ${e.message}`);
+            logWarning("worktree", `nativeWorktreeRemove failed: ${e.message}`);
+        }
+        // If the directory is still there (e.g. locked), try harder with force
+        if (existsSync(resolvedWtPath)) {
+            try {
+                nativeWorktreeRemove(basePath, resolvedWtPath, true);
+            }
+            catch (e) {
+                logWarning("worktree", `nativeWorktreeRemove (force) failed: ${e.message}`);
+            }
+        }
+        // (#2821) If the worktree directory STILL exists after both native removal
+        // attempts (e.g. untracked files like ASSESSMENT/UAT-RESULT prevent git
+        // worktree remove), force-remove the git internal worktree metadata first,
+        // then remove the filesystem directory. Without this, the .git/worktrees/<name>
+        // lock prevents rmSync from cleaning up, and the orphaned worktree directory
+        // causes every subsequent `/gsd auto` to re-enter the stale worktree.
+        if (existsSync(resolvedWtPath)) {
+            try {
+                const wtInternalDir = join(basePath, ".git", "worktrees", name);
+                if (existsSync(wtInternalDir)) {
+                    rmSync(wtInternalDir, { recursive: true, force: true });
+                }
+                rmSync(resolvedWtPath, { recursive: true, force: true });
+            }
+            catch {
+                logWarning("reconcile", `Worktree directory could not be removed after git internal cleanup: ${resolvedWtPath}. ` +
+                    `Manual cleanup: rm -rf "${resolvedWtPath.replaceAll("\\", "/")}"`, { worktree: name });
+            }
         }
     }
-    // (#2821) If the worktree directory STILL exists after both native removal
-    // attempts (e.g. untracked files like ASSESSMENT/UAT-RESULT prevent git
-    // worktree remove), force-remove the git internal worktree metadata first,
-    // then remove the filesystem directory. Without this, the .git/worktrees/<name>
-    // lock prevents rmSync from cleaning up, and the orphaned worktree directory
-    // causes every subsequent `/gsd auto` to re-enter the stale worktree.
-    if (existsSync(resolvedWtPath)) {
+    else {
+        // Path is outside containment — only do a non-force git worktree remove
+        // (which refuses to delete dirty worktrees) and never fall back to rmSync.
+        console.error(`[GSD] WARNING: Resolved worktree path is outside .gsd/worktrees/: ${resolvedWtPath}\n` +
+            `  Skipping forced removal to prevent data loss.`);
         try {
-            const wtInternalDir = join(basePath, ".git", "worktrees", name);
-            if (existsSync(wtInternalDir)) {
-                rmSync(wtInternalDir, { recursive: true, force: true });
-            }
-            rmSync(resolvedWtPath, { recursive: true, force: true });
+            nativeWorktreeRemove(basePath, resolvedWtPath, false);
         }
-        catch {
-            logWarning("reconcile", `Worktree directory could not be removed after git internal cleanup: ${resolvedWtPath}. ` +
-                `Manual cleanup: rm -rf "${resolvedWtPath.replaceAll("\\", "/")}"`, { worktree: name });
+        catch (e) {
+            logWarning("worktree", `non-force worktree remove failed for ${resolvedWtPath}: ${e instanceof Error ? e.message : String(e)}`);
         }
     }
     // Prune stale entries so git knows the worktree is gone

package/dist/resources/extensions/gsd/worktree-resolver.js

@@ -365,9 +365,10 @@ export class WorktreeResolver {
             });
             // Surface a clear, actionable error. The worktree and milestone branch are
             // intentionally preserved — nothing has been deleted. The user can retry
-            // /gsd dispatch complete-milestone or merge manually once the underlying issue is fixed
-            // (e.g. checkout to wrong branch, unresolved conflicts). (#1668)
-            ctx.notify(`Milestone merge failed: ${msg}. Your worktree and milestone branch are preserved — retry /gsd dispatch complete-milestone or merge manually.`, "warning");
+            // /gsd dispatch complete-milestone or merge manually once the underlying
+            // issue is fixed (e.g. checkout to wrong branch, unresolved conflicts).
+            // (#1668, #1891)
+            ctx.notify(`Milestone merge failed: ${msg}. Your worktree and milestone branch are preserved — retry with \`/gsd dispatch complete-milestone\` or merge manually.`, "warning");
             // Clean up stale merge state left by failed squash-merge (#1389)
             try {
                 const gitDir = join(originalBase || this.s.basePath, ".git");

package/dist/resources/extensions/mcp-client/auth.js

@@ -0,0 +1,101 @@
+/**
+ * MCP Client OAuth / Auth helpers
+ *
+ * Builds transport options (headers, OAuthClientProvider) from MCP server
+ * config entries so that HTTP transports can authenticate with remote
+ * servers (Sentry, Linear, etc.).
+ *
+ * Fixes #2160 — MCP HTTP transport lacked an OAuth auth provider.
+ */
+// ─── Env resolution ───────────────────────────────────────────────────────────
+/** Resolve `${VAR}` references in a string against `process.env`. */
+function resolveEnvValue(value) {
+    return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => process.env[varName] ?? "");
+}
+function resolveHeaders(raw) {
+    const resolved = {};
+    for (const [key, value] of Object.entries(raw)) {
+        resolved[key] = typeof value === "string" ? resolveEnvValue(value) : value;
+    }
+    return resolved;
+}
+// ─── OAuth provider (minimal CLI-friendly implementation) ─────────────────────
+/**
+ * Creates a minimal `OAuthClientProvider` suitable for CLI / headless use.
+ *
+ * This provider supports:
+ *  - Pre-configured client credentials (client_id, optional client_secret)
+ *  - Token storage in memory (per-session)
+ *  - Scopes
+ *
+ * For full interactive OAuth flows (browser redirect), a richer provider would
+ * be needed, but for server-to-server and pre-authed scenarios this is
+ * sufficient.
+ */
+function createCliOAuthProvider(config) {
+    let storedTokens;
+    let storedCodeVerifier = "";
+    return {
+        get redirectUrl() {
+            return config.redirectUrl ?? "http://localhost:0/callback";
+        },
+        get clientMetadata() {
+            return {
+                redirect_uris: [config.redirectUrl ?? "http://localhost:0/callback"],
+                client_name: "gsd",
+                ...(config.scopes ? { scope: config.scopes.join(" ") } : {}),
+            };
+        },
+        clientInformation() {
+            return {
+                client_id: config.clientId,
+                ...(config.clientSecret ? { client_secret: config.clientSecret } : {}),
+            };
+        },
+        tokens() {
+            return storedTokens;
+        },
+        saveTokens(tokens) {
+            storedTokens = tokens;
+        },
+        redirectToAuthorization(authorizationUrl) {
+            // In a CLI context we can't open a browser automatically.
+            // Log the URL so the user can manually visit it.
+            // eslint-disable-next-line no-console
+            console.error(`[MCP OAuth] Authorization required. Visit:\n  ${authorizationUrl.toString()}`);
+        },
+        saveCodeVerifier(codeVerifier) {
+            storedCodeVerifier = codeVerifier;
+        },
+        codeVerifier() {
+            return storedCodeVerifier;
+        },
+    };
+}
+// ─── Public API ───────────────────────────────────────────────────────────────
+/**
+ * Build `StreamableHTTPClientTransportOptions` from an MCP server config's
+ * auth-related fields.
+ *
+ * Supports two auth strategies:
+ *  1. **`headers`** — static Authorization (or other) headers, with `${VAR}` env resolution.
+ *  2. **`oauth`**  — full OAuthClientProvider for servers that implement MCP OAuth.
+ *
+ * When both are provided, `oauth` takes precedence (the SDK's built-in OAuth
+ * flow handles token refresh automatically).
+ */
+export function buildHttpTransportOpts(authConfig) {
+    const opts = {};
+    // OAuth takes precedence
+    if (authConfig.oauth) {
+        opts.authProvider = createCliOAuthProvider(authConfig.oauth);
+        return opts;
+    }
+    // Static headers (with env var resolution)
+    if (authConfig.headers && Object.keys(authConfig.headers).length > 0) {
+        opts.requestInit = {
+            headers: resolveHeaders(authConfig.headers),
+        };
+    }
+    return opts;
+}

package/dist/resources/extensions/mcp-client/index.js

@@ -18,6 +18,7 @@ import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { readFileSync, existsSync } from "node:fs";
 import { join } from "node:path";
+import { buildHttpTransportOpts } from "./auth.js";
 // ─── Connection Manager ───────────────────────────────────────────────────────
 const connections = new Map();
 let configCache = null;
@@ -51,6 +52,8 @@ function readConfigs() {
                     : hasUrl
                         ? "http"
                         : "unknown";
+                const hasHeaders = hasUrl && config.headers && typeof config.headers === "object";
+                const hasOAuth = hasUrl && config.oauth && typeof config.oauth === "object";
                 servers.push({
                     name,
                     transport,
@@ -63,6 +66,8 @@ function readConfigs() {
                         cwd: typeof config.cwd === "string" ? config.cwd : undefined,
                     }),
                     ...(hasUrl && { url: config.url }),
+                    headers: hasHeaders ? config.headers : undefined,
+                    oauth: hasOAuth ? config.oauth : undefined,
                 });
             }
         }
@@ -113,7 +118,11 @@ async function getOrConnect(name, signal) {
     }
     else if (config.transport === "http" && config.url) {
         const resolvedUrl = config.url.replace(/\$\{([^}]+)\}/g, (_, varName) => process.env[varName] ?? "");
-        transport = new StreamableHTTPClientTransport(new URL(resolvedUrl));
+        const httpOpts = buildHttpTransportOpts({
+            headers: config.headers,
+            oauth: config.oauth,
+        });
+        transport = new StreamableHTTPClientTransport(new URL(resolvedUrl), httpOpts);
     }
     else {
         throw new Error(`Server "${config.name}" has unsupported transport: ${config.transport}`);

package/dist/resources/extensions/ollama/index.js

@@ -17,16 +17,9 @@
  */
 import { importExtensionModule } from "@gsd/pi-coding-agent";
 import * as client from "./ollama-client.js";
-import { discoverModels, getOllamaOpenAIBaseUrl } from "./ollama-discovery.js";
+import { discoverModels } from "./ollama-discovery.js";
 import { registerOllamaCommands } from "./ollama-commands.js";
-/** Default compat settings for Ollama models via OpenAI-compat endpoint */
-const OLLAMA_COMPAT = {
-    supportsDeveloperRole: false,
-    supportsReasoningEffort: false,
-    supportsUsageInStreaming: false,
-    maxTokensField: "max_tokens",
-    supportsStore: false,
-};
+import { streamOllamaChat } from "./ollama-chat-provider.js";
 let toolsPromise = null;
 async function registerOllamaTools(pi) {
     if (!toolsPromise) {
@@ -58,11 +51,17 @@ async function probeAndRegister(pi) {
     const models = await discoverModels();
     if (models.length === 0)
         return true; // Running but no models pulled
-    const baseUrl = getOllamaOpenAIBaseUrl();
+    const baseUrl = client.getOllamaHost();
+    // Use authMode "apiKey" with a dummy key (#3440).
+    // authMode "none" requires a custom streamSimple handler, but Ollama uses
+    // the standard OpenAI-compatible streaming endpoint. Ollama ignores the
+    // Authorization header so the dummy key is harmless.
     pi.registerProvider("ollama", {
-        authMode: "none",
+        authMode: "apiKey",
+        apiKey: "ollama",
         baseUrl,
-        api: "openai-completions",
+        api: "ollama-chat",
+        streamSimple: streamOllamaChat,
         isReady: () => true,
         models: models.map((m) => ({
             id: m.id,
@@ -72,7 +71,7 @@ async function probeAndRegister(pi) {
             cost: m.cost,
             contextWindow: m.contextWindow,
             maxTokens: m.maxTokens,
-            compat: OLLAMA_COMPAT,
+            providerOptions: (m.ollamaOptions ?? {}),
         })),
     });
     providerRegistered = true;
@@ -91,16 +90,23 @@ export default function ollama(pi) {
         else {
             await registerOllamaTools(pi);
         }
-        // Async probe — don't block startup
-        probeAndRegister(pi)
-            .then((found) => {
-            if (found && ctx.hasUI) {
-                ctx.ui.setStatus("ollama", "Ollama");
+        // In headless/auto mode, await the probe so the fallback resolver can
+        // see Ollama before the first LLM call (#3531 race condition).
+        // In interactive mode, keep it async for fast startup.
+        if (!ctx.hasUI) {
+            try {
+                await probeAndRegister(pi);
             }
-        })
-            .catch(() => {
-            // Silently ignore probe failures
-        });
+            catch { /* non-fatal */ }
+        }
+        else {
+            probeAndRegister(pi)
+                .then((found) => {
+                if (found)
+                    ctx.ui.setStatus("ollama", "Ollama");
+            })
+                .catch(() => { });
+        }
     });
     pi.on("session_shutdown", async () => {
         if (providerRegistered) {

package/dist/resources/extensions/ollama/model-capabilities.js

@@ -4,50 +4,53 @@
  * Keys are matched as prefixes against the model name (before the colon/tag).
  * More specific entries should appear first.
  */
+// Note: ollamaOptions.num_ctx is set for known model families where the context
+// window is authoritative. For unknown/estimated models, num_ctx is NOT sent
+// to avoid OOM risk — Ollama uses its own safe default instead.
 const KNOWN_MODELS = [
     // ─── Reasoning models ───────────────────────────────────────────────
-    ["deepseek-r1", { contextWindow: 131072, reasoning: true }],
-    ["qwq", { contextWindow: 131072, reasoning: true }],
+    ["deepseek-r1", { contextWindow: 131072, reasoning: true, ollamaOptions: { num_ctx: 131072 } }],
+    ["qwq", { contextWindow: 131072, reasoning: true, ollamaOptions: { num_ctx: 131072 } }],
     // ─── Vision models ──────────────────────────────────────────────────
-    ["llava", { contextWindow: 4096, input: ["text", "image"] }],
-    ["bakllava", { contextWindow: 4096, input: ["text", "image"] }],
-    ["moondream", { contextWindow: 8192, input: ["text", "image"] }],
-    ["llama3.2-vision", { contextWindow: 131072, input: ["text", "image"] }],
-    ["minicpm-v", { contextWindow: 4096, input: ["text", "image"] }],
+    ["llava", { contextWindow: 4096, input: ["text", "image"], ollamaOptions: { num_ctx: 4096 } }],
+    ["bakllava", { contextWindow: 4096, input: ["text", "image"], ollamaOptions: { num_ctx: 4096 } }],
+    ["moondream", { contextWindow: 8192, input: ["text", "image"], ollamaOptions: { num_ctx: 8192 } }],
+    ["llama3.2-vision", { contextWindow: 131072, input: ["text", "image"], ollamaOptions: { num_ctx: 131072 } }],
+    ["minicpm-v", { contextWindow: 4096, input: ["text", "image"], ollamaOptions: { num_ctx: 4096 } }],
     // ─── Code models ────────────────────────────────────────────────────
-    ["codestral", { contextWindow: 262144, maxTokens: 32768 }],
-    ["qwen2.5-coder", { contextWindow: 131072, maxTokens: 32768 }],
-    ["deepseek-coder-v2", { contextWindow: 131072, maxTokens: 16384 }],
-    ["starcoder2", { contextWindow: 16384, maxTokens: 8192 }],
-    ["codegemma", { contextWindow: 8192, maxTokens: 8192 }],
-    ["codellama", { contextWindow: 16384, maxTokens: 8192 }],
-    ["devstral", { contextWindow: 131072, maxTokens: 32768 }],
+    ["codestral", { contextWindow: 262144, maxTokens: 32768, ollamaOptions: { num_ctx: 262144 } }],
+    ["qwen2.5-coder", { contextWindow: 131072, maxTokens: 32768, ollamaOptions: { num_ctx: 131072 } }],
+    ["deepseek-coder-v2", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["starcoder2", { contextWindow: 16384, maxTokens: 8192, ollamaOptions: { num_ctx: 16384 } }],
+    ["codegemma", { contextWindow: 8192, maxTokens: 8192, ollamaOptions: { num_ctx: 8192 } }],
+    ["codellama", { contextWindow: 16384, maxTokens: 8192, ollamaOptions: { num_ctx: 16384 } }],
+    ["devstral", { contextWindow: 131072, maxTokens: 32768, ollamaOptions: { num_ctx: 131072 } }],
     // ─── Llama family ───────────────────────────────────────────────────
-    ["llama3.3", { contextWindow: 131072, maxTokens: 16384 }],
-    ["llama3.2", { contextWindow: 131072, maxTokens: 16384 }],
-    ["llama3.1", { contextWindow: 131072, maxTokens: 16384 }],
-    ["llama3", { contextWindow: 8192, maxTokens: 8192 }],
-    ["llama2", { contextWindow: 4096, maxTokens: 4096 }],
+    ["llama3.3", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["llama3.2", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["llama3.1", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["llama3", { contextWindow: 8192, maxTokens: 8192, ollamaOptions: { num_ctx: 8192 } }],
+    ["llama2", { contextWindow: 4096, maxTokens: 4096, ollamaOptions: { num_ctx: 4096 } }],
     // ─── Qwen family ────────────────────────────────────────────────────
-    ["qwen3", { contextWindow: 131072, maxTokens: 32768 }],
-    ["qwen2.5", { contextWindow: 131072, maxTokens: 32768 }],
-    ["qwen2", { contextWindow: 131072, maxTokens: 32768 }],
+    ["qwen3", { contextWindow: 131072, maxTokens: 32768, ollamaOptions: { num_ctx: 131072 } }],
+    ["qwen2.5", { contextWindow: 131072, maxTokens: 32768, ollamaOptions: { num_ctx: 131072 } }],
+    ["qwen2", { contextWindow: 131072, maxTokens: 32768, ollamaOptions: { num_ctx: 131072 } }],
     // ─── Gemma family ───────────────────────────────────────────────────
-    ["gemma3", { contextWindow: 131072, maxTokens: 16384 }],
-    ["gemma2", { contextWindow: 8192, maxTokens: 8192 }],
+    ["gemma3", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["gemma2", { contextWindow: 8192, maxTokens: 8192, ollamaOptions: { num_ctx: 8192 } }],
     // ─── Mistral family ─────────────────────────────────────────────────
-    ["mistral-large", { contextWindow: 131072, maxTokens: 16384 }],
-    ["mistral-small", { contextWindow: 131072, maxTokens: 16384 }],
-    ["mistral-nemo", { contextWindow: 131072, maxTokens: 16384 }],
-    ["mistral", { contextWindow: 32768, maxTokens: 8192 }],
-    ["mixtral", { contextWindow: 32768, maxTokens: 8192 }],
+    ["mistral-large", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["mistral-small", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["mistral-nemo", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["mistral", { contextWindow: 32768, maxTokens: 8192, ollamaOptions: { num_ctx: 32768 } }],
+    ["mixtral", { contextWindow: 32768, maxTokens: 8192, ollamaOptions: { num_ctx: 32768 } }],
     // ─── Phi family ─────────────────────────────────────────────────────
-    ["phi4", { contextWindow: 16384, maxTokens: 16384 }],
-    ["phi3.5", { contextWindow: 131072, maxTokens: 16384 }],
-    ["phi3", { contextWindow: 131072, maxTokens: 4096 }],
+    ["phi4", { contextWindow: 16384, maxTokens: 16384, ollamaOptions: { num_ctx: 16384 } }],
+    ["phi3.5", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["phi3", { contextWindow: 131072, maxTokens: 4096, ollamaOptions: { num_ctx: 131072 } }],
     // ─── Command R ──────────────────────────────────────────────────────
-    ["command-r-plus", { contextWindow: 131072, maxTokens: 16384 }],
-    ["command-r", { contextWindow: 131072, maxTokens: 16384 }],
+    ["command-r-plus", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
+    ["command-r", { contextWindow: 131072, maxTokens: 16384, ollamaOptions: { num_ctx: 131072 } }],
 ];
 /**
  * Look up capabilities for a model by name.

package/dist/resources/extensions/ollama/ndjson-stream.js

@@ -0,0 +1,54 @@
+// GSD2 — Ollama Extension: NDJSON streaming parser
+/**
+ * Parses a streaming NDJSON (newline-delimited JSON) response body into
+ * typed objects. Used for Ollama's /api/chat and /api/pull endpoints.
+ *
+ * @param strict When true, malformed JSON lines throw instead of being skipped.
+ *   Use strict mode for inference streams where silent data loss is unacceptable.
+ *   Use permissive mode (default) for progress endpoints like /api/pull.
+ */
+export async function* parseNDJsonStream(body, signal, strict = false) {
+    const reader = body.getReader();
+    const decoder = new TextDecoder();
+    let buffer = "";
+    try {
+        while (true) {
+            if (signal?.aborted)
+                break;
+            const { done, value } = await reader.read();
+            if (done)
+                break;
+            buffer += decoder.decode(value, { stream: true });
+            const lines = buffer.split("\n");
+            buffer = lines.pop() ?? "";
+            for (const line of lines) {
+                const trimmed = line.trim();
+                if (!trimmed)
+                    continue;
+                try {
+                    yield JSON.parse(trimmed);
+                }
+                catch (err) {
+                    if (strict) {
+                        throw new Error(`Malformed NDJSON line from Ollama: ${trimmed.slice(0, 200)}`);
+                    }
+                    // Permissive mode: skip malformed lines
+                }
+            }
+        }
+        // Flush remaining buffer (skip if aborted)
+        if (buffer.trim() && !signal?.aborted) {
+            try {
+                yield JSON.parse(buffer.trim());
+            }
+            catch (err) {
+                if (strict) {
+                    throw new Error(`Malformed NDJSON line from Ollama: ${buffer.trim().slice(0, 200)}`);
+                }
+            }
+        }
+    }
+    finally {
+        reader.releaseLock();
+    }
+}