gsd-pi 2.63.0-dev.351157b → 2.63.0-dev.786f0ff

package/src/resources/extensions/gsd/safety/safety-harness.ts

@@ -0,0 +1,105 @@
+/**
+ * Safety Harness — central module for LLM damage control during auto-mode.
+ * Provides types, preference resolution, and orchestration for all safety components.
+ *
+ * Components:
+ * - evidence-collector.ts: Real-time tool call tracking
+ * - destructive-guard.ts: Bash command classification
+ * - file-change-validator.ts: Post-unit git diff vs plan
+ * - evidence-cross-ref.ts: Claimed vs actual verification evidence
+ * - git-checkpoint.ts: Pre-unit checkpoints + rollback
+ * - content-validator.ts: Output quality validation
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+
+// ─── Types ──────────────────────────────────────────────────────────────────
+
+export interface SafetyHarnessConfig {
+  enabled: boolean;
+  evidence_collection: boolean;
+  file_change_validation: boolean;
+  evidence_cross_reference: boolean;
+  destructive_command_warnings: boolean;
+  content_validation: boolean;
+  checkpoints: boolean;
+  auto_rollback: boolean;
+  timeout_scale_cap: number;
+}
+
+// ─── Defaults ───────────────────────────────────────────────────────────────
+
+const DEFAULTS: SafetyHarnessConfig = {
+  enabled: true,
+  evidence_collection: true,
+  file_change_validation: true,
+  evidence_cross_reference: true,
+  destructive_command_warnings: true,
+  content_validation: true,
+  checkpoints: true,
+  auto_rollback: false,
+  timeout_scale_cap: 6,
+};
+
+// ─── Public API ─────────────────────────────────────────────────────────────
+
+/**
+ * Resolve safety harness configuration from raw preferences.
+ * Missing fields fall back to defaults.
+ */
+export function resolveSafetyHarnessConfig(
+  raw: Record<string, unknown> | undefined,
+): SafetyHarnessConfig {
+  if (!raw) return { ...DEFAULTS };
+
+  return {
+    enabled: typeof raw.enabled === "boolean" ? raw.enabled : DEFAULTS.enabled,
+    evidence_collection: typeof raw.evidence_collection === "boolean" ? raw.evidence_collection : DEFAULTS.evidence_collection,
+    file_change_validation: typeof raw.file_change_validation === "boolean" ? raw.file_change_validation : DEFAULTS.file_change_validation,
+    evidence_cross_reference: typeof raw.evidence_cross_reference === "boolean" ? raw.evidence_cross_reference : DEFAULTS.evidence_cross_reference,
+    destructive_command_warnings: typeof raw.destructive_command_warnings === "boolean" ? raw.destructive_command_warnings : DEFAULTS.destructive_command_warnings,
+    content_validation: typeof raw.content_validation === "boolean" ? raw.content_validation : DEFAULTS.content_validation,
+    checkpoints: typeof raw.checkpoints === "boolean" ? raw.checkpoints : DEFAULTS.checkpoints,
+    auto_rollback: typeof raw.auto_rollback === "boolean" ? raw.auto_rollback : DEFAULTS.auto_rollback,
+    timeout_scale_cap: typeof raw.timeout_scale_cap === "number" ? raw.timeout_scale_cap : DEFAULTS.timeout_scale_cap,
+  };
+}
+
+/**
+ * Check if the safety harness is enabled.
+ * Used as a fast gate at hook registration and phase integration points.
+ */
+export function isHarnessEnabled(
+  raw: Record<string, unknown> | undefined,
+): boolean {
+  if (!raw) return DEFAULTS.enabled;
+  if (typeof raw.enabled === "boolean") return raw.enabled;
+  return DEFAULTS.enabled;
+}
+
+// ─── Re-exports ─────────────────────────────────────────────────────────────
+
+export {
+  resetEvidence,
+  getEvidence,
+  getBashEvidence,
+  getFilePaths,
+  recordToolCall,
+  recordToolResult,
+} from "./evidence-collector.js";
+
+export type { EvidenceEntry, BashEvidence, FileWriteEvidence, FileEditEvidence } from "./evidence-collector.js";
+
+export { classifyCommand } from "./destructive-guard.js";
+export type { CommandClassification } from "./destructive-guard.js";
+
+export { validateFileChanges } from "./file-change-validator.js";
+export type { FileChangeAudit, FileViolation } from "./file-change-validator.js";
+
+export { crossReferenceEvidence } from "./evidence-cross-ref.js";
+export type { ClaimedEvidence, EvidenceMismatch } from "./evidence-cross-ref.js";
+
+export { createCheckpoint, rollbackToCheckpoint, cleanupCheckpoint } from "./git-checkpoint.js";
+
+export { validateContent } from "./content-validator.js";
+export type { ContentViolation } from "./content-validator.js";

package/src/resources/extensions/gsd/tests/complete-slice-string-coercion.test.ts

@@ -0,0 +1,211 @@
+// GSD Extension — String coercion regression tests for complete-slice/task tools
+
+import { describe, test, beforeEach, afterEach } from "node:test";
+import assert from "node:assert/strict";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import {
+  openDatabase,
+  closeDatabase,
+  insertMilestone,
+  insertSlice,
+  insertTask,
+} from "../gsd-db.ts";
+import { handleCompleteSlice } from "../tools/complete-slice.ts";
+import type { CompleteSliceParams } from "../types.ts";
+
+// ─── Helpers ─────────────────────────────────────────────────────────────
+
+/**
+ * The splitPair coercion logic extracted from db-tools.ts sliceCompleteExecute.
+ * Duplicated here so we can unit-test it directly.
+ */
+function splitPair(s: string): [string, string] {
+  const m = s.match(/^(.+?)\s*(?:—|-)\s+(.+)$/);
+  return m ? [m[1].trim(), m[2].trim()] : [s.trim(), ""];
+}
+
+function makeValidSliceParams(): CompleteSliceParams {
+  return {
+    sliceId: "S01",
+    milestoneId: "M001",
+    sliceTitle: "Test Slice",
+    oneLiner: "Implemented test slice",
+    narrative: "Built and tested.",
+    verification: "All tests pass.",
+    deviations: "None.",
+    knownLimitations: "None.",
+    followUps: "None.",
+    keyFiles: ["src/foo.ts"],
+    keyDecisions: ["D001"],
+    patternsEstablished: [],
+    observabilitySurfaces: [],
+    provides: ["test handler"],
+    requirementsSurfaced: [],
+    drillDownPaths: [],
+    affects: [],
+    requirementsAdvanced: [{ id: "R001", how: "Handler validates" }],
+    requirementsValidated: [],
+    requirementsInvalidated: [],
+    filesModified: [{ path: "src/foo.ts", description: "Handler" }],
+    requires: [],
+    uatContent: "## Smoke Test\n\nVerify all assertions pass.",
+  };
+}
+
+// ─── splitPair unit tests ────────────────────────────────────────────────
+
+describe("splitPair coercion helper (#3565)", () => {
+  test("plain string without delimiter returns string + empty", () => {
+    const [a, b] = splitPair("src/foo.ts");
+    assert.equal(a, "src/foo.ts");
+    assert.equal(b, "");
+  });
+
+  test("em-dash delimiter parses both parts", () => {
+    const [id, how] = splitPair("R001 — Handler validates task completion");
+    assert.equal(id, "R001");
+    assert.equal(how, "Handler validates task completion");
+  });
+
+  test("hyphen delimiter parses both parts", () => {
+    const [id, proof] = splitPair("R002 - Tests pass");
+    assert.equal(id, "R002");
+    assert.equal(proof, "Tests pass");
+  });
+
+  test("string with no space around hyphen is treated as plain", () => {
+    // e.g. a file path like "src/foo-bar.ts" should not split
+    const [a, b] = splitPair("src/foo-bar.ts");
+    assert.equal(a, "src/foo-bar.ts");
+    assert.equal(b, "");
+  });
+
+  test("whitespace is trimmed from both parts", () => {
+    const [id, how] = splitPair("  R003  —  Trimmed value  ");
+    assert.equal(id, "R003");
+    assert.equal(how, "Trimmed value");
+  });
+});
+
+// ─── verificationEvidence sentinel tests ─────────────────────────────────
+
+describe("verificationEvidence sentinel coercion (#3565)", () => {
+  function coerceEvidence(v: any) {
+    return typeof v === "string"
+      ? { command: v, exitCode: -1, verdict: "unknown (coerced from string)", durationMs: 0 }
+      : v;
+  }
+
+  test("string input produces non-passing sentinel", () => {
+    const result = coerceEvidence("npm test");
+    assert.equal(result.command, "npm test");
+    assert.equal(result.exitCode, -1);
+    assert.equal(result.verdict, "unknown (coerced from string)");
+    assert.equal(result.durationMs, 0);
+  });
+
+  test("object input passes through unchanged", () => {
+    const obj = { command: "npm test", exitCode: 0, verdict: "pass", durationMs: 1234 };
+    const result = coerceEvidence(obj);
+    assert.equal(result.exitCode, 0);
+    assert.equal(result.verdict, "pass");
+    assert.equal(result.durationMs, 1234);
+  });
+
+  test("sentinel exitCode is not 0 (must not fabricate success)", () => {
+    const result = coerceEvidence("anything");
+    assert.notEqual(result.exitCode, 0, "exitCode must not be 0 for coerced strings");
+    assert.ok(
+      !result.verdict.includes("pass"),
+      "verdict must not contain 'pass' for coerced strings",
+    );
+  });
+});
+
+// ─── Handler integration with coerced params ─────────────────────────────
+
+describe("handleCompleteSlice with coerced string arrays (#3565)", () => {
+  let dbPath: string;
+  let basePath: string;
+
+  beforeEach(() => {
+    dbPath = path.join(
+      fs.mkdtempSync(path.join(os.tmpdir(), "gsd-coerce-")),
+      "test.db",
+    );
+    openDatabase(dbPath);
+
+    basePath = fs.mkdtempSync(path.join(os.tmpdir(), "gsd-coerce-handler-"));
+    const sliceDir = path.join(basePath, ".gsd", "milestones", "M001", "slices", "S01", "tasks");
+    fs.mkdirSync(sliceDir, { recursive: true });
+
+    const roadmapPath = path.join(basePath, ".gsd", "milestones", "M001", "M001-ROADMAP.md");
+    fs.writeFileSync(
+      roadmapPath,
+      [
+        "# M001: Test Milestone",
+        "",
+        "## Slices",
+        "",
+        '- [ ] **S01: Test Slice** `risk:medium` `depends:[]`',
+        "  - After this: basic functionality works",
+      ].join("\n"),
+    );
+
+    insertMilestone({ id: "M001" });
+    insertSlice({ id: "S01", milestoneId: "M001" });
+    insertTask({ id: "T01", sliceId: "S01", milestoneId: "M001", status: "complete", title: "Task 1" });
+  });
+
+  afterEach(() => {
+    closeDatabase();
+    fs.rmSync(path.dirname(dbPath), { recursive: true, force: true });
+    fs.rmSync(basePath, { recursive: true, force: true });
+  });
+
+  test("handler succeeds with coerced filesModified and requirementsAdvanced", async () => {
+    const params = makeValidSliceParams();
+    // Simulate coercion from plain strings
+    params.filesModified = ["src/foo.ts", "src/bar.ts"].map((f) => {
+      const [p, d] = splitPair(f);
+      return { path: p, description: d };
+    });
+    params.requirementsAdvanced = ["R001 — Handler validates task completion"].map((r) => {
+      const [id, how] = splitPair(r);
+      return { id, how };
+    });
+
+    const result = await handleCompleteSlice(params, basePath);
+    assert.ok(!("error" in result), "handler should succeed");
+    if (!("error" in result)) {
+      const summary = fs.readFileSync(result.summaryPath, "utf-8");
+      assert.match(summary, /src\/foo\.ts/);
+      assert.match(summary, /R001/);
+      assert.match(summary, /Handler validates task completion/);
+    }
+  });
+
+  test("handler succeeds with coerced requires and requirementsValidated", async () => {
+    const params = makeValidSliceParams();
+    params.requires = ["S00 — Provided base infrastructure"].map((r) => {
+      const [slice, provides] = splitPair(r);
+      return { slice, provides };
+    });
+    params.requirementsValidated = ["R002 - Tests pass"].map((r) => {
+      const [id, proof] = splitPair(r);
+      return { id, proof };
+    });
+
+    const result = await handleCompleteSlice(params, basePath);
+    assert.ok(!("error" in result), "handler should succeed");
+    if (!("error" in result)) {
+      const summary = fs.readFileSync(result.summaryPath, "utf-8");
+      assert.match(summary, /S00/);
+      assert.match(summary, /Provided base infrastructure/);
+      assert.match(summary, /R002/);
+      assert.match(summary, /Tests pass/);
+    }
+  });
+});

package/src/resources/extensions/gsd/tests/flat-rate-routing-guard.test.ts

@@ -0,0 +1,50 @@
+/**
+ * Regression test for #3453: dynamic model routing must be disabled for
+ * flat-rate providers like GitHub Copilot where all models cost the same
+ * per request — routing only degrades quality with no cost benefit.
+ */
+
+import { describe, test } from "node:test";
+import assert from "node:assert/strict";
+import { isFlatRateProvider, resolvePreferredModelConfig } from "../auto-model-selection.ts";
+
+describe("flat-rate provider routing guard (#3453)", () => {
+
+  test("isFlatRateProvider returns true for github-copilot", () => {
+    assert.equal(isFlatRateProvider("github-copilot"), true);
+  });
+
+  test("isFlatRateProvider returns true for copilot alias", () => {
+    assert.equal(isFlatRateProvider("copilot"), true);
+  });
+
+  test("isFlatRateProvider is case-insensitive", () => {
+    assert.equal(isFlatRateProvider("GitHub-Copilot"), true);
+    assert.equal(isFlatRateProvider("GITHUB-COPILOT"), true);
+    assert.equal(isFlatRateProvider("Copilot"), true);
+  });
+
+  test("isFlatRateProvider returns false for anthropic", () => {
+    assert.equal(isFlatRateProvider("anthropic"), false);
+  });
+
+  test("isFlatRateProvider returns false for openai", () => {
+    assert.equal(isFlatRateProvider("openai"), false);
+  });
+
+  test("resolvePreferredModelConfig returns undefined for copilot start model", () => {
+    // When the user's start model is on a flat-rate provider,
+    // resolvePreferredModelConfig should not synthesize a routing
+    // config from tier_models — it should return undefined so the
+    // user's selected model is preserved.
+    const result = resolvePreferredModelConfig("execute-task", {
+      provider: "github-copilot",
+      id: "claude-sonnet-4",
+    });
+
+    // Should be undefined (no routing config created for flat-rate)
+    // Note: this only tests the guard — if explicit per-unit config exists
+    // in preferences, that takes precedence regardless.
+    assert.equal(result, undefined, "Should not create routing config for copilot");
+  });
+});

package/src/resources/extensions/gsd/tests/git-checkpoint.test.ts

@@ -0,0 +1,94 @@
+// GSD2 — Regression tests for git-checkpoint rollback (#3576)
+// Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync, writeFileSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { execFileSync } from "node:child_process";
+import { createCheckpoint, rollbackToCheckpoint, cleanupCheckpoint } from "../safety/git-checkpoint.js";
+
+function git(args: string[], cwd: string): string {
+  return execFileSync("git", args, { cwd, stdio: ["ignore", "pipe", "pipe"], encoding: "utf-8" }).trim();
+}
+
+function createTempRepo(): string {
+  const dir = mkdtempSync(join(tmpdir(), "ckpt-test-"));
+  git(["init"], dir);
+  git(["config", "user.email", "test@test.com"], dir);
+  git(["config", "user.name", "Test"], dir);
+  writeFileSync(join(dir, "file.txt"), "initial\n");
+  git(["add", "."], dir);
+  git(["commit", "-m", "init"], dir);
+  git(["branch", "-M", "main"], dir);
+  return dir;
+}
+
+describe("git-checkpoint rollback", () => {
+  it("rolls back to checkpoint on checked-out branch", (t) => {
+    const repo = createTempRepo();
+    t.after(() => rmSync(repo, { recursive: true, force: true }));
+
+    // Create checkpoint at initial commit
+    const sha = createCheckpoint(repo, "unit-1");
+    assert.ok(sha, "checkpoint should return a SHA");
+
+    // Make a second commit
+    writeFileSync(join(repo, "file.txt"), "modified\n");
+    git(["add", "."], repo);
+    git(["commit", "-m", "second"], repo);
+
+    const headBefore = git(["rev-parse", "HEAD"], repo);
+    assert.notEqual(headBefore, sha, "HEAD should have advanced");
+
+    // Rollback — this must work on the checked-out branch
+    const result = rollbackToCheckpoint(repo, "unit-1", sha);
+    assert.equal(result, true, "rollback should succeed");
+
+    const headAfter = git(["rev-parse", "HEAD"], repo);
+    assert.equal(headAfter, sha, "HEAD should match checkpoint SHA after rollback");
+  });
+
+  it("returns false on detached HEAD", (t) => {
+    const repo = createTempRepo();
+    t.after(() => rmSync(repo, { recursive: true, force: true }));
+
+    const sha = git(["rev-parse", "HEAD"], repo);
+    git(["checkout", "--detach", sha], repo);
+
+    const result = rollbackToCheckpoint(repo, "unit-2", sha);
+    assert.equal(result, false, "rollback should fail on detached HEAD");
+  });
+
+  it("cleans up checkpoint ref after rollback", (t) => {
+    const repo = createTempRepo();
+    t.after(() => rmSync(repo, { recursive: true, force: true }));
+
+    const sha = createCheckpoint(repo, "unit-3");
+    assert.ok(sha);
+
+    // Ref should exist
+    const refBefore = git(["for-each-ref", "refs/gsd/checkpoints/unit-3", "--format=%(objectname)"], repo);
+    assert.equal(refBefore, sha);
+
+    rollbackToCheckpoint(repo, "unit-3", sha);
+
+    // Ref should be cleaned up
+    const refAfter = git(["for-each-ref", "refs/gsd/checkpoints/unit-3", "--format=%(objectname)"], repo);
+    assert.equal(refAfter, "", "checkpoint ref should be removed after rollback");
+  });
+
+  it("cleanupCheckpoint removes the ref without error", (t) => {
+    const repo = createTempRepo();
+    t.after(() => rmSync(repo, { recursive: true, force: true }));
+
+    const sha = createCheckpoint(repo, "unit-4");
+    assert.ok(sha);
+
+    cleanupCheckpoint(repo, "unit-4");
+
+    const ref = git(["for-each-ref", "refs/gsd/checkpoints/unit-4", "--format=%(objectname)"], repo);
+    assert.equal(ref, "", "ref should be gone");
+  });
+});

package/src/resources/extensions/gsd/tests/stuck-detection-coverage.test.ts

@@ -123,6 +123,48 @@ test("Rule 3: A-A-A-A triggers Rule 2 not Rule 3", () => {
   );
 });
 
+// ─── Rule 4: ENOENT same path twice in window (#3575) ───────────────────────
+
+test("Rule 4: same ENOENT path in two entries triggers stuck", () => {
+  const result = detectStuck([
+    { key: "A", error: "ENOENT: no such file or directory, access '/home/user/.gsd/agent/skills/debug-like-expert/SKILL.md'" },
+    { key: "B" },
+    { key: "A", error: "ENOENT: no such file or directory, access '/home/user/.gsd/agent/skills/debug-like-expert/SKILL.md'" },
+  ]);
+  assert.notEqual(result, null);
+  assert.equal(result!.stuck, true);
+  assert.ok(result!.reason.includes("Missing file"), `reason was: ${result!.reason}`);
+  assert.ok(result!.reason.includes("ENOENT"), `reason was: ${result!.reason}`);
+});
+
+test("Rule 4: different ENOENT paths do not trigger stuck", () => {
+  const result = detectStuck([
+    { key: "A", error: "ENOENT: no such file or directory, access '/path/a'" },
+    { key: "B", error: "ENOENT: no such file or directory, access '/path/b'" },
+  ]);
+  assert.equal(result, null);
+});
+
+test("Rule 4: single ENOENT does not trigger stuck", () => {
+  const result = detectStuck([
+    { key: "A", error: "ENOENT: no such file or directory, access '/path/a'" },
+    { key: "B" },
+  ]);
+  assert.equal(result, null);
+});
+
+test("Rule 4: ENOENT paths non-consecutive still triggers", () => {
+  const result = detectStuck([
+    { key: "A", error: "ENOENT: no such file or directory, access '/missing/skill'" },
+    { key: "B" },
+    { key: "C" },
+    { key: "D", error: "ENOENT: no such file or directory, access '/missing/skill'" },
+  ]);
+  assert.notEqual(result, null);
+  assert.equal(result!.stuck, true);
+  assert.ok(result!.reason.includes("/missing/skill"), `reason was: ${result!.reason}`);
+});
+
 // ─── Gap documentation: 3-unit cycle evades detection ────────────────────────
 
 test("Three-unit cycle A-B-C-A-B-C does NOT trigger stuck (documents gap L13)", () => {

package/src/resources/extensions/gsd/workflow-logger.ts

@@ -48,7 +48,8 @@ export type LogComponent =
   | "bootstrap"     // Extension bootstrap (system-context, agent-end)
   | "guided"        // Guided flow (discuss, plan wizards)
   | "registry"      // Rule registry hook state
-  | "renderer";     // Markdown renderer and projections
+  | "renderer"      // Markdown renderer and projections
+  | "safety";       // LLM safety harness
 
 export interface LogEntry {
   ts: string;

package/src/resources/extensions/ollama/index.ts

@@ -61,8 +61,13 @@ async function probeAndRegister(pi: ExtensionAPI): Promise<boolean> {
 
 	const baseUrl = client.getOllamaHost();
 
+	// Use authMode "apiKey" with a dummy key (#3440).
+	// authMode "none" requires a custom streamSimple handler, but Ollama uses
+	// the standard OpenAI-compatible streaming endpoint. Ollama ignores the
+	// Authorization header so the dummy key is harmless.
 	pi.registerProvider("ollama", {
-		authMode: "none",
+		authMode: "apiKey",
+		apiKey: "ollama",
 		baseUrl,
 		api: "ollama-chat",
 		streamSimple: streamOllamaChat,
@@ -100,16 +105,20 @@ export default function ollama(pi: ExtensionAPI) {
 			await registerOllamaTools(pi);
 		}
 
-		// Async probe — don't block startup
-		probeAndRegister(pi)
-			.then((found) => {
-				if (found && ctx.hasUI) {
-					ctx.ui.setStatus("ollama", "Ollama");
-				}
-			})
-			.catch(() => {
-				// Silently ignore probe failures
-			});
+		// In headless/auto mode, await the probe so the fallback resolver can
+		// see Ollama before the first LLM call (#3531 race condition).
+		// In interactive mode, keep it async for fast startup.
+		if (!ctx.hasUI) {
+			try {
+				await probeAndRegister(pi);
+			} catch { /* non-fatal */ }
+		} else {
+			probeAndRegister(pi)
+				.then((found) => {
+					if (found) ctx.ui.setStatus("ollama", "Ollama");
+				})
+				.catch(() => {});
+		}
 	});
 
 	pi.on("session_shutdown", async () => {

package/src/resources/extensions/ollama/ollama-auth-mode.test.ts

@@ -0,0 +1,20 @@
+/**
+ * Regression test for #3440: Ollama extension must register with
+ * authMode "apiKey" (not "none") to avoid streamSimple requirement.
+ */
+import { test } from "node:test";
+import assert from "node:assert/strict";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+test("Ollama registers with authMode apiKey, not none (#3440)", () => {
+  const src = readFileSync(join(__dirname, "index.ts"), "utf-8");
+  // Find the registerProvider call
+  const registerBlock = src.slice(src.indexOf("pi.registerProvider(\"ollama\""));
+  const authLine = registerBlock.match(/authMode:\s*"(\w+)"/);
+  assert.ok(authLine, "registerProvider must specify authMode");
+  assert.equal(authLine![1], "apiKey", "authMode must be apiKey, not none");
+});

package/src/resources/extensions/ollama/ollama-chat-provider.ts

@@ -149,7 +149,7 @@ export function streamOllamaChat(
 				// Handle text content — process independently of tool_calls
 				// (a chunk may contain both content and tool_calls)
 				const content = chunk.message?.content ?? "";
-				if (content && !chunk.done) {
+				if (content) {
 					if (thinkParser) {
 						processChunks(thinkParser.push(content));
 					} else {