gsd-pi 2.63.0-dev.351157b → 2.63.0-dev.d04bbc5

package/dist/cli.js

@@ -247,6 +247,10 @@ if (cliFlags.messages[0] === 'sessions') {
 // `gsd headless` — run auto-mode without TUI
 if (cliFlags.messages[0] === 'headless') {
     await ensureRtkBootstrap();
+    // Sync bundled resources before headless runs (#3471). Without this,
+    // headless-query loads from src/resources/ while auto/interactive load
+    // from ~/.gsd/agent/extensions/ — different extension copies diverge.
+    initResources(agentDir);
     const { runHeadless, parseHeadlessArgs } = await import('./headless.js');
     await runHeadless(parseHeadlessArgs(process.argv));
     process.exit(0);

package/dist/headless-query.js

@@ -15,9 +15,19 @@
  */
 import { createJiti } from '@mariozechner/jiti';
 import { fileURLToPath } from 'node:url';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
 import { resolveBundledSourceResource } from './bundled-resource-path.js';
 const jiti = createJiti(fileURLToPath(import.meta.url), { interopDefault: true, debug: false });
-const gsdExtensionPath = (...segments) => resolveBundledSourceResource(import.meta.url, 'extensions', 'gsd', ...segments);
+// Resolve extensions from the synced agent directory so headless-query
+// loads the same extension copy as interactive/auto modes (#3471).
+// Falls back to bundled source for source-tree dev workflows.
+const agentExtensionsDir = join(process.env.GSD_AGENT_DIR || join(homedir(), '.gsd', 'agent'), 'extensions', 'gsd');
+const { existsSync } = await import('node:fs');
+const useAgentDir = existsSync(join(agentExtensionsDir, 'state.ts'));
+const gsdExtensionPath = (...segments) => useAgentDir
+    ? join(agentExtensionsDir, ...segments)
+    : resolveBundledSourceResource(import.meta.url, 'extensions', 'gsd', ...segments);
 async function loadExtensionModules() {
     const stateModule = await jiti.import(gsdExtensionPath('state.ts'), {});
     const dispatchModule = await jiti.import(gsdExtensionPath('auto-dispatch.ts'), {});

package/dist/resources/extensions/gsd/auto/detect-stuck.js

@@ -3,6 +3,12 @@
  *
  * Leaf node in the import DAG.
  */
+/**
+ * Pattern matching ENOENT errors with a file path.
+ * Matches: "ENOENT: no such file or directory, access '/path/to/file'"
+ * and similar Node.js filesystem error messages.
+ */
+const ENOENT_PATH_RE = /ENOENT[^']*'([^']+)'/;
 /**
  * Analyze a sliding window of recent unit dispatches for stuck patterns.
  * Returns a signal with reason if stuck, null otherwise.
@@ -10,6 +16,8 @@
  * Rule 1: Same error string twice in a row → stuck immediately.
  * Rule 2: Same unit key 3+ consecutive times → stuck (preserves prior behavior).
  * Rule 3: Oscillation A→B→A→B in last 4 entries → stuck.
+ * Rule 4: Same ENOENT path in any 2 entries within the window → stuck (#3575).
+ *         Missing files don't self-heal between retries — retrying wastes budget.
  */
 export function detectStuck(window) {
     if (window.length < 2)
@@ -45,5 +53,24 @@ export function detectStuck(window) {
             };
         }
     }
+    // Rule 4: Same ENOENT path seen twice in window (#3575)
+    // Missing files don't appear between retries — stop immediately.
+    const enoentPaths = new Map();
+    for (const entry of window) {
+        if (!entry.error)
+            continue;
+        const match = ENOENT_PATH_RE.exec(entry.error);
+        if (!match)
+            continue;
+        const filePath = match[1];
+        const count = (enoentPaths.get(filePath) ?? 0) + 1;
+        if (count >= 2) {
+            return {
+                stuck: true,
+                reason: `Missing file referenced twice: ${filePath} (ENOENT)`,
+            };
+        }
+        enoentPaths.set(filePath, count);
+    }
     return null;
 }

package/dist/resources/extensions/gsd/auto/phases.js

@@ -24,6 +24,9 @@ import { withTimeout, FINALIZE_POST_TIMEOUT_MS } from "./finalize-timeout.js";
 import { getEligibleSlices } from "../slice-parallel-eligibility.js";
 import { startSliceParallel } from "../slice-parallel-orchestrator.js";
 import { isDbAvailable, getMilestoneSlices } from "../gsd-db.js";
+import { resetEvidence } from "../safety/evidence-collector.js";
+import { createCheckpoint, cleanupCheckpoint, rollbackToCheckpoint } from "../safety/git-checkpoint.js";
+import { resolveSafetyHarnessConfig } from "../safety/safety-harness.js";
 // ─── generateMilestoneReport ──────────────────────────────────────────────────
 /**
  * Resolve the base path for milestone reports.
@@ -777,6 +780,18 @@ export async function runUnitPhase(ic, iterData, loopState, sidecarItem) {
     ctx.ui.setStatus("gsd-auto", "auto");
     if (mid)
         deps.updateSliceProgressCache(s.basePath, mid, state.activeSlice?.id);
+    // ── Safety harness: reset evidence + create checkpoint ──
+    const safetyConfig = resolveSafetyHarnessConfig(prefs?.safety_harness);
+    if (safetyConfig.enabled && safetyConfig.evidence_collection) {
+        resetEvidence();
+    }
+    // Only checkpoint code-executing units (not lifecycle/planning units)
+    if (safetyConfig.enabled && safetyConfig.checkpoints && unitType === "execute-task") {
+        s.checkpointSha = createCheckpoint(s.basePath, unitId);
+        if (s.checkpointSha) {
+            debugLog("runUnitPhase", { phase: "checkpoint-created", unitId, sha: s.checkpointSha.slice(0, 8) });
+        }
+    }
     // Prompt injection
     let finalPrompt = prompt;
     if (s.pendingVerificationRetry) {
@@ -999,6 +1014,25 @@ export async function runUnitPhase(ic, iterData, loopState, sidecarItem) {
         }
     }
     deps.emitJournalEvent({ ts: new Date().toISOString(), flowId: ic.flowId, seq: ic.nextSeq(), eventType: "unit-end", data: { unitType, unitId, status: unitResult.status, artifactVerified, ...(unitResult.errorContext ? { errorContext: unitResult.errorContext } : {}) }, causedBy: { flowId: ic.flowId, seq: unitStartSeq } });
+    // ── Safety harness: checkpoint cleanup or rollback ──
+    if (s.checkpointSha) {
+        if (unitResult.status === "error" && safetyConfig.auto_rollback) {
+            const rolled = rollbackToCheckpoint(s.basePath, unitId, s.checkpointSha);
+            if (rolled) {
+                ctx.ui.notify(`Rolled back to pre-unit checkpoint for ${unitId}`, "info");
+                debugLog("runUnitPhase", { phase: "checkpoint-rollback", unitId });
+            }
+        }
+        else if (unitResult.status === "error") {
+            ctx.ui.notify(`Unit ${unitId} failed. Pre-unit checkpoint available at ${s.checkpointSha.slice(0, 8)}`, "warning");
+        }
+        else {
+            // Success — clean up checkpoint ref
+            cleanupCheckpoint(s.basePath, unitId);
+            debugLog("runUnitPhase", { phase: "checkpoint-cleaned", unitId });
+        }
+        s.checkpointSha = null;
+    }
     return { action: "next", data: { unitStartedAt: s.currentUnit?.startedAt } };
 }
 // ─── runFinalize ──────────────────────────────────────────────────────────────

package/dist/resources/extensions/gsd/auto/session.js

@@ -82,6 +82,9 @@ export class AutoSession {
     lastPromptCharCount;
     lastBaselineCharCount;
     pendingQuickTasks = [];
+    // ── Safety harness ───────────────────────────────────────────────────────
+    /** SHA of the pre-unit git checkpoint ref. Cleared on success or rollback. */
+    checkpointSha = null;
     // ── Signal handler ───────────────────────────────────────────────────────
     sigtermHandler = null;
     // ── Loop promise state ──────────────────────────────────────────────────
@@ -159,6 +162,7 @@ export class AutoSession {
         this.lastToolInvocationError = null;
         this.isolationDegraded = false;
         this.milestoneMergedInPhases = false;
+        this.checkpointSha = null;
         // Signal handler
         this.sigtermHandler = null;
         // Loop promise state lives in auto-loop.ts module scope

package/dist/resources/extensions/gsd/auto-model-selection.js

@@ -15,6 +15,9 @@ export function resolvePreferredModelConfig(unitType, autoModeStartModel) {
     const routingConfig = resolveDynamicRoutingConfig();
     if (!routingConfig.enabled || !routingConfig.tier_models)
         return undefined;
+    // Don't synthesize a routing config for flat-rate providers (#3453).
+    if (autoModeStartModel && isFlatRateProvider(autoModeStartModel.provider))
+        return undefined;
     const ceilingModel = routingConfig.tier_models.heavy
         ?? (autoModeStartModel ? `${autoModeStartModel.provider}/${autoModeStartModel.id}` : undefined);
     if (!ceilingModel)
@@ -41,6 +44,25 @@ export async function selectAndApplyModel(ctx, pi, unitType, unitId, basePath, p
         const routingConfig = resolveDynamicRoutingConfig();
         let effectiveModelConfig = modelConfig;
         let routingTierLabel = "";
+        // Disable routing for flat-rate providers like GitHub Copilot (#3453).
+        // All models cost the same per request, so downgrading to a cheaper
+        // model provides no cost benefit — it only degrades quality.
+        // Fail-closed: if primary model can't be resolved, fall back to
+        // provider-level signals rather than allowing unwanted downgrades.
+        if (routingConfig.enabled) {
+            const primaryModel = resolveModelId(modelConfig.primary, availableModels, ctx.model?.provider);
+            if (primaryModel) {
+                if (isFlatRateProvider(primaryModel.provider)) {
+                    routingConfig.enabled = false;
+                }
+            }
+            else if ((autoModeStartModel && isFlatRateProvider(autoModeStartModel.provider))
+                || (ctx.model?.provider && isFlatRateProvider(ctx.model.provider))) {
+                // Primary model unresolvable but provider signals indicate flat-rate —
+                // disable routing to prevent quality degradation.
+                routingConfig.enabled = false;
+            }
+        }
         if (routingConfig.enabled) {
             let budgetPct;
             if (routingConfig.budget_pressure !== false) {
@@ -244,3 +266,13 @@ export function resolveModelId(modelId, availableModels, currentProvider) {
     // Fall back to first non-extension candidate, or any candidate
     return candidates.find(m => !EXTENSION_PROVIDERS.has(m.provider)) ?? candidates[0];
 }
+/**
+ * Flat-rate providers charge the same per request regardless of model.
+ * Dynamic routing provides no cost benefit — it only degrades quality (#3453).
+ * Uses case-insensitive matching with alias support to prevent fail-open on
+ * provider naming variations (e.g. "copilot" vs "github-copilot").
+ */
+const FLAT_RATE_PROVIDERS = new Set(["github-copilot", "copilot"]);
+export function isFlatRateProvider(provider) {
+    return FLAT_RATE_PROVIDERS.has(provider.toLowerCase());
+}

package/dist/resources/extensions/gsd/auto-post-unit.js

@@ -29,6 +29,13 @@ import { checkPostUnitHooks, isRetryPending, consumeRetryTrigger, persistHookSta
 import { hasPendingCaptures, loadPendingCaptures, revertExecutorResolvedCaptures } from "./captures.js";
 import { debugLog } from "./debug-logger.js";
 import { runSafely } from "./auto-utils.js";
+import { getEvidence } from "./safety/evidence-collector.js";
+import { validateFileChanges } from "./safety/file-change-validator.js";
+// crossReferenceEvidence available for future use when verification_evidence is stored in DB
+// import { crossReferenceEvidence, type ClaimedEvidence } from "./safety/evidence-cross-ref.js";
+import { validateContent } from "./safety/content-validator.js";
+import { resolveSafetyHarnessConfig } from "./safety/safety-harness.js";
+import { resolveExpectedArtifactPath as resolveArtifactForContent } from "./auto-artifact-paths.js";
 /** Maximum verification retry attempts before escalating to blocker placeholder (#2653). */
 const MAX_VERIFICATION_RETRIES = 3;
 /** Enqueue a sidecar item (hook, triage, or quick-task) for the main loop to
@@ -341,6 +348,78 @@ export async function postUnitPreVerification(pctx, opts) {
         catch (e) {
             debugLog("postUnit", { phase: "rogue-detection", error: String(e) });
         }
+        // ── Safety harness: post-unit validation ──
+        try {
+            const { loadEffectiveGSDPreferences } = await import("./preferences.js");
+            const prefs = loadEffectiveGSDPreferences()?.preferences;
+            const safetyConfig = resolveSafetyHarnessConfig(prefs?.safety_harness);
+            if (safetyConfig.enabled) {
+                const { milestone: sMid, slice: sSid, task: sTid } = parseUnitId(s.currentUnit.id);
+                // File change validation (execute-task only, after auto-commit)
+                if (safetyConfig.file_change_validation && s.currentUnit.type === "execute-task" && sMid && sSid && sTid && isDbAvailable()) {
+                    try {
+                        const taskRow = getTask(sMid, sSid, sTid);
+                        if (taskRow) {
+                            const expectedOutput = taskRow.expected_output ?? [];
+                            const plannedFiles = taskRow.files ?? [];
+                            const audit = validateFileChanges(s.basePath, expectedOutput, plannedFiles);
+                            if (audit && audit.violations.length > 0) {
+                                const warnings = audit.violations.filter(v => v.severity === "warning");
+                                for (const v of warnings) {
+                                    logWarning("safety", `file-change: ${v.file} — ${v.reason}`);
+                                }
+                                if (warnings.length > 0) {
+                                    ctx.ui.notify(`Safety: ${warnings.length} unexpected file change(s) outside task plan`, "warning");
+                                }
+                            }
+                        }
+                    }
+                    catch (e) {
+                        debugLog("postUnit", { phase: "safety-file-change", error: String(e) });
+                    }
+                }
+                // Evidence cross-reference (execute-task only)
+                // Verification evidence is passed via the complete-task tool call and
+                // stored in the SUMMARY.md on disk — not available as structured data
+                // in the DB. The evidence collector tracks actual bash tool calls, so
+                // we can still detect units that claimed success but ran no commands.
+                if (safetyConfig.evidence_cross_reference && s.currentUnit.type === "execute-task") {
+                    try {
+                        const actual = getEvidence();
+                        const bashCalls = actual.filter(e => e.kind === "bash");
+                        // If the task is marked complete but zero bash commands were run,
+                        // it's suspicious — the LLM may have fabricated results.
+                        if (sMid && sSid && sTid && isDbAvailable()) {
+                            const taskRow = getTask(sMid, sSid, sTid);
+                            if (taskRow?.status === "complete" && taskRow.verify && bashCalls.length === 0) {
+                                logWarning("safety", "task marked complete with verification commands but no bash calls were executed");
+                                ctx.ui.notify(`Safety: task ${sTid} has verification commands but no bash calls were recorded`, "warning");
+                            }
+                        }
+                    }
+                    catch (e) {
+                        debugLog("postUnit", { phase: "safety-evidence-xref", error: String(e) });
+                    }
+                }
+                // Content validation (plan-slice, plan-milestone)
+                if (safetyConfig.content_validation) {
+                    try {
+                        const artifactPath = resolveArtifactForContent(s.currentUnit.type, s.currentUnit.id, s.basePath);
+                        const contentViolations = validateContent(s.currentUnit.type, artifactPath);
+                        for (const v of contentViolations) {
+                            logWarning("safety", `content: ${v.reason}`);
+                            ctx.ui.notify(`Content validation: ${v.reason}`, "warning");
+                        }
+                    }
+                    catch (e) {
+                        debugLog("postUnit", { phase: "safety-content-validation", error: String(e) });
+                    }
+                }
+            }
+        }
+        catch (e) {
+            debugLog("postUnit", { phase: "safety-harness", error: String(e) });
+        }
         // Artifact verification
         let triggerArtifactVerified = false;
         if (!s.currentUnit.type.startsWith("hook/")) {

package/dist/resources/extensions/gsd/auto-timers.js

@@ -77,8 +77,9 @@ export function startUnitSupervision(sctx) {
         }
     }
     const estimateMinutes = taskEstimate ? parseEstimateMinutes(taskEstimate) : null;
+    const MAX_TIMEOUT_SCALE = 6; // Cap at 6x (60min task). Prevents 2h+ tasks from creating 120min+ timeout windows.
     const timeoutScale = estimateMinutes && estimateMinutes > 0
-        ? Math.max(1, estimateMinutes / 10) // 10min task = 1x, 30min = 3x, 2h = 12x
+        ? Math.min(MAX_TIMEOUT_SCALE, Math.max(1, estimateMinutes / 10))
         : 1;
     const softTimeoutMs = (supervisor.soft_timeout_minutes ?? 0) * 60 * 1000 * timeoutScale;
     const idleTimeoutMs = (supervisor.idle_timeout_minutes ?? 0) * 60 * 1000; // idle not scaled — idle is idle

package/dist/resources/extensions/gsd/bootstrap/db-tools.js

@@ -678,8 +678,11 @@ export function registerDbTools(pi) {
             };
         }
         try {
+            // Coerce string items to objects for verificationEvidence (#3541).
+            const coerced = { ...params };
+            coerced.verificationEvidence = (params.verificationEvidence ?? []).map((v) => typeof v === "string" ? { command: v, exitCode: -1, verdict: "unknown (coerced from string)", durationMs: 0 } : v);
             const { handleCompleteTask } = await import("../tools/complete-task.js");
-            const result = await handleCompleteTask(params, process.cwd());
+            const result = await handleCompleteTask(coerced, process.cwd());
             if ("error" in result) {
                 return {
                     content: [{ type: "text", text: `Error completing task: ${result.error}` }],
@@ -733,12 +736,15 @@ export function registerDbTools(pi) {
             keyFiles: Type.Optional(Type.Array(Type.String(), { description: "List of key files created or modified" })),
             keyDecisions: Type.Optional(Type.Array(Type.String(), { description: "List of key decisions made during this task" })),
             blockerDiscovered: Type.Optional(Type.Boolean({ description: "Whether a plan-invalidating blocker was discovered" })),
-            verificationEvidence: Type.Optional(Type.Array(Type.Object({
-                command: Type.String({ description: "Verification command that was run" }),
-                exitCode: Type.Number({ description: "Exit code of the command" }),
-                verdict: Type.String({ description: "Pass/fail verdict (e.g. '✅ pass', '❌ fail')" }),
-                durationMs: Type.Number({ description: "Duration of the command in milliseconds" }),
-            }), { description: "Array of verification evidence entries" })),
+            verificationEvidence: Type.Optional(Type.Array(Type.Union([
+                Type.Object({
+                    command: Type.String({ description: "Verification command that was run" }),
+                    exitCode: Type.Number({ description: "Exit code of the command" }),
+                    verdict: Type.String({ description: "Pass/fail verdict (e.g. '✅ pass', '❌ fail')" }),
+                    durationMs: Type.Number({ description: "Duration of the command in milliseconds" }),
+                }),
+                Type.String({ description: "Fallback: verification summary string" }),
+            ]), { description: "Array of verification evidence entries" })),
         }),
         execute: taskCompleteExecute,
     };
@@ -754,8 +760,46 @@ export function registerDbTools(pi) {
             };
         }
         try {
+            // Coerce string items to objects for fields where LLMs sometimes pass
+            // plain strings instead of the expected { key, value } shape (#3541).
+            // Parses "key — value" or "key - value" format when possible.
+            const splitPair = (s) => {
+                const m = s.match(/^(.+?)\s*(?:—|-)\s+(.+)$/);
+                return m ? [m[1].trim(), m[2].trim()] : [s.trim(), ""];
+            };
+            const coerced = { ...params };
+            coerced.filesModified = (params.filesModified ?? []).map((f) => {
+                if (typeof f !== "string")
+                    return f;
+                const [path, description] = splitPair(f);
+                return { path, description };
+            });
+            coerced.requires = (params.requires ?? []).map((r) => {
+                if (typeof r !== "string")
+                    return r;
+                const [slice, provides] = splitPair(r);
+                return { slice, provides };
+            });
+            coerced.requirementsAdvanced = (params.requirementsAdvanced ?? []).map((r) => {
+                if (typeof r !== "string")
+                    return r;
+                const [id, how] = splitPair(r);
+                return { id, how };
+            });
+            coerced.requirementsValidated = (params.requirementsValidated ?? []).map((r) => {
+                if (typeof r !== "string")
+                    return r;
+                const [id, proof] = splitPair(r);
+                return { id, proof };
+            });
+            coerced.requirementsInvalidated = (params.requirementsInvalidated ?? []).map((r) => {
+                if (typeof r !== "string")
+                    return r;
+                const [id, what] = splitPair(r);
+                return { id, what };
+            });
             const { handleCompleteSlice } = await import("../tools/complete-slice.js");
-            const result = await handleCompleteSlice(params, process.cwd());
+            const result = await handleCompleteSlice(coerced, process.cwd());
             if ("error" in result) {
                 return {
                     content: [{ type: "text", text: `Error completing slice: ${result.error}` }],
@@ -815,26 +859,41 @@ export function registerDbTools(pi) {
             requirementsSurfaced: Type.Optional(Type.Array(Type.String(), { description: "New requirements surfaced" })),
             drillDownPaths: Type.Optional(Type.Array(Type.String(), { description: "Paths to task summaries for drill-down" })),
             affects: Type.Optional(Type.Array(Type.String(), { description: "Downstream slices affected" })),
-            requirementsAdvanced: Type.Optional(Type.Array(Type.Object({
-                id: Type.String({ description: "Requirement ID" }),
-                how: Type.String({ description: "How it was advanced" }),
-            }), { description: "Requirements advanced by this slice" })),
-            requirementsValidated: Type.Optional(Type.Array(Type.Object({
-                id: Type.String({ description: "Requirement ID" }),
-                proof: Type.String({ description: "What proof validates it" }),
-            }), { description: "Requirements validated by this slice" })),
-            requirementsInvalidated: Type.Optional(Type.Array(Type.Object({
-                id: Type.String({ description: "Requirement ID" }),
-                what: Type.String({ description: "What changed" }),
-            }), { description: "Requirements invalidated or re-scoped" })),
-            filesModified: Type.Optional(Type.Array(Type.Object({
-                path: Type.String({ description: "File path" }),
-                description: Type.String({ description: "What changed" }),
-            }), { description: "Files modified with descriptions" })),
-            requires: Type.Optional(Type.Array(Type.Object({
-                slice: Type.String({ description: "Dependency slice ID" }),
-                provides: Type.String({ description: "What was consumed from it" }),
-            }), { description: "Upstream slice dependencies consumed" })),
+            requirementsAdvanced: Type.Optional(Type.Array(Type.Union([
+                Type.Object({
+                    id: Type.String({ description: "Requirement ID" }),
+                    how: Type.String({ description: "How it was advanced" }),
+                }),
+                Type.String({ description: "Fallback: 'ID — how' string" }),
+            ]), { description: "Requirements advanced by this slice" })),
+            requirementsValidated: Type.Optional(Type.Array(Type.Union([
+                Type.Object({
+                    id: Type.String({ description: "Requirement ID" }),
+                    proof: Type.String({ description: "What proof validates it" }),
+                }),
+                Type.String({ description: "Fallback: 'ID — proof' string" }),
+            ]), { description: "Requirements validated by this slice" })),
+            requirementsInvalidated: Type.Optional(Type.Array(Type.Union([
+                Type.Object({
+                    id: Type.String({ description: "Requirement ID" }),
+                    what: Type.String({ description: "What changed" }),
+                }),
+                Type.String({ description: "Fallback: 'ID — what' string" }),
+            ]), { description: "Requirements invalidated or re-scoped" })),
+            filesModified: Type.Optional(Type.Array(Type.Union([
+                Type.Object({
+                    path: Type.String({ description: "File path" }),
+                    description: Type.String({ description: "What changed" }),
+                }),
+                Type.String({ description: "Fallback: file path string" }),
+            ]), { description: "Files modified with descriptions" })),
+            requires: Type.Optional(Type.Array(Type.Union([
+                Type.Object({
+                    slice: Type.String({ description: "Dependency slice ID" }),
+                    provides: Type.String({ description: "What was consumed from it" }),
+                }),
+                Type.String({ description: "Fallback: slice ID string" }),
+            ]), { description: "Upstream slice dependencies consumed" })),
         }),
         execute: sliceCompleteExecute,
     };

package/dist/resources/extensions/gsd/bootstrap/register-hooks.js

@@ -15,6 +15,9 @@ import { isParallelActive, shutdownParallel } from "../parallel-orchestrator.js"
 import { checkToolCallLoop, resetToolCallLoopGuard } from "./tool-call-loop-guard.js";
 import { saveActivityLog } from "../activity-log.js";
 import { resetAskUserQuestionsCache } from "../../ask-user-questions.js";
+import { recordToolCall as safetyRecordToolCall, recordToolResult as safetyRecordToolResult } from "../safety/evidence-collector.js";
+import { classifyCommand } from "../safety/destructive-guard.js";
+import { logWarning as safetyLogWarning } from "../workflow-logger.js";
 // Skip the welcome screen on the very first session_start — cli.ts already
 // printed it before the TUI launched. Only re-print on /clear (subsequent sessions).
 let isFirstSession = true;
@@ -187,6 +190,22 @@ export function registerHooks(pi) {
         if (result.block)
             return result;
     });
+    // ── Safety harness: evidence collection + destructive command warnings ──
+    pi.on("tool_call", async (event, ctx) => {
+        if (!isAutoActive())
+            return;
+        safetyRecordToolCall(event.toolName, event.input);
+        // Destructive command classification (warn only, never block)
+        if (isToolCallEventType("bash", event)) {
+            const classification = classifyCommand(event.input.command);
+            if (classification.destructive) {
+                safetyLogWarning("safety", `destructive command: ${classification.labels.join(", ")}`, {
+                    command: String(event.input.command).slice(0, 200),
+                });
+                ctx.ui.notify(`Destructive command detected: ${classification.labels.join(", ")}`, "warning");
+            }
+        }
+    });
     pi.on("tool_result", async (event) => {
         if (event.toolName !== "ask_user_questions")
             return;
@@ -251,6 +270,10 @@ export function registerHooks(pi) {
                 : (typeof event.result?.content?.[0]?.text === "string" ? event.result.content[0].text : String(event.result));
             recordToolInvocationError(event.toolName, errorText);
         }
+        // Safety harness: record tool execution results for evidence cross-referencing
+        if (isAutoActive()) {
+            safetyRecordToolResult(event.toolCallId, event.toolName, event.result, event.isError);
+        }
     });
     pi.on("model_select", async (_event, ctx) => {
         await syncServiceTierStatus(ctx);

package/dist/resources/extensions/gsd/bootstrap/system-context.js

@@ -3,9 +3,10 @@ import { homedir } from "node:os";
 import { join } from "node:path";
 import { logWarning } from "../workflow-logger.js";
 import { debugTime } from "../debug-logger.js";
-import { loadPrompt } from "../prompt-loader.js";
+import { loadPrompt, getTemplatesDir } from "../prompt-loader.js";
 import { readForensicsMarker } from "../forensics.js";
 import { resolveAllSkillReferences, renderPreferencesForSystemPrompt, loadEffectiveGSDPreferences } from "../preferences.js";
+import { resolveSkillReference } from "../preferences-skills.js";
 import { resolveGsdRootFile, resolveSliceFile, resolveSlicePath, resolveTaskFile, resolveTaskFiles, resolveTasksDir, relSliceFile, relSlicePath, relTaskFile } from "../paths.js";
 import { hasSkillSnapshot, detectNewSkills, formatSkillsXml } from "../skill-discovery.js";
 import { getActiveAutoWorktreeContext } from "../auto-worktree.js";
@@ -15,6 +16,30 @@ import { formatOverridesSection, loadActiveOverrides, loadFile, parseContinue, p
 import { toPosixPath } from "../../shared/mod.js";
 import { markCmuxPromptShown, shouldPromptToEnableCmux } from "../../cmux/index.js";
 const gsdHome = process.env.GSD_HOME || join(homedir(), ".gsd");
+/**
+ * Bundled skill triggers — resolved dynamically at runtime instead of
+ * hardcoding absolute paths in the system prompt template. Only skills
+ * that actually exist on disk are included in the table. (#3575)
+ */
+const BUNDLED_SKILL_TRIGGERS = [
+    { trigger: "Frontend UI - web components, pages, landing pages, dashboards, React/HTML/CSS, styling", skill: "frontend-design" },
+    { trigger: "macOS or iOS apps - SwiftUI, Xcode, App Store", skill: "swiftui" },
+    { trigger: "Debugging - complex bugs, failing tests, root-cause investigation after standard approaches fail", skill: "debug-like-expert" },
+];
+function buildBundledSkillsTable() {
+    const cwd = process.cwd();
+    const rows = [];
+    for (const { trigger, skill } of BUNDLED_SKILL_TRIGGERS) {
+        const resolution = resolveSkillReference(skill, cwd);
+        if (resolution.method === "unresolved")
+            continue; // skill not installed — omit from prompt
+        rows.push(`| ${trigger} | \`${resolution.resolvedPath}\` |`);
+    }
+    if (rows.length === 0) {
+        return "*No bundled skills found. Install skills to `~/.agents/skills/` or `~/.claude/skills/`.*";
+    }
+    return `| Trigger | Skill to load |\n|---|---|\n${rows.join("\n")}`;
+}
 function warnDeprecatedAgentInstructions() {
     const paths = [
         join(gsdHome, "agent-instructions.md"),
@@ -32,7 +57,10 @@ export async function buildBeforeAgentStartResult(event, ctx) {
     if (!existsSync(join(process.cwd(), ".gsd")))
         return undefined;
     const stopContextTimer = debugTime("context-inject");
-    const systemContent = loadPrompt("system");
+    const systemContent = loadPrompt("system", {
+        bundledSkillsTable: buildBundledSkillsTable(),
+        templatesDir: getTemplatesDir(),
+    });
     const loadedPreferences = loadEffectiveGSDPreferences();
     if (shouldPromptToEnableCmux(loadedPreferences?.preferences)) {
         markCmuxPromptShown();

package/dist/resources/extensions/gsd/preferences-types.js

@@ -75,6 +75,7 @@ export const KNOWN_PREFERENCE_KEYS = new Set([
     "experimental",
     "codebase",
     "slice_parallel",
+    "safety_harness",
 ]);
 /** Canonical list of all dispatch unit types. */
 export const KNOWN_UNIT_TYPES = [

package/dist/resources/extensions/gsd/prompt-loader.js

@@ -47,6 +47,13 @@ function resolveExtensionDir() {
 const __extensionDir = resolveExtensionDir();
 const promptsDir = join(__extensionDir, "prompts");
 const templatesDir = join(__extensionDir, "templates");
+/**
+ * Return the resolved templates directory path for use in prompts.
+ * Avoids hardcoding `~/.gsd/agent/extensions/gsd/templates/` in templates. (#3575)
+ */
+export function getTemplatesDir() {
+    return templatesDir;
+}
 // Cache all templates eagerly at module load — a running session uses the
 // template versions that were on disk at startup, immune to later overwrites.
 const templateCache = new Map();

package/dist/resources/extensions/gsd/prompts/system.md

@@ -24,13 +24,9 @@ Leave the project in a state where the next agent can immediately understand wha
 
 ## Skills
 
-GSD ships with bundled skills. Load the relevant skill file with the `read` tool before starting work when the task matches.
+GSD ships with bundled skills. Load the relevant skill file with the `read` tool before starting work when the task matches. Use bare skill names — GSD resolves them to the correct path automatically.
 
-| Trigger | Skill to load |
-|---|---|
-| Frontend UI - web components, pages, landing pages, dashboards, React/HTML/CSS, styling | `~/.gsd/agent/skills/frontend-design/SKILL.md` |
-| macOS or iOS apps - SwiftUI, Xcode, App Store | `~/.gsd/agent/skills/swiftui/SKILL.md` |
-| Debugging - complex bugs, failing tests, root-cause investigation after standard approaches fail | `~/.gsd/agent/skills/debug-like-expert/SKILL.md` |
+{{bundledSkillsTable}}
 
 ## Hard Rules
 
@@ -119,7 +115,7 @@ In all modes, slices commit sequentially on the active branch; there are no per-
 ### Artifact Templates
 
 Templates showing the expected format for each artifact type are in:
-`~/.gsd/agent/extensions/gsd/templates/`
+`{{templatesDir}}`
 
 **Always read the relevant template before writing an artifact** to match the expected structure exactly. The parsers that read these files depend on specific formatting: