npm - gsd-pi - Versions diffs - 2.63.0-dev.351157b → 2.63.0-dev.d04bbc5 - Mend

gsd-pi 2.63.0-dev.351157b → 2.63.0-dev.d04bbc5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/src/resources/extensions/gsd/safety/content-validator.ts ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Lightweight content validator for auto-mode safety harness.
+ * Validates that high-value unit outputs contain minimum expected content.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { logWarning } from "../workflow-logger.js";
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface ContentViolation {
+  severity: "warning";
+  reason: string;
+}
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Validate content quality for a completed unit.
+ * Returns an array of violations. Empty array = content looks acceptable.
+ *
+ * @param unitType - The type of unit that completed (e.g. "plan-slice")
+ * @param artifactPath - Absolute path to the primary artifact file
+ */
+export function validateContent(
+  unitType: string,
+  artifactPath: string | null,
+): ContentViolation[] {
+  if (!artifactPath || !existsSync(artifactPath)) return [];
+  const validator = VALIDATORS[unitType];
+  if (!validator) return [];
+  try {
+    const content = readFileSync(artifactPath, "utf-8");
+    return validator(content);
+  } catch (e) {
+    logWarning("safety", `content validation read failed: ${(e as Error).message}`);
+    return [];
+  }
+}
+// ─── Validators ─────────────────────────────────────────────────────────────
+type ContentValidatorFn = (content: string) => ContentViolation[];
+const VALIDATORS: Record<string, ContentValidatorFn> = {
+  "plan-slice": validatePlanSlice,
+  "plan-milestone": validatePlanMilestone,
+};
+function validatePlanSlice(content: string): ContentViolation[] {
+  const violations: ContentViolation[] = [];
+  // Must have at least 2 task entries (checkbox pattern)
+  const taskCount = (content.match(/- \[[ x]\] \*\*T\d+/g) || []).length;
+  if (taskCount < 2) {
+    violations.push({
+      severity: "warning",
+      reason: `Slice plan has only ${taskCount} task(s) — expected at least 2`,
+    });
+  }
+  // Should have a Files Likely Touched section
+  if (!content.includes("## Files Likely Touched") && !content.includes("## Files")) {
+    violations.push({
+      severity: "warning",
+      reason: "Slice plan missing 'Files Likely Touched' section",
+    });
+  }
+  // Should have a verification section
+  if (!content.includes("Verify") && !content.includes("verify")) {
+    violations.push({
+      severity: "warning",
+      reason: "Slice plan has no verification instructions",
+    });
+  }
+  return violations;
+}
+function validatePlanMilestone(content: string): ContentViolation[] {
+  const violations: ContentViolation[] = [];
+  // Must have at least 1 slice entry
+  const sliceCount = (content.match(/##\s+S\d+/g) || []).length;
+  if (sliceCount < 1) {
+    violations.push({
+      severity: "warning",
+      reason: `Milestone roadmap has ${sliceCount} slice(s) — expected at least 1`,
+    });
+  }
+  return violations;
+}

package/src/resources/extensions/gsd/safety/destructive-guard.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Destructive command classifier for auto-mode safety harness.
+ * Classifies bash commands and warns on potentially destructive operations.
+ * Does NOT block — only classifies for logging/notification.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+// ─── Pattern Definitions ────────────────────────────────────────────────────
+interface DestructivePattern {
+  pattern: RegExp;
+  label: string;
+}
+const DESTRUCTIVE_PATTERNS: readonly DestructivePattern[] = [
+  { pattern: /\brm\s+(-[^\s]*[rfRF][^\s]*\s+|.*\s+-[^\s]*[rfRF])/, label: "recursive delete" },
+  { pattern: /\bgit\s+push\s+.*--force/, label: "force push" },
+  { pattern: /\bgit\s+push\s+-f\b/, label: "force push" },
+  { pattern: /\bgit\s+reset\s+--hard/, label: "hard reset" },
+  { pattern: /\bgit\s+clean\s+-[^\s]*[fdxFDX]/, label: "git clean" },
+  { pattern: /\bgit\s+checkout\s+--\s+\./, label: "discard all changes" },
+  { pattern: /\bdrop\s+(database|table|index)\b/i, label: "SQL drop" },
+  { pattern: /\btruncate\s+table\b/i, label: "SQL truncate" },
+  { pattern: /\bchmod\s+777\b/, label: "world-writable permissions" },
+  { pattern: /\bcurl\s.*\|\s*(bash|sh|zsh)\b/, label: "pipe to shell" },
+];
+// ─── Public API ─────────────────────────────────────────────────────────────
+export interface CommandClassification {
+  destructive: boolean;
+  labels: string[];
+}
+/**
+ * Classify a bash command for destructive operations.
+ * Returns the list of matched destructive pattern labels.
+ */
+export function classifyCommand(command: string): CommandClassification {
+  const labels: string[] = [];
+  for (const { pattern, label } of DESTRUCTIVE_PATTERNS) {
+    if (pattern.test(command)) {
+      // Deduplicate labels (e.g., two force-push patterns)
+      if (!labels.includes(label)) labels.push(label);
+    }
+  }
+  return { destructive: labels.length > 0, labels };
+}

package/src/resources/extensions/gsd/safety/evidence-collector.ts ADDED Viewed

@@ -0,0 +1,151 @@
+/**
+ * Real-time tool call evidence collector for auto-mode safety harness.
+ * Tracks every bash command, file write, and file edit during a unit execution.
+ * Evidence is compared against LLM completion claims in evidence-cross-ref.ts.
+ *
+ * Follows the same module-level Map pattern as auto-tool-tracking.ts.
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface BashEvidence {
+  kind: "bash";
+  toolCallId: string;
+  command: string;
+  exitCode: number;
+  outputSnippet: string;
+  timestamp: number;
+}
+export interface FileWriteEvidence {
+  kind: "write";
+  toolCallId: string;
+  path: string;
+  timestamp: number;
+}
+export interface FileEditEvidence {
+  kind: "edit";
+  toolCallId: string;
+  path: string;
+  timestamp: number;
+}
+export type EvidenceEntry = BashEvidence | FileWriteEvidence | FileEditEvidence;
+// ─── Module State ───────────────────────────────────────────────────────────
+let unitEvidence: EvidenceEntry[] = [];
+// ─── Public API ─────────────────────────────────────────────────────────────
+/** Reset all evidence for a new unit. Call at unit start. */
+export function resetEvidence(): void {
+  unitEvidence = [];
+}
+/** Get a read-only view of all evidence collected for the current unit. */
+export function getEvidence(): readonly EvidenceEntry[] {
+  return unitEvidence;
+}
+/** Get only bash evidence entries. */
+export function getBashEvidence(): readonly BashEvidence[] {
+  return unitEvidence.filter((e): e is BashEvidence => e.kind === "bash");
+}
+/** Get all file paths touched (write + edit). */
+export function getFilePaths(): string[] {
+  return unitEvidence
+    .filter((e): e is FileWriteEvidence | FileEditEvidence => e.kind === "write" || e.kind === "edit")
+    .map(e => e.path);
+}
+// ─── Recording (called from register-hooks.ts) ─────────────────────────────
+/**
+ * Record a tool call at dispatch time (before execution).
+ * Exit codes and output are filled in by recordToolResult after execution.
+ */
+export function recordToolCall(toolName: string, input: Record<string, unknown>): void {
+  if (toolName === "bash" || toolName === "Bash") {
+    unitEvidence.push({
+      kind: "bash",
+      toolCallId: "",
+      command: String(input.command ?? ""),
+      exitCode: -1,
+      outputSnippet: "",
+      timestamp: Date.now(),
+    });
+  } else if (toolName === "write" || toolName === "Write") {
+    unitEvidence.push({
+      kind: "write",
+      toolCallId: "",
+      path: String(input.file_path ?? input.path ?? ""),
+      timestamp: Date.now(),
+    });
+  } else if (toolName === "edit" || toolName === "Edit") {
+    unitEvidence.push({
+      kind: "edit",
+      toolCallId: "",
+      path: String(input.file_path ?? input.path ?? ""),
+      timestamp: Date.now(),
+    });
+  }
+}
+/**
+ * Record a tool execution result. Matches the most recent unresolved entry
+ * of the same kind and fills in the toolCallId, exit code, and output.
+ */
+export function recordToolResult(
+  toolCallId: string,
+  toolName: string,
+  result: unknown,
+  isError: boolean,
+): void {
+  const normalizedName = toolName.toLowerCase();
+  if (normalizedName === "bash") {
+    const entry = findLastUnresolved("bash") as BashEvidence | undefined;
+    if (entry) {
+      entry.toolCallId = toolCallId;
+      const text = extractResultText(result);
+      entry.outputSnippet = text.slice(0, 500);
+      const exitMatch = text.match(/Command exited with code (\d+)/);
+      entry.exitCode = exitMatch ? Number(exitMatch[1]) : (isError ? 1 : 0);
+    }
+  } else if (normalizedName === "write" || normalizedName === "edit") {
+    const entry = findLastUnresolved(normalizedName as "write" | "edit");
+    if (entry) {
+      entry.toolCallId = toolCallId;
+    }
+  }
+}
+// ─── Internals ──────────────────────────────────────────────────────────────
+function findLastUnresolved(kind: string): EvidenceEntry | undefined {
+  for (let i = unitEvidence.length - 1; i >= 0; i--) {
+    if (unitEvidence[i].kind === kind && unitEvidence[i].toolCallId === "") {
+      return unitEvidence[i];
+    }
+  }
+  return undefined;
+}
+function extractResultText(result: unknown): string {
+  if (typeof result === "string") return result;
+  if (result && typeof result === "object") {
+    const r = result as Record<string, unknown>;
+    if (Array.isArray(r.content)) {
+      const textBlock = r.content.find(
+        (c: unknown) => typeof c === "object" && c !== null && (c as Record<string, unknown>).type === "text",
+      ) as Record<string, unknown> | undefined;
+      if (textBlock && typeof textBlock.text === "string") return textBlock.text;
+    }
+    if (typeof r.text === "string") return r.text;
+  }
+  return String(result ?? "");
+}

package/src/resources/extensions/gsd/safety/evidence-cross-ref.ts ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * Evidence cross-reference for auto-mode safety harness.
+ * Compares the LLM's claimed verification evidence (command + exitCode)
+ * against actual bash tool calls recorded by the evidence collector.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import type { BashEvidence, EvidenceEntry } from "./evidence-collector.js";
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface ClaimedEvidence {
+  command: string;
+  exitCode: number;
+  verdict: string;
+}
+export interface EvidenceMismatch {
+  severity: "warning" | "error";
+  claimed: ClaimedEvidence;
+  actual: BashEvidence | null;
+  reason: string;
+}
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Cross-reference claimed verification evidence against actual bash tool calls.
+ *
+ * Returns an array of mismatches. Empty array = all claims verified.
+ * Skips entries that were coerced from strings (already flagged by db-tools.ts).
+ */
+export function crossReferenceEvidence(
+  claimedEvidence: readonly ClaimedEvidence[],
+  actualEvidence: readonly EvidenceEntry[],
+): EvidenceMismatch[] {
+  const bashCalls = actualEvidence.filter(
+    (e): e is BashEvidence => e.kind === "bash",
+  );
+  const mismatches: EvidenceMismatch[] = [];
+  for (const claimed of claimedEvidence) {
+    // Skip coerced entries — they're already flagged with exitCode: -1
+    // and verdict: "unknown (coerced from string)" by db-tools.ts
+    if (claimed.verdict?.includes("coerced from string")) continue;
+    if (claimed.exitCode === -1) continue;
+    // Skip entries with empty or generic commands
+    if (!claimed.command || claimed.command.length < 3) continue;
+    // Find matching bash call by command substring match
+    const match = findBestMatch(claimed.command, bashCalls);
+    if (!match) {
+      mismatches.push({
+        severity: "warning",
+        claimed,
+        actual: null,
+        reason: `No bash tool call found matching "${claimed.command.slice(0, 80)}"`,
+      });
+      continue;
+    }
+    // Exit code mismatch: LLM claims success but actual command failed
+    if (claimed.exitCode === 0 && match.exitCode !== 0) {
+      mismatches.push({
+        severity: "error",
+        claimed,
+        actual: match,
+        reason: `Claimed exitCode=0 but actual exitCode=${match.exitCode}`,
+      });
+    }
+  }
+  return mismatches;
+}
+// ─── Internals ──────────────────────────────────────────────────────────────
+/**
+ * Find the best matching bash evidence entry for a claimed command.
+ * Uses substring matching — the claimed command may be a shortened version
+ * of the actual command, or vice versa.
+ */
+function findBestMatch(
+  claimedCommand: string,
+  bashCalls: readonly BashEvidence[],
+): BashEvidence | null {
+  const normalized = claimedCommand.trim();
+  // Exact match first
+  const exact = bashCalls.find(b => b.command.trim() === normalized);
+  if (exact) return exact;
+  // Substring match: claimed is contained in actual or actual in claimed
+  const substring = bashCalls.find(
+    b => b.command.includes(normalized) || normalized.includes(b.command),
+  );
+  if (substring) return substring;
+  // Token match: split on whitespace and check significant overlap
+  const claimedTokens = normalized.split(/\s+/).filter(t => t.length > 2);
+  if (claimedTokens.length === 0) return null;
+  let bestMatch: BashEvidence | null = null;
+  let bestScore = 0;
+  for (const call of bashCalls) {
+    const callTokens = new Set(call.command.split(/\s+/));
+    const matchCount = claimedTokens.filter(t => callTokens.has(t)).length;
+    const score = matchCount / claimedTokens.length;
+    if (score > bestScore && score >= 0.5) {
+      bestScore = score;
+      bestMatch = call;
+    }
+  }
+  return bestMatch;
+}

package/src/resources/extensions/gsd/safety/file-change-validator.ts ADDED Viewed

@@ -0,0 +1,108 @@
+/**
+ * Post-unit file change validator for auto-mode safety harness.
+ * Compares actual git diff against the task plan's expected output files.
+ *
+ * Uses tasks.expected_output (DB column, populated from per-task ## Expected Output)
+ * and tasks.files (from slice PLAN.md - Files: subline) as the expected set.
+ * Compares against git diff HEAD~1 --name-only after auto-commit.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import { execFileSync } from "node:child_process";
+import { logWarning } from "../workflow-logger.js";
+// ─── Types ──────────────────────────────────────────────────────────────────
+export interface FileViolation {
+  severity: "info" | "warning";
+  file: string;
+  reason: string;
+}
+export interface FileChangeAudit {
+  expectedFiles: string[];
+  actualFiles: string[];
+  unexpectedFiles: string[];
+  missingFiles: string[];
+  violations: FileViolation[];
+}
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Validate file changes after auto-commit for an execute-task unit.
+ * Returns null if task data is unavailable or DB is not loaded.
+ *
+ * @param basePath - Working directory (worktree or project root)
+ * @param expectedOutput - JSON array from tasks.expected_output DB column
+ * @param plannedFiles - JSON array from tasks.files DB column
+ */
+export function validateFileChanges(
+  basePath: string,
+  expectedOutput: string[],
+  plannedFiles: string[],
+): FileChangeAudit | null {
+  const allExpected = new Set([...expectedOutput, ...plannedFiles]);
+  // If no expected files were planned, skip validation
+  if (allExpected.size === 0) return null;
+  // Get actual changed files from last commit
+  const actualFiles = getChangedFilesFromLastCommit(basePath);
+  if (!actualFiles) return null;
+  // Filter out .gsd/ internal files — only validate project source files
+  const projectFiles = actualFiles.filter(f => !f.startsWith(".gsd/") && !f.startsWith(".gsd\\"));
+  // Normalize expected paths (strip leading ./ or /)
+  const normalizedExpected = new Set(
+    [...allExpected].map(f => f.replace(/^\.\//, "").replace(/^\//, "")),
+  );
+  // Compute symmetric difference
+  const unexpectedFiles = projectFiles.filter(f => !normalizedExpected.has(f));
+  const missingFiles = [...normalizedExpected].filter(f => !projectFiles.includes(f));
+  const violations: FileViolation[] = [];
+  for (const f of unexpectedFiles) {
+    violations.push({
+      severity: "warning",
+      file: f,
+      reason: "Modified but not in task plan's expected output",
+    });
+  }
+  for (const f of missingFiles) {
+    violations.push({
+      severity: "info",
+      file: f,
+      reason: "Listed in task plan but not modified",
+    });
+  }
+  return {
+    expectedFiles: [...normalizedExpected],
+    actualFiles: projectFiles,
+    unexpectedFiles,
+    missingFiles,
+    violations,
+  };
+}
+// ─── Internals ──────────────────────────────────────────────────────────────
+function getChangedFilesFromLastCommit(basePath: string): string[] | null {
+  try {
+    const result = execFileSync(
+      "git",
+      ["diff", "--name-only", "HEAD~1", "HEAD"],
+      { cwd: basePath, stdio: ["ignore", "pipe", "pipe"], encoding: "utf-8" },
+    ).trim();
+    return result ? result.split("\n").filter(Boolean) : [];
+  } catch (e) {
+    logWarning("safety", `git diff failed in file-change-validator: ${(e as Error).message}`);
+    return null;
+  }
+}

package/src/resources/extensions/gsd/safety/git-checkpoint.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * Pre-unit git checkpoint and rollback for auto-mode safety harness.
+ * Uses the existing refs/gsd/ namespace (already pruned by doctor).
+ *
+ * Creates a lightweight ref at HEAD before unit execution. On failure,
+ * the ref can be used to rollback the branch to the pre-unit state.
+ *
+ * Copyright (c) 2026 Jeremy McSpadden <jeremy@fluxlabs.net>
+ */
+import { execFileSync } from "node:child_process";
+import { logWarning } from "../workflow-logger.js";
+// ─── Constants ──────────────────────────────────────────────────────────────
+const CHECKPOINT_PREFIX = "refs/gsd/checkpoints/";
+// ─── Public API ─────────────────────────────────────────────────────────────
+/**
+ * Create a checkpoint ref at the current HEAD for the given unit.
+ * Returns the SHA of HEAD, or null if the operation fails.
+ */
+export function createCheckpoint(basePath: string, unitId: string): string | null {
+  try {
+    const sha = execFileSync("git", ["rev-parse", "HEAD"], {
+      cwd: basePath,
+      stdio: ["ignore", "pipe", "pipe"],
+      encoding: "utf-8",
+    }).trim();
+    if (!sha || sha.length < 7) return null;
+    // Sanitize unitId for use in ref path (replace / with -)
+    const safeUnitId = unitId.replace(/\//g, "-");
+    execFileSync("git", ["update-ref", `${CHECKPOINT_PREFIX}${safeUnitId}`, sha], {
+      cwd: basePath,
+      stdio: ["ignore", "pipe", "pipe"],
+    });
+    return sha;
+  } catch (e) {
+    logWarning("safety", `checkpoint creation failed: ${(e as Error).message}`);
+    return null;
+  }
+}
+/**
+ * Rollback the current branch to a checkpoint SHA.
+ * Returns true on success, false on failure.
+ *
+ * WARNING: This is a destructive operation — it discards all changes
+ * since the checkpoint. Only call when the user has opted in via
+ * safety_harness.auto_rollback or an explicit manual trigger.
+ */
+export function rollbackToCheckpoint(
+  basePath: string,
+  unitId: string,
+  sha: string,
+): boolean {
+  try {
+    // Get current branch name
+    const branch = execFileSync("git", ["rev-parse", "--abbrev-ref", "HEAD"], {
+      cwd: basePath,
+      stdio: ["ignore", "pipe", "pipe"],
+      encoding: "utf-8",
+    }).trim();
+    if (!branch || branch === "HEAD") {
+      logWarning("safety", "rollback: detached HEAD state, cannot rollback");
+      return false;
+    }
+    // Reset branch pointer and working tree to checkpoint SHA in one step.
+    // Using `git reset --hard <sha>` works on the currently checked-out branch
+    // (unlike `git branch -f` which is rejected for checked-out branches).
+    execFileSync("git", ["reset", "--hard", sha], {
+      cwd: basePath,
+      stdio: ["ignore", "pipe", "pipe"],
+    });
+    // Cleanup checkpoint ref
+    cleanupCheckpoint(basePath, unitId);
+    return true;
+  } catch (e) {
+    logWarning("safety", `rollback failed: ${(e as Error).message}`);
+    return false;
+  }
+}
+/**
+ * Remove a checkpoint ref after successful unit completion.
+ */
+export function cleanupCheckpoint(basePath: string, unitId: string): void {
+  try {
+    const safeUnitId = unitId.replace(/\//g, "-");
+    execFileSync("git", ["update-ref", "-d", `${CHECKPOINT_PREFIX}${safeUnitId}`], {
+      cwd: basePath,
+      stdio: ["ignore", "pipe", "pipe"],
+    });
+  } catch {
+    // Non-fatal — ref may already have been cleaned up
+  }
+}