gsd-pi 2.66.1-dev.9a14d3d → 2.66.1-dev.e700a1b

package/dist/resources/extensions/ask-user-questions.js

@@ -58,6 +58,51 @@ export function questionSignature(questions) {
 export function resetAskUserQuestionsCache() {
     turnCache.clear();
 }
+/**
+ * Race a remote channel dispatch against the local TUI. The first to produce
+ * a valid (non-error, non-timeout) result wins. The loser is cancelled via
+ * the shared AbortController.
+ *
+ * If the local TUI responds first, the remote poll is aborted (the message
+ * stays in Discord/Slack but polling stops). If remote responds first, the
+ * local TUI prompt is cancelled.
+ *
+ * Returns null only when both sides fail or are cancelled.
+ */
+async function raceRemoteAndLocal(startRemote, startLocal, controller, questions) {
+    // Wrap local TUI result into the same shape as remote results
+    const localPromise = startLocal().then((result) => {
+        if (!result || Object.keys(result.answers).length === 0)
+            return null;
+        return {
+            content: [{ type: "text", text: formatForLLM(result) }],
+            details: { questions, response: result, cancelled: false },
+        };
+    }).catch(() => null);
+    const remotePromise = startRemote().then((result) => {
+        if (!result)
+            return null;
+        const details = result.details;
+        // Treat timeouts and errors as non-wins — let the local TUI win instead
+        if (details?.timed_out || details?.error)
+            return null;
+        return result;
+    }).catch(() => null);
+    // Race: first non-null result wins
+    const winner = await Promise.race([
+        localPromise.then((r) => r ? { source: "local", result: r } : null),
+        remotePromise.then((r) => r ? { source: "remote", result: r } : null),
+    ]);
+    if (winner) {
+        // Cancel the loser
+        controller.abort();
+        return winner.result;
+    }
+    // First to resolve was null — wait for the other
+    const [localResult, remoteResult] = await Promise.all([localPromise, remotePromise]);
+    controller.abort();
+    return localResult ?? remoteResult;
+}
 // ─── Helpers ──────────────────────────────────────────────────────────────────
 const OTHER_OPTION_LABEL = "None of the above";
 function errorResult(message, questions = []) {
@@ -116,19 +161,42 @@ export default function AskUserQuestions(pi) {
                     return errorResult(`Error: ask_user_questions requires non-empty options for every question (question "${q.id}" has none)`, params.questions);
                 }
             }
-            // Try remote first if configured (works in both interactive and headless modes).
-            // tryRemoteQuestions returns null when no remote channel is configured, so
-            // this is a no-op when the user has not set up Slack/Discord/Telegram.
-            const { tryRemoteQuestions } = await import("./remote-questions/manager.js");
-            const remoteResult = await tryRemoteQuestions(params.questions, signal);
-            if (remoteResult) {
-                // Cache successful remote results to prevent duplicate Discord dispatches
-                const remoteDetails = remoteResult.details;
-                if (remoteDetails && !remoteDetails.timed_out && !remoteDetails.error) {
-                    turnCache.set(sig, remoteResult);
+            // ── Routing: race remote + local, remote-only, or local-only ────────
+            const { tryRemoteQuestions, isRemoteConfigured } = await import("./remote-questions/manager.js");
+            const hasRemote = isRemoteConfigured();
+            // Case 1: Both remote and local UI available — race them.
+            // The first response wins; the loser is cancelled via AbortController.
+            if (hasRemote && ctx.hasUI) {
+                const raceController = new AbortController();
+                // Merge the parent signal so external cancellation propagates.
+                const onParentAbort = () => raceController.abort();
+                signal?.addEventListener("abort", onParentAbort, { once: true });
+                const raceSignal = raceController.signal;
+                const raceResult = await raceRemoteAndLocal(() => tryRemoteQuestions(params.questions, raceSignal), () => showInterviewRound(params.questions, {}, ctx), raceController, params.questions);
+                signal?.removeEventListener("abort", onParentAbort);
+                if (raceResult) {
+                    const details = raceResult.details;
+                    if (details && !details.timed_out && !details.error && !details.cancelled) {
+                        turnCache.set(sig, raceResult);
+                    }
+                    return { ...raceResult, details: raceResult.details };
+                }
+                // Both sides failed/cancelled — fall through to error
+                return errorResult("ask_user_questions: no response received from local UI or remote channel", params.questions);
+            }
+            // Case 2: Remote configured but no local UI (headless) — remote only.
+            if (hasRemote && !ctx.hasUI) {
+                const remoteResult = await tryRemoteQuestions(params.questions, signal);
+                if (remoteResult) {
+                    const remoteDetails = remoteResult.details;
+                    if (remoteDetails && !remoteDetails.timed_out && !remoteDetails.error) {
+                        turnCache.set(sig, remoteResult);
+                    }
+                    return { ...remoteResult, details: remoteResult.details };
                 }
-                return { ...remoteResult, details: remoteResult.details };
+                return errorResult("Error: remote channel configured but returned no result", params.questions);
             }
+            // Case 3: No remote — local UI only.
             if (!ctx.hasUI) {
                 return errorResult("Error: UI not available (non-interactive mode)", params.questions);
             }

package/dist/resources/extensions/gsd/auto-model-selection.js

@@ -252,8 +252,17 @@ export function resolveModelId(modelId, availableModels, currentProvider) {
         return undefined;
     if (candidates.length === 1)
         return candidates[0];
-    // Extension / CLI-wrapper providers that should never win bare-ID resolution
-    // when a first-class API provider also offers the same model.
+    // When the user's current provider is claude-code (set by startup migration
+    // or explicit selection), honour it for bare IDs.  Routing back to anthropic
+    // would undo the migration and hit the third-party subscription block (#3772).
+    if (currentProvider === "claude-code") {
+        const ccMatch = candidates.find(m => m.provider === "claude-code");
+        if (ccMatch)
+            return ccMatch;
+    }
+    // Extension / CLI-wrapper providers that should not win bare-ID resolution
+    // when a first-class API provider also offers the same model AND the user
+    // has not explicitly chosen the extension provider.
     const EXTENSION_PROVIDERS = new Set(["claude-code"]);
     // Prefer currentProvider only when it is a first-class API provider
     if (currentProvider && !EXTENSION_PROVIDERS.has(currentProvider)) {

package/dist/resources/extensions/gsd/bootstrap/register-hooks.js

@@ -3,7 +3,7 @@ import { isToolCallEventType } from "@gsd/pi-coding-agent";
 import { buildMilestoneFileName, resolveMilestonePath, resolveSliceFile, resolveSlicePath } from "../paths.js";
 import { buildBeforeAgentStartResult } from "./system-context.js";
 import { handleAgentEnd } from "./agent-end-recovery.js";
-import { clearDiscussionFlowState, isDepthVerified, isDepthConfirmationAnswer, isQueuePhaseActive, markDepthVerified, resetWriteGateState, shouldBlockContextWrite, shouldBlockQueueExecution } from "./write-gate.js";
+import { clearDiscussionFlowState, isDepthVerified, isDepthConfirmationAnswer, isQueuePhaseActive, markDepthVerified, resetWriteGateState, shouldBlockContextWrite, shouldBlockQueueExecution, setPendingGate, clearPendingGate, getPendingGate, shouldBlockPendingGate, shouldBlockPendingGateBash } from "./write-gate.js";
 import { isBlockedStateFile, isBashWriteToStateFile, BLOCKED_WRITE_ERROR } from "../write-intercept.js";
 import { cleanupQuickBranch } from "../quick.js";
 import { getDiscussionMilestoneId } from "../guided-flow.js";
@@ -159,6 +159,36 @@ export function registerHooks(pi) {
         if (loopCheck.block) {
             return { block: true, reason: loopCheck.reason };
         }
+        // ── Discussion gate enforcement: track pending questions ─────────
+        // During a discussion flow, EVERY ask_user_questions call matters.
+        // When ask_user_questions is called, mark it as pending. It stays
+        // pending until the user responds. This prevents the model from
+        // continuing if ask_user_questions fails, errors, or is cancelled.
+        if (event.toolName === "ask_user_questions") {
+            const milestoneId = getDiscussionMilestoneId();
+            const inDiscussion = milestoneId !== null || isQueuePhaseActive();
+            if (inDiscussion) {
+                const questions = event.input?.questions ?? [];
+                const questionId = questions[0]?.id ?? "ask_user_questions";
+                setPendingGate(typeof questionId === "string" ? questionId : "ask_user_questions");
+            }
+        }
+        // ── Discussion gate enforcement: block tool calls while gate is pending ──
+        // If ask_user_questions was called with a gate ID but hasn't been confirmed,
+        // block all non-read-only tool calls to prevent the model from skipping gates.
+        if (getPendingGate()) {
+            const milestoneId = getDiscussionMilestoneId();
+            if (isToolCallEventType("bash", event)) {
+                const bashGuard = shouldBlockPendingGateBash(event.input.command, milestoneId, isQueuePhaseActive());
+                if (bashGuard.block)
+                    return bashGuard;
+            }
+            else {
+                const gateGuard = shouldBlockPendingGate(event.toolName, milestoneId, isQueuePhaseActive());
+                if (gateGuard.block)
+                    return gateGuard;
+            }
+        }
         // ── Queue-mode execution guard (#2545): block source-code mutations ──
         // When /gsd queue is active, the agent should only create milestones,
         // not execute work. Block write/edit to non-.gsd/ paths and bash commands
@@ -225,9 +255,26 @@ export function registerHooks(pi) {
         if (!milestoneId && !queueActive)
             return;
         const details = event.details;
+        // ── Discussion gate enforcement: handle gate question responses ──
+        // If the result is cancelled or has no response, the pending gate stays active
+        // so the model is blocked from non-read-only tools until it re-asks.
+        // If the user responded at all (even "needs adjustment"), clear the pending gate
+        // because the user engaged — the prompt handles the re-ask-after-adjustment flow.
+        const questions = event.input?.questions ?? [];
+        const currentPendingGate = getPendingGate();
+        if (currentPendingGate) {
+            if (details?.cancelled || !details?.response) {
+                // Gate stays pending — model will be blocked from non-read-only tools
+                // until it re-asks and gets a valid response
+            }
+            else {
+                // User responded (confirmed or requested adjustment) — clear the pending gate.
+                // The prompt-level instructions handle the "needs adjustment" re-ask flow.
+                clearPendingGate();
+            }
+        }
         if (details?.cancelled || !details?.response)
             return;
-        const questions = event.input?.questions ?? [];
         for (const question of questions) {
             if (typeof question.id === "string" && question.id.includes("depth_verification")) {
                 // Only unlock the gate if the user selected the first option (confirmation).

package/dist/resources/extensions/gsd/bootstrap/write-gate.js

@@ -24,6 +24,37 @@ const QUEUE_SAFE_TOOLS = new Set([
 const BASH_READ_ONLY_RE = /^\s*(cat|head|tail|less|more|wc|file|stat|du|df|which|type|echo|printf|ls|find|grep|rg|awk|sed\b(?!.*-i)|sort|uniq|diff|comm|tr|cut|tee\s+-a\s+\/dev\/null|git\s+(log|show|diff|status|branch|tag|remote|rev-parse|ls-files|blame|shortlog|describe|stash\s+list|config\s+--get|cat-file)|gh\s+(issue|pr|api|repo|release)\s+(view|list|diff|status|checks)|mkdir\s+-p\s+\.gsd|rtk\s)/;
 let depthVerificationDone = false;
 let activeQueuePhase = false;
+/**
+ * Discussion gate enforcement state.
+ *
+ * When ask_user_questions is called with a recognized gate question ID,
+ * we track the pending gate. Until the gate is confirmed (user selects the
+ * first/recommended option), all non-read-only tool calls are blocked.
+ * This mechanically prevents the model from rationalizing past failed or
+ * cancelled gate questions.
+ */
+let pendingGateId = null;
+/**
+ * Recognized gate question ID patterns.
+ * These appear in both discuss-prepared.md (4-layer) and discuss.md (depth/requirements/roadmap).
+ */
+const GATE_QUESTION_PATTERNS = [
+    "layer1_scope_gate",
+    "layer2_architecture_gate",
+    "layer3_error_gate",
+    "layer4_quality_gate",
+    "depth_verification",
+];
+/**
+ * Tools that are safe to call while a gate is pending.
+ * Includes read-only tools and ask_user_questions itself (so the model can re-ask).
+ */
+const GATE_SAFE_TOOLS = new Set([
+    "ask_user_questions",
+    "read", "grep", "find", "ls", "glob",
+    "search-the-web", "resolve_library", "get_library_docs", "fetch_page",
+    "search_and_read",
+]);
 export function isDepthVerified() {
     return depthVerificationDone;
 }
@@ -35,14 +66,94 @@ export function setQueuePhaseActive(active) {
 }
 export function resetWriteGateState() {
     depthVerificationDone = false;
+    pendingGateId = null;
 }
 export function clearDiscussionFlowState() {
     depthVerificationDone = false;
     activeQueuePhase = false;
+    pendingGateId = null;
 }
 export function markDepthVerified() {
     depthVerificationDone = true;
 }
+/**
+ * Check whether a question ID matches a recognized gate pattern.
+ */
+export function isGateQuestionId(questionId) {
+    return GATE_QUESTION_PATTERNS.some(pattern => questionId.includes(pattern));
+}
+/**
+ * Mark a gate as pending (called when ask_user_questions is invoked with a gate ID).
+ */
+export function setPendingGate(gateId) {
+    pendingGateId = gateId;
+}
+/**
+ * Clear the pending gate (called when the user confirms).
+ */
+export function clearPendingGate() {
+    pendingGateId = null;
+}
+/**
+ * Get the currently pending gate, if any.
+ */
+export function getPendingGate() {
+    return pendingGateId;
+}
+/**
+ * Check whether a tool call should be blocked because a discussion gate
+ * is pending (ask_user_questions was called but not confirmed).
+ *
+ * Returns { block: true, reason } if the tool should be blocked.
+ * Read-only tools and ask_user_questions itself are always allowed.
+ */
+export function shouldBlockPendingGate(toolName, milestoneId, queuePhaseActive) {
+    if (!pendingGateId)
+        return { block: false };
+    const inDiscussion = milestoneId !== null;
+    const inQueue = queuePhaseActive ?? false;
+    if (!inDiscussion && !inQueue)
+        return { block: false };
+    if (GATE_SAFE_TOOLS.has(toolName))
+        return { block: false };
+    // Bash read-only commands are also safe
+    if (toolName === "bash")
+        return { block: false }; // bash is checked separately below
+    return {
+        block: true,
+        reason: [
+            `HARD BLOCK: Discussion gate "${pendingGateId}" has not been confirmed by the user.`,
+            `You MUST re-call ask_user_questions with the gate question before making any other tool calls.`,
+            `If the previous ask_user_questions call failed, errored, was cancelled, or the user's response`,
+            `did not match a provided option, you MUST re-ask — never rationalize past the block.`,
+            `Do NOT proceed, do NOT use alternative approaches, do NOT skip the gate.`,
+        ].join(" "),
+    };
+}
+/**
+ * Check whether a bash command should be blocked because a discussion gate is pending.
+ * Read-only bash commands are allowed; mutating commands are blocked.
+ */
+export function shouldBlockPendingGateBash(command, milestoneId, queuePhaseActive) {
+    if (!pendingGateId)
+        return { block: false };
+    const inDiscussion = milestoneId !== null;
+    const inQueue = queuePhaseActive ?? false;
+    if (!inDiscussion && !inQueue)
+        return { block: false };
+    // Allow read-only bash commands
+    if (BASH_READ_ONLY_RE.test(command))
+        return { block: false };
+    return {
+        block: true,
+        reason: [
+            `HARD BLOCK: Discussion gate "${pendingGateId}" has not been confirmed by the user.`,
+            `You MUST re-call ask_user_questions with the gate question before running mutating commands.`,
+            `If the previous ask_user_questions call failed, errored, was cancelled, or the user's response`,
+            `did not match a provided option, you MUST re-ask — never rationalize past the block.`,
+        ].join(" "),
+    };
+}
 /**
  * Check whether a depth_verification answer confirms the discussion is complete.
  * Uses structural validation: the selected answer must exactly match the first

package/dist/resources/extensions/gsd/codebase-generator.js

@@ -15,6 +15,10 @@ import { gsdRoot } from "./paths.js";
 const DEFAULT_EXCLUDES = [
     ".gsd/",
     ".planning/",
+    ".plans/",
+    ".claude/",
+    ".cursor/",
+    ".vscode/",
     ".git/",
     "node_modules/",
     "dist/",

package/dist/resources/extensions/gsd/detection.js

@@ -170,6 +170,12 @@ const TEST_MARKERS = [
 /** Directories skipped during bounded recursive project scans. */
 const RECURSIVE_SCAN_IGNORED_DIRS = new Set([
     ".git",
+    ".gsd",
+    ".planning",
+    ".plans",
+    ".claude",
+    ".cursor",
+    ".vscode",
     "node_modules",
     ".venv",
     "venv",

package/dist/resources/extensions/gsd/index.js

@@ -1,4 +1,4 @@
-export { isDepthConfirmationAnswer, isDepthVerified, isQueuePhaseActive, setQueuePhaseActive, shouldBlockContextWrite, shouldBlockQueueExecution, } from "./bootstrap/write-gate.js";
+export { isDepthConfirmationAnswer, isDepthVerified, isGateQuestionId, isQueuePhaseActive, setQueuePhaseActive, shouldBlockContextWrite, shouldBlockPendingGate, shouldBlockPendingGateBash, shouldBlockQueueExecution, setPendingGate, clearPendingGate, getPendingGate, } from "./bootstrap/write-gate.js";
 export default async function registerExtension(pi) {
     const { registerGsdExtension } = await import("./bootstrap/register-extension.js");
     registerGsdExtension(pi);

package/dist/resources/extensions/gsd/prompts/complete-milestone.md

@@ -63,6 +63,6 @@ Then:
 13. Do not commit manually — the system auto-commits your changes after this unit completes.
 - Say: "Milestone {{milestoneId}} complete."
 
-**Important:** Do NOT skip the code change verification, success criteria, or definition of done verification (steps 3-5). The milestone summary must reflect actual verified outcomes, not assumed success. Verification failures BLOCK completion — there is no override. The milestone stays in its current state until issues are resolved and verification is re-run.
+**Important:** Do NOT skip the code change verification, success criteria, or definition of done verification (steps 3-5). The milestone summary must reflect actual verified outcomes, not assumed success. Verification failures BLOCK completion — there is no override. The milestone stays in its current state until issues are resolved and verification is re-run. **If a verification tool itself fails, errors, or returns unexpected output, treat it as a verification failure** — never rationalize past a tool error ("tool didn't respond, assuming success" is forbidden). A tool that cannot verify is a tool that did not verify.
 
 **File system safety:** When scanning milestone directories for evidence, use `ls` or `find` to list directory contents first — never pass a directory path (e.g. `tasks/`, `slices/`) directly to the `read` tool. The `read` tool only accepts file paths, not directories.

package/dist/resources/extensions/gsd/prompts/discuss-prepared.md

@@ -109,7 +109,7 @@ Options:
   - "Needs adjustment" — user will clarify, then re-present scope
 ```
 
-**Do NOT proceed to Layer 2 until the user explicitly approves the scope.**
+**CRITICAL — Non-bypassable gate:** Do NOT proceed to Layer 2 until the user explicitly approves the scope. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. "Tool not responding, I'll proceed," "auth issues," or "I'll use my recommended scope" are all **forbidden**. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around.
 
 ---
 
@@ -120,7 +120,7 @@ Before presenting Layer 2 findings, use your available web search tools to resea
 1. Search for "[technology] [version] best practices [current year]"
 2. Search for "[technology] [version] known issues"
 
-Summarize findings concisely. If no search tools are available, note this and proceed using your training knowledge — don't block the discussion on missing search results.
+Summarize findings concisely. If search tools fail or are unavailable, note this and proceed using your training knowledge — but do NOT use a search failure as justification to skip any gate.
 
 Present ecosystem findings at the start of Layer 2 alongside your architecture recommendation.
 
@@ -180,7 +180,7 @@ Options:
   - "Want to adjust" — user will clarify, then re-present architecture
 ```
 
-**Do NOT proceed to Layer 3 until the user explicitly approves the architecture.**
+**CRITICAL — Non-bypassable gate:** Do NOT proceed to Layer 3 until the user explicitly approves the architecture. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around.
 
 ---
 
@@ -243,7 +243,7 @@ Options:
   - "Want to adjust error handling" — user will clarify, then re-present errors
 ```
 
-**Do NOT proceed to Layer 4 until the user explicitly approves error handling.**
+**CRITICAL — Non-bypassable gate:** Do NOT proceed to Layer 4 until the user explicitly approves error handling. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around.
 
 ---
 
@@ -297,7 +297,7 @@ Options:
   - "Want to adjust the quality bar" — user will clarify, then re-present quality
 ```
 
-**Do NOT proceed to Output Phase until the user explicitly approves the quality bar.**
+**CRITICAL — Non-bypassable gate:** Do NOT proceed to Output Phase until the user explicitly approves the quality bar. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around.
 
 ---
 
@@ -315,13 +315,13 @@ Before writing a roadmap, produce or update `.gsd/REQUIREMENTS.md`.
 
 Use it as the project's explicit capability contract. Requirements discovered during the 4-layer discussion should be captured here with source `user` or `inferred` as appropriate.
 
-**Print the requirements in chat before writing the roadmap.** Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?"
+**Print the requirements in chat before writing the roadmap.** Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?" **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never proceed to roadmap creation without explicit requirement confirmation.
 
 ### Roadmap Preview
 
 Before writing any files, **print the planned roadmap in chat** so the user can see and approve it. Print a markdown table with columns: Slice, Title, Risk, Depends, Demo. One row per slice. Below the table, print the milestone definition of done as a bullet list.
 
-If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two.
+If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two. **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never write files without explicit approval. A missing response is not a "yes."
 
 ### Naming Convention
 

package/dist/resources/extensions/gsd/prompts/discuss.md

@@ -173,7 +173,7 @@ For multi-milestone projects, requirements should span the full vision. Requirem
 
 If the project is new or has no `REQUIREMENTS.md`, surface candidate requirements in chat before writing the roadmap. Ask for correction only on material omissions, wrong ownership, or wrong scope. If the user has already been specific and raises no substantive objection, treat the requirement set as confirmed and continue.
 
-**Print the requirements in chat before writing the roadmap.** Do not say "here are the requirements" and then only write them to a file. The user must see them in the terminal. Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?"
+**Print the requirements in chat before writing the roadmap.** Do not say "here are the requirements" and then only write them to a file. The user must see them in the terminal. Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?" **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never proceed to roadmap creation without explicit requirement confirmation.
 
 ## Scope Assessment
 
@@ -185,7 +185,7 @@ Before moving to output, confirm the size estimate from your reflection still ho
 
 Before writing any files, **print the planned roadmap in chat** so the user can see and approve it. Print a markdown table with columns: Slice, Title, Risk, Depends, Demo. One row per slice. Below the table, print the milestone definition of done as a bullet list.
 
-If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two.
+If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two. **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never write files without explicit approval. A missing response is not a "yes."
 
 ### Naming Convention
 
@@ -242,7 +242,7 @@ If a milestone has no dependencies, omit the frontmatter. The dependency chain f
 
 #### Phase 3: Sequential readiness gate for remaining milestones
 
-For each remaining milestone **one at a time, in sequence**, decide the most likely readiness mode from the evidence you already have, then use `ask_user_questions` to let the user correct that recommendation. Present three options:
+For each remaining milestone **one at a time, in sequence**, decide the most likely readiness mode from the evidence you already have, then use `ask_user_questions` to let the user correct that recommendation. **Non-bypassable:** If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block or auto-select a readiness mode. Present three options:
 
 - **"Discuss now"** — The user wants to conduct a focused discussion for this milestone in the current session, while the context from the broader discussion is still fresh. Proceed with a focused discussion for this milestone (reflection → investigation → questioning → depth verification). When the discussion concludes, write a full `CONTEXT.md`. Then move to the gate for the next milestone.
 - **"Write draft for later"** — This milestone has seed material from the current conversation but needs its own dedicated discussion in a future session. Write a `CONTEXT-DRAFT.md` capturing the seed material (what was discussed, key ideas, provisional scope, open questions). Mark it clearly as a draft, not a finalized context. **What happens downstream:** When auto-mode reaches this milestone, it pauses and notifies the user: "M00x has draft context — needs discussion. Run /gsd." The `/gsd` wizard shows a "Discuss from draft" option that seeds the new discussion with this draft, so nothing from the current conversation is lost. After the dedicated discussion produces a full CONTEXT.md, the draft file is automatically deleted.

package/dist/resources/extensions/gsd/prompts/guided-discuss-milestone.md

@@ -94,13 +94,13 @@ Before moving to the wrap-up gate, verify you have covered:
 - options: "Yes, you got it (Recommended)", "Not quite — let me clarify"
 - **The question ID must contain `depth_verification`** (e.g. `depth_verification_confirm`) — this enables the write-gate downstream.
 
-**If `{{structuredQuestionsAvailable}}` is `false`:** ask in plain text: "Did I capture that correctly? If not, tell me what I missed." Wait for confirmation before proceeding.
+**If `{{structuredQuestionsAvailable}}` is `false`:** ask in plain text: "Did I capture that correctly? If not, tell me what I missed." Wait for explicit confirmation before proceeding. **The same non-bypassable gate applies to the plain-text path** — if the user does not respond, gives an ambiguous answer, or does not explicitly confirm, you MUST re-ask. Never rationalize past a missing confirmation.
 
 If they clarify, absorb the correction and re-verify.
 
 The depth verification is the only required confirmation gate. Do not add a second "ready to proceed?" gate after it.
 
-**CRITICAL — Non-bypassable gate:** The system mechanically blocks CONTEXT.md writes until the user selects the "(Recommended)" option. If the user declines, cancels, or the tool fails, you MUST re-ask — never rationalize past the block ("tool not responding, I'll proceed" is forbidden). The gate exists to protect the user's work; treat a block as an instruction, not an obstacle to work around.
+**CRITICAL — Non-bypassable gate:** The system mechanically blocks CONTEXT.md writes until the user selects the "(Recommended)" option (structured path) or explicitly confirms (plain-text path). If the user declines, cancels, does not respond, or the tool fails, you MUST re-ask — never rationalize past the block ("tool not responding, I'll proceed" is forbidden). The gate exists to protect the user's work; treat a block as an instruction, not an obstacle to work around.
 
 ---
 

package/dist/resources/extensions/gsd/prompts/guided-discuss-slice.md

@@ -41,11 +41,13 @@ After each round of answers, decide whether you already have enough signal to wr
 - Ask a single wrap-up question only when you genuinely believe the slice is well understood or the user signals they want to stop.
 - When you do ask it, offer two choices: "Write the context file" *(recommended when the slice is well understood)* or "One more pass". Use `ask_user_questions` if available, otherwise ask in plain text.
 
+**CRITICAL — Non-bypassable gate:** Do NOT write the context file until the user explicitly selects "Write the context file." If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. "Tool not responding, I'll proceed," "auth issues," or "the slice seems well understood, I'll write it" are all **forbidden**. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around.
+
 ---
 
 ## Output
 
-Once the user is ready to wrap up:
+Once the user has explicitly confirmed they are ready to write the context file:
 
 1. Use the **Slice Context** output template below
 2. `mkdir -p {{sliceDirPath}}`

package/dist/resources/extensions/gsd/prompts/rethink.md

@@ -12,7 +12,7 @@ You are a project reorganization assistant for a GSD (Get Shit Done) project. Th
 
 1. Present the current milestone order as a clear numbered list with status indicators (e.g. ✅ complete, ▶ active, ⏳ pending, ⏸ parked)
 2. Ask: **"What would you like to change?"**
-3. Execute changes conversationally, confirming destructive operations before proceeding
+3. Execute changes conversationally, confirming destructive operations before proceeding. **Non-bypassable:** For any destructive operation (discard, skip, reorder that breaks dependencies), you MUST get explicit user confirmation before executing. If the user does not respond, gives an ambiguous answer, or `ask_user_questions` fails, you MUST re-ask — never rationalize past the block. A missing confirmation is a "do not proceed."
 
 ## Supported Operations
 
@@ -53,8 +53,12 @@ gsd_skip_slice({ milestoneId: "M003", sliceId: "S02", reason: "Descoped — feat
 Skipped slices are treated as closed by the state machine (like "complete" but distinct). Use when a slice is no longer needed or has been superseded. The slice data is preserved for reference.
 **Do NOT** just check the slice checkbox in the roadmap — this does not update the DB and auto-mode will resume the slice.
 
+**CRITICAL — Non-bypassable gate:** Skipping a slice is a permanent DB operation. You MUST confirm with the user before calling `gsd_skip_slice`. If the user does not respond or gives an ambiguous answer, you MUST re-ask — never proceed without explicit approval.
+
 ### Discard a milestone
-**Permanently** delete a milestone directory and prune it from QUEUE-ORDER.json. **Always confirm with the user before discarding.** Warn explicitly if the milestone has completed work.
+**Permanently** delete a milestone directory and prune it from QUEUE-ORDER.json.
+
+**CRITICAL — Non-bypassable gate:** Discarding is irreversible. You MUST confirm with the user before discarding. Warn explicitly if the milestone has completed work. If the user does not respond or gives an ambiguous answer, you MUST re-ask — never rationalize past the block. A missing confirmation is a "do not discard."
 
 ### Add a new milestone
 Use the `gsd_milestone_generate_id` tool to get the next ID, then call `gsd_summary_save` with `milestone_id: {ID}`, `artifact_type: "CONTEXT"`, and the scope/goals/success criteria as `content` — the tool writes the context file to disk and persists to DB. Update QUEUE-ORDER.json to place it at the desired position.

package/dist/resources/extensions/gsd/prompts/system.md

@@ -38,7 +38,7 @@ GSD ships with bundled skills. Load the relevant skill file with the `read` tool
 - Never print, echo, log, or restate secrets or credentials. Report only key names and applied/skipped status.
 - Never ask the user to edit `.env` files or set secrets manually. Use `secure_env_collect`.
 - In enduring files, write current state only unless the file is explicitly historical.
-- **Never take outward-facing actions on GitHub (or any external service) without explicit user confirmation.** This includes: creating issues, closing issues, merging PRs, approving PRs, posting comments, pushing to remote branches, publishing packages, or any other action that affects state outside the local filesystem. Read-only operations (listing, viewing, diffing) are fine. Always present what you intend to do and get a clear "yes" before executing.
+- **Never take outward-facing actions on GitHub (or any external service) without explicit user confirmation.** This includes: creating issues, closing issues, merging PRs, approving PRs, posting comments, pushing to remote branches, publishing packages, or any other action that affects state outside the local filesystem. Read-only operations (listing, viewing, diffing) are fine. Always present what you intend to do and get a clear "yes" before executing. **Non-bypassable:** If the user does not respond, gives an ambiguous answer, or `ask_user_questions` fails, you MUST re-ask — never rationalize past the block ("tool not responding, I'll proceed" is forbidden). A missing "yes" is a "no."
 
 If a `GSD Skill Preferences` block is present below this contract, treat it as explicit durable guidance for which skills to use, prefer, or avoid during GSD work. Follow it where it does not conflict with required GSD artifact rules, verification requirements, or higher-priority system/developer instructions.
 

package/dist/resources/extensions/gsd/prompts/triage-captures.md

@@ -51,7 +51,7 @@ For each capture, classify it as one of:
    
    For captures classified as **note** or **defer**, auto-confirm without asking — these are low-impact.
    For captures classified as **stop** or **backtrack**, auto-confirm without asking — these are urgent user directives that must be honored immediately.
-   For captures classified as **quick-task**, **inject**, or **replan**, ask the user to confirm or choose a different classification.
+   For captures classified as **quick-task**, **inject**, or **replan**, ask the user to confirm or choose a different classification. **Non-bypassable:** If `ask_user_questions` fails, errors, or the user does not respond, you MUST re-ask — never auto-confirm these classifications without explicit user approval.
 
 3. **Update** `.gsd/CAPTURES.md` — for each capture, update its section with the confirmed classification:
    - Change `**Status:** pending` to `**Status:** resolved`

package/dist/resources/extensions/gsd/prompts/worktree-merge.md

@@ -90,9 +90,11 @@ Present a merge plan to the user:
 
 Ask the user to confirm the merge plan before proceeding.
 
+**CRITICAL — Non-bypassable gate:** Do NOT execute any merge commands until the user explicitly approves the merge plan. If `ask_user_questions` fails, errors, returns no response, or the user's response is ambiguous, you MUST re-ask — never rationalize past the block. "No response, I'll proceed with the clean merges," "the plan looks safe, merging," or any other self-authorization is **forbidden**. The gate exists to protect the user's branches; treat a block as an instruction to wait, not an obstacle to work around.
+
 ### Step 4: Execute Merge
 
-Once confirmed, run all commands from `{{mainTreePath}}` (your CWD):
+Once the user has explicitly confirmed, run all commands from `{{mainTreePath}}` (your CWD):
 
 1. Ensure you are on the target branch: `git checkout {{mainBranch}}`
 2. If there are conflicts requiring manual reconciliation, apply the reconciled versions first

package/dist/resources/extensions/remote-questions/manager.js

@@ -8,6 +8,14 @@ import { SlackAdapter } from "./slack-adapter.js";
 import { TelegramAdapter } from "./telegram-adapter.js";
 import { createPromptRecord, writePromptRecord, markPromptAnswered, markPromptDispatched, markPromptStatus, updatePromptRecord } from "./store.js";
 import { sanitizeError } from "../shared/sanitize.js";
+/**
+ * Check whether a remote channel is configured without triggering any
+ * side effects (no HTTP requests, no prompt records). Used by the race
+ * logic to decide routing before committing to a remote dispatch.
+ */
+export function isRemoteConfigured() {
+    return resolveRemoteConfig() !== null;
+}
 export async function tryRemoteQuestions(questions, signal) {
     const config = resolveRemoteConfig();
     if (!config)

package/dist/web/standalone/.next/BUILD_ID

@@ -1 +1 @@
-UR2XjRqocvGBpbjt8dHCS
+TCMOrUQ1suscla6CiwNya