npm - gsd-pi - Versions diffs - 2.76.0-dev.4100bd590 → 2.76.0-dev.479ad0e78 - Mend

gsd-pi 2.76.0-dev.4100bd590 → 2.76.0-dev.479ad0e78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (362) hide show

package/src/resources/extensions/gsd/tests/complete-task.test.ts CHANGED Viewed

@@ -109,9 +109,9 @@ console.log('\n=== complete-task: schema v5 migration ===');
   const adapter = _getAdapter()!;
-  // Verify schema version is current (v21 — ADR-013 structured_fields column)
+  // Verify schema version is current (v22 — quality_gates DDL fix)
   const versionRow = adapter.prepare('SELECT MAX(version) as v FROM schema_version').get();
-  assertEq(versionRow?.['v'], 21, 'schema version should be 21');
+  assertEq(versionRow?.['v'], 22, 'schema version should be 22');
   // Verify all 4 new tables exist
   const tables = adapter.prepare(

package/src/resources/extensions/gsd/tests/complexity-classifier.test.ts CHANGED Viewed

@@ -21,9 +21,9 @@ test("tierOrdinal returns correct ordering", () => {
 // ─── Unit Type Classification ────────────────────────────────────────────────
-test("complete-slice classifies as light", () => {
+test("complete-slice classifies as standard", () => {
   const result = classifyUnitComplexity("complete-slice", "M001/S01", "/tmp/fake");
-  assert.equal(result.tier, "light");
+  assert.equal(result.tier, "standard");
 });
 test("run-uat classifies as light", () => {
@@ -145,7 +145,7 @@ test("budget pressure at 90% downgrades standard to light", () => {
   assert.equal(result.downgraded, true);
 });
-test("budget pressure at 90% downgrades light stays light", () => {
+test("budget pressure at 90% downgrades complete-slice standard to light", () => {
   const result = classifyUnitComplexity("complete-slice", "M001/S01", "/tmp/fake", 0.95);
   assert.equal(result.tier, "light");
 });

package/src/resources/extensions/gsd/tests/custom-engine-loop-integration.test.ts CHANGED Viewed

@@ -179,6 +179,8 @@ function makeMockDeps(overrides?: Partial<LoopDeps>): LoopDeps & { callLog: stri
     autoWorktreeBranch: () => "auto/M001",
     resolveMilestoneFile: () => null,
     reconcileMergeState: () => "clean",
+    preflightCleanRoot: () => ({ stashPushed: false, summary: "" }),
+    postflightPopStash: () => {},
     getLedger: () => null,
     getProjectTotals: () => ({ cost: 0 }),
     formatCost: (c: number) => `$${c.toFixed(2)}`,

package/src/resources/extensions/gsd/tests/doctor-providers.test.ts CHANGED Viewed

@@ -768,6 +768,37 @@ test("runProviderChecks detects claude.cmd in PATH on Windows (#4503)", { skip:
   });
 });
+test("runProviderChecks detects claude.exe in PATH on Windows (#4548)", { skip: process.platform !== "win32" }, () => {
+  const tmpHome = realpathSync(mkdtempSync(join(tmpdir(), "gsd-providers-cc-exe-home-")));
+  const binDir = join(tmpHome, "bin");
+  mkdirSync(binDir, { recursive: true });
+  // Some Windows installs ship a direct claude.exe binary (not a .cmd shim).
+  const fakeClaudeExe = join(binDir, "claude.exe");
+  writeFileSync(fakeClaudeExe, "");
+  withEnv({
+    HOME: tmpHome,
+    ANTHROPIC_API_KEY: undefined,
+    ANTHROPIC_OAUTH_TOKEN: undefined,
+    COPILOT_GITHUB_TOKEN: undefined,
+    GH_TOKEN: undefined,
+    GITHUB_TOKEN: undefined,
+    PATH: `${binDir};${process.env.PATH ?? ""}`,
+    PATHEXT: ".COM;.EXE;.BAT;.CMD",
+  }, () => {
+    try {
+      const results = runProviderChecks();
+      const anthropic = results.find(r => r.name === "anthropic");
+      assert.ok(anthropic, "anthropic result should exist");
+      assert.equal(anthropic!.status, "ok", "should be ok when claude.exe is in PATH (#4548)");
+      assert.ok(anthropic!.message.toLowerCase().includes("claude"), "should mention claude-code as source");
+    } finally {
+      rmSync(tmpHome, { recursive: true, force: true });
+    }
+  });
+});
 test("PROVIDER_ROUTES includes google-gemini-cli as route for google (#2922)", async () => {
   const { readFileSync: readFS } = await import("node:fs");
   const { dirname: dirn, join: joinPath } = await import("node:path");

package/src/resources/extensions/gsd/tests/double-merge-guard.test.ts CHANGED Viewed

@@ -42,7 +42,7 @@ describe("double mergeAndExit guard (#2645)", () => {
     const allCompleteIdx = phasesSrc.indexOf("incomplete.length === 0");
     assert.ok(allCompleteIdx > 0, "phases.ts should have an all-milestones-complete check");
-    const afterAllComplete = phasesSrc.slice(allCompleteIdx, allCompleteIdx + 600);
+    const afterAllComplete = phasesSrc.slice(allCompleteIdx, allCompleteIdx + 800);
     const mergeIdx = afterAllComplete.indexOf("deps.resolver.mergeAndExit");
     const flagIdx = afterAllComplete.indexOf("s.milestoneMergedInPhases = true");

package/src/resources/extensions/gsd/tests/ensure-db-open.test.ts CHANGED Viewed

@@ -389,7 +389,7 @@ describe('ensure-db-open', () => {
       assert.ok(db, 'adapter should be available after ensureDbOpen');
       assert.equal(
         db.prepare('SELECT MAX(version) as version FROM schema_version').get()?.version,
-        21,
+        22,
         'legacy DB should migrate to current schema version',
       );

package/src/resources/extensions/gsd/tests/escalation.test.ts CHANGED Viewed

@@ -348,7 +348,7 @@ test("ADR-011 P2: schema v20 fresh DB has all escalation columns on tasks + sour
   assert.ok(decCols.includes("source"), "decisions table must have source column");
   const version = adapter.prepare("SELECT MAX(version) as v FROM schema_version").get();
-  assert.equal(version?.["v"], 21);
+  assert.equal(version?.["v"], 22);
 });
 test("ADR-011 P2: findUnappliedEscalationOverride returns null when escalation_pending=1 (still pending)", (t) => {

package/src/resources/extensions/gsd/tests/exec-history.test.ts ADDED Viewed

@@ -0,0 +1,237 @@
+import { test } from 'node:test';
+import assert from 'node:assert/strict';
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { listExecHistory, searchExecHistory } from '../exec-history.ts';
+import { executeExecSearch } from '../tools/exec-search-tool.ts';
+function freshBase(): string {
+  return mkdtempSync(join(tmpdir(), 'gsd-exec-history-'));
+}
+function cleanup(dir: string): void {
+  rmSync(dir, { recursive: true, force: true });
+}
+function writeRun(base: string, id: string, overrides: Record<string, unknown> = {}): void {
+  const dir = join(base, '.gsd', 'exec');
+  mkdirSync(dir, { recursive: true });
+  const stdoutPath = join(dir, `${id}.stdout`);
+  const stderrPath = join(dir, `${id}.stderr`);
+  const metaPath = join(dir, `${id}.meta.json`);
+  writeFileSync(stdoutPath, (overrides.stdout as string | undefined) ?? `stdout for ${id}\n`);
+  writeFileSync(stderrPath, '');
+  writeFileSync(
+    metaPath,
+    JSON.stringify({
+      id,
+      runtime: 'bash',
+      purpose: `purpose for ${id}`,
+      started_at: '2026-04-20T12:00:00.000Z',
+      finished_at: '2026-04-20T12:00:00.100Z',
+      duration_ms: 100,
+      exit_code: 0,
+      signal: null,
+      timed_out: false,
+      stdout_bytes: 12,
+      stderr_bytes: 0,
+      stdout_truncated: false,
+      stderr_truncated: false,
+      stdout_path: stdoutPath,
+      stderr_path: stderrPath,
+      ...overrides,
+    }),
+  );
+}
+test('listExecHistory: returns empty list when .gsd/exec missing', () => {
+  const base = freshBase();
+  try {
+    assert.deepEqual(listExecHistory(base), []);
+  } finally {
+    cleanup(base);
+  }
+});
+test('listExecHistory: skips malformed meta files', () => {
+  const base = freshBase();
+  try {
+    const dir = join(base, '.gsd', 'exec');
+    mkdirSync(dir, { recursive: true });
+    writeFileSync(join(dir, 'bad.meta.json'), '{not-json');
+    writeRun(base, 'ok-1');
+    const list = listExecHistory(base);
+    assert.equal(list.length, 1);
+    assert.equal(list[0]!.id, 'ok-1');
+  } finally {
+    cleanup(base);
+  }
+});
+test('searchExecHistory: filters by query, runtime, and failing_only', () => {
+  const base = freshBase();
+  try {
+    writeRun(base, 'playwright-run', { purpose: 'playwright snapshot' });
+    writeRun(base, 'grep-run', { purpose: 'grep TODOs' });
+    writeRun(base, 'failing-run', { exit_code: 1, purpose: 'boom' });
+    writeRun(base, 'node-run', { runtime: 'node', purpose: 'dedupe' });
+    const playwrightHits = searchExecHistory(base, { query: 'playwright' });
+    assert.equal(playwrightHits.length, 1);
+    assert.equal(playwrightHits[0]!.entry.id, 'playwright-run');
+    const failingHits = searchExecHistory(base, { failing_only: true });
+    assert.equal(failingHits.length, 1);
+    assert.equal(failingHits[0]!.entry.id, 'failing-run');
+    const nodeHits = searchExecHistory(base, { runtime: 'node' });
+    assert.equal(nodeHits.length, 1);
+    assert.equal(nodeHits[0]!.entry.runtime, 'node');
+    const unlimited = searchExecHistory(base, {});
+    assert.equal(unlimited.length, 4);
+  } finally {
+    cleanup(base);
+  }
+});
+test('executeExecSearch: returns helpful empty-state message when no matches', () => {
+  const base = freshBase();
+  try {
+    const result = executeExecSearch({ query: 'missing' }, { baseDir: base });
+    assert.ok(!result.isError);
+    assert.match(result.content[0].text, /No prior gsd_exec runs/);
+  } finally {
+    cleanup(base);
+  }
+});
+test('executeExecSearch: includes stdout_path and preview in details', () => {
+  const base = freshBase();
+  try {
+    writeRun(base, 'summary-run', { stdout: 'found 42 TODOs\n' });
+    const result = executeExecSearch({ query: 'summary' }, { baseDir: base });
+    const details = result.details as { results: Array<{ id: string; stdout_path: string }> };
+    assert.equal(details.results.length, 1);
+    assert.equal(details.results[0]!.id, 'summary-run');
+    assert.match(details.results[0]!.stdout_path, /summary-run\.stdout$/);
+    assert.match(result.content[0].text, /found 42 TODOs/);
+  } finally {
+    cleanup(base);
+  }
+});
+// ── Path traversal security tests (issue #4590) ───────────────────────────
+test('safeReadMeta: ignores malicious stdout_path in JSON, derives path from meta file location', () => {
+  // Arrange: write a .meta.json whose JSON content has a path-traversal value
+  // in stdout_path / stderr_path. The read-side must silently discard these
+  // and derive sibling paths from the actual .meta.json location instead.
+  const base = freshBase();
+  try {
+    const dir = join(base, '.gsd', 'exec');
+    mkdirSync(dir, { recursive: true });
+    const id = 'traversal-test-run';
+    const metaPath = join(dir, `${id}.meta.json`);
+    const stdoutPath = join(dir, `${id}.stdout`);
+    const stderrPath = join(dir, `${id}.stderr`);
+    // Write real sibling files so digest_preview can succeed.
+    writeFileSync(stdoutPath, 'legitimate stdout content\n');
+    writeFileSync(stderrPath, '');
+    // Write a meta.json that tries to point stdout_path outside the exec dir.
+    writeFileSync(
+      metaPath,
+      JSON.stringify({
+        id,
+        runtime: 'bash',
+        purpose: 'test run',
+        started_at: '2026-04-20T12:00:00.000Z',
+        finished_at: '2026-04-20T12:00:00.100Z',
+        duration_ms: 100,
+        exit_code: 0,
+        signal: null,
+        timed_out: false,
+        stdout_bytes: 24,
+        stderr_bytes: 0,
+        stdout_truncated: false,
+        stderr_truncated: false,
+        // These malicious values must NEVER be used as filesystem paths.
+        stdout_path: '../../etc/passwd',
+        stderr_path: '../../etc/shadow',
+      }),
+    );
+    const entries = listExecHistory(base);
+    assert.equal(entries.length, 1);
+    const entry = entries[0]!;
+    // stdout_path must be derived from the meta file location, not from JSON.
+    assert.equal(entry.stdout_path, stdoutPath,
+      `stdout_path must be a sibling of the meta file; got: ${entry.stdout_path}`);
+    assert.equal(entry.stderr_path, stderrPath,
+      `stderr_path must be a sibling of the meta file; got: ${entry.stderr_path}`);
+    // Verify neither traversal string leaked into the returned entry.
+    assert.ok(!entry.stdout_path.includes('..'),
+      `stdout_path must not contain path traversal sequences: ${entry.stdout_path}`);
+    assert.ok(!entry.stderr_path.includes('..'),
+      `stderr_path must not contain path traversal sequences: ${entry.stderr_path}`);
+    assert.ok(!entry.stdout_path.includes('etc/passwd'),
+      `stdout_path must not point to /etc/passwd: ${entry.stdout_path}`);
+  } finally {
+    cleanup(base);
+  }
+});
+test('searchExecHistory: digest_preview is read from derived sibling path, not JSON stdout_path', () => {
+  // Arrange: a .meta.json with a malicious stdout_path pointing to /etc/passwd.
+  // The digest_preview should be read from the real sibling .stdout file,
+  // not from the JSON-supplied path.
+  const base = freshBase();
+  try {
+    const dir = join(base, '.gsd', 'exec');
+    mkdirSync(dir, { recursive: true });
+    const id = 'preview-traversal-run';
+    const metaPath = join(dir, `${id}.meta.json`);
+    const stdoutPath = join(dir, `${id}.stdout`);
+    writeFileSync(stdoutPath, 'safe-sentinel-content\n');
+    writeFileSync(join(dir, `${id}.stderr`), '');
+    writeFileSync(
+      metaPath,
+      JSON.stringify({
+        id,
+        runtime: 'bash',
+        purpose: null,
+        started_at: '2026-04-20T12:00:00.000Z',
+        finished_at: '2026-04-20T12:00:00.100Z',
+        duration_ms: 50,
+        exit_code: 0,
+        signal: null,
+        timed_out: false,
+        stdout_bytes: 21,
+        stderr_bytes: 0,
+        stdout_truncated: false,
+        stderr_truncated: false,
+        // Attacker-controlled path — must be ignored.
+        stdout_path: '/etc/passwd',
+        stderr_path: '/etc/shadow',
+      }),
+    );
+    const hits = searchExecHistory(base, {});
+    assert.equal(hits.length, 1);
+    const hit = hits[0]!;
+    // The preview must come from the safe sibling, not /etc/passwd.
+    assert.ok(
+      hit.digest_preview?.includes('safe-sentinel-content'),
+      `digest_preview should contain safe-sentinel-content; got: ${hit.digest_preview}`,
+    );
+    // Ensure the entry paths are the derived ones.
+    assert.equal(hit.entry.stdout_path, stdoutPath);
+  } finally {
+    cleanup(base);
+  }
+});

package/src/resources/extensions/gsd/tests/exec-sandbox.test.ts ADDED Viewed

@@ -0,0 +1,210 @@
+import { test } from 'node:test';
+import assert from 'node:assert/strict';
+import { mkdtempSync, readFileSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { EXEC_DEFAULTS, runExecSandbox, type ExecSandboxOptions } from '../exec-sandbox.ts';
+import { buildExecOptions, executeGsdExec } from '../tools/exec-tool.ts';
+import { isContextModeEnabled } from '../preferences-types.ts';
+function freshBase(): string {
+  return mkdtempSync(join(tmpdir(), 'gsd-exec-test-'));
+}
+function cleanup(dir: string): void {
+  rmSync(dir, { recursive: true, force: true });
+}
+function baseOpts(base: string, overrides: Partial<ExecSandboxOptions> = {}): ExecSandboxOptions {
+  return {
+    baseDir: base,
+    clamp_timeout_ms: EXEC_DEFAULTS.clampTimeoutMs,
+    default_timeout_ms: 10_000,
+    stdout_cap_bytes: 1_024,
+    stderr_cap_bytes: 1_024,
+    digest_chars: 120,
+    env_allowlist: EXEC_DEFAULTS.envAllowlist,
+    ...overrides,
+  };
+}
+test('runExecSandbox: captures stdout, persists artifacts, returns digest', async () => {
+  const base = freshBase();
+  try {
+    const result = await runExecSandbox(
+      { runtime: 'bash', script: 'echo hello world' },
+      baseOpts(base),
+    );
+    assert.equal(result.exit_code, 0);
+    assert.equal(result.timed_out, false);
+    assert.ok(result.digest.includes('hello world'), `digest should contain stdout: ${result.digest}`);
+    assert.ok(result.stdout_path.startsWith(join(base, '.gsd', 'exec')), 'stdout path under .gsd/exec');
+    assert.equal(readFileSync(result.stdout_path, 'utf-8').trim(), 'hello world');
+    const meta = JSON.parse(readFileSync(result.meta_path, 'utf-8')) as Record<string, unknown>;
+    assert.equal(meta.runtime, 'bash');
+    assert.equal(meta.exit_code, 0);
+  } finally {
+    cleanup(base);
+  }
+});
+test('runExecSandbox: enforces stdout cap and marks truncation', async () => {
+  const base = freshBase();
+  try {
+    const result = await runExecSandbox(
+      // Emit far more than the cap so truncation triggers.
+      { runtime: 'bash', script: 'head -c 8000 /dev/urandom | base64' },
+      baseOpts(base, { stdout_cap_bytes: 256 }),
+    );
+    assert.equal(result.stdout_truncated, true, 'should mark stdout truncated');
+    assert.ok(result.stdout_bytes <= 256, `stdout_bytes within cap (got ${result.stdout_bytes})`);
+    const stdout = readFileSync(result.stdout_path, 'utf-8');
+    assert.ok(stdout.endsWith('[truncated: stdout cap reached]\n'), 'truncation marker appended');
+  } finally {
+    cleanup(base);
+  }
+});
+test('runExecSandbox: enforces timeout and surfaces timed_out', async () => {
+  const base = freshBase();
+  try {
+    const started = Date.now();
+    const result = await runExecSandbox(
+      { runtime: 'bash', script: 'sleep 10' },
+      baseOpts(base, { default_timeout_ms: 150, clamp_timeout_ms: 150 }),
+    );
+    const elapsed = Date.now() - started;
+    assert.equal(result.timed_out, true);
+    assert.ok(elapsed < 5_000, `should return well before 10s (took ${elapsed}ms)`);
+  } finally {
+    cleanup(base);
+  }
+});
+test('runExecSandbox: forwards only allowlisted env vars', async () => {
+  const base = freshBase();
+  try {
+    const result = await runExecSandbox(
+      { runtime: 'bash', script: 'echo PATH=$PATH SECRET=$GSD_TEST_SECRET' },
+      baseOpts(base, {
+        env_allowlist: [],
+        env: { PATH: '/usr/bin:/bin', HOME: '/tmp', GSD_TEST_SECRET: 'should-be-blocked' },
+      }),
+    );
+    const stdout = readFileSync(result.stdout_path, 'utf-8');
+    assert.ok(stdout.includes('PATH=/usr/bin:/bin'), 'PATH forwarded');
+    assert.ok(!stdout.includes('should-be-blocked'), 'non-allowlisted var blocked');
+  } finally {
+    cleanup(base);
+  }
+});
+test('runExecSandbox: node runtime executes JS', async () => {
+  const base = freshBase();
+  try {
+    const result = await runExecSandbox(
+      { runtime: 'node', script: 'console.log("node-ok:" + (1+2))' },
+      baseOpts(base),
+    );
+    assert.equal(result.exit_code, 0);
+    assert.ok(result.digest.includes('node-ok:3'));
+  } finally {
+    cleanup(base);
+  }
+});
+// ── exec-tool executor ────────────────────────────────────────────────────
+test('executeGsdExec: runs by default when context_mode is unset', async () => {
+  const base = freshBase();
+  try {
+    const result = await executeGsdExec(
+      { runtime: 'bash', script: 'echo default-on-run' },
+      { baseDir: base, preferences: {} },
+    );
+    assert.ok(!result.isError, 'should succeed with no preferences');
+    assert.equal(result.details.operation, 'gsd_exec');
+    assert.equal(result.details.exit_code, 0);
+    assert.ok(result.content[0].text.includes('default-on-run'));
+  } finally {
+    cleanup(base);
+  }
+});
+test('executeGsdExec: runs when preferences is null (fresh project)', async () => {
+  const base = freshBase();
+  try {
+    const result = await executeGsdExec(
+      { runtime: 'bash', script: 'echo null-prefs-run' },
+      { baseDir: base, preferences: null },
+    );
+    assert.ok(!result.isError, 'null preferences should not disable');
+    assert.ok(result.content[0].text.includes('null-prefs-run'));
+  } finally {
+    cleanup(base);
+  }
+});
+test('executeGsdExec: blocked only when context_mode.enabled=false', async () => {
+  const base = freshBase();
+  try {
+    const result = await executeGsdExec(
+      { runtime: 'bash', script: 'echo should-not-run' },
+      { baseDir: base, preferences: { context_mode: { enabled: false } } },
+    );
+    assert.equal(result.isError, true);
+    assert.equal((result.details as { error?: string }).error, 'context_mode_disabled');
+  } finally {
+    cleanup(base);
+  }
+});
+test('executeGsdExec: runs when enabled explicitly set to true', async () => {
+  const base = freshBase();
+  try {
+    const result = await executeGsdExec(
+      { runtime: 'bash', script: 'echo explicit-on' },
+      { baseDir: base, preferences: { context_mode: { enabled: true } } },
+    );
+    assert.ok(!result.isError);
+    assert.ok(result.content[0].text.includes('explicit-on'));
+  } finally {
+    cleanup(base);
+  }
+});
+test('executeGsdExec: rejects empty script', async () => {
+  const base = freshBase();
+  try {
+    const result = await executeGsdExec(
+      { runtime: 'bash', script: '   ' },
+      { baseDir: base, preferences: { context_mode: { enabled: true } } },
+    );
+    assert.equal(result.isError, true);
+    assert.equal((result.details as { error?: string }).error, 'invalid_params');
+  } finally {
+    cleanup(base);
+  }
+});
+test('isContextModeEnabled: defaults to true; only explicit false disables', () => {
+  assert.equal(isContextModeEnabled(undefined), true, 'undefined prefs → on');
+  assert.equal(isContextModeEnabled(null), true, 'null prefs → on');
+  assert.equal(isContextModeEnabled({}), true, 'empty prefs → on');
+  assert.equal(isContextModeEnabled({ context_mode: {} }), true, 'empty block → on');
+  assert.equal(isContextModeEnabled({ context_mode: { enabled: true } }), true);
+  assert.equal(isContextModeEnabled({ context_mode: { enabled: false } }), false);
+});
+test('buildExecOptions: clamps out-of-range values to safe defaults', () => {
+  const opts = buildExecOptions('/tmp/base', {
+    enabled: true,
+    exec_timeout_ms: 999_999_999,
+    exec_stdout_cap_bytes: 1,
+    exec_digest_chars: -20,
+  });
+  assert.equal(opts.default_timeout_ms, EXEC_DEFAULTS.clampTimeoutMs, 'timeout clamped to upper bound');
+  assert.equal(opts.stdout_cap_bytes, 4_096, 'stdout cap clamped to floor');
+  assert.equal(opts.digest_chars, 0, 'digest chars clamped to floor');
+});

package/src/resources/extensions/gsd/tests/file-change-validator.test.ts CHANGED Viewed

@@ -15,6 +15,64 @@ function git(cwd: string, ...args: string[]): string {
   }).trim();
 }
+test("validateFileChanges works on repos with a single commit (no HEAD~1)", (t) => {
+  const base = mkdtempSync(join(tmpdir(), "gsd-file-change-validator-"));
+  t.after(() => rmSync(base, { recursive: true, force: true }));
+  git(base, "init");
+  git(base, "config", "user.email", "test@example.com");
+  git(base, "config", "user.name", "Test User");
+  writeFileSync(join(base, "foo.ts"), "export const x = 1;\n");
+  git(base, "add", ".");
+  git(base, "commit", "-m", "initial");
+  // With only one commit, HEAD~1 doesn't exist — this must not throw
+  const audit = validateFileChanges(base, ["foo.ts"], []);
+  assert.ok(audit, "audit should be produced for single-commit repo");
+  assert.deepEqual(audit.unexpectedFiles, []);
+  assert.deepEqual(audit.missingFiles, []);
+});
+test("validateFileChanges excludes allowlisted files from unexpected-change warnings", (t) => {
+  const base = mkdtempSync(join(tmpdir(), "gsd-file-change-validator-"));
+  t.after(() => rmSync(base, { recursive: true, force: true }));
+  mkdirSync(join(base, "tracking", "history"), { recursive: true });
+  git(base, "init");
+  git(base, "config", "user.email", "test@example.com");
+  git(base, "config", "user.name", "Test User");
+  writeFileSync(join(base, "src.ts"), "initial\n");
+  writeFileSync(join(base, "tracking", "history", "2026-04-20-snapshot.md"), "initial\n");
+  git(base, "add", ".");
+  git(base, "commit", "-m", "initial");
+  writeFileSync(join(base, "src.ts"), "updated\n");
+  writeFileSync(join(base, "tracking", "history", "2026-04-20-snapshot.md"), "updated\n");
+  git(base, "add", ".");
+  git(base, "commit", "-m", "update");
+  // Without allowlist: tracking/history snapshot is unexpected
+  const auditWithout = validateFileChanges(base, ["src.ts"], []);
+  assert.ok(auditWithout, "audit should be produced");
+  assert.ok(
+    auditWithout.unexpectedFiles.includes("tracking/history/2026-04-20-snapshot.md"),
+    "snapshot should be unexpected without allowlist",
+  );
+  // With glob allowlist: snapshot is excluded
+  const auditWith = validateFileChanges(base, ["src.ts"], [], ["tracking/history/**"]);
+  assert.ok(auditWith, "audit should be produced with allowlist");
+  assert.deepEqual(auditWith.unexpectedFiles, [], "no unexpected files when snapshot is allowlisted");
+  assert.equal(
+    auditWith.violations.filter(v => v.severity === "warning").length,
+    0,
+    "no warnings when all unexpected files are allowlisted",
+  );
+});
 test("validateFileChanges ignores inline descriptions in expected output paths", (t) => {
   const base = mkdtempSync(join(tmpdir(), "gsd-file-change-validator-"));
   t.after(() => rmSync(base, { recursive: true, force: true }));