gsd-pi 2.76.0-dev.97807402 → 2.76.0-dev.97f5583d9

package/dist/resources/extensions/gsd/auto/phases.js

@@ -30,7 +30,8 @@ import { isDbAvailable, getMilestoneSlices } from "../gsd-db.js";
 import { ensurePlanV2Graph } from "../uok/plan-v2.js";
 import { resolveUokFlags } from "../uok/flags.js";
 import { UokGateRunner } from "../uok/gate-runner.js";
-import { resetEvidence } from "../safety/evidence-collector.js";
+import { resetEvidence, loadEvidenceFromDisk } from "../safety/evidence-collector.js";
+import { parseUnitId } from "../unit-id.js";
 import { createCheckpoint, cleanupCheckpoint, rollbackToCheckpoint } from "../safety/git-checkpoint.js";
 import { resolveSafetyHarnessConfig } from "../safety/safety-harness.js";
 import { getWorkflowTransportSupportError, getRequiredWorkflowToolsForAutoUnit, supportsStructuredQuestions, } from "../workflow-mcp.js";
@@ -389,6 +390,8 @@ export async function runPreDispatch(ic, loopState) {
         loopState.recentUnits.length = 0;
         loopState.stuckRecoveryAttempts = 0;
         // Worktree lifecycle on milestone transition — merge current, enter next
+        // #2909: preflight — warn + stash dirty working tree before merge
+        const preflightTransition = deps.preflightCleanRoot(s.originalBasePath || s.basePath, s.currentMilestoneId, ctx.ui.notify.bind(ctx.ui));
         try {
             deps.resolver.mergeAndExit(s.currentMilestoneId, ctx.ui);
         }
@@ -405,6 +408,10 @@ export async function runPreDispatch(ic, loopState) {
             await deps.stopAuto(ctx, pi, `Merge error on milestone ${s.currentMilestoneId}: ${String(mergeErr)}`);
             return { action: "break", reason: "merge-failed" };
         }
+        // #2909: postflight — restore stashed changes after successful merge
+        if (preflightTransition.stashPushed) {
+            deps.postflightPopStash(s.originalBasePath || s.basePath, s.currentMilestoneId, ctx.ui.notify.bind(ctx.ui));
+        }
         // PR creation (auto_pr) is handled inside mergeMilestoneToMain (#2302)
         deps.invalidateAllCaches();
         state = await deps.deriveState(s.basePath);
@@ -459,6 +466,8 @@ export async function runPreDispatch(ic, loopState) {
         if (incomplete.length === 0 && state.registry.length > 0) {
             // All milestones complete — merge milestone branch before stopping
             if (s.currentMilestoneId) {
+                // #2909: preflight — warn + stash dirty working tree before merge
+                const preflightAllComplete = deps.preflightCleanRoot(s.originalBasePath || s.basePath, s.currentMilestoneId, ctx.ui.notify.bind(ctx.ui));
                 try {
                     deps.resolver.mergeAndExit(s.currentMilestoneId, ctx.ui);
                     // Prevent stopAuto from attempting the same merge (#2645)
@@ -475,6 +484,10 @@ export async function runPreDispatch(ic, loopState) {
                     await deps.stopAuto(ctx, pi, `Merge error on milestone ${s.currentMilestoneId}: ${String(mergeErr)}`);
                     return { action: "break", reason: "merge-failed" };
                 }
+                // #2909: postflight — restore stashed changes after successful merge
+                if (preflightAllComplete.stashPushed) {
+                    deps.postflightPopStash(s.originalBasePath || s.basePath, s.currentMilestoneId, ctx.ui.notify.bind(ctx.ui));
+                }
                 // PR creation (auto_pr) is handled inside mergeMilestoneToMain (#2302)
             }
             deps.sendDesktopNotification("GSD", "All milestones complete!", "success", "milestone", basename(s.originalBasePath || s.basePath));
@@ -539,6 +552,8 @@ export async function runPreDispatch(ic, loopState) {
     if (state.phase === "complete") {
         // Milestone merge on complete (before closeout so branch state is clean)
         if (s.currentMilestoneId) {
+            // #2909: preflight — warn + stash dirty working tree before merge
+            const preflightComplete = deps.preflightCleanRoot(s.originalBasePath || s.basePath, s.currentMilestoneId, ctx.ui.notify.bind(ctx.ui));
             try {
                 deps.resolver.mergeAndExit(s.currentMilestoneId, ctx.ui);
                 // Prevent stopAuto from attempting the same merge (#2645)
@@ -555,6 +570,10 @@ export async function runPreDispatch(ic, loopState) {
                 await deps.stopAuto(ctx, pi, `Merge error on milestone ${s.currentMilestoneId}: ${String(mergeErr)}`);
                 return { action: "break", reason: "merge-failed" };
             }
+            // #2909: postflight — restore stashed changes after successful merge
+            if (preflightComplete.stashPushed) {
+                deps.postflightPopStash(s.originalBasePath || s.basePath, s.currentMilestoneId, ctx.ui.notify.bind(ctx.ui));
+            }
             // PR creation (auto_pr) is handled inside mergeMilestoneToMain (#2302)
         }
         deps.sendDesktopNotification("GSD", `Milestone ${mid} complete!`, "success", "milestone", basename(s.originalBasePath || s.basePath));
@@ -1028,6 +1047,14 @@ export async function runUnitPhase(ic, iterData, loopState, sidecarItem) {
     const safetyConfig = resolveSafetyHarnessConfig(prefs?.safety_harness);
     if (safetyConfig.enabled && safetyConfig.evidence_collection) {
         resetEvidence();
+        // Restore persisted evidence so session-restart resumes don't produce
+        // false-positive "no bash calls" warnings (Bug #4385).
+        if (s.basePath && unitType === "execute-task") {
+            const { milestone: eMid, slice: eSid, task: eTid } = parseUnitId(unitId);
+            if (eMid && eSid && eTid) {
+                loadEvidenceFromDisk(s.basePath, eMid, eSid, eTid);
+            }
+        }
     }
     // Only checkpoint code-executing units (not lifecycle/planning units)
     if (safetyConfig.enabled && safetyConfig.checkpoints && unitType === "execute-task") {

package/dist/resources/extensions/gsd/auto/session.js

@@ -79,6 +79,17 @@ export class AutoSession {
     lastStateRebuildAt = 0;
     // ── Sidecar queue ─────────────────────────────────────────────────────
     sidecarQueue = [];
+    // ── Pre-exec gate failure context (#4551) ───────────────────────────
+    /**
+     * Persisted when a pre-execution gate fails on a plan-slice or refine-slice
+     * unit. The planning → plan-slice dispatch rule reads this field and injects
+     * the failure details into the next re-dispatch prompt so the LLM can fix the
+     * specific issues instead of producing an identical plan.
+     *
+     * Cleared after it has been consumed (injected into the prompt) to avoid
+     * stale context bleeding into unrelated slices.
+     */
+    lastPreExecFailure = null;
     // ── Tool invocation errors (#2883) ──────────────────────────────────
     /** Set when a GSD tool execution ends with isError due to malformed/truncated
      *  JSON arguments. Checked by postUnitPreVerification to break retry loops. */
@@ -199,6 +210,7 @@ export class AutoSession {
         this.sidecarQueue = [];
         this.rewriteAttemptCount = 0;
         this.consecutiveCompleteBootstraps = 0;
+        this.lastPreExecFailure = null;
         this.lastToolInvocationError = null;
         this.lastGitActionFailure = null;
         this.lastGitActionStatus = null;

package/dist/resources/extensions/gsd/auto-dispatch.js

@@ -451,18 +451,31 @@ export const DISPATCH_RULES = [
     },
     {
         name: "planning → plan-slice",
-        match: async ({ state, mid, midTitle, basePath, sessionContextWindow, modelRegistry }) => {
+        match: async ({ state, mid, midTitle, basePath, sessionContextWindow, modelRegistry, session }) => {
             if (state.phase !== "planning")
                 return null;
             if (!state.activeSlice)
                 return missingSliceStop(mid, state.phase);
             const sid = state.activeSlice.id;
             const sTitle = state.activeSlice.title;
+            // #4551: Consume any persisted pre-exec failure for this slice so the
+            // re-dispatched prompt includes the exact blocked references. Clear the
+            // field immediately after reading to prevent stale context leaking into
+            // a later, unrelated plan-slice run.
+            const unitId = `${mid}/${sid}`;
+            let priorPreExecFailure;
+            if (session?.lastPreExecFailure?.unitId === unitId) {
+                priorPreExecFailure = {
+                    blockingFindings: session.lastPreExecFailure.blockingFindings,
+                    verdictExcerpt: session.lastPreExecFailure.verdictExcerpt,
+                };
+                session.lastPreExecFailure = null;
+            }
             return {
                 action: "dispatch",
                 unitType: "plan-slice",
-                unitId: `${mid}/${sid}`,
-                prompt: await buildPlanSlicePrompt(mid, midTitle, sid, sTitle, basePath, undefined, { sessionContextWindow, modelRegistry }),
+                unitId,
+                prompt: await buildPlanSlicePrompt(mid, midTitle, sid, sTitle, basePath, undefined, { sessionContextWindow, modelRegistry, priorPreExecFailure }),
             };
         },
     },

package/dist/resources/extensions/gsd/auto-post-unit.js

@@ -30,7 +30,7 @@ import { checkPostUnitHooks, isRetryPending, consumeRetryTrigger, persistHookSta
 import { hasPendingCaptures, loadPendingCaptures, revertExecutorResolvedCaptures } from "./captures.js";
 import { debugLog } from "./debug-logger.js";
 import { runSafely } from "./auto-utils.js";
-import { getEvidence } from "./safety/evidence-collector.js";
+import { getEvidence, clearEvidenceFromDisk } from "./safety/evidence-collector.js";
 import { validateFileChanges } from "./safety/file-change-validator.js";
 // crossReferenceEvidence available for future use when verification_evidence is stored in DB
 // import { crossReferenceEvidence, type ClaimedEvidence } from "./safety/evidence-cross-ref.js";
@@ -588,6 +588,16 @@ export async function postUnitPreVerification(pctx, opts) {
                         debugLog("postUnit", { phase: "safety-content-validation", error: String(e) });
                     }
                 }
+                // Clear persisted evidence file now that post-unit processing is complete
+                // (Bug #4385 — prevents stale evidence from affecting retries of same unit ID).
+                if (safetyConfig.evidence_collection && s.currentUnit.type === "execute-task" && sMid && sSid && sTid) {
+                    try {
+                        clearEvidenceFromDisk(s.basePath, sMid, sSid, sTid);
+                    }
+                    catch (e) {
+                        debugLog("postUnit", { phase: "safety-evidence-clear", error: String(e) });
+                    }
+                }
             }
         }
         catch (e) {
@@ -950,12 +960,25 @@ export async function postUnitPostVerification(pctx) {
                     const suffix = blockingChecks.length > 3 ? `\n  \u2022 ...and ${blockingChecks.length - 3} more` : "";
                     const evidenceNote = `\nSee ${sid}-PRE-EXEC-VERIFY.json for full details.`;
                     ctx.ui.notify(`Pre-execution checks failed: ${blockingCount} blocking issue${blockingCount === 1 ? "" : "s"} found\n${details}${suffix}${evidenceNote}`, "error");
+                    // Persist failure context so the next plan-slice re-dispatch can inject
+                    // it into the prompt and break the infinite loop (#4551).
+                    s.lastPreExecFailure = {
+                        unitId: currentUnit.id,
+                        blockingFindings: blockingChecks.map(c => `[${c.category}] ${c.target}: ${c.message}`),
+                        verdictExcerpt: `status=${result.status}; ${blockingCount} blocking issue${blockingCount === 1 ? "" : "s"} detected`,
+                    };
                     preExecPauseNeeded = true;
                 }
                 else if (result.status === "warn") {
                     ctx.ui.notify(`Pre-execution checks passed with warnings`, "warning");
                     // Strict mode: treat warnings as blocking
                     if (prefs?.enhanced_verification_strict === true) {
+                        const warnChecks = result.checks.filter(c => !c.passed);
+                        s.lastPreExecFailure = {
+                            unitId: currentUnit.id,
+                            blockingFindings: warnChecks.map(c => `[${c.category}] ${c.target}: ${c.message}`),
+                            verdictExcerpt: `status=${result.status} (strict mode); ${warnChecks.length} warning${warnChecks.length === 1 ? "" : "s"} treated as blocking`,
+                        };
                         preExecPauseNeeded = true;
                     }
                 }

package/dist/resources/extensions/gsd/auto-prompts.js

@@ -1223,6 +1223,20 @@ export async function buildPlanSlicePrompt(mid, _midTitle, sid, sTitle, base, le
         prependBlocks.push(`## Prior Sketch Scope (soft hint — non-binding)\n\n${options.softScopeHint.trim()}\n\n` +
             `This scope was captured during an earlier progressive-planning pass that was later disabled. Treat it as context only — you may plan beyond it if the work genuinely requires more scope. Do NOT treat this as a hard boundary.`);
     }
+    // #4551: inject pre-exec failure context so the re-dispatched plan-slice
+    // addresses the exact blocked references rather than reproducing the same plan.
+    if (options?.priorPreExecFailure) {
+        const { blockingFindings, verdictExcerpt } = options.priorPreExecFailure;
+        const findingsList = blockingFindings.length > 0
+            ? blockingFindings.map(f => `- ${f}`).join("\n")
+            : "- (no specific findings recorded)";
+        prependBlocks.push(`## Fix these specific issues from the prior pre-exec check\n\n` +
+            `The previous plan-slice attempt was blocked by pre-execution validation.\n` +
+            `Gate verdict: ${verdictExcerpt}\n\n` +
+            `Blocked references that must be resolved in this plan:\n${findingsList}\n\n` +
+            `Revise the plan so that every reference listed above is satisfied before execution begins. ` +
+            `Do not reproduce the same file paths, package names, or task ordering that caused these failures.`);
+    }
     return renderSlicePrompt({
         mid, sid, sTitle, base,
         level: level ?? resolveInlineLevel(),

package/dist/resources/extensions/gsd/auto-worktree.js

@@ -1743,16 +1743,32 @@ export function mergeMilestoneToMain(originalBasePath_, milestoneId, roadmapCont
     // When a milestone only produced .gsd/ metadata (summaries, roadmaps) but no
     // real code, the user sees "milestone complete" but nothing changed in their
     // codebase. Surface this so the caller can warn the user.
+    //
+    // Bug #4385 fix: use `git diff-tree --root` instead of `git diff HEAD~1 HEAD`.
+    // `HEAD~1` does not exist on initial commits and is unreliable on shallow clones
+    // and merge commits. `diff-tree --root` handles all three cases correctly.
+    // The empty-tree hash (4b825dc…) is the universal fallback for refs that don't exist.
+    const GIT_EMPTY_TREE = "4b825dc642cb6eb9a060e54bf8d69288fbee4904";
     let codeFilesChanged = false;
     if (!nothingToCommit) {
         try {
-            const mergedFiles = nativeDiffNumstat(originalBasePath_, "HEAD~1", "HEAD");
-            codeFilesChanged = mergedFiles.some((entry) => !entry.path.startsWith(".gsd/"));
+            const diffTreeOutput = execFileSync("git", ["diff-tree", "--root", "--no-commit-id", "-r", "--name-only", "HEAD"], { cwd: originalBasePath_, stdio: ["ignore", "pipe", "pipe"], encoding: "utf-8" }).trim();
+            const mergedFiles = diffTreeOutput ? diffTreeOutput.split("\n").filter(Boolean) : [];
+            codeFilesChanged = mergedFiles.some((f) => !f.startsWith(".gsd/"));
         }
         catch (e) {
-            // If HEAD~1 doesn't exist (first commit), assume code was changed
-            logWarning("worktree", `diff numstat failed (assuming code changed): ${e.message}`);
-            codeFilesChanged = true;
+            // diff-tree failed (e.g. unborn HEAD in a brand-new repo) — fall back to
+            // comparing against the empty tree so initial-commit repos still report changes.
+            try {
+                const fallbackOutput = execFileSync("git", ["diff", "--name-only", GIT_EMPTY_TREE, "HEAD"], { cwd: originalBasePath_, stdio: ["ignore", "pipe", "pipe"], encoding: "utf-8" }).trim();
+                const fallbackFiles = fallbackOutput ? fallbackOutput.split("\n").filter(Boolean) : [];
+                codeFilesChanged = fallbackFiles.some((f) => !f.startsWith(".gsd/"));
+            }
+            catch {
+                // Truly unable to determine — assume code was changed to avoid silent data loss
+                logWarning("worktree", `diff-tree and empty-tree fallback both failed (assuming code changed): ${e.message}`);
+                codeFilesChanged = true;
+            }
         }
     }
     // 10. Auto-push if enabled

package/dist/resources/extensions/gsd/auto.js

@@ -37,8 +37,9 @@ import { getRtkSessionSavings } from "../shared/rtk-session-stats.js";
 import { deactivateGSD } from "../shared/gsd-phase-state.js";
 import { initMetrics, resetMetrics, getLedger, getProjectTotals, formatCost, formatTokenCount, } from "./metrics.js";
 import { setLogBasePath, logWarning } from "./workflow-logger.js";
+import { preflightCleanRoot, postflightPopStash } from "./clean-root-preflight.js";
 import { homedir } from "node:os";
-import { join } from "node:path";
+import { isAbsolute, join } from "node:path";
 import { pathToFileURL } from "node:url";
 import { readFileSync, existsSync, mkdirSync, writeFileSync, unlinkSync } from "node:fs";
 import { atomicWriteSync } from "./atomic-write.js";
@@ -136,6 +137,24 @@ function restoreMilestoneLockEnv() {
     s.hadMilestoneLockEnv = false;
     s.milestoneLockEnvCaptured = false;
 }
+function normalizeSessionFilePath(raw) {
+    if (typeof raw !== "string")
+        return null;
+    const trimmed = raw.trim();
+    if (!trimmed)
+        return null;
+    const firstLine = trimmed.split(/\r?\n/, 1)[0]?.trim() ?? "";
+    if (!firstLine)
+        return null;
+    // Guard against accidental message concatenation by trimming to .jsonl.
+    const jsonlIndex = firstLine.toLowerCase().indexOf(".jsonl");
+    const candidate = jsonlIndex >= 0 ? firstLine.slice(0, jsonlIndex + ".jsonl".length) : firstLine;
+    if (!isAbsolute(candidate))
+        return null;
+    if (!candidate.toLowerCase().endsWith(".jsonl"))
+        return null;
+    return candidate;
+}
 export function startAutoDetached(ctx, pi, base, verboseMode, options) {
     void startAuto(ctx, pi, base, verboseMode, options).catch((err) => {
         const message = getErrorMessage(err);
@@ -775,7 +794,7 @@ export async function pauseAuto(ctx, _pi, _errorContext) {
     // Pass errorContext so runUnitPhase can distinguish user-initiated pause
     // from provider-error pause and avoid hard-stopping (#2762).
     resolveAgentEndCancelled(_errorContext);
-    s.pausedSessionFile = ctx?.sessionManager?.getSessionFile() ?? null;
+    s.pausedSessionFile = normalizeSessionFilePath(ctx?.sessionManager?.getSessionFile() ?? null);
     // Persist paused-session metadata so resume survives /exit (#1383).
     // The fresh-start bootstrap checks for this file and restores worktree context.
     try {
@@ -974,6 +993,9 @@ function buildLoopDeps() {
         },
         // Journal
         emitJournalEvent: (entry) => _emitJournalEvent(s.basePath, entry),
+        // Clean-root preflight gate (#2909)
+        preflightCleanRoot,
+        postflightPopStash,
     };
 }
 /**
@@ -1030,7 +1052,9 @@ export async function startAuto(ctx, pi, base, verboseMode, options) {
                     unlinkSync(pausedPath);
                 }
                 catch (e) {
-                    logWarning("session", `pause file cleanup failed: ${e instanceof Error ? e.message : String(e)}`, { file: "auto.ts" });
+                    if (e.code !== "ENOENT") {
+                        logWarning("session", `pause file cleanup failed: ${e instanceof Error ? e.message : String(e)}`, { file: "auto.ts" });
+                    }
                 }
                 ctx.ui.notify(`Resuming paused custom workflow${meta.activeRunDir ? ` (${meta.activeRunDir})` : ""}.`, "info");
             }
@@ -1048,7 +1072,9 @@ export async function startAuto(ctx, pi, base, verboseMode, options) {
                             unlinkSync(pausedPath);
                         }
                         catch (err) {
-                            logWarning("session", `pause file cleanup failed: ${err instanceof Error ? err.message : String(err)}`, { file: "auto.ts" });
+                            if (err.code !== "ENOENT") {
+                                logWarning("session", `pause file cleanup failed: ${err instanceof Error ? err.message : String(err)}`, { file: "auto.ts" });
+                            }
                         }
                         ctx.ui.notify(`Paused milestone ${meta.milestoneId} is ${!mDir ? "missing" : "already complete"}. Starting fresh.`, "info");
                     }
@@ -1056,7 +1082,7 @@ export async function startAuto(ctx, pi, base, verboseMode, options) {
                         s.currentMilestoneId = meta.milestoneId;
                         s.originalBasePath = meta.originalBasePath || base;
                         s.stepMode = meta.stepMode ?? requestedStepMode;
-                        s.pausedSessionFile = meta.sessionFile ?? null;
+                        s.pausedSessionFile = normalizeSessionFilePath(meta.sessionFile ?? null);
                         s.pausedUnitType = meta.unitType ?? null;
                         s.pausedUnitId = meta.unitId ?? null;
                         s.autoStartTime = meta.autoStartTime || Date.now();
@@ -1066,7 +1092,9 @@ export async function startAuto(ctx, pi, base, verboseMode, options) {
                             unlinkSync(pausedPath);
                         }
                         catch (e) {
-                            logWarning("session", `pause file cleanup failed: ${e instanceof Error ? e.message : String(e)}`, { file: "auto.ts" });
+                            if (e.code !== "ENOENT") {
+                                logWarning("session", `pause file cleanup failed: ${e instanceof Error ? e.message : String(e)}`, { file: "auto.ts" });
+                            }
                         }
                         ctx.ui.notify(`Resuming paused session for ${meta.milestoneId}${meta.worktreePath && existsSync(meta.worktreePath) ? ` (worktree)` : ""}.`, "info");
                     }
@@ -1076,7 +1104,9 @@ export async function startAuto(ctx, pi, base, verboseMode, options) {
                         unlinkSync(pausedPath);
                     }
                     catch (e) {
-                        logWarning("session", `stale pause file cleanup failed: ${e instanceof Error ? e.message : String(e)}`, { file: "auto.ts" });
+                        if (e.code !== "ENOENT") {
+                            logWarning("session", `stale pause file cleanup failed: ${e instanceof Error ? e.message : String(e)}`, { file: "auto.ts" });
+                        }
                     }
                 }
             }
@@ -1132,7 +1162,9 @@ export async function startAuto(ctx, pi, base, verboseMode, options) {
                 unlinkSync(s.pausedSessionFile);
             }
             catch (err) {
-                logWarning("session", `pause file cleanup failed: ${err instanceof Error ? err.message : String(err)}`, { file: "auto.ts" });
+                if (err.code !== "ENOENT") {
+                    logWarning("session", `pause file cleanup failed: ${err instanceof Error ? err.message : String(err)}`, { file: "auto.ts" });
+                }
             }
             s.pausedSessionFile = null;
         }
@@ -1360,8 +1392,8 @@ export async function dispatchHookUnit(ctx, pi, hookName, triggerUnitType, trigg
                 `Ensure the model is defined in models.json and has auth configured.`, "warning");
         }
     }
-    const sessionFile = ctx.sessionManager.getSessionFile();
-    writeLock(lockBase(), hookUnitType, triggerUnitId, sessionFile);
+    const sessionFile = normalizeSessionFilePath(ctx.sessionManager.getSessionFile());
+    writeLock(lockBase(), hookUnitType, triggerUnitId, sessionFile ?? undefined);
     clearUnitTimeout();
     const supervisor = resolveAutoSupervisorConfig();
     const hookHardTimeoutMs = (supervisor.hard_timeout_minutes ?? 30) * 60 * 1000;

package/dist/resources/extensions/gsd/bootstrap/register-hooks.js

@@ -17,7 +17,8 @@ import { isParallelActive, shutdownParallel } from "../parallel-orchestrator.js"
 import { checkToolCallLoop, resetToolCallLoopGuard } from "./tool-call-loop-guard.js";
 import { saveActivityLog } from "../activity-log.js";
 import { resetAskUserQuestionsCache } from "../../ask-user-questions.js";
-import { recordToolCall as safetyRecordToolCall, recordToolResult as safetyRecordToolResult } from "../safety/evidence-collector.js";
+import { recordToolCall as safetyRecordToolCall, recordToolResult as safetyRecordToolResult, saveEvidenceToDisk } from "../safety/evidence-collector.js";
+import { parseUnitId } from "../unit-id.js";
 import { classifyCommand } from "../safety/destructive-guard.js";
 import { logWarning as safetyLogWarning } from "../workflow-logger.js";
 import { installNotifyInterceptor } from "./notify-interceptor.js";
@@ -457,6 +458,15 @@ export function registerHooks(pi, ecosystemHandlers) {
         // Safety harness: record tool execution results for evidence cross-referencing
         if (isAutoActive()) {
             safetyRecordToolResult(event.toolCallId, event.toolName, event.result, event.isError);
+            // Persist evidence to disk after each tool result so it survives a session
+            // restart mid-unit (Bug #4385 — non-persisted evidence false positives).
+            const dash = getAutoDashboardData();
+            if (dash.basePath && dash.currentUnit?.type === "execute-task") {
+                const { milestone: pMid, slice: pSid, task: pTid } = parseUnitId(dash.currentUnit.id);
+                if (pMid && pSid && pTid) {
+                    saveEvidenceToDisk(dash.basePath, pMid, pSid, pTid);
+                }
+            }
         }
     });
     pi.on("model_select", async (_event, ctx) => {

package/dist/resources/extensions/gsd/bootstrap/write-gate.js

@@ -24,8 +24,29 @@ const QUEUE_SAFE_TOOLS = new Set([
 /**
  * Bash commands that are read-only / investigative — safe during queue mode.
  * Matches the leading command in a bash invocation.
+ *
+ * Extension policy: add commands here when they are read-only / diagnostic.
+ * Never add commands that mutate project state (write files, run builds that
+ * emit artifacts, install packages, etc.).
+ *
+ * Current read-only additions (Bug #4385):
+ *   npm run <diagnostic> — read-only diagnostic scripts: test, lint, typecheck, etc.
+ *                         NOT: build, install, compile, generate, deploy (artifact-producing)
+ *   npm ls/list/info    — inspect installed packages (read-only)
+ *   npm outdated/audit  — security/update checks (read-only)
+ *   npx <pkg>           — run a package binary without installing globally
+ *   tsx                 — TypeScript runner used for dry-run / inspection scripts
+ *   node --print        — evaluate and print an expression, no side effects
+ *   python / python3    — script inspection, version checks
+ *   pip / pip3 show     — show installed package info (read-only)
+ *   jq                  — read-only JSON query
+ *   yq                  — read-only YAML query
+ *   curl -s / curl --silent — fetch for inspection (no -o / no output redirect)
+ *   openssl version     — version / certificate inspection
+ *   env / printenv      — print environment variables
+ *   true / false        — shell no-ops / test exit codes
  */
-const BASH_READ_ONLY_RE = /^\s*(cat|head|tail|less|more|wc|file|stat|du|df|which|type|echo|printf|ls|find|grep|rg|awk|sed\b(?!.*-i)|sort|uniq|diff|comm|tr|cut|tee\s+-a\s+\/dev\/null|git\s+(log|show|diff|status|branch|tag|remote|rev-parse|ls-files|blame|shortlog|describe|stash\s+list|config\s+--get|cat-file)|gh\s+(issue|pr|api|repo|release)\s+(view|list|diff|status|checks)|mkdir\s+-p\s+\.gsd|rtk\s)/;
+const BASH_READ_ONLY_RE = /^\s*(cat|head|tail|less|more|wc|file|stat|du|df|which|type|echo|printf|ls|find|grep|rg|awk|sed\b(?!.*-i)|sort|uniq|diff|comm|tr|cut|tee\s+-a\s+\/dev\/null|git\s+(log|show|diff|status|branch|tag|remote|rev-parse|ls-files|blame|shortlog|describe|stash\s+list|config\s+--get|cat-file)|gh\s+(issue|pr|api|repo|release)\s+(view|list|diff|status|checks)|mkdir\s+-p\s+\.gsd|rtk\s|npm\s+run\s+(test|test:\w+|lint|lint:\w+|typecheck|type-check|type-check:\w+|check|verify|audit|outdated|format:check|ci|validate)\b|npm\s+(ls|list|info|view|show|outdated|audit|explain|doctor|ping|--version|-v)\b|npx\s|tsx\s|node\s+(--print|--version|-v\b)|python[23]?\s+(-c\s+'[^']*'|--version|-V\b|-m\s+(pip\s+show|pip\s+list|site))|pip[23]?\s+(show|list|freeze|check|index\s+versions)\b|jq\s|yq\s|curl\s+(-s\b|--silent\b)(?!\s+[^|>]*\s-[oO]\b)(?!\s+[^|>]*\s--output\b)[^|>]*$|openssl\s+(version|x509|s_client)|env\b|printenv\b|true\b|false\b)/;
 const verifiedDepthMilestones = new Set();
 let activeQueuePhase = false;
 /**

package/dist/resources/extensions/gsd/clean-root-preflight.js

@@ -0,0 +1,93 @@
+/**
+ * clean-root-preflight.ts — Preflight gate for dirty working trees before milestone merges.
+ *
+ * #2909: Adds a fast-path git status check before milestone completion merges.
+ * When the working tree is dirty the user is warned and changes are auto-stashed
+ * so the merge can proceed cleanly.  After the merge completes, postflightPopStash
+ * restores the stashed changes.
+ *
+ * Design constraints (from Trek-e approval):
+ *  - Warn the user before stashing (no silent surprises)
+ *  - git stash push / git stash pop only — no custom stash management layer
+ *  - Stash/pop errors are logged but MUST NOT block the merge
+ *  - Fast-path status check — clean trees pay no extra cost
+ */
+import { execFileSync } from "node:child_process";
+import { GIT_NO_PROMPT_ENV } from "./git-constants.js";
+import { logWarning } from "./workflow-logger.js";
+import { nativeHasChanges } from "./native-git-bridge.js";
+/**
+ * Check the working tree for dirty files before a milestone merge.
+ *
+ * Clean tree path: O(1) — returns immediately with stashPushed=false.
+ *
+ * Dirty tree path:
+ *  1. Emits a warning notification via the provided `notify` callback.
+ *  2. Runs `git stash push --include-untracked -m "gsd-preflight-stash"`.
+ *  3. Returns stashPushed=true so the caller knows to call postflightPopStash.
+ *
+ * Any stash error is logged but does NOT throw — the merge proceeds regardless.
+ */
+export function preflightCleanRoot(basePath, milestoneId, notify) {
+    // Fast-path: clean tree — nothing to do
+    let isDirty = false;
+    try {
+        isDirty = nativeHasChanges(basePath);
+    }
+    catch (err) {
+        // If the status check itself fails, treat as clean and let the merge decide
+        logWarning("preflight", `clean-root status check failed: ${err instanceof Error ? err.message : String(err)}`);
+        return { stashPushed: false, summary: "" };
+    }
+    if (!isDirty) {
+        return { stashPushed: false, summary: "" };
+    }
+    // Warn the user before stashing
+    const warnMsg = `Working tree has uncommitted changes before milestone ${milestoneId} merge. Auto-stashing to allow clean merge (stash will be restored after merge).`;
+    notify(warnMsg, "warning");
+    // Push the stash
+    try {
+        execFileSync("git", ["stash", "push", "--include-untracked", "-m", "gsd-preflight-stash"], {
+            cwd: basePath,
+            stdio: ["ignore", "pipe", "pipe"],
+            encoding: "utf-8",
+            env: GIT_NO_PROMPT_ENV,
+        });
+        return {
+            stashPushed: true,
+            summary: `Stashed uncommitted changes before merge (milestone ${milestoneId}).`,
+        };
+    }
+    catch (err) {
+        // Stash failure is non-fatal — log and let the merge attempt proceed
+        const msg = `git stash push failed before merge of milestone ${milestoneId}: ${err instanceof Error ? err.message : String(err)}`;
+        logWarning("preflight", msg);
+        notify(`Auto-stash failed before milestone ${milestoneId} merge — proceeding anyway. ${msg}`, "warning");
+        return { stashPushed: false, summary: `stash-push-failed: ${msg}` };
+    }
+}
+/**
+ * Restore stashed changes after a milestone merge completes.
+ *
+ * Only called when preflightCleanRoot returned stashPushed=true.
+ * Any pop error (e.g. conflict) is logged and notified but does NOT throw —
+ * the merge already completed successfully.
+ */
+export function postflightPopStash(basePath, milestoneId, notify) {
+    try {
+        execFileSync("git", ["stash", "pop"], {
+            cwd: basePath,
+            stdio: ["ignore", "pipe", "pipe"],
+            encoding: "utf-8",
+            env: GIT_NO_PROMPT_ENV,
+        });
+        notify(`Restored stashed changes after milestone ${milestoneId} merge.`, "info");
+    }
+    catch (err) {
+        // Pop conflicts mean the merged code collides with the stashed changes.
+        // Log a warning — the user needs to resolve manually, but the merge succeeded.
+        const msg = `git stash pop failed after merge of milestone ${milestoneId}: ${err instanceof Error ? err.message : String(err)}. Run "git stash pop" manually to restore your changes.`;
+        logWarning("preflight", msg);
+        notify(msg, "warning");
+    }
+}