keystone-cli 1.1.2 → 1.2.0

package/README.md

@@ -134,22 +134,23 @@ keystone ui
 
 `keystone init` seeds these workflows under `.keystone/workflows/` (and the agents they rely on under `.keystone/workflows/agents/`):
 
-Top-level workflows:
-- `scaffold-feature`: Interactive workflow scaffolder. Prompts for requirements, plans files, generates content, and writes them.
-- `decompose-problem`: Decomposes a problem into research/implementation/review tasks, waits for approval, runs sub-workflows, and summarizes.
-- `dev`: Self-bootstrapping DevMode workflow for an interactive plan/implement/verify loop.
-- `agent-handoff`: Demonstrates agent handoffs and tool-driven context updates.
-- `script-example`: Demonstrates sandboxed JavaScript execution.
-- `artifact-example`: Demonstrates artifact upload and download between steps.
-- `idempotency-example`: Demonstrates safe retries for side-effecting steps.
-
-Sub-workflows:
-- `scaffold-plan`: Generates a file plan from `requirements` input.
-- `scaffold-generate`: Generates file contents from `requirements` plus a `files` plan.
-- `decompose-research`: Runs a single research task (`task`) with optional `context`/`constraints`.
-- `decompose-implement`: Runs a single implementation task (`task`) with optional `research` findings.
-- `decompose-review`: Reviews a single implementation task (`task`) with optional `implementation` results.
-- `review-loop`: Reusable generate → critique → refine loop with a quality gate.
+Top-level workflows (seeded in `.keystone/workflows/`):
+- `scaffold-feature.yaml`: Interactive workflow scaffolder. Prompts for requirements, plans files, generates content, and writes them.
+- `decompose-problem.yaml`: Decomposes a problem into research/implementation/review tasks, waits for approval, runs sub-workflows, and summarizes.
+- `dev.yaml`: Self-bootstrapping DevMode workflow for an interactive plan/implement/verify loop.
+- `agent-handoff.yaml`: Demonstrates agent handoffs and tool-driven context updates.
+- `full-feature-demo.yaml`: A comprehensive workflow demonstrating multiple step types (shell, file, request, etc.).
+- `script-example.yaml`: Demonstrates sandboxed JavaScript execution.
+- `artifact-example.yaml`: Demonstrates artifact upload and download between steps.
+- `idempotency-example.yaml`: Demonstrates safe retries for side-effecting steps.
+
+Sub-workflows (seeded in `.keystone/workflows/`):
+- `scaffold-plan.yaml`: Generates a file plan from `requirements` input.
+- `scaffold-generate.yaml`: Generates file contents from `requirements` plus a `files` plan.
+- `decompose-research.yaml`: Runs a single research task (`task`) with optional `context`/`constraints`.
+- `decompose-implement.yaml`: Runs a single implementation task (`task`) with optional `research` findings.
+- `decompose-review.yaml`: Reviews a single implementation task (`task`) with optional `implementation` results.
+- `review-loop.yaml`: Reusable generate → critique → refine loop with a quality gate.
 
 Example runs:
 ```bash
@@ -198,7 +199,7 @@ providers:
   google-gemini:
     type: google-gemini
     base_url: https://cloudcode-pa.googleapis.com
-    default_model: gemini-3-pro-high
+    default_model: gemini-1.5-pro
   groq:
     type: openai
     base_url: https://api.groq.com/openai/v1
@@ -481,7 +482,8 @@ Keystone supports several specialized step types:
     ```yaml
     outputMapping:
       final_result: result_from_subflow
-      status: state
+      # 'from' can be used for explicit mapping or expression
+      # status: { from: "steps.some_step.status" }
     ```
 - `join`: Aggregate outputs from dependencies and enforce a completion condition.
   - `condition`: `'all'` (default), `'any'`, or a number.
@@ -499,6 +501,7 @@ Keystone supports several specialized step types:
   - `op: store`: Store text with metadata.
   - `op: search`: Search for similar text using vector embeddings.
   - `text` / `query`: The content to store or search for.
+  - `model`: Optional embedding model (defaults to `local`). Currently only local embeddings (via `Transformers.js`) are supported.
   - `metadata`: Optional object for filtering or additional context.
   - `limit`: Number of results to return (default `5`).
   ```yaml
@@ -551,8 +554,8 @@ All steps support common features:
 - `retry`: `{ count, backoff: 'linear'|'exponential', baseDelay }`.
 - `timeout`: Maximum execution time in milliseconds (best-effort; supported steps receive an abort signal).
 - `foreach`: Iterate over an array in parallel.
-- `concurrency`: Limit parallel items for `foreach` (must be a positive integer).
-- `strategy.matrix`: Experimental parser-time expansion into `foreach` (prefer explicit `foreach` for now).
+- `concurrency`: Limit parallel items for `foreach` (must be a positive integer). Defaults to `50`.
+- `strategy.matrix`: Multi-axis expansion into `foreach` at parse-time.
 - `pool`: Assign step to a resource pool.
 - `breakpoint`: Pause before executing the step when running with `--debug`.
 - `compensate`: Step to run if the workflow rolls back.
@@ -806,6 +809,24 @@ Upload and download files between steps without hardcoded artifact paths.
 
 Upload outputs include `artifactPath` and `files` for downstream references.
 
+- `git`: Perform git operations (clone, worktree, checkout, pull, push, commit).
+  - `op`: Required operation (`clone`, `worktree_add`, `worktree_remove`, `checkout`, `pull`, `push`, `commit`).
+  - `path`: Local path for clone or worktree.
+  - `url`: Repository URL for clone.
+  - `branch`: Branch name for clone, checkout, push, pull, or worktree.
+  - `message`: Commit message.
+  - `cwd`: Directory to run the git command in.
+  - `allowOutsideCwd`: Boolean (default `false`). Set `true` to allow operations outside the project root.
+  - `allowInsecure`: Boolean (default `false`). Set `true` to allow git commands that fail the security whitelist.
+
+```yaml
+- id: setup_feat
+  type: git
+  op: worktree_add
+  path: ../feat-branch
+  branch: feature/x
+```
+
 ### Structured Events
 
 Emit NDJSON events for step and workflow lifecycle updates:
@@ -1224,6 +1245,11 @@ graph TD
     EX --> Script[Script Step]
     EX --> Sleep[Sleep Step]
     EX --> Memory[Memory operations]
+    EX --> Artifact[Artifact operations]
+    EX --> Git[Git operations]
+    EX --> Wait[Wait Step]
+    EX --> Join[Join Step]
+    EX --> Blueprint[Blueprint Step]
 
     LLM --> Adapters[LLM Adapters]
     Adapters --> Providers[OpenAI, Anthropic, Gemini, Copilot, etc.]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "keystone-cli",
-  "version": "1.1.2",
+  "version": "1.2.0",
   "description": "A local-first, declarative, agentic workflow orchestrator built on Bun",
   "type": "module",
   "bin": {

package/src/commands/init.ts

@@ -17,6 +17,7 @@ import architectAgent from '../templates/agents/keystone-architect.md' with { ty
 import softwareEngineerAgent from '../templates/agents/software-engineer.md' with { type: 'text' };
 import summarizerAgent from '../templates/agents/summarizer.md' with { type: 'text' };
 import testerAgent from '../templates/agents/tester.md' with { type: 'text' };
+import fullFeatureDemo from '../templates/basics/full-feature-demo.yaml' with { type: 'text' };
 import idempotencyExample from '../templates/control-flow/idempotency-example.yaml' with {
   type: 'text',
 };
@@ -118,6 +119,7 @@ const SEEDS = [
   { path: '.keystone/workflows/script-example.yaml', content: scriptExample },
   { path: '.keystone/workflows/artifact-example.yaml', content: artifactExample },
   { path: '.keystone/workflows/idempotency-example.yaml', content: idempotencyExample },
+  { path: '.keystone/workflows/full-feature-demo.yaml', content: fullFeatureDemo },
 ];
 
 export function registerInitCommand(program: Command): void {

package/src/parser/schema.ts

@@ -395,6 +395,19 @@ const ArtifactStepSchema = BaseStepSchema.extend({
   allowOutsideCwd: z.boolean().optional(),
 });
 
+const GitStepSchema = BaseStepSchema.extend({
+  type: z.literal('git'),
+  op: z.enum(['clone', 'worktree_add', 'worktree_remove', 'checkout', 'pull', 'push', 'commit']),
+  path: z.string().optional(), // Local path for clone or worktree
+  url: z.string().optional(), // Repo URL for clone
+  branch: z.string().optional(),
+  message: z.string().optional(), // For commit
+  cwd: z.string().optional(), // Working directory for the git command
+  env: z.record(z.string()).optional(),
+  allowOutsideCwd: z.boolean().optional(),
+  allowInsecure: z.boolean().optional(),
+});
+
 const WaitStepSchema = BaseStepSchema.extend({
   type: z.literal('wait'),
   event: z.string(),
@@ -404,23 +417,24 @@ const WaitStepSchema = BaseStepSchema.extend({
 
 // ===== Discriminated Union for Steps =====
 
-export const StepSchema: z.ZodType<unknown> = z.lazy(() =>
+export const StepSchema: z.ZodType<any> = z.lazy(() =>
   z.discriminatedUnion('type', [
-    ShellStepSchema,
-    LlmStepSchema,
-    PlanStepSchema,
-    WorkflowStepSchema,
-    FileStepSchema,
-    RequestStepSchema,
-    HumanStepSchema,
-    SleepStepSchema,
-    ScriptStepSchema,
-    EngineStepSchema,
-    MemoryStepSchema,
-    JoinStepSchema,
-    BlueprintStepSchema,
-    ArtifactStepSchema,
-    WaitStepSchema,
+    ShellStepSchema as any,
+    LlmStepSchema as any,
+    PlanStepSchema as any,
+    WorkflowStepSchema as any,
+    FileStepSchema as any,
+    RequestStepSchema as any,
+    HumanStepSchema as any,
+    SleepStepSchema as any,
+    ScriptStepSchema as any,
+    EngineStepSchema as any,
+    MemoryStepSchema as any,
+    JoinStepSchema as any,
+    BlueprintStepSchema as any,
+    ArtifactStepSchema as any,
+    WaitStepSchema as any,
+    GitStepSchema as any,
   ])
 );
 
@@ -487,7 +501,25 @@ export const AgentSchema = z.object({
 
 export type WorkflowInput = z.infer<typeof InputSchema>;
 export type RetryConfig = z.infer<typeof RetrySchema>;
-export type Step = z.infer<typeof StepSchema>;
+
+export type Step =
+  | z.infer<typeof ShellStepSchema>
+  | z.infer<typeof LlmStepSchema>
+  | z.infer<typeof PlanStepSchema>
+  | z.infer<typeof WorkflowStepSchema>
+  | z.infer<typeof FileStepSchema>
+  | z.infer<typeof RequestStepSchema>
+  | z.infer<typeof HumanStepSchema>
+  | z.infer<typeof SleepStepSchema>
+  | z.infer<typeof ScriptStepSchema>
+  | z.infer<typeof EngineStepSchema>
+  | z.infer<typeof MemoryStepSchema>
+  | z.infer<typeof JoinStepSchema>
+  | z.infer<typeof BlueprintStepSchema>
+  | z.infer<typeof ArtifactStepSchema>
+  | z.infer<typeof WaitStepSchema>
+  | z.infer<typeof GitStepSchema>;
+
 export type ShellStep = z.infer<typeof ShellStepSchema>;
 export type LlmStep = z.infer<typeof LlmStepSchema>;
 export type PlanStep = z.infer<typeof PlanStepSchema>;
@@ -502,6 +534,7 @@ export type EngineStep = z.infer<typeof EngineStepSchema>;
 export type JoinStep = z.infer<typeof JoinStepSchema>;
 export type BlueprintStep = z.infer<typeof BlueprintStepSchema>;
 export type ArtifactStep = z.infer<typeof ArtifactStepSchema>;
+export type GitStep = z.infer<typeof GitStepSchema>;
 export type Blueprint = z.infer<typeof BlueprintSchema>;
 export type Workflow = z.infer<typeof WorkflowSchema>;
 export type AgentTool = z.infer<typeof AgentToolSchema>;
@@ -531,5 +564,6 @@ export {
   BlueprintStepSchema,
   MemoryStepSchema,
   ArtifactStepSchema,
+  GitStepSchema,
 };
 export type Agent = z.infer<typeof AgentSchema>;

package/src/runner/executors/file-executor.test.ts

@@ -36,13 +36,15 @@ describe('file-executor', () => {
       const blocks: SearchReplaceBlock[] = [
         { search: ' indent', replace: 'dedent' }, // one space vs two
       ];
-      // Should not find ' indent' because actual is '  indent' (double space) if strict?
-      // Actually '  indent'.split(' indent') -> [' ', ''] -> found once!
-      // Wait '  indent'.includes(' indent') is true.
-      // '  indent'.split(' indent') -> [' ', ''] (length 2).
-      // So it works.
       const result = applySearchReplaceBlocks(content, blocks);
       expect(result).toBe(' dedent');
     });
+
+    it('should handle CRLF line endings by treating them as LF', () => {
+      const content = 'line1\r\nline2\r\nline3';
+      const blocks: SearchReplaceBlock[] = [{ search: 'line2', replace: 'modified' }];
+      const result = applySearchReplaceBlocks(content, blocks);
+      expect(result).toBe('line1\nmodified\nline3');
+    });
   });
 });

package/src/runner/executors/file-executor.ts

@@ -116,7 +116,7 @@ export function applyUnifiedDiff(content: string, patch: string, targetPath: str
   const diff = parseUnifiedDiff(patch);
   assertDiffMatchesTarget(diff.newFile || diff.originalFile, targetPath);
 
-  const lines = content.split('\n');
+  const lines = content.replace(/\r\n/g, '\n').split('\n');
   const resultLines = [...lines];
 
   // Apply hunks in reverse order to keep line numbers valid
@@ -188,7 +188,7 @@ export function parseSearchReplaceBlocks(patch: string): SearchReplaceBlock[] {
 }
 
 export function applySearchReplaceBlocks(content: string, blocks: SearchReplaceBlock[]): string {
-  let result = content;
+  let result = content.replace(/\r\n/g, '\n');
 
   for (const block of blocks) {
     const parts = result.split(block.search);

package/src/runner/executors/git-executor.test.ts

@@ -0,0 +1,278 @@
+import { afterEach, beforeEach, describe, expect, it, jest, spyOn } from 'bun:test';
+import type { GitStep } from '../../parser/schema.ts';
+import { ConsoleLogger } from '../../utils/logger.ts';
+import { executeGitStep } from './git-executor.ts';
+import * as shellExecutor from './shell-executor.ts';
+
+describe('git-executor', () => {
+  const logger = new ConsoleLogger();
+  const context = {
+    env: {},
+    inputs: {},
+    steps: {},
+  };
+
+  let executeShellSpy: any;
+
+  beforeEach(() => {
+    executeShellSpy = spyOn(shellExecutor, 'executeShell').mockResolvedValue({
+      stdout: 'git output',
+      stderr: '',
+      exitCode: 0,
+    });
+  });
+
+  afterEach(() => {
+    executeShellSpy.mockRestore();
+  });
+
+  it('should execute clone operation', async () => {
+    const step: GitStep = {
+      id: 'git-clone',
+      type: 'git',
+      op: 'clone',
+      url: 'https://github.com/mhingston/keystone-cli.git',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git clone https://github.com/mhingston/keystone-cli.git ',
+      }),
+      context,
+      logger,
+      undefined,
+      'git clone https://github.com/mhingston/keystone-cli.git '
+    );
+  });
+
+  it('should execute clone with branch', async () => {
+    const step: GitStep = {
+      id: 'git-clone-branch',
+      type: 'git',
+      op: 'clone',
+      url: 'https://github.com/mhingston/keystone-cli.git',
+      branch: 'main',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git clone -b main https://github.com/mhingston/keystone-cli.git ',
+      }),
+      context,
+      logger,
+      undefined,
+      'git clone -b main https://github.com/mhingston/keystone-cli.git '
+    );
+  });
+
+  it('should execute worktree_add operation', async () => {
+    const step: GitStep = {
+      id: 'git-worktree-add',
+      type: 'git',
+      op: 'worktree_add',
+      path: './tmp-worktree',
+      branch: 'feature-branch',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect((result.output as any).worktreePath).toBe('./tmp-worktree');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git worktree add ./tmp-worktree feature-branch',
+      }),
+      context,
+      logger,
+      undefined,
+      'git worktree add ./tmp-worktree feature-branch'
+    );
+  });
+
+  it('should execute worktree_remove operation', async () => {
+    const step: GitStep = {
+      id: 'git-worktree-remove',
+      type: 'git',
+      op: 'worktree_remove',
+      path: './tmp-worktree',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git worktree remove ./tmp-worktree',
+      }),
+      context,
+      logger,
+      undefined,
+      'git worktree remove ./tmp-worktree'
+    );
+  });
+
+  it('should execute checkout operation', async () => {
+    const step: GitStep = {
+      id: 'git-checkout',
+      type: 'git',
+      op: 'checkout',
+      branch: 'main',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git checkout main',
+      }),
+      context,
+      logger,
+      undefined,
+      'git checkout main'
+    );
+  });
+
+  it('should execute pull operation', async () => {
+    const step: GitStep = {
+      id: 'git-pull',
+      type: 'git',
+      op: 'pull',
+      branch: 'main',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git pull origin main',
+      }),
+      context,
+      logger,
+      undefined,
+      'git pull origin main'
+    );
+  });
+
+  it('should execute push operation', async () => {
+    const step: GitStep = {
+      id: 'git-push',
+      type: 'git',
+      op: 'push',
+      branch: 'main',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git push origin main',
+      }),
+      context,
+      logger,
+      undefined,
+      'git push origin main'
+    );
+  });
+
+  it('should execute commit operation', async () => {
+    const step: GitStep = {
+      id: 'git-commit',
+      type: 'git',
+      op: 'commit',
+      message: 'test commit',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('success');
+    expect(executeShellSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        run: 'git add . && git commit -m "test commit"',
+      }),
+      context,
+      logger,
+      undefined,
+      'git add . && git commit -m "test commit"'
+    );
+  });
+
+  it('should handle failed operations', async () => {
+    executeShellSpy.mockResolvedValue({
+      stdout: '',
+      stderr: 'git error',
+      exitCode: 1,
+    });
+
+    const step: GitStep = {
+      id: 'git-fail',
+      type: 'git',
+      op: 'pull',
+      needs: [],
+    };
+
+    const result = await executeGitStep(step, context, logger);
+    expect(result.status).toBe('failed');
+    expect(result.error).toContain('Git pull failed with code 1: git error');
+  });
+
+  it('should throw error for missing url in clone', async () => {
+    const step: GitStep = {
+      id: 'git-clone-no-url',
+      type: 'git',
+      op: 'clone',
+      needs: [],
+    };
+
+    await expect(executeGitStep(step, context, logger)).rejects.toThrow(
+      'Git clone requires a "url"'
+    );
+  });
+
+  it('should throw error for missing path in worktree_add', async () => {
+    const step: GitStep = {
+      id: 'git-worktree-no-path',
+      type: 'git',
+      op: 'worktree_add',
+      needs: [],
+    };
+
+    await expect(executeGitStep(step, context, logger)).rejects.toThrow(
+      'Git worktree_add requires a "path"'
+    );
+  });
+
+  it('should throw error for missing branch in checkout', async () => {
+    const step: GitStep = {
+      id: 'git-checkout-no-branch',
+      type: 'git',
+      op: 'checkout',
+      needs: [],
+    };
+
+    await expect(executeGitStep(step, context, logger)).rejects.toThrow(
+      'Git checkout requires a "branch"'
+    );
+  });
+
+  it('should throw error for missing message in commit', async () => {
+    const step: GitStep = {
+      id: 'git-commit-no-msg',
+      type: 'git',
+      op: 'commit',
+      needs: [],
+    };
+
+    await expect(executeGitStep(step, context, logger)).rejects.toThrow(
+      'Git commit requires a "message"'
+    );
+  });
+});

package/src/runner/executors/git-executor.ts

@@ -0,0 +1,100 @@
+import { ExpressionEvaluator } from '../../expression/evaluator.ts';
+import type { ExpressionContext } from '../../expression/evaluator.ts';
+import type { GitStep } from '../../parser/schema.ts';
+import { ConsoleLogger, type Logger } from '../../utils/logger.ts';
+import { PathResolver } from '../../utils/paths.ts';
+import { type ShellResult, executeShell } from './shell-executor.ts';
+import type { StepResult } from './types.ts';
+
+/**
+ * Git command executor
+ */
+export async function executeGitStep(
+  step: GitStep,
+  context: ExpressionContext,
+  logger: Logger = new ConsoleLogger(),
+  abortSignal?: AbortSignal
+): Promise<StepResult> {
+  const op = step.op;
+  const cwd = step.cwd ? ExpressionEvaluator.evaluateString(step.cwd, context) : undefined;
+
+  if (cwd) {
+    PathResolver.assertWithinCwd(cwd, step.allowOutsideCwd, 'CWD');
+  }
+
+  // Pre-process common inputs
+  const path = step.path ? ExpressionEvaluator.evaluateString(step.path, context) : undefined;
+  const url = step.url ? ExpressionEvaluator.evaluateString(step.url, context) : undefined;
+  const branch = step.branch ? ExpressionEvaluator.evaluateString(step.branch, context) : undefined;
+  const message = step.message
+    ? ExpressionEvaluator.evaluateString(step.message, context)
+    : undefined;
+
+  let command = '';
+  switch (op) {
+    case 'clone':
+      if (!url) throw new Error('Git clone requires a "url"');
+      command = `git clone ${branch ? `-b ${branch} ` : ''}${url} ${path || ''}`;
+      break;
+    case 'worktree_add':
+      if (!path) throw new Error('Git worktree_add requires a "path"');
+      command = `git worktree add ${path} ${branch || ''}`;
+      break;
+    case 'worktree_remove':
+      if (!path) throw new Error('Git worktree_remove requires a "path"');
+      command = `git worktree remove ${path}`;
+      break;
+    case 'checkout':
+      if (!branch) throw new Error('Git checkout requires a "branch"');
+      command = `git checkout ${branch}`;
+      break;
+    case 'pull':
+      command = `git pull origin ${branch || ''}`;
+      break;
+    case 'push':
+      command = `git push origin ${branch || ''}`;
+      break;
+    case 'commit':
+      if (!message) throw new Error('Git commit requires a "message"');
+      command = `git add . && git commit -m "${message.replace(/"/g, '\\"')}"`;
+      break;
+    default:
+      throw new Error(`Unsupported git operation: ${op}`);
+  }
+
+  // Use executeShell to leverage its security checks and output handling
+  // We explicitly allow insecure if the user set it, but by default executeShell
+  // will check the command against the whitelist.
+  // Note: Git commands often contain spaces/slashes which are in the whitelist.
+  const result: ShellResult = await executeShell(
+    {
+      ...step,
+      type: 'shell',
+      run: command,
+      dir: cwd,
+    },
+    context,
+    logger,
+    abortSignal,
+    command
+  );
+
+  if (result.exitCode !== 0) {
+    return {
+      output: result,
+      status: 'failed',
+      error: `Git ${op} failed with code ${result.exitCode}: ${result.stderr}`,
+    };
+  }
+
+  // Provide some structured output based on the operation
+  const output: any = { ...result };
+  if (op === 'worktree_add') {
+    output.worktreePath = path;
+  }
+
+  return {
+    output,
+    status: 'success',
+  };
+}