plan-phase.md contains illustrative DATABASE_URL/REDIS_URL examples
in documentation text, not real credentials. The secret-scan.sh script
already supports .secretscanignore — this file activates it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add agent_skills config section that maps agent types to skill directory
paths. At spawn time, workflows load configured skills and inject them
as <agent_skills> blocks in Task() prompts, giving subagents access to
project-specific skill files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When cwd is a git repo inside a GSD workspace, findProjectRoot() walked
up and returned the workspace parent (which also has .planning/) instead
of the cwd itself. This caused all init commands to resolve project_root
to the workspace root, making phase/roadmap lookups fail with "Phase not
found" errors.
The fix adds an early return: if startDir already contains a .planning/
directory, it is the project root — no need to walk up to a parent.
Fixes#1362
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Test suite modernization:
- Converted all try/finally cleanup patterns to beforeEach/afterEach hooks
across 11 test files (core, copilot-install, config, workstream,
milestone-summary, forensics, state, antigravity, profile-pipeline,
workspace)
- Consolidated 40 inline mkdtempSync calls to use centralized helpers
- Added createTempDir() helper for bare temp directories
- Added optional prefix parameter to createTempProject/createTempGitProject
- Fixed config test HOME sandboxing (was reading global defaults.json)
New CONTRIBUTING.md:
- Test standards: hooks over try/finally, centralized helpers, HOME sandboxing
- Node 22/24 compatibility requirements with Node 26 forward-compat
- Code style, PR guidelines, security practices
- File structure overview
All 1382 tests pass, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The prompt-injection, base64, and secret scan tests execute bash
scripts via execFileSync which doesn't work on Windows without
Git Bash. Use node:test's { skip: IS_WINDOWS } option to skip
entire describe blocks on win32 platform.
Structure/existence tests (shebang, permissions) still run on
all platforms. Behavioral tests only run on macOS/Linux.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add base64-scan.sh and secret-scan.sh to prompt injection scanner
allowlist (scanner was flagging its own pattern strings)
- Skip executable bit check on Windows (no Unix permissions)
- Skip bash script execution tests on Windows (requires Git Bash)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add CI security pipeline to catch prompt injection attacks, base64-obfuscated
payloads, leaked secrets, and .planning/ directory commits in PRs.
This is critical for get-shit-done because the entire codebase is markdown
prompts — a prompt injection in a workflow file IS the attack surface.
New files:
- scripts/prompt-injection-scan.sh: scans for instruction override, role
manipulation, system boundary injection, DAN/jailbreak, and tool call
injection patterns in changed files
- scripts/base64-scan.sh: extracts base64 blobs >= 40 chars, decodes them,
and checks decoded content against injection patterns (skips data URIs
and binary content)
- scripts/secret-scan.sh: detects AWS keys, OpenAI/Anthropic keys, GitHub
PATs, Stripe keys, private key headers, and generic credential patterns
- .github/workflows/security-scan.yml: runs all three scans plus a
.planning/ directory check on every PR
- .base64scanignore / .secretscanignore: per-repo false positive allowlists
- tests/security-scan.test.cjs: 51 tests covering script existence,
pattern matching, false positive avoidance, and workflow structure
All scripts support --diff (CI), --file, and --dir modes. Cross-platform
(macOS + Linux). SHA-pinned actions. Environment variables used for
github context in run blocks (no direct interpolation).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PR #1139 added <available_agent_types> sections to execute-phase.md and
plan-phase.md to prevent /clear from causing silent fallback to
general-purpose. However, 14 other workflows and 2 commands that also
spawn named GSD agents were missed, leaving them vulnerable to the same
regression after /clear.
Added <available_agent_types> listing to: research-phase, quick,
audit-milestone, diagnose-issues, discuss-phase-assumptions,
execute-plan, map-codebase, new-milestone, new-project, ui-phase,
ui-review, validate-phase, verify-work (workflows) and debug,
research-phase (commands).
Added regression test that enforces every workflow/command spawning
named subagent_type must have a matching <available_agent_types>
section listing all spawned types.
Fixes#1357
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The parser hardcoded 4/6/8/10-space indent levels for must_haves
sub-blocks, but standard YAML uses 2-space indentation. This caused
"No must_haves.key_links found in frontmatter" for valid plan files.
The fix dynamically detects the actual indent of must_haves: and its
sub-blocks instead of assuming fixed column positions.
Fixes#1356
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The original PR (#1337) used \Z in a JavaScript regex, which is a
Perl/Python/Ruby anchor — JavaScript interprets it as a literal match
for the character 'Z', silently truncating expected text containing
that letter. Replace with a two-pass approach: try next-key lookahead
first, fall back to greedy match to end-of-string.
Also remove the redundant `to=all:` pattern in sanitizeForDisplay()
since it is a subset of the existing `to=[^:\s]+:` pattern.
Add regression tests proving the Z-truncation bug and verifying
expected blocks at end-of-section parse correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add validateHookFields() that strips invalid hook entries before they
cause Claude Code's Zod schema to silently discard the entire
settings.json file. Agent hooks require "prompt", command hooks require
"command", and entries without a valid hooks sub-array are removed.
Uses a clean two-pass approach: first validate and build new arrays
(no mutation inside filter predicates), then collect-and-delete empty
event keys (no delete during Object.keys iteration). Result entries
are shallow copies so the original input objects are never mutated.
Includes 24 tests covering passthrough, removal, structural invalidity,
empty cleanup, mutation safety, unknown types, and iteration safety.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two fixes for Codex config.toml compatibility:
1. ensureCodexHooksFeature: insert [features] before the first table header
instead of prepending it before all content. Prepending traps bare
top-level keys (model, model_reasoning_effort) under [features], where
Codex rejects them with "invalid type: string, expected a boolean".
2. generateCodexConfigBlock: use absolute config_file paths when targetDir
is provided. Codex ≥0.116 requires AbsolutePathBuf and cannot resolve
relative "agents/..." paths, failing with "AbsolutePathBuf deserialized
without a base path".
Fixes#1202
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Address 4 root causes of Windows + Claude Code reliability issues:
1. Workflow shell robustness: add || true guards to informational commands
(ls, grep, find, cat) that return non-zero on "no results", preventing
workflow step failures under strict execution models. Guard glob loops
with [ -e "$var" ] || continue to handle empty glob expansion.
2. Hook stdin handling: replace readFileSync('/dev/stdin') with async
process.stdin + timeout in agent templates (gsd-verifier.md). Existing
JS hooks already have timeout guards.
3. project_root detection: fix isInsideGitRepo() to check .git at the
candidate parent level (not just below it), enabling correct detection
when .git and .planning/ are siblings at the same directory level —
the common single-repo case from a subdirectory.
4. @file: handoff: add missing @file: handlers to autonomous.md and
manager.md workflows that call gsd-tools init but lacked the handler
for large output payloads.
Fixes#1343
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The map-codebase workflow was refactored to remove the explicit
"Runtimes with Task tool" line in favor of inline detection instructions.
Updated test to match the new workflow structure by checking the
"NOT available" condition line instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Worktree agents (gsd-executor, gsd-debugger) prompt for edit permissions
on every new directory they touch, even when the user has "accept edits"
enabled. This is caused by Claude Code's directory-scoped permission
model not propagating to worktree paths.
Setting permissionMode: acceptEdits in the agent frontmatter tells Claude
Code to auto-approve file edits for these agents, bypassing the per-
directory prompts. This is safe because these agents are already granted
Write/Edit in their tools list and are spawned in isolated worktrees.
- Add permissionMode: acceptEdits to gsd-executor.md frontmatter
- Add permissionMode: acceptEdits to gsd-debugger.md frontmatter
- Add regression tests verifying worktree agents have the field
- Add test ensuring all isolation="worktree" spawns are covered
Upstream: anthropics/claude-code#29110, anthropics/claude-code#28041
Fixes#1334
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds full Windsurf (by Codeium) runtime integration, following the same
pattern as the existing Cursor support. Windsurf uses .windsurf/ for
local config and ~/.windsurf/ for global config, with skills in
.windsurf/skills/ using the SKILL.md structure.
What:
- CLI flag --windsurf and interactive prompt option (8)
- Directory mapping (.windsurf local, ~/.windsurf global)
- Content converter functions (tool names, path replacements, brand refs)
- Skill copy function (copyCommandsAsWindsurfSkills)
- Agent conversion (convertClaudeAgentToWindsurfAgent)
- Install/uninstall branches
- Banner, help text, and issue template updates
- Windsurf conversion test suite (windsurf-conversion.test.cjs)
- Updated multi-runtime selection tests for 8 runtimes
Closes#1336
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The code/package detection in cmdInitNewProject only recognized 7 file
extensions and 5 package files, missing Android (Kotlin + Gradle), Flutter
(Dart + pubspec.yaml), C/C++, C#, Ruby, PHP, Scala, and others. This caused
new-project to treat brownfield projects in those ecosystems as greenfield,
skipping the codebase mapping step.
Added 18 code extensions and 11 package/build files to the detection lists.
Fixes#1325
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
