The CLI (commands.cjs, init.cjs) uses `todos/completed/` but three
workflow files and three FEATURES.md docs referenced `todos/done/`.
This caused completed todos to land in different directories depending
on whether the CLI command or the workflow instructions were followed.
Closes#1438
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Probe <projectDir>/.claude/get-shit-done/bin/gsd-tools.cjs before falling back
to ~/.claude/get-shit-done/bin/gsd-tools.cjs, fixing MODULE_NOT_FOUND for
repo-local GSD installations. Also adds repo-local agent definition path.
Closes#1424
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add installSdk() and promptSdk() to the installer so users can
optionally install @gsd-build/sdk during GSD setup. The --sdk flag
installs without prompting; interactive installs get a Y/N prompt
after runtime installation completes. SDK installs use @latest with
suppressed npm noise (--force --no-fund --loglevel=error, stdio: pipe).
Cherry-picked from fix/sdk-cli-runtime-bugs (de9f18f) which was
left out of #1407.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The autonomous workflow ran discuss -> plan -> execute per phase but
skipped ui-phase (design contract) and ui-review (visual audit) for
frontend phases. This adds two conditional steps that match the UI
detection logic already in plan-phase step 5.6:
- Step 3a.5: generates UI-SPEC before planning if frontend indicators
are detected and no UI-SPEC exists
- Step 3d.5: runs advisory UI review after successful execution if a
UI-SPEC is present
Both steps respect workflow.ui_phase and workflow.ui_review config
toggles and skip silently for non-frontend phases.
Fixes#1375
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Pre-#1346 GSD installs prepended [features] before bare top-level keys
in ~/.codex/config.toml, trapping keys like model="gpt-5.3-codex" under
[features] where Codex expects only booleans. The #1346 fix prevented
NEW corruption but did not repair EXISTING corrupted configs. Re-installing
GSD left the trapped keys in place, causing "invalid type: string, expected
a boolean" on every Codex launch.
repairTrappedFeaturesKeys() now detects non-boolean key-value lines inside
[features] and relocates them before the [features] header during
ensureCodexHooksFeature(), so re-installs heal previously corrupted configs.
Fixes#1379
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When GSD agents are not installed in .claude/agents/, Task(subagent_type="gsd-*")
silently falls back to general-purpose, losing specialized instructions, structured
outputs, and verification protocols.
What changed:
- Added checkAgentsInstalled() to core.cjs that validates all expected agents exist on disk
- All init commands now include agents_installed and missing_agents in their output
- Health check (validate health) reports W010 when agents are missing or incomplete
- New validate agents subcommand for standalone agent installation diagnostics
Fixes#1371
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
cmdStateBeginPhase replaced the entire ## Current Position section with only
Phase and Plan lines, destroying Status, Last activity, and Progress fields.
cmdStateAdvancePlan then failed to update these fields since they no longer
existed.
Now begin-phase updates individual lines within Current Position instead of
replacing the whole section. Also adds updateCurrentPositionFields helper so
advance-plan keeps the Current Position body in sync with bold frontmatter
fields.
Fixes#1365
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The repository was transferred from the glittercowboy org to gsd-build,
but several files still referenced the old org in URLs. This updates all
repository URL references across READMEs (all languages), package.json,
and the update workflow. Also removes a duplicate language selector in
the main README header.
Files intentionally unchanged:
- CHANGELOG.md (historical entries)
- CODEOWNERS, FUNDING.yml, SECURITY.md (reference @glittercowboy as a
GitHub username/handle, not a repo URL)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
plan-phase.md contains illustrative DATABASE_URL/REDIS_URL examples
in documentation text, not real credentials. The secret-scan.sh script
already supports .secretscanignore — this file activates it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add agent_skills config section that maps agent types to skill directory
paths. At spawn time, workflows load configured skills and inject them
as <agent_skills> blocks in Task() prompts, giving subagents access to
project-specific skill files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When cwd is a git repo inside a GSD workspace, findProjectRoot() walked
up and returned the workspace parent (which also has .planning/) instead
of the cwd itself. This caused all init commands to resolve project_root
to the workspace root, making phase/roadmap lookups fail with "Phase not
found" errors.
The fix adds an early return: if startDir already contains a .planning/
directory, it is the project root — no need to walk up to a parent.
Fixes#1362
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Test suite modernization:
- Converted all try/finally cleanup patterns to beforeEach/afterEach hooks
across 11 test files (core, copilot-install, config, workstream,
milestone-summary, forensics, state, antigravity, profile-pipeline,
workspace)
- Consolidated 40 inline mkdtempSync calls to use centralized helpers
- Added createTempDir() helper for bare temp directories
- Added optional prefix parameter to createTempProject/createTempGitProject
- Fixed config test HOME sandboxing (was reading global defaults.json)
New CONTRIBUTING.md:
- Test standards: hooks over try/finally, centralized helpers, HOME sandboxing
- Node 22/24 compatibility requirements with Node 26 forward-compat
- Code style, PR guidelines, security practices
- File structure overview
All 1382 tests pass, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The prompt-injection, base64, and secret scan tests execute bash
scripts via execFileSync which doesn't work on Windows without
Git Bash. Use node:test's { skip: IS_WINDOWS } option to skip
entire describe blocks on win32 platform.
Structure/existence tests (shebang, permissions) still run on
all platforms. Behavioral tests only run on macOS/Linux.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add base64-scan.sh and secret-scan.sh to prompt injection scanner
allowlist (scanner was flagging its own pattern strings)
- Skip executable bit check on Windows (no Unix permissions)
- Skip bash script execution tests on Windows (requires Git Bash)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add CI security pipeline to catch prompt injection attacks, base64-obfuscated
payloads, leaked secrets, and .planning/ directory commits in PRs.
This is critical for get-shit-done because the entire codebase is markdown
prompts — a prompt injection in a workflow file IS the attack surface.
New files:
- scripts/prompt-injection-scan.sh: scans for instruction override, role
manipulation, system boundary injection, DAN/jailbreak, and tool call
injection patterns in changed files
- scripts/base64-scan.sh: extracts base64 blobs >= 40 chars, decodes them,
and checks decoded content against injection patterns (skips data URIs
and binary content)
- scripts/secret-scan.sh: detects AWS keys, OpenAI/Anthropic keys, GitHub
PATs, Stripe keys, private key headers, and generic credential patterns
- .github/workflows/security-scan.yml: runs all three scans plus a
.planning/ directory check on every PR
- .base64scanignore / .secretscanignore: per-repo false positive allowlists
- tests/security-scan.test.cjs: 51 tests covering script existence,
pattern matching, false positive avoidance, and workflow structure
All scripts support --diff (CI), --file, and --dir modes. Cross-platform
(macOS + Linux). SHA-pinned actions. Environment variables used for
github context in run blocks (no direct interpolation).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PR #1139 added <available_agent_types> sections to execute-phase.md and
plan-phase.md to prevent /clear from causing silent fallback to
general-purpose. However, 14 other workflows and 2 commands that also
spawn named GSD agents were missed, leaving them vulnerable to the same
regression after /clear.
Added <available_agent_types> listing to: research-phase, quick,
audit-milestone, diagnose-issues, discuss-phase-assumptions,
execute-plan, map-codebase, new-milestone, new-project, ui-phase,
ui-review, validate-phase, verify-work (workflows) and debug,
research-phase (commands).
Added regression test that enforces every workflow/command spawning
named subagent_type must have a matching <available_agent_types>
section listing all spawned types.
Fixes#1357
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The parser hardcoded 4/6/8/10-space indent levels for must_haves
sub-blocks, but standard YAML uses 2-space indentation. This caused
"No must_haves.key_links found in frontmatter" for valid plan files.
The fix dynamically detects the actual indent of must_haves: and its
sub-blocks instead of assuming fixed column positions.
Fixes#1356
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The original PR (#1337) used \Z in a JavaScript regex, which is a
Perl/Python/Ruby anchor — JavaScript interprets it as a literal match
for the character 'Z', silently truncating expected text containing
that letter. Replace with a two-pass approach: try next-key lookahead
first, fall back to greedy match to end-of-string.
Also remove the redundant `to=all:` pattern in sanitizeForDisplay()
since it is a subset of the existing `to=[^:\s]+:` pattern.
Add regression tests proving the Z-truncation bug and verifying
expected blocks at end-of-section parse correctly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add validateHookFields() that strips invalid hook entries before they
cause Claude Code's Zod schema to silently discard the entire
settings.json file. Agent hooks require "prompt", command hooks require
"command", and entries without a valid hooks sub-array are removed.
Uses a clean two-pass approach: first validate and build new arrays
(no mutation inside filter predicates), then collect-and-delete empty
event keys (no delete during Object.keys iteration). Result entries
are shallow copies so the original input objects are never mutated.
Includes 24 tests covering passthrough, removal, structural invalidity,
empty cleanup, mutation safety, unknown types, and iteration safety.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two fixes for Codex config.toml compatibility:
1. ensureCodexHooksFeature: insert [features] before the first table header
instead of prepending it before all content. Prepending traps bare
top-level keys (model, model_reasoning_effort) under [features], where
Codex rejects them with "invalid type: string, expected a boolean".
2. generateCodexConfigBlock: use absolute config_file paths when targetDir
is provided. Codex ≥0.116 requires AbsolutePathBuf and cannot resolve
relative "agents/..." paths, failing with "AbsolutePathBuf deserialized
without a base path".
Fixes#1202
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
