refactor: deepen GSDTools query execution seams (#3085 )

* refactor: deepen gsdtools query execution seams * docs: add changeset for query seam deepening * docs: fix changeset summary text * fix: address coderabbit query seam findings * test: address remaining coderabbit findings and notes * refactor: use internal gsdtools error type import
Deepen query dispatch seam with Command Topology Module (#3078 )
2026-05-05 14:52:16 +02:00 · 2026-05-03 18:56:41 -04:00 · 2026-05-03 18:11:38 -04:00 · 2026-05-03 16:31:48 -04:00 · 2026-05-03 15:57:01 -04:00 · 2026-05-03 15:29:34 -04:00
443 changed files with 15945 additions and 2401 deletions
--- a/.changeset/README.md
+++ b/.changeset/README.md
@@ -0,0 +1,44 @@
 # Changeset Fragments
 This directory holds **per-PR CHANGELOG fragments**. Every PR with user-facing changes drops one (or more) `<random-name>.md` files here describing its CHANGELOG entry. Fragments are consolidated into the top-level `CHANGELOG.md` at release time.
 ## Why
 Two PRs that both edit the `### Fixed` block of `CHANGELOG.md` always conflict on merge — git can't pick a serialization order without human input. Two PRs that each add a fresh `.changeset/<unique-name>.md` never conflict because they don't share lines.
 See [#2975](https://github.com/gsd-build/get-shit-done/issues/2975) for the full rationale.
 ## Adding a fragment
 ```bash
 node scripts/changeset/new.cjs \
  --type Fixed \
  --pr 1234 \
  --body "fix the thing — explain the user-visible change in one sentence"
 ```
 This writes `.changeset/<adjective>-<noun>-<noun>.md` with frontmatter and a body. Three random words → concurrent PRs don't collide.
 ## Format
 ```md
 ---
 type: Fixed
 pr: 1234
 ---
 **`/gsd-foo` no longer drops trailing slashes** — explain the user-visible change.
 ```
 Allowed `type:` values follow [Keep a Changelog](https://keepachangelog.com/): `Added`, `Changed`, `Deprecated`, `Removed`, `Fixed`, `Security`.
 ## Opting out
 PRs that legitimately have no user-facing impact can add the `no-changelog` label. CI honors it. When unsure, add the fragment.
 ## At release time
 ```bash
 node scripts/changeset/cli.cjs render --version vX.Y.Z --date YYYY-MM-DD
 ```
 Reads every fragment, groups bullets by `type:`, replaces `## [Unreleased]` with a new `## [vX.Y.Z] - YYYY-MM-DD` block, opens a fresh `## [Unreleased]` above, deletes consumed fragments. Idempotent.
--- a/.changeset/blue-stones-topology.md
+++ b/.changeset/blue-stones-topology.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 ---
 **Query command dispatch deepened with Command Topology Module** — query dispatch now consumes a single topology seam that resolves command tokens, binds native handler adapters, and returns structured no-match diagnosis, improving locality and reducing dispatch seam drift.
--- a/.changeset/bold-finches-rally.md
+++ b/.changeset/bold-finches-rally.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3058
 ---
 **GSD transport raw-mode handling and timeout fallback hardened** — fixes undefined raw formatting edge case and adds raw-path coverage to prevent regressions.
--- a/.changeset/brave-mice-build.md
+++ b/.changeset/brave-mice-build.md
@@ -0,0 +1,8 @@
 ---
 type: Changed
 pr: 3069
 ---
 **query command metadata now flows through a canonical Command Definition Module seam** — registry assembly, mutation semantics, and alias generation consume one Interface (`family`, `canonical`, `aliases`, `mutation`, `output_mode`, `handler_key`) to improve locality and reduce drift.
 **query fallback error mapping cleanup** — the CJS fallback catch path now passes original `err` to `mapFallbackDispatchError` (follow-up to prior review feedback missed in PR #3066).
--- a/.changeset/bright-pumas-fold.md
+++ b/.changeset/bright-pumas-fold.md
@@ -0,0 +1,6 @@
 ---
 type: Changed
 pr: 3075
 ---
 **query architecture deepening pass** — extracted Query Runtime Context, Native Dispatch Adapter, and Query CLI Output Modules so dispatch policy, runtime context policy, and CLI projection logic each live behind focused seams with higher locality and leverage.
--- a/.changeset/calm-birds-greet.md
+++ b/.changeset/calm-birds-greet.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2990
 ---
 gsd-code-fixer worktree no longer fails on the same-branch checkout — the agent now creates a new gsd-reviewfix/ branch via git worktree add -b and fast-forwards the user's branch on cleanup. See #2990.
--- a/.changeset/calm-ibex-jump.md
+++ b/.changeset/calm-ibex-jump.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 2986
 ---
 Test suite for config-schema.cjs is now mutation-resistant — 95 typed assertions kill the 124 surviving Stryker mutants from the 4.62% baseline. Tests target static-key fast path, dynamic-pattern .some semantics, polarity, and regex-anchor tightening. See #2986.
--- a/.changeset/calm-tigers-frolic.md
+++ b/.changeset/calm-tigers-frolic.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3008
 ---
 **`tests/install-minimal.test.cjs:307` no longer races on shared `os.tmpdir()` under parallel CI** — the previous shape compared `listTmpStageDirs()` snapshots before and after the throw. Under `scripts/run-tests.cjs --test-concurrency=4`, `tests/install-minimal-all-runtimes.test.cjs` runs in a parallel process and creates/removes `gsd-minimal-skills-*` dirs in the shared OS tmpdir between snapshots, so `deepStrictEqual` failed deterministically when the parallel process happened to have a live stage dir during the snapshot window. Fix: stub `fs.mkdtempSync` to record THIS call's stage dir, then assert that exact path no longer exists after the throw — no global filesystem snapshot, no race. (#3008)
--- a/.changeset/codex-bare-node-fix.md
+++ b/.changeset/codex-bare-node-fix.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3022
 ---
 **Codex SessionStart hook now uses absolute Node binary path** — closes the gap left after #3002. The Codex install path wrote `command = "node ${path}"` directly into config.toml, bypassing `resolveNodeRunner()`. Under GUI/minimal-PATH runtimes (`/usr/bin:/bin:/usr/sbin:/sbin`), bare `node` failed to resolve, exit 127. Now routed through new `buildCodexHookBlock()` helper. Reinstall path migrates legacy bare-node entries via new `rewriteLegacyCodexHookBlock()`. See #3017.
--- a/.changeset/codex-discuss-fallback.md
+++ b/.changeset/codex-discuss-fallback.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: TBD
 ---
 **Codex skill adapter no longer instructs the agent to silently default discuss-phase decisions.** When `request_user_input` was rejected (Default mode), the generated adapter said "pick a reasonable default" — so `$gsd-discuss-phase` proceeded toward writing CONTEXT.md / DISCUSSION-LOG.md / checkpoints without ever asking the user. Adapter prose now requires the agent to STOP, present plain-text questions, and wait, with explicit named exceptions (`--auto`/`--all`/explicit user approval). See #3018.
--- a/.changeset/cool-monkeys-smell.md
+++ b/.changeset/cool-monkeys-smell.md
@@ -0,0 +1,6 @@
 ---
 type: Changed
 pr: 3074
 ---
 **query CLI path extracted into a dedicated Query CLI Adapter Module** — `sdk/src/cli.ts` now delegates query-specific dispatch, error mapping, and output/exit handling to `sdk/src/query/query-cli-adapter.ts` for better locality and testability.
--- a/.changeset/curious-bears-march.md
+++ b/.changeset/curious-bears-march.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3012
 ---
 **Post-install message and update.md no longer recommend the removed `/gsd-reapply-patches` command** — after PR #2824 consolidated 86 skills into ~58, `/gsd-reapply-patches` was folded into a flag (`/gsd-update --reapply`). The 1.39.1 hotfix (#2954) updated `help.md` but missed `bin/install.js`'s `reportLocalPatches` runtime emitter, `get-shit-done/workflows/update.md` Step 4, and the English + zh-CN/ja-JP/ko-KR doc set. Users hit "Unknown command" after every install with backed-up patches. All five runtime branches in `reportLocalPatches` (claude, opencode, kilo, copilot, gemini, codex, cursor) now emit the consolidated form. Regression: `tests/bug-3010-reapply-patches-references.test.cjs` scans `bin/install.js`, every workflow file, and every doc (excluding CHANGELOG history and help.md's deprecation notice) for stale recommendations. See #3010.
--- a/.changeset/docs-1-40-0-audit.md
+++ b/.changeset/docs-1-40-0-audit.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 0
 ---
 **Documentation refreshed for v1.40.0** — full audit of `docs/` against the 1.40.0-rc.1 release surface. Updates command lists, walkthroughs, and inventory rows for the 86→59 skill consolidation (#2790), the six namespace meta-skills with two-stage routing (#2792), the `/gsd-health --context` guard, the phase-lifecycle status-line read-side (#2833), and the Gemini colon-form / non-Gemini hyphen-form slash-command split. Translations in ja-JP/ko-KR/zh-CN/pt-BR mirror the structural changes; new English prose is marked with `<!-- TODO i18n -->` for human translator follow-up. CHANGELOG.md `[Unreleased]` section regrouped under Feature/Enhancement/Fix headers.
--- a/.changeset/dynamic-routing.md
+++ b/.changeset/dynamic-routing.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: TBD
 ---
 **`dynamic_routing` block in `.planning/config.json` for failure-tier escalation (#3024).** Each agent declares a default tier (`light` / `standard` / `heavy`); when `dynamic_routing.enabled: true`, the resolver picks `tier_models[default_tier]` for the first spawn and escalates one tier up on orchestrator-detected soft failure (capped by `max_escalations`). Disabled by default — fully backward compatible. Composes with `model_overrides` (higher precedence) and `models.<phase_type>` (lower) for full cost-control flexibility. Adds new resolver `resolveModelForTier(cwd, agent, attempt)` to `core.cjs` for orchestrator integration.
--- a/.changeset/eager-hawks-rally.md
+++ b/.changeset/eager-hawks-rally.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2975
 ---
 **Changeset-fragment workflow** — eliminates CHANGELOG.md merge conflicts. Each PR drops `.changeset/<random-name>.md` with frontmatter (`type:`, `pr:`) plus a markdown body; the release-time `npm run changelog:render` consolidates fragments into `CHANGELOG.md` and deletes them. CI lint (`npm run lint:changeset`) requires a fragment on any PR touching user-facing files (`bin/`, `get-shit-done/`, `agents/`, `commands/`, `hooks/`, `sdk/src/`); contributors can opt out via the `no-changelog` label for purely internal changes. See [.changeset/README.md](.changeset/README.md) and CONTRIBUTING.md for the workflow.
--- a/.changeset/gemini-skip-local-when-global.md
+++ b/.changeset/gemini-skip-local-when-global.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3037
 ---
 **Gemini local install no longer duplicates `/gsd:*` commands across user and workspace scopes** — when GSD is already installed at the user scope (`~/.gemini/commands/gsd/`) and you run `npx get-shit-done-cc --gemini --local` in a project, the installer now skips writing `commands/gsd/` to `<project>/.gemini/` and prints a one-line warning explaining why. Previously, both scopes received the same 65 command files, and Gemini's conflict detector renamed every `/gsd:*` command to `/workspace.gsd:*` and `/user.gsd:*`, breaking the documented namespace. Closes #3037.
--- a/.changeset/happy-jays-greet.md
+++ b/.changeset/happy-jays-greet.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2994
 ---
 /gsd-reapply-patches Step 5 verifier now resolves at runtime — moved scripts/verify-reapply-patches.cjs to get-shit-done/bin/ which is shipped by the installer. The legacy scripts/ directory is not copied to user installs. See #2994.
--- a/.changeset/happy-tigers-travel.md
+++ b/.changeset/happy-tigers-travel.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **Query mutation event mapping moved to dedicated module** — preserves event payloads while improving registry locality and test surface.
--- a/.changeset/help-passthrough.md
+++ b/.changeset/help-passthrough.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3026
 ---
 **`gsd-sdk query <subcommand> --help` now reaches the handler instead of returning top-level usage.** The query argv parser harvested `--help` as a global flag and `main()` short-circuited dispatch — there was no path to discover what arguments a query subcommand accepts. The parser now leaves `--help` in `queryArgv` so the handler/fallback can render contextual help. The `gsd-tools.cjs` fallback now renders top-level usage on `--help` (instead of erroring), preserving #1818's anti-hallucination invariant by NOT executing the destructive command. See #3019.
--- a/.changeset/humble-goats-swim.md
+++ b/.changeset/humble-goats-swim.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **Alias-family handler maps moved to dedicated catalog module** — keeps command keys/order while reducing createRegistry coupling and improving family-level locality.
--- a/.changeset/install-shell-path-probe.md
+++ b/.changeset/install-shell-path-probe.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3028
 ---
 **Installer no longer prints `✓ GSD SDK ready` when the shim is unreachable from the user's runtime shells.** The previous check used `process.env.PATH` from the install subprocess, which often differs from the user's later interactive shells (POSIX `~/.local/bin` not in login shell, node-version-manager PATH shims). Added `getUserShellPath()` helper that probes `$SHELL -lc 'printf %s "$PATH"'` and `isGsdSdkOnPath(pathString?)` overload that accepts an explicit PATH; the install-time check now downgrades to the actionable `⚠` diagnostic from PR #3014 when install-PATH and user-shell-PATH disagree. Windows cross-shell support tracked separately. See #3020.
--- a/.changeset/issue-driven-orchestration.md
+++ b/.changeset/issue-driven-orchestration.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2840
 ---
 **`docs/issue-driven-orchestration.md` — recipe for driving GSD from a tracker issue** — new guide that maps Symphony-style orchestration concepts (workflow, isolated agent workspace, proof-of-work, human review gate, follow-up capture) onto existing GSD primitives (`/gsd-new-workspace`, `/gsd-manager`, `/gsd-autonomous`, `/gsd-verify-work`, `/gsd-review`, `/gsd-ship`, `STATE.md`, phase artifacts). Documentation only — no new commands, no daemon, no tracker integration.
--- a/.changeset/jolly-newts-roam.md
+++ b/.changeset/jolly-newts-roam.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2994
 ---
 /gsd-reapply-patches Step 5 verifier now resolves at runtime — moved scripts/verify-reapply-patches.cjs to get-shit-done/bin/ which is shipped by the installer. The legacy scripts/ directory is not copied to user installs. See #2994.
--- a/.changeset/jolly-pumas-dance.md
+++ b/.changeset/jolly-pumas-dance.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2979
 ---
 Managed JS hooks now resolve under GUI/minimal-PATH runtimes — installer emits process.execPath (absolute, quoted, forward-slash-normalized) as the runner for every .js hook command instead of bare node. See #2979.
--- a/.changeset/lively-goats-run.md
+++ b/.changeset/lively-goats-run.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2995
 ---
 Post-install path smoke test for workflow-invoked scripts — audits every node ${GSD_HOME}/...cjs invocation in workflows resolves at the runtime-installed path. See #2995.
--- a/.changeset/lively-otters-gather.md
+++ b/.changeset/lively-otters-gather.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3011
 ---
 **Actionable diagnostic when `gsd-sdk` is not on PATH after install** — Windows users (and others on multi-shell setups) reported that the previous "GSD SDK files are present but `gsd-sdk` is not on your PATH" warning gave them no way to fix it: no path to look at, no shell-specific commands, no mention of the npx-cache caveat. New `formatSdkPathDiagnostic({ shimDir, platform, runDir })` helper returns a typed IR with the resolved shim location, platform-specific PATH-export commands (PowerShell / cmd.exe / Git Bash on Windows; `export PATH` on POSIX), and an npx-specific note when running under an `_npx` cache segment (where the shim may be written to a temp dir that won't persist). The console renderer in `bin/install.js` emits the lines from the IR; tests assert on the typed fields directly. (#3011)
--- a/.changeset/mcp-token-budget-docs.md
+++ b/.changeset/mcp-token-budget-docs.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 3032
 ---
 **Documentation: MCP tool schema as a context-budget concern (#3025).** Adds new sections to `get-shit-done/references/context-budget.md` and `docs/USER-GUIDE.md` explaining that every enabled MCP server injects its tool schema into every turn — heavyweight servers (browser/playwright, Mac-tools, Windows-tools) can cost 20k+ tokens each, often dwarfing what `model_profile` tuning saves. The toggle lives in `.claude/settings.json` (`enabledMcpjsonServers` / `disabledMcpjsonServers`) and is a Claude Code harness concern, not a GSD concern. Includes a pre-phase audit checklist (browser, platform-specific, cross-project, duplicates) and notes the multiplier interaction with `model_profile`. Companion to #3023 (per-phase-type model map) and #3024 (dynamic routing); together they cover the three biggest cost levers.
--- a/.changeset/merry-foxes-climb.md
+++ b/.changeset/merry-foxes-climb.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2997
 ---
 SDK config-set/config-get and init responses no longer echo plaintext API keys. New sdk/src/query/secrets.ts ports SECRET_CONFIG_KEYS masking from CJS; init bundles only mask string values to preserve the boolean availability-flag contract. See #2997.
--- a/.changeset/merry-lynx-sing.md
+++ b/.changeset/merry-lynx-sing.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2992
 ---
 /gsd-update queries wrong npm package names — moved package name into a deterministic check-latest-version.cjs script and updated the workflow to use ${GSD_DIR} from get_installed_version. See #2992.
--- a/.changeset/merry-lynx-wander.md
+++ b/.changeset/merry-lynx-wander.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3007
 ---
 **PR templates now point at the changeset workflow** — the `Fix`, `Enhancement`, and `Feature` PR templates previously asked contributors to tick `CHANGELOG.md updated`, which contradicted the post-#2978 rule that `CHANGELOG.md` must not be edited directly. Each checkbox now references `npm run changeset` (and the `no-changelog` opt-out where applicable).
--- a/.changeset/merry-moles-chatter.md
+++ b/.changeset/merry-moles-chatter.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **CLI query CJS fallback execution extracted to dedicated adapter module** — preserves logs/help passthrough behavior while improving fallback locality and testability.
--- a/.changeset/noble-badgers-roar.md
+++ b/.changeset/noble-badgers-roar.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **Query mutation event emission now uses a dedicated decorator seam** — preserves fire-and-forget behavior while reducing registry coupling and improving testability.
--- a/.changeset/per-phase-type-models.md
+++ b/.changeset/per-phase-type-models.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 3030
 ---
 **`models` block in `.planning/config.json` for per-phase-type model selection (#3023).** A new resolution layer between per-agent `model_overrides` and the `model_profile` tier table. Six named slots (`planning` / `discuss` / `research` / `execution` / `verification` / `completion`) accept tier aliases (`opus` / `sonnet` / `haiku` / `inherit`). Lets you express "Opus for planning, Sonnet for the rest" in two lines without learning the agent taxonomy. Fully backward compatible — configs without `models` behave exactly as today.
--- a/.changeset/plucky-ibex-gather.md
+++ b/.changeset/plucky-ibex-gather.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2998
 ---
 gsd-pristine/ is now populated by the installer when local patches are detected — saveLocalPatches calls a new populatePristineDir helper that runs the install transform pipeline into a tmp staging dir and copies modified files into pristineDir. The reapply-patches Step 5 verifier no longer falls back to its over-broad heuristic. See #2998.
--- a/.changeset/plucky-moles-roam.md
+++ b/.changeset/plucky-moles-roam.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2997
 ---
 SDK config-set/config-get and init responses no longer echo plaintext API keys. New sdk/src/query/secrets.ts ports SECRET_CONFIG_KEYS masking from CJS; init bundles only mask string values to preserve the boolean availability-flag contract. See #2997.
--- a/.changeset/plucky-otters-roam.md
+++ b/.changeset/plucky-otters-roam.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2995
 ---
 Post-install path smoke test for workflow-invoked scripts — audits every node ${GSD_HOME}/...cjs invocation in workflows resolves at the runtime-installed path. See #2995.
--- a/.changeset/quick-geese-hum.md
+++ b/.changeset/quick-geese-hum.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **Query fallback orchestration now shared** — CLI and SDK query dispatch now use one planning seam for native vs CJS fallback decisions with behavior parity preserved.
--- a/.changeset/rapid-goats-munch.md
+++ b/.changeset/rapid-goats-munch.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **Query/transport policy data now converged in shared module** — mutation and raw-output policy wiring now share one source of truth to reduce drift.
--- a/.changeset/research-flag-and-stale-refs.md
+++ b/.changeset/research-flag-and-stale-refs.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3042
 ---
 **`/gsd-research-phase` consolidated into `/gsd-plan-phase --research-phase <N>`** — the standalone research command's slash-command stub was never registered (#3042). Rather than restore the orphan, the research-only capability now lives as a flag on `/gsd-plan-phase`. New modifiers: `--view` prints existing `RESEARCH.md` to stdout without spawning, `--research` forces refresh, otherwise prompts `update / view / skip` when `RESEARCH.md` already exists. Also scrubs four other stale slash-command references (`/gsd-check-todos`, `/gsd-new-workspace`, `/gsd-status`, residual `/gsd-plan-milestone-gaps`) across English + 4 localized doc sets (#3044). Closes #3042 and #3044.
--- a/.changeset/scrub-stale-command-routes.md
+++ b/.changeset/scrub-stale-command-routes.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 3029
 ---
 **`/gsd-code-review-fix` and `/gsd-plan-milestone-gaps` no longer surface as "Unknown command"** — both were consolidated by #2790 (`/gsd-code-review --fix` and inline gap planning in `/gsd-audit-milestone` respectively), but several user-facing surfaces still emitted the old slash forms in their offer text. Fixed audit-milestone offer blocks, gsd-complete-milestone routing, code-review/execute-phase offer text, gsd-code-fixer agent role card, and the doc surfaces (USER-GUIDE, FEATURES, INVENTORY, AGENTS, CONFIGURATION). Closes #3029, closes #3034.
--- a/.changeset/silly-foxes-wander.md
+++ b/.changeset/silly-foxes-wander.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2990
 ---
 gsd-code-fixer worktree no longer fails on the same-branch checkout — the agent now creates a new gsd-reviewfix/ branch via git worktree add -b and fast-forwards the user's branch on cleanup. See #2990.
--- a/.changeset/silly-newts-swim.md
+++ b/.changeset/silly-newts-swim.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2982
 ---
 Extended no-source-grep lint to catch var-binding readFileSync.includes() pattern. Tests now fail when source-grep is hidden behind a parser wrapper. See #2982.
--- a/.changeset/steady-ravens-shape.md
+++ b/.changeset/steady-ravens-shape.md
@@ -0,0 +1,6 @@
 ---
 type: Changed
 pr: 3065
 ---
 **Dispatch policy seam now returns a structured result contract** across native and fallback query execution paths (`ok`, typed error `kind`, `details`, and final `exit_code`), with CLI consuming the unified result instead of mixed throw/result handling.
--- a/.changeset/sturdy-jays-glide.md
+++ b/.changeset/sturdy-jays-glide.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3060
 ---
 **Query static command registrations now split into domain catalog modules** — preserves command order/strings while improving registry locality and maintenance.
--- a/.changeset/tidy-tunas-zip.md
+++ b/.changeset/tidy-tunas-zip.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 3085
 ---
 **`GSDTools` query execution internals now use deep Module seams** — refactors runtime composition, native/subprocess adapters, and output projection behind stable public interfaces for better locality and testability.
--- a/.changeset/typed-rivers-flow.md
+++ b/.changeset/typed-rivers-flow.md
@@ -0,0 +1,5 @@
 ---
 type: Changed
 pr: 2974
 ---
 Migrated 8 test files from raw text matching (`stdout.includes(...)`, `assert.match(stderr, ...)`) to typed-IR assertions per CONTRIBUTING.md. Adds shared `ERROR_REASON` enum and `--json-errors` flag in `core.cjs`, typed `GRAPHIFY_REASON` in `graphify.cjs`, pure `buildSdkFailFastReport()` IR builder in `bin/install.js`, and Claude Code JSON envelope output (`hookSpecificOutput` with typed fields) for `gsd-session-state.sh` and `gsd-phase-boundary.sh`. Tests now assert on structured fields (`reason`, `context`, `state_present`, `planning_modified`, etc.) instead of substring matching. See #2974.
--- a/.changeset/update-banner-opt-in.md
+++ b/.changeset/update-banner-opt-in.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2795
 ---
 **Optional update banner for non-GSD statusline users** — when the installer detects you've declined or kept a non-GSD statusline, it now offers an opt-in `SessionStart` banner that surfaces update availability via the existing `~/.cache/gsd/gsd-update-check.json` cache. Silent when up-to-date, rate-limits failure diagnostics to once per 24h, removed cleanly by `npx get-shit-done-cc --uninstall`.
--- a/.changeset/witty-hawks-jump.md
+++ b/.changeset/witty-hawks-jump.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2973
 ---
 /gsd-profile-user --refresh writes dev-preferences.md to ~/.claude/skills/gsd-dev-preferences/SKILL.md instead of the legacy commands/gsd/ directory. Installer migrates any preserved legacy file to the new location. See #2973.
--- a/.changeset/witty-newts-greet.md
+++ b/.changeset/witty-newts-greet.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2992
 ---
 /gsd-update queries wrong npm package names — moved package name into a deterministic check-latest-version.cjs script and updated the workflow to use ${GSD_DIR} from get_installed_version. See #2992.
--- a/.changeset/zesty-jays-wake.md
+++ b/.changeset/zesty-jays-wake.md
@@ -0,0 +1,5 @@
 ---
 type: Fixed
 pr: 2979
 ---
 Managed JS hooks now resolve under GUI/minimal-PATH runtimes — installer emits process.execPath (absolute, quoted, forward-slash-normalized) as the runner for every .js hook command instead of bare node. See #2979.
--- a/.changeset/zesty-moles-forage.md
+++ b/.changeset/zesty-moles-forage.md
@@ -0,0 +1,5 @@
 ---
 type: Added
 pr: 2982
 ---
 Extended no-source-grep lint to catch var-binding readFileSync.includes() pattern. Tests now fail when source-grep is hidden behind a parser wrapper. See #2982.
--- a/.github/PULL_REQUEST_TEMPLATE/enhancement.md
+++ b/.github/PULL_REQUEST_TEMPLATE/enhancement.md
@@ -73,7 +73,7 @@ Closes #
 - [ ] Changes are scoped to the approved enhancement — nothing extra included
 - [ ] All existing tests pass (`npm test`)
 - [ ] New or updated tests cover the enhanced behavior
- [ ] CHANGELOG.md updated
+- [ ] `.changeset/` fragment added (`npm run changeset -- --type Changed --pr <NNN> --body "..."`) — or `no-changelog` label applied if not user-facing
 - [ ] Documentation updated if behavior or output changed
 - [ ] No unnecessary dependencies added
--- a/.github/PULL_REQUEST_TEMPLATE/feature.md
+++ b/.github/PULL_REQUEST_TEMPLATE/feature.md
@@ -94,7 +94,7 @@ Closes #
 - [ ] Implementation scope matches the approved spec exactly
 - [ ] All existing tests pass (`npm test`)
 - [ ] New tests cover the happy path, error cases, and edge cases
- [ ] CHANGELOG.md updated with a user-facing description of the feature
+- [ ] `.changeset/` fragment added with a user-facing description of the feature (`npm run changeset -- --type Added --pr <NNN> --body "..."`)
 - [ ] Documentation updated — commands, workflows, references, README if applicable
 - [ ] No unnecessary external dependencies added
 - [ ] Works on Windows (backslash paths handled)
--- a/.github/PULL_REQUEST_TEMPLATE/fix.md
+++ b/.github/PULL_REQUEST_TEMPLATE/fix.md
@@ -63,7 +63,7 @@ Fixes #
 - [ ] Fix is scoped to the reported bug — no unrelated changes included
 - [ ] Regression test added (or explained why not)
 - [ ] All existing tests pass (`npm test`)
- [ ] CHANGELOG.md updated if this is a user-facing fix
+- [ ] `.changeset/` fragment added if this is a user-facing fix (`npm run changeset -- --type Fixed --pr <NNN> --body "..."`) — or `no-changelog` label applied
 - [ ] No unnecessary dependencies added
 ## Breaking changes
--- a/.github/workflows/changeset-required.yml
+++ b/.github/workflows/changeset-required.yml
@@ -0,0 +1,24 @@
 name: Changeset Required
 on:
  pull_request:
    types: [opened, synchronize, reopened, labeled, unlabeled]
 permissions:
  contents: read
  pull-requests: read
 jobs:
  changeset-lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-node@v4
        with:
          node-version: '24'
      - name: Run changeset lint
        env:
          GITHUB_BASE_REF: ${{ github.base_ref }}
        run: node scripts/changeset/lint.cjs
--- a/.out-of-scope/agent-template-rendering.md
+++ b/.out-of-scope/agent-template-rendering.md
@@ -0,0 +1,104 @@
 # Render agent definitions from templates at install/config-change time
 **Source:** [#2758](https://github.com/gsd-build/get-shit-done/issues/2758)
 **Decision:** wontfix — closed on the technical merits
 **Date:** 2026-05-02
 ## Proposal summary
 Move config-gated prose out of `agents/*.md` into `agents/templates/*.md.tmpl`,
 rendered at install time and after `.planning/config.json` writes via a new
 `gsd-sdk agents render` subcommand. Conditional branches resolve at render time
 (deterministic code) instead of at inference time (LLM interpretation).
 Three named benefits:
 1. Token reduction proportional to disabled features.
 2. Deterministic feature gating (impossible-by-construction vs. test-for).
 3. Single source of truth for contributor-facing gating.
 Cites PR #2279 (Codex/OpenCode model embedding at install time) as direct
 precedent for compile-time embedding.
 ## Why GSD does not own this
 ### 1. The determinism claim is theoretical, not observed
 The proposal's strongest argument is that config-gated branches in agent prose
 are a determinism failure surface. The actual patterns in the codebase today are
 already heavily mitigated:
 - The `use_worktrees` branch in `gsd-executor` is resolved deterministically via
  `gsd-sdk query config-get` in bash — it is not LLM-interpreted.
 - "Skip if `workflow.X` is `false`" prose patterns are short, stable, and
  follow a uniform "missing key = enabled" convention. There is no documented
  history of LLMs running disabled checks or skipping enabled ones because of
  this prose.
 A theoretical failure surface should not be traded for a real, high-risk
 patch-migration surface (`gsd-local-patches/` rebase logic, by the reporter's own
 admission "the highest-risk piece of the change"). The reporter was asked for
 documented evidence; none was provided.
 ### 2. Token waste is small and bounded
 The codebase has roughly 5 `workflow.*` toggle references in agent files and
 ~20 "Skip if" conditional-prose patterns total — most 1–2 sentences. The
 "real spend across multi-phase milestones" claim was not measured against
 `gsd-context-monitor` output despite being asked. Without a measured baseline,
 the token-savings argument is asserted rather than demonstrated, and the savings
 ceiling on ~20 short conditionals is small enough that it does not justify a new
 template-and-rendering subsystem with a CI-enforced template/generated split.
 ### 3. The deterministic-gating need is already served
 PR #2279 established orchestrator-time config embedding for the cases that
 genuinely need deterministic resolution (model selection, reasoning effort,
 worktree mode). That mechanism is the right layer for orchestration-time
 decisions and can be extended toggle-by-toggle along the existing path without
 introducing a parallel templating subsystem. The proposal's own "Alternative #1"
 (continue the orchestrator-embedding pattern) was rejected on the grounds that
 agent-internal conditionals belong in the agent layer, but the asks behind the
 proposal — determinism, lower token cost — are equally satisfied by extending
 PR #2279 incrementally without a second mechanism.
 Adding a templating layer alongside orchestrator-embedding means two mechanisms
 own the same problem. The proposal does not specify a partition rule, and the
 reporter did not respond when asked for one.
 ### 4. Patch-migration risk is disproportionate to benefit
 The `/gsd-reapply-patches` three-way-merge migration for `gsd-local-patches/`
 is, in the proposal's own words, the highest-risk piece of the change. It exists
 solely to absorb a contributor-workflow shift — the user-facing surface is
 unchanged. Risk that flows entirely from internal restructuring, where the
 benefit is unmeasured token savings and a theoretical determinism gain, is the
 wrong trade.
 The reduced-scope variant (Alternative #5: fresh installs only, defer the
 migration) avoids that specific risk but still ships a parallel mechanism for
 benefits that remain unmeasured and that PR #2279's path can absorb.
 ## Re-open criteria
 This may be revisited if a contributor:
 - Provides measured token deltas via `gsd-context-monitor` against a
  representative all-toggles-off config, and the delta is materially larger
  than what extending PR #2279's orchestrator-embedding path one toggle at a
  time would produce.
 - Documents a real LLM misinterpretation of an existing toggle conditional
  (executor ignored `workflow.use_worktrees: false`, verifier ran when
  `workflow.verifier: false`, etc.) — not a projected failure mode.
 - Proposes a clear partition rule between orchestrator-time embedding (PR #2279)
  and any new install-time templating layer, so the two mechanisms do not
  overlap.
 ## Related
 - PR #2279 — Codex/OpenCode model embedding at install time (the established
  precedent for deterministic compile-time embedding into agent files)
 - v1.37.0 release notes — shared-boilerplate extraction (reference files for
  mandatory-initial-read, project-skills-discovery)
 - `get-shit-done/workflows/` — workflow-level config embedding before subagent
  spawn (the path of least friction for incremental deterministic gating)
--- a/.out-of-scope/temporal-context.md
+++ b/.out-of-scope/temporal-context.md
@@ -0,0 +1,56 @@
 # Temporal context as a first-class GSD signal
 **Source:** [#2756](https://github.com/gsd-build/get-shit-done/issues/2756)
 **Decision:** wontfix — closed without further engagement
 **Date:** 2026-05-02
 ## Proposal summary
 Reporter proposed treating idle-time-between-turns as a first-class context signal in
 GSD. Three flavors floated across the issue:
 1. **Passive** — block at session resume injecting "you've been idle Nh, here's what was
   open" into the orchestrator prompt.
 2. **Active** — `/resume-context` slash command.
 3. **Retrospective** — `HANDOFF.json` written at session end, read at next start.
 Framed initially as a `claude-inject-idle-time` plugin, with a request that GSD treat
 the pattern as core.
 ## Why GSD does not own this
 - **Subagent gap unsolved.** Passive injection lands in the orchestrator's context
  only. Subagents (the workers that actually do GSD's planning, execution, verification)
  spawn fresh and never see the temporal signal. The proposal does not solve this, and
  any GSD-core integration would inherit the gap. Until the subagent boundary is
  addressed, "first-class temporal context" is at best a partial feature.
 - **`HANDOFF.json` duplicates existing artifacts.** GSD already persists session
  continuity through `.planning/state/*` and per-phase artifacts (PLAN.md, RESEARCH.md,
  REVIEW.md, VERIFICATION.md). A separate handoff file would either drift from those or
  redundantly mirror them. The right primitive for "what was I doing" already exists.
 - **Statusline / TUI re-entry is platform-level, not GSD-level.** A statusline showing
  idle time belongs in Claude Code itself or in a thin user plugin, not in GSD's phase
  machinery.
 - **Scope is unstable.** Reporter agreed with the narrowed minimum ask ("doc mention
  only, rest opt-in"), then partially retracted it in a follow-up comment ("very
  integral to myself"). The maintainer asked which version of the ask should move
  forward; reporter did not respond.
 ## Re-open criteria
 This may be revisited if a reporter:
 - Engages with the subagent-gap problem and proposes a concrete mechanism for
  temporal context to reach subagents (not just the orchestrator).
 - Demonstrates a use case `.planning/state/*` provably cannot serve.
 - Commits to a single stable scope (doc mention OR core integration OR plugin
  reference) rather than oscillating between them mid-thread.
 A drive-by enhancement request that the author does not return to engage with after
 maintainer questions is not actionable. Future proposers: please plan to participate
 through to a triage decision rather than dropping an issue and moving on.
 ## Related
 - `.planning/state/` — existing session-continuity artifacts
 - `get-shit-done/references/` — where any future plugin-interface doc would live
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,21 +4,10 @@ All notable changes to GSD will be documented in this file.
 Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
-## [Unreleased](https://github.com/gsd-build/get-shit-done/compare/v1.38.5...HEAD)
+## [Unreleased](https://github.com/gsd-build/get-shit-done/compare/v1.39.1...HEAD)
-### Fixed
+### Feature
 - **`release-sdk` hotfix re-run no longer fails at `Dry-run publish validation` when the version is already on npm** — the `Detect prior publish (reconciliation mode)` step sets `skip_publish=true` when the package version is already on the registry, and the actual publish step honors that gate. The `Dry-run publish validation` step was missing the same guard, so any operator re-run of an already-published hotfix (the typical recovery path when later steps fail mid-flight) hit `npm publish --dry-run` first and got `npm error You cannot publish over the previously published versions: X.Y.Z` — `npm publish --dry-run` contacts the registry and rejects existing-version targets even though it doesn't actually publish. The dry-run validation step is now gated on the same `steps.prior_publish.outputs.skip_publish != 'true'` condition as the publish step. The rehearsal still runs on first publishes (where it has value); it skips only in the specific reconciliation case where the publish itself would be skipped. Trigger run: [25233855236](https://github.com/gsd-build/get-shit-done/actions/runs/25233855236/job/73995605643). Regression covered by `tests/bug-2987-dry-run-validation-skip-on-reconciliation.test.cjs`. (#2987)
 - **`release-sdk` hotfix flow hardened against silent classifier failures, missing-classifier-at-base-tag, and a vestigial merge-back PR step** — three issues surfaced by CodeRabbit's post-merge review of #2981 plus a production failure on the v1.39.1 release run. **(1)** `scripts/diff-touches-shipped-paths.cjs` reused exit code `1` for both the legitimate "no shipped paths" classifier result and Node's default uncaught-throw exit, so any tooling failure was indistinguishable from a normal skip. The script now uses `0` (shipped), `1` (not shipped), `2` (classifier error) with `try`/`catch` + `uncaughtException`/`unhandledRejection` handlers routing all failure paths to exit `2`. **(2)** The workflow's `git checkout -b "$BRANCH" "$BASE_TAG"` overwrote the working tree with the base tag's contents *before* the cherry-pick loop ran the classifier — but base tags predating the classifier's introduction (notably v1.39.0) don't have the file in their tree, so `node scripts/diff-touches-shipped-paths.cjs` would exit non-zero and silently drop every commit, producing an empty hotfix release. The classifier is now staged into `$RUNNER_TEMP` at the top of `Prepare hotfix branch` (before any working-tree-mutating git command), and the loop references that staged copy. The cherry-pick loop snapshots `$PIPESTATUS` into a local array (`PIPE_RC=("${PIPESTATUS[@]}")`) immediately after the classifier pipeline — under bracketed `set +e`/`set -e` — and dispatches via explicit `case`: `0` proceeds, `1` skips into `NON_SHIPPED_SKIPPED`, anything else emits `::error::shipped-paths classifier failed for $SHA (exit N)` and fails the workflow. CodeRabbit on PR #2984 caught a subtler bug in the first iteration: `pipeline \|\| true; RC=${PIPESTATUS[1]}` is broken because `\|\| true` runs `true` as its own one-command pipeline on the failure paths, overwriting `PIPESTATUS` to `(0)` and leaving `${PIPESTATUS[1]}` unset. The array-snapshot form is invariant against this. The same hardening also surfaces `git diff-tree`'s exit code (via `PIPE_RC[0]`); a non-zero diff-tree result now also fails the workflow rather than feeding partial input to the classifier. **(3)** Removed the `Open merge-back PR (hotfix only)` step. The auto-cherry-pick hotfix flow only picks commits already on main (`git cherry HEAD origin/main` outputs the unmerged ones), so by construction every code commit on the hotfix branch is already on main. The only hotfix-branch-only commit is the version-bump chore, which would either no-op against main or rewind main's in-progress version. The step also failed in production with `GitHub Actions is not permitted to create or approve pull requests (createPullRequest)` (org policy) on run [25232968975](https://github.com/gsd-build/get-shit-done/actions/runs/25232968975). The `pull-requests: write` permission previously granted to the release job has been dropped in line with least-privilege. The run-summary line that previously echoed `Merge-back PR opened against main` has been replaced with `No merge-back PR (auto-picked commits are already on main)` so operators reading the summary see an accurate non-action statement (CodeRabbit on PR #2984). Regression covered by `tests/bug-2983-classifier-exit-codes-and-base-tag-staging.test.cjs` (15 assertions across exit-code semantics, classifier staging, error dispatch, PIPESTATUS-snapshot hardening, diff-tree fail-fast, merge-back removal, and run-summary accuracy). (#2983)
 - **`release-sdk` hotfix only cherry-picks commits that change what actually ships** — the `fix:`/`chore:` filter in `Prepare hotfix branch` was too broad: it picked any commit with that conventional-commit type regardless of whether the diff could affect the published npm package. CI-only fixes (release-sdk.yml itself, hotfix tooling, test-only commits) were getting cherry-picked into hotfix branches even though they cannot change the tarball — and the subset touching `.github/workflows/*` then caused the prepare job's `git push` to be rejected by GitHub because the default `GITHUB_TOKEN` lacks the `workflow` scope, aborting the run. v1.39.1 hit this on PR #2977 (run [25232010071](https://github.com/gsd-build/get-shit-done/actions/runs/25232010071)). The loop now pre-skips any candidate commit whose `git diff-tree` output doesn't intersect the npm tarball's shipped paths (entries in `package.json` `files`, plus `package.json` itself, which `npm pack` always includes). Skipped commits land in a new `NON_SHIPPED_SKIPPED` summary bucket framed as informational — non-shipping commits cannot affect the package, so the skip needs no operator action. The shipped-paths classifier lives in `scripts/diff-touches-shipped-paths.cjs` so its rules (file-OR-directory prefix matching `npm pack` semantics, the always-shipped rule for `package.json`, the lockfile-not-shipped rule) are unit-testable. Regression covered by `tests/bug-2980-hotfix-only-picks-shipping-changes.test.cjs`. (#2980)
 - **`release-sdk` hotfix workflow fails on real run with `npm error Version not changed`** — the `release` job's `Bump in-tree version (not committed)` step ran `npm version "$VERSION"` without `--allow-same-version`, so it errored on real (non-dry-run) hotfix runs because `prepare` had already committed the bump on the hotfix branch. The release job's checkout `ref` is asymmetric — `BRANCH` (already bumped) on real runs vs `BASE_TAG` (older version) on dry-runs — which is why dry-run never caught the bug. Both `npm version` calls in that step now pass `--allow-same-version`, matching the existing pattern in `release.yml:326`. (#2976)
 - **`gsd-sdk query agent-skills` emits raw `<agent_skills>` block instead of JSON-wrapped string** — workflows that embed via `$(gsd-sdk query agent-skills <agent>)` were receiving a JSON-quoted string literal mid-prompt (e.g. `"<agent_skills>\n…"`), silently breaking all `<agent_skills>` injection into spawned subagents. The CLI dispatcher now honors an opt-in `format: 'text'` field on `QueryResult` and writes such results raw via `process.stdout.write`; `--pick` always returns JSON regardless. (#2917)
 - **`sketch --wrap-up` now dispatches correctly** — `/gsd-sketch --wrap-up` was silently no-oping because the flag dispatch wiring was omitted when the micro-skill entry point was absorbed in #2790. (#2949)
 - **`help.md` no longer advertises eight slash commands removed by the #2824 consolidation** — `/gsd-do`, `/gsd-note`, `/gsd-check-todos`, `/gsd-plant-seed`, `/gsd-research-phase`, `/gsd-list-phase-assumptions`, `/gsd-plan-milestone-gaps`, and `/gsd-join-discord` were removed when 86 skills were folded into 59. `help.md` was not updated alongside, so users typing the documented commands hit *Unknown command*. Each entry is now either rewritten to the surviving flag-based dispatcher (e.g., `/gsd-do …` → `/gsd-progress --do "…"`, `/gsd-note` → `/gsd-capture --note`, `/gsd-plant-seed` → `/gsd-capture --seed`, `/gsd-check-todos` → `/gsd-capture --list`) or removed for skills with no replacement. A regression test now asserts every `/gsd-*` reference in `help.md` has a matching `commands/gsd/*.md` stub. (#2954)
 - **`--sdk` install on Windows now writes a callable `gsd-sdk` shim** — `npx get-shit-done-cc@latest --claude --global --sdk` on Windows previously left `gsd-sdk` off PATH because `trySelfLinkGsdSdk` returned `null` unconditionally on `win32` (a missed gap from #2775's POSIX self-link, not an intentional deferral). The function now dispatches to a Windows counterpart that writes the standard npm shim triple (`gsd-sdk.cmd`, `gsd-sdk.ps1`, and a Bash wrapper) to npm's global bin, so `gsd-sdk` resolves in a fresh shell across cmd.exe, PowerShell, and Cygwin/MSYS/Git-Bash. A new regression guard in `tests/no-unconditional-win32-skip.test.cjs` blocks any future `if (process.platform === 'win32') return null;` skip-only branches in `bin/install.js`. (#2962)
 - **`/gsd-reapply-patches` Step 5 gate is now deterministic — no more silent content drops** — the prior gate parsed a Claude-generated *Hunk Verification Table* whose `verified: yes` rows were filled in without actually checking content presence, leading to merged files that lost user-added blocks (e.g., a `<visual_companion>` section, an `--execute-only` flag block) while the workflow reported success. The gate now invokes a Node script (`scripts/verify-reapply-patches.cjs`) that diffs each backup against the pristine baseline, computes the user-added significant lines, and asserts each one is present in the merged file. Exits non-zero with a per-file diagnostic on any miss; the workflow halts and surfaces the JSON output to the user. The verifier ignores low-signal lines (too short, pure whitespace, decorative comments) so trivial differences don't trigger false failures. Out of scope here: the manifest-baseline tightening described in #2969 Failure 1 — that's separate work. (#2969)
 ### Added — 1.40.0-rc.1
 - **Six namespace meta-skills with keyword-tag descriptions** — replace the flat 86-skill
  listing with two-stage hierarchical routing. Model sees 6 namespace routers
  (`gsd:workflow`, `gsd:project`, `gsd:review`, `gsd:context`, `gsd:manage`,
@@ -36,49 +25,6 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
  in-flight, idle, and progress display. All fields default to undefined so existing
  STATE.md files keep rendering. Write-side and status-line wiring follow in a later
  RC. (#2833)
 ### Changed — 1.40.0-rc.1
 - **Hotfix release flow now auto-incorporates fixes from `main` and bundles the SDK** — `hotfix.yml create` auto-cherry-picks every `fix:`/`chore:` commit on `origin/main` not yet shipped (oldest-first; patch-equivalents skipped via `git cherry`; `feat:`/`refactor:` excluded; conflicts halt with the offending SHA; run summary lists every included SHA). `hotfix.yml finalize` adds the `install-smoke` cross-platform gate, bundles `sdk-bundle/gsd-sdk.tgz` inside the CC tarball (parity with `release-sdk.yml`), tightens the `next` dist-tag re-point, and marks the GitHub Release `--latest`. `release-sdk.yml` gains `action: publish | hotfix` plus an `auto_cherry_pick` toggle, with a new `prepare` job that branches `hotfix/X.YY.Z` from the highest existing `vX.YY.*` tag and runs the same cherry-pick logic — idempotent if the branch was pre-prepared via `hotfix.yml`. Hotfix `vX.YY.Z` is now defined as everything in `vX.YY.{Z-1}` plus every `fix:`/`chore:` since that base, so each tag is the cumulative-fix anchor for the next. (#2955)
 - **Planning workspace seam extracted from `core.cjs` into `planning-workspace.cjs`** — path/workstream/lock behavior now lives in a dedicated module (`planningDir`, `planningPaths`, `planningRoot`, active-workstream routing, `withPlanningLock`). `core.cjs` keeps compatibility re-exports while call-sites migrate to direct imports, improving locality and reducing coupling. (#2900)
 - **Skill surface consolidated 86 → 59 `commands/gsd/*.md` entries** — four new
  grouped skills (`capture`, `phase`, `config`, `workspace`) replace clusters of
  micro-skills. Six existing parents absorb wrap-up and sub-operations as flags:
  `update --sync/--reapply`, `sketch --wrap-up`, `spike --wrap-up`,
  `map-codebase --fast/--query`, `code-review --fix`, `progress --do/--next`. Zero
  functional loss; 31 micro-skills deleted. `autonomous.md` corrected to call
  `gsd:code-review --fix` (was invoking deleted `gsd:code-review-fix`). (#2790)
 - **PRs missing `Closes #NNN` are auto-closed** — the `Issue link required` workflow
  now auto-closes PRs opened without a closing keyword that links a tracking issue,
  posting a comment that points to the contribution guide. (#2872)
 ### Fixed
 - **Stale deleted command references updated across workflow files** — `help.md`, `do.md`, `settings.md`, `discuss-phase.md`, `new-project.md`, `plan-phase.md`, `spike.md`, and `sketch.md` referenced command names removed in #2790; updated to new consolidated equivalents. (#2950)
 ### Fixed — 1.40.0-rc.1
 - **`spike --wrap-up` now dispatches correctly** — `/gsd-spike --wrap-up` was silently no-oping because the flag dispatch wiring was omitted when the micro-skill entry point was absorbed in #2790. (#2948)
 - **`config-get context_window` returns `200000` when key absent** — querying an unset `context_window` previously exited 1 with "Key not found", surfacing a confusing error in planning logs even though the workflow fallback worked correctly. `cmdConfigGet` now consults a `SCHEMA_DEFAULTS` map and returns the documented default (`200000`, exit 0) for absent schema-defaulted keys; unknown absent keys still error as before. (#2943)
 - **`gap-analysis` now parses non-`REQ-` requirement IDs and ignores traceability table headers** — `parseRequirements()` no longer hard-codes the `REQ-` prefix and now accepts uppercase prefixed IDs such as `TST-01`, `BACK-07`, and `INSP-04`; markdown table header rows (for example `| REQ-ID | ... |`) are excluded so header tokens are not reported as phantom uncovered requirements. Added regression coverage for mixed-prefix REQUIREMENTS files with traceability tables. (#2897)
 - **Gemini slash commands namespaced as `/gsd:<cmd>` instead of `/gsd-<cmd>`** —
  Gemini CLI namespaces commands under `gsd:`, so `/gsd-plan-phase` was unexecutable.
  Body-text references in commands, agents, banners, and patch-reapply hints are now
  converted via a roster-checked regex (boundary lookbehind + extension-aware
  lookahead + roster lookup, defense-in-depth). The roster fail-loud guard prevents
  silent no-op'ing if `commands/gsd/` is ever missing. (#2768, #2783)
 - **`SKILL.md` description quoted for Copilot / Antigravity / Trae / CodeBuddy** —
  descriptions starting with a YAML 1.2 flow indicator (`[BETA]`, `{`, `*`, `&`, `!`,
  `|`, `>`, `%`, `@`, backtick) crashed gh-copilot's strict YAML loader. Six emission
  sites now wrap descriptions in `yamlQuote(...)` (= `JSON.stringify`, a valid YAML
  1.2 double-quoted scalar). (#2876)
 - **`gsd-tools` invocations use the absolute installed path** — bare `gsd-tools …`
  calls inside skill bodies relied on PATH resolution that is not guaranteed in every
  runtime; replaced with the absolute path emitted at install time. (#2851)
 - **Codex installer preserves trailing newline when stripping legacy hooks** — the
  legacy-hook strip in the Codex installer ran against files with no terminating
  newline at EOF and emitted a config that lost the newline, breaking downstream
  parsers. (#2866)
 ### Added
 - `--minimal` install flag (alias `--core-only`) writes only the main-loop core skills
  (`new-project`, `discuss-phase`, `plan-phase`, `execute-phase`, `help`, `update`) and
  zero `gsd-*` subagents. Cuts cold-start system-prompt overhead from ~12k tokens to
@@ -107,7 +53,21 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
  on every push to main was rejected because submission rate is too high). Includes an
  optional `dry_run` boolean and the same publish-verification gate as `release.yml`. (#2828)
-### Changed
+### Enhancement
 - **Test suite for `config-schema.cjs` is now mutation-resistant** — Stryker measured a 4.62% mutation score on `get-shit-done/bin/lib/config-schema.cjs` (6 killed, 124 survived out of 130). Surviving mutants flagged that existing tests were exercising paths but not verifying outputs: a polarity flip (`return true` → `return false`), a predicate swap (`.some` → `.every`), or a guard removal (`if (VALID_CONFIG_KEYS.has(...)) return true;` → unguarded fallthrough) all passed every test. New `tests/bug-2986-config-schema-mutation-killers.test.cjs` adds 95 tests across four suites that target each surviving mutant class: (1) parameterized `isValidConfigKey('${key}') === true` for every member of `VALID_CONFIG_KEYS` (kills the static-key-fast-path mutation), (2) representative dynamic-pattern keys that match exactly one pattern (kills the `.some` → `.every` mutation, with an inline mutual-exclusivity invariant check), (3) `strictEqual` against the literal boolean `true`/`false` instead of `assert.ok` truthy checks (kills polarity-flip mutations), (4) anchor-tightening cases that differ from valid keys by one character beyond the documented shape (kills regex-loosening mutations on `^`, `$`, and character-class boundaries). Tests use the lib's public surface (typed boolean assertions on `isValidConfigKey` return values), no source-grep. (#2986)
 - **Hotfix release flow now auto-incorporates fixes from `main` and bundles the SDK** — `hotfix.yml create` auto-cherry-picks every `fix:`/`chore:` commit on `origin/main` not yet shipped (oldest-first; patch-equivalents skipped via `git cherry`; `feat:`/`refactor:` excluded; conflicts halt with the offending SHA; run summary lists every included SHA). `hotfix.yml finalize` adds the `install-smoke` cross-platform gate, bundles `sdk-bundle/gsd-sdk.tgz` inside the CC tarball (parity with `release-sdk.yml`), tightens the `next` dist-tag re-point, and marks the GitHub Release `--latest`. `release-sdk.yml` gains `action: publish | hotfix` plus an `auto_cherry_pick` toggle, with a new `prepare` job that branches `hotfix/X.YY.Z` from the highest existing `vX.YY.*` tag and runs the same cherry-pick logic — idempotent if the branch was pre-prepared via `hotfix.yml`. Hotfix `vX.YY.Z` is now defined as everything in `vX.YY.{Z-1}` plus every `fix:`/`chore:` since that base, so each tag is the cumulative-fix anchor for the next. (#2955)
 - **Planning workspace seam extracted from `core.cjs` into `planning-workspace.cjs`** — path/workstream/lock behavior now lives in a dedicated module (`planningDir`, `planningPaths`, `planningRoot`, active-workstream routing, `withPlanningLock`). `core.cjs` keeps compatibility re-exports while call-sites migrate to direct imports, improving locality and reducing coupling. (#2900)
 - **Skill surface consolidated 86 → 59 `commands/gsd/*.md` entries** — four new
  grouped skills (`capture`, `phase`, `config`, `workspace`) replace clusters of
  micro-skills. Six existing parents absorb wrap-up and sub-operations as flags:
  `update --sync/--reapply`, `sketch --wrap-up`, `spike --wrap-up`,
  `map-codebase --fast/--query`, `code-review --fix`, `progress --do/--next`. Zero
  functional loss; 31 micro-skills deleted. `autonomous.md` corrected to call
  `gsd:code-review --fix` (was invoking deleted `gsd:code-review-fix`). (#2790)
 - **PRs missing `Closes #NNN` are auto-closed** — the `Issue link required` workflow
  now auto-closes PRs opened without a closing keyword that links a tracking issue,
  posting a comment that points to the contribution guide. (#2872)
 - **Canary release workflow now publishes from `dev` branch only** — `.github/workflows/canary.yml`
  swaps its four publish-step guards from `refs/heads/main` to `refs/heads/dev`. Aligns the
  workflow with the new branch→dist-tag policy (`dev` → `@canary`, `main` → `@next`/`@latest`).
@@ -121,8 +81,6 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - **`scripts/lint-descriptions.cjs` added** — CI lint gate that fails if any
  `commands/gsd/*.md` description exceeds 100 chars. Run via `npm run lint:descriptions`.
  (#2789)
 ### Changed
 - **Skill surface consolidated from 86 → 59 `commands/gsd/*.md` entries** — four new
  grouped skills replace clusters of micro-skills: `capture` (add-todo, note, add-backlog,
  plant-seed, check-todos), `phase` (add-phase, insert-phase, remove-phase, edit-phase),
@@ -133,8 +91,6 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
  `progress --do/--next`. Zero functional loss. (#2790)
 - **`autonomous.md` corrected** — was invoking deleted `gsd:code-review-fix`; now calls
  `gsd:code-review --fix`. (#2790)
 ### Removed
 - **31 micro-skills deleted** — absorbed into consolidated parents or removed outright:
  add-todo, note, add-backlog, plant-seed, check-todos, add-phase, insert-phase,
  remove-phase, edit-phase, settings-advanced, settings-integrations, set-profile,
@@ -143,8 +99,39 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
  join-discord, research-phase, session-report, from-gsd2, analyze-dependencies,
  list-phase-assumptions, plan-milestone-gaps. All functionality preserved via flags on
  consolidated skills. (#2790)
 - **`discuss-phase` lazy file loading** — entry-point `@file` directives replaced with
  on-demand `Read()` calls gated behind mode routing. Tokens loaded at skill entry drop
  from ~13k to near zero; only the branch actually invoked is loaded. (#2606)
-### Fixed
+### Fix
 - **`gsd-pristine/` is now populated by the installer when local patches are detected** — `saveLocalPatches` declared a `pristineDir` variable and JSDoc'd "saves pristine copies (from manifest) to gsd-pristine/ to enable three-way merge during reapply-patches", but no code ever wrote to that directory. Effect: the `/gsd-reapply-patches` Step 5 verifier (#2972) silently degraded to its over-broad fallback heuristic ("every significant backup line"), exactly the silent-success-on-lost-content failure mode #2969 was designed to prevent. Fix: new `populatePristineDir({ packageSrc, pristineDir, modified, runtime, pathPrefix, isGlobal })` helper runs the install transform pipeline (`copyWithPathReplacement`) into a tmp staging dir, then copies out only the modified-file paths into `gsd-pristine/`. `saveLocalPatches` now accepts a `pristineCtx` and calls the helper when local patches are detected; the install entry point passes the package source root, runtime, pathPrefix, and isGlobal so transforms produce byte-identical output to what `copyWithPathReplacement` would have written under normal install. Soft-fails on transform errors (logs a warning, continues with empty pristine — no worse than pre-fix behavior). Pristine reflects the about-to-install version's content, which is what the verifier needs as the "what would survive without the user's modifications" baseline. Regression covered by `tests/bug-2998-pristine-dir-populated.test.cjs` (6 tests across two suites): asserts the helper is exported, returns 0 for empty modified list, writes one pristine file per source-existing path, skips ghost paths without corrupting pristine, and produces deterministic output (two runs with same inputs yield byte-identical pristine — the property `pristine_hashes` in `backup-meta.json` depends on). (#2998)
 - **`release-sdk` hotfix re-run no longer fails at `Dry-run publish validation` when the version is already on npm** — the `Detect prior publish (reconciliation mode)` step sets `skip_publish=true` when the package version is already on the registry, and the actual publish step honors that gate. The `Dry-run publish validation` step was missing the same guard, so any operator re-run of an already-published hotfix (the typical recovery path when later steps fail mid-flight) hit `npm publish --dry-run` first and got `npm error You cannot publish over the previously published versions: X.Y.Z` — `npm publish --dry-run` contacts the registry and rejects existing-version targets even though it doesn't actually publish. The dry-run validation step is now gated on the same `steps.prior_publish.outputs.skip_publish != 'true'` condition as the publish step. The rehearsal still runs on first publishes (where it has value); it skips only in the specific reconciliation case where the publish itself would be skipped. Trigger run: [25233855236](https://github.com/gsd-build/get-shit-done/actions/runs/25233855236/job/73995605643). Regression covered by `tests/bug-2987-dry-run-validation-skip-on-reconciliation.test.cjs`. (#2987)
 - **`release-sdk` hotfix flow hardened against silent classifier failures, missing-classifier-at-base-tag, and a vestigial merge-back PR step** — three issues surfaced by CodeRabbit's post-merge review of #2981 plus a production failure on the v1.39.1 release run. **(1)** `scripts/diff-touches-shipped-paths.cjs` reused exit code `1` for both the legitimate "no shipped paths" classifier result and Node's default uncaught-throw exit, so any tooling failure was indistinguishable from a normal skip. The script now uses `0` (shipped), `1` (not shipped), `2` (classifier error) with `try`/`catch` + `uncaughtException`/`unhandledRejection` handlers routing all failure paths to exit `2`. **(2)** The workflow's `git checkout -b "$BRANCH" "$BASE_TAG"` overwrote the working tree with the base tag's contents *before* the cherry-pick loop ran the classifier — but base tags predating the classifier's introduction (notably v1.39.0) don't have the file in their tree, so `node scripts/diff-touches-shipped-paths.cjs` would exit non-zero and silently drop every commit, producing an empty hotfix release. The classifier is now staged into `$RUNNER_TEMP` at the top of `Prepare hotfix branch` (before any working-tree-mutating git command), and the loop references that staged copy. The cherry-pick loop snapshots `$PIPESTATUS` into a local array (`PIPE_RC=("${PIPESTATUS[@]}")`) immediately after the classifier pipeline — under bracketed `set +e`/`set -e` — and dispatches via explicit `case`: `0` proceeds, `1` skips into `NON_SHIPPED_SKIPPED`, anything else emits `::error::shipped-paths classifier failed for $SHA (exit N)` and fails the workflow. CodeRabbit on PR #2984 caught a subtler bug in the first iteration: `pipeline \|\| true; RC=${PIPESTATUS[1]}` is broken because `\|\| true` runs `true` as its own one-command pipeline on the failure paths, overwriting `PIPESTATUS` to `(0)` and leaving `${PIPESTATUS[1]}` unset. The array-snapshot form is invariant against this. The same hardening also surfaces `git diff-tree`'s exit code (via `PIPE_RC[0]`); a non-zero diff-tree result now also fails the workflow rather than feeding partial input to the classifier. **(3)** Removed the `Open merge-back PR (hotfix only)` step. The auto-cherry-pick hotfix flow only picks commits already on main (`git cherry HEAD origin/main` outputs the unmerged ones), so by construction every code commit on the hotfix branch is already on main. The only hotfix-branch-only commit is the version-bump chore, which would either no-op against main or rewind main's in-progress version. The step also failed in production with `GitHub Actions is not permitted to create or approve pull requests (createPullRequest)` (org policy) on run [25232968975](https://github.com/gsd-build/get-shit-done/actions/runs/25232968975). The `pull-requests: write` permission previously granted to the release job has been dropped in line with least-privilege. The run-summary line that previously echoed `Merge-back PR opened against main` has been replaced with `No merge-back PR (auto-picked commits are already on main)` so operators reading the summary see an accurate non-action statement (CodeRabbit on PR #2984). Regression covered by `tests/bug-2983-classifier-exit-codes-and-base-tag-staging.test.cjs` (15 assertions across exit-code semantics, classifier staging, error dispatch, PIPESTATUS-snapshot hardening, diff-tree fail-fast, merge-back removal, and run-summary accuracy). (#2983)
 - **`release-sdk` hotfix only cherry-picks commits that change what actually ships** — the `fix:`/`chore:` filter in `Prepare hotfix branch` was too broad: it picked any commit with that conventional-commit type regardless of whether the diff could affect the published npm package. CI-only fixes (release-sdk.yml itself, hotfix tooling, test-only commits) were getting cherry-picked into hotfix branches even though they cannot change the tarball — and the subset touching `.github/workflows/*` then caused the prepare job's `git push` to be rejected by GitHub because the default `GITHUB_TOKEN` lacks the `workflow` scope, aborting the run. v1.39.1 hit this on PR #2977 (run [25232010071](https://github.com/gsd-build/get-shit-done/actions/runs/25232010071)). The loop now pre-skips any candidate commit whose `git diff-tree` output doesn't intersect the npm tarball's shipped paths (entries in `package.json` `files`, plus `package.json` itself, which `npm pack` always includes). Skipped commits land in a new `NON_SHIPPED_SKIPPED` summary bucket framed as informational — non-shipping commits cannot affect the package, so the skip needs no operator action. The shipped-paths classifier lives in `scripts/diff-touches-shipped-paths.cjs` so its rules (file-OR-directory prefix matching `npm pack` semantics, the always-shipped rule for `package.json`, the lockfile-not-shipped rule) are unit-testable. Regression covered by `tests/bug-2980-hotfix-only-picks-shipping-changes.test.cjs`. (#2980)
 - **`release-sdk` hotfix workflow fails on real run with `npm error Version not changed`** — the `release` job's `Bump in-tree version (not committed)` step ran `npm version "$VERSION"` without `--allow-same-version`, so it errored on real (non-dry-run) hotfix runs because `prepare` had already committed the bump on the hotfix branch. The release job's checkout `ref` is asymmetric — `BRANCH` (already bumped) on real runs vs `BASE_TAG` (older version) on dry-runs — which is why dry-run never caught the bug. Both `npm version` calls in that step now pass `--allow-same-version`, matching the existing pattern in `release.yml:326`. (#2976)
 - **Stale deleted command references updated across workflow files** — `help.md`, `do.md`, `settings.md`, `discuss-phase.md`, `new-project.md`, `plan-phase.md`, `spike.md`, and `sketch.md` referenced command names removed in #2790; updated to new consolidated equivalents. (#2950)
 - **`spike --wrap-up` now dispatches correctly** — `/gsd-spike --wrap-up` was silently no-oping because the flag dispatch wiring was omitted when the micro-skill entry point was absorbed in #2790. (#2948)
 - **`config-get context_window` returns `200000` when key absent** — querying an unset `context_window` previously exited 1 with "Key not found", surfacing a confusing error in planning logs even though the workflow fallback worked correctly. `cmdConfigGet` now consults a `SCHEMA_DEFAULTS` map and returns the documented default (`200000`, exit 0) for absent schema-defaulted keys; unknown absent keys still error as before. (#2943)
 - **`gap-analysis` now parses non-`REQ-` requirement IDs and ignores traceability table headers** — `parseRequirements()` no longer hard-codes the `REQ-` prefix and now accepts uppercase prefixed IDs such as `TST-01`, `BACK-07`, and `INSP-04`; markdown table header rows (for example `| REQ-ID | ... |`) are excluded so header tokens are not reported as phantom uncovered requirements. Added regression coverage for mixed-prefix REQUIREMENTS files with traceability tables. (#2897)
 - **Gemini slash commands namespaced as `/gsd:<cmd>` instead of `/gsd-<cmd>`** —
  Gemini CLI namespaces commands under `gsd:`, so `/gsd-plan-phase` was unexecutable.
  Body-text references in commands, agents, banners, and patch-reapply hints are now
  converted via a roster-checked regex (boundary lookbehind + extension-aware
  lookahead + roster lookup, defense-in-depth). The roster fail-loud guard prevents
  silent no-op'ing if `commands/gsd/` is ever missing. (#2768, #2783)
 - **`SKILL.md` description quoted for Copilot / Antigravity / Trae / CodeBuddy** —
  descriptions starting with a YAML 1.2 flow indicator (`[BETA]`, `{`, `*`, `&`, `!`,
  `|`, `>`, `%`, `@`, backtick) crashed gh-copilot's strict YAML loader. Six emission
  sites now wrap descriptions in `yamlQuote(...)` (= `JSON.stringify`, a valid YAML
  1.2 double-quoted scalar). (#2876)
 - **`gsd-tools` invocations use the absolute installed path** — bare `gsd-tools …`
  calls inside skill bodies relied on PATH resolution that is not guaranteed in every
  runtime; replaced with the absolute path emitted at install time. (#2851)
 - **Codex installer preserves trailing newline when stripping legacy hooks** — the
  legacy-hook strip in the Codex installer ran against files with no terminating
  newline at EOF and emitted a config that lost the newline, breaking downstream
  parsers. (#2866)
 - **GSD slash command namespace drift cleaned up across docs, workflows, and autocomplete** — remaining active `/gsd:<cmd>` references now use canonical `/gsd-<cmd>`, escaped workflow `Skill(skill=\"gsd:...\")` prompts now use hyphenated skill names, `scripts/fix-slash-commands.cjs` rewrites retired colon syntax to hyphen syntax, and the extract-learnings command file now uses `extract-learnings.md` so generated Claude/Qwen skill autocomplete exposes `gsd-extract-learnings` instead of `gsd-extract_learnings`. (#2855)
 - **`extractCurrentMilestone` no longer truncates ROADMAP.md at heading-like lines inside fenced code blocks** — the milestone-end search now scans line-by-line while tracking ` ``` ` / `~~~` fence state, so a line like `# Ops runbook (v1.0 compat)` inside a code block no longer acts as a milestone boundary. Previously, any phase defined after such a block was invisible to `roadmap analyze`, `roadmap get-phase`, `/gsd-autonomous`, and all phase-number commands. (#2787)
 - **Codex install no longer corrupts existing `~/.codex/config.toml`** — the installer
@@ -320,10 +307,19 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
  pre-existing sentinel force-removes the orphan worktree before starting fresh, making
  the agent self-healing across crashes. (#2839)
-### Performance
+
- **`discuss-phase` lazy file loading** — entry-point `@file` directives replaced with
+## [1.39.1] - 2026-05-01
-  on-demand `Read()` calls gated behind mode routing. Tokens loaded at skill entry drop
+
-  from ~13k to near zero; only the branch actually invoked is loaded. (#2606)
+Hotfix release. Cherry-picks user-facing fixes from `main` onto the v1.39.0 stable
 line. Install: `npm install -g get-shit-done-cc@latest` (or `@1.39.1` to pin).
 ### Fixed
 - **`gsd-sdk query agent-skills` emits raw `<agent_skills>` block instead of JSON-wrapped string** — workflows that embed via `$(gsd-sdk query agent-skills <agent>)` were receiving a JSON-quoted string literal mid-prompt (e.g. `"<agent_skills>\n…"`), silently breaking all `<agent_skills>` injection into spawned subagents. The CLI dispatcher now honors an opt-in `format: 'text'` field on `QueryResult` and writes such results raw via `process.stdout.write`; `--pick` always returns JSON regardless. (#2917)
 - **`sketch --wrap-up` now dispatches correctly** — `/gsd-sketch --wrap-up` was silently no-oping because the flag dispatch wiring was omitted when the micro-skill entry point was absorbed in #2790. (#2949)
 - **`help.md` no longer advertises eight slash commands removed by the #2824 consolidation** — `/gsd-do`, `/gsd-note`, `/gsd-check-todos`, `/gsd-plant-seed`, `/gsd-research-phase`, `/gsd-list-phase-assumptions`, `/gsd-plan-milestone-gaps`, and `/gsd-join-discord` were removed when 86 skills were folded into 59. `help.md` was not updated alongside, so users typing the documented commands hit *Unknown command*. Each entry is now either rewritten to the surviving flag-based dispatcher (e.g., `/gsd-do …` → `/gsd-progress --do "…"`, `/gsd-note` → `/gsd-capture --note`, `/gsd-plant-seed` → `/gsd-capture --seed`, `/gsd-check-todos` → `/gsd-capture --list`) or removed for skills with no replacement. A regression test now asserts every `/gsd-*` reference in `help.md` has a matching `commands/gsd/*.md` stub. (#2954)
 - **`--sdk` install on Windows now writes a callable `gsd-sdk` shim** — `npx get-shit-done-cc@latest --claude --global --sdk` on Windows previously left `gsd-sdk` off PATH because `trySelfLinkGsdSdk` returned `null` unconditionally on `win32` (a missed gap from #2775's POSIX self-link, not an intentional deferral). The function now dispatches to a Windows counterpart that writes the standard npm shim triple (`gsd-sdk.cmd`, `gsd-sdk.ps1`, and a Bash wrapper) to npm's global bin, so `gsd-sdk` resolves in a fresh shell across cmd.exe, PowerShell, and Cygwin/MSYS/Git-Bash. A new regression guard in `tests/no-unconditional-win32-skip.test.cjs` blocks any future `if (process.platform === 'win32') return null;` skip-only branches in `bin/install.js`. (#2962)
 - **`/gsd-reapply-patches` Step 5 gate is now deterministic — no more silent content drops** — the prior gate parsed a Claude-generated *Hunk Verification Table* whose `verified: yes` rows were filled in without actually checking content presence, leading to merged files that lost user-added blocks (e.g., a `<visual_companion>` section, an `--execute-only` flag block) while the workflow reported success. The gate now invokes a Node script (`scripts/verify-reapply-patches.cjs`) that diffs each backup against the pristine baseline, computes the user-added significant lines, and asserts each one is present in the merged file. Exits non-zero with a per-file diagnostic on any miss; the workflow halts and surfaces the JSON output to the user. The verifier ignores low-signal lines (too short, pure whitespace, decorative comments) so trivial differences don't trigger false failures. Out of scope here: the manifest-baseline tightening described in #2969 Failure 1 — that's separate work. (#2969)
 ## [1.38.5] - 2026-04-25
--- a/CONTEXT.md
+++ b/CONTEXT.md
@@ -0,0 +1,41 @@
 # Context
 ## Domain terms
 ### Dispatch Policy Module
 Module owning dispatch error mapping, fallback policy, timeout classification, and CLI exit mapping contract.
 Canonical error kind set:
 - `unknown_command`
 - `native_failure`
 - `native_timeout`
 - `fallback_failure`
 - `validation_error`
 - `internal_error`
 ### Command Definition Module
 Canonical command metadata Interface powering alias, catalog, and semantics generation.
 ### Query Runtime Context Module
 Module owning query-time context resolution for `projectDir` and `ws`, including precedence and validation policy used by query adapters.
 ### Native Dispatch Adapter Module
 Adapter Module that satisfies native query dispatch at the Dispatch Policy seam, so policy modules consume a focused dispatch Interface instead of closure-wired call sites.
 ### Query CLI Output Module
 Module owning projection from dispatch results/errors to CLI `{ exitCode, stdoutChunks, stderrLines }` output contract.
 ### Query Execution Policy Module
 Module owning query transport routing policy projection (`preferNative`, fallback policy, workstream subprocess forcing) at execution seam.
 ### Query Subprocess Adapter Module
 Adapter Module owning subprocess execution contract for query commands (JSON/raw invocation, `@file:` indirection parsing, timeout/exit error projection).
 ### Query Command Resolution Module
 Canonical command normalization and resolution Interface (`query-command-resolution-strategy`) used by internal query/transport paths after dead-wrapper convergence.
 ### Command Topology Module
 Module owning command resolution, policy projection (`mutation`, `output_mode`), unknown-command diagnosis, and handler Adapter binding at one seam for query dispatch.
 ### Query Pre-Project Config Policy Module
 Module policy that defines query-time behavior when `.planning/config.json` is absent: use built-in defaults for parity-sensitive query Interfaces, and emit parity-aligned empty model ids for pre-project model resolution surfaces.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -81,6 +81,20 @@ PRs that arrive without a properly-labeled linked issue are closed automatically
 ## Pull Request Guidelines
 ### Architecture & Domain Standards (Maintainer-Defined)
 The following files are maintainer-owned coding standards and must be treated as canonical when contributing:
 - `CONTEXT.md` — domain language and module naming standards
 - `docs/adr/` — Architecture Decision Records (ADRs) for accepted architectural decisions
 Contributor requirements:
 - Read `CONTEXT.md` before naming or refactoring modules/interfaces/seams.
 - Use `CONTEXT.md` vocabulary consistently in code comments, tests, issue/PR text, and docs for the touched area.
 - Check relevant ADRs in `docs/adr/` before proposing or implementing architectural changes.
 - If a change intentionally revisits an ADR decision, call it out explicitly in the linked issue and PR rationale.
 - Do not rewrite maintainer intent in `CONTEXT.md`/ADRs as part of drive-by cleanup; propose focused updates tied to approved scope.
 **Every PR must link to an approved issue.** PRs without a linked issue are closed without review, no exceptions.
 - **No draft PRs** — draft PRs are automatically closed. Only open a PR when it is complete, tested, and ready for review. If your work is not finished, keep it on your local branch until it is.
@@ -91,6 +105,23 @@ PRs that arrive without a properly-labeled linked issue are closed automatically
 - **CI must pass** — all matrix jobs (Ubuntu × Node 22, 24; macOS × Node 24) must be green
 - **Scope matches the approved issue** — if your PR does more than what the issue describes, the extra changes will be asked to be removed or moved to a new issue
 ## CHANGELOG Entries — Drop a Fragment
 **Do not edit `CHANGELOG.md` directly.** Two PRs that both append to a `### Fixed` block always conflict on merge — git can't pick a serialization order without a human. Instead, every PR with user-facing changes drops a fragment file in `.changeset/`.
 ```bash
 npm run changeset -- --type Fixed --pr <YOUR_PR_NUMBER> \
  --body "**\`/gsd-foo\` no longer drops trailing slashes** — explain the user-visible change."
 ```
 This writes `.changeset/<adjective>-<noun>-<noun>.md`. Three random words → concurrent PRs never collide. Allowed `type:` values follow [Keep a Changelog](https://keepachangelog.com/): `Added`, `Changed`, `Deprecated`, `Removed`, `Fixed`, `Security`.
 Fragments are consolidated into `CHANGELOG.md` at release time by the release workflow. See [`.changeset/README.md`](.changeset/README.md) for the format spec and [#2975](https://github.com/gsd-build/get-shit-done/issues/2975) for the rationale.
 **CI enforcement:** the `Changeset Required` workflow (`scripts/changeset/lint.cjs`) fails any PR that touches `bin/`, `get-shit-done/`, `agents/`, `commands/`, `hooks/`, or `sdk/src/` without a `.changeset/*.md` fragment.
 **Opt-out:** PRs with no user-facing impact (test refactors, lint config changes, CI tweaks, formatting-only changes) can add the `no-changelog` label. The lint honors it. When unsure whether a change is user-facing, **add the fragment**.
 ## Testing Standards
 All tests use Node.js built-in test runner (`node:test`) and assertion library (`node:assert`). **Do not use Jest, Mocha, Chai, or any external test framework.**
@@ -487,6 +518,14 @@ Run locally before pushing: `npm run lint:tests`
 ### Test Requirements by Contribution Type
 ### Architecture-Aware Testing Requirements
 When work touches architecture, routing, policy, registry assembly, or command semantics:
 - Write tests against module **interfaces** and seam behavior, not implementation trivia.
 - Prefer invariant/contract tests that protect ADR-backed behavior and `CONTEXT.md` terminology.
 - Ensure tests validate canonical behavior through the defined seam (for example: structured result contracts, canonical command metadata, and adapter parity), not source-text coupling.
 - If ADRs define expected behavior, tests should assert those expectations directly.
 The required tests differ depending on what you are contributing:
 **Bug Fix:** A regression test is required. Write the test first — it must demonstrate the original failure before your fix is applied, then pass after the fix. A PR that fixes a bug without a regression test will be asked to add one. "Tests pass" does not prove correctness; it proves the bug isn't present in the tests that exist.
--- a/README.md
+++ b/README.md
@@ -651,7 +651,7 @@ You're never locked in. The system adapts.
 | Command | What it does |
 |---------|--------------|
-| `/gsd-new-workspace` | Create isolated workspace with repo copies (worktrees or clones) |
+| `/gsd-workspace --new` | Create isolated workspace with repo copies (worktrees or clones) |
 | `/gsd-list-workspaces` | Show all GSD workspaces and their status |
 | `/gsd-remove-workspace` | Remove workspace and clean up worktrees |
@@ -698,7 +698,6 @@ You're never locked in. The system adapts.
 | `/gsd-edit-phase [N] [--force]` | Modify any field of an existing phase in place — number and position unchanged |
 | `/gsd-remove-phase [N]` | Remove future phase, renumber |
 | `/gsd-list-phase-assumptions [N]` | See Claude's intended approach before planning |
 | `/gsd-plan-milestone-gaps` | Create phases to close gaps from audit |
 ### Session
@@ -740,7 +739,7 @@ You're never locked in. The system adapts.
 | `/gsd-settings` | Configure model profile and workflow agents |
 | `/gsd-set-profile <profile>` | Switch model profile (quality/balanced/budget/inherit) |
 | `/gsd-add-todo [desc]` | Capture idea for later |
-| `/gsd-check-todos` | List pending todos |
+| `/gsd-capture --list` | List pending todos |
 | `/gsd-debug [desc]` | Systematic debugging with persistent state |
 | `/gsd-do <text>` | Route freeform text to the right GSD command automatically |
 | `/gsd-note <text>` | Zero-friction idea capture — append, list, or promote notes to todos |
--- a/agents/gsd-code-fixer.md
+++ b/agents/gsd-code-fixer.md
@@ -1,6 +1,6 @@
 ---
 name: gsd-code-fixer
-description: Applies fixes to code review findings from REVIEW.md. Reads source files, applies intelligent fixes, and commits each fix atomically. Spawned by /gsd-code-review-fix.
+description: Applies fixes to code review findings from REVIEW.md. Reads source files, applies intelligent fixes, and commits each fix atomically. Spawned by /gsd-code-review --fix.
 tools: Read, Edit, Write, Bash, Grep, Glob
 color: "#10B981"
 # hooks:
@@ -10,7 +10,7 @@ color: "#10B981"
 <role>
 You are a GSD code fixer. You apply fixes to issues found by the gsd-code-reviewer agent.
-Spawned by `/gsd-code-review-fix` workflow. You produce REVIEW-FIX.md artifact in the phase directory.
+Spawned by `/gsd-code-review --fix` workflow. You produce REVIEW-FIX.md artifact in the phase directory.
 Your job: Read REVIEW.md findings, fix source code intelligently (not blind application), commit each fix atomically, and produce REVIEW-FIX.md report.
@@ -231,39 +231,63 @@ test -n "$branch" || { echo "Detached HEAD is not supported for review-fix (#268
 sentinel="${phase_dir}/.review-fix-recovery-pending.json"
 if [ -f "$sentinel" ]; then
  echo "Detected pre-existing recovery sentinel from a prior interrupted run: $sentinel"
-  prior_wt=$(node -e '
+  # Recovery must extract BOTH worktree_path AND reviewfix_branch (#3001 CR):
  # if a prior run died after `git worktree remove` but before
  # `git branch -D`, the orphan branch survives and clutters `git branch`
  # output forever. Emit both fields newline-separated so we can read them
  # independently.
  prior_recovery=$(node -e '
    const fs = require("fs");
    try {
      const parsed = JSON.parse(fs.readFileSync(process.argv[1], "utf-8"));
-      process.stdout.write(parsed.worktree_path || "");
+      process.stdout.write((parsed.worktree_path || "") + "\n" + (parsed.reviewfix_branch || ""));
    } catch (err) {
      process.stderr.write(`Warning: malformed recovery sentinel ${process.argv[1]}: ${err.message}\n`);
-      process.stdout.write("");
+      process.stdout.write("\n");
    }
  ' "$sentinel")
  prior_wt="$(printf '%s' "$prior_recovery" | sed -n '1p')"
  prior_branch="$(printf '%s' "$prior_recovery" | sed -n '2p')"
  if [ -n "$prior_wt" ] && git worktree list --porcelain | grep -q "^worktree $prior_wt$"; then
    echo "Removing orphan worktree from prior run: $prior_wt"
    git worktree remove "$prior_wt" --force || true
  fi
  if [ -n "$prior_branch" ]; then
    # Best-effort: branch may already be gone (cleaned by an earlier
    # partial recovery, or never created if `git worktree add -b` itself
    # failed). `|| true` keeps recovery non-fatal.
    echo "Removing orphan reviewfix branch from prior run: $prior_branch"
    git branch -D "$prior_branch" 2>/dev/null || true
  fi
  rm -f "$sentinel"
 fi
 wt=$(mktemp -d "/tmp/sv-${padded_phase}-reviewfix-XXXXXX")
-git worktree add "$wt" "$branch"
+
 # Create a temp branch from the current branch tip so the worktree
 # attaches to that NEW branch rather than the user's currently-checked-out
 # branch (#2990: git refuses to check out the same branch in two
 # worktrees by default; the original `git worktree add "$wt" "$branch"`
 # failed before the agent could do any work). The temp branch shares
 # history with $branch up to the moment of creation, so commits made
 # inside the worktree fast-forward $branch on cleanup.
 reviewfix_branch="gsd-reviewfix/${padded_phase}-$$"
 git worktree add -b "$reviewfix_branch" "$wt" "$branch"
 # Write the recovery sentinel ONLY AFTER `git worktree add` succeeds.
 # Writing it before would leave a sentinel pointing at a worktree that does
 # not exist if `git worktree add` itself failed.
 node -e '
  const fs = require("fs");
-  const [sentinelPath, worktree_path, branch, padded_phase] = process.argv.slice(1);
+  const [sentinelPath, worktree_path, branch, reviewfix_branch, padded_phase] = process.argv.slice(1);
  fs.writeFileSync(sentinelPath, JSON.stringify({
    worktree_path,
    branch,
    reviewfix_branch,
    padded_phase,
    started_at: new Date().toISOString()
  }, null, 2));
-' "$sentinel" "$wt" "$branch" "$padded_phase"
+' "$sentinel" "$wt" "$branch" "$reviewfix_branch" "$padded_phase"
 cd "$wt"
 ```
@@ -271,32 +295,64 @@ cd "$wt"
 Concrete steps:
 1. Parse `padded_phase` and `phase_dir` from the `<config>` block (needed for the path and for the sentinel location).
 2. Resolve the current branch: `branch=$(git branch --show-current)`. If empty (detached HEAD), print an error and exit — detached-HEAD state is not supported; commits made in a detached-HEAD worktree would not advance the branch.
-3. **Recovery check (#2839):** If `${phase_dir}/.review-fix-recovery-pending.json` already exists, a prior run was interrupted. Parse the JSON, attempt to remove the orphan worktree it points at (best-effort, with `--force`), then delete the stale sentinel before continuing. This makes a re-run of `/gsd-code-review-fix` self-healing.
+3. **Recovery check (#2839, #2990):** If `${phase_dir}/.review-fix-recovery-pending.json` already exists, a prior run was interrupted. Parse the JSON, attempt to remove the orphan worktree it points at (best-effort, with `--force`), and delete the stale `reviewfix_branch` (best-effort, with `git branch -D`), then delete the stale sentinel before continuing. This makes a re-run of `/gsd-code-review --fix` self-healing.
 4. Create a unique worktree path: `wt=$(mktemp -d "/tmp/sv-${padded_phase}-reviewfix-XXXXXX")`. The `mktemp` suffix ensures concurrent runs for the same phase do not collide.
-5. Run `git worktree add "$wt" "$branch"` — this attaches the worktree to the current branch so commits advance it.
+5. Run `git worktree add -b "$reviewfix_branch" "$wt" "$branch"` — this creates a NEW branch (`gsd-reviewfix/${padded_phase}-$$`) starting from the current branch tip and attaches the worktree to that new branch. Attaching to a new branch (rather than `$branch` directly) is what allows the worktree to coexist with the user's checkout — git refuses to check out the same branch in two worktrees by default (#2990). Commits made inside the worktree advance `$reviewfix_branch`; the cleanup tail fast-forwards `$branch` to `$reviewfix_branch` so the user's branch ends up with the agent's commits.
-6. **Write the recovery sentinel** at `${phase_dir}/.review-fix-recovery-pending.json` containing `{worktree_path, branch, padded_phase, started_at}`. Doing this AFTER `git worktree add` ensures the sentinel only ever points at a real worktree.
+6. **Write the recovery sentinel** at `${phase_dir}/.review-fix-recovery-pending.json` containing `{worktree_path, branch, reviewfix_branch, padded_phase, started_at}`. Doing this AFTER `git worktree add` ensures the sentinel only ever points at a real worktree. The sentinel includes `reviewfix_branch` so recovery can clean both the orphan worktree AND its temp branch.
-7. All subsequent file reads, edits, and commits happen inside `$wt`.
+7. All subsequent file reads, edits, and commits happen inside `$wt` (which is on `$reviewfix_branch`, not `$branch`).
-**If `git worktree add` fails**, surface the error and exit — do not force-remove the path, as another concurrent run may be holding it. Do not write the sentinel (the worktree does not exist).
+**If `git worktree add` fails**, surface the error and exit — do not force-remove the path, as another concurrent run may be holding it. Do not write the sentinel (the worktree does not exist). Do not delete `$reviewfix_branch` either; if `-b` failed, no temp branch was created.
-**Cleanup tail (transactional, ALWAYS — even on failure):** After writing REVIEW-FIX.md and before returning to the orchestrator, run the two-step cleanup in this exact order:
+**Cleanup tail (transactional, ALWAYS — even on failure):** After writing REVIEW-FIX.md and before returning to the orchestrator, run the cleanup in this exact order:
 ```bash
-# Step 1: drop the worktree FIRST. If this succeeds and the process is then
+# Step 1 (#2990): fast-forward $branch to capture the commits the agent
-# killed, the next run finds a sentinel pointing at a worktree that no longer
+# made on $reviewfix_branch. Run from the main repo (not $wt) — the user's
-# exists — the recovery branch handles this gracefully (best-effort remove +
+# checkout owns $branch. --ff-only ensures we never silently drop or
-# sentinel delete). If we reversed the order (sentinel removed first, then
+# rewrite history if the user committed to $branch concurrently; on
-# worktree remove), an interruption between the two steps would leave NO
+# divergence, this fails loudly and the temp branch is left for the
-# sentinel and an orphan worktree — exactly the bug from #2839.
+# user to inspect/merge manually. We deliberately resolve the main repo
 # path via `git worktree list --porcelain` rather than assuming $PWD,
 # because the agent ran inside $wt.
 # Strip the literal "worktree " prefix and print the rest of the line, then
 # exit on the first match. This preserves paths that contain spaces
 # (awk '$2' would truncate "/path/with spaces/repo" to "/path/with").
 main_repo="$(git worktree list --porcelain | awk '/^worktree / { sub(/^worktree /, ""); print; exit }')"
 ff_status=0
 # Capture the exit code of `git merge` directly. `if ! cmd; then ff_status=$?`
 # captures the exit code of the `!` operator (always 1 when the inner cmd
 # failed) — masking the real merge exit code. Use the success/else split
 # instead so $? in the else-branch is the merge command's exit code.
 if git -C "$main_repo" merge --ff-only "$reviewfix_branch" 2>&1; then
  ff_status=0
 else
  ff_status=$?
  echo "WARN: could not fast-forward $branch to $reviewfix_branch (exit $ff_status)."
  echo "      The temp branch $reviewfix_branch is preserved for manual merge."
 fi
 # Step 2: drop the worktree. If this succeeds and the process is then
 # killed, the next run finds a sentinel pointing at a worktree that no
 # longer exists — the recovery branch handles this gracefully (best-effort
 # remove + sentinel delete). If we reversed the order (sentinel removed
 # first, then worktree remove), an interruption between the two steps
 # would leave NO sentinel and an orphan worktree — exactly the bug from
 # #2839.
 git worktree remove "$wt" --force
-# Step 2: drop the recovery sentinel ONLY after `git worktree remove` returns
+# Step 3: delete the temp branch ONLY if the fast-forward succeeded. If
-# successfully. This atomic-ish ordering is what makes the cleanup tail
+# it didn't, leaving the branch lets the user inspect/merge manually.
-# transactional from the orchestrator's perspective.
+if [ "$ff_status" -eq 0 ]; then
  git -C "$main_repo" branch -D "$reviewfix_branch" || true
 fi
 # Step 4: drop the recovery sentinel ONLY after `git worktree remove`
 # returns successfully. This atomic-ish ordering is what makes the
 # cleanup tail transactional from the orchestrator's perspective.
 rm -f "$sentinel"
 ```
-This cleanup is unconditional — register it mentally as a finally-block obligation. If the agent exits early (config error, no findings, etc.), still run the two-step cleanup tail (`git worktree remove "$wt" --force` followed by `rm -f "$sentinel"`) before exit. The sentinel must NEVER be removed before `git worktree remove` succeeds.
+This cleanup is unconditional — register it mentally as a finally-block obligation. If the agent exits early (config error, no findings, etc.), still run the cleanup tail in order (fast-forward → worktree remove → temp branch delete → sentinel rm) before exit. The sentinel must NEVER be removed before `git worktree remove` succeeds. The temp branch must NEVER be deleted while the fast-forward is in a diverged state.
 </step>
 <step name="load_context">
@@ -528,9 +584,9 @@ _Iteration: {N}_
 <critical_rules>
-**ALWAYS run inside the isolated worktree** — set up via `branch=$(git branch --show-current)` + `wt=$(mktemp -d "/tmp/sv-${padded_phase}-reviewfix-XXXXXX")` + `git worktree add "$wt" "$branch"` at the very start (see `setup_worktree` step). Using `mktemp` ensures concurrent runs do not collide. Attaching to `$branch` (not `HEAD`) ensures commits advance the branch. Every file read, edit, and commit must happen inside `$wt`. Run `git worktree remove "$wt" --force` unconditionally when done (treat it as a finally block). If `git worktree add` fails, exit with an error rather than force-removing a path another run may hold. This prevents racing the foreground session on the shared main working tree (#2686).
+**ALWAYS run inside the isolated worktree** — set up via `branch=$(git branch --show-current)` + `wt=$(mktemp -d "/tmp/sv-${padded_phase}-reviewfix-XXXXXX")` + `git worktree add -b "$reviewfix_branch" "$wt" "$branch"` at the very start (see `setup_worktree` step). Using `mktemp` ensures concurrent runs do not collide. Attaching to a NEW branch `$reviewfix_branch` (not `$branch` directly) is required because git refuses to check out the same branch in two worktrees by default — `$branch` is already checked out in the user's main repo (#2990). Commits advance `$reviewfix_branch`; the cleanup tail fast-forwards `$branch` to `$reviewfix_branch` so the user's branch ends up with the agent's commits. Every file read, edit, and commit must happen inside `$wt`. Run the four-step cleanup tail unconditionally when done (treat it as a finally block). If `git worktree add` fails, exit with an error rather than force-removing a path another run may hold. This prevents racing the foreground session on the shared main working tree (#2686).
-**ALWAYS run the transactional cleanup tail in order** (#2839): `git worktree remove "$wt" --force` MUST happen BEFORE `rm -f "$sentinel"` (the recovery sentinel at `${phase_dir}/.review-fix-recovery-pending.json`). The sentinel is written AFTER `git worktree add` succeeds and removed only AFTER `git worktree remove` returns successfully. This ordering is what makes the cleanup tail transactional — an interruption between commits and `git worktree remove` leaves the sentinel behind so a future run, `/gsd-resume-work`, or `/gsd-progress` can detect and complete the recovery. Reversing the order recreates the orphan-worktree bug.
+**ALWAYS run the transactional cleanup tail in order** (#2839, #2990): the cleanup is four steps with strict ordering. (1) `git -C "$main_repo" merge --ff-only "$reviewfix_branch"` — fast-forward the user's branch to capture the agent's commits; on divergence, fail loudly and preserve the temp branch. (2) `git worktree remove "$wt" --force`. (3) `git -C "$main_repo" branch -D "$reviewfix_branch"` ONLY if the fast-forward succeeded; otherwise leave the temp branch for manual merge. (4) `rm -f "$sentinel"` (the recovery sentinel at `${phase_dir}/.review-fix-recovery-pending.json`). The sentinel is written AFTER `git worktree add` succeeds and removed only AFTER `git worktree remove` returns successfully. The temp branch is deleted only when the fast-forward succeeded. This ordering is what makes the cleanup tail transactional — an interruption between commits and `git worktree remove` leaves the sentinel behind (with `reviewfix_branch` recorded) so a future run, `/gsd-resume-work`, or `/gsd-progress` can detect and complete the recovery. Reversing the order recreates the orphan-worktree bug.
 **ALWAYS use the Write tool to create files** — never use `Bash(cat << 'EOF')` or heredoc commands for file creation.
--- a/bin/install.js
+++ b/bin/install.js
--- a/commands/gsd/complete-milestone.md
+++ b/commands/gsd/complete-milestone.md
@@ -43,7 +43,10 @@ Output: Milestone archived (roadmap + requirements), PROJECT.md evolved, git tag
   - Look for `.planning/v{{version}}-MILESTONE-AUDIT.md`
   - If missing or stale: recommend `/gsd-audit-milestone` first
-   - If audit status is `gaps_found`: recommend `/gsd-plan-milestone-gaps` first
+   - If audit status is `gaps_found`: recommend closing the gaps inline
     (the audit output already enumerates them — insert closure phases
     via `/gsd-phase --insert <N>` plus the standard
     discuss/plan/execute chain) before proceeding.
   - If audit status is `passed`: proceed to step 1
   ```markdown
@@ -54,8 +57,11 @@ Output: Milestone archived (roadmap + requirements), PROJECT.md evolved, git tag
   requirements coverage, cross-phase integration, and E2E flows.
   {If audit has gaps:}
-   ⚠ Milestone audit found gaps. Run `/gsd-plan-milestone-gaps` to create
+   ⚠ Milestone audit found gaps. The audit output already enumerates the
-   phases that close the gaps, or proceed anyway to accept as tech debt.
+   unsatisfied requirements, cross-phase issues, and broken flows — insert
   a closure phase per gap with `/gsd-phase --insert <N>` and run the
   standard `/gsd-discuss-phase` → `/gsd-plan-phase` → `/gsd-execute-phase`
   chain. Or proceed anyway to accept the gaps as tech debt.
   {If audit passed:}
   ✓ Milestone audit passed. Proceeding with completion.
--- a/commands/gsd/plan-phase.md
+++ b/commands/gsd/plan-phase.md
@@ -1,7 +1,7 @@
 ---
 name: gsd:plan-phase
 description: Create detailed phase plan (PLAN.md) with verification loop
-argument-hint: "[phase] [--auto] [--research] [--skip-research] [--gaps] [--skip-verify] [--prd <file>] [--reviews] [--text] [--tdd] [--mvp]"
+argument-hint: "[phase] [--auto] [--research] [--skip-research] [--research-phase <N>] [--view] [--gaps] [--skip-verify] [--prd <file>] [--reviews] [--text] [--tdd] [--mvp]"
 agent: gsd-planner
 allowed-tools:
  - Read
@@ -19,6 +19,13 @@ Create executable phase prompts (PLAN.md files) for a roadmap phase with integra
 **Default flow:** Research (if needed) → Plan → Verify → Done
 **Research-only mode (`--research-phase <N>`):** Spawn `gsd-phase-researcher` for phase `N`, write `RESEARCH.md`, then exit before the planner runs. Useful for cross-phase research, doc review before committing to a planning approach, and correction-without-replanning loops where iterating on research alone is dramatically cheaper than re-spawning the planner. Replaces the deleted `/gsd-research-phase` command (#3042).
 **Research-only modifiers:**
 - **No flag** — when `RESEARCH.md` already exists, prompt the user to choose `update / view / skip`.
 - **`--research`** — force-refresh: re-spawn the researcher unconditionally, no prompt. Skips the existing-RESEARCH.md menu.
 - **`--view`** — view-only: print existing `RESEARCH.md` to stdout. Does not spawn the researcher. Cheapest mode for the correction-without-replanning loop. If no `RESEARCH.md` exists yet, errors with a hint to drop `--view`.
 **Orchestrator role:** Parse arguments, validate phase, research domain (unless skipped), spawn gsd-planner, verify with gsd-plan-checker, iterate until pass or max iterations, present results.
 </objective>
--- a/docs/AGENTS.md
+++ b/docs/AGENTS.md
@@ -1,6 +1,6 @@
 # GSD Agent Reference
-> Full role cards for 21 primary agents plus concise stubs for 10 advanced/specialized agents (31 shipped agents total). The `agents/` directory and [`docs/INVENTORY.md`](INVENTORY.md) are the authoritative roster; see [Architecture](ARCHITECTURE.md) for context.
+> Full role cards for 21 primary agents plus concise stubs for 12 advanced/specialized agents (33 shipped agents total). The `agents/` directory and [`docs/INVENTORY.md`](INVENTORY.md) are the authoritative roster; see [Architecture](ARCHITECTURE.md) for context.
 ---
@@ -10,7 +10,7 @@ GSD uses a multi-agent architecture where thin orchestrators (workflow files) sp
 ### Agent Categories
-> The table below covers the **21 primary agents** detailed in this section. Ten additional shipped agents (pattern-mapper, debug-session-manager, code-reviewer, code-fixer, ai-researcher, domain-researcher, eval-planner, eval-auditor, framework-selector, intel-updater) have concise stubs in the [Advanced and Specialized Agents](#advanced-and-specialized-agents) section below. For the authoritative 31-agent roster, see [`docs/INVENTORY.md`](INVENTORY.md) and the `agents/` directory.
+> The table below covers the **21 primary agents** detailed in this section. Twelve additional shipped agents (pattern-mapper, debug-session-manager, code-reviewer, code-fixer, ai-researcher, domain-researcher, eval-planner, eval-auditor, framework-selector, intel-updater, doc-classifier, doc-synthesizer) have concise stubs in the [Advanced and Specialized Agents](#advanced-and-specialized-agents) section below. For the authoritative 33-agent roster, see [`docs/INVENTORY.md`](INVENTORY.md) and the `agents/` directory.
 | Category | Count | Agents |
 |----------|-------|--------|
@@ -480,7 +480,7 @@ Communication style, decision patterns, debugging approach, UX preferences, vend
 ## Advanced and Specialized Agents
-Ten additional agents ship under `agents/gsd-*.md` and are used by specialty workflows (`/gsd-ai-integration-phase`, `/gsd-eval-review`, `/gsd-code-review`, `/gsd-code-review-fix`, `/gsd-debug`, `/gsd-intel`, `/gsd-select-framework`) and by the planner pipeline. Each carries full frontmatter in its agent file; the stubs below are concise by design. The authoritative roster (with spawner and primary-doc status per agent) lives in [`docs/INVENTORY.md`](INVENTORY.md).
+Twelve additional agents ship under `agents/gsd-*.md` and are used by specialty workflows (`/gsd-ai-integration-phase`, `/gsd-eval-review`, `/gsd-code-review`, `/gsd-code-review --fix`, `/gsd-debug`, `/gsd-intel`, `/gsd-select-framework`, `/gsd-ingest-docs`) and by the planner pipeline. Each carries full frontmatter in its agent file; the stubs below are concise by design. The authoritative roster (with spawner and primary-doc status per agent) lives in [`docs/INVENTORY.md`](INVENTORY.md).
 ### gsd-pattern-mapper
@@ -548,7 +548,7 @@ Ten additional agents ship under `agents/gsd-*.md` and are used by specialty wor
 | Property | Value |
 |----------|-------|
-| **Spawned by** | `/gsd-code-review-fix` |
+| **Spawned by** | `/gsd-code-review --fix` |
 | **Parallelism** | Single instance |
 | **Tools** | Read, Edit, Write, Bash, Grep, Glob |
 | **Model (balanced)** | Sonnet |
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -111,14 +111,25 @@ Multiple layers prevent common failure modes:
 User-facing entry points. Each file contains YAML frontmatter (name, description, allowed-tools) and a prompt body that bootstraps the workflow. Commands are installed as:
- **Claude Code:** Custom slash commands (`/gsd-command-name`)
+- **Claude Code:** Custom slash commands (hyphen form, `/gsd-command-name`)
- **OpenCode / Kilo:** Slash commands (`/gsd-command-name`)
+- **OpenCode / Kilo:** Slash commands (hyphen form, `/gsd-command-name`)
 - **Codex:** Skills (`$gsd-command-name`)
- **Copilot:** Slash commands (`/gsd-command-name`)
+- **Copilot:** Slash commands (hyphen form, `/gsd-command-name`)
 - **Gemini CLI:** Slash commands under the `gsd:` namespace (colon form, `/gsd:command-name`) — Gemini namespaces all custom commands under their plugin id, so the install path rewrites every body-text reference to colon form
 - **Antigravity:** Skills
 **Total commands:** see [`docs/INVENTORY.md`](INVENTORY.md#commands) for the authoritative count and full roster.
 #### Two-stage hierarchical routing (v1.40, [#2792](https://github.com/gsd-build/get-shit-done/issues/2792))
 To keep the eager skill-listing token cost low, v1.40 introduces six namespace **meta-skills** (`gsd-workflow`, `gsd-project`, `gsd-review`, `gsd-context`, `gsd-manage`, `gsd-ideate` — sourced from `commands/gsd/ns-*.md`, but the invocable `name:` is the bare form shown here) layered above the concrete sub-skills. The model sees 6 namespace routers (~120 tokens) instead of a flat 86-skill listing (~2,150 tokens), selects a namespace, then routes to the concrete sub-skill via a routing table embedded in the namespace router's body. Namespace skills are **additive** — every concrete command is still directly invocable.
 The router descriptions use pipe-separated keyword tags (≤ 60 chars) per the Tool Attention research showing keyword-dense tags outperform prose for routing at ~40 % the token cost.
 #### MCP token-budget interaction
 The eager skill listing is one of two recurring per-turn token costs. The other is the MCP tool schema injected by every enabled MCP server in `.claude/settings.json`. Heavyweight MCP servers (browser/playwright, Mac-tools, Windows-tools) can each cost 20 k+ tokens per turn — often dwarfing what `model_profile` tuning saves. The toggle lives in the Claude Code harness (`enabledMcpjsonServers` / `disabledMcpjsonServers` in `.claude/settings.json`) and is **not** a GSD concern. Together, the two-stage routing layer (#2792) and disciplined MCP enablement are the largest cost levers per turn. See [`docs/USER-GUIDE.md`](USER-GUIDE.md) and `references/context-budget.md` for the audit checklist.
 ### Workflows (`get-shit-done/workflows/*.md`)
 Orchestration logic that commands reference. Contains the step-by-step process including:
@@ -579,7 +590,7 @@ The installer (`bin/install.js`, ~3,000 lines) handles:
  - Augment Code: Skills-first with full skill conversion and config management
 5. **Path normalization** — Replaces `~/.claude/` paths with runtime-specific paths
 6. **Settings integration** — Registers hooks in runtime's `settings.json`
-7. **Patch backup** — Since v1.17, backs up locally modified files to `gsd-local-patches/` for `/gsd-reapply-patches`
+7. **Patch backup** — Since v1.17, backs up locally modified files to `gsd-local-patches/` for `/gsd-update --reapply`
 8. **Manifest tracking** — Writes `gsd-file-manifest.json` for clean uninstall
 9. **Uninstall mode** — `--uninstall` removes all GSD files, hooks, and settings
--- a/docs/CLI-TOOLS.md
+++ b/docs/CLI-TOOLS.md
@@ -250,8 +250,15 @@ node gsd-tools.cjs validate consistency
 # Check .planning/ integrity, optionally repair
 node gsd-tools.cjs validate health [--repair]
 # Probe context-window utilization for status-line / hook callers (v1.40.0)
 node gsd-tools.cjs validate context
 ```
 `validate context` emits a structured envelope with `utilization`, `status`
 (`ok` / `warn` / `critical` at the 60 % / 70 % thresholds), and a
 `suggestion` string. The same data backs `/gsd-health --context`.
 ---
 ## Template Commands
--- a/docs/COMMANDS.md
+++ b/docs/COMMANDS.md
@@ -6,10 +6,29 @@
 ## Command Syntax
- **Claude Code / Gemini / Copilot:** `/gsd-command-name [args]`
+- **Claude Code / Copilot / OpenCode / Kilo:** `/gsd-command-name [args]` (hyphen form)
- **OpenCode / Kilo:** `/gsd-command-name [args]`
+- **Gemini CLI:** `/gsd:command-name [args]` (colon form — Gemini namespaces commands under `gsd:`)
 - **Codex:** `$gsd-command-name [args]`
 The hyphen and colon forms are *runtime-specific spellings of the same command*. Whichever runtime you're on, the installer writes the correct form into your runtime's command directory.
 ---
 ## Namespace Meta-Skills
 Six namespace routers ship as the first-stage entry points in v1.40. They keep the eager skill-listing token cost low (~120 tokens for 6 routers vs ~2,150 for a flat 86-skill listing) while the full surface remains directly invocable. The model selects a namespace, then routes to the concrete sub-skill. See [#2792](https://github.com/gsd-build/get-shit-done/issues/2792).
 | Command | Routes to |
 |---------|-----------|
 | `/gsd-ns-workflow` | Phase pipeline — discuss / plan / execute / verify / phase / progress |
 | `/gsd-ns-project` | Project lifecycle — milestones, audits, summary |
 | `/gsd-ns-review` | Quality gates — code review, debug, audit, security, eval, ui |
 | `/gsd-ns-context` | Codebase intelligence — map, graphify, docs, learnings |
 | `/gsd-ns-manage` | Management — config, workspace, workstreams, thread, update, ship, inbox |
 | `/gsd-ns-ideate` | Exploration & capture — explore, sketch, spike, spec, capture |
 The namespace skills are **additive** — every existing concrete command (e.g. `/gsd-plan-phase`, `/gsd-code-review --fix`) is still invocable directly.
 ---
 ## Core Workflow Commands
@@ -123,6 +142,8 @@ Research, plan, and verify a phase.
 | `--auto` | Skip interactive confirmations |
 | `--research` | Force re-research even if RESEARCH.md exists |
 | `--skip-research` | Skip domain research step |
 | `--research-phase <N>` | Research-only mode: spawn researcher for phase `<N>`, write RESEARCH.md, exit before planner. Replaces the deleted `gsd-research-phase` standalone command (#3042). |
 | `--view` | Research-only modifier: when used with `--research-phase`, print existing RESEARCH.md to stdout and exit (no spawn). |
 | `--gaps` | Gap closure mode (reads VERIFICATION.md, skips research) |
 | `--skip-verify` | Skip plan checker verification loop |
 | `--prd <file>` | Use a PRD file instead of discuss-phase for context |
@@ -134,12 +155,20 @@ Research, plan, and verify a phase.
 **Prerequisites:** `.planning/ROADMAP.md` exists
 **Produces:** `{phase}-RESEARCH.md`, `{phase}-{N}-PLAN.md`, `{phase}-VALIDATION.md`
 **Research-only mode (`--research-phase <N>`):**
 - No modifier: prompts `update / view / skip` if RESEARCH.md already exists.
 - With `--research`: force-refresh — re-spawn researcher unconditionally, no prompt.
 - With `--view`: print existing RESEARCH.md to stdout, no spawn. Errors if RESEARCH.md missing.
 ```bash
-/gsd-plan-phase 1                   # Research + plan + verify phase 1
+/gsd-plan-phase 1                              # Research + plan + verify phase 1
-/gsd-plan-phase 3 --skip-research   # Plan without research (familiar domain)
+/gsd-plan-phase 3 --skip-research              # Plan without research (familiar domain)
-/gsd-plan-phase --auto              # Non-interactive planning
+/gsd-plan-phase --auto                         # Non-interactive planning
-/gsd-plan-phase 2 --validate        # Validate state before planning
+/gsd-plan-phase 2 --validate                   # Validate state before planning
-/gsd-plan-phase 1 --bounce          # Plan + external bounce validation
+/gsd-plan-phase 1 --bounce                     # Plan + external bounce validation
 /gsd-plan-phase --research-phase 4             # Research only on phase 4 (prompts if RESEARCH.md exists)
 /gsd-plan-phase --research-phase 4 --view      # Print existing RESEARCH.md, no spawn
 /gsd-plan-phase --research-phase 4 --research  # Force-refresh research, no prompt
 ```
 ---
@@ -689,15 +718,19 @@ Generate a developer behavioral profile from Claude Code session analysis across
 ### `/gsd-health`
-Validate `.planning/` directory integrity.
+Validate `.planning/` directory integrity. With `--context`, probes the
 context-window utilization guard against the 60 % / 70 % thresholds (added
 v1.40.0, [#2792](https://github.com/gsd-build/get-shit-done/issues/2792)).
 | Flag | Description |
 |------|-------------|
 | `--repair` | Auto-fix recoverable issues |
 | `--context` | Probe context-window utilization; warns at 60 %, critical at 70 % |
 ```bash
 /gsd-health                         # Check integrity
 /gsd-health --repair                # Check and fix
 /gsd-health --context               # Context-utilization triage
 ```
 ### `/gsd-cleanup`
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -16,6 +16,8 @@ GSD stores project settings in `.planning/config.json`. Created during `/gsd-new
  "granularity": "standard",
  "model_profile": "balanced",
  "model_overrides": {},
  "models": {},
  "dynamic_routing": null,
  "planning": {
    "commit_docs": true,
    "search_gitignored": false,
@@ -117,9 +119,14 @@ GSD stores project settings in `.planning/config.json`. Created during `/gsd-new
 | `model_profile` | enum | `quality`, `balanced`, `budget`, `adaptive`, `inherit` | `balanced` | Model tier for each agent (see [Model Profiles](#model-profiles)). `adaptive` was added per [#1713](https://github.com/gsd-build/get-shit-done/issues/1713) / [#1806](https://github.com/gsd-build/get-shit-done/issues/1806) and resolves the same way as the other tiers under runtime-aware profiles. |
 | `runtime` | string | `claude`, `codex`, or any string | (none) | Active runtime for [runtime-aware profile resolution](#runtime-aware-profiles-2517). When set, profile tiers (opus/sonnet/haiku) resolve to runtime-native model IDs. Today only the Codex install path emits per-agent model IDs from this resolver; other runtimes (`opencode`, `gemini`, `qwen`, `copilot`, …) consume the resolver at spawn time and gain dedicated install-path support in [#2612](https://github.com/gsd-build/get-shit-done/issues/2612). When unset (default), behavior is unchanged from prior versions. Added in v1.39 |
 | `model_profile_overrides.<runtime>.<tier>` | string \| object | per-runtime tier override | (none) | Override the runtime-aware tier mapping for a specific `(runtime, tier)`. Tier is one of `opus`, `sonnet`, `haiku`. Value is either a model ID string (e.g. `"gpt-5-pro"`) or `{ model, reasoning_effort }`. See [Runtime-Aware Profiles](#runtime-aware-profiles-2517). Added in v1.39 |
 | `models.<phase_type>` | enum | `opus`, `sonnet`, `haiku`, `inherit` | (none) | Per-phase-type model tier. Six accepted slots: `planning`, `discuss`, `research`, `execution`, `verification`, `completion`. Lets you tune at the phase level ("Opus for planning, Sonnet for the rest") without learning agent names. Resolves between `model_overrides` (higher) and `model_profile` (lower); see [Per-Phase-Type Models](#per-phase-type-models-models--added-in-v140). Added in v1.40 ([#3023](https://github.com/gsd-build/get-shit-done/pull/3030)) |
 | `dynamic_routing.enabled` | boolean | `true`, `false` | `false` | Master switch for [dynamic routing with failure-tier escalation](#dynamic-routing-with-failure-tier-escalation-dynamic_routing--added-in-v140). When `true`, agents resolve to `tier_models[default_tier]` and escalate one tier up on orchestrator-detected soft failure. Added in v1.40 ([#3024](https://github.com/gsd-build/get-shit-done/pull/3031)) |
 | `dynamic_routing.tier_models.<tier>` | enum | `opus`, `sonnet`, `haiku` | (none) | Tier alias for `light`, `standard`, or `heavy`. Used when `dynamic_routing.enabled: true`. Added in v1.40 |
 | `dynamic_routing.escalate_on_failure` | boolean | `true`, `false` | `true` | When `false`, escalation is disabled even if `enabled: true` — every attempt uses the default tier. Added in v1.40 |
 | `dynamic_routing.max_escalations` | integer | `0`, `1`, `2`, … | `1` | Hard cap on retries per agent invocation. Beyond the cap the resolver returns the cap-tier model. Added in v1.40 |
 | `project_code` | string | any short string | (none) | Prefix for phase directory names (e.g., `"ABC"` produces `ABC-01-setup/`). Added in v1.31 |
 | `response_language` | string | language code | (none) | Language for agent responses (e.g., `"pt"`, `"ko"`, `"ja"`). Propagates to all spawned agents for cross-phase language consistency. Added in v1.32 |
-| `context_window` | number | any integer | `200000` | Context window size in tokens. Set `1000000` for 1M-context models (e.g., `claude-opus-4-7[1m]`). Values `>= 500000` enable adaptive context enrichment (full-body reads of prior SUMMARY.md, deeper anti-pattern reads). Configured via `/gsd-settings-advanced`. |
+| `context_window` | number | any integer | `200000` | Context window size in tokens. Set `1000000` for 1M-context models (e.g., `claude-opus-4-7[1m]`). Values `>= 500000` enable adaptive context enrichment (full-body reads of prior SUMMARY.md, deeper anti-pattern reads). Configured via `/gsd-config --advanced`. |
 | `context_profile` | string | `dev`, `research`, `review` | (none) | Execution context preset that applies a pre-configured bundle of mode, model, and workflow settings for the current type of work. Added in v1.34 |
 | `claude_md_path` | string | any file path | `./CLAUDE.md` | Custom output path for the generated CLAUDE.md file. Useful for monorepos or projects that need CLAUDE.md in a non-root location. Defaults to `./CLAUDE.md` at the project root. Added in v1.36 |
 | `claude_md_assembly.mode` | enum | `embed`, `link` | `embed` | Controls how managed sections are written into CLAUDE.md. `embed` (default) inlines content between GSD markers. `link` writes `@.planning/<source-path>` instead — Claude Code expands the reference at runtime, reducing CLAUDE.md size by ~65% on typical projects. `link` only applies to sections that have a real source file; `workflow` and fallback sections always embed. Per-block overrides: `claude_md_assembly.blocks.<section>` (e.g. `claude_md_assembly.blocks.architecture: link`). Added in v1.38 |
@@ -136,7 +143,7 @@ GSD stores project settings in `.planning/config.json`. Created during `/gsd-new
 ## Integration Settings
-Configured interactively via [`/gsd-settings-integrations`](COMMANDS.md#gsd-settings-integrations). These are *connectivity* settings — API keys and cross-tool routing — and are intentionally kept separate from `/gsd-settings` (workflow toggles).
+Configured interactively via [`/gsd-config --integrations`](COMMANDS.md#gsd-config). These are *connectivity* settings — API keys and cross-tool routing — and are intentionally kept separate from `/gsd-settings` (workflow toggles).
 ### Search API keys
@@ -165,7 +172,7 @@ The `<cli>` slug is validated against `[a-zA-Z0-9_-]+`. Empty or path-containing
 ### Agent-skill injection (dynamic)
-`agent_skills.<agent-type>` extends the `agent_skills` map documented below. Slug is validated against `[a-zA-Z0-9_-]+` — no path separators, no whitespace, no shell metacharacters. Configured interactively via `/gsd-settings-integrations`.
+`agent_skills.<agent-type>` extends the `agent_skills` map documented below. Slug is validated against `[a-zA-Z0-9_-]+` — no path separators, no whitespace, no shell metacharacters. Configured interactively via `/gsd-config --integrations`.
 ---
@@ -192,7 +199,7 @@ All workflow toggles follow the **absent = enabled** pattern. If a key is missin
 | `workflow.text_mode` | boolean | `false` | Replaces AskUserQuestion TUI menus with plain-text numbered lists. Required for Claude Code remote sessions (`/rc` mode) where TUI menus don't render. Can also be set per-session with `--text` flag on discuss-phase. Added in v1.28 |
 | `workflow.use_worktrees` | boolean | `true` | When `false`, disables git worktree isolation for parallel execution. Users who prefer sequential execution or whose environment does not support worktrees can disable this. Added in v1.31 |
 | `workflow.worktree_skip_hooks` | boolean | `false` | When `true`, executor agents in worktree mode pass `--no-verify` (skipping pre-commit hooks) and post-wave hook validation runs against the merged result instead. Opt-in escape hatch for projects whose hooks cannot run in agent worktrees. Default `false` runs hooks on every commit (#2924). |
-| `workflow.code_review` | boolean | `true` | Enable `/gsd-code-review` and `/gsd-code-review-fix` commands. When `false`, the commands exit with a configuration gate message. Added in v1.34 |
+| `workflow.code_review` | boolean | `true` | Enable `/gsd-code-review` and `/gsd-code-review --fix` commands. When `false`, the commands exit with a configuration gate message. Added in v1.34 |
 | `workflow.code_review_depth` | string | `standard` | Default review depth for `/gsd-code-review`: `quick` (pattern-matching only), `standard` (per-file analysis), or `deep` (cross-file with import graphs). Can be overridden per-run with `--depth=`. Added in v1.34 |
 | `workflow.plan_bounce` | boolean | `false` | Run external validation script against generated plans. When enabled, the plan-phase orchestrator pipes each PLAN.md through the script specified by `plan_bounce_script` and blocks on non-zero exit. Added in v1.36 |
 | `workflow.plan_bounce_script` | string | (none) | Path to the external script invoked for plan bounce validation. Receives the PLAN.md path as its first argument. Required when `plan_bounce` is `true`. Added in v1.36 |
@@ -385,6 +392,21 @@ The `features.*` namespace is a dynamic key pattern — new feature flags can be
 ---
 ## STATE.md Frontmatter (Phase Lifecycle)
 `STATE.md` carries YAML frontmatter that the status-line hook reads on every render. v1.40 adds four optional phase-lifecycle fields read by `parseStateMd()` and rendered by `formatGsdState()`:
 | Field | Type | Purpose |
 |-------|------|---------|
 | `active_phase` | string (e.g. `"4.5"`) | Phase number when an orchestrator command is in flight |
 | `next_action` | string | Recommended next command when idle (`discuss-phase` / `plan-phase` / `execute-phase` / `verify-phase`) |
 | `next_phases` | YAML flow array | Phases the `next_action` applies to (e.g. `["4.5"]`) |
 | `progress` | block | Nested `total_phases` / `completed_phases` / `percent` for the milestone progress bar |
 All four fields are **optional and additive** — STATE.md files without them keep rendering exactly as in v1.38.x. See [`STATE-MD-LIFECYCLE.md`](STATE-MD-LIFECYCLE.md) for the full field reference, parser constraints, and rendering scenes.
 ---
 ## Git Branching
 | Setting | Type | Default | Description |
@@ -643,6 +665,169 @@ OpenCode's `task` interface do not accept an inline `model` parameter, so
 running `gsd install <runtime>` after editing `model_overrides` is required
 for the change to take effect. See issue #2256.
 ### Per-Phase-Type Models (`models`) — added in v1.40
 > Express tuning at the **phase** level (planning, research, execution, verification) without learning the agent taxonomy. Added in [#3023](https://github.com/gsd-build/get-shit-done/pull/3030).
 `model_overrides` is per-**agent** (precise but verbose; you have to know that `gsd-codebase-mapper` is research and `gsd-doc-writer` is execution). The `models` block lets you say "Opus for planning and execution, Sonnet for the rest" in two lines:
 ```json
 {
  "model_profile": "balanced",
  "models": {
    "planning": "opus",
    "discuss": "opus",
    "research": "sonnet",
    "execution": "opus",
    "verification": "sonnet",
    "completion": "sonnet"
  },
  "model_overrides": {
    "gsd-codebase-mapper": "haiku"
  }
 }
 ```
 #### Phase-type → agent mapping
 | Phase type | Agents |
 |---|---|
 | `planning` | `gsd-planner`, `gsd-roadmapper`, `gsd-pattern-mapper` |
 | `discuss` | (reserved — no subagent today) |
 | `research` | `gsd-phase-researcher`, `gsd-project-researcher`, `gsd-research-synthesizer`, `gsd-codebase-mapper`, `gsd-ui-researcher` |
 | `execution` | `gsd-executor`, `gsd-debugger`, `gsd-doc-writer` |
 | `verification` | `gsd-verifier`, `gsd-plan-checker`, `gsd-integration-checker`, `gsd-nyquist-auditor`, `gsd-ui-checker`, `gsd-ui-auditor`, `gsd-doc-verifier` |
 | `completion` | (reserved — no subagent today) |
 `discuss` and `completion` are accepted by the schema for forward compatibility; setting them today is a no-op until a subagent maps to them.
 #### Resolution precedence (highest → lowest)
 ```text
 1. model_overrides[<agent>]              ← per-agent; full IDs; targeted exception
 2. dynamic_routing.tier_models[<tier>]   ← when enabled (see §Dynamic Routing)
 3. models[<phase_type>]                  ← coarse phase-level tier (this section)
 4. model_profile (per-agent col)         ← global tier strategy
 5. Runtime default                       ← when nothing else applies
 ```
 The five layers compose top-down: `model_profile` is the base tier, `models[<phase_type>]` overrides at the phase level, `dynamic_routing` (when enabled) escalates per-attempt on soft failure, `model_overrides[<agent>]` carves per-agent exceptions at the top, and the runtime default applies when nothing else does. In the example above, all five research agents resolve to `sonnet` *except* `gsd-codebase-mapper`, which the per-agent override pins to `haiku`. `dynamic_routing` is disabled by default — when off (`enabled: false` or block omitted), this section's behavior is unchanged from today.
 #### Accepted values
 `models.<phase_type>` accepts only tier aliases:
 | Value | Effect |
 |---|---|
 | `"opus"` / `"sonnet"` / `"haiku"` | Standard tier — runtime resolution maps to the active runtime's model for that tier |
 | `"inherit"` | Agents in this phase follow the session model (same semantics as `model_profile: "inherit"`) |
 If you need a fully-qualified model ID (`"openai/gpt-5"`, `"google/gemini-2.5-pro"`), use `model_overrides` per agent instead. `models.*` is intentionally tier-only so the runtime-aware mapping stays correct on Codex / OpenCode / Gemini CLI installs.
 #### When to use which
 | You want | Use |
 |---|---|
 | One global tier strategy ("balanced everywhere") | `model_profile` |
 | Coarse phase-level tuning ("Opus for planning") | `models.<phase_type>` |
 | Per-agent precision ("force haiku on the codebase mapper") | `model_overrides[<agent>]` |
 | Full model ID for a specific agent | `model_overrides[<agent>]: "openai/gpt-5"` |
 Mix freely — the precedence rule above resolves any overlap deterministically.
 #### Validation
 `config-set` rejects unknown phase-types:
 ```bash
 $ gsd config-set models.deployment opus
 Error: 'models.deployment' is not a valid config key
 # Valid:
 $ gsd config-set models.research sonnet
 ```
 Direct edits to `.planning/config.json` are looser — the resolver simply ignores values it doesn't recognize and falls through to the profile tier — so a typo doesn't silently break tier resolution.
 ### Dynamic Routing with Failure-Tier Escalation (`dynamic_routing`) — added in v1.40
 > Start cheap, escalate only when the agent fails the gate. Added in [#3024](https://github.com/gsd-build/get-shit-done/pull/3031).
 `dynamic_routing` lets you pay for the cheap tier by default and only escalate to the more expensive tier when the orchestrator detects a soft failure (verification inconclusive, plan-check FLAG, etc.).
 ```json
 {
  "dynamic_routing": {
    "enabled": true,
    "tier_models": {
      "light":    "haiku",
      "standard": "sonnet",
      "heavy":    "opus"
    },
    "escalate_on_failure": true,
    "max_escalations": 1
  }
 }
 ```
 #### Agent default tiers
 Each agent in `MODEL_PROFILES` declares one of three default tiers. The resolver picks `tier_models[default_tier]` for the first attempt.
 | Tier | Agents | Use case |
 |---|---|---|
 | `light` | gsd-codebase-mapper, gsd-pattern-mapper, gsd-research-synthesizer, gsd-plan-checker, gsd-integration-checker, gsd-nyquist-auditor, gsd-ui-checker, gsd-ui-auditor, gsd-doc-verifier | Cheap/fast — pure mappers, scanners, low-stakes audits |
 | `standard` | gsd-executor, gsd-phase-researcher, gsd-project-researcher, gsd-verifier, gsd-doc-writer, gsd-ui-researcher | Default workhorse — research, writing, primary verification |
 | `heavy` | gsd-planner, gsd-roadmapper, gsd-debugger | Deep reasoning — already at top, can't escalate further |
 #### Escalation flow
 ```text
 1. Orchestrator spawns agent → resolver returns tier_models[default_tier]
 2. Soft failure?
   ├─ no → ✓ done (cheap path)
   └─ yes → orchestrator re-spawns at attempt+1
            → resolver returns tier_models[next_tier_up]
            → cap at max_escalations
 3. Hard failure (exception/crash) → bypass escalation, surface immediately
 ```
 If `dynamic_routing.escalate_on_failure: false`, soft failures do **not** advance the tier — every respawn keeps using `tier_models[default_tier]` regardless of the attempt counter. The kill-switch overrides the soft-failure branch above.
 `light → standard → heavy → heavy` (heavy stays at heavy; can't go further).
 #### Resolution precedence (highest → lowest)
 1. **`model_overrides[<agent>]`** — full IDs accepted; targeted exception
 2. **`dynamic_routing.tier_models[<tier>]`** (when `enabled: true`)
 3. **`models[<phase_type>]`** — coarse phase-level (#3023)
 4. **`model_profile`** — per-agent column from active profile
 5. **Runtime default**
 The `dynamic_routing` block is **disabled by default** — `enabled: false` (or omitting the block) preserves today's static resolution exactly.
 #### Settings
 | Key | Type | Default | Description |
 |---|---|---|---|
 | `dynamic_routing.enabled` | boolean | `false` | Master switch. When `true`, the dynamic-routing resolver is used for tier selection. |
 | `dynamic_routing.tier_models.light` | enum | (none) | Tier alias for the light tier. Typically `haiku`. |
 | `dynamic_routing.tier_models.standard` | enum | (none) | Tier alias for standard. Typically `sonnet`. |
 | `dynamic_routing.tier_models.heavy` | enum | (none) | Tier alias for heavy. Typically `opus`. |
 | `dynamic_routing.escalate_on_failure` | boolean | `true` | When false, escalation is disabled (every attempt uses the default tier). |
 | `dynamic_routing.max_escalations` | integer | `1` | Hard cap on retries per agent invocation. Prevents runaway loops. |
 #### When to use which
 | You want | Use |
 |---|---|
 | One tier strategy across all agents | `model_profile` |
 | Coarse phase-level tuning | `models.<phase_type>` |
 | Per-agent precision (full IDs) | `model_overrides` |
 | **Cheap-by-default, escalate only on failure** | **`dynamic_routing`** |
 `dynamic_routing` is structurally a *cost lever*: you pay Opus rates only for the hard cases that warrant Opus. Compose with `model_overrides` for per-agent exceptions (override always wins).
 ### Non-Claude Runtimes (Codex, OpenCode, Gemini CLI, Kilo)
 When GSD is installed for a non-Claude runtime, the installer automatically sets `resolve_model_ids: "omit"` in `~/.gsd/defaults.json`. This causes GSD to return an empty model parameter for all agents, so each agent uses whatever model the runtime is configured with. No additional setup is needed for the default case.
--- a/docs/FEATURES.md
+++ b/docs/FEATURES.md
@@ -144,6 +144,11 @@
  - [Agent Size-Budget Enforcement](#119-agent-size-budget-enforcement)
  - [Shared Boilerplate Extraction](#120-shared-boilerplate-extraction)
  - [Knowledge Graph Integration](#121-knowledge-graph-integration)
 - [v1.40.0 Features](#v1400-features)
  - [Skill Surface Consolidation](#122-skill-surface-consolidation)
  - [Namespace Meta-Skills (Two-Stage Routing)](#123-namespace-meta-skills-two-stage-routing)
  - [Context-Window Utilization Guard](#124-context-window-utilization-guard)
  - [Phase-Lifecycle Status-Line Read-Side](#125-phase-lifecycle-status-line-read-side)
 - [v1.32 Features](#v132-features)
  - [STATE.md Consistency Gates](#69-statemd-consistency-gates)
  - [Autonomous `--to N` Flag](#70-autonomous---to-n-flag)
@@ -449,7 +454,6 @@
 - REQ-MILE-08: New milestone MUST follow same flow as new-project (questions → research → requirements → roadmap)
 - REQ-MILE-09: New milestone MUST NOT reset existing workflow configuration
 **Gap Closure:** `/gsd-plan-milestone-gaps` creates phases to close gaps identified by audit.
 ---
@@ -865,7 +869,7 @@ continues. Drift detection cannot fail verification.
 ### 29. Todo Management
-**Commands:** `/gsd-add-todo [desc]`, `/gsd-check-todos`
+**Commands:** `/gsd-add-todo [desc]`, `/gsd-capture --list`
 **Purpose:** Capture ideas and tasks during sessions for later work.
@@ -902,7 +906,7 @@ continues. Drift detection cannot fail verification.
 - REQ-UPDATE-02: System MUST display changelog for new version before updating
 - REQ-UPDATE-03: System MUST be runtime-aware and target the correct directory
 - REQ-UPDATE-04: System MUST back up locally modified files to `gsd-local-patches/`
- REQ-UPDATE-05: `/gsd-reapply-patches` MUST restore local modifications after update
+- REQ-UPDATE-05: `/gsd-update --reapply` MUST restore local modifications after update
 ---
@@ -923,6 +927,8 @@ continues. Drift detection cannot fail verification.
 | `mode` | enum | `interactive` | `interactive` or `yolo` (auto-approve) |
 | `granularity` | enum | `standard` | `coarse`, `standard`, or `fine` |
 | `model_profile` | enum | `balanced` | `quality`, `balanced`, `budget`, or `inherit` |
 | `models.<phase_type>` | enum | (none) | Per-phase-type tier override (`planning`, `discuss`, `research`, `execution`, `verification`, `completion`). Values: `opus`, `sonnet`, `haiku`, `inherit`. Coarse phase-level tuning that wins over `model_profile` but loses to per-agent `model_overrides`. See [CONFIGURATION.md](CONFIGURATION.md#per-phase-type-models-models--added-in-v140). Added in v1.40 |
 | `dynamic_routing.enabled` | boolean | `false` | Master switch for failure-tier escalation. When `true`, agents resolve to `tier_models[default_tier]` and escalate one tier on orchestrator-detected soft failure. Capped by `max_escalations`. See [CONFIGURATION.md](CONFIGURATION.md#dynamic-routing-with-failure-tier-escalation-dynamic_routing--added-in-v140). Added in v1.40 |
 | `workflow.research` | boolean | `true` | Domain research before planning |
 | `workflow.plan_check` | boolean | `true` | Plan verification loop |
 | `workflow.verifier` | boolean | `true` | Post-execution verification |
@@ -1030,14 +1036,25 @@ fix(03-01): correct auth token expiry
 - REQ-HOOK-05: All hooks MUST include 3-second stdin timeout guard
 - REQ-HOOK-06: All hooks MUST fail silently on any error
 - REQ-HOOK-07: Context usage MUST normalize for autocompact buffer (16.5% reserved)
 - REQ-HOOK-08: Update banner MUST be opt-in and silent unless an update is available (PR #2795)
 **Statusline Display:**
-```
+```text
 [⬆ /gsd-update │] model │ [current task │] directory [█████░░░░░ 50%]
 ```
 Color coding: <50% green, <65% yellow, <80% orange, ≥80% red with skull emoji
 **Update Banner (opt-in, when GSD statusline isn't used):**
 When the user declines (or keeps a non-GSD) statusline, the installer offers a SessionStart banner that surfaces update availability without occupying statusline real estate. The banner reads `~/.cache/gsd/gsd-update-check.json` (written by `gsd-check-update-worker.js`) and emits one line only when an update is available:
 ```text
 GSD update available: 1.39.0 → 1.40.0. Run /gsd-update.
 ```
 The banner is silent when up-to-date and rate-limits "check failed" diagnostics to once per 24 hours. Removed cleanly by `npx get-shit-done-cc --uninstall` or by deleting the SessionStart entry that references `gsd-update-banner.js`.
 ### 38. Developer Profiling
 **Command:** `/gsd-profile-user [--questionnaire] [--refresh]`
@@ -1617,7 +1634,7 @@ Test suite that scans all agent, workflow, and command files for embedded inject
 ### 65. Claim Provenance Tagging
-**Part of:** `/gsd-research-phase`
+**Part of:** `/gsd-plan-phase --research-phase <N>`
 **Purpose:** Ensure research claims are tagged with source evidence and assumptions are logged separately.
@@ -2108,7 +2125,7 @@ Test suite that scans all agent, workflow, and command files for embedded inject
 ### 93. Code Review Pipeline
-**Commands:** `/gsd-code-review`, `/gsd-code-review-fix`
+**Commands:** `/gsd-code-review`, `/gsd-code-review --fix`
 **Purpose:** Structured review of source files changed during a phase, with a separate auto-fix pass that commits each fix atomically.
@@ -2116,7 +2133,7 @@ Test suite that scans all agent, workflow, and command files for embedded inject
 - REQ-REVIEW-01: `gsd-code-review` MUST scope files to the phase using SUMMARY.md and git diff fallback
 - REQ-REVIEW-02: Review MUST support three depth levels: `quick`, `standard`, `deep`
 - REQ-REVIEW-03: Findings MUST be severity-classified: Critical, Warning, Info
- REQ-REVIEW-04: `gsd-code-review-fix` MUST read REVIEW.md and fix Critical + Warning findings by default
+- REQ-REVIEW-04: `gsd-code-review --fix` MUST read REVIEW.md and fix Critical + Warning findings by default
 - REQ-REVIEW-05: Each fix MUST be committed atomically with a descriptive message
 - REQ-REVIEW-06: `--auto` flag MUST enable fix + re-review iteration loop, capped at 3 iterations
 - REQ-REVIEW-07: Feature MUST be gated by `workflow.code_review` config flag
@@ -2255,7 +2272,7 @@ Test suite that scans all agent, workflow, and command files for embedded inject
 ### 103. Post-Merge Hunk Verification
-**Command:** `/gsd-reapply-patches`
+**Command:** `/gsd-update --reapply`
 **Purpose:** After applying local patches post-update, verify that all hunks were actually applied by comparing the expected patch content against the live filesystem. Surface any dropped or partial hunks immediately rather than silently accepting incomplete merges.
@@ -2600,3 +2617,83 @@ Users who run a memory / knowledge-base MCP server (for example, ExoCortex-style
 **Configuration:** `graphify.enabled`, `graphify.build_timeout`
 **Reference files:** `commands/gsd/graphify.md`, `bin/lib/graphify.cjs`
 ---
 ## v1.40.0 Features
 ### 122. Skill Surface Consolidation
 **Purpose:** Cut the eager skill-listing overhead by folding 31 micro-skills into 4 new grouped parents and 6 existing parents that absorb sub-operations as flags. Zero functional loss — every removed micro-skill's behavior survives via a flag on a consolidated parent. After consolidation, `commands/gsd/*.md` ships 59 sub-skills (plus 6 namespace meta-skills, see #123).
 **Requirements:**
 - REQ-CONSOLIDATE-01: Four new grouped skills replace clusters of micro-skills:
  - `/gsd-capture` — folds add-todo (default), note (`--note`), add-backlog (`--backlog`), plant-seed (`--seed`), check-todos (`--list`)
  - `/gsd-phase` — folds add-phase (default), insert-phase (`--insert`), remove-phase (`--remove`), edit-phase (`--edit`)
  - `/gsd-config` — folds settings-advanced (`--advanced`), settings-integrations (`--integrations`), set-profile (`--profile`)
  - `/gsd-workspace` — folds new-workspace (`--new`), list-workspaces (`--list`), remove-workspace (`--remove`)
 - REQ-CONSOLIDATE-02: Six existing parents absorb wrap-up / sub-operations as flags: `/gsd-update --sync`, `/gsd-update --reapply`, `/gsd-sketch --wrap-up`, `/gsd-spike --wrap-up`, `/gsd-map-codebase --fast`, `/gsd-map-codebase --query`, `/gsd-code-review --fix`, `/gsd-progress --do`, `/gsd-progress --next`.
 - REQ-CONSOLIDATE-03: Deleted micro-skill slash forms (the bare `gsd-add-todo`, `gsd-add-backlog`, `gsd-plant-seed`, `gsd-check-todos`, `gsd-add-phase`, `gsd-insert-phase`, `gsd-remove-phase`, `gsd-edit-phase`, `gsd-new-workspace`, `gsd-list-workspaces`, `gsd-remove-workspace`, `gsd-settings-advanced`, `gsd-settings-integrations`, `gsd-set-profile`, `gsd-sketch-wrap-up`, `gsd-spike-wrap-up`, `gsd-reapply-patches`, `gsd-code-review-fix`, …) MUST resolve to "Unknown command" — no shadow stubs.
 - REQ-CONSOLIDATE-04: `autonomous.md` invokes `/gsd-code-review --fix` (was previously calling the deleted `gsd-code-review-fix`).
 **Reference issue:** [#2790](https://github.com/gsd-build/get-shit-done/issues/2790)
 ---
 ### 123. Namespace Meta-Skills (Two-Stage Routing)
 **Purpose:** Replace the flat eager skill listing with a two-stage hierarchical routing layer. The model sees 6 namespace routers instead of 86 entries, selects a namespace, then routes to the sub-skill. Descriptions use pipe-separated keyword tags (≤ 60 chars) for routing density.
 **Commands:**
 - `/gsd-ns-workflow` — phase pipeline router (discuss / plan / execute / verify / phase / progress)
 - `/gsd-ns-project` — project lifecycle (milestones, audits, summary)
 - `/gsd-ns-review` — quality gates (code review, debug, audit, security, eval, ui)
 - `/gsd-ns-context` — codebase intelligence (map, graphify, docs, learnings)
 - `/gsd-ns-manage` — config / workspace / workstreams / thread / update / ship / inbox
 - `/gsd-ns-ideate` — exploration & capture (explore, sketch, spike, spec, capture)
 **Token cost:**
 | | Entries | Approx tokens |
 |---|---|---|
 | Pre-1.40 full install | 86 | ~2,150 |
 | Namespace meta-skills | 6 | ~120 |
 **Requirements:**
 - REQ-NS-01: Six `commands/gsd/ns-*.md` namespace routers ship with pipe-separated keyword-tag descriptions (≤ 60 chars).
 - REQ-NS-02: Existing sub-skills are unchanged and still invocable directly — namespace skills are additive, not a replacement for direct slash forms.
 - REQ-NS-03: The body of each namespace router contains a routing table that maps user intent to the correct concrete sub-skill on the post-#2790 consolidated surface.
 **Reference issue:** [#2792](https://github.com/gsd-build/get-shit-done/issues/2792)
 ---
 ### 124. Context-Window Utilization Guard
 **Command:** `/gsd-health --context`
 **Purpose:** Quality guard against context-window saturation. Two thresholds: 60 % utilization warns ("consider `/gsd-thread`"), 70 % is critical ("reasoning quality may degrade"; matches the fracture-point per recent context-attention research).
 **Requirements:**
 - REQ-CTX-GUARD-01: `/gsd-health --context` prints a structured status line with current utilization, threshold tier (`ok` / `warn` / `critical`), and a remediation suggestion.
 - REQ-CTX-GUARD-02: The same triage is exposed as `gsd-sdk query validate.context --tokens-used <int> --context-window <int>` — a structured envelope for status-line and hook callers (#125). Both flags are required; the handler returns the same `{ percent, state }` envelope as the pure classifier in REQ-CTX-GUARD-03.
 - REQ-CTX-GUARD-03: The classifier (`bin/lib/context-utilization.cjs`) is pure: input `(tokensUsed, contextWindow)`, output `{ percent, state }`. Easy to unit-test, easy to reuse from any caller.
 **Reference issue:** [#2792](https://github.com/gsd-build/get-shit-done/issues/2792)
 ---
 ### 125. Phase-Lifecycle Status-Line Read-Side
 **Purpose:** Surface phase orchestration state on the status-line. `parseStateMd()` reads four new STATE.md frontmatter fields and `formatGsdState()` renders in-flight, idle, and progress scenes. Write-side wiring follows in a later RC.
 **Requirements:**
 - REQ-LIFECYCLE-01: `parseStateMd()` reads four optional fields:
  - `active_phase` — phase number when an orchestrator is in flight
  - `next_action` — recommended next command when idle
  - `next_phases` — YAML flow array of next phase numbers
  - `progress` — nested `total_phases` / `completed_phases` / `percent` block
 - REQ-LIFECYCLE-02: `formatGsdState()` checks the lifecycle fields in priority order and emits the first matching scene (Phase active → Idle next-recommended → Milestone complete → Default fallback).
 - REQ-LIFECYCLE-03: All four fields default to undefined; existing STATE.md files render byte-for-byte identically.
 **Reference issue:** [#2833](https://github.com/gsd-build/get-shit-done/issues/2833) — see [`docs/STATE-MD-LIFECYCLE.md`](STATE-MD-LIFECYCLE.md) for the full field reference and rendering rules.
--- a/docs/INVENTORY-MANIFEST.json
+++ b/docs/INVENTORY-MANIFEST.json
@@ -1,5 +1,5 @@
 {
-  "generated": "2026-04-30",
+  "generated": "2026-05-03",
  "families": {
    "agents": [
      "gsd-advisor-researcher",
@@ -163,7 +163,6 @@
      "reapply-patches.md",
      "remove-phase.md",
      "remove-workspace.md",
      "research-phase.md",
      "resume-project.md",
      "review.md",
      "scan.md",
@@ -296,6 +295,7 @@
      "gsd-read-injection-scanner.js",
      "gsd-session-state.sh",
      "gsd-statusline.js",
      "gsd-update-banner.js",
      "gsd-validate-commit.sh",
      "gsd-workflow-guard.js"
    ]
--- a/docs/INVENTORY.md
+++ b/docs/INVENTORY.md
@@ -40,7 +40,7 @@ Full roster at `agents/gsd-*.md`. The "Primary doc" column flags whether [`docs/
 | gsd-pattern-mapper | Maps new files to closest existing analogs; writes PATTERNS.md for the planner. | `/gsd-plan-phase` (between research and planning) | advanced stub |
 | gsd-debug-session-manager | Runs the full `/gsd-debug` checkpoint-and-continuation loop in isolated context so main stays lean. | `/gsd-debug` | advanced stub |
 | gsd-code-reviewer | Reviews source files for bugs, security issues, and code-quality problems; produces REVIEW.md. | `/gsd-code-review` | advanced stub |
-| gsd-code-fixer | Applies fixes to REVIEW.md findings with atomic per-fix commits; produces REVIEW-FIX.md. | `/gsd-code-review-fix` | advanced stub |
+| gsd-code-fixer | Applies fixes to REVIEW.md findings with atomic per-fix commits; produces REVIEW-FIX.md. | `/gsd-code-review --fix` | advanced stub |
 | gsd-ai-researcher | Researches a chosen AI framework's official docs into implementation-ready guidance (AI-SPEC.md §3–§4b). | `/gsd-ai-integration-phase` | advanced stub |
 | gsd-domain-researcher | Surfaces domain-expert evaluation criteria and failure modes for an AI system (AI-SPEC.md §1b). | `/gsd-ai-integration-phase` | advanced stub |
 | gsd-eval-planner | Designs structured evaluation strategy for an AI phase (AI-SPEC.md §5–§7). | `/gsd-ai-integration-phase` | advanced stub |
@@ -162,13 +162,13 @@ These six routers are descriptor-only entries that the model picks first; the bo
 ---
-## Workflows (85 shipped)
+## Workflows (84 shipped)
 Full roster at `get-shit-done/workflows/*.md`. Workflows are thin orchestrators that commands reference internally; most are not read directly by end users. Rows below map each workflow file to its role (derived from the `<purpose>` block) and, where applicable, to the command that invokes it.
 | Workflow | Role | Invoked by |
 |----------|------|------------|
-| `add-phase.md` | Add a new integer phase to the end of the current milestone in the roadmap. | `/gsd-add-phase` |
+| `add-phase.md` | Add a new integer phase to the end of the current milestone in the roadmap. | `/gsd-phase` (default) |
 | `add-tests.md` | Generate unit and E2E tests for a completed phase based on its artifacts. | `/gsd-add-tests` |
 | `add-todo.md` | Capture an idea or task that surfaces during a session as a structured todo. | `/gsd-capture` (default), `/gsd-capture --backlog` |
 | `ai-integration-phase.md` | Orchestrate framework selection → AI research → domain research → eval planning into AI-SPEC.md. | `/gsd-ai-integration-phase` |
@@ -179,7 +179,7 @@ Full roster at `get-shit-done/workflows/*.md`. Workflows are thin orchestrators
 | `autonomous.md` | Drive milestone phases autonomously — all remaining, a range, or a single phase. | `/gsd-autonomous` |
 | `check-todos.md` | List pending todos, allow selection, load context, and route to the appropriate action. | `/gsd-capture --list` |
 | `cleanup.md` | Archive accumulated phase directories from completed milestones. | `/gsd-cleanup` |
-| `code-review-fix.md` | Auto-fix issues from REVIEW.md via gsd-code-fixer with per-fix atomic commits. | `/gsd-code-review-fix` |
+| `code-review-fix.md` | Auto-fix issues from REVIEW.md via gsd-code-fixer with per-fix atomic commits. | `/gsd-code-review --fix` |
 | `code-review.md` | Review phase source changes via gsd-code-reviewer; produces REVIEW.md. | `/gsd-code-review` |
 | `complete-milestone.md` | Mark a shipped version as complete — MILESTONES.md entry, PROJECT.md evolution, tag. | `/gsd-complete-milestone` |
 | `diagnose-issues.md` | Orchestrate parallel debug agents to investigate UAT gaps and find root causes. | `/gsd-verify-work` (auto-diagnosis) |
@@ -203,20 +203,19 @@ Full roster at `get-shit-done/workflows/*.md`. Workflows are thin orchestrators
 | `import.md` | Ingest external plans with conflict detection against existing project decisions. | `/gsd-import` |
 | `inbox.md` | Triage open GitHub issues and PRs against project contribution templates. | `/gsd-inbox` |
 | `ingest-docs.md` | Scan a repo for mixed planning docs; classify, synthesize, and bootstrap or merge into `.planning/` with a conflicts report. | `/gsd-ingest-docs` |
-| `insert-phase.md` | Insert a decimal phase for urgent work discovered mid-milestone. | `/gsd-insert-phase` |
+| `insert-phase.md` | Insert a decimal phase for urgent work discovered mid-milestone. | `/gsd-phase --insert` |
 | `list-phase-assumptions.md` | Surface Claude's assumptions about a phase before planning. | `/gsd-list-phase-assumptions` |
-| `list-workspaces.md` | List all GSD workspaces found in `~/gsd-workspaces/` with their status. | `/gsd-list-workspaces` |
+| `list-workspaces.md` | List all GSD workspaces found in `~/gsd-workspaces/` with their status. | `/gsd-workspace --list` |
 | `manager.md` | Interactive milestone command center — dashboard, inline discuss, background plan/execute. | `/gsd-manager` |
 | `map-codebase.md` | Orchestrate parallel codebase mapper agents to produce `.planning/codebase/` docs. | `/gsd-map-codebase` |
 | `milestone-summary.md` | Milestone summary synthesis — onboarding and review artifact from milestone artifacts. | `/gsd-milestone-summary` |
 | `new-milestone.md` | Start a new milestone cycle — load project context, gather goals, update PROJECT.md/STATE.md. | `/gsd-new-milestone` |
 | `new-project.md` | Unified new-project flow — questioning, research (optional), requirements, roadmap. | `/gsd-new-project` |
-| `new-workspace.md` | Create an isolated workspace with repo worktrees/clones and an independent `.planning/`. | `/gsd-new-workspace` |
+| `new-workspace.md` | Create an isolated workspace with repo worktrees/clones and an independent `.planning/`. | `/gsd-workspace --new` |
 | `next.md` | Detect current project state and automatically advance to the next logical step. | `/gsd-progress --next` |
 | `node-repair.md` | Autonomous repair operator for failed task verification; invoked by `execute-plan`. | `execute-plan.md` (recovery) |
 | `note.md` | Zero-friction idea capture — one Write call, one confirmation line. | `/gsd-capture --note` |
 | `pause-work.md` | Create structured `.planning/HANDOFF.json` and `.continue-here.md` handoff files. | `/gsd-pause-work` |
 | `plan-milestone-gaps.md` | Create all phases necessary to close gaps identified by `/gsd-audit-milestone`. | `/gsd-plan-milestone-gaps` |
 | `plan-phase.md` | Create executable PLAN.md files with integrated research and verification loop. | `/gsd-plan-phase`, `/gsd-quick` |
 | `plan-review-convergence.md` | Cross-AI plan convergence loop — replan with review feedback until no HIGH concerns remain. | `/gsd-plan-review-convergence` |
 | `plant-seed.md` | Capture a forward-looking idea as a structured seed file with trigger conditions. | `/gsd-capture --seed` |
@@ -224,24 +223,23 @@ Full roster at `get-shit-done/workflows/*.md`. Workflows are thin orchestrators
 | `profile-user.md` | Orchestrate the full developer profiling flow — consent, session scan, profile generation. | `/gsd-profile-user` |
 | `progress.md` | Progress rendering — project context, position, and next-action routing. | `/gsd-progress` |
 | `quick.md` | Quick-task execution with GSD guarantees (atomic commits, state tracking). | `/gsd-quick` |
-| `reapply-patches.md` | Reapply local modifications after a GSD update. | `/gsd-reapply-patches` |
+| `reapply-patches.md` | Reapply local modifications after a GSD update. | `/gsd-update --reapply` |
-| `remove-phase.md` | Remove a future phase from the roadmap and renumber subsequent phases. | `/gsd-remove-phase` |
+| `remove-phase.md` | Remove a future phase from the roadmap and renumber subsequent phases. | `/gsd-phase --remove` |
-| `remove-workspace.md` | Remove a GSD workspace and clean up worktrees. | `/gsd-remove-workspace` |
+| `remove-workspace.md` | Remove a GSD workspace and clean up worktrees. | `/gsd-workspace --remove` |
 | `research-phase.md` | Standalone phase research workflow (usually invoked via `plan-phase`). | `/gsd-research-phase` |
 | `resume-project.md` | Resume work — restore full context from STATE.md, HANDOFF.json, and artifacts. | `/gsd-resume-work` |
 | `review.md` | Cross-AI plan review via external CLIs; produces REVIEWS.md. | `/gsd-review` |
 | `scan.md` | Rapid single-focus codebase scan — lightweight alternative to map-codebase. | `/gsd-scan` |
 | `secure-phase.md` | Retroactive threat-mitigation audit for a completed phase. | `/gsd-secure-phase` |
 | `session-report.md` | Session report — token usage, work summary, outcomes. | `/gsd-session-report` |
-| `settings.md` | Configure GSD workflow toggles and model profile. | `/gsd-settings`, `/gsd-set-profile` |
+| `settings.md` | Configure GSD workflow toggles and model profile. | `/gsd-settings`, `/gsd-config --profile` |
-| `settings-advanced.md` | Configure GSD power-user knobs — plan bounce, timeouts, branch templates, cross-AI execution, runtime knobs. | `/gsd-settings-advanced` |
+| `settings-advanced.md` | Configure GSD power-user knobs — plan bounce, timeouts, branch templates, cross-AI execution, runtime knobs. | `/gsd-config --advanced` |
-| `settings-integrations.md` | Configure third-party API keys (Brave/Firecrawl/Exa), `review.models.<cli>` CLI routing, and `agent_skills.<agent-type>` injection with masked (`****<last-4>`) display. | `/gsd-settings-integrations` |
+| `settings-integrations.md` | Configure third-party API keys (Brave/Firecrawl/Exa), `review.models.<cli>` CLI routing, and `agent_skills.<agent-type>` injection with masked (`****<last-4>`) display. | `/gsd-config --integrations` |
 | `ship.md` | Create PR, run review, and prepare for merge after verification. | `/gsd-ship` |
 | `sketch.md` | Explore design directions through throwaway HTML mockups with 2-3 variants per sketch. | `/gsd-sketch` |
-| `sketch-wrap-up.md` | Curate sketch findings and package them as a persistent `sketch-findings-[project]` skill. | `/gsd-sketch-wrap-up` |
+| `sketch-wrap-up.md` | Curate sketch findings and package them as a persistent `sketch-findings-[project]` skill. | `/gsd-sketch --wrap-up` |
 | `spec-phase.md` | Socratic spec refinement with ambiguity scoring; produces SPEC.md. | `/gsd-spec-phase` |
 | `spike.md` | Rapid feasibility validation through focused, throwaway experiments. | `/gsd-spike` |
-| `spike-wrap-up.md` | Curate spike findings and package them as a persistent `spike-findings-[project]` skill. | `/gsd-spike-wrap-up` |
+| `spike-wrap-up.md` | Curate spike findings and package them as a persistent `spike-findings-[project]` skill. | `/gsd-spike --wrap-up` |
 | `stats.md` | Project statistics rendering — phases, plans, requirements, git metrics. | `/gsd-stats` |
 | `sync-skills.md` | Cross-runtime GSD skill sync — diff and apply `gsd-*` skill directories across runtime roots. | `/gsd-update --sync` |
 | `transition.md` | Phase-boundary transition workflow — workstream checks, state advancement. | `execute-phase.md`, `/gsd-progress --next` |
@@ -385,7 +383,7 @@ Full listing: `get-shit-done/bin/lib/*.cjs`.
 | `roadmap-command-router.cjs` | Thin CJS subcommand router adapter for `gsd-tools roadmap` |
 | `roadmap.cjs` | ROADMAP.md parsing, phase extraction, plan progress |
 | `schema-detect.cjs` | Schema-drift detection for ORM patterns (Prisma, Drizzle, etc.) |
-| `secrets.cjs` | Secret-config masking convention (`****<last-4>`) for integration keys managed by `/gsd-settings-integrations` — keeps plaintext out of `config-set` output |
+| `secrets.cjs` | Secret-config masking convention (`****<last-4>`) for integration keys managed by `/gsd-config --integrations` — keeps plaintext out of `config-set` output |
 | `security.cjs` | Path traversal prevention, prompt injection detection, safe JSON/shell helpers |
 | `state-command-router.cjs` | Thin CJS subcommand router adapter for `gsd-tools state` |
 | `state.cjs` | STATE.md parsing, updating, progression, metrics |
@@ -400,7 +398,7 @@ Full listing: `get-shit-done/bin/lib/*.cjs`.
 ---
-## Hooks (11 shipped)
+## Hooks (12 shipped)
 Full listing: `hooks/`.
@@ -410,6 +408,7 @@ Full listing: `hooks/`.
 | `gsd-context-monitor.js` | `PostToolUse` / `AfterTool` | Injects agent-facing context warnings at 35%/25% remaining |
 | `gsd-check-update.js` | `SessionStart` | Background check for new GSD versions |
 | `gsd-check-update-worker.js` | (worker) | Background worker helper for check-update |
 | `gsd-update-banner.js` | `SessionStart` | Opt-in banner surfacing update availability when GSD statusline isn't used (PR #2795) |
 | `gsd-prompt-guard.js` | `PreToolUse` | Scans `.planning/` writes for prompt-injection patterns (advisory) |
 | `gsd-workflow-guard.js` | `PreToolUse` | Detects file edits outside GSD workflow context (advisory, opt-in) |
 | `gsd-read-guard.js` | `PreToolUse` | Advisory guard preventing Edit/Write on unread files |
--- a/docs/README.md
+++ b/docs/README.md
@@ -15,6 +15,7 @@ Language versions: [English](README.md) · [Português (pt-BR)](pt-BR/README.md)
 | [CLI Tools Reference](CLI-TOOLS.md) | Contributors, agent authors | `gsd-tools.cjs` programmatic API for workflows and agents |
 | [Agent Reference](AGENTS.md) | Contributors, advanced users | Role cards for primary agents — roles, tools, spawn patterns (the `agents/` filesystem is authoritative) |
 | [User Guide](USER-GUIDE.md) | All users | Workflow walkthroughs, troubleshooting, and recovery |
 | [Issue-Driven Orchestration](issue-driven-orchestration.md) | All users | Recipe for driving GSD from a tracker issue (GitHub / Linear / Jira) using existing primitives — no new commands or daemon |
 | [Context Monitor](context-monitor.md) | All users | Context window monitoring hook architecture |
 | [Discuss Mode](workflow-discuss-mode.md) | All users | Assumptions vs interview mode for discuss-phase |
--- a/docs/STATE-MD-LIFECYCLE.md
+++ b/docs/STATE-MD-LIFECYCLE.md
@@ -1,9 +1,11 @@
 # STATE.md Phase Lifecycle Frontmatter
-> **Status:** Reference for the phase-lifecycle status-line proposed in
+> **Status:** Read-side shipped in v1.40.0 (issue
-> [issue #2833](https://github.com/gsd-build/get-shit-done/issues/2833).
+> [#2833](https://github.com/gsd-build/get-shit-done/issues/2833)).
-> The status-line hook (`hooks/gsd-statusline.js`) reads the fields below;
+> `parseStateMd()` reads the four frontmatter fields below and
-> SDK write-side support to maintain them is tracked separately.
+> `formatGsdState()` renders the in-flight / idle / progress scenes.
 > SDK write-side support to maintain the fields automatically is tracked
 > separately.
 GSD's `STATE.md` carries YAML frontmatter that the status-line hook reads on
 every render. This document describes the **phase-lifecycle fields** and the
--- a/docs/USER-GUIDE.md
+++ b/docs/USER-GUIDE.md
@@ -18,6 +18,37 @@ A detailed reference for workflows, troubleshooting, and configuration. For quic
 - [Troubleshooting](#troubleshooting)
 - [Recovery Quick Reference](#recovery-quick-reference)
 For driving GSD directly from a GitHub / Linear / Jira issue, see the
 [Issue-Driven Orchestration guide](issue-driven-orchestration.md) — a
 recipe that maps tracker issues onto the workspace → discuss → plan →
 execute → verify → review → ship loop using existing GSD primitives.
 ---
 ## Slash-command forms (hyphen vs colon)
 GSD ships **the same set of skills** to every supported runtime, but two slash-form spellings are in play:
 - **Hyphen form** — `/gsd-command-name` — used by Claude Code, Copilot, OpenCode, Kilo, Cursor, Windsurf, Augment, Antigravity, and Trae.
 - **Colon form** — `/gsd:command-name` — used by **Gemini CLI only**. Gemini namespaces every plugin's commands under the plugin id, so the install path rewrites every body-text reference and command file to the colon form during `--gemini` install.
 You don't need to choose — the installer writes the correct form into the command directory of each runtime you target. When following a walkthrough on a Gemini terminal, replace the hyphen after `gsd` with a colon as you read each slash command.
 ## Namespace routing primer (`gsd:<namespace>`, v1.40)
 v1.40 ships six **namespace meta-skills** as the first-stage entry points for hierarchical routing — they keep the eager skill-listing token cost low (~120 tokens for 6 routers vs ~2,150 for a flat 86-skill listing) while every concrete sub-skill remains directly invocable. Each namespace router's body contains a routing table that maps your intent to the correct concrete sub-skill.
 | Namespace | Router | Routes to |
 |-----------|--------|-----------|
 | Phase pipeline | `/gsd-ns-workflow` | discuss / plan / execute / verify / phase / progress |
 | Project lifecycle | `/gsd-ns-project` | milestones, audits, summary |
 | Quality gates | `/gsd-ns-review` | code review, debug, audit, security, eval, ui |
 | Codebase intelligence | `/gsd-ns-context` | map, graphify, docs, learnings |
 | Management | `/gsd-ns-manage` | config, workspace, workstreams, thread, update, ship, inbox |
 | Exploration & capture | `/gsd-ns-ideate` | explore, sketch, spike, spec, capture |
 You almost never need to type a namespace router yourself. Their value is in the routing layer the model uses to discover the right sub-skill — they exist so the system prompt can list 6 entries instead of 86. If you already know the concrete command (e.g. `/gsd-plan-phase`), call it directly.
 ---
 ## End-to-End Walkthrough
@@ -566,7 +597,7 @@ Each spike runs 2–5 experiments. Every experiment has:
 Results land in `.planning/spikes/NNN-name/README.md` and are indexed in `.planning/spikes/MANIFEST.md`.
-Once you have signal, run `/gsd-spike-wrap-up` to package the findings into `.claude/skills/spike-findings-[project]/` — future sessions will load them automatically via project-skills discovery.
+Once you have signal, run `/gsd-spike --wrap-up` to package the findings into `.claude/skills/spike-findings-[project]/` — future sessions will load them automatically via project-skills discovery.
 ### When to Sketch
@@ -581,16 +612,16 @@ Sketch when you need to compare layout structures, interaction models, or visual
 Each sketch answers **one design question** with 2–3 variants in a single `index.html` you open directly in a browser — no build step. Variants use tab navigation and shared CSS variables from `themes/default.css`. All interactive elements (hover, click, transitions) are functional.
-After picking a winner, run `/gsd-sketch-wrap-up` to capture the visual decisions into `.claude/skills/sketch-findings-[project]/`.
+After picking a winner, run `/gsd-sketch --wrap-up` to capture the visual decisions into `.claude/skills/sketch-findings-[project]/`.
 ### Spike → Sketch → Phase Flow
 ```
 /gsd-spike "SSE vs WebSocket"     # Validate the approach
-/gsd-spike-wrap-up                # Package learnings
+/gsd-spike --wrap-up              # Package learnings
 /gsd-sketch "real-time feed UI"   # Explore the design
-/gsd-sketch-wrap-up               # Package decisions
+/gsd-sketch --wrap-up             # Package decisions
 /gsd-discuss-phase N              # Lock in preferences (now informed by spike + sketch)
 /gsd-plan-phase N                 # Plan with confidence
@@ -605,8 +636,8 @@ After picking a winner, run `/gsd-sketch-wrap-up` to capture the visual decision
 Ideas that aren't ready for active planning go into the backlog using 999.x numbering, keeping them outside the active phase sequence.
 ```
-/gsd-add-backlog "GraphQL API layer"     # Creates 999.1-graphql-api-layer/
+/gsd-capture --backlog "GraphQL API layer"     # Creates 999.1-graphql-api-layer/
-/gsd-add-backlog "Mobile responsive"     # Creates 999.2-mobile-responsive/
+/gsd-capture --backlog "Mobile responsive"     # Creates 999.2-mobile-responsive/
 ```
 Backlog items get full phase directories, so you can use `/gsd-discuss-phase 999.1` to explore an idea further or `/gsd-plan-phase 999.1` when it's ready.
@@ -618,7 +649,7 @@ Backlog items get full phase directories, so you can use `/gsd-discuss-phase 999
 Seeds are forward-looking ideas with trigger conditions. Unlike backlog items, seeds surface automatically when the right milestone arrives.
 ```
-/gsd-plant-seed "Add real-time collab when WebSocket infra is in place"
+/gsd-capture --seed "Add real-time collab when WebSocket infra is in place"
 ```
 Seeds preserve the full WHY and WHEN to surface. `/gsd-new-milestone` scans all seeds and presents matches.
@@ -637,7 +668,7 @@ Threads are lightweight cross-session knowledge stores for work that spans multi
 Threads are lighter weight than `/gsd-pause-work` — no phase state, no plan context. Each thread file includes Goal, Context, References, and Next Steps sections.
-Threads can be promoted to phases (`/gsd-add-phase`) or backlog items (`/gsd-add-backlog`) when they mature.
+Threads can be promoted to phases (`/gsd-phase`) or backlog items (`/gsd-capture --backlog`) when they mature.
 **Storage:** `.planning/threads/{slug}.md`
@@ -664,7 +695,7 @@ Workstreams let you work on multiple milestone areas concurrently without state
 Each workstream maintains its own `.planning/` directory subtree. When you switch workstreams, GSD swaps the active planning context so that `/gsd-progress`, `/gsd-discuss-phase`, `/gsd-plan-phase`, and other commands operate on that workstream's state. Active context is session-scoped when the runtime exposes a stable session identifier, which prevents one terminal or AI instance from repointing another instance's `STATE.md`.
-This is lighter weight than `/gsd-new-workspace` (which creates separate repo worktrees). Workstreams share the same codebase and git history but isolate planning artifacts.
+This is lighter weight than `/gsd-workspace --new` (which creates separate repo worktrees). Workstreams share the same codebase and git history but isolate planning artifacts.
 ---
@@ -743,8 +774,8 @@ After executing a phase, run a structured code review before UAT:
 The reviewer scopes files automatically using SUMMARY.md (preferred) or git diff fallback. Findings are classified as Critical, Warning, or Info in `{phase}-REVIEW.md`.
 ```bash
-/gsd-code-review-fix 3           # Fix Critical + Warning findings atomically
+/gsd-code-review 3 --fix           # Fix Critical + Warning findings atomically
-/gsd-code-review-fix 3 --auto    # Fix and re-review until clean (max 3 iterations)
+/gsd-code-review 3 --fix --auto    # Fix and re-review until clean (max 3 iterations)
 ```
 ### Autonomous Audit-to-Fix
@@ -761,7 +792,7 @@ To run an audit and fix all auto-fixable issues in one pass:
 The review step slots in after execution and before UAT:
 ```
-/gsd-execute-phase N   ->  /gsd-code-review N  ->  /gsd-code-review-fix N  ->  /gsd-verify-work N
+/gsd-execute-phase N   ->  /gsd-code-review N  ->  /gsd-code-review N --fix  ->  /gsd-verify-work N
 ```
 ---
@@ -895,7 +926,6 @@ The gate is non-blocking: any internal failure logs and the phase continues.
 ```bash
 /gsd-audit-milestone        # Check requirements coverage, detect stubs
 /gsd-plan-milestone-gaps    # If audit found gaps, create phases to close them
 /gsd-complete-milestone     # Archive, tag, done
 ```
@@ -914,11 +944,13 @@ The gate is non-blocking: any internal failure logs and the phase continues.
 ### Mid-Milestone Scope Changes
 ```bash
-/gsd-add-phase              # Append a new phase to the roadmap
+/gsd-phase                  # Append a new phase to the roadmap (default mode)
 # or
-/gsd-insert-phase 3         # Insert urgent work between phases 3 and 4
+/gsd-phase --insert 3       # Insert urgent work between phases 3 and 4
 # or
-/gsd-remove-phase 7         # Descope phase 7 and renumber
+/gsd-phase --remove 7       # Descope phase 7 and renumber
 # or
 /gsd-phase --edit 4         # Edit any field of phase 4 in place
 ```
 ### Multi-Project Workspaces
@@ -927,18 +959,18 @@ Work on multiple repos or features in parallel with isolated GSD state.
 ```bash
 # Create a workspace with repos from your monorepo
-/gsd-new-workspace --name feature-b --repos hr-ui,ZeymoAPI
+/gsd-workspace --new --name feature-b --repos hr-ui,ZeymoAPI
 # Feature branch isolation — worktree of current repo with its own .planning/
-/gsd-new-workspace --name feature-b --repos .
+/gsd-workspace --new --name feature-b --repos .
 # Then cd into the workspace and initialize GSD
 cd ~/gsd-workspaces/feature-b
 /gsd-new-project
 # List and manage workspaces
-/gsd-list-workspaces
+/gsd-workspace --list
-/gsd-remove-workspace feature-b
+/gsd-workspace --remove feature-b
 ```
 Each workspace gets:
@@ -1010,7 +1042,95 @@ Do not re-run `/gsd-execute-phase`. Use `/gsd-quick` for targeted fixes, or `/gs
 ### Model Costs Too High
-Switch to budget profile: `/gsd-set-profile budget`. Disable research and plan-check agents via `/gsd-settings` if the domain is familiar to you (or to Claude).
+Switch to budget profile: `/gsd-config --profile budget`. Disable research and plan-check agents via `/gsd-settings` if the domain is familiar to you (or to Claude).
 ### Tuning model cost by phase (`models`) — added in v1.40
 If you've heard "use Opus for planning, Sonnet for verification" and want to apply that without learning the agent taxonomy, add a `models` block to `.planning/config.json`:
 ```json
 {
  "model_profile": "balanced",
  "models": {
    "planning": "opus",
    "discuss": "opus",
    "research": "sonnet",
    "execution": "opus",
    "verification": "sonnet",
    "completion": "sonnet"
  }
 }
 ```
 The six slots (`planning` / `discuss` / `research` / `execution` / `verification` / `completion`) accept tier aliases (`opus`, `sonnet`, `haiku`, `inherit`). Each slot covers a group of agents — for example, setting `models.research = "sonnet"` applies to `gsd-phase-researcher`, `gsd-codebase-mapper`, `gsd-research-synthesizer`, and the other research agents in one shot.
 Need a per-agent exception? Add `model_overrides` alongside — it wins over `models`:
 ```json
 {
  "models": { "research": "sonnet" },
  "model_overrides": {
    "gsd-codebase-mapper": "haiku"
  }
 }
 ```
 That gives sonnet to all research agents *except* the codebase mapper, which runs haiku for the cheap-but-broad fan-out scan.
 For the full mapping table and resolution-precedence rules, see [Per-Phase-Type Models](CONFIGURATION.md#per-phase-type-models-models--added-in-v140) in the configuration reference.
 ### Cheap-by-default with `dynamic_routing` — added in v1.40
 If you've been paying Opus rates everywhere as insurance against a single hard verification, dynamic routing flips it: every agent starts on a cheaper tier and escalates only when the orchestrator marks a soft failure (verification inconclusive, plan-check FLAG, etc.).
 ```json
 {
  "dynamic_routing": {
    "enabled": true,
    "tier_models": {
      "light":    "haiku",
      "standard": "sonnet",
      "heavy":    "opus"
    },
    "escalate_on_failure": true,
    "max_escalations": 1
  }
 }
 ```
 Each agent has a default tier (`light`, `standard`, or `heavy`). On the first attempt, GSD picks `tier_models[default_tier]`. If the orchestrator detects a soft failure, it re-spawns once at the next tier up. `max_escalations` caps total retries so a runaway loop can't burn through your budget.
 Concretely:
 - `gsd-codebase-mapper` (default `light`) → first attempt = `haiku`. If escalated → `sonnet`.
 - `gsd-verifier` (default `standard`) → first attempt = `sonnet`. If escalated → `opus`.
 - `gsd-planner` (default `heavy`) → always `opus`. No tier above; can't escalate further.
 To turn it off, set `dynamic_routing.enabled: false` (the default) — behavior is identical to today.
 For the full agent → tier mapping and resolution-precedence rules, see [Dynamic Routing](CONFIGURATION.md#dynamic-routing-with-failure-tier-escalation-dynamic_routing--added-in-v140) in the configuration reference.
 ### Trim MCP servers to reduce per-turn cost (the biggest lever GSD doesn't own)
 Before tuning `model_profile` or `models.<phase_type>`, audit which **MCP servers** your harness has enabled. Every enabled MCP server injects its tool schema into every turn — heavyweight servers like browser/playwright tools or platform-specific helpers can cost 20k+ tokens each, often dwarfing whatever GSD's resolver can save.
 This is a **harness setting**, not a GSD setting. The toggle lives in `.claude/settings.json`:
 ```json
 {
  "enabledMcpjsonServers": ["context7"],
  "disabledMcpjsonServers": ["playwright", "mac-tools"]
 }
 ```
 Quick audit before a long phase:
 - Are any browser / playwright tools enabled when this phase has no UI work?
 - Are any platform-specific tools (Mac-tools, Windows-tools, OS-specific) enabled when not needed?
 - Are any project-specific MCPs from a different project still enabled here?
 Each disabled server removes its schema from every subsequent turn for the rest of the session. Trimming MCPs **compounds** with `model_profile` tuning — both levers are additive, and MCP savings show up immediately across every subagent the orchestrator spawns.
 For the full audit, harness reference, and the composition note with `model_profile`, see [MCP Tool Schema Cost](../get-shit-done/references/context-budget.md#mcp-tool-schema-cost-harness-concern) in the bundled `context-budget.md` reference.
 ### Using Non-Claude Runtimes (Codex, OpenCode, Gemini CLI, Kilo)
@@ -1082,7 +1202,7 @@ Skills are installed to `~/.qwen/skills/gsd-*/SKILL.md`. Use the `QWEN_CONFIG_DI
 ### Using Claude Code with Non-Anthropic Providers (OpenRouter, Local)
-If GSD subagents call Anthropic models and you're paying through OpenRouter or a local provider, switch to the `inherit` profile: `/gsd-set-profile inherit`. This makes all agents use your current session model instead of specific Anthropic models. See also `/gsd-settings` → Model Profile → Inherit.
+If GSD subagents call Anthropic models and you're paying through OpenRouter or a local provider, switch to the `inherit` profile: `/gsd-config --profile inherit`. This makes all agents use your current session model instead of specific Anthropic models. See also `/gsd-settings` → Model Profile → Inherit.
 ### Working on a Sensitive/Private Project
@@ -1090,12 +1210,36 @@ Set `commit_docs: false` during `/gsd-new-project` or via `/gsd-settings`. Add `
 ### GSD Update Overwrote My Local Changes
-Since v1.17, the installer backs up locally modified files to `gsd-local-patches/`. Run `/gsd-reapply-patches` to merge your changes back.
+Since v1.17, the installer backs up locally modified files to `gsd-local-patches/`. Run `/gsd-update --reapply` to merge your changes back.
 ### Cannot Update via npm
 If `npx get-shit-done-cc` fails due to npm outages or network restrictions, see [docs/manual-update.md](manual-update.md) for a step-by-step manual update procedure that works without npm access.
 ### Surface GSD Update Notifications Without GSD's Statusline
 GSD checks for new versions in the background and writes the result to `~/.cache/gsd/gsd-update-check.json`. By default, GSD's statusline (`hooks/gsd-statusline.js`) reads that cache and shows the update indicator. If you use a different statusline (for example `ccstatusline`) or none at all, the update info is invisible.
 **Opt-in fix:** during interactive install, when you decline (or keep your existing) statusline, the installer offers a one-time prompt:
 ```text
 Optional: GSD update banner
  1) No banner (default)
  2) Install update banner
 ```
 Choose `2` (or type `y`/`yes`) and the installer registers `hooks/gsd-update-banner.js` as a `SessionStart` hook. From the next session onward, GSD prints a one-line `systemMessage` only when the cache reports an update available:
 ```text
 GSD update available: 1.39.0 → 1.40.0. Run /gsd-update.
 ```
 The banner is silent when no update is available. If the cache file is corrupt, GSD emits one diagnostic line (`GSD update check failed.`) and stays silent for 24 hours so a broken cache does not nag every session.
 **Opt-out / removal:** delete the SessionStart hook entry that references `gsd-update-banner.js` from your runtime's `settings.json` (Claude Code: `~/.claude/settings.json`; Gemini: `~/.gemini/settings.json`). `npx get-shit-done-cc --uninstall` removes both the script and the registration in one pass.
 The banner is not offered when GSD's statusline is installed — that channel already surfaces update info, so re-prompting would be noise.
 ### Workflow Diagnostics (`/gsd-forensics`)
 When a workflow fails in a way that isn't obvious -- plans reference nonexistent files, execution produces unexpected results, or state seems corrupted -- run `/gsd-forensics` to generate a diagnostic report.
@@ -1241,15 +1385,14 @@ If the installer crashes with `EPERM: operation not permitted, scandir` on Windo
 | ------------------------------------ | ------------------------------------------------------------------------ |
 | Lost context / new session           | `/gsd-resume-work` or `/gsd-progress`                                    |
 | Phase went wrong                     | `git revert` the phase commits, then re-plan                             |
-| Need to change scope                 | `/gsd-add-phase`, `/gsd-insert-phase`, or `/gsd-remove-phase`            |
+| Need to change scope                 | `/gsd-phase` (default), `/gsd-phase --insert`, or `/gsd-phase --remove`  |
 | Milestone audit found gaps           | `/gsd-plan-milestone-gaps`                                               |
 | Something broke                      | `/gsd-debug "description"` (add `--diagnose` for analysis without fixes) |
 | STATE.md out of sync                 | `state validate` then `state sync`                                       |
 | Workflow state seems corrupted       | `/gsd-forensics`                                                         |
 | Quick targeted fix                   | `/gsd-quick`                                                             |
 | Plan doesn't match your vision       | `/gsd-discuss-phase [N]` then re-plan                                    |
-| Costs running high                   | `/gsd-set-profile budget` and `/gsd-settings` to toggle agents off       |
+| Costs running high                   | `/gsd-config --profile budget` and `/gsd-settings` to toggle agents off  |
-| Update broke local changes           | `/gsd-reapply-patches`                                                   |
+| Update broke local changes           | `/gsd-update --reapply`                                                  |
 | Want session summary for stakeholder | `/gsd-session-report`                                                    |
 | Don't know what step is next         | `/gsd-next`                                                              |
 | Parallel execution build errors      | Update GSD or set `parallelization.enabled: false`                       |
--- a/docs/adr/0001-dispatch-policy-module.md
+++ b/docs/adr/0001-dispatch-policy-module.md
@@ -0,0 +1,26 @@
 # Dispatch policy module as single seam for query execution outcomes
 We decided to centralize query dispatch outcomes in one Dispatch Policy Module that returns a structured union result (`ok` success or failure with typed `kind`, `details`, and final `exit_code`) instead of mixing throws and ad-hoc error mapping across CLI and SDK paths. This keeps fallback policy, timeout classification, and exit mapping in one place for better locality, prevents drift between native and fallback behavior, and makes callers thin adapters over a stable interface.
 ## Amendment (2026-05-03): query seam deepening completion
 To complete the query architecture pass, we deepened adjacent seams around the Dispatch Policy Module:
 - Extracted **Query Runtime Context Module** to own `projectDir` + `ws` resolution policy.
 - Extracted **Native Dispatch Adapter Module** so Dispatch Policy consumes a stable native dispatch Interface (not closure-wired call sites).
 - Extracted **Query CLI Output Module** to own projection from dispatch results/errors to CLI output contract.
 - Converged internal command-resolution and policy imports onto canonical modules and removed dead wrapper modules.
 - Added **Command Topology Module** as dispatch-facing seam that resolves commands, projects command policy, binds handler Adapters, and emits no-match diagnosis consumed by Dispatch Policy.
 - Locked **pre-project query config policy** for parity-sensitive query Interfaces: when `.planning/config.json` is absent, use built-in defaults and parity-aligned empty model ids for model-resolution surfaces.
 - Gated real-CLI SDK E2E suites behind explicit opt-in (`GSD_ENABLE_E2E=1`) to keep default CI/local verification deterministic while preserving full-path validation when requested.
 ### Dead-wrapper convergence
 Removed wrapper Modules after call-site convergence:
 - `normalize-query-command.ts`
 - `command-resolution.ts`
 - `policy-convergence.ts`
 - `query-policy-snapshot.ts`
 - `query-registry-capability.ts`
 This amendment preserves the original ADR direction: keep policy depth high, adapters thin, and locality concentrated in explicit modules.
--- a/docs/issue-driven-orchestration.md
+++ b/docs/issue-driven-orchestration.md
@@ -0,0 +1,183 @@
 # Issue-Driven Orchestration with GSD
 **Status:** stable workflow guide
 **Audience:** developers who track work in GitHub Issues, Linear, Jira, or
 similar issue trackers and want to drive AI-assisted implementation
 through GSD's existing primitives.
 ## What this guide is
 A recipe for combining commands GSD already ships into an issue-tracker
 → workspace → plan/execute → verify/review → PR loop. It is documentation
 only. No new commands, no daemon, no tracker integration — every command
 referenced below already exists in GSD today.
 The shape is inspired by OpenAI's open-source [Symphony orchestration
 reference](https://openai.com/index/open-source-codex-orchestration-symphony/)
 ([repository](https://github.com/openai/symphony)). GSD does not vendor or
 wrap Symphony. The orchestration *concepts* map cleanly onto primitives
 GSD already exposes; this guide just spells the mapping out so you can
 adopt the pattern without writing glue code or bypassing GSD's safety
 gates.
 ## Why this exists
 GSD has the building blocks for issue-driven AI development —
 `/gsd-workspace --new`, `/gsd-manager`, `/gsd-autonomous`, `/gsd-verify-work`,
 `/gsd-review`, `/gsd-ship`, plus `STATE.md` and the phase artifact suite
 — but no guide that walks through how to drive them from a single tracker
 issue without writing custom orchestration scripts. Without that guide
 the failure modes are:
 - Underuse: developers run discuss/plan/execute manually and never reach
  for `/gsd-manager` or `/gsd-autonomous` even when their work pattern
  fits.
 - Workaround scripts: developers wire ad-hoc shell loops between their
  tracker and `claude` invocations, bypassing `STATE.md`, the phase
  manifest, and the verification gates.
 This guide makes the canonical loop discoverable.
 ## Concept mapping
 Each row maps a Symphony-style orchestration concept to the GSD primitive
 that already serves it. Use this table as a translation key when reading
 Symphony docs, blog posts, or third-party orchestration write-ups.
 | Symphony concept | GSD primitive |
 |---|---|
 | `WORKFLOW.md` (top-level intent) | `ROADMAP.md` (project intent), `STATE.md` (live status), phase `CONTEXT.md` (per-phase scope), phase `PLAN.md` (executable steps) |
 | One isolated agent workspace per task | `/gsd-workspace --new --strategy worktree` |
 | Agent dispatch and concurrency | `/gsd-manager` (interactive dashboard), `/gsd-autonomous` (unattended) |
 | Per-phase plan and discuss steps | `/gsd-discuss-phase` → `/gsd-plan-phase` → `/gsd-execute-phase` |
 | Proof-of-work / test evidence | `/gsd-verify-work` (UAT.md persisted across `/clear`) |
 | Adversarial review | `/gsd-review` (cross-AI peer review of plans) |
 | Human merge gate | `/gsd-ship` (creates PR, optional code review, prepares merge) |
 | Follow-up capture | `/gsd-note`, `/gsd-plant-seed`, `/gsd-new-milestone`, or a manually opened tracker issue |
 | Concurrency control | Manager / background-agent semantics (no always-on poller) |
 The mapping is one-way: GSD owns the safety gates (verification, human
 review, explicit confirmation for follow-up creation). Symphony's
 "continuous orchestration" framing is intentionally not adopted — see
 [Non-goals](#non-goals).
 ## End-to-end flow
 The canonical issue → PR loop, written so it can run from a single
 tracker issue end-to-end. Replace bracketed placeholders before running.
 1. **Pick the tracker issue.** Choose one issue from your tracker (GitHub,
   Linear, etc.) that is well-scoped enough for autonomous implementation
   — bounded scope, observable acceptance criteria, no upstream
   dependencies that block execution.
 2. **Map to a GSD phase.** If the issue maps onto an existing phase in
   `ROADMAP.md`, select it. If not, run `/gsd-new-milestone` (for a new
   milestone of related issues) or open a phase via `/gsd-add-phase` /
   `/gsd-insert-phase`. Capture the tracker issue URL in the phase's
   `CONTEXT.md` so traceability survives compaction.
 3. **Create an isolated workspace.** Run
   `/gsd-workspace --new --strategy worktree <slug>` to spin up a git
   worktree with an independent `.planning/` directory. The worktree is
   the safety boundary: any exploration, partial commits, or aborted
   plans stay outside `main`.
 4. **Run discuss → plan → execute through GSD.** From inside the
   workspace, run `/gsd-discuss-phase` to clarify ambiguities,
   `/gsd-plan-phase` to produce `PLAN.md`, and either `/gsd-manager`
   (interactive dashboard) or `/gsd-execute-phase` / `/gsd-autonomous`
   (unattended) to implement. Avoid driving raw `claude` invocations
   from outside GSD — that bypasses `STATE.md` updates and the phase
   manifest.
 5. **Demand proof-of-work.** Run `/gsd-verify-work` to walk the user
   through UAT against the phase's acceptance criteria. Tests,
   screenshots, log captures, and config diffs are all recorded in
   `UAT.md`, which persists across `/clear` and feeds gaps into
   `/gsd-plan-phase --gaps` when verification surfaces missed scope.
 6. **Pass through the review and ship gates.** Run `/gsd-review` to get
   adversarial peer review of the plan from independent AI CLIs (catches
   blind spots model-by-model), then `/gsd-ship` to open the PR with a
   rich body assembled from the planning artifacts. Both gates require a
   human decision before anything reaches the remote.
 7. **Capture follow-up work explicitly.** Use `/gsd-note` for inline
   notes, `/gsd-plant-seed` for ideas worth a future phase, or
   `/gsd-new-milestone` for a coherent group of follow-ups. Creating a
   tracker issue from a discovered follow-up requires explicit user
   confirmation — GSD does not post to remote trackers automatically.
 When the PR merges, the loop closes. Auto-close keywords in the PR body
 (`Closes #NNN` / `Fixes #NNN`) close the tracker issue at merge time.
 ## Safety boundaries
 The loop is safe because four invariants hold by construction:
 - **Isolated worktrees.** Every issue runs in a `/gsd-workspace --new`
  worktree, so partial work, aborted plans, and exploratory commits
  never touch `main`. `gsd-local-patches/` is the recovery surface if a
  worktree's hand-edits need to come back across an update.
 - **Explicit human review.** `/gsd-review` and `/gsd-ship` both stop for
  human approval. There is no auto-merge and no auto-PR-from-execution
  path. If you want to remove the human gate for a specific repository,
  that is your branch-protection / merge-queue policy decision, not
  something GSD opts into for you.
 - **No automatic public posting.** GSD never opens, comments on, or
  closes a tracker issue without an explicit user-initiated command.
  Follow-up capture defaults to local artifacts (notes, seeds,
  milestones); pushing back to the tracker is a separate manual step.
 - **Verification before ship.** `/gsd-verify-work`'s UAT.md must record
  evidence before `/gsd-ship` is run. The recommended discipline is to
  treat `verification_failed` as a blocker even when the implementation
  looks correct — the failure usually surfaces a missed acceptance
  criterion, not a flaky test.
 If any of these invariants is bypassed (e.g. running `claude` directly
 against the worktree, skipping `/gsd-verify-work`, or scripting issue
 creation through the tracker API without user confirmation), the
 guarantees of this guide do not apply.
 ## Non-goals
 This guide deliberately does **not** propose any of the following. They
 are listed here so future contributors don't re-litigate them in code
 review:
 - **No vendoring or copying Symphony code.** GSD reuses its own
  primitives. The mapping above is conceptual; no Symphony-derived
  source ships in this repo.
 - **No long-running daemon.** GSD does not poll GitHub or Linear. The
  manager and autonomous workflows handle concurrency through
  background-agent semantics, not a daemon.
 - **No mandatory tracker dependency.** The loop works without any
  tracker integration. The "tracker issue" step is a *human input* —
  the URL goes into `CONTEXT.md`. GSD has no opinion about which
  tracker you use, or whether you use one at all.
 - **No bypass of verification, review, or human decision gates.** Even
  when running `/gsd-autonomous`, the verification and review gates
  still fire. The "autonomous" label refers to phase-to-phase
  progression, not to skipping human approval.
 - **No expansion of the default skill / command surface.** Every
  command referenced in this guide already exists. This guide is a
  documentation surface, not a feature surface.
 ## Possible future follow-up
 If maintainer experience with this loop justifies it, a separate
 approved-enhancement could later add a *minimal* tracker bridge:
 - Importing one GitHub or Linear issue into a GSD workspace / phase.
 - Exporting `UAT.md` evidence as a comment on the source issue.
 - Generating follow-up tracker issues from `/gsd-plant-seed` output.
 Each of those would be its own enhancement proposal because each adds
 integration surface and ongoing maintenance burden. They are out of
 scope for this guide.
 ## Related
 - [docs/USER-GUIDE.md](USER-GUIDE.md) — task-oriented walkthroughs of
  individual commands referenced above.
 - [docs/COMMANDS.md](COMMANDS.md) — full reference for `/gsd-*`
  commands.
 - [docs/FEATURES.md](FEATURES.md) — feature-level capability matrix
  (workspaces, manager, autonomous, verify, review, ship).
 - [docs/ARCHITECTURE.md](ARCHITECTURE.md) — phase-artifact lifecycle
  and `STATE.md` mechanics.
--- a/docs/ja-JP/ARCHITECTURE.md
+++ b/docs/ja-JP/ARCHITECTURE.md
@@ -411,7 +411,7 @@ UI-SPEC.md (per phase) ───────────────────
 │   ├── pending/            # キャプチャされたアイデア
 │   └── done/               # 完了済みtodo
 ├── threads/               # 永続コンテキストスレッド（/gsd-thread から）
-├── seeds/                 # 将来に向けたアイデア（/gsd-plant-seed から）
+├── seeds/                 # 将来に向けたアイデア（/gsd-capture --seed から）
 ├── debug/                  # アクティブなデバッグセッション
 │   ├── *.md                # アクティブセッション
 │   ├── resolved/           # アーカイブ済みセッション
@@ -439,7 +439,7 @@ UI-SPEC.md (per phase) ───────────────────
   - Antigravity: Googleモデル同等品によるスキルファースト
 5. **パス正規化** — `~/.claude/` パスをランタイム固有のパスに置換
 6. **設定統合** — ランタイムの `settings.json` にフックを登録
-7. **パッチバックアップ** — v1.17以降、ローカルで変更されたファイルを `/gsd-reapply-patches` 用に `gsd-local-patches/` へバックアップ
+7. **パッチバックアップ** — v1.17以降、ローカルで変更されたファイルを `/gsd-update --reapply` 用に `gsd-local-patches/` へバックアップ
 8. **マニフェスト追跡** — クリーンアンインストールのために `gsd-file-manifest.json` を書き込み
 9. **アンインストールモード** — `--uninstall` ですべてのGSDファイル、フック、設定を削除
--- a/docs/ja-JP/COMMANDS.md
+++ b/docs/ja-JP/COMMANDS.md
@@ -32,7 +32,7 @@
 ---
-### `/gsd-new-workspace`
+### `/gsd-workspace --new`
 リポジトリのコピーと独立した `.planning/` ディレクトリを持つ分離されたワークスペースを作成します。
@@ -52,14 +52,14 @@
 **生成物:** `WORKSPACE.md`、`.planning/`、リポジトリコピー（worktreeまたはclone）
 ```bash
-/gsd-new-workspace --name feature-b --repos hr-ui,ZeymoAPI
+/gsd-workspace --new --name feature-b --repos hr-ui,ZeymoAPI
-/gsd-new-workspace --name feature-b --repos . --strategy worktree  # 同一リポジトリの分離
+/gsd-workspace --new --name feature-b --repos . --strategy worktree  # 同一リポジトリの分離
-/gsd-new-workspace --name spike --repos api,web --strategy clone   # フルクローン
+/gsd-workspace --new --name spike --repos api,web --strategy clone   # フルクローン
 ```
 ---
-### `/gsd-list-workspaces`
+### `/gsd-workspace --list`
 アクティブなGSDワークスペースとそのステータスを一覧表示します。
@@ -67,12 +67,12 @@
 **表示内容:** 名前、リポジトリ数、戦略、GSDプロジェクトのステータス
 ```bash
-/gsd-list-workspaces
+/gsd-workspace --list
 ```
 ---
-### `/gsd-remove-workspace`
+### `/gsd-workspace --remove`
 ワークスペースを削除し、git worktreeをクリーンアップします。
@@ -83,7 +83,7 @@
 **安全性:** コミットされていない変更があるリポジトリの削除を拒否します。名前の確認が必要です。
 ```bash
-/gsd-remove-workspace feature-b
+/gsd-workspace --remove feature-b
 ```
 ---
@@ -368,15 +368,15 @@
 ## フェーズ管理コマンド
-### `/gsd-add-phase`
+### `/gsd-phase`
 ロードマップに新しいフェーズを追加します。
 ```bash
-/gsd-add-phase                      # 対話型 — フェーズの説明を入力
+/gsd-phase                      # 対話型 — フェーズの説明を入力
 ```
-### `/gsd-insert-phase`
+### `/gsd-phase --insert`
 小数番号を使用して、フェーズ間に緊急の作業を挿入します。
@@ -385,10 +385,10 @@
 | `N` | いいえ | このフェーズ番号の後に挿入 |
 ```bash
-/gsd-insert-phase 3                 # フェーズ3と4の間に挿入 → 3.1を作成
+/gsd-phase --insert 3                 # フェーズ3と4の間に挿入 → 3.1を作成
 ```
-### `/gsd-remove-phase`
+### `/gsd-phase --remove`
 将来のフェーズを削除し、後続のフェーズの番号を振り直します。
@@ -397,7 +397,7 @@
 | `N` | いいえ | 削除するフェーズ番号 |
 ```bash
-/gsd-remove-phase 7                 # フェーズ7を削除、8→7、9→8等に番号振り直し
+/gsd-phase --remove 7                 # フェーズ7を削除、8→7、9→8等に番号振り直し
 ```
 ### `/gsd-list-phase-assumptions`
@@ -412,15 +412,8 @@
 /gsd-list-phase-assumptions 2       # フェーズ2の前提を確認
 ```
 ### `/gsd-plan-milestone-gaps`
-マイルストーン監査のギャップを解消するフェーズを作成します。
+### `/gsd-plan-phase --research-phase`
 ```bash
 /gsd-plan-milestone-gaps             # 各監査ギャップに対してフェーズを作成
 ```
 ### `/gsd-research-phase`
 詳細なエコシステム調査のみを実行します（単体機能 — 通常は `/gsd-plan-phase` を使用してください）。
@@ -429,7 +422,7 @@
 | `N` | いいえ | フェーズ番号 |
 ```bash
-/gsd-research-phase 4               # フェーズ4のドメインを調査
+/gsd-plan-phase --research-phase 4               # フェーズ4のドメインを調査
 ```
 ### `/gsd-validate-phase`
@@ -598,7 +591,7 @@ GSDの保証付きでアドホックタスクを実行します。
 /gsd-debug --diagnose "API returning 500 on /users endpoint"
 ```
-### `/gsd-add-todo`
+### `/gsd-capture`
 後で取り組むアイデアやタスクをキャプチャします。
@@ -607,15 +600,15 @@ GSDの保証付きでアドホックタスクを実行します。
 | `description` | いいえ | Todoの説明 |
 ```bash
-/gsd-add-todo "Consider adding dark mode support"
+/gsd-capture "Consider adding dark mode support"
 ```
-### `/gsd-check-todos`
+### `/gsd-capture --list`
 保留中のTodoを一覧表示し、取り組むものを選択します。
 ```bash
-/gsd-check-todos
+/gsd-capture --list
 ```
 ### `/gsd-add-tests`
@@ -752,7 +745,7 @@ Claude Codeのセッション分析から8つの次元（コミュニケーシ
 /gsd-settings                       # 対話型設定
 ```
-### `/gsd-set-profile`
+### `/gsd-config --profile`
 クイックプロファイル切り替え。
@@ -761,8 +754,8 @@ Claude Codeのセッション分析から8つの次元（コミュニケーシ
 | `profile` | **はい** | `quality`、`balanced`、`budget`、または `inherit` |
 ```bash
-/gsd-set-profile budget             # budgetプロファイルに切り替え
+/gsd-config --profile budget             # budgetプロファイルに切り替え
-/gsd-set-profile quality            # qualityプロファイルに切り替え
+/gsd-config --profile quality            # qualityプロファイルに切り替え
 ```
 ---
@@ -794,12 +787,12 @@ Claude Codeのセッション分析から8つの次元（コミュニケーシ
 /gsd-update                         # アップデートを確認してインストール
 ```
-### `/gsd-reapply-patches`
+### `/gsd-update --reapply`
 GSDアップデート後にローカルの変更を復元します。
 ```bash
-/gsd-reapply-patches                # ローカルの変更をマージバック
+/gsd-update --reapply               # ローカルの変更をマージバック
 ```
 ---
@@ -885,7 +878,7 @@ GSDアップデート後にローカルの変更を復元します。
 ## バックログ＆スレッドコマンド
-### `/gsd-add-backlog`
+### `/gsd-capture --backlog`
 999.x番号付けを使用して、バックログのパーキングロットにアイデアを追加します。
@@ -896,8 +889,8 @@ GSDアップデート後にローカルの変更を復元します。
 **999.x番号付け**により、バックログ項目はアクティブなフェーズシーケンスの外に保持されます。フェーズディレクトリは即座に作成されるため、`/gsd-discuss-phase` や `/gsd-plan-phase` がそれらに対して動作します。
 ```bash
-/gsd-add-backlog "GraphQL API layer"
+/gsd-capture --backlog "GraphQL API layer"
-/gsd-add-backlog "Mobile responsive redesign"
+/gsd-capture --backlog "Mobile responsive redesign"
 ```
 ---
@@ -914,7 +907,7 @@ GSDアップデート後にローカルの変更を復元します。
 ---
-### `/gsd-plant-seed`
+### `/gsd-capture --seed`
 トリガー条件付きの将来のアイデアをキャプチャ — 適切なマイルストーンで自動的に表面化します。
@@ -928,7 +921,7 @@ GSDアップデート後にローカルの変更を復元します。
 **利用先:** `/gsd-new-milestone`（シードをスキャンしてマッチするものを提示）
 ```bash
-/gsd-plant-seed "Add real-time collaboration when WebSocket infra is in place"
+/gsd-capture --seed "Add real-time collaboration when WebSocket infra is in place"
 ```
 ---
--- a/docs/ja-JP/FEATURES.md
+++ b/docs/ja-JP/FEATURES.md
@@ -386,7 +386,6 @@
 - REQ-MILE-08: 新しいマイルストーンは new-project と同じフロー（質問 → リサーチ → 要件 → ロードマップ）に従わなければならない
 - REQ-MILE-09: 新しいマイルストーンは既存のワークフロー設定をリセットしてはならない
 **ギャップクローズ:** `/gsd-plan-milestone-gaps` は監査で特定されたギャップを埋めるためのフェーズを作成します。
 ---
@@ -394,7 +393,7 @@
 ### 9. フェーズ管理
-**コマンド:** `/gsd-add-phase`、`/gsd-insert-phase [N]`、`/gsd-remove-phase [N]`
+**コマンド:** `/gsd-phase`、`/gsd-phase --insert [N]`、`/gsd-phase --remove [N]`
 **目的:** 開発中のロードマップの動的な変更。
@@ -681,7 +680,7 @@
 ### 26. モデルプロファイル
-**コマンド:** `/gsd-set-profile <quality|balanced|budget|inherit>`
+**コマンド:** `/gsd-config --profile <quality|balanced|budget|inherit>`
 **目的:** 各エージェントが使用する AI モデルを制御し、品質とコストのバランスを取ります。
@@ -763,7 +762,7 @@
 ### 29. Todo 管理
-**コマンド:** `/gsd-add-todo [desc]`、`/gsd-check-todos`
+**コマンド:** `/gsd-capture [desc]`、`/gsd-capture --list`
 **目的:** セッション中にアイデアやタスクをキャプチャし、後で作業できるようにします。
@@ -800,7 +799,7 @@
 - REQ-UPDATE-02: システムは更新前に新しいバージョンのチェンジログを表示しなければならない
 - REQ-UPDATE-03: システムはランタイムを認識し、正しいディレクトリを対象としなければならない
 - REQ-UPDATE-04: システムはローカルで変更されたファイルを `gsd-local-patches/` にバックアップしなければならない
- REQ-UPDATE-05: `/gsd-reapply-patches` は更新後にローカルの変更を復元しなければならない
+- REQ-UPDATE-05: `/gsd-update --reapply` は更新後にローカルの変更を復元しなければならない
 ---
@@ -1066,7 +1065,7 @@ fix(03-01): correct auth token expiry
 ### 43. バックログパーキングロット
-**コマンド:** `/gsd-add-backlog <description>`、`/gsd-review-backlog`、`/gsd-plant-seed <idea>`
+**コマンド:** `/gsd-capture --backlog <description>`、`/gsd-review-backlog`、`/gsd-capture --seed <idea>`
 **目的:** アクティブなプランニングの準備ができていないアイデアをキャプチャします。バックログ項目は 999.x の番号付けを使用して、アクティブなフェーズシーケンスの外に留まります。シードは、適切なマイルストーンで自動的に表面化するトリガー条件を持つ、将来を見据えたアイデアです。
@@ -1516,7 +1515,7 @@ Claude が GSD ワークフローコンテキスト外でファイル編集を
 ### 65. クレーム出所タグ付け
-**対象:** `/gsd-research-phase`
+**対象:** `/gsd-plan-phase --research-phase`
 **目的:** リサーチのクレームにソースエビデンスのタグを付け、仮定を別途記録します。
--- a/docs/ja-JP/README.md
+++ b/docs/ja-JP/README.md
@@ -18,7 +18,7 @@ Get Shit Done（GSD）フレームワークの包括的なドキュメントで
 ## クイックリンク
- **v1.39 の新機能:** `--minimal` インストールプロファイル（≥94% コールドスタート削減）、`/gsd-edit-phase`、マージ後ビルド & テストゲート、`review.models.<cli>` ランタイム別レビューモデル、ワークストリーム設定の継承、手動カナリアリリースワークフロー、スキル統合（86 → 59）
+- **v1.39 の新機能:** `--minimal` インストールプロファイル（≥94% コールドスタート削減）、`/gsd-phase --edit`、マージ後ビルド & テストゲート、`review.models.<cli>` ランタイム別レビューモデル、ワークストリーム設定の継承、手動カナリアリリースワークフロー、スキル統合（86 → 59）
 - **はじめに:** [README](../README.md) → インストール → `/gsd-new-project`
 - **ワークフロー完全ガイド:** [ユーザーガイド](USER-GUIDE.md)
 - **コマンド一覧:** [コマンドリファレンス](COMMANDS.md)
--- a/docs/ja-JP/USER-GUIDE.md
+++ b/docs/ja-JP/USER-GUIDE.md
@@ -256,8 +256,8 @@ React/Next.js/Vite プロジェクトの場合、UI リサーチャーは `compo
 アクティブなプランニングの準備ができていないアイデアは、999.x 番号を使用してバックログに格納され、アクティブなフェーズシーケンスの外に保持されます。
 ```
-/gsd-add-backlog "GraphQL API layer"     # Creates 999.1-graphql-api-layer/
+/gsd-capture --backlog "GraphQL API layer"     # Creates 999.1-graphql-api-layer/
-/gsd-add-backlog "Mobile responsive"     # Creates 999.2-mobile-responsive/
+/gsd-capture --backlog "Mobile responsive"     # Creates 999.2-mobile-responsive/
 ```
 バックログアイテムは完全なフェーズディレクトリを取得するため、`/gsd-discuss-phase 999.1` でアイデアをさらに探索したり、準備が整ったら `/gsd-plan-phase 999.1` を使用できます。
@@ -269,7 +269,7 @@ React/Next.js/Vite プロジェクトの場合、UI リサーチャーは `compo
 シードは、トリガー条件を持つ将来を見据えたアイデアです。バックログアイテムとは異なり、適切なマイルストーンが到来すると自動的に表面化されます。
 ```
-/gsd-plant-seed "Add real-time collab when WebSocket infra is in place"
+/gsd-capture --seed "Add real-time collab when WebSocket infra is in place"
 ```
 シードは完全な WHY と表面化タイミングを保持します。`/gsd-new-milestone` はすべてのシードをスキャンし、一致するものを提示します。
@@ -288,7 +288,7 @@ React/Next.js/Vite プロジェクトの場合、UI リサーチャーは `compo
 スレッドは `/gsd-pause-work` より軽量です — フェーズ状態やプランコンテキストはありません。各スレッドファイルには Goal、Context、References、Next Steps セクションが含まれます。
-スレッドは成熟した段階でフェーズ (`/gsd-add-phase`) やバックログアイテム (`/gsd-add-backlog`) にプロモーションできます。
+スレッドは成熟した段階でフェーズ (`/gsd-phase`) やバックログアイテム (`/gsd-capture --backlog`) にプロモーションできます。
 **保存場所：** `.planning/threads/{slug}.md`
@@ -313,7 +313,7 @@ React/Next.js/Vite プロジェクトの場合、UI リサーチャーは `compo
 各ワークストリームは独自の `.planning/` ディレクトリサブツリーを維持します。ワークストリームを切り替えると、GSD はアクティブなプランニングコンテキストを入れ替え、`/gsd-progress`、`/gsd-discuss-phase`、`/gsd-plan-phase` などのコマンドがそのワークストリームの状態に対して動作するようにします。
-これは `/gsd-new-workspace`（別のリポジトリワークツリーを作成）より軽量です。ワークストリームは同じコードベースと git 履歴を共有しつつ、プランニングアーティファクトを分離します。
+これは `/gsd-workspace --new`（別のリポジトリワークツリーを作成）より軽量です。ワークストリームは同じコードベースと git 履歴を共有しつつ、プランニングアーティファクトを分離します。
 ---
@@ -413,12 +413,11 @@ GSD はマークダウンファイルを生成し、それが LLM のシステ
 | コマンド | 用途 | 使用タイミング |
 |---------|---------|-------------|
-| `/gsd-add-phase` | ロードマップに新しいフェーズを追加 | 初期プランニング後にスコープが拡大した場合 |
+| `/gsd-phase` | ロードマップに新しいフェーズを追加 | 初期プランニング後にスコープが拡大した場合 |
-| `/gsd-insert-phase [N]` | 緊急作業を挿入（小数番号） | マイルストーン中の緊急修正 |
+| `/gsd-phase --insert [N]` | 緊急作業を挿入（小数番号） | マイルストーン中の緊急修正 |
-| `/gsd-remove-phase [N]` | 将来のフェーズを削除して番号を振り直す | 機能のスコープ縮小 |
+| `/gsd-phase --remove [N]` | 将来のフェーズを削除して番号を振り直す | 機能のスコープ縮小 |
 | `/gsd-list-phase-assumptions [N]` | Claude の意図するアプローチをプレビュー | プランニング前に方向性を確認 |
-| `/gsd-plan-milestone-gaps` | 監査ギャップに対するフェーズを作成 | 監査で不足項目が見つかった後 |
+| `/gsd-plan-phase --research-phase [N]` | エコシステムの深いリサーチのみ | 複雑または不慣れなドメイン |
 | `/gsd-research-phase [N]` | エコシステムの深いリサーチのみ | 複雑または不慣れなドメイン |
 ### ブラウンフィールドとユーティリティ
@@ -428,11 +427,11 @@ GSD はマークダウンファイルを生成し、それが LLM のシステ
 | `/gsd-quick` | GSD 保証付きのアドホックタスク | バグ修正、小機能、設定変更 |
 | `/gsd-debug [desc]` | 永続状態を持つ体系的デバッグ | 何かが壊れた時 |
 | `/gsd-forensics` | ワークフロー障害の診断レポート | 状態、アーティファクト、git 履歴が破損していると思われる場合 |
-| `/gsd-add-todo [desc]` | 後でやるアイデアを記録 | セッション中にアイデアが浮かんだ時 |
+| `/gsd-capture [desc]` | 後でやるアイデアを記録 | セッション中にアイデアが浮かんだ時 |
-| `/gsd-check-todos` | 保留中の TODO を一覧表示 | 記録したアイデアのレビュー |
+| `/gsd-capture --list` | 保留中の TODO を一覧表示 | 記録したアイデアのレビュー |
 | `/gsd-settings` | ワークフロートグルとモデルプロファイルを設定 | モデル変更、エージェントのトグル |
-| `/gsd-set-profile <profile>` | クイックプロファイル切り替え | コスト/品質トレードオフの変更 |
+| `/gsd-config --profile <profile>` | クイックプロファイル切り替え | コスト/品質トレードオフの変更 |
-| `/gsd-reapply-patches` | アップデート後にローカル変更を復元 | ローカル編集がある場合の `/gsd-update` 後 |
+| `/gsd-update --reapply` | アップデート後にローカル変更を復元 | ローカル編集がある場合の `/gsd-update` 後 |
 ### コード品質とレビュー
@@ -446,9 +445,9 @@ GSD はマークダウンファイルを生成し、それが LLM のシステ
 | コマンド | 用途 | 使用タイミング |
 |---------|---------|-------------|
-| `/gsd-add-backlog <desc>` | バックログパーキングロットにアイデアを追加（999.x） | アクティブなプランニングの準備ができていないアイデア |
+| `/gsd-capture --backlog <desc>` | バックログパーキングロットにアイデアを追加（999.x） | アクティブなプランニングの準備ができていないアイデア |
 | `/gsd-review-backlog` | バックログアイテムのプロモーション/保持/削除 | 新マイルストーン前の優先順位付け |
-| `/gsd-plant-seed <idea>` | トリガー条件付きの将来を見据えたアイデア | 将来のマイルストーンで表面化すべきアイデア |
+| `/gsd-capture --seed <idea>` | トリガー条件付きの将来を見据えたアイデア | 将来のマイルストーンで表面化すべきアイデア |
 | `/gsd-thread [name]` | 永続コンテキストスレッド | フェーズ構造外のクロスセッション作業 |
 ---
@@ -642,7 +641,6 @@ claude --dangerously-skip-permissions
 ```bash
 /gsd-audit-milestone        # 要件カバレッジを確認、スタブを検出
 /gsd-plan-milestone-gaps    # 監査でギャップが見つかった場合、フェーズを作成して埋める
 /gsd-complete-milestone     # アーカイブ、タグ付け、完了
 ```
@@ -659,11 +657,11 @@ claude --dangerously-skip-permissions
 ### マイルストーン中のスコープ変更
 ```bash
-/gsd-add-phase              # ロードマップに新しいフェーズを追加
+/gsd-phase              # ロードマップに新しいフェーズを追加
 # または
-/gsd-insert-phase 3         # フェーズ 3 と 4 の間に緊急作業を挿入
+/gsd-phase --insert 3         # フェーズ 3 と 4 の間に緊急作業を挿入
 # または
-/gsd-remove-phase 7         # フェーズ 7 をスコープ外にして番号を振り直す
+/gsd-phase --remove 7         # フェーズ 7 をスコープ外にして番号を振り直す
 ```
 ### マルチプロジェクトワークスペース
@@ -672,18 +670,18 @@ claude --dangerously-skip-permissions
 ```bash
 # モノレポからリポジトリを含むワークスペースを作成
-/gsd-new-workspace --name feature-b --repos hr-ui,ZeymoAPI
+/gsd-workspace --new --name feature-b --repos hr-ui,ZeymoAPI
 # フィーチャーブランチの分離 — 独自の .planning/ を持つ現在のリポジトリのワークツリー
-/gsd-new-workspace --name feature-b --repos .
+/gsd-workspace --new --name feature-b --repos .
 # ワークスペースに移動して GSD を初期化
 cd ~/gsd-workspaces/feature-b
 /gsd-new-project
 # ワークスペースの一覧と管理
-/gsd-list-workspaces
+/gsd-workspace --list
-/gsd-remove-workspace feature-b
+/gsd-workspace --remove feature-b
 ```
 各ワークスペースには以下が含まれます：
@@ -721,7 +719,7 @@ cd ~/gsd-workspaces/feature-b
 ### モデルのコストが高すぎる
-budget プロファイルに切り替えてください：`/gsd-set-profile budget`。ドメインに慣れている場合（またはClaude が慣れている場合）は、`/gsd-settings` でリサーチエージェントと plan-check エージェントを無効にしてください。
+budget プロファイルに切り替えてください：`/gsd-config --profile budget`。ドメインに慣れている場合（またはClaude が慣れている場合）は、`/gsd-settings` でリサーチエージェントと plan-check エージェントを無効にしてください。
 ### 非 Claude ランタイムの使用（Codex、OpenCode、Gemini CLI、Kilo）
@@ -746,7 +744,7 @@ budget プロファイルに切り替えてください：`/gsd-set-profile budg
 ### 非 Anthropic プロバイダーでの Claude Code の使用（OpenRouter、ローカル）
-GSD サブエージェントが Anthropic モデルを呼び出し、OpenRouter やローカルプロバイダーを通じて支払っている場合は、`inherit` プロファイルに切り替えてください：`/gsd-set-profile inherit`。これにより、すべてのエージェントが特定の Anthropic モデルの代わりに現在のセッションモデルを使用します。`/gsd-settings` → モデルプロファイル → Inherit も参照してください。
+GSD サブエージェントが Anthropic モデルを呼び出し、OpenRouter やローカルプロバイダーを通じて支払っている場合は、`inherit` プロファイルに切り替えてください：`/gsd-config --profile inherit`。これにより、すべてのエージェントが特定の Anthropic モデルの代わりに現在のセッションモデルを使用します。`/gsd-settings` → モデルプロファイル → Inherit も参照してください。
 ### 機密/プライベートプロジェクトでの作業
@@ -754,7 +752,7 @@ GSD サブエージェントが Anthropic モデルを呼び出し、OpenRouter
 ### GSD アップデートがローカル変更を上書きした
-v1.17 以降、インストーラーはローカルで変更されたファイルを `gsd-local-patches/` にバックアップします。`/gsd-reapply-patches` を実行して変更をマージし直してください。
+v1.17 以降、インストーラーはローカルで変更されたファイルを `gsd-local-patches/` にバックアップします。`/gsd-update --reapply` を実行して変更をマージし直してください。
 ### ワークフロー診断 (`/gsd-forensics`)
@@ -794,14 +792,13 @@ Windows でインストーラーが `EPERM: operation not permitted, scandir`
 |---------|----------|
 | コンテキストの喪失 / 新セッション | `/gsd-resume-work` または `/gsd-progress` |
 | フェーズが失敗した | フェーズのコミットを `git revert` して再プランニング |
-| スコープ変更が必要 | `/gsd-add-phase`、`/gsd-insert-phase`、または `/gsd-remove-phase` |
+| スコープ変更が必要 | `/gsd-phase`、`/gsd-phase --insert`、または `/gsd-phase --remove` |
 | マイルストーン監査でギャップを発見 | `/gsd-plan-milestone-gaps` |
 | 何かが壊れた | `/gsd-debug "description"` |
 | ワークフロー状態が破損している可能性 | `/gsd-forensics` |
 | ターゲットを絞った修正 | `/gsd-quick` |
 | プランがビジョンに合わない | `/gsd-discuss-phase [N]` で再プランニング |
-| コストが高い | `/gsd-set-profile budget` と `/gsd-settings` でエージェントをオフ |
+| コストが高い | `/gsd-config --profile budget` と `/gsd-settings` でエージェントをオフ |
-| アップデートがローカル変更を壊した | `/gsd-reapply-patches` |
+| アップデートがローカル変更を壊した | `/gsd-update --reapply` |
 | ステークホルダー向けセッションサマリーが欲しい | `/gsd-session-report` |
 | 次のステップがわからない | `/gsd-next` |
 | 並列実行でビルドエラー | GSD を更新するか `parallelization.enabled: false` を設定 |
--- a/docs/ko-KR/ARCHITECTURE.md
+++ b/docs/ko-KR/ARCHITECTURE.md
@@ -411,7 +411,7 @@ UI-SPEC.md (per phase) ───────────────────
 │   ├── pending/            # 캡처된 아이디어
 │   └── done/               # 완료된 할 일
 ├── threads/               # 영구 컨텍스트 스레드 (/gsd-thread에서)
-├── seeds/                 # 미래 지향적 아이디어 (/gsd-plant-seed에서)
+├── seeds/                 # 미래 지향적 아이디어 (/gsd-capture --seed에서)
 ├── debug/                  # 활성 디버그 세션
 │   ├── *.md                # 활성 세션
 │   ├── resolved/           # 보관된 세션
@@ -439,7 +439,7 @@ UI-SPEC.md (per phase) ───────────────────
   - Antigravity: Google 모델 등가물을 사용한 skills-first 방식
 5. **경로 정규화** — `~/.claude/` 경로를 런타임별 경로로 교체
 6. **설정 통합** — 런타임의 `settings.json`에 훅 등록
-7. **패치 백업** — v1.17부터 로컬 수정 파일을 `gsd-local-patches/`에 백업하여 `/gsd-reapply-patches`에 사용
+7. **패치 백업** — v1.17부터 로컬 수정 파일을 `gsd-local-patches/`에 백업하여 `/gsd-update --reapply`에 사용
 8. **매니페스트 추적** — 깔끔한 제거를 위해 `gsd-file-manifest.json` 작성
 9. **제거 모드** — `--uninstall`로 모든 GSD 파일, 훅, 설정 제거
--- a/docs/ko-KR/COMMANDS.md
+++ b/docs/ko-KR/COMMANDS.md
@@ -32,7 +32,7 @@
 ---
-### `/gsd-new-workspace`
+### `/gsd-workspace --new`
 격리된 워크스페이스를 생성합니다. 저장소 복사본과 독립적인 `.planning/` 디렉터리가 포함됩니다.
@@ -52,14 +52,14 @@
 **생성 파일:** `WORKSPACE.md`, `.planning/`, 저장소 복사본 (worktree 또는 clone)
 ```bash
-/gsd-new-workspace --name feature-b --repos hr-ui,ZeymoAPI
+/gsd-workspace --new --name feature-b --repos hr-ui,ZeymoAPI
-/gsd-new-workspace --name feature-b --repos . --strategy worktree  # 동일 저장소 격리
+/gsd-workspace --new --name feature-b --repos . --strategy worktree  # 동일 저장소 격리
-/gsd-new-workspace --name spike --repos api,web --strategy clone   # 전체 클론
+/gsd-workspace --new --name spike --repos api,web --strategy clone   # 전체 클론
 ```
 ---
-### `/gsd-list-workspaces`
+### `/gsd-workspace --list`
 활성 GSD 워크스페이스와 상태를 목록으로 표시합니다.
@@ -67,12 +67,12 @@
 **표시 항목:** 이름, 저장소 수, 전략, GSD 프로젝트 상태
 ```bash
-/gsd-list-workspaces
+/gsd-workspace --list
 ```
 ---
-### `/gsd-remove-workspace`
+### `/gsd-workspace --remove`
 워크스페이스를 제거하고 git worktree를 정리합니다.
@@ -83,7 +83,7 @@
 **안전 장치:** 저장소에 커밋되지 않은 변경사항이 있으면 제거를 거부합니다. 이름 확인이 필요합니다.
 ```bash
-/gsd-remove-workspace feature-b
+/gsd-workspace --remove feature-b
 ```
 ---
@@ -368,15 +368,15 @@
 ## 페이즈 관리 명령어
-### `/gsd-add-phase`
+### `/gsd-phase`
 로드맵에 새 페이즈를 추가합니다.
 ```bash
-/gsd-add-phase                      # 대화형 — 페이즈를 설명합니다
+/gsd-phase                      # 대화형 — 페이즈를 설명합니다
 ```
-### `/gsd-insert-phase`
+### `/gsd-phase --insert`
 소수점 번호 체계를 사용하여 페이즈 사이에 긴급 작업을 삽입합니다.
@@ -385,10 +385,10 @@
 | `N` | 아니오 | 이 페이즈 번호 다음에 삽입합니다 |
 ```bash
-/gsd-insert-phase 3                 # 페이즈 3과 4 사이에 삽입 → 3.1 생성
+/gsd-phase --insert 3                 # 페이즈 3과 4 사이에 삽입 → 3.1 생성
 ```
-### `/gsd-remove-phase`
+### `/gsd-phase --remove`
 미래 페이즈를 제거하고 이후 페이즈 번호를 재정렬합니다.
@@ -397,7 +397,7 @@
 | `N` | 아니오 | 제거할 페이즈 번호 |
 ```bash
-/gsd-remove-phase 7                 # 페이즈 7 제거, 8→7, 9→8 등으로 재번호
+/gsd-phase --remove 7                 # 페이즈 7 제거, 8→7, 9→8 등으로 재번호
 ```
 ### `/gsd-list-phase-assumptions`
@@ -412,15 +412,8 @@
 /gsd-list-phase-assumptions 2       # 페이즈 2 가정 사항 확인
 ```
 ### `/gsd-plan-milestone-gaps`
-마일스톤 감사에서 발견된 갭을 보완하는 페이즈를 생성합니다.
+### `/gsd-plan-phase --research-phase`
 ```bash
 /gsd-plan-milestone-gaps             # 각 감사 갭에 대한 페이즈 생성
 ```
 ### `/gsd-research-phase`
 심층 에코시스템 조사만 수행합니다 (독립 실행 — 일반적으로 `/gsd-plan-phase`를 사용하세요).
@@ -429,7 +422,7 @@
 | `N` | 아니오 | 페이즈 번호 |
 ```bash
-/gsd-research-phase 4               # 페이즈 4 도메인 조사
+/gsd-plan-phase --research-phase 4               # 페이즈 4 도메인 조사
 ```
 ### `/gsd-validate-phase`
@@ -598,7 +591,7 @@ GSD 보증을 갖춘 임시 작업을 실행합니다.
 /gsd-debug --diagnose "API returning 500 on /users endpoint"
 ```
-### `/gsd-add-todo`
+### `/gsd-capture`
 나중을 위한 아이디어나 작업을 캡처합니다.
@@ -607,15 +600,15 @@ GSD 보증을 갖춘 임시 작업을 실행합니다.
 | `description` | 아니오 | 할 일 설명 |
 ```bash
-/gsd-add-todo "Consider adding dark mode support"
+/gsd-capture "Consider adding dark mode support"
 ```
-### `/gsd-check-todos`
+### `/gsd-capture --list`
 보류 중인 할 일 목록을 표시하고 작업할 항목을 선택합니다.
 ```bash
-/gsd-check-todos
+/gsd-capture --list
 ```
 ### `/gsd-add-tests`
@@ -752,7 +745,7 @@ Claude Code 세션 분석을 통해 8개 차원(커뮤니케이션 스타일,
 /gsd-settings                       # 대화형 설정
 ```
-### `/gsd-set-profile`
+### `/gsd-config --profile`
 프로필을 빠르게 전환합니다.
@@ -761,8 +754,8 @@ Claude Code 세션 분석을 통해 8개 차원(커뮤니케이션 스타일,
 | `profile` | **예** | `quality`, `balanced`, `budget`, 또는 `inherit` |
 ```bash
-/gsd-set-profile budget             # 예산 프로필로 전환
+/gsd-config --profile budget             # 예산 프로필로 전환
-/gsd-set-profile quality            # 품질 프로필로 전환
+/gsd-config --profile quality            # 품질 프로필로 전환
 ```
 ---
@@ -794,12 +787,12 @@ Claude Code 세션 분석을 통해 8개 차원(커뮤니케이션 스타일,
 /gsd-update                         # 업데이트 확인 및 설치
 ```
-### `/gsd-reapply-patches`
+### `/gsd-update --reapply`
 GSD 업데이트 후 로컬 수정사항을 복원합니다.
 ```bash
-/gsd-reapply-patches                # 로컬 변경사항 병합
+/gsd-update --reapply               # 로컬 변경사항 병합
 ```
 ---
@@ -885,7 +878,7 @@ GSD 업데이트 후 로컬 수정사항을 복원합니다.
 ## 백로그 및 스레드 명령어
-### `/gsd-add-backlog`
+### `/gsd-capture --backlog`
 999.x 번호 체계를 사용하여 백로그 파킹 롯에 아이디어를 추가합니다.
@@ -896,8 +889,8 @@ GSD 업데이트 후 로컬 수정사항을 복원합니다.
 **999.x 번호 체계**는 백로그 항목을 활성 페이즈 순서 밖에 유지합니다. 페이즈 디렉터리가 즉시 생성되므로 해당 항목에 대해 `/gsd-discuss-phase`와 `/gsd-plan-phase`를 사용할 수 있습니다.
 ```bash
-/gsd-add-backlog "GraphQL API layer"
+/gsd-capture --backlog "GraphQL API layer"
-/gsd-add-backlog "Mobile responsive redesign"
+/gsd-capture --backlog "Mobile responsive redesign"
 ```
 ---
@@ -914,7 +907,7 @@ GSD 업데이트 후 로컬 수정사항을 복원합니다.
 ---
-### `/gsd-plant-seed`
+### `/gsd-capture --seed`
 트리거 조건이 있는 미래 지향적인 아이디어를 캡처합니다. 적절한 마일스톤 시점에 자동으로 표면화됩니다.
@@ -928,7 +921,7 @@ GSD 업데이트 후 로컬 수정사항을 복원합니다.
 **사용처:** `/gsd-new-milestone` (시드를 스캔하여 일치 항목 제시)
 ```bash
-/gsd-plant-seed "Add real-time collaboration when WebSocket infra is in place"
+/gsd-capture --seed "Add real-time collaboration when WebSocket infra is in place"
 ```
 ---
--- a/docs/ko-KR/FEATURES.md
+++ b/docs/ko-KR/FEATURES.md
@@ -386,7 +386,6 @@
 - REQ-MILE-08: 새 마일스톤은 new-project와 동일한 흐름을 따라야 합니다(질문 → 연구 → 요구사항 → 로드맵).
 - REQ-MILE-09: 새 마일스톤은 기존 워크플로우 구성을 초기화해서는 안 됩니다.
 **갭 해소.** `/gsd-plan-milestone-gaps`는 감사에서 식별된 갭을 해소하는 페이즈를 생성합니다.
 ---
@@ -394,7 +393,7 @@
 ### 9. Phase Management
-**명령어:** `/gsd-add-phase`, `/gsd-insert-phase [N]`, `/gsd-remove-phase [N]`
+**명령어:** `/gsd-phase`, `/gsd-phase --insert [N]`, `/gsd-phase --remove [N]`
 **목적:** 개발 중 동적 로드맵 수정.
@@ -681,7 +680,7 @@
 ### 26. Model Profiles
-**명령어:** `/gsd-set-profile <quality|balanced|budget|inherit>`
+**명령어:** `/gsd-config --profile <quality|balanced|budget|inherit>`
 **목적:** 각 에이전트가 사용하는 AI 모델을 제어하여 품질과 비용의 균형을 맞춥니다.
@@ -763,7 +762,7 @@
 ### 29. Todo Management
-**명령어:** `/gsd-add-todo [desc]`, `/gsd-check-todos`
+**명령어:** `/gsd-capture [desc]`, `/gsd-capture --list`
 **목적:** 세션 중 나중에 처리할 아이디어와 작업을 캡처합니다.
@@ -800,7 +799,7 @@
 - REQ-UPDATE-02: 업데이트 전에 새 버전의 변경 로그를 표시해야 합니다.
 - REQ-UPDATE-03: 런타임을 인식하고 올바른 디렉토리를 대상으로 해야 합니다.
 - REQ-UPDATE-04: 로컬에서 수정된 파일을 `gsd-local-patches/`에 백업해야 합니다.
- REQ-UPDATE-05: `/gsd-reapply-patches`는 업데이트 후 로컬 수정사항을 복원해야 합니다.
+- REQ-UPDATE-05: `/gsd-update --reapply`는 업데이트 후 로컬 수정사항을 복원해야 합니다.
 ---
@@ -1066,7 +1065,7 @@ fix(03-01): correct auth token expiry
 ### 43. Backlog Parking Lot
-**명령어:** `/gsd-add-backlog <description>`, `/gsd-review-backlog`, `/gsd-plant-seed <idea>`
+**명령어:** `/gsd-capture --backlog <description>`, `/gsd-review-backlog`, `/gsd-capture --seed <idea>`
 **목적:** 아직 적극적인 계획에 준비되지 않은 아이디어를 캡처합니다. 백로그 항목은 활성 페이즈 순서 밖에 있기 위해 999.x 번호를 사용합니다. 시드는 올바른 마일스톤에서 자동으로 표시되는 트리거 조건이 있는 미래 지향적 아이디어입니다.
@@ -1516,7 +1515,7 @@ Claude가 GSD 워크플로우 컨텍스트 밖에서 파일 편집을 시도하
 ### 65. 주장 출처 태깅
-**대상:** `/gsd-research-phase`
+**대상:** `/gsd-plan-phase --research-phase`
 **목적:** 연구 주장에 출처 증거를 태깅하고 가정을 별도로 기록합니다.
--- a/docs/ko-KR/README.md
+++ b/docs/ko-KR/README.md
@@ -20,7 +20,7 @@ Get Shit Done (GSD) 프레임워크의 종합 문서입니다. GSD는 AI 코딩
 ## 빠른 링크
- **v1.39의 새로운 기능:** `--minimal` 설치 프로파일(콜드 스타트 ≥94% 감소), `/gsd-edit-phase`, 머지 후 빌드 & 테스트 게이트, `review.models.<cli>` 런타임별 리뷰 모델, 워크스트림 설정 상속, 수동 카나리 릴리스 워크플로, 스킬 통합(86 → 59)
+- **v1.39의 새로운 기능:** `--minimal` 설치 프로파일(콜드 스타트 ≥94% 감소), `/gsd-phase --edit`, 머지 후 빌드 & 테스트 게이트, `review.models.<cli>` 런타임별 리뷰 모델, 워크스트림 설정 상속, 수동 카나리 릴리스 워크플로, 스킬 통합(86 → 59)
 - **시작하기:** [README](../README.md) → 설치 → `/gsd-new-project`
 - **전체 워크플로우 안내:** [User Guide](USER-GUIDE.md)
 - **모든 명령어 한눈에 보기:** [Command Reference](COMMANDS.md)
--- a/docs/ko-KR/USER-GUIDE.md
+++ b/docs/ko-KR/USER-GUIDE.md
@@ -256,8 +256,8 @@ React/Next.js/Vite 프로젝트에서 `components.json`이 없으면 UI 조사
 활성 계획에 아직 준비되지 않은 아이디어는 999.x 번호 체계를 사용하여 백로그에 보관하며 활성 페이즈 순서 밖에 유지됩니다.
 ```
-/gsd-add-backlog "GraphQL API layer"     # Creates 999.1-graphql-api-layer/
+/gsd-capture --backlog "GraphQL API layer"     # Creates 999.1-graphql-api-layer/
-/gsd-add-backlog "Mobile responsive"     # Creates 999.2-mobile-responsive/
+/gsd-capture --backlog "Mobile responsive"     # Creates 999.2-mobile-responsive/
 ```
 백로그 항목은 전체 페이즈 디렉터리를 얻으므로 `/gsd-discuss-phase 999.1`로 아이디어를 더 탐구하거나 준비가 되면 `/gsd-plan-phase 999.1`을 사용할 수 있습니다.
@@ -269,7 +269,7 @@ React/Next.js/Vite 프로젝트에서 `components.json`이 없으면 UI 조사
 시드는 트리거 조건이 있는 미래 지향적인 아이디어입니다. 백로그 항목과 달리 시드는 적절한 마일스톤 시점에 자동으로 표면화됩니다.
 ```
-/gsd-plant-seed "Add real-time collab when WebSocket infra is in place"
+/gsd-capture --seed "Add real-time collab when WebSocket infra is in place"
 ```
 시드는 전체 WHY와 언제 표면화할지를 보존합니다. `/gsd-new-milestone`은 모든 시드를 스캔하여 일치 항목을 제시합니다.
@@ -288,7 +288,7 @@ React/Next.js/Vite 프로젝트에서 `components.json`이 없으면 UI 조사
 스레드는 `/gsd-pause-work`보다 가볍습니다. 페이즈 상태나 계획 컨텍스트가 없습니다. 각 스레드 파일에는 목표, 컨텍스트, 참조, 다음 단계 섹션이 포함됩니다.
-스레드가 성숙해지면 페이즈(`/gsd-add-phase`)나 백로그 항목(`/gsd-add-backlog`)으로 승격할 수 있습니다.
+스레드가 성숙해지면 페이즈(`/gsd-phase`)나 백로그 항목(`/gsd-capture --backlog`)으로 승격할 수 있습니다.
 **저장 위치:** `.planning/threads/{slug}.md`
@@ -313,7 +313,7 @@ React/Next.js/Vite 프로젝트에서 `components.json`이 없으면 UI 조사
 각 워크스트림은 자체 `.planning/` 디렉터리 하위 트리를 유지합니다. 워크스트림을 전환하면 GSD가 활성 계획 컨텍스트를 교체하여 `/gsd-progress`, `/gsd-discuss-phase`, `/gsd-plan-phase` 및 기타 명령어가 해당 워크스트림의 상태로 동작합니다.
-이는 `/gsd-new-workspace`(별도 저장소 worktree를 생성)보다 가볍습니다. 워크스트림은 동일한 코드베이스와 git 히스토리를 공유하지만 계획 아티팩트를 격리합니다.
+이는 `/gsd-workspace --new`(별도 저장소 worktree를 생성)보다 가볍습니다. 워크스트림은 동일한 코드베이스와 git 히스토리를 공유하지만 계획 아티팩트를 격리합니다.
 ---
@@ -413,12 +413,11 @@ GSD는 LLM 시스템 프롬프트가 되는 마크다운 파일을 생성합니
 | 명령어 | 목적 | 사용 시점 |
 |--------|------|----------|
-| `/gsd-add-phase` | 로드맵에 새 페이즈 추가 | 초기 계획 후 범위가 늘어날 때 |
+| `/gsd-phase` | 로드맵에 새 페이즈 추가 | 초기 계획 후 범위가 늘어날 때 |
-| `/gsd-insert-phase [N]` | 긴급 작업 삽입 (소수점 번호 체계) | 마일스톤 중간의 긴급 수정 시 |
+| `/gsd-phase --insert [N]` | 긴급 작업 삽입 (소수점 번호 체계) | 마일스톤 중간의 긴급 수정 시 |
-| `/gsd-remove-phase [N]` | 미래 페이즈 제거 및 재번호 | 기능 범위 축소 시 |
+| `/gsd-phase --remove [N]` | 미래 페이즈 제거 및 재번호 | 기능 범위 축소 시 |
 | `/gsd-list-phase-assumptions [N]` | Claude의 예상 접근 방식 미리 확인 | 계획 전 방향 검증 시 |
-| `/gsd-plan-milestone-gaps` | 감사 갭을 위한 페이즈 생성 | 감사에서 누락 항목이 발견된 후 |
+| `/gsd-plan-phase --research-phase [N]` | 심층 에코시스템 조사만 수행 | 복잡하거나 익숙하지 않은 도메인 |
 | `/gsd-research-phase [N]` | 심층 에코시스템 조사만 수행 | 복잡하거나 익숙하지 않은 도메인 |
 ### 브라운필드 및 유틸리티
@@ -428,11 +427,11 @@ GSD는 LLM 시스템 프롬프트가 되는 마크다운 파일을 생성합니
 | `/gsd-quick` | GSD 보증을 갖춘 임시 작업 | 버그 수정, 소규모 기능, 설정 변경 |
 | `/gsd-debug [desc]` | 지속적인 상태를 유지하는 체계적인 디버깅 | 문제가 발생했을 때 |
 | `/gsd-forensics` | 워크플로우 실패에 대한 진단 보고서 | 상태, 아티팩트, git 히스토리가 손상된 것 같을 때 |
-| `/gsd-add-todo [desc]` | 나중을 위한 아이디어 캡처 | 세션 중에 생각이 날 때 |
+| `/gsd-capture [desc]` | 나중을 위한 아이디어 캡처 | 세션 중에 생각이 날 때 |
-| `/gsd-check-todos` | 보류 중인 할 일 목록 | 캡처된 아이디어 검토 시 |
+| `/gsd-capture --list` | 보류 중인 할 일 목록 | 캡처된 아이디어 검토 시 |
 | `/gsd-settings` | 워크플로우 토글 및 모델 프로필 설정 | 모델 변경, 에이전트 토글 시 |
-| `/gsd-set-profile <profile>` | 빠른 프로필 전환 | 비용/품질 트레이드오프 변경 시 |
+| `/gsd-config --profile <profile>` | 빠른 프로필 전환 | 비용/품질 트레이드오프 변경 시 |
-| `/gsd-reapply-patches` | 업데이트 후 로컬 수정사항 복원 | 로컬 편집이 있는 상태에서 `/gsd-update` 이후 |
+| `/gsd-update --reapply` | 업데이트 후 로컬 수정사항 복원 | 로컬 편집이 있는 상태에서 `/gsd-update` 이후 |
 ### 코드 품질 및 리뷰
@@ -446,9 +445,9 @@ GSD는 LLM 시스템 프롬프트가 되는 마크다운 파일을 생성합니
 | 명령어 | 목적 | 사용 시점 |
 |--------|------|----------|
-| `/gsd-add-backlog <desc>` | 백로그 파킹 롯에 아이디어 추가 (999.x) | 활성 계획에 준비되지 않은 아이디어 |
+| `/gsd-capture --backlog <desc>` | 백로그 파킹 롯에 아이디어 추가 (999.x) | 활성 계획에 준비되지 않은 아이디어 |
 | `/gsd-review-backlog` | 백로그 항목 승격/유지/제거 | 새 마일스톤 전 우선순위 결정 시 |
-| `/gsd-plant-seed <idea>` | 트리거 조건이 있는 미래 지향적인 아이디어 | 미래 마일스톤에서 표면화되어야 할 아이디어 |
+| `/gsd-capture --seed <idea>` | 트리거 조건이 있는 미래 지향적인 아이디어 | 미래 마일스톤에서 표면화되어야 할 아이디어 |
 | `/gsd-thread [name]` | 지속적인 컨텍스트 스레드 | 페이즈 구조 밖의 교차 세션 작업 |
 ---
@@ -642,7 +641,6 @@ claude --dangerously-skip-permissions
 ```bash
 /gsd-audit-milestone        # Check requirements coverage, detect stubs
 /gsd-plan-milestone-gaps    # If audit found gaps, create phases to close them
 /gsd-complete-milestone     # Archive, tag, done
 ```
@@ -659,11 +657,11 @@ claude --dangerously-skip-permissions
 ### 마일스톤 중간 범위 변경
 ```bash
-/gsd-add-phase              # Append a new phase to the roadmap
+/gsd-phase              # Append a new phase to the roadmap
 # or
-/gsd-insert-phase 3         # Insert urgent work between phases 3 and 4
+/gsd-phase --insert 3         # Insert urgent work between phases 3 and 4
 # or
-/gsd-remove-phase 7         # Descope phase 7 and renumber
+/gsd-phase --remove 7         # Descope phase 7 and renumber
 ```
 ### 멀티 프로젝트 워크스페이스
@@ -672,18 +670,18 @@ claude --dangerously-skip-permissions
 ```bash
 # Create a workspace with repos from your monorepo
-/gsd-new-workspace --name feature-b --repos hr-ui,ZeymoAPI
+/gsd-workspace --new --name feature-b --repos hr-ui,ZeymoAPI
 # Feature branch isolation — worktree of current repo with its own .planning/
-/gsd-new-workspace --name feature-b --repos .
+/gsd-workspace --new --name feature-b --repos .
 # Then cd into the workspace and initialize GSD
 cd ~/gsd-workspaces/feature-b
 /gsd-new-project
 # List and manage workspaces
-/gsd-list-workspaces
+/gsd-workspace --list
-/gsd-remove-workspace feature-b
+/gsd-workspace --remove feature-b
 ```
 각 워크스페이스는 다음을 포함합니다.
@@ -721,7 +719,7 @@ cd ~/gsd-workspaces/feature-b
 ### 모델 비용이 너무 높은 경우
-예산 프로필로 전환하세요: `/gsd-set-profile budget`. 도메인이 익숙하다면 (또는 Claude에게 익숙하다면) `/gsd-settings`에서 조사 및 plan-check 에이전트를 비활성화하세요.
+예산 프로필로 전환하세요: `/gsd-config --profile budget`. 도메인이 익숙하다면 (또는 Claude에게 익숙하다면) `/gsd-settings`에서 조사 및 plan-check 에이전트를 비활성화하세요.
 ### 비Claude 런타임 사용 (Codex, OpenCode, Gemini CLI, Kilo)
@@ -746,7 +744,7 @@ cd ~/gsd-workspaces/feature-b
 ### 비Anthropic 공급자와 함께 Claude Code 사용 (OpenRouter, 로컬)
-GSD 서브에이전트가 Anthropic 모델을 호출하는데 OpenRouter나 로컬 공급자를 통해 비용을 지불하고 있다면 `inherit` 프로필로 전환하세요: `/gsd-set-profile inherit`. 이렇게 하면 모든 에이전트가 특정 Anthropic 모델 대신 현재 세션 모델을 사용합니다. `/gsd-settings` → Model Profile → Inherit도 참고하세요.
+GSD 서브에이전트가 Anthropic 모델을 호출하는데 OpenRouter나 로컬 공급자를 통해 비용을 지불하고 있다면 `inherit` 프로필로 전환하세요: `/gsd-config --profile inherit`. 이렇게 하면 모든 에이전트가 특정 Anthropic 모델 대신 현재 세션 모델을 사용합니다. `/gsd-settings` → Model Profile → Inherit도 참고하세요.
 ### 민감하거나 비공개 프로젝트에서 작업하는 경우
@@ -754,7 +752,7 @@ GSD 서브에이전트가 Anthropic 모델을 호출하는데 OpenRouter나 로
 ### GSD 업데이트가 로컬 변경사항을 덮어쓴 경우
-v1.17부터 설치 프로그램이 로컬로 수정된 파일을 `gsd-local-patches/`에 백업합니다. 변경사항을 다시 병합하려면 `/gsd-reapply-patches`를 실행하세요.
+v1.17부터 설치 프로그램이 로컬로 수정된 파일을 `gsd-local-patches/`에 백업합니다. 변경사항을 다시 병합하려면 `/gsd-update --reapply`를 실행하세요.
 ### 워크플로우 진단 (`/gsd-forensics`)
@@ -794,14 +792,13 @@ Windows에서 설치 프로그램이 `EPERM: operation not permitted, scandir`
 |------|----------|
 | 컨텍스트 손실 / 새 세션 | `/gsd-resume-work` 또는 `/gsd-progress` |
 | 페이즈가 잘못됨 | 페이즈 커밋에 `git revert` 후 재계획 |
-| 범위 변경 필요 | `/gsd-add-phase`, `/gsd-insert-phase`, 또는 `/gsd-remove-phase` |
+| 범위 변경 필요 | `/gsd-phase`, `/gsd-phase --insert`, 또는 `/gsd-phase --remove` |
 | 마일스톤 감사에서 갭 발견 | `/gsd-plan-milestone-gaps` |
 | 무언가 고장남 | `/gsd-debug "description"` |
 | 워크플로우 상태 손상 의심 | `/gsd-forensics` |
 | 빠른 목표 수정 | `/gsd-quick` |
 | 계획이 비전과 맞지 않음 | `/gsd-discuss-phase [N]` 후 재계획 |
-| 비용이 높아짐 | `/gsd-set-profile budget` 및 `/gsd-settings`에서 에이전트 비활성화 |
+| 비용이 높아짐 | `/gsd-config --profile budget` 및 `/gsd-settings`에서 에이전트 비활성화 |
-| 업데이트가 로컬 변경사항 파괴 | `/gsd-reapply-patches` |
+| 업데이트가 로컬 변경사항 파괴 | `/gsd-update --reapply` |
 | 이해관계자를 위한 세션 요약 필요 | `/gsd-session-report` |
 | 다음 단계를 모르겠음 | `/gsd-next` |
 | 병렬 실행 빌드 오류 | GSD 업데이트 또는 `parallelization.enabled: false` 설정 |
--- a/docs/manual-update.md
+++ b/docs/manual-update.md
@@ -59,4 +59,4 @@ The installer performs a clean wipe-and-replace of GSD-managed directories only:
 - Your `CLAUDE.md` files
 - Custom hooks
-Locally modified GSD files are automatically backed up to `gsd-local-patches/` before the install. Run `/gsd-reapply-patches` after updating to merge your modifications back in.
+Locally modified GSD files are automatically backed up to `gsd-local-patches/` before the install. Run `/gsd-update --reapply` after updating to merge your modifications back in.
--- a/docs/pt-BR/COMMANDS.md
+++ b/docs/pt-BR/COMMANDS.md
@@ -35,11 +35,10 @@ Para detalhes completos de flags avançadas e mudanças recentes, consulte tamb
 | Comando | Finalidade |
 |---------|------------|
-| `/gsd-add-phase` | Adiciona fase no roadmap |
+| `/gsd-phase` | Adiciona fase no roadmap |
-| `/gsd-insert-phase [N]` | Insere trabalho urgente entre fases |
+| `/gsd-phase --insert [N]` | Insere trabalho urgente entre fases |
-| `/gsd-remove-phase [N]` | Remove fase futura e reenumera |
+| `/gsd-phase --remove [N]` | Remove fase futura e reenumera |
 | `/gsd-list-phase-assumptions [N]` | Mostra abordagem assumida pelo Claude |
 | `/gsd-plan-milestone-gaps` | Cria fases para fechar lacunas de auditoria |
 ## Brownfield e Utilidades
@@ -51,7 +50,7 @@ Para detalhes completos de flags avançadas e mudanças recentes, consulte tamb
 | `/gsd-analyze-dependencies` | Detecta dependências entre fases e sugere `Depends on` no ROADMAP.md (v1.32) |
 | `/gsd-forensics` | Diagnóstico de falhas no workflow |
 | `/gsd-settings` | Configuração de agentes, perfil e toggles |
-| `/gsd-set-profile <perfil>` | Troca rápida de perfil de modelo |
+| `/gsd-config --profile <perfil>` | Troca rápida de perfil de modelo |
 ## Qualidade de Código
@@ -65,9 +64,9 @@ Para detalhes completos de flags avançadas e mudanças recentes, consulte tamb
 | Comando | Finalidade |
 |---------|------------|
-| `/gsd-add-backlog <desc>` | Adiciona item no backlog (999.x) |
+| `/gsd-capture --backlog <desc>` | Adiciona item no backlog (999.x) |
 | `/gsd-review-backlog` | Promove, mantém ou remove itens |
-| `/gsd-plant-seed <ideia>` | Registra ideia com gatilho futuro |
+| `/gsd-capture --seed <ideia>` | Registra ideia com gatilho futuro |
 | `/gsd-thread [nome]` | Gerencia threads persistentes |
 ## Gerenciamento de Estado
--- a/docs/pt-BR/CONFIGURATION.md
+++ b/docs/pt-BR/CONFIGURATION.md
@@ -80,7 +80,7 @@ Esta versão resume os parâmetros principais em Português. Para schema complet
 Troca rápida:
 ```bash
-/gsd-set-profile budget
+/gsd-config --profile budget
 ```
 ## Novidades de configuração v1.31--v1.32
--- a/docs/pt-BR/README.md
+++ b/docs/pt-BR/README.md
@@ -20,7 +20,7 @@ Documentação abrangente do framework Get Shit Done (GSD) — um sistema de met
 ## Novidades v1.39
-Perfil de instalação `--minimal` (≥94% de redução no cold-start), `/gsd-edit-phase`, build & test gate pós-merge, `review.models.<cli>` para escolha de modelo de review por runtime, herança de configuração de workstream, workflow manual de canary release, consolidação de skills (86 → 59).
+Perfil de instalação `--minimal` (≥94% de redução no cold-start), `/gsd-phase --edit`, build & test gate pós-merge, `review.models.<cli>` para escolha de modelo de review por runtime, herança de configuração de workstream, workflow manual de canary release, consolidação de skills (86 → 59).
 ## Links rápidos
--- a/docs/pt-BR/USER-GUIDE.md
+++ b/docs/pt-BR/USER-GUIDE.md
@@ -92,8 +92,8 @@ Com `workflow.discuss_mode: "assumptions"`, o GSD analisa o código antes de per
 Ideias fora da sequência ativa vão para backlog:
 ```bash
-/gsd-add-backlog "Camada GraphQL"
+/gsd-capture --backlog "Camada GraphQL"
-/gsd-add-backlog "Responsividade mobile"
+/gsd-capture --backlog "Responsividade mobile"
 ```
 Promover/revisar:
@@ -107,7 +107,7 @@ Promover/revisar:
 Seeds guardam ideias futuras com condição de gatilho:
 ```bash
-/gsd-plant-seed "Adicionar colaboração real-time quando infra de WebSocket estiver pronta"
+/gsd-capture --seed "Adicionar colaboração real-time quando infra de WebSocket estiver pronta"
 ```
 ### Threads persistentes
@@ -176,7 +176,7 @@ Para arquivos sensíveis, use deny list no Claude Code.
 | `/gsd-debug [desc]` | Debug sistemático |
 | `/gsd-forensics` | Diagnóstico de workflow quebrado |
 | `/gsd-settings` | Ajustar workflow/modelos |
-| `/gsd-set-profile <profile>` | Troca rápida de perfil |
+| `/gsd-config --profile <profile>` | Troca rápida de perfil |
 Para lista completa e flags avançadas, consulte [Command Reference](../COMMANDS.md).
@@ -251,7 +251,6 @@ claude --dangerously-skip-permissions
 ```bash
 /gsd-audit-milestone
 /gsd-plan-milestone-gaps
 /gsd-complete-milestone
 ```
@@ -280,7 +279,7 @@ Replaneje com escopo menor (tarefas menores por plano).
 Use perfil budget:
 ```bash
-/gsd-set-profile budget
+/gsd-config --profile budget
 ```
 ### Runtime não-Claude (Codex/OpenCode/Gemini/Kilo)
@@ -295,10 +294,10 @@ Use `resolve_model_ids: "omit"` para deixar o runtime resolver modelos padrão.
 |---------|---------|
 | Perdeu contexto | `/gsd-resume-work` ou `/gsd-progress` |
 | Fase deu errado | `git revert` + replanejar |
-| Precisa alterar escopo | `/gsd-add-phase`, `/gsd-insert-phase`, `/gsd-remove-phase` |
+| Precisa alterar escopo | `/gsd-phase`, `/gsd-phase --insert`, `/gsd-phase --remove` |
 | Bug em workflow | `/gsd-forensics` |
 | Correção pontual | `/gsd-quick` |
-| Custo alto | `/gsd-set-profile budget` |
+| Custo alto | `/gsd-config --profile budget` |
 | Não sabe próximo passo | `/gsd-next` |
 ---
--- a/docs/zh-CN/README.md
+++ b/docs/zh-CN/README.md
@@ -511,11 +511,10 @@ lmn012o feat(08-02): 创建注册端点
 | 命令 | 作用 |
 |---------|--------------|
-| `/gsd-add-phase` | 向路线图追加阶段 |
+| `/gsd-phase` | 向路线图追加阶段 |
-| `/gsd-insert-phase [N]` | 在阶段之间插入紧急工作 |
+| `/gsd-phase --insert [N]` | 在阶段之间插入紧急工作 |
-| `/gsd-remove-phase [N]` | 删除未来阶段，重新编号 |
+| `/gsd-phase --remove [N]` | 删除未来阶段，重新编号 |
 | `/gsd-list-phase-assumptions [N]` | 规划前查看 Claude 的预期方法 |
 | `/gsd-plan-milestone-gaps` | 创建阶段以填补审计发现的差距 |
 | `/gsd-autonomous [--from N] [--to N] [--only N]` | 自主执行所有剩余阶段（`--to N` 执行到阶段 N 停止，`--only N` 只执行单个阶段） |
 | `/gsd-analyze-dependencies` | 检测阶段间依赖关系并建议 ROADMAP.md 的 `Depends on` 条目 |
@@ -531,9 +530,9 @@ lmn012o feat(08-02): 创建注册端点
 | 命令 | 作用 |
 |---------|--------------|
 | `/gsd-settings` | 配置模型配置文件和工作流代理 |
-| `/gsd-set-profile <profile>` | 切换模型配置文件（quality/balanced/budget） |
+| `/gsd-config --profile <profile>` | 切换模型配置文件（quality/balanced/budget/inherit） |
-| `/gsd-add-todo [desc]` | 捕获想法留待后用 |
+| `/gsd-capture [desc]` | 捕获想法留待后用 |
-| `/gsd-check-todos` | 列出待处理事项 |
+| `/gsd-capture --list` | 列出待处理事项 |
 | `/gsd-debug [desc] [--diagnose]` | 带持久状态的系统化调试（`--diagnose` 仅诊断不修复） |
 | `/gsd-quick [--full] [--discuss] [--research]` | 用 GSD 保证执行临时任务（`--full` 启用全部阶段，`--discuss` 先收集上下文，`--research` 规划前调查方法） |
 | `/gsd-health [--repair]` | 验证 `.planning/` 目录完整性，用 `--repair` 自动修复 |
@@ -565,7 +564,7 @@ GSD 在 `.planning/config.json` 中存储项目设置。在 `/gsd-new-project`
 切换配置：
 ```
-/gsd-set-profile budget
+/gsd-config --profile budget
 ```
 或通过 `/gsd-settings` 配置。
--- a/docs/zh-CN/USER-GUIDE.md
+++ b/docs/zh-CN/USER-GUIDE.md
@@ -205,12 +205,11 @@
 | 命令 | 用途 | 何时使用 |
 |---------|---------|-------------|
-| `/gsd-add-phase` | 向路线图追加新阶段 | 初始规划后范围增长 |
+| `/gsd-phase` | 向路线图追加新阶段 | 初始规划后范围增长 |
-| `/gsd-insert-phase [N]` | 插入紧急工作（小数编号） | 里程碑中途紧急修复 |
+| `/gsd-phase --insert [N]` | 插入紧急工作（小数编号） | 里程碑中途紧急修复 |
-| `/gsd-remove-phase [N]` | 删除未来阶段并重新编号 | 移除某个功能 |
+| `/gsd-phase --remove [N]` | 删除未来阶段并重新编号 | 移除某个功能 |
 | `/gsd-list-phase-assumptions [N]` | 预览 Claude 的预期方法 | 规划前，验证方向 |
-| `/gsd-plan-milestone-gaps` | 为审计缺口创建阶段 | 审计发现缺失项后 |
+| `/gsd-plan-phase --research-phase [N]` | 仅深度生态研究 | 复杂或不熟悉的领域 |
 | `/gsd-research-phase [N]` | 仅深度生态研究 | 复杂或不熟悉的领域 |
 | `/gsd-autonomous [--from N] [--to N] [--only N]` | 自主执行剩余阶段（`--to N` 到阶段 N 停止） | 批量自动处理 |
 | `/gsd-analyze-dependencies` | 检测阶段间依赖关系 | `/gsd-manager` 前分析 |
@@ -230,11 +229,11 @@
 | `/gsd-map-codebase` | 分析现有代码库 | 在现有代码上运行 `/gsd-new-project` 之前 |
 | `/gsd-quick` | 带 GSD 保证的临时任务 | Bug 修复、小功能、配置更改 |
 | `/gsd-debug [desc] [--diagnose]` | 带持久状态的系统化调试（`--diagnose` 仅诊断） | 出问题时 |
-| `/gsd-add-todo [desc]` | 捕获想法留待后用 | 会话期间想到什么 |
+| `/gsd-capture [desc]` | 捕获想法留待后用 | 会话期间想到什么 |
-| `/gsd-check-todos` | 列出待处理事项 | 查看捕获的想法 |
+| `/gsd-capture --list` | 列出待处理事项 | 查看捕获的想法 |
 | `/gsd-settings` | 配置工作流开关和模型配置 | 更改模型、切换代理 |
-| `/gsd-set-profile <profile>` | 快速切换配置 | 更改成本/质量权衡 |
+| `/gsd-config --profile <profile>` | 快速切换配置 | 更改成本/质量权衡 |
-| `/gsd-reapply-patches` | 更新后恢复本地修改 | 如果你有本地编辑，在 `/gsd-update` 后 |
+| `/gsd-update --reapply` | 更新后恢复本地修改 | 如果你有本地编辑，在 `/gsd-update` 后 |
 ---
@@ -390,7 +389,6 @@ claude --dangerously-skip-permissions
 ```bash
 /gsd-audit-milestone        # 检查需求覆盖率，检测存根
 /gsd-plan-milestone-gaps    # 如果审计发现缺口，创建阶段来填补
 /gsd-complete-milestone     # 归档，标记，完成
 ```
@@ -405,11 +403,11 @@ claude --dangerously-skip-permissions
 ### 里程碑中途范围变更
 ```bash
-/gsd-add-phase              # 向路线图追加新阶段
+/gsd-phase              # 向路线图追加新阶段
 # 或
-/gsd-insert-phase 3         # 在阶段 3 和 4 之间插入紧急工作
+/gsd-phase --insert 3         # 在阶段 3 和 4 之间插入紧急工作
 # 或
-/gsd-remove-phase 7         # 移除阶段 7 并重新编号
+/gsd-phase --remove 7         # 移除阶段 7 并重新编号
 ```
 ---
@@ -458,7 +456,7 @@ node gsd-tools.cjs state sync              # 从磁盘重建 STATE.md
 ### 模型成本太高
-切换到 budget 配置：`/gsd-set-profile budget`。如果领域对你（或 Claude）熟悉，通过 `/gsd-settings` 禁用研究和计划检查代理。
+切换到 budget 配置：`/gsd-config --profile budget`。如果领域对你（或 Claude）熟悉，通过 `/gsd-settings` 禁用研究和计划检查代理。
 ### 处理敏感/私有项目
@@ -466,7 +464,7 @@ node gsd-tools.cjs state sync              # 从磁盘重建 STATE.md
 ### GSD 更新覆盖了我的本地更改
-从 v1.17 开始，安装程序将本地修改的文件备份到 `gsd-local-patches/`。运行 `/gsd-reapply-patches` 将你的更改合并回来。
+从 v1.17 开始，安装程序将本地修改的文件备份到 `gsd-local-patches/`。运行 `/gsd-update --reapply` 将你的更改合并回来。
 ### 子代理似乎失败但工作已完成
@@ -480,14 +478,13 @@ node gsd-tools.cjs state sync              # 从磁盘重建 STATE.md
 |---------|----------|
 | 丢失上下文 / 新会话 | `/gsd-resume-work` 或 `/gsd-progress` |
 | 阶段出错 | `git revert` 阶段提交，然后重新规划 |
-| 需要更改范围 | `/gsd-add-phase`、`/gsd-insert-phase` 或 `/gsd-remove-phase` |
+| 需要更改范围 | `/gsd-phase`、`/gsd-phase --insert` 或 `/gsd-phase --remove` |
 | 里程碑审计发现缺口 | `/gsd-plan-milestone-gaps` |
 | 出问题了 | `/gsd-debug "描述"` |
 | STATE.md 不同步 | `state validate` 然后 `state sync` |
 | 快速针对性修复 | `/gsd-quick` |
 | 计划与你的愿景不符 | `/gsd-discuss-phase [N]` 然后重新规划 |
-| 成本过高 | `/gsd-set-profile budget` 和 `/gsd-settings` 关闭代理 |
+| 成本过高 | `/gsd-config --profile budget` 和 `/gsd-settings` 关闭代理 |
-| 更新破坏了本地更改 | `/gsd-reapply-patches` |
+| 更新破坏了本地更改 | `/gsd-update --reapply` |
 ---
--- a/docs/zh-CN/references/continuation-format.md
+++ b/docs/zh-CN/references/continuation-format.md
@@ -99,7 +99,7 @@
 **也可选：**
 - `/gsd-discuss-phase 2` — 先收集上下文
- `/gsd-research-phase 2` — 调查未知项
+- `/gsd-plan-phase --research-phase 2` — 调查未知项
 - 审查路线图
 ---
@@ -128,7 +128,7 @@
 **也可选：**
 - `/gsd-discuss-phase 3` — 先收集上下文
- `/gsd-research-phase 3` — 调查未知项
+- `/gsd-plan-phase --research-phase 3` — 调查未知项
 - 回顾阶段 2 构建的内容
 ---
@@ -149,7 +149,7 @@
 **先讨论上下文：** `/gsd-discuss-phase 3`
-**研究未知项：** `/gsd-research-phase 3`
+**研究未知项：** `/gsd-plan-phase --research-phase 3`
 <sub>`/clear` 优先 → 全新上下文窗口</sub>
--- a/get-shit-done/bin/check-latest-version.cjs
+++ b/get-shit-done/bin/check-latest-version.cjs
@@ -0,0 +1,99 @@
 #!/usr/bin/env node
 'use strict';
 /**
 * Deterministic latest-version check for /gsd-update (#2992).
 *
 * The /gsd-update workflow's check_latest_version step was previously
 * prescribed in LLM-driven prose ("run `npm view get-shit-done-cc
 * version`"). The executing model could shortcut the prescription and
 * invent npm queries against wrong-shaped names (`@get-shit-done/cli`,
 * `get-shit-done-cli`, `gsd`), all of which 404 or — worse — return an
 * unrelated typosquat package.
 *
 * This script makes the package name a CONSTANT in code, not a free
 * choice at execution time. The workflow calls it via `npm run
 * check-latest-version -- --json` and parses the structured response.
 *
 * Tests assert on the typed CHECK_REASON enum and the structured result
 * record, never on console prose. See CONTRIBUTING.md "Prohibited: Raw
 * Text Matching on Test Outputs".
 */
 const cp = require('node:child_process');
 // Hardcoded. Do not parameterise — the whole point of this script is that
 // the package name is not a runtime choice for the caller.
 const PACKAGE_NAME = 'get-shit-done-cc';
 const CHECK_REASON = Object.freeze({
  OK: 'ok',
  FAIL_NPM_FAILED: 'fail_npm_failed',
  FAIL_INVALID_OUTPUT: 'fail_invalid_output',
 });
 const SEMVER_RE = /^\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/;
 /**
 * Pure-ish: takes an injected spawn function so tests don't actually run npm.
 * In production, defaults to cp.spawnSync('npm', ...).
 */
 function checkLatestVersion(opts = {}) {
  const defaultSpawn = () => cp.spawnSync('npm', ['view', PACKAGE_NAME, 'version'], {
    encoding: 'utf8',
    stdio: ['ignore', 'pipe', 'pipe'],
    shell: process.platform === 'win32', // npm is npm.cmd on Windows
    // Bound the registry call so a hung network/registry doesn't block the
    // entire /gsd-update workflow indefinitely (#2993 CR). 15s is generous
    // for `npm view <pkg> version`; on timeout, spawnSync returns with
    // signal !== null and the existing failure path emits FAIL_NPM_FAILED.
    timeout: 15_000,
  });
  const spawn = opts.spawn || defaultSpawn;
  const r = spawn();
  if (!r || r.status !== 0) {
    // Distinguish timeout (status null, signal set, stderr empty) from a
    // genuine npm failure. Without this, both surfaced as "npm exited
    // non-zero" and the operator couldn't tell which (#2993 CR).
    let detail;
    if (r && r.signal) {
      detail = `npm timed out (signal: ${r.signal})`;
    } else if (r && r.stderr) {
      detail = r.stderr.trim();
    } else {
      detail = 'npm exited non-zero';
    }
    return {
      ok: false,
      reason: CHECK_REASON.FAIL_NPM_FAILED,
      detail,
    };
  }
  const version = (r.stdout || '').trim();
  if (!SEMVER_RE.test(version)) {
    return {
      ok: false,
      reason: CHECK_REASON.FAIL_INVALID_OUTPUT,
      detail: version || '(empty)',
    };
  }
  return { ok: true, version, reason: CHECK_REASON.OK };
 }
 function main() {
  const json = process.argv.includes('--json');
  const r = checkLatestVersion();
  if (json) {
    process.stdout.write(JSON.stringify(r) + '\n');
  } else if (r.ok) {
    process.stdout.write(r.version + '\n');
  } else {
    process.stderr.write(`check-latest-version: ${r.reason}: ${r.detail}\n`);
  }
  process.exit(r.ok ? 0 : 1);
 }
 if (require.main === module) main();
 module.exports = { checkLatestVersion, CHECK_REASON, PACKAGE_NAME };
--- a/get-shit-done/bin/gsd-tools.cjs
+++ b/get-shit-done/bin/gsd-tools.cjs
@@ -305,6 +305,18 @@ async function main() {
  const raw = rawIndex !== -1;
  if (rawIndex !== -1) args.splice(rawIndex, 1);
  // --json-errors: when present, error() emits structured JSON to stderr
  // ({ ok: false, reason: <ERROR_REASON code>, message }) instead of plain
  // "Error: <text>". Lets test suites assert on typed reason codes per the
  // CONTRIBUTING.md "Prohibited: Raw Text Matching on Test Outputs" rule
  // (#2974). Default off — human operators see the original plain-text
  // diagnostic.
  const jsonErrorsIdx = args.indexOf('--json-errors');
  if (jsonErrorsIdx !== -1) {
    core.setJsonErrorMode(true);
    args.splice(jsonErrorsIdx, 1);
  }
  // --pick <name>: extract a single field from JSON output (replaces jq dependency).
  // Supports dot-notation (e.g., --pick workflow.research) and bracket notation
  // for arrays (e.g., --pick directories[-1]).
@@ -329,17 +341,50 @@ async function main() {
  const command = args[0];
  // Top-level usage string — emitted by `gsd-tools` (no args) and by
  // `gsd-tools --help` / any `--help` request below.
  // CR feedback: the command list must enumerate every top-level command
  // supported by the dispatcher so `--help` is actually useful for
  // discovery; previously it was a partial subset that didn't include
  // phase / roadmap / milestone / progress / etc.
  const TOP_LEVEL_USAGE = 'Usage: gsd-tools <command> [args] [--raw] [--pick <field>] [--cwd <path>] [--ws <name>]\n' +
    'Commands: agent-skills, audit-open, audit-uat, check-commit, commit, commit-to-subrepo, ' +
    'config-ensure-section, config-get, config-new-project, config-path, config-set, ' +
    'current-timestamp, detect-custom-files, docs-init, extract-messages, find-phase, ' +
    'from-gsd2, frontmatter, gap-analysis, generate-claude-md, generate-claude-profile, ' +
    'generate-dev-preferences, generate-slug, graphify, history-digest, init, intel, ' +
    'learnings, list-todos, milestone, phase, phase-plan-index, phases, profile-questionnaire, ' +
    'profile-sample, progress, requirements, resolve-model, roadmap, scaffold, state, ' +
    'template, validate, verify, verify-path-exists, verify-summary, workstream\n\n' +
    'For command-specific argument requirements, invoke the command without args ' +
    '(e.g. `gsd-tools phase add`) — the resulting error lists what is required.';
  if (!command) {
-    error('Usage: gsd-tools <command> [args] [--raw] [--pick <field>] [--cwd <path>] [--ws <name>]\nCommands: state, resolve-model, find-phase, commit, verify-summary, verify, frontmatter, template, generate-slug, current-timestamp, list-todos, verify-path-exists, config-ensure-section, config-new-project, init, workstream, docs-init');
+    error(TOP_LEVEL_USAGE);
  }
-  // Reject flags that are never valid for any gsd-tools command. AI agents
+  // #3019: a `--help` / `-h` flag in argv must render the top-level usage
-  // sometimes hallucinate --help or --version on tool invocations; silently
+  // and exit 0 — not error out with "Unknown flag". The previous shape
-  // ignoring them can cause destructive operations to proceed unchecked.
+  // erred on agent-hallucinated flags, but it also blocked humans from
-  const NEVER_VALID_FLAGS = new Set(['-h', '--help', '-?', '--h', '--version', '-v', '--usage']);
+  // discovering the command surface via subcommand help requests routed
  // here from the SDK CLI's query dispatcher (after the cli.ts fix that
  // stops harvesting --help as a global flag). Rendering top-level usage
  // on --help is strictly better UX than the old short-circuit, which
  // printed the SDK-level usage that doesn't mention any of these
  // subcommands.
  const HELP_FLAGS = new Set(['-h', '--help', '-?', '--h', '--usage']);
  if (args.some((a) => HELP_FLAGS.has(a))) {
    process.stdout.write(TOP_LEVEL_USAGE + '\n');
    return;
  }
  // Reject version flags. AI agents sometimes hallucinate --version on tool
  // invocations; silently ignoring it can cause destructive operations to
  // proceed unchecked. (Help flags are handled above.)
  const NEVER_VALID_FLAGS = new Set(['--version', '-v']);
  for (const arg of args) {
    if (NEVER_VALID_FLAGS.has(arg)) {
-      error(`Unknown flag: ${arg}\ngsd-tools does not accept help or version flags. Run "gsd-tools" with no arguments for usage.`);
+      error(`Unknown flag: ${arg}\ngsd-tools does not accept version flags. Run "gsd-tools" with no arguments for usage.`);
    }
  }
--- a/get-shit-done/bin/lib/config-schema.cjs
+++ b/get-shit-done/bin/lib/config-schema.cjs
@@ -84,6 +84,17 @@ const DYNAMIC_KEY_PATTERNS = [
  // <runtime> is a free string (so users can map non-built-in runtimes); <tier> is enum-restricted.
  { topLevel: 'model_profile_overrides', test: (k) => /^model_profile_overrides\.[a-zA-Z0-9_-]+\.(opus|sonnet|haiku)$/.test(k),
    description: 'model_profile_overrides.<runtime>.<opus|sonnet|haiku>' },
  // #3023 — per-phase-type model map: models.<phase_type> = <tier>
  // Six named slots (planning/discuss/research/execution/verification/completion);
  // unknown phase-types are rejected. Per-agent model_overrides still take
  // precedence over phase-type at resolve time.
  { topLevel: 'models', test: (k) => /^models\.(planning|discuss|research|execution|verification|completion)$/.test(k),
    description: 'models.<planning|discuss|research|execution|verification|completion>' },
  // #3024 — dynamic routing block. Three top-level scalar settings
  // plus a tier_models sub-block keyed by light/standard/heavy.
  { topLevel: 'dynamic_routing',
    test: (k) => /^dynamic_routing\.(enabled|escalate_on_failure|max_escalations|tier_models\.(light|standard|heavy))$/.test(k),
    description: 'dynamic_routing.<enabled|escalate_on_failure|max_escalations|tier_models.<light|standard|heavy>>' },
 ];
 /**
--- a/get-shit-done/bin/lib/config.cjs
+++ b/get-shit-done/bin/lib/config.cjs
@@ -4,7 +4,7 @@
 const fs = require('fs');
 const path = require('path');
-const { output, error, CONFIG_DEFAULTS, atomicWriteFileSync } = require('./core.cjs');
+const { output, error, ERROR_REASON, CONFIG_DEFAULTS, atomicWriteFileSync } = require('./core.cjs');
 const { planningDir, withPlanningLock } = require('./planning-workspace.cjs');
 const {
  VALID_PROFILES,
@@ -33,7 +33,7 @@ const CONFIG_KEY_SUGGESTIONS = {
 function validateKnownConfigKeyPath(keyPath) {
  const suggested = CONFIG_KEY_SUGGESTIONS[keyPath];
  if (suggested) {
-    error(`Unknown config key: ${keyPath}. Did you mean ${suggested}?`);
+    error(`Unknown config key: ${keyPath}. Did you mean ${suggested}?`, ERROR_REASON.CONFIG_INVALID_KEY);
  }
 }
@@ -278,7 +278,7 @@ function setConfigValue(cwd, keyPath, parsedValue) {
        config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
      }
    } catch (err) {
-      error('Failed to read config.json: ' + err.message);
+      error('Failed to read config.json: ' + err.message, ERROR_REASON.CONFIG_PARSE_FAILED);
    }
    // Set nested value using dot notation (e.g., "workflow.research")
@@ -319,7 +319,7 @@ function cmdConfigSet(cwd, keyPath, value, raw) {
  validateKnownConfigKeyPath(keyPath);
  if (!isValidConfigKey(keyPath)) {
-    error(`Unknown config key: "${keyPath}". Valid keys: ${[...VALID_CONFIG_KEYS].sort().join(', ')}, agent_skills.<agent-type>, features.<feature_name>`);
+    error(`Unknown config key: "${keyPath}". Valid keys: ${[...VALID_CONFIG_KEYS].sort().join(', ')}, agent_skills.<agent-type>, features.<feature_name>`, ERROR_REASON.CONFIG_INVALID_KEY);
  }
  // Parse value (handle booleans, numbers, and JSON arrays/objects)
@@ -402,11 +402,11 @@ function cmdConfigGet(cwd, keyPath, raw, defaultValue) {
      output(defaultValue, raw, String(defaultValue));
      return;
    } else {
-      error('No config.json found at ' + configPath);
+      error('No config.json found at ' + configPath, ERROR_REASON.CONFIG_NO_FILE);
    }
  } catch (err) {
    if (err.message.startsWith('No config.json')) throw err;
-    error('Failed to read config.json: ' + err.message);
+    error('Failed to read config.json: ' + err.message, ERROR_REASON.CONFIG_PARSE_FAILED);
  }
  // Traverse dot-notation path (e.g., "workflow.auto_advance")
@@ -420,7 +420,7 @@ function cmdConfigGet(cwd, keyPath, raw, defaultValue) {
        output(def, raw, String(def));
        return;
      }
-      error(`Key not found: ${keyPath}`);
+      error(`Key not found: ${keyPath}`, ERROR_REASON.CONFIG_KEY_NOT_FOUND);
    }
    current = current[key];
  }
@@ -432,7 +432,7 @@ function cmdConfigGet(cwd, keyPath, raw, defaultValue) {
      output(def, raw, String(def));
      return;
    }
-    error(`Key not found: ${keyPath}`);
+    error(`Key not found: ${keyPath}`, ERROR_REASON.CONFIG_KEY_NOT_FOUND);
  }
  // Never echo plaintext for sensitive keys via config-get. Plaintext lives
--- a/Show More
+++ b/Show More