eliott/get-shit-done
1
0
Fork 0
mirror of https://github.com/glittercowboy/get-shit-done synced 2026-05-13 10:36:38 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a33cbe72f569e75e72d94de85d0930296d1ca1df
get-shit-done/commands/gsd/update.md
Tom Boucher a411e08e88 fix(coderabbit): resolve all 12 findings on PR #3152 
MAJOR (security/correctness):
- commands/gsd/debug.md: add Write to allowed-tools (session file creation
  requires it — workflow explicitly says 'use Write tool, never heredoc')
- workflows/debug.md: add SLUG sanitization guard to steps 1b+1c (status/
  continue subcommands used raw user input in file paths — path traversal)
- workflows/thread.md: sanitize $ARGUMENTS in RESUME mode before file path
  construction (was bypassing the sanitization guard in CLOSE/STATUS modes)

MINOR (consistency/correctness):
- docs/INVENTORY-MANIFEST.json: remove stale top-level 'workflows' array
  (duplicate of families.workflows introduced in earlier update)
- commands/gsd/resume-work.md: normalize process to 'Execute end-to-end.'
- commands/gsd/settings.md: normalize process to 'Execute end-to-end.'
- commands/gsd/update.md: normalize otherwise branch to 'execute end-to-end.'
- docs/adr/0002: add Status: Accepted + Date header (ADR convention)
- workflows/extract-learnings.md: rename step extract_learnings → extract-learnings
- tests/extract-learnings.test.cjs: tighten step-name assertion to exact name

ARCHITECTURE:
- scripts/command-contract-helpers.cjs: extract CANONICAL_TOOLS, parseFrontmatter,
  executionContextRefs as shared module — single source of truth consumed by
  both lint script and test suite (prevents silent lint/test disagreement)
- scripts/lint-command-contract.cjs: require() helpers instead of duplicating
- tests/command-contract.test.cjs: require() helpers; move readFileSync calls
  inside test() callbacks (registration-time throws surface as named failures)
2026-05-05 16:06:29 -04:00

1.6 KiB
Raw Blame History

name, description, argument-hint, allowed-tools
name description argument-hint allowed-tools
gsd:update Update GSD to latest version with changelog display [--sync | --reapply]
Read
Write
Edit
Bash
Glob
Grep
AskUserQuestion
Check for GSD updates, install if available, and display what changed.

Routes to the update workflow which handles:

  • Version detection (local vs global installation)
  • npm version checking
  • Changelog fetching and display
  • User confirmation with clean install warning
  • Update execution and cache clearing
  • Restart reminder

<execution_context> @~/.claude/get-shit-done/workflows/update.md </execution_context>

- **--sync**: Sync managed GSD skills across runtime roots so multi-runtime users stay aligned after an update. Runs the sync-skills workflow (--from, --to, --dry-run, --apply flags supported). - **--reapply**: Reapply local modifications after a GSD update. Uses three-way comparison (pristine baseline, user-modified backup, newly installed version) to merge user customizations back. Runs the reapply-patches workflow. - **(no flag)**: Standard update — check for new version, show changelog, install. Parse the first token of $ARGUMENTS: - If it is `--sync`: strip the flag, execute the sync-skills workflow (passing remaining args for --from/--to/--dry-run/--apply). - If it is `--reapply`: strip the flag, execute the reapply-patches workflow. - Otherwise: execute the update workflow end-to-end.

<execution_context_extended> @/.claude/get-shit-done/workflows/sync-skills.md @/.claude/get-shit-done/workflows/reapply-patches.md </execution_context_extended>

Reference in New Issue View Git Blame Copy Permalink