fix: 6 critical fixes + community PR guardrails (v0.13.2.0)#602
Merged
fix: 6 critical fixes + community PR guardrails (v0.13.2.0)#602
Conversation
Remove bun.lock from .gitignore and commit the lockfile. Every bun install now uses exact pinned versions instead of resolving floating ^ ranges from npm fresh. Closes the supply-chain vector from #566. Co-Authored-By: boinger <boinger@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…sent Add || true to git commands and fallback defaults so gstack-slug works outside git repos. Prevents unbound variable crash that kills every review skill when no git context exists. Co-Authored-By: collinstraka-clov <collinstraka-clov@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add -t 10 to the read command in the skill-prefix prompt. In CI, Docker, and Conductor workspaces where a TTY exists but nobody is watching, the prompt now auto-selects short names after 10 seconds instead of blocking forever. Co-Authored-By: stedfn <stedfn@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… constants Bun compiled binaries on Windows don't handle numeric fs.constants correctly. The string flag 'wx' is semantically identical to O_CREAT | O_EXCL | O_WRONLY per Node docs and works on all platforms. Fixes #599 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
/office-hours writes design docs to ~/.gstack/projects/$SLUG/ but /ship and /review only searched ~/.claude/plans, ~/.codex/plans, and .gstack/plans. Add the project-scoped directory as the first search location so plan validation finds design docs created by the standard workflow. Fixes #591 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… broken parallel Background subagents don't inherit tool permissions in Claude Code, so the Claude subagent in dual-voice mode was silently failing on every invocation. Every autoplan run was degrading to single-reviewer mode without warning. Change all three phases (CEO, Design, Eng) from "simultaneously" to sequential foreground execution: Claude subagent first (Agent tool, foreground), then Codex (Bash). Both complete before the consensus table. Fixes #497 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Regenerated from autoplan/SKILL.md.tmpl (dual-voice fix) and scripts/resolvers/review.ts (plan search path fix). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add explicit CLAUDE.md rule requiring AskUserQuestion before accepting any community PR that touches ETHOS.md, removes promotional material, or changes Garry's voice. No exceptions, no auto-merging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
E2E Evals: ✅ PASS35/35 tests passed | $4.13 total cost | 12 parallel runners
12x ubicloud-standard-2 (Docker: pre-baked toolchain + deps) | wall clock ≈ slowest suite |
Main added v0.13.2.0 (User Sovereignty / autoplan user challenges). Our branch also used v0.13.2.0. Bumped ours to v0.13.3.0 and kept both CHANGELOG entries. Autoplan template merged cleanly — main added User Challenge classification, our branch changed dual-voice to foreground execution. Both changes coexist. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…writes Claude SKILL.md When .agents/skills/gstack is symlinked to the repo root (vendored dev mode), gen-skill-docs --host codex was writing the Codex-transformed SKILL.md through the symlink, overwriting the Claude version. This caused SKILL.md and agents/openai.yaml to silently revert to Codex paths after every build. Now detects when the codex output path resolves to the same real file as the Claude output and skips the write. Content is still generated for token budget tracking. The openai.yaml write is also skipped for the same symlink case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ink-aware codex tests
1. package.json version synced with VERSION file (0.13.3.0)
2. design-shotgun/SKILL.md.tmpl: added setopt +o nomatch guard to
bash block with variant-*.png glob
3. Codex generation tests: skip skills where .agents/skills/{name}
is a symlink back to repo root (vendored dev mode). These can't
have proper codex content since gen-skill-docs skips the write
to avoid overwriting the Claude SKILL.md.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Six fixes from community PRs and bug reports, plus a CLAUDE.md guardrail for voice/ETHOS protection.
Supply Chain
9c4ae90Commit bun.lock to pin dependency versions (PR fix(security): commit bun.lock to pin dependency versions #587, credit: @boinger)Crash Fixes
36127d8gstack-slug falls back to dirname/unknown when git context is absent (PR fix: fall back to dirname/unknown when git context is absent #564, credit: @collinstraka-clov)7dc0359Setup auto-selects default after 10s timeout to prevent CI hangs (PR fix: auto-select default after 10s timeout in setup prefix prompt #575, credit: @stedfn)Platform
a1bbc76Browse CLI Windows lockfile uses string flag instead of numeric constants (fixes Browse CLI broken on Windows: Bun compiled binary can't create lock file with O_CREAT|O_EXCL #599)Correctness
e4d7c86Add ~/.gstack/projects/ to plan file search path (fixes /ship looks for plans in the wrong dir #591)3b62fecAutoplan dual-voice runs sequentially in foreground instead of broken parallel (fixes autoplan: "Run them simultaneously" causes Agent tool subagents to be abandoned #497)Docs
9530c29Community PR guardrails in CLAUDE.md — protect ETHOS.md and voicePre-Landing Review
No issues found. All changes are surgical bug fixes (one-line to ~7-line changes each).
Test plan
bun testpasses (all failures pre-existing on main, verified)git ls-files bun.lock→ trackedgrep "simultaneously" autoplan/SKILL.md→ 0 matches in dual-voice contextgrep "gstack/projects" ship/SKILL.md→ foundAfter merge
🤖 Generated with Claude Code