fix(gbrain-lib): pin LC_ALL=C in varname validator (macOS locale guard) by andrey-esipov · Pull Request #1606 · garrytan/gstack

andrey-esipov · 2026-05-19T15:25:34Z

Summary

_gstack_gbrain_validate_varname in bin/gstack-gbrain-lib.sh uses case "$name" in [A-Z_][A-Z0-9_]*) to validate that callers pass an ASCII-uppercase identifier
On macOS, the default user locale (en_US.UTF-8) makes bash case glob brackets locale-collation-sensitive, so [A-Z] matches lowercase letters too — lower-case passes the check
The function then trips printf -v "$varname" and export "$varname" with not a valid identifier errors that surface as confusing mid-prompt failures (instead of the clean invalid var name '…' (must match [A-Z_][A-Z0-9_]*) message the validator was supposed to emit)
Fix: pin LC_ALL=C for the duration of the function so the bracket expression has ASCII-only semantics on both macOS and Linux, matching the documented [A-Z_][A-Z0-9_]* contract

The existing test test/gbrain-lib-verify.test.ts → 'rejects invalid var names (must match [A-Z_][A-Z0-9_]*)' already covers the macOS repro shape. It passes silently on Linux CI (whose default is typically C / POSIX) and fails on macOS dev boxes — so this PR is the source-side fix that makes that test pass on every platform without changing the test.

Repro (macOS, default user locale)

$ bash -c 'name="lower-case"; case "$name" in [A-Z_][A-Z0-9_]*) echo "MATCHED";; *) echo "NO MATCH";; esac'
MATCHED                                # ← bug

$ LC_ALL=C bash -c 'name="lower-case"; case "$name" in [A-Z_][A-Z0-9_]*) echo "MATCHED";; *) echo "NO MATCH";; esac'
NO MATCH                               # ← desired

Before the fix:

$ . bin/gstack-gbrain-lib.sh && read_secret_to_env "lower-case" "Prompt: " <<< "anything"
Prompt: bin/gstack-gbrain-lib.sh: line 89: printf: `lower-case': not a valid identifier
bin/gstack-gbrain-lib.sh: line 91: export: `lower-case': not a valid identifier

After the fix the validator rejects on the first line with the documented error message before either printf -v or export runs.

Test plan

bun test test/gbrain-lib-verify.test.ts passes (22/22) on macOS Sonoma + bash 3.2 (system) and bash 5.x (homebrew). Linux CI was already green.
Manual: _gstack_gbrain_validate_varname lower-case; echo $? returns 2; _gstack_gbrain_validate_varname FOO_BAR; echo $? returns 0.
No other call sites of the validator changed.
Reviewers may want to confirm no other case glob in bin/ is similarly locale-sensitive (I grep'd; the rest of the script uses literal strings or =~ regex, which also honors LC_COLLATE in bash 4+ but isn't used for [A-Z]-style ranges in this file).

🤖 Generated with Claude Code

In many macOS shells the default locale (e.g. en_US.UTF-8) makes bash glob brackets like `[A-Z]` match lowercase letters too, so the existing `case "$name" in [A-Z_][A-Z0-9_]*)` branch lets names like `lower-case` through validation. The function then trips `printf -v "$varname"` and `export "$varname"` with `not a valid identifier` errors that surface mid-prompt, which is exactly what the validator was supposed to prevent. Pinning `LC_ALL=C` inside the function gives ASCII-only bracket semantics on both macOS and Linux, matching the documented `[A-Z_][A-Z0-9_]*` contract. Declared `local` so it doesn't leak to the calling shell — `gstack-gbrain-lib.sh` is documented as a sourced helper, so a bare assignment would mutate the caller's locale for the rest of the process (silently affecting downstream `sort`, `tr`, locale-aware globs in the same shell, etc.). The existing regression test `test/gbrain-lib-verify.test.ts:'rejects invalid var names'` already covers the macOS repro shape (passes `lower-case` and expects the validator to reject + emit `invalid var name`). On Linux CI the test silently passed because `LC_ALL=C` is the typical default; on macOS dev boxes it fails. Verified: - `bun test test/gbrain-lib-verify.test.ts`: 22 pass, 0 fail (on macOS). - `_gstack_gbrain_validate_varname lower-case; echo $?` → 2. - `_gstack_gbrain_validate_varname FOO_BAR; echo $?` → 0. - Caller's LC_ALL preserved across calls (confirmed via sourced bash).

andrey-esipov · 2026-05-19T16:02:05Z

Self-review caught a side-effect bug in v1 and force-pushed b56666f. The original commit had a bare LC_ALL=C inside the validator — without local, it leaks into the calling shell because gstack-gbrain-lib.sh is documented as a sourced helper.

Repro for the leak (before the fix):

$ bash -c '. bin/gstack-gbrain-lib.sh; LC_ALL=en_US.UTF-8; _gstack_gbrain_validate_varname FOO; echo "LC_ALL after: $LC_ALL"'
LC_ALL after: C    # ← downstream sort/tr/grep -P now silently change behavior

After the fix (local LC_ALL=C):

LC_ALL after: en_US.UTF-8    # ← caller preserved

The case statement still gets ASCII-only bracket semantics inside the function, so lower-case is still correctly rejected. 22/22 tests in gbrain-lib-verify.test.ts still pass.

Commit message and code comment updated to call out both the locale pin and the local requirement so future contributors don't drop the local keyword by accident.

Self-review of the upstream PR (garrytan#1606) caught that the bare `LC_ALL=C` leaks into the calling shell, since this file is sourced not executed. Downstream `sort`, `tr`, and locale-aware globs in the same process would silently change behavior after a single call to `read_secret_to_env`. `local LC_ALL=C` scopes the locale change to the function — bash restores the previous value on return.

@jetsetterfl

#1642) * fix(gbrain-sync): --full produces an empty code index on first run of a new repo `gbrain reindex-code` only RE-EMBEDS pages that already exist; it never walks the filesystem. On a freshly-registered source (0 pages), a --full run that called reindex-code alone found nothing ("No code pages to reindex"), finished in ~1s, and left the code index permanently empty while still reporting OK. Fix: --full now runs `sync --strategy code` FIRST to create pages via the file walk, then runs `reindex-code` to honor the documented "full walk + reindex" contract for both fresh and populated sources. Contributed by @jetsetterfl via #1584. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(gbrain-local-status): classifier falsely reports broken-db inside repos with their own DATABASE_URL The freshClassify probe ran `gbrain sources list --json` with the inherited process env. When the probe ran from inside a repo with its own .env (an app DATABASE_URL on a different port), Bun autoloaded the project's .env, gbrain connected to the wrong database, and the classifier reported broken-db on otherwise-healthy brains. Fix: route the probe env through `buildGbrainEnv` from lib/gbrain-exec, the same helper the sync orchestrator uses. DATABASE_URL is seeded from ~/.gbrain/config.json so the result is cwd-independent. The 60s cache can no longer propagate a poisoned negative to clean directories. Contributed by @jetsetterfl via #1583. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(retro): stale-base + bad-today-anchor pre-flight guard (#1624) /retro silently produced confidently-wrong output when "today" drifted (model session-context error) or when origin/<default> was materially behind the actual remote — git log --since returned zero or near-zero commits and the narrative was fabricated from nothing. Adds Step 0.5 with four ordered pre-check branches before any window analysis: A. No 'origin' remote → skip with "base freshness not verified" note B. Detached HEAD → skip with "base freshness not verified" note C. `git fetch origin <default>` fails (offline) → warn, proceed against last-known origin/<default> D. Fetch succeeded → compare today vs latest origin/<default> commit; if gap > window-days, BLOCK with explicit citation of latest-commit date. Skip paths still proceed to Step 1, but the disclosure is carried into the retro narrative ("offline run, window not freshness-verified") so the output is never silently confidently-wrong. Atomic .tmpl + gen:skill-docs regen commit (T-Codex-3 pattern). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(retro): regression for #1624 stale-base pre-flight guard 13 static-invariant tests pinning the four ordered pre-check branches in retro/SKILL.md.tmpl:Step 0.5: A. no-remote skip — must check origin presence + set verdict B. detached-HEAD skip — must gate behind prior verdict (ordering) C. fetch-fail warn — must match `if !` or `||` shape, gate by verdict D. stale-base BLOCK — must read latest-commit ISO date, cite remediation Plus a disclosure-survives-to-narrative invariant: skip-path verdicts must be named in prose so the retro output carries the cited reason rather than silently misreporting. Failing build if Step 0.5 is removed, branches re-ordered (no-remote no longer wins), or the BLOCK message stops citing today/latest-commit/remediation path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(gbrain-sync): configurable timeouts + resume from gbrain checkpoint (#1611) The memory and code stages hardcoded a 35-min spawn timeout. On brains with ~2000+ staged files, /sync-gbrain --full reliably SIGTERM'd the child at exactly 35 minutes with exit 143. gbrain left ~/.gbrain/import-checkpoint.json pointing at the staging dir, but gstack-memory-ingest's SIGTERM handler unconditionally cleaned the dir up — so the next run found a checkpoint pointing at nothing and restaged from scratch, repeating the SIGTERM forever. Three changes: 1. Configurable timeouts via env (bounds 60_000ms - 86_400_000ms, default 2_100_000ms = 35min unchanged): GSTACK_SYNC_MEMORY_TIMEOUT_MS GSTACK_SYNC_CODE_TIMEOUT_MS Out-of-range or non-numeric values warn and fall back to the default. 2. SIGTERM in gstack-memory-ingest no longer always cleans up the staging dir. If gbrain has written ~/.gbrain/import-checkpoint.json pointing at the active staging dir, the dir is PRESERVED for next-run resume. Otherwise (no checkpoint pointing here, crash before gbrain ever touched it) it's cleaned up as before. 3. Next /sync-gbrain run detects gbrain's checkpoint via decideResume() in gstack-gbrain-sync.ts: - no checkpoint → fresh ingest pass - checkpoint + staging ok → set GSTACK_INGEST_RESUME_DIR; child reuses staging dir and skips writeStaged; gbrain import resumes from processedIndex+1 - checkpoint + staging gone → warn "previous checkpoint stale (staging dir gone), restaging from scratch" and proceed Reuses gbrain's own checkpoint as the source of truth (D1 — no double-store state). Detect-then-fallback semantics per C1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(gbrain-sync): regression for #1611 timeouts + resume 19 tests across three surfaces: - resolveStageTimeoutMs (10 tests): undefined/empty → default; non-numeric, zero, negative, below-floor, above-ceiling → warn + default; at-floor, at-ceiling, valid mid-range → accepted as-is. - decideResume (6 tests): no checkpoint, corrupt JSON, checkpoint + staging ok, checkpoint + staging missing, checkpoint with no dir, checkpoint with empty dir. - SIGTERM staging preservation (3 static invariants): memory-ingest signal handler must check stagingDirIsCheckpointed BEFORE cleanup; preserve branch must come before cleanup branch (ordering); orchestrator must pass GSTACK_INGEST_RESUME_DIR to the grandchild on resume. Also threads process.env.HOME through readGbrainCheckpoint and stagingDirIsCheckpointed so tests can redirect home. os.homedir() caches at process start and ignores later mutation, so the env override is the only reliable test injection point. Failing build if the timeout bounds are removed, the resume detection short-circuits incorrectly, or the SIGTERM handler regresses to unconditional cleanup. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(review): pre-emit verification gate kills Django-shape FP class (#1539) External user filed 4/8 false positives on a /review run against a Django + DRF + PostgreSQL repo (Sprint 2.5). Every FP class was the same shape: "resolvable in <5 minutes by viewing the actual code or running a simple grep" — fields that don't exist on the model, dict.get()-might-be-None on a form that returns {}-initialized cleaned_data, standard ORM save behavior called out as data loss. Extends the Confidence Calibration resolver (consumed by review, cso, plan-eng-review, ship) with a Pre-emit verification gate: Every finding MUST quote the specific code line that motivates it (file:line + verbatim text). If the reviewer cannot produce the quote, the finding is unverified — its confidence is forced to 4-5 so the existing "Suppress from main report" rule fires automatically. The finding still goes to the appendix for calibration audit, but the user does not see it in the critical-pass output. Reuses the existing suppression mechanism — no new code path. The FP classes the gate kills are enumerated in the resolver text so reviewers see the named patterns. Framework-meta nudge included for Django Meta, Rails associations, SQLAlchemy relationships, TypeORM decorators, Sequelize init, Prisma generated client — the reviewer must quote the meta-construct that generates the symbol, not just grep for the literal name. Deeper framework-aware ORM verification (model introspection, migration-history- aware checks) is deliberately deferred to a future wave per T-Codex-2. Atomic .tmpl-equivalent (resolver) edit + gen:skill-docs regen commit per T-Codex-3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(review): regression for #1539 pre-emit verification gate 12 tests pinning the gate behavior: - Resolver emits the gate header + #1539 reference - Gate requires quoting file:line + verbatim text - Unverified findings forced to confidence 4-5 (auto-suppress via existing <7-rule, no new mechanism) - Framework-meta nudge names Django, Rails, SQLAlchemy, TypeORM, Sequelize, Prisma - Deferred design doc reference present (1539-framework-aware-review.md) - Four named FP classes from #1539 enumerated: * field doesn't exist on model * dict.get() might be None * save() might lose fields * update_fields might miss X - All four downstream SKILL.md consumers (review, cso, plan-eng-review, ship) carry the gate text after gen:skill-docs - Existing confidence 9-10 'Show normally' + 3-4 'Suppress' rows unchanged (regression on existing behavior) Failing build if the gate is removed, the suppression mechanism is re-invented separately, the framework-meta nudge drops a framework, or gen:skill-docs stops propagating the gate to consumers. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(config): expose explain_level default * fix(benchmark): parse positional prompt after flags * fix(artifacts): reject malformed remote paths * fix(learnings): preserve current entries in cross-project search * fix(setup): register root gstack slash alias * fix(memory): probe gitleaks without shell builtin * fix(gbrain-lib): pin LC_ALL=C in varname validator (macOS locale guard) In many macOS shells the default locale (e.g. en_US.UTF-8) makes bash glob brackets like `[A-Z]` match lowercase letters too, so the existing `case "$name" in [A-Z_][A-Z0-9_]*)` branch lets names like `lower-case` through validation. The function then trips `printf -v "$varname"` and `export "$varname"` with `not a valid identifier` errors that surface mid-prompt, which is exactly what the validator was supposed to prevent. Pinning `LC_ALL=C` inside the function gives ASCII-only bracket semantics on both macOS and Linux, matching the documented `[A-Z_][A-Z0-9_]*` contract. Declared `local` so it doesn't leak to the calling shell — `gstack-gbrain-lib.sh` is documented as a sourced helper, so a bare assignment would mutate the caller's locale for the rest of the process (silently affecting downstream `sort`, `tr`, locale-aware globs in the same shell, etc.). The existing regression test `test/gbrain-lib-verify.test.ts:'rejects invalid var names'` already covers the macOS repro shape (passes `lower-case` and expects the validator to reject + emit `invalid var name`). On Linux CI the test silently passed because `LC_ALL=C` is the typical default; on macOS dev boxes it fails. Verified: - `bun test test/gbrain-lib-verify.test.ts`: 22 pass, 0 fail (on macOS). - `_gstack_gbrain_validate_varname lower-case; echo $?` → 2. - `_gstack_gbrain_validate_varname FOO_BAR; echo $?` → 0. - Caller's LC_ALL preserved across calls (confirmed via sourced bash). * fix(land-and-deploy): detect merged PR after gh failure After `gh pr merge` exits non-zero, the PR may already be MERGED server-side (concurrent merge landed, or local cleanup phase failed AFTER the merge succeeded). Calling `gh pr merge` a second time then errors with a confusing "already merged" — and worse, the deploy workflow never runs because we stopped on the first failure. Adds a Post-failure PR-state check (§4a-postfail) that runs after ANY non-zero exit from `gh pr merge`: - state == MERGED → record MERGE_PATH=direct, OFFER (don't force) stale-worktree cleanup on the base branch with uncommitted-work guard, proceed to §4a CI watch - state == OPEN → check autoMergeRequest; if non-null treat as merge-queue wait; if null surface both errors and STOP - state == CLOSED → STOP Hard invariant: never retry `gh pr merge` after a non-zero exit. Server state is authoritative. Re-authored from PR #1620 into land-and-deploy/SKILL.md.tmpl (the source of truth) instead of the generated SKILL.md, so the next gen:skill-docs run preserves the change. Original diff by @davidfoy via #1620. Related: cli/cli#3442, cli/cli#13380. Contributed by @davidfoy via #1620. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: detect PgBouncer transaction-mode pooler and set GBRAIN_PREPARE=true (#1435) When gbrain connects through a PgBouncer transaction-mode pooler (port 6543), it auto-disables prepared statements. This breaks `gbrain search` silently — the /sync-gbrain capability check fails and the GBrain Search Guidance block never gets written to CLAUDE.md. Three-layer fix: 1. **lib/gbrain-exec.ts** — `buildGbrainEnv()` now detects port 6543 in the effective DATABASE_URL and sets `GBRAIN_PREPARE=true` in the env passed to every gbrain spawn. This is the single chokepoint — all gstack gbrain invocations inherit the fix. Caller can opt out with `GBRAIN_PREPARE=false`. 2. **sync-gbrain/SKILL.md{,.tmpl}** — capability check now exports `GBRAIN_PREPARE=true` explicitly and retries search up to 3x with 1s delay for async index propagation under connection pooling. 3. **bin/gstack-gbrain-detect** — surfaces `gbrain_pooler_mode` field ("transaction" | "session" | null) in the preamble probe JSON so /setup-gbrain and /sync-gbrain can advise users about pooler state. Closes #1435 Built with [ClosedLoop.AI](https://closedloop.ai) | [GitHub](https://github.com/closedloop-ai/claude-plugins) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(supabase-provision): rewrite transaction/6543 -> session/5432 for new projects - Single-object pooler API responses default to transaction-mode at 6543, but the shared pooler tenant on new projects only listens on session/5432 - Add a `pool_mode == transaction && db_port == 6543` rewrite + stderr note - Escape hatch via `GSTACK_SUPABASE_TRUST_API_PORT=1` for forward-compat - 5 new tests covering rewrite, no-op shapes, env opt-out, array path Fixes #1301. * fix(browse): GSTACK_CHROMIUM_NO_SANDBOX opt-out for Ubuntu/AppArmor (#1562) Ubuntu/AppArmor configurations often block unprivileged Chromium sandboxing for headless agent sessions even for normal users — /qa hangs without --no-sandbox. The kernel policy denies the unprivileged user namespaces Chromium needs. Adds GSTACK_CHROMIUM_NO_SANDBOX=1 as an explicit user override that forces the sandbox off without changing the default for everyone else. Re-authored from PR #1562 onto v1.42.2.0's shouldEnableChromiumSandbox() helper — purely additive, preserves the headed-launch sandbox-on-by-default behavior that v1.42.2.0 shipped to kill the --no-sandbox yellow infobar. Three new regression tests cover: - linux + override=1 → false (the named use case) - darwin + override=1 → false (env wins on any platform) - override=0 → does NOT trigger (must be exactly "1") Original diff by @techcenter68 via #1562. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(browse): mirror isCustomChromium() guard in headless launch() When BROWSE_EXTENSIONS_DIR is set alongside GSTACK_CHROMIUM_PATH pointing at a baked-extension build (GBrowser / GStack Browser), the headless launch() path was unconditionally adding --disable-extensions-except / --load-extension. This causes the same ServiceWorkerState::SetWorkerId DCHECK crash that launchHeaded() already guards against via isCustomChromium(). Mirror the existing guard: skip --load-extension flags when isCustomChromium() returns true; always push the off-screen window geometry args. * fix(browse): daemonize macOS/Linux server via setsid() `Bun.spawn().unref()` only releases the child from Bun's event loop — it does NOT call setsid(). The spawned bun server inherits the spawning shell's process session. When the CLI runs inside a session-managed shell that exits shortly after the CLI returns (Claude Code's per-command Bash sandbox, Conductor, OpenClaw, CI step runners), the session leader's exit sends SIGHUP to every PID in the session — killing the bun server and its Chromium grandchildren within seconds of a successful `connect`. Setting `BROWSE_PARENT_PID=0` (already done by the `connect` command and pair-agent) disables the parent-process watchdog but does NOT save the server here: SIGHUP from session teardown still reaps it. Replace the macOS/Linux `Bun.spawn().unref()` with Node's `child_process.spawn({ detached: true })`, which calls setsid() and gives the server its own session leader role (PPID=1, STAT=Ss). This mirrors the Windows path's rationale (PR #191 by @fqueiro) — same root cause, different OS surface. Verified on macOS in Conductor: pre-fix the server dies ~10–15s after connect across separate Bash invocations; post-fix the same PID stays alive (PPID=1, SESS=0, STAT=Ss) and responds to `status`/`goto`/ `snapshot` across many separate shell calls. The `proc?.stderr` startup-error branch is removed since both platforms now spawn with `stdio: 'ignore'`; both fall through to the on-disk `browse-startup-error.log` written by `server.ts`'s start().catch. * fix(design): bump image-gen timeout to 240s + pin gpt-image-2 The design binary calls /v1/responses (gpt-4o + image_generation tool, quality:high, 1536x1024) but aborted the request after a hardcoded 120s. That class of request consistently takes ~140-160s end-to-end, so every generate/variants/evolve/iterate call aborted before the image returned. In /design-shotgun this cascades: Step 3c launches N parallel agents, each calling `$D generate`, each aborts at 120s and retries, all fail, the comparison board never opens — the skill appears to hang indefinitely. Reproduced the exact API call with a longer budget: HTTP 200, valid image, 143.5s. A real /design-shotgun run after the patch generated 3 variants in parallel at 150.0s / 161.0s / 152.1s, all exit 0 — note the 161s case, which a naive 150s bump would still have failed. - Bump AbortController timeout 120_000 -> 240_000 in generate.ts, variants.ts, evolve.ts, iterate.ts (both call sites) - Pin the image_generation tool to model "gpt-image-2" design/test/variants-retry-after.test.ts: 5 pass, 0 fail. The feedback-roundtrip.test.ts failures are a pre-existing browse-module breakage (session.clearLoadedHtml undefined), unrelated to this change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: fill coverage gaps for PRs #1606, #1612, #1620 Three cherry-picked PRs in this wave landed without unit-test coverage for the specific invariant they protect: #1606 (@andrey-esipov) — LC_ALL=C pin in _gstack_gbrain_validate_varname 8 tests by sourcing bin/gstack-gbrain-lib.sh and calling the validator directly. Asserts uppercase/digit/underscore accepted, lowercase REJECTED (the macOS-locale regression case), mixed-case rejected, LC_ALL=C scoping is local (doesn't leak to caller). #1612 (@bharat2913) — setsid daemonize via Node child_process.spawn 4 static-invariant tests on browse/src/cli.ts. The actual setsid syscall is hard to assert without a real spawn, so we pin the source shape: nodeSpawn imported from child_process; non-Windows branch uses nodeSpawn(...) with detached:true and .unref(); comment documents setsid/SIGHUP root cause; Bun.spawn() is NOT used on macOS/Linux. #1620 (@davidfoy, re-authored into .tmpl per A3) — §4a-postfail 12 static invariants on land-and-deploy/SKILL.md.tmpl + generated SKILL.md. Pins all three state branches (MERGED/OPEN/CLOSED), the authoritative state query, the merge-SHA capture, non-destructive worktree cleanup with uncommitted-work guard, autoMergeRequest probe on OPEN, hard "never retry gh pr merge" rule, and atomic regen propagation. Failing build if any of the three invariants regresses. Note: gbrain-lib-validate-varname.test.ts also surfaces a pre-existing glob-pattern overpermissiveness (hyphens + dots accepted) — not in #1606's scope; documented inline as a separate cleanup target. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(learnings): align injection-prevention tests with PR #1619 tagged-line shape PR #1619 (preserve current entries in cross-project search) refactored gstack-learnings-search to tag rows inline (`current\t<json>` vs `cross\t<json>`) instead of filtering inside the bun block via process.env.GSTACK_SEARCH_SLUG. The bun block no longer reads SLUG or CROSS env vars — it parses the per-line tag and sets a per-entry _crossProject flag. The pre-existing test/learnings-injection.test.ts still asserted on the old SLUG + CROSS env var shape. Updates: - Remove the SLUG env var assertion (no longer set on bash command line) - Remove the bun-block CROSS env var assertion (block reads the tag now, not the env) - Add a new positive assertion that the bun block parses the tag (sourceTag | tabIndex | crossProject) - Keep the shell-interpolation safety assertion unchanged — that's independent of the SLUG refactor The CROSS env var is still SET on the bash command line (it controls whether the cross-project find runs at all), but the bun child no longer reads it. The existing "env vars set on bash command line" test continues to pin that. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(fixtures): regenerate ship-SKILL.md golden baselines ship/SKILL.md consumes the Confidence Calibration resolver via the preamble pipeline. This wave's #1539 pre-emit verification gate extends the resolver text, which propagated to ship/SKILL.md via gen:skill-docs. The golden fixtures in test/fixtures/golden/ matched the pre-#1539 shape and failed the host-config regression check. Refreshes claude-ship-SKILL.md, codex-ship-SKILL.md, and factory-ship-SKILL.md to match the current generated output. Matches the Daegu wave's bisect commit 23 ("test(fixtures): regenerate ship-SKILL.md golden baselines"). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(gbrain-detect): include gbrain_pooler_mode in schema regression (PR #1591) PR #1591 (PgBouncer transaction-mode detection, @mikeangstadt) added gbrain_pooler_mode to the gstack-gbrain-detect JSON output but did not update the schema regression check in test/gstack-gbrain-detect-mcp-mode.test.ts. Adding the key in alphabetical order matching the rest of the schema array. Downstream sync-gbrain ignores unknown keys, so this is forward-compat. Without this, the test fails with a diff: + "gbrain_pooler_mode" because keys is the actual set returned and the expected array was pre-#1591. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): v1.43.0.0 — post-Daegu paper-cut wave Bumps VERSION 1.42.2.0 → 1.43.0.0 (MINOR per scale-aware bump rules: new env-var surface GSTACK_SYNC_*_TIMEOUT_MS + GSTACK_CHROMIUM_NO_SANDBOX, behavior expansion in browse/src/browser-manager.ts headless launch, three skill-template prompt changes affecting /retro, /review, /sync-gbrain). CHANGELOG entry leads with what stopped happening: /retro stops fabricating retros against stale bases, /sync-gbrain stops SIGTERM-looping 35-min restarts on big brains, /review stops shipping framework FPs the reviewer never grep'd. 18 fixes total — 15 community PRs + 3 self-filed silent-failure issues (#1624, #1611, #1539) — in one bundled PR with 26 bisect commits and 7 new regression test files. Every wave-touched test file passes in isolation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): bump v1.43.0.0 → v1.43.2.0 for queue collision CI check-version-stale flagged v1.43.0.0 already claimed by PR #1574 (garrytan/colombo-v3). PR #1639 (garrytan/muscat-v3) claims v1.43.1.0. Next available MINOR slot is v1.43.2.0. Bump VERSION + package.json + CHANGELOG entry header. No behavior changes — purely re-versioning to clear the queue collision. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Jayesh Betala <jayesh.betala7@gmail.com> Co-authored-by: Andrey Esipov <andrey.esipov@outlook.com> Co-authored-by: David Foy <davidfoy@users.noreply.github.com> Co-authored-by: mikeangstadt <mike.angstadt@closedloop.ai> Co-authored-by: 0xDevNinja <manmit0x@gmail.com> Co-authored-by: techcenter68 <techcenter68@users.noreply.github.com> Co-authored-by: shohu <shohu33@gmail.com> Co-authored-by: Bharat <bharat@theysaid.io> Co-authored-by: Matteo Hertel <info@matteohertel.com>

* v1.43.1.0 feat: default PGLite to voyage-code-3 for code search + e2e tests (#1639) * docs: drop ~/.zshrc env note in favor of GSTACK_* env-shim reference The CLAUDE.md "Where the keys live on this machine" block hand-rolled a `grep ~/.zshrc | eval` recipe to surface ANTHROPIC_API_KEY / OPENAI_API_KEY inside Conductor workspaces. That predates the GSTACK_* env-shim (`lib/conductor-env-shim.ts`, v1.39.2.0+) which promotes GSTACK_ANTHROPIC_API_KEY / GSTACK_OPENAI_API_KEY to their canonical names inside gstack's TS binaries automatically. The zshrc recipe is now an obsolete workaround. Replace with a short note pointing at the env-shim as the canonical answer. Keep the Agent SDK \`env: {...}\` gotcha (still real, unrelated to where the key comes from). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat: default PGLite to voyage-code-3 when VOYAGE_API_KEY set When gstack inits a local PGLite engine for code search, use Voyage's code-specialized `voyage-code-3` (1024-dim) embedding model if \`VOYAGE_API_KEY\` is present. Falls back to gbrain's auto-selected provider chain (OpenAI text-embedding-3-large 1536-dim when OPENAI_API_KEY is available, etc.) when the Voyage key is unset. Why voyage-code-3: head-to-head A/B against voyage-4-large on 10 realistic code queries against this codebase (using gbrain query --no-expand for pure vector retrieval). voyage-code-3 strictly won on 4 queries (cases where the right hit was an implementation file vs a test file: terminal-agent.ts over terminal-agent-integration.test.ts, sanitizeReplacer over sanitize.test.ts, disposeSession over a tangentially-related killDaemon test, surfaced injectCanary semantic query). Tied on 5 with consistently +0.03 to +0.06 higher confidence. Zero losses for voyage-4-large. Touches 3 init sites in setup-gbrain/SKILL.md.tmpl: - Step 1.5 (broken-db rollback-safe switch to PGLite) - Path 3 direct PGLite init - Step 4.5 split-engine local code index (Path 4 Yes branch) Plus 2 manual-repair hints in sync-gbrain/SKILL.md.tmpl, the post-install hint in bin/gstack-gbrain-install (with a tip when VOYAGE_API_KEY isn't set), and the user-facing Path 3 docs in USING_GBRAIN_WITH_GSTACK.md. Cost is trivial: voyage-code-3 at \$0.18/1M tokens means a full reindex of a 100K-LOC repo runs about \$0.20. Incremental syncs are pennies. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: regenerate SKILL.md after voyage-code-3 default Mechanical regen via \`bun run gen:skill-docs --host all\` after the template changes in the previous commit. Single-host regen leaves other-host outputs stale and trips gen-skill-docs.test.ts; --host all keeps every adapter (claude, codex, kiro, opencode, slate, cursor, openclaw, hermes, gbrain) in sync. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: gbrain PGLite + voyage-code-3 init contract + sync integration Two test files cover the voyage-code-3 default landed in the previous commits: test/gbrain-init-voyage-code-3.test.ts — free, deterministic, gate-tier. Mirrors gbrain-init-rollback.test.ts: runs the skill template's PGLite-init bash against a fake \`gbrain\` that logs argv to a sentinel file, asserts the right flags pass under VOYAGE_API_KEY set/unset/empty. Also includes belt-and-suspenders grep checks that the template literally contains the voyage gate at all 3 PGLite init sites. test/gbrain-sync-voyage-code-3-integration.test.ts — real, paid, skip-if-no-key. Inits a sandbox PGLite with voyage-code-3 in a tempdir, registers a 3-file fixture git repo as a source, runs \`gbrain sync --strategy code --skip-failed\`, asserts pages imported + embedded > 0. Also asserts \`gbrain doctor\` reports no dimension mismatch and the column width is 1024d. \`gbrain code-def\` smoke test confirms symbol extraction works against the embedded fixture. The integration test deliberately omits a \`gbrain query\` assertion: query produces correct output but \`gbrain query\` hangs ~2 min on a fresh PGLite before exiting. The smoking-gun assertion for "embeddings worked" is the "N pages embedded" line from sync output. Symbol-aware correctness is covered by the code-def assertion. Caught one real bug during test development: gbrain reads \`.gbrain-source\` from CWD and tries to sync that source too. The test sets cwd to the sandbox root to avoid the parent worktree's pin polluting the sandbox brain. Documented in the runGbrain() helper. Runtime: ~22s when VOYAGE_API_KEY is set, instant skip otherwise. Cost: ~\$0.001 per run (3 tiny fixture files, ~500 tokens of Voyage embeddings). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: bump to v1.43.1.0 with voyage-code-3 default + tests Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: update USING_GBRAIN_WITH_GSTACK for v1.43.1.0 voyage-code-3 default Add VOYAGE_API_KEY row to the env-var table; clarify the OPENAI_API_KEY row as the fallback path. Refresh the "search returns nothing semantic" troubleshooting to mention both providers and clarify that the env-shim only promotes ANTHROPIC/OPENAI from GSTACK_ — VOYAGE_API_KEY must be set directly in Conductor workspace env. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * docs: drop em-dashes + replace phantom embedding-migrations.md ref with inline recipe CHANGELOG release-summary prose used em-dashes (violates voice rule) and linked to docs/embedding-migrations.md which is gbrain's doc, not gstack's. Replace with periods/commas and inline the dimension-mismatch recovery recipe directly (mv + re-init). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * v1.43.2.0 fix wave: post-Daegu paper-cut — 18 fixes, 28 bisect commits (#1642) * fix(gbrain-sync): --full produces an empty code index on first run of a new repo `gbrain reindex-code` only RE-EMBEDS pages that already exist; it never walks the filesystem. On a freshly-registered source (0 pages), a --full run that called reindex-code alone found nothing ("No code pages to reindex"), finished in ~1s, and left the code index permanently empty while still reporting OK. Fix: --full now runs `sync --strategy code` FIRST to create pages via the file walk, then runs `reindex-code` to honor the documented "full walk + reindex" contract for both fresh and populated sources. Contributed by @jetsetterfl via #1584. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(gbrain-local-status): classifier falsely reports broken-db inside repos with their own DATABASE_URL The freshClassify probe ran `gbrain sources list --json` with the inherited process env. When the probe ran from inside a repo with its own .env (an app DATABASE_URL on a different port), Bun autoloaded the project's .env, gbrain connected to the wrong database, and the classifier reported broken-db on otherwise-healthy brains. Fix: route the probe env through `buildGbrainEnv` from lib/gbrain-exec, the same helper the sync orchestrator uses. DATABASE_URL is seeded from ~/.gbrain/config.json so the result is cwd-independent. The 60s cache can no longer propagate a poisoned negative to clean directories. Contributed by @jetsetterfl via #1583. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(retro): stale-base + bad-today-anchor pre-flight guard (#1624) /retro silently produced confidently-wrong output when "today" drifted (model session-context error) or when origin/<default> was materially behind the actual remote — git log --since returned zero or near-zero commits and the narrative was fabricated from nothing. Adds Step 0.5 with four ordered pre-check branches before any window analysis: A. No 'origin' remote → skip with "base freshness not verified" note B. Detached HEAD → skip with "base freshness not verified" note C. `git fetch origin <default>` fails (offline) → warn, proceed against last-known origin/<default> D. Fetch succeeded → compare today vs latest origin/<default> commit; if gap > window-days, BLOCK with explicit citation of latest-commit date. Skip paths still proceed to Step 1, but the disclosure is carried into the retro narrative ("offline run, window not freshness-verified") so the output is never silently confidently-wrong. Atomic .tmpl + gen:skill-docs regen commit (T-Codex-3 pattern). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(retro): regression for #1624 stale-base pre-flight guard 13 static-invariant tests pinning the four ordered pre-check branches in retro/SKILL.md.tmpl:Step 0.5: A. no-remote skip — must check origin presence + set verdict B. detached-HEAD skip — must gate behind prior verdict (ordering) C. fetch-fail warn — must match `if !` or `||` shape, gate by verdict D. stale-base BLOCK — must read latest-commit ISO date, cite remediation Plus a disclosure-survives-to-narrative invariant: skip-path verdicts must be named in prose so the retro output carries the cited reason rather than silently misreporting. Failing build if Step 0.5 is removed, branches re-ordered (no-remote no longer wins), or the BLOCK message stops citing today/latest-commit/remediation path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(gbrain-sync): configurable timeouts + resume from gbrain checkpoint (#1611) The memory and code stages hardcoded a 35-min spawn timeout. On brains with ~2000+ staged files, /sync-gbrain --full reliably SIGTERM'd the child at exactly 35 minutes with exit 143. gbrain left ~/.gbrain/import-checkpoint.json pointing at the staging dir, but gstack-memory-ingest's SIGTERM handler unconditionally cleaned the dir up — so the next run found a checkpoint pointing at nothing and restaged from scratch, repeating the SIGTERM forever. Three changes: 1. Configurable timeouts via env (bounds 60_000ms - 86_400_000ms, default 2_100_000ms = 35min unchanged): GSTACK_SYNC_MEMORY_TIMEOUT_MS GSTACK_SYNC_CODE_TIMEOUT_MS Out-of-range or non-numeric values warn and fall back to the default. 2. SIGTERM in gstack-memory-ingest no longer always cleans up the staging dir. If gbrain has written ~/.gbrain/import-checkpoint.json pointing at the active staging dir, the dir is PRESERVED for next-run resume. Otherwise (no checkpoint pointing here, crash before gbrain ever touched it) it's cleaned up as before. 3. Next /sync-gbrain run detects gbrain's checkpoint via decideResume() in gstack-gbrain-sync.ts: - no checkpoint → fresh ingest pass - checkpoint + staging ok → set GSTACK_INGEST_RESUME_DIR; child reuses staging dir and skips writeStaged; gbrain import resumes from processedIndex+1 - checkpoint + staging gone → warn "previous checkpoint stale (staging dir gone), restaging from scratch" and proceed Reuses gbrain's own checkpoint as the source of truth (D1 — no double-store state). Detect-then-fallback semantics per C1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(gbrain-sync): regression for #1611 timeouts + resume 19 tests across three surfaces: - resolveStageTimeoutMs (10 tests): undefined/empty → default; non-numeric, zero, negative, below-floor, above-ceiling → warn + default; at-floor, at-ceiling, valid mid-range → accepted as-is. - decideResume (6 tests): no checkpoint, corrupt JSON, checkpoint + staging ok, checkpoint + staging missing, checkpoint with no dir, checkpoint with empty dir. - SIGTERM staging preservation (3 static invariants): memory-ingest signal handler must check stagingDirIsCheckpointed BEFORE cleanup; preserve branch must come before cleanup branch (ordering); orchestrator must pass GSTACK_INGEST_RESUME_DIR to the grandchild on resume. Also threads process.env.HOME through readGbrainCheckpoint and stagingDirIsCheckpointed so tests can redirect home. os.homedir() caches at process start and ignores later mutation, so the env override is the only reliable test injection point. Failing build if the timeout bounds are removed, the resume detection short-circuits incorrectly, or the SIGTERM handler regresses to unconditional cleanup. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(review): pre-emit verification gate kills Django-shape FP class (#1539) External user filed 4/8 false positives on a /review run against a Django + DRF + PostgreSQL repo (Sprint 2.5). Every FP class was the same shape: "resolvable in <5 minutes by viewing the actual code or running a simple grep" — fields that don't exist on the model, dict.get()-might-be-None on a form that returns {}-initialized cleaned_data, standard ORM save behavior called out as data loss. Extends the Confidence Calibration resolver (consumed by review, cso, plan-eng-review, ship) with a Pre-emit verification gate: Every finding MUST quote the specific code line that motivates it (file:line + verbatim text). If the reviewer cannot produce the quote, the finding is unverified — its confidence is forced to 4-5 so the existing "Suppress from main report" rule fires automatically. The finding still goes to the appendix for calibration audit, but the user does not see it in the critical-pass output. Reuses the existing suppression mechanism — no new code path. The FP classes the gate kills are enumerated in the resolver text so reviewers see the named patterns. Framework-meta nudge included for Django Meta, Rails associations, SQLAlchemy relationships, TypeORM decorators, Sequelize init, Prisma generated client — the reviewer must quote the meta-construct that generates the symbol, not just grep for the literal name. Deeper framework-aware ORM verification (model introspection, migration-history- aware checks) is deliberately deferred to a future wave per T-Codex-2. Atomic .tmpl-equivalent (resolver) edit + gen:skill-docs regen commit per T-Codex-3. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(review): regression for #1539 pre-emit verification gate 12 tests pinning the gate behavior: - Resolver emits the gate header + #1539 reference - Gate requires quoting file:line + verbatim text - Unverified findings forced to confidence 4-5 (auto-suppress via existing <7-rule, no new mechanism) - Framework-meta nudge names Django, Rails, SQLAlchemy, TypeORM, Sequelize, Prisma - Deferred design doc reference present (1539-framework-aware-review.md) - Four named FP classes from #1539 enumerated: * field doesn't exist on model * dict.get() might be None * save() might lose fields * update_fields might miss X - All four downstream SKILL.md consumers (review, cso, plan-eng-review, ship) carry the gate text after gen:skill-docs - Existing confidence 9-10 'Show normally' + 3-4 'Suppress' rows unchanged (regression on existing behavior) Failing build if the gate is removed, the suppression mechanism is re-invented separately, the framework-meta nudge drops a framework, or gen:skill-docs stops propagating the gate to consumers. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(config): expose explain_level default * fix(benchmark): parse positional prompt after flags * fix(artifacts): reject malformed remote paths * fix(learnings): preserve current entries in cross-project search * fix(setup): register root gstack slash alias * fix(memory): probe gitleaks without shell builtin * fix(gbrain-lib): pin LC_ALL=C in varname validator (macOS locale guard) In many macOS shells the default locale (e.g. en_US.UTF-8) makes bash glob brackets like `[A-Z]` match lowercase letters too, so the existing `case "$name" in [A-Z_][A-Z0-9_]*)` branch lets names like `lower-case` through validation. The function then trips `printf -v "$varname"` and `export "$varname"` with `not a valid identifier` errors that surface mid-prompt, which is exactly what the validator was supposed to prevent. Pinning `LC_ALL=C` inside the function gives ASCII-only bracket semantics on both macOS and Linux, matching the documented `[A-Z_][A-Z0-9_]*` contract. Declared `local` so it doesn't leak to the calling shell — `gstack-gbrain-lib.sh` is documented as a sourced helper, so a bare assignment would mutate the caller's locale for the rest of the process (silently affecting downstream `sort`, `tr`, locale-aware globs in the same shell, etc.). The existing regression test `test/gbrain-lib-verify.test.ts:'rejects invalid var names'` already covers the macOS repro shape (passes `lower-case` and expects the validator to reject + emit `invalid var name`). On Linux CI the test silently passed because `LC_ALL=C` is the typical default; on macOS dev boxes it fails. Verified: - `bun test test/gbrain-lib-verify.test.ts`: 22 pass, 0 fail (on macOS). - `_gstack_gbrain_validate_varname lower-case; echo $?` → 2. - `_gstack_gbrain_validate_varname FOO_BAR; echo $?` → 0. - Caller's LC_ALL preserved across calls (confirmed via sourced bash). * fix(land-and-deploy): detect merged PR after gh failure After `gh pr merge` exits non-zero, the PR may already be MERGED server-side (concurrent merge landed, or local cleanup phase failed AFTER the merge succeeded). Calling `gh pr merge` a second time then errors with a confusing "already merged" — and worse, the deploy workflow never runs because we stopped on the first failure. Adds a Post-failure PR-state check (§4a-postfail) that runs after ANY non-zero exit from `gh pr merge`: - state == MERGED → record MERGE_PATH=direct, OFFER (don't force) stale-worktree cleanup on the base branch with uncommitted-work guard, proceed to §4a CI watch - state == OPEN → check autoMergeRequest; if non-null treat as merge-queue wait; if null surface both errors and STOP - state == CLOSED → STOP Hard invariant: never retry `gh pr merge` after a non-zero exit. Server state is authoritative. Re-authored from PR #1620 into land-and-deploy/SKILL.md.tmpl (the source of truth) instead of the generated SKILL.md, so the next gen:skill-docs run preserves the change. Original diff by @davidfoy via #1620. Related: cli/cli#3442, cli/cli#13380. Contributed by @davidfoy via #1620. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: detect PgBouncer transaction-mode pooler and set GBRAIN_PREPARE=true (#1435) When gbrain connects through a PgBouncer transaction-mode pooler (port 6543), it auto-disables prepared statements. This breaks `gbrain search` silently — the /sync-gbrain capability check fails and the GBrain Search Guidance block never gets written to CLAUDE.md. Three-layer fix: 1. **lib/gbrain-exec.ts** — `buildGbrainEnv()` now detects port 6543 in the effective DATABASE_URL and sets `GBRAIN_PREPARE=true` in the env passed to every gbrain spawn. This is the single chokepoint — all gstack gbrain invocations inherit the fix. Caller can opt out with `GBRAIN_PREPARE=false`. 2. **sync-gbrain/SKILL.md{,.tmpl}** — capability check now exports `GBRAIN_PREPARE=true` explicitly and retries search up to 3x with 1s delay for async index propagation under connection pooling. 3. **bin/gstack-gbrain-detect** — surfaces `gbrain_pooler_mode` field ("transaction" | "session" | null) in the preamble probe JSON so /setup-gbrain and /sync-gbrain can advise users about pooler state. Closes #1435 Built with [ClosedLoop.AI](https://closedloop.ai) | [GitHub](https://github.com/closedloop-ai/claude-plugins) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(supabase-provision): rewrite transaction/6543 -> session/5432 for new projects - Single-object pooler API responses default to transaction-mode at 6543, but the shared pooler tenant on new projects only listens on session/5432 - Add a `pool_mode == transaction && db_port == 6543` rewrite + stderr note - Escape hatch via `GSTACK_SUPABASE_TRUST_API_PORT=1` for forward-compat - 5 new tests covering rewrite, no-op shapes, env opt-out, array path Fixes #1301. * fix(browse): GSTACK_CHROMIUM_NO_SANDBOX opt-out for Ubuntu/AppArmor (#1562) Ubuntu/AppArmor configurations often block unprivileged Chromium sandboxing for headless agent sessions even for normal users — /qa hangs without --no-sandbox. The kernel policy denies the unprivileged user namespaces Chromium needs. Adds GSTACK_CHROMIUM_NO_SANDBOX=1 as an explicit user override that forces the sandbox off without changing the default for everyone else. Re-authored from PR #1562 onto v1.42.2.0's shouldEnableChromiumSandbox() helper — purely additive, preserves the headed-launch sandbox-on-by-default behavior that v1.42.2.0 shipped to kill the --no-sandbox yellow infobar. Three new regression tests cover: - linux + override=1 → false (the named use case) - darwin + override=1 → false (env wins on any platform) - override=0 → does NOT trigger (must be exactly "1") Original diff by @techcenter68 via #1562. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(browse): mirror isCustomChromium() guard in headless launch() When BROWSE_EXTENSIONS_DIR is set alongside GSTACK_CHROMIUM_PATH pointing at a baked-extension build (GBrowser / GStack Browser), the headless launch() path was unconditionally adding --disable-extensions-except / --load-extension. This causes the same ServiceWorkerState::SetWorkerId DCHECK crash that launchHeaded() already guards against via isCustomChromium(). Mirror the existing guard: skip --load-extension flags when isCustomChromium() returns true; always push the off-screen window geometry args. * fix(browse): daemonize macOS/Linux server via setsid() `Bun.spawn().unref()` only releases the child from Bun's event loop — it does NOT call setsid(). The spawned bun server inherits the spawning shell's process session. When the CLI runs inside a session-managed shell that exits shortly after the CLI returns (Claude Code's per-command Bash sandbox, Conductor, OpenClaw, CI step runners), the session leader's exit sends SIGHUP to every PID in the session — killing the bun server and its Chromium grandchildren within seconds of a successful `connect`. Setting `BROWSE_PARENT_PID=0` (already done by the `connect` command and pair-agent) disables the parent-process watchdog but does NOT save the server here: SIGHUP from session teardown still reaps it. Replace the macOS/Linux `Bun.spawn().unref()` with Node's `child_process.spawn({ detached: true })`, which calls setsid() and gives the server its own session leader role (PPID=1, STAT=Ss). This mirrors the Windows path's rationale (PR #191 by @fqueiro) — same root cause, different OS surface. Verified on macOS in Conductor: pre-fix the server dies ~10–15s after connect across separate Bash invocations; post-fix the same PID stays alive (PPID=1, SESS=0, STAT=Ss) and responds to `status`/`goto`/ `snapshot` across many separate shell calls. The `proc?.stderr` startup-error branch is removed since both platforms now spawn with `stdio: 'ignore'`; both fall through to the on-disk `browse-startup-error.log` written by `server.ts`'s start().catch. * fix(design): bump image-gen timeout to 240s + pin gpt-image-2 The design binary calls /v1/responses (gpt-4o + image_generation tool, quality:high, 1536x1024) but aborted the request after a hardcoded 120s. That class of request consistently takes ~140-160s end-to-end, so every generate/variants/evolve/iterate call aborted before the image returned. In /design-shotgun this cascades: Step 3c launches N parallel agents, each calling `$D generate`, each aborts at 120s and retries, all fail, the comparison board never opens — the skill appears to hang indefinitely. Reproduced the exact API call with a longer budget: HTTP 200, valid image, 143.5s. A real /design-shotgun run after the patch generated 3 variants in parallel at 150.0s / 161.0s / 152.1s, all exit 0 — note the 161s case, which a naive 150s bump would still have failed. - Bump AbortController timeout 120_000 -> 240_000 in generate.ts, variants.ts, evolve.ts, iterate.ts (both call sites) - Pin the image_generation tool to model "gpt-image-2" design/test/variants-retry-after.test.ts: 5 pass, 0 fail. The feedback-roundtrip.test.ts failures are a pre-existing browse-module breakage (session.clearLoadedHtml undefined), unrelated to this change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: fill coverage gaps for PRs #1606, #1612, #1620 Three cherry-picked PRs in this wave landed without unit-test coverage for the specific invariant they protect: #1606 (@andrey-esipov) — LC_ALL=C pin in _gstack_gbrain_validate_varname 8 tests by sourcing bin/gstack-gbrain-lib.sh and calling the validator directly. Asserts uppercase/digit/underscore accepted, lowercase REJECTED (the macOS-locale regression case), mixed-case rejected, LC_ALL=C scoping is local (doesn't leak to caller). #1612 (@bharat2913) — setsid daemonize via Node child_process.spawn 4 static-invariant tests on browse/src/cli.ts. The actual setsid syscall is hard to assert without a real spawn, so we pin the source shape: nodeSpawn imported from child_process; non-Windows branch uses nodeSpawn(...) with detached:true and .unref(); comment documents setsid/SIGHUP root cause; Bun.spawn() is NOT used on macOS/Linux. #1620 (@davidfoy, re-authored into .tmpl per A3) — §4a-postfail 12 static invariants on land-and-deploy/SKILL.md.tmpl + generated SKILL.md. Pins all three state branches (MERGED/OPEN/CLOSED), the authoritative state query, the merge-SHA capture, non-destructive worktree cleanup with uncommitted-work guard, autoMergeRequest probe on OPEN, hard "never retry gh pr merge" rule, and atomic regen propagation. Failing build if any of the three invariants regresses. Note: gbrain-lib-validate-varname.test.ts also surfaces a pre-existing glob-pattern overpermissiveness (hyphens + dots accepted) — not in #1606's scope; documented inline as a separate cleanup target. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(learnings): align injection-prevention tests with PR #1619 tagged-line shape PR #1619 (preserve current entries in cross-project search) refactored gstack-learnings-search to tag rows inline (`current\t<json>` vs `cross\t<json>`) instead of filtering inside the bun block via process.env.GSTACK_SEARCH_SLUG. The bun block no longer reads SLUG or CROSS env vars — it parses the per-line tag and sets a per-entry _crossProject flag. The pre-existing test/learnings-injection.test.ts still asserted on the old SLUG + CROSS env var shape. Updates: - Remove the SLUG env var assertion (no longer set on bash command line) - Remove the bun-block CROSS env var assertion (block reads the tag now, not the env) - Add a new positive assertion that the bun block parses the tag (sourceTag | tabIndex | crossProject) - Keep the shell-interpolation safety assertion unchanged — that's independent of the SLUG refactor The CROSS env var is still SET on the bash command line (it controls whether the cross-project find runs at all), but the bun child no longer reads it. The existing "env vars set on bash command line" test continues to pin that. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(fixtures): regenerate ship-SKILL.md golden baselines ship/SKILL.md consumes the Confidence Calibration resolver via the preamble pipeline. This wave's #1539 pre-emit verification gate extends the resolver text, which propagated to ship/SKILL.md via gen:skill-docs. The golden fixtures in test/fixtures/golden/ matched the pre-#1539 shape and failed the host-config regression check. Refreshes claude-ship-SKILL.md, codex-ship-SKILL.md, and factory-ship-SKILL.md to match the current generated output. Matches the Daegu wave's bisect commit 23 ("test(fixtures): regenerate ship-SKILL.md golden baselines"). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(gbrain-detect): include gbrain_pooler_mode in schema regression (PR #1591) PR #1591 (PgBouncer transaction-mode detection, @mikeangstadt) added gbrain_pooler_mode to the gstack-gbrain-detect JSON output but did not update the schema regression check in test/gstack-gbrain-detect-mcp-mode.test.ts. Adding the key in alphabetical order matching the rest of the schema array. Downstream sync-gbrain ignores unknown keys, so this is forward-compat. Without this, the test fails with a diff: + "gbrain_pooler_mode" because keys is the actual set returned and the expected array was pre-#1591. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): v1.43.0.0 — post-Daegu paper-cut wave Bumps VERSION 1.42.2.0 → 1.43.0.0 (MINOR per scale-aware bump rules: new env-var surface GSTACK_SYNC_*_TIMEOUT_MS + GSTACK_CHROMIUM_NO_SANDBOX, behavior expansion in browse/src/browser-manager.ts headless launch, three skill-template prompt changes affecting /retro, /review, /sync-gbrain). CHANGELOG entry leads with what stopped happening: /retro stops fabricating retros against stale bases, /sync-gbrain stops SIGTERM-looping 35-min restarts on big brains, /review stops shipping framework FPs the reviewer never grep'd. 18 fixes total — 15 community PRs + 3 self-filed silent-failure issues (#1624, #1611, #1539) — in one bundled PR with 26 bisect commits and 7 new regression test files. Every wave-touched test file passes in isolation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(release): bump v1.43.0.0 → v1.43.2.0 for queue collision CI check-version-stale flagged v1.43.0.0 already claimed by PR #1574 (garrytan/colombo-v3). PR #1639 (garrytan/muscat-v3) claims v1.43.1.0. Next available MINOR slot is v1.43.2.0. Bump VERSION + package.json + CHANGELOG entry header. No behavior changes — purely re-versioning to clear the queue collision. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Jayesh Betala <jayesh.betala7@gmail.com> Co-authored-by: Andrey Esipov <andrey.esipov@outlook.com> Co-authored-by: David Foy <davidfoy@users.noreply.github.com> Co-authored-by: mikeangstadt <mike.angstadt@closedloop.ai> Co-authored-by: 0xDevNinja <manmit0x@gmail.com> Co-authored-by: techcenter68 <techcenter68@users.noreply.github.com> Co-authored-by: shohu <shohu33@gmail.com> Co-authored-by: Bharat <bharat@theysaid.io> Co-authored-by: Matteo Hertel <info@matteohertel.com> * v1.43.3.0 fix(browse): headed-mode idle timer + onDisconnect target wrong BrowserManager for embedders (#1645) * fix(browse): route 4 lifecycle handlers through activeBrowserManager indirection Module-level idleCheckTick, parent watchdog, SIGTERM handler, and buildFetchHandler's onDisconnect wire all read the module-level BrowserManager directly. For embedders (gbrowser) that pass their own instance into buildFetchHandler, the module-level instance never has launchHeaded() called on it — connectionMode stays 'launched' forever, headed-mode early-returns never fire, and after 30 min of HTTP idle the server self-terminates out from under the overlay. Adds `let activeBrowserManager: BrowserManager` at module scope (symmetric with the existing `let activeShutdown` pattern). buildFetchHandler retargets it at cfg.browserManager and CHAINS cfg.browserManager.onDisconnect to activeShutdown, preserving any caller-installed handler instead of clobbering it. Six edit sites in browse/src/server.ts: - Edit 1 (~705): declare activeBrowserManager - Edit 2 (~596): extract idleCheckTick + __testInternals__ export - Edit 3 (~658): parent watchdog reads activeBrowserManager - Edit 4 (~1387): retarget + chain cfgBrowserManager.onDisconnect - Edit 5 (verify): line 714 default stays in place - Edit 6 (~1212): SIGTERM handler reads activeBrowserManager * test(browse): pin idle timer + onDisconnect dual-instance fix behaviorally Adds 5 behavioral tests to browse/test/server-factory.test.ts under a new 'idle timer + onDisconnect dual-instance fix' describe block: - T1 (CRITICAL — REGRESSION): headed embedder does not auto-shutdown at idle. Pins the bug this PR fixes. - T2 (paired defensive): headless still auto-shuts down at idle. Catches a future refactor that breaks the inverse case. - T3 (chain semantics): buildFetchHandler chains cfgBrowserManager.onDisconnect, preserving any caller-set handler. Uses .rejects.toThrow for the async shutdown path. - T4 (tunnelActive): tunnel-active blocks idle-shutdown even in headless mode. - T5 (static guard): exactly 3 module-level lifecycle sites use activeBrowserManager.getConnectionMode() — idleCheckTick, parent watchdog, SIGTERM. Catches refactor-introduced regressions before CI. Reuses existing makeMinimalConfig() + __resetRegistry() patterns from the factory contract tests. New makeMockBrowserManager() helper. beforeEach also resets module state via setTunnelActive, setLastActivity, and resetShutdownState from __testInternals__. Also deletes the old 'idle check skips in headed mode' string-grep test from browse/test/sidebar-ux.test.ts at line 1596. That test would have passed even with the dual-instance bug present (grepped for "=== 'headed'" + 'return' in the same window). Behavioral coverage moved to server-factory.test.ts. Verified: 33/33 tests pass in browse/test/server-factory.test.ts. * chore: bump version and changelog (v1.43.3.0) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * v1.44.0.0 feat: long-lived sidebar — keepalive, restart, re-attach, scrollback replay (#1678) * fix(browse): identity-based terminal-agent kill replaces pkill regex Commit 0 of the v1.44 long-lived-sidebar PR — foundation for the watchdog and removes a latent cross-session footgun. `pkill -f terminal-agent\.ts` (cli.ts spawn site + server.ts shutdown) matched by argv regex and would kill ANY process whose argv contained the string — sibling gstack sessions on the same host, an editor with the file open, a second `$B connect` run. Identity-based PID kill via a new helper module removes that whole class of bug. * New `browse/src/terminal-agent-control.ts`: `readAgentRecord`, `writeAgentRecord`, `clearAgentRecord`, `killAgentByRecord`. Validates PID liveness via `isProcessAlive` before signaling (PID-reuse defense). * `terminal-agent.ts` writes `<stateDir>/terminal-agent-pid` (JSON `{pid, gen, startedAt}`) at boot; clears on SIGTERM/SIGINT. * New per-boot `CURRENT_GEN` (16-byte random); `/internal/*` callers can include `X-Browse-Gen` to defend against split-brain in the upcoming watchdog. Absent header is accepted (backward compat); mismatch returns 409. New `checkInternalAuth` helper centralizes bearer + gen checks. * New `/internal/healthz` route — agent liveness probe used by the upcoming watchdog (returns pid/gen/sessions, no claude-binary lookup). * `cli.ts` and `server.ts` both call `killAgentByRecord` instead of pkill. * `ServerConfig.ownsTerminalAgent` JSDoc updated; the gated teardown now runs 4 side effects (was 3) — adds the new agent-record unlink. Test changes: * New `browse/test/terminal-agent-pid-identity.test.ts` — static-grep tripwire that fails CI if any source file re-introduces `pkill ... terminal-agent` or `spawnSync('pkill', ...)`; round-trips write/read/clear; verifies killAgentByRecord no-ops on dead PIDs. * `browse/test/server-embedder-terminal-port.test.ts` rewritten to intercept `process.kill` (not `child_process.spawnSync`); writes a sentinel agent-record with a guaranteed-dead PID; asserts probe-only (signal 0) calls, no termination signals; verifies all 3 discovery files including the new terminal-agent-pid. Closes TODOS.md P3 ("Identity-based terminal-agent kill"). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(tests): repair 7 pre-existing failures (env pollution + stale markers) All 7 failures existed on main before this branch — verified via `git stash` round-trip. Bundling them into the long-lived-sidebar PR because we kept tripping over them while running `bun test` to verify Commit 0. * Global afterEach restores `process.env.PATH` (new bunfig.toml + test-setup.ts). browser-skill-commands.test.ts sets `PATH = '/test/bin:/usr/bin'` to exercise a scrubbed-env fixture and used the broken `process.env = origEnv` reassignment pattern that swaps the proxy reference; the underlying env stayed mutated and leaked downstream. Fixed three call sites in that file and added a narrow PATH-only global guardrail so a future polluter can't bring the bug back. Killed: pair-agent-tunnel-eval (bun ENOENT), security.test.ts > resolveBashBinary (Bun.which('bash') null), server-no-import-side-effects (bun ENOENT). * server-auth.test.ts: two `sliceBetween` markers referenced strings deleted when sidebar-agent.ts was ripped — `'Sidebar agent started'` → `'Terminal agent started'`, `'Sidebar endpoints'` → `'Batch endpoint'`. Also fixed the pair-agent BROWSE_PARENT_PID assertion (the literal `serverEnv.BROWSE_PARENT_PID` never existed in source; the actual contract is the object-literal `BROWSE_PARENT_PID: '0'` inside the `const serverEnv` declaration). * test/upgrade-migration-v1.test.ts: also overrides HOME in the spawn env. The migration shells out to `${HOME}/.claude/skills/gstack/bin/gstack-config` and a developer's real config with `explain_level` set causes the script to take the "user already decided" branch and skip writing the pending-prompt flag the test asserts on. * test/setup-codesign.test.ts: replaced fragile `bun run build` string-match (which hit a comment 700 lines later) with the actual invocation `bun_cmd run build` used in the setup script. Net: full suite is now green; CI no longer trips on bash/bun-ENOENT from PATH pollution or on test markers that drifted with the codebase. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor(terminal-agent): extract internalHandler<T> helper for /internal/* routes Replaces the copy-pasted bearer-auth + X-Browse-Gen + req.json().then().catch() boilerplate on /internal/grant and /internal/revoke with a single internalHandler<T>(req, fn) wrapper. Future /internal/* routes added by the v1.44 long-lived-sidebar work (/internal/lease-refresh, /internal/restart) land as one-liners using the same helper. Pure refactor; no behavior change. /internal/healthz stays on the bare checkInternalAuth gate because it's a GET with no JSON body to parse — the helper's body-parse path would 400 it. * browse/src/terminal-agent.ts — new internalHandler<T>; /internal/grant + /internal/revoke routed through it. * browse/test/terminal-agent-internal-handler.test.ts — static-grep tripwire that fails CI if the helper goes away or either of the two refactored routes regresses to the old inline pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(terminal-agent): 25s WS keepalive ping/pong + client keepalive frames PTY connections were dying silently after NAT idle timeouts (30-60s on most home routers, even shorter on some carrier-grade NAT) and Chrome MV3 panel suspension. Neither side noticed until the user's next keystroke produced no output. Both sides now drive a 25s keepalive cycle. Server side (browse/src/terminal-agent.ts): * New ws.open handler constructs the PtySession eagerly and starts a setInterval that sends `{type:"ping",ts:Date.now()}` every 25s. Interval handle stored on session.pingInterval so close() can clear it. * PtySession.pingInterval field added; cleared in ws.close before disposeSession runs. Prevents timer leak across reconnects. * Message handler accepts `{type:"ping"|"pong"|"keepalive"}` silently — keepalive frames are a liveness signal at the TCP layer, no state to update. Existing resize/tabSwitch/tabState handling unchanged. * GSTACK_PTY_KEEPALIVE_INTERVAL_MS env knob (default 25000) lets the upcoming e2e tests compress idle assertions without 30s waits. Client side (extension/sidepanel-terminal.js): * Belt-and-suspenders: client also runs a 25s setInterval that sends `{type:"keepalive"}`. Defends against Chrome pausing our timers if the server-side ping ever gets dropped (rare but possible in MV3). * Ping reply: on `{type:"ping",ts}` from the server, immediately send `{type:"pong",ts}`. Lets the agent observe round-trip latency for free and confirms the channel is bidirectional. * Interval cleared in three teardown paths: ws.close handler, teardown(), forceRestart(). Three paths exist because the sidebar can exit the LIVE state through any of them; all three must clean up or we leak timers across reconnects. Test (browse/test/terminal-agent-keepalive.test.ts): * Static-grep tripwires for the 7-point protocol contract: agent has a configurable interval, open() starts the ping, close() clears it, message handler accepts keepalive vocabulary, client sends keepalive + replies pong, and all three client teardown paths clear the timer. * Wire-level tests (actually observe a ping after 25s) belong in the e2e tier — adding them here would either flake on slow CI or require a real Bun.serve listener per test which we don't want to pay for in the free tier. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(sidebar): patient tryAutoConnect — poll forever with ascending status, abort only on 401 The 15s give-up message ("Browse server not ready. Reload sidebar to retry.") fired on every cold start where the daemon took >15s to bind — common on Conductor workspaces, CI runners, and any system under load. The user already opened the sidebar; telling them to give up is the wrong default. Now polls every 2s indefinitely with ascending status messages: * 0 - 15s : silent (handles the happy path on a warm laptop) * 15 - 60s : "Waiting for browse server..." * 60s - 5m : "Still waiting — browse server may be slow to start." * > 5m : "Browse server still not responding after 5 min. Try `$B status`." Loop aborts on three signals only: * state transitions out of IDLE (connect succeeded or user navigated) * autoConnectAborted sticky flag set on unrecoverable error * the panel itself unloading (browser handles this; pagehide cleanup arrives with T8 of the larger plan) 401 from /pty-session sets the sticky flag with a clear "Auth invalid — reload the sidebar or restart your gstack session." message. Without the flag, the loop would re-call connect() every 2s and spam the same error; with it, the user sees the message once and the loop holds. forceRestart() clears the flag so clicking Restart is the explicit "try again" escape hatch. Bumped poll interval 200ms → 2000ms — the legacy tight loop burned CPU for no reason. 2s is plenty fast for a "did the daemon come up yet" check. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(browse): terminal-agent watchdog with PID liveness + crash-loop guard terminal-agent could die independently of the server — SIGKILL from the OS OOM killer, an uncaught exception under PTY churn, an external `pkill` from a sibling debugging session. Pre-v1.44 the sidebar would observe the broken connection and stay broken until the user reloaded the sidebar. Now a 60s ticker checks the recorded agent PID and respawns via the shared spawnTerminalAgent helper when dead. Identity-based liveness (T4 from the eng review): * Uses readAgentRecord + isProcessAlive (signal 0 probe), not a name match. * Slow-but-alive agents intentionally fall through — respawning around a living agent would create split-brain (two agents writing the port file, tokens diverging between them, mystery upgrade 401s). * Pairs with the v1.44 generation counter in /internal/* loopback calls: if a stale agent does come back to life mid-cycle, its X-Browse-Gen no longer matches and the parent's calls 409 cleanly. Crash-loop guard: * 3 respawn attempts inside a rolling 60s window → stop trying. A daemon up for a week with one crash a day shouldn't trip the guard. * On trip: one-line error to console (`respawn guard tripped`) and the watchdog goes dormant. Manual restart via the sidebar Restart button is the explicit signal to re-arm (added in Commit 2 of the larger PR). Shared spawn path (refactor): * New spawnTerminalAgent(opts) in terminal-agent-control.ts handles: prior-PID cleanup → spawn → record stash. Both the CLI cold-start path in cli.ts and the new server.ts watchdog route through it. Removes the copy-paste between them; future env wiring lands in one place. Gated on cfg.ownsTerminalAgent — embedders that pre-launch their own PTY server (gbrowser phoenix overlay) still own the full lifecycle. GSTACK_AGENT_WATCHDOG_TICK_MS env knob compresses the 60s tick for e2e tests without 60s waits per assertion. Tests: * browse/test/terminal-agent-watchdog.test.ts — 7 static-grep tripwires for the load-bearing invariants (ownsTerminalAgent gate, PID-based liveness, crash-loop guard with window pruning, shutdown cleanup, CLI cold-start uses the same helper, env knob exists). * Live process-kill tests belong in the e2e tier; cheaper invariants here catch refactor regressions in ~1ms each. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(cli): opt-in outer supervisor — respawn browse server on crash Pre-v1.44 `$B connect` was fire-and-forget: spawn server detached, CLI exits, server runs unsupervised. If the server crashed (OOM, uncaught exception, signal kill from a runaway debugger), the user had to notice, re-run `$B connect`, and resume work. The v1.44 terminal-agent watchdog recovers from one layer of failure; this commit closes the outer loop. Opt-in via `--supervise` flag or `BROWSE_SUPERVISE=1` env. Default behavior is unchanged — every existing caller (Claude Code's Bash tool, scripts, CI) still gets a prompt return. When the flag is set: * CLI stays attached, polls server PID every 30s via readState() + isProcessAlive (same identity primitive as the terminal-agent watchdog). * On unexpected exit: respawn via the same headed-mode startServer path used initially, then re-spawn the terminal-agent so the PTY recovers too (otherwise sidebar Restart is the only path back). * Crash-loop guard: 5 respawns in a rolling 5-min window → exit 1 with a clear error. Window pruning means a long-lived daemon with sporadic crashes does NOT trip the guard (otherwise we punish the user for the supervisor doing its job). * Backoff: 1s, 2s, 4s, 8s, 30s capped. Env-overridable via GSTACK_SUPERVISOR_BACKOFF for tests. * SIGINT / SIGTERM: clean teardown — signals the supervised server before exiting itself. Without this, Ctrl-C leaves an orphaned server. Out of scope (deferred follow-up): routing the Chromium-disconnect exit-code-1 path back through this supervisor. The terminal-agent watchdog already covers the highest-frequency restart case; Chromium crash recovery joins the queue as its own commit. Test (browse/test/cli-supervisor.test.ts): * 6 static-grep tripwires: opt-in default, signal wiring, crash-loop guard with window pruning, backoff schedule env knob, tick interval env knob, terminal-agent re-spawn after server respawn. * Live respawn tests belong in the e2e tier (real spawn cycles take 3-8s each; spamming these in the free tier would balloon CI time). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(browse): pty-session-lease registry — stable sessionId + lease lifecycle Foundation for Commit 2 of the long-lived-sidebar PR. Separates two concerns that pre-v1.44 were conflated under one token: * sessionId — stable, non-secret identifier for a single PTY session. Safe to log, safe in URLs, safe in DevTools. Identifies "this terminal," not "you're allowed to use this terminal." * lease — server-side bookkeeping that maps sessionId → expiresAt. Re-attach within the lease window resumes the same PTY; expiry tears it down. The companion attach-token primitive (short-lived 30s bearer) reuses the existing browse/src/pty-session-cookie.ts module unchanged — the lease adds a name-space alongside, it doesn't replace anything. Codex outside-voice (T1 of the eng review) flagged the original D4 "token IS sessionId" design as conflating identity with auth. The fix is this lease registry: re-attach URLs carry the stable sessionId (loggable), the short-lived attachToken stays out of logs. API: * mintLease() → { sessionId, expiresAt } * validateLease(sessionId) → { ok: true, expiresAt } | { ok: false } * refreshLease(sessionId) — validate-first, never resurrects expired leases. Security-critical: the 30-min TTL is what bounds blast radius for a leaked attachToken whose lease should have GC'd. * revokeLease(sessionId) — explicit dispose path. * leaseCount() — observability helper. * __resetLeases() — test-only. TTL env knob (GSTACK_PTY_LEASE_TTL_MS) lets v1.44 e2e tests compress the detach window to 1s instead of waiting 30 minutes per assertion. Server.ts wiring + /pty-session shape change + /pty-restart + /pty-dispose + /pty-session/reattach all land in subsequent commits in this branch. Test (browse/test/pty-session-lease.test.ts): * 8 cases pinning mint uniqueness, validate-first refresh contract, revoke idempotency, null/undefined tolerance, and the negative case that refresh never resurrects a revoked lease (same code path as expired-and-pruned). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(terminal-agent): sessionId-aware grant + scoped restart + eager spawn Wires the pty-session-lease primitive (3aada48b) into terminal-agent so the Commit 2 work in server.ts (next commit) can route /pty-restart and re-attach by session identity rather than by single-use token. Changes: * validTokens: Set<string> → Map<string, string|null>. Each grant carries its bound sessionId (or null for legacy single-grant callers). On WS upgrade, the agent surfaces the bound sessionId via ws.data so open() can register the session in the new reverse index. * sessionsById: Map<sessionId, PtySession> — populated in open(), cleared in close(). Required so /internal/restart can find and dispose one specific session by id rather than enumerating all live sessions. * /internal/restart: scoped to one sessionId. Codex T2 of the eng review caught the gap — pre-spec the route would have disposed every PTY on the agent, breaking pair-agent and any future multi-sidebar setup. The body now requires `{sessionId}`; missing or unknown id returns `{killed: 0}` and leaves siblings alone. * maybeSpawnPty(ws, session): hoisted from the inline binary-frame spawn block so both the legacy "spawn on first keystroke" trigger AND the new `{type:"start"}` text-frame trigger land in the same code path. Idempotent on session.spawned. * `{type:"start"}` text frame: explicit spawn trigger. forceRestart (extension side, lands in Commit 2C) sends this immediately on every fresh WS so claude boots without requiring a keystroke. Pre-v1.44 the lazy-binary-spawn pattern made the restart feel stuck. * close(ws): drops the sessionsById entry alongside the existing sessions WeakMap + validTokens cleanup. Commit 3 will revisit this to keep the session alive for a 60s detach window before disposing. Test (browse/test/terminal-agent-session-routing.test.ts): * 8 static-grep tripwires pinning the load-bearing properties: validTokens is a Map (not Set), sessionsById exists, /internal/restart is scoped (negative-assert against enumerate-all patterns), WS upgrade plumbs sessionId, maybeSpawnPty is the single spawn entry, close() drops the index. Live spawn cycles belong in the e2e tier. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(server): /pty-session 4-tuple + /pty-restart + /pty-dispose + lease-refresh Wires the lease + attachToken model end-to-end on the server side. The client side (extension) lands in the next commit; agent side already shipped in 449144cd. Routes: * POST /pty-session — mints sessionId (stable, loggable) + lease (server-side bookkeeping) + attachToken (short-lived bearer for the WS upgrade). Returns the 4-tuple in one round trip. Legacy ptySessionToken / expiresAt aliases kept for one minor release so extensions on the v1.43 wire shape keep working. * POST /pty-session/reattach — validates a sessionId's lease and mints a FRESH attachToken bound to the same sessionId. Used by Commit 3's re-attach loop; 410 Gone when the lease has expired so the client knows to fall back to a brand-new /pty-session. * POST /pty-restart — one transaction: dispose the caller's existing PtySession on the agent (via /internal/restart, scoped to one sessionId — codex T2), revoke the old lease, mint a fresh sessionId + lease + attachToken, return the 4-tuple. Zero race window between kill and mint (codex T2 + D8 of the eng review). * POST /pty-dispose — explicit teardown. sendBeacon-compatible: accepts auth token in the body so the extension's pagehide handler (Commit 2C) can fire it without setting custom headers (sendBeacon doesn't support those). Without this route, every clean browser quit leaves a zombie PTY alive for the 60s detach window — codex T3 caught it. * POST /internal/lease-refresh — loopback from terminal-agent on its 25s keepalive cycle (lazy: only when lease is within 5 min of expiry). Refreshes the lease AND resets the daemon idle timer. T6 of the eng review: PTY activity (not arbitrary SSE consumers) is what keeps the daemon alive when the sidebar is in use. Helpers: * grantPtyToken now accepts optional sessionId and passes it through to the agent's /internal/grant body. The agent binds token → sessionId in its validTokens Map so /ws upgrades carry the sessionId for /internal/restart and Commit 3 re-attach lookups. * restartPtySession() — new loopback helper that POSTs the agent's scoped /internal/restart with a sessionId body. Used by /pty-restart and /pty-dispose. Auth contract on /pty-dispose deliberately accepts the auth token in EITHER the Authorization header OR the request body. The body path is required for sendBeacon (which can't set custom headers); the header path stays available for non-beacon callers and tests. Test (browse/test/server-pty-lease-routes.test.ts): * 7 static-grep tripwires pinning the 4-tuple shape, validate-first re-attach with 410 fallback, one-transaction restart semantics, sendBeacon-compatible dispose auth, and the T6 PTY-only idle reset. * Live route exercises (full mint + grant + WS upgrade cycle) belong in the e2e tier — they require a real terminal-agent loopback and take seconds per assertion. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(sidebar): forceRestart via /pty-restart + pagehide /pty-dispose Closes the Commit 2 loop: server-side lease + restart routes shipped in 25ef24e9; this commit wires the extension client to use them. End-to-end result — clicking Restart now actually kills the server's PTY before opening a new WS (zero race window), and closing the sidebar / quitting the browser disposes the PTY immediately instead of letting it linger for the upcoming 60s detach window. sidepanel-terminal.js: * mintSession callers read the v1.44 4-tuple (sessionId + attachToken) from /pty-session, with a backward-compat fallback to ptySessionToken so a partially-updated extension still works against a fresh server for one minor release. * Eager spawn via {type:"start"} text frame replaces the legacy `TextEncoder().encode("\n")` newline hack. Pre-v1.44, the lazy-binary- spawn pattern made forceRestart look stuck until the user typed — now claude boots before the prompt renders. * forceRestart() rewritten as an async one-transaction handler: 1. close current WS with code 4001 (intentional-restart) 2. POST /pty-restart with priorSessionId so the server can scope the dispose, then mint fresh sessionId + lease + attachToken in the same response 3. Open new WS with the returned attachToken, send {type:"start"} immediately for eager spawn 4. On 401: sticky-abort the auto-connect loop (no spam) 5. On 503 / network failure: fall back to patient autoconnect * currentSessionId tracked and exposed on window.gstackPtySession so sidepanel.js's pagehide handler can sendBeacon the dispose. sidepanel.js: * New pagehide handler fires navigator.sendBeacon('/pty-dispose', {sessionId, authToken}) on tab close, panel close, browser quit, or extension reload. sendBeacon-compatible: auth token rides in the body since sendBeacon can't set custom headers (server route accepts body-auth per 25ef24e9). * try/catch around the entire body so a sendBeacon failure can't interfere with the browser's unload sequence — the 60s detach window from Commit 3 catches anything we miss. There's bounded duplication between connect() and forceRestart() (~70 lines of WS attach/handler wiring). Extracting a shared helper is a clean follow-up but out of scope for the v1.44 ship — both paths are exercised by the same e2e test. Test (browse/test/sidepanel-restart-dispose.test.ts): * 9 static-grep tripwires pinning the 4-tuple parse, eager spawn, close-code 4001 contract, /pty-restart wire shape, sticky-abort 401 path, sessionId window plumbing, sendBeacon body contract, and the best-effort try/catch around pagehide. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(terminal-agent): scrollback ring buffer + detach state machine + re-attach The agent side of Commit 3 — the "magic" feature. A network blip (wifi hiccup, MV3 panel suspend, brief Chromium pause) now silently reconnects the sidebar to the SAME claude session with scrollback intact. No more "Session ended" message + manual Restart click + losing your tool-call output. Server-side /pty-session/reattach (25ef24e9) and the extension re-attach loop (next commit) close the loop end-to-end. Ring buffer (T10): * Per-session frames: Buffer[] capped at 1 MB (env-overridable via GSTACK_PTY_RING_BUFFER_BYTES). Each PTY write is one frame, so eviction is at frame boundaries and never cuts a UTF-8 sequence or ANSI CSI in half. * appendToRingBuffer eviction loop keeps at least one frame even at extreme caps — a single oversized frame can't empty the buffer. * Alt-screen tracking via canonical xterm CSI ?1049h / CSI ?1049l sequences. lastIndexOf comparison so trailing state wins when both appear in one render frame (quick tool-call open+close). Replay payload (T5 — codex outside-voice): * buildReplayPayload prefixes DECSTR soft reset (\x1b[!p) and conditionally re-enters alt-screen if claude was in a tool call at detach. The client writes RIS (\x1bc) FIRST to clear pre-blip xterm content; the server's prelude resets character attributes; the ring buffer replays cleanly on top. * Order is enforced by the {type:"reattach-begin"} text frame the agent sends right before the binary replay — client waits for it, writes RIS, then treats the next binary frame as the replay payload. Detach state machine (T9): * PtySession.liveWs decouples the PTY callback from the original ws closure. On re-attach, swapping session.liveWs is enough — the on-data callback writes to the new ws automatically. * close(ws, code, _reason): codes 4001 (intentional restart), 4404 (no-claude), and 1000 (clean exit) trigger immediate dispose. Anything else (1006 abnormal, 1001 going-away from network blip / panel suspend) starts a 60s detach timer instead. claude keeps running, output keeps accumulating in the ring buffer. * Detach timer is unref'd so the bun process can still exit cleanly on natural shutdown. * Sessions without a sessionId (legacy single-shot grants) can't re-attach by definition — those fall through to immediate dispose. Re-attach lookup (T9): * WS open() checks sessionsById[sessionId] FIRST. If a detached session is sitting there, cancel its detach timer, swap liveWs, rebind the WS-keyed map, restart keepalive, send reattach-begin + replay payload. The PTY process is unchanged. * /internal/restart now cancels any pending detach timer before disposal — otherwise the timer would later try to dispose an already-disposed session. Env knobs for e2e: * GSTACK_PTY_RING_BUFFER_BYTES — compress to 256 for eviction tests. * GSTACK_PTY_DETACH_WINDOW_MS — compress to 1000 for "did the timer fire?" tests without waiting a minute per assertion. Tests: * browse/test/terminal-agent-detach-reattach.test.ts — 10 static-grep tripwires for the load-bearing properties: interface shape, env knobs, eviction floor, alt-screen tracking, replay prelude composition, re-attach lookup, close-code routing, detach timer unref, /internal/restart timer cancellation, on-data through session.liveWs. * browse/test/terminal-agent-session-routing.test.ts test 7 widened to match the new close(ws, code, _reason) signature. * browse/test/terminal-agent-keepalive.test.ts test 3 widened similarly. Both stay regressions for the prior contract. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(sidebar): silent re-attach with scrollback replay (Commit 3 client side) Closes the v1.44 long-lived-sidebar loop end-to-end. When the WS dies for a transient reason (wifi blip, MV3 panel suspend, brief Chromium pause), the sidebar now silently re-attaches to the SAME claude session inside the server's 60s detach window. Scrollback replays cleanly; the user keeps typing without noticing anything happened. State machine: * New STATE.RECONNECTING covers the in-flight re-attach window. setState transitions out of this state reset reattachInFlight so a concurrent user action (Restart click, panel navigate) short-circuits cleanly. * Backoff schedule REATTACH_BACKOFF_MS = [1000, 2000, 4000, 8000] then 8s steady until REATTACH_WINDOW_MS (60s) elapses. Past that point the server has disposed our session and /pty-session/reattach returns 410 Gone. startReattachLoop(prevSessionId): * Posts /pty-session/reattach with sessionId. * On 200 with a valid 4-tuple, opens the post-reattach WS directly. * On 410 (lease expired) — short-circuits to ENDED. No retry; the user clicks Restart for a fresh session. * On 401 — sticky-aborts the auto-connect loop. Same defense as 25ef24e9 so we don't spam "Auth invalid" every 2s. * On network failure or other non-OK status — schedules the next backoff tick. openReattachWebSocket(terminalPort, attachToken, sessionId): * Mostly a clone of connect()'s attach wiring. Reuses the live xterm element — RIS clears the buffer cleanly when the agent's {type:"reattach-begin"} arrives, so the visual flash is minimal. * Handshake: on `{type:"reattach-begin"}` text frame → write `\x1bc` (RIS) to xterm + set nextBinaryIsReplay = true. The next binary frame IS the server-built replay payload (DECSTR soft-reset prefix + optional alt-screen re-enter + ring buffer contents). * If THIS reattach WS also dies uncleanly, recurses into another re-attach loop with the same sessionId — the server's detach window may still be open. State guard prevents runaway recursion. connect() + forceRestart() close handlers (existing): * Both updated to call startReattachLoop on transient close codes (anything other than 1000 / 4001 / 4404). Was just setState(ENDED). * Clean codes still bypass — re-attaching to a force-restart's pre-restart session would be the bug we're avoiding. Test (browse/test/sidepanel-reattach.test.ts): * 8 static-grep tripwires for the load-bearing properties: state constant, backoff schedule, /pty-session/reattach wiring, 410 short-circuit (no retry past lease window), 401 sticky-abort, r…

garrytan · 2026-05-25T17:58:10Z

Your fix landed in v1.43.2.0 (the CHANGELOG credits you by name via PR #1606). Closing this PR — the work shipped through a parallel route. Thanks for the contribution, @andrey-esipov!

andrey-esipov force-pushed the fix-gbrain-lib-locale branch from 7ce67e6 to b56666f Compare May 19, 2026 16:01

garrytan mentioned this pull request May 21, 2026

v1.43.2.0 fix wave: post-Daegu paper-cut — 18 fixes, 28 bisect commits #1642

Merged

5 tasks

garrytan closed this May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(gbrain-lib): pin LC_ALL=C in varname validator (macOS locale guard)#1606

fix(gbrain-lib): pin LC_ALL=C in varname validator (macOS locale guard)#1606
andrey-esipov wants to merge 1 commit into
garrytan:mainfrom
andrey-esipov:fix-gbrain-lib-locale

andrey-esipov commented May 19, 2026

Uh oh!

andrey-esipov commented May 19, 2026

Uh oh!

garrytan commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

andrey-esipov commented May 19, 2026

Summary

Repro (macOS, default user locale)

Test plan

Uh oh!

andrey-esipov commented May 19, 2026

Uh oh!

garrytan commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants