v1.26.0.0 feat: V1 transcript ingest + per-skill gbrain manifests + retrieval surface (#1298)

* feat: lib/gstack-memory-helpers shared module for V1 memory ingest pipeline

Lane 0 foundation per plan §"Eng review additions". 5 public functions
imported by the V1 helpers (Lanes A/B/C):

  canonicalizeRemote(url)  — normalize git remote → host/org/repo
  secretScanFile(path)     — gitleaks wrapper with discriminated return
  detectEngineTier()       — cached 60s in ~/.gstack/.gbrain-engine-cache.json
  parseSkillManifest(path) — extract gbrain.context_queries: from frontmatter
  withErrorContext(op,fn,caller) — async-aware error logging

22 unit tests, all passing. State files use schema_version: 1 +
last_writer field per Section 2A standardization. Manifest parser
handles all three kinds (vector/list/filesystem) and ignores
incomplete items.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat: bin/gstack-memory-ingest — V1 unified memory ingest helper

Lane A. Walks coding-agent transcripts (Claude Code + Codex; Cursor V1.0.1
follow-up) AND ~/.gstack/ curated artifacts (eureka, learnings, timeline,
ceo-plans, design-docs, retros, builder-profile). Calls gbrain put_page
with type-tagged frontmatter. Uses gstack-memory-helpers (Lane 0):

  - Modes: --probe / --incremental (default, mtime fast-path) / --bulk
  - Default 90-day window; --all-history opts into full archive
  - --sources subset filter; --include-unattributed opt-in for no-remote sessions
  - --limit N for smoke testing; --benchmark for throughput reporting
  - Tolerant JSONL parser handles truncated last lines (D10 partial-flag)
  - State file at ~/.gstack/.transcript-ingest-state.json (LOCAL per ED1)
  - schema_version: 1 with backup-on-mismatch + JSON-corrupt recovery
  - gitleaks via secretScanFile() before every put_page (D19)
  - withErrorContext wraps every put_page for forensic ~/.gstack/.gbrain-errors.jsonl

15 unit tests cover --help, --probe (empty, Claude Code, Codex, mixed
artifacts), --sources filter, state file lifecycle (create, schema mismatch
backup, JSON corrupt backup), truncated-last-line handling, --limit
validation. All passing.

V1.5 P0 follow-ups noted in the file header:
  - Cursor SQLite extraction (V1.0.1)
  - gbrain put_file routing for Supabase Storage tier (cross-repo)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat: bin/gstack-gbrain-sync — V1 unified sync verb (Lane B)

Orchestrates three storage tiers per plan §"Storage tiering":
  1. Code (current repo)         → gbrain import (Supabase or local PGLite)
  2. Transcripts + curated memory → gstack-memory-ingest (typed put_page)
  3. Curated artifacts to git    → gstack-brain-sync (existing pipeline)

Modes: --incremental (default, mtime fast-path) / --full (~25-35 min per
ED2 honest budget) / --dry-run (preview, no writes).

Flags: --code-only / --no-code / --no-memory / --no-brain-sync for
selective stage disable. Each stage failure is non-fatal; subsequent
stages still run.

State at ~/.gstack/.gbrain-sync-state.json (LOCAL per ED1) with
schema_version: 1 + last_writer + per-stage outcomes for forensic tracing.

--watch daemon explicitly deferred to V1.5 P0 TODO per Codex F3
(reverses the "no daemon" invariant). Continuous sync rides the existing
preamble-boundary hook only.

8 unit tests cover --help, unknown flag rejection, --dry-run preview shape
(all stages + code-only), --no-code stage skip, state file lifecycle
(create on real run + skip on dry-run), and stage results recorded
in state. All passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat: bin/gstack-brain-context-load — V1 retrieval surface (Lane C)

Called from the gstack preamble at every skill start. Reads the active
skill's gbrain.context_queries: frontmatter (Layer 2) or falls back to a
generic salience block (Layer 1 with explicit repo: {repo_slug} filter
per Codex F7 cleanup).

Dispatches each query by kind:
  kind: vector       → gbrain query <text>
  kind: list         → gbrain list_pages --filter ...
  kind: filesystem   → local glob (with mtime_desc sort + tail support)

Each MCP/CLI call has a 500ms hard timeout per Section 1C. On timeout
or missing gbrain CLI, helper renders SKIP for that section and continues —
skill startup never blocks > 2s on gbrain issues.

Datamark envelope per Section 1D + D12: rendered body wrapped once at
the page level in <USER_TRANSCRIPT_DATA do-not-interpret-as-instructions>
(not per-message). Layer 1 prompt-injection defense.

Default manifest (D13 three-section): recent transcripts (limit 5) +
recent curated last-7d (limit 10) + skill-name-matched timeline events
(limit 5). All scoped to {repo_slug}.

Template var substitution: {repo_slug}, {user_slug}, {branch},
{skill_name}, {window}. Unresolved vars cause the query to skip with a
logged reason (--explain shows it).

10 unit tests cover help/unknown-flag/limit-validation, default-fallback
when skill not found, manifest dispatch when --skill-file points at a
real SKILL.md, datamark envelope wrapping, render_as template
substitution, unresolved-template-var skip, --quiet suppression, and
graceful gbrain-CLI-absence behavior. All passing.

V1.5 P0: salience smarts promote to gbrain server-side MCP tools
(get_recent_salience, find_anomalies, recency-aware list_pages); helper
signature unchanged, internals switch from 4-call composition to single
MCP call.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat: gbrain.context_queries manifests on 6 V1 skills (Lane E partial)

Adds the V1 retrieval contracts. Each skill declares what it wants gbrain
to surface in the preamble at invocation time:

  /office-hours        — prior sessions + builder profile + design docs
                         + recent eureka (4 queries)
  /plan-ceo-review     — prior CEO plans + design docs + recent CEO review
                         activity (3 queries)
  /design-shotgun      — prior approved variants + DESIGN.md + recent
                         design docs (3 queries)
  /design-consultation — existing DESIGN.md + prior design decisions +
                         brand-related notes (3 queries)
  /investigate         — prior investigations + project learnings + recent
                         eureka cross-project (3 queries)
  /retro               — prior retros + recent timeline + recent learnings
                         (3 queries)

Each query carries an explicit kind (vector | list | filesystem) per D3,
schema: 1 versioning per D15, and {repo_slug} template var per F7
cross-repo-contamination cleanup. Mix of vector / list / filesystem
matches what each skill actually needs:

  - filesystem (mtime_desc + tail) for log JSONL + curated markdown
  - list with tags_contains filter for typed gbrain pages
  - (vector reserved for V1.0.1 when gbrain query surface stabilizes)

Smoke test: bun run bin/gstack-brain-context-load.ts --skill-file
office-hours/SKILL.md --repo test-repo --explain returns mode=manifest
queries=4 with the filesystem kinds populating real data from
~/.gstack/builder-profile.jsonl + ~/.gstack/analytics/eureka.jsonl on
this Mac. End-to-end retrieval flow confirmed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat: setup-gbrain Step 7.5 ingest gate + Step 10 verdict + memory.md ref doc (Lane E partial)

Step 7.5: Transcript & memory ingest gate. After Step 7 wires brain-sync
but before Step 8's CLAUDE.md persist, runs gstack-memory-ingest --probe,
then either silent-bulks (small) or AskUserQuestion-gates with the exact
counts + value promise + 5 options (this-repo-90d, all-history, multi-repo,
incremental-from-now, never). Decision persists to
gstack-config set transcript_ingest_mode <choice>.

Step 10: GREEN/YELLOW/RED verdict block. Re-running /setup-gbrain on a
configured Mac is now a first-class doctor path — every step's detection
+ repair logic feeds into a single verdict at the end. Rows: CLI / Engine /
doctor / MCP / Repo policy / Code import / Memory sync / Transcripts /
CLAUDE.md / Smoke. Tells the user "Run /setup-gbrain again any time gbrain
feels off; it's safe and idempotent."

setup-gbrain/memory.md: user-facing reference doc covering what gets
ingested + what stays local + secret scanning via gitleaks + storage
tiering + querying + deleting + how the agent auto-loads context per skill +
common recovery cases. Linked from Step 8's CLAUDE.md persist.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test: V1 E2E pipeline + --no-write flag for ingest helper (Lane F)

E2E pipeline test exercises the full Lane A → B → C value loop:
  1. Set up fake $HOME with all 8 memory source types as fixtures
  2. gstack-memory-ingest --probe verifies counts match disk
  3. gstack-memory-ingest --incremental writes state with schema_version: 1
  4. Idempotency: re-run reports 0 changes
  5. --probe distinguishes new vs unchanged after first incremental
  6. gstack-gbrain-sync --dry-run previews 3 stages
  7. --no-code --no-brain-sync --quiet writes sync state with 1 stage entry
  8. office-hours/SKILL.md V1 manifest dispatches 4 queries (mode=manifest)
  9. Datamark envelope wraps every loaded section (Section 1D + D12)
 10. Layer 1 fallback when no skill specified — default 3-section manifest
 11. plan-ceo-review/SKILL.md manifest also dispatches (regression for V1
     manifest authoring across all 6 V1 skills)

Side effect: bin/gstack-memory-ingest.ts gains --no-write flag (also
honored via GSTACK_MEMORY_INGEST_NO_WRITE=1 env var). Skips gbrain put_page
calls while still updating the state file. Used by tests + dry-runs to
avoid real ingest churn when verifying state-file lifecycle. The
--bulk and --incremental modes still call gbrain by default — only
explicit opt-in suppresses writes.

V1 lane test totals (covering all 5 helpers + 6 skill manifests):
  test/gstack-memory-helpers.test.ts     22 tests
  test/gstack-memory-ingest.test.ts      15 tests
  test/gstack-gbrain-sync.test.ts         8 tests
  test/gstack-brain-context-load.test.ts 10 tests
  test/skill-e2e-memory-pipeline.test.ts 10 tests
  ────────────────────────────────────── ─────────
  TOTAL                                  65 passing

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore: bump version and changelog (v1.26.0.0)

V1 of memory ingest + retrieval surface. Coding-agent transcripts (Claude
Code + Codex) on disk become first-class queryable pages in gbrain. Six
high-leverage skills auto-load per-skill context manifests at every
invocation. Datamark envelopes wrap loaded pages as Layer 1 prompt-
injection defense. Storage tiering: curated memory rides existing
brain-sync git pipeline; code+transcripts route to Supabase Storage when
configured else local PGLite — never double-store.

Net branch size vs main: +4174/-849 across 39 files. 65 V1 tests, all
green. Goldilocks scope per CEO D18; V1.5 P0 follow-ups documented in
the plan's V1.5 TODOs section.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

test/gstack-memory-helpers.test.ts

@@ -0,0 +1,310 @@
+/**
+ * Unit tests for lib/gstack-memory-helpers.ts (Lane 0 foundation).
+ *
+ * Covers the public surface used by Lanes A, B, C:
+ *   - canonicalizeRemote: 8 cases across https/ssh/git@/.git/empty
+ *   - secretScanFile: gitleaks-missing fallback + redactMatch behavior
+ *   - parseSkillManifest: valid manifest + missing manifest + multi-kind
+ *   - withErrorContext: success path + error path + log writing
+ *   - detectEngineTier: cache TTL + fresh-detect fallback
+ *
+ * Free-tier (~50ms total). Runs in `bun test`.
+ */
+
+import { describe, it, expect, beforeEach, afterAll } from "bun:test";
+import { mkdtempSync, writeFileSync, readFileSync, existsSync, rmSync, mkdirSync } from "fs";
+import { tmpdir } from "os";
+import { join } from "path";
+
+import {
+  canonicalizeRemote,
+  secretScanFile,
+  parseSkillManifest,
+  withErrorContext,
+  detectEngineTier,
+  _resetGitleaksAvailabilityCache,
+} from "../lib/gstack-memory-helpers";
+
+// ── canonicalizeRemote ─────────────────────────────────────────────────────
+
+describe("canonicalizeRemote", () => {
+  it("strips https scheme and .git suffix", () => {
+    expect(canonicalizeRemote("https://github.com/garrytan/gstack.git")).toBe("github.com/garrytan/gstack");
+  });
+
+  it("normalizes git@host:path scp-style remotes", () => {
+    expect(canonicalizeRemote("git@github.com:garrytan/gstack.git")).toBe("github.com/garrytan/gstack");
+  });
+
+  it("strips ssh:// scheme", () => {
+    expect(canonicalizeRemote("ssh://git@gitlab.com/foo/bar")).toBe("gitlab.com/foo/bar");
+  });
+
+  it("returns empty string for null/undefined/empty input", () => {
+    expect(canonicalizeRemote("")).toBe("");
+    expect(canonicalizeRemote(null)).toBe("");
+    expect(canonicalizeRemote(undefined)).toBe("");
+  });
+
+  it("strips surrounding quotes", () => {
+    expect(canonicalizeRemote(`"https://github.com/foo/bar.git"`)).toBe("github.com/foo/bar");
+  });
+
+  it("strips trailing slashes", () => {
+    expect(canonicalizeRemote("https://github.com/foo/bar/")).toBe("github.com/foo/bar");
+  });
+
+  it("lowercases the result", () => {
+    expect(canonicalizeRemote("https://GitHub.com/Foo/Bar.git")).toBe("github.com/foo/bar");
+  });
+
+  it("handles paths with multiple segments", () => {
+    expect(canonicalizeRemote("https://gitlab.example.com/group/subgroup/project.git")).toBe(
+      "gitlab.example.com/group/subgroup/project"
+    );
+  });
+
+  it("collapses redundant slashes", () => {
+    expect(canonicalizeRemote("https://github.com//foo//bar")).toBe("github.com/foo/bar");
+  });
+});
+
+// ── secretScanFile ─────────────────────────────────────────────────────────
+
+describe("secretScanFile", () => {
+  beforeEach(() => {
+    _resetGitleaksAvailabilityCache();
+  });
+
+  it("returns scanner=error for non-existent file", () => {
+    const result = secretScanFile("/nonexistent/path/that/does/not/exist");
+    expect(result.scanned).toBe(false);
+    expect(result.scanner).toBe("error");
+    expect(result.findings).toEqual([]);
+  });
+
+  it("returns scanner=missing or runs gitleaks (env-dependent)", () => {
+    // We can't assume gitleaks is installed in CI; we just verify the shape.
+    const dir = mkdtempSync(join(tmpdir(), "gstack-test-"));
+    const file = join(dir, "clean.txt");
+    writeFileSync(file, "no secrets here\n");
+    const result = secretScanFile(file);
+    expect(["gitleaks", "missing", "error"]).toContain(result.scanner);
+    if (result.scanner === "gitleaks") {
+      // Clean file should produce no findings
+      expect(result.findings).toEqual([]);
+    }
+    rmSync(dir, { recursive: true, force: true });
+  });
+});
+
+// ── parseSkillManifest ─────────────────────────────────────────────────────
+
+describe("parseSkillManifest", () => {
+  it("returns null for non-existent file", () => {
+    expect(parseSkillManifest("/nonexistent/skill.md")).toBeNull();
+  });
+
+  it("returns null for file without frontmatter", () => {
+    const dir = mkdtempSync(join(tmpdir(), "gstack-test-"));
+    const file = join(dir, "no-fm.md");
+    writeFileSync(file, "# Just a heading\n\nbody text\n");
+    expect(parseSkillManifest(file)).toBeNull();
+    rmSync(dir, { recursive: true, force: true });
+  });
+
+  it("returns null when frontmatter has no gbrain: key", () => {
+    const dir = mkdtempSync(join(tmpdir(), "gstack-test-"));
+    const file = join(dir, "no-gbrain.md");
+    writeFileSync(file, `---\nname: foo\ndescription: bar\n---\n\nbody\n`);
+    expect(parseSkillManifest(file)).toBeNull();
+    rmSync(dir, { recursive: true, force: true });
+  });
+
+  it("parses a multi-kind manifest correctly", () => {
+    const dir = mkdtempSync(join(tmpdir(), "gstack-test-"));
+    const file = join(dir, "multi.md");
+    writeFileSync(
+      file,
+      `---
+name: office-hours
+description: YC Office Hours
+gbrain:
+  schema: 1
+  context_queries:
+    - id: prior-sessions
+      kind: vector
+      query: "office-hours sessions for {repo_slug}"
+      limit: 5
+      render_as: "## Prior office-hours sessions in this repo"
+    - id: builder-profile
+      kind: filesystem
+      glob: "~/.gstack/builder-profile.jsonl"
+      tail: 1
+      render_as: "## Your builder profile snapshot"
+    - id: prior-assignments
+      kind: list
+      sort: created_at_desc
+      limit: 5
+      render_as: "## Open assignments from past sessions"
+triggers:
+  - office-hours
+---
+
+body
+`
+    );
+
+    const m = parseSkillManifest(file);
+    expect(m).not.toBeNull();
+    expect(m!.schema).toBe(1);
+    expect(m!.context_queries).toHaveLength(3);
+
+    const ids = m!.context_queries.map((q) => q.id);
+    expect(ids).toEqual(["prior-sessions", "builder-profile", "prior-assignments"]);
+
+    const kinds = m!.context_queries.map((q) => q.kind);
+    expect(kinds).toEqual(["vector", "filesystem", "list"]);
+
+    expect(m!.context_queries[0].query).toBe("office-hours sessions for {repo_slug}");
+    expect(m!.context_queries[0].limit).toBe(5);
+    expect(m!.context_queries[1].glob).toBe("~/.gstack/builder-profile.jsonl");
+    expect(m!.context_queries[1].tail).toBe(1);
+    expect(m!.context_queries[2].sort).toBe("created_at_desc");
+
+    rmSync(dir, { recursive: true, force: true });
+  });
+
+  it("ignores incomplete query items (missing kind)", () => {
+    const dir = mkdtempSync(join(tmpdir(), "gstack-test-"));
+    const file = join(dir, "incomplete.md");
+    writeFileSync(
+      file,
+      `---
+name: bad
+gbrain:
+  schema: 1
+  context_queries:
+    - id: missing-kind
+      render_as: "## Should be skipped"
+    - id: complete
+      kind: vector
+      query: "x"
+      render_as: "## OK"
+---
+
+body
+`
+    );
+
+    const m = parseSkillManifest(file);
+    expect(m).not.toBeNull();
+    expect(m!.context_queries).toHaveLength(1);
+    expect(m!.context_queries[0].id).toBe("complete");
+    rmSync(dir, { recursive: true, force: true });
+  });
+});
+
+// ── withErrorContext ───────────────────────────────────────────────────────
+
+describe("withErrorContext", () => {
+  let savedHome: string | undefined;
+  let testHome: string;
+
+  beforeEach(() => {
+    savedHome = process.env.GSTACK_HOME;
+    testHome = mkdtempSync(join(tmpdir(), "gstack-test-home-"));
+    process.env.GSTACK_HOME = testHome;
+  });
+
+  afterAll(() => {
+    if (savedHome === undefined) delete process.env.GSTACK_HOME;
+    else process.env.GSTACK_HOME = savedHome;
+  });
+
+  it("returns the value on success and writes an ok entry", async () => {
+    const result = await withErrorContext("test-op-success", () => 42, "test-caller");
+    expect(result).toBe(42);
+
+    const log = readFileSync(join(testHome, ".gbrain-errors.jsonl"), "utf-8");
+    const entry = JSON.parse(log.trim().split("\n").pop()!);
+    expect(entry.op).toBe("test-op-success");
+    expect(entry.outcome).toBe("ok");
+    expect(entry.schema_version).toBe(1);
+    expect(entry.last_writer).toBe("test-caller");
+    expect(typeof entry.duration_ms).toBe("number");
+    expect(entry.duration_ms).toBeGreaterThanOrEqual(0);
+  });
+
+  it("rethrows the error on failure and writes an error entry", async () => {
+    let caught: unknown = null;
+    try {
+      await withErrorContext("test-op-fail", () => {
+        throw new Error("boom");
+      }, "test-caller");
+    } catch (e) {
+      caught = e;
+    }
+    expect(caught).toBeInstanceOf(Error);
+    expect((caught as Error).message).toBe("boom");
+
+    const log = readFileSync(join(testHome, ".gbrain-errors.jsonl"), "utf-8");
+    const entry = JSON.parse(log.trim().split("\n").pop()!);
+    expect(entry.op).toBe("test-op-fail");
+    expect(entry.outcome).toBe("error");
+    expect(entry.error).toBe("boom");
+  });
+
+  it("supports async functions", async () => {
+    const result = await withErrorContext(
+      "async-op",
+      async () => {
+        await new Promise((r) => setTimeout(r, 5));
+        return "done";
+      },
+      "test-caller"
+    );
+    expect(result).toBe("done");
+  });
+});
+
+// ── detectEngineTier ───────────────────────────────────────────────────────
+
+describe("detectEngineTier", () => {
+  let savedHome: string | undefined;
+  let testHome: string;
+
+  beforeEach(() => {
+    savedHome = process.env.GSTACK_HOME;
+    testHome = mkdtempSync(join(tmpdir(), "gstack-test-engine-"));
+    process.env.GSTACK_HOME = testHome;
+  });
+
+  afterAll(() => {
+    if (savedHome === undefined) delete process.env.GSTACK_HOME;
+    else process.env.GSTACK_HOME = savedHome;
+  });
+
+  it("returns a valid EngineDetect shape (engine, detected_at, schema_version)", () => {
+    const result = detectEngineTier();
+    expect(["pglite", "supabase", "unknown"]).toContain(result.engine);
+    expect(result.schema_version).toBe(1);
+    expect(typeof result.detected_at).toBe("number");
+    expect(result.detected_at).toBeGreaterThan(0);
+  });
+
+  it("writes a cache file at ~/.gstack/.gbrain-engine-cache.json", () => {
+    detectEngineTier();
+    const cachePath = join(testHome, ".gbrain-engine-cache.json");
+    expect(existsSync(cachePath)).toBe(true);
+    const cached = JSON.parse(readFileSync(cachePath, "utf-8"));
+    expect(cached.schema_version).toBe(1);
+    expect(cached.last_writer).toBe("gstack-memory-helpers.detectEngineTier");
+  });
+
+  it("returns the cached value on second call within TTL", () => {
+    const first = detectEngineTier();
+    const second = detectEngineTier();
+    expect(second.detected_at).toBe(first.detected_at);
+  });
+});