mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-01 19:25:10 +02:00
Garry Tan
9dbaf906cf
* feat(gbrain-sync): queue primitives + writer shims
Adds bin/gstack-brain-enqueue (atomic append to sync queue) and
bin/gstack-jsonl-merge (git merge driver, ts-sort with SHA-256 fallback).
Wires one backgrounded enqueue call into learnings-log, timeline-log,
review-log, and developer-profile --migrate. question-log and
question-preferences stay local per Codex v2 decision.
gstack-config gains gbrain_sync_mode (off/artifacts-only/full) and
gbrain_sync_mode_prompted keys, plus GSTACK_HOME env alignment so
tests don't leak into real ~/.gstack/config.yaml.
* feat(gbrain-sync): --once drain + secret scan + push
bin/gstack-brain-sync is the core sync binary. Subcommands: --once
(drain queue, allowlist-filter, privacy-class-filter, secret-scan
staged diff, commit with template, push with fetch+merge retry),
--status, --skip-file <path>, --drop-queue --yes, --discover-new
(cursor-based detection of artifact writes that skip the shim).
Secret regex families: AWS keys, GitHub tokens (ghp_/gho_/ghu_/ghs_/
ghr_/github_pat_), OpenAI sk-, PEM blocks, JWTs, bearer-token-in-JSON.
On hit: unstage, preserve queue, print remediation hint (--skip-file
or edit), exit clean. No daemon — invoked by preamble at skill
boundaries.
* feat(gbrain-sync): init, restore, uninstall, consumer registry
bin/gstack-brain-init: idempotent first-run. git init ~/.gstack/,
.gitignore=*, canonical .brain-allowlist + .brain-privacy-map.json,
pre-commit secret-scan hook (defense-in-depth), merge driver registration
via git config, gh repo create --private OR arbitrary --remote <url>,
initial push, ~/.gstack-brain-remote.txt for new-machine discovery,
GBrain consumer registration via HTTP POST.
bin/gstack-brain-restore: safe new-machine bootstrap. Refuses clobber
of existing allowlisted files, clones to staging, rsync-copies tracked
files, re-registers merge drivers (required — not cloned from remote),
rehydrates consumers.json, prompts for per-consumer tokens.
bin/gstack-brain-uninstall: clean off-ramp. Removes .git + .brain-*
files + consumers.json + config keys. Preserves user data (learnings,
plans, retros, profile). Optional --delete-remote for GitHub repos.
bin/gstack-brain-consumer + bin/gstack-brain-reader (symlink alias):
registry management. Internal 'consumer' term; user-facing 'reader'
per DX review decision.
* feat(gbrain-sync): preamble block — privacy gate + boundary sync
scripts/resolvers/preamble/generate-brain-sync-block.ts emits bash that
runs at every skill invocation:
- Detects ~/.gstack-brain-remote.txt on machines without local .git
and surfaces a restore-available hint (does NOT auto-run restore).
- Runs gstack-brain-sync --once at skill start to drain any pending
writes (and at skill end via prose instruction).
- Once-per-day auto-pull (cached via .brain-last-pull) for append-only
JSONL files.
- Emits BRAIN_SYNC: status line every skill run.
Also emits prose for the host LLM to fire the one-time privacy
stop-gate (full / artifacts-only / off) when gbrain is detected and
gbrain_sync_mode_prompted is false. Wired into preamble.ts composition.
* test(gbrain-sync): 27-test consolidated suite
test/brain-sync.test.ts covers:
- Config: validation, defaults, GSTACK_HOME env isolation
- Enqueue: no-op gates, skip list, concurrent atomicity, JSON escape
- JSONL merge driver: 3-way + ts-sort + SHA-256 fallback
- Init + sync: canonical file creation, merge driver registration,
push-reject + fetch+merge retry path
- Init refuses different remote (idempotency)
- Cross-machine restore round-trip (machine A write → machine B sees)
- Secret scan across all 6 regex families (AWS, GH, OpenAI, PEM, JWT,
bearer-JSON). --skip-file unblock remediation
- Uninstall removes sync config, preserves user data
- --discover-new idempotence via mtime+size cursor
Behaviors verified via integration smokes during implementation. Known
follow-up: bun-test 5s default timeout needs 30s wrapper for
spawnSync-heavy tests.
* docs(gbrain-sync): user guide + error lookup + README section
docs/gbrain-sync.md: setup walkthrough, privacy modes, cross-machine
workflow, secret protection, two-machine conflict handling, uninstall,
troubleshooting reference.
docs/gbrain-sync-errors.md: problem/cause/fix index for every
user-visible error. Patterned on Rust's error docs + Stripe's API
error reference.
README.md: 'Cross-machine memory with GBrain sync' section near the
top (discovery moment), plus docs-table entry.
* chore: bump version and changelog (v1.7.0.0)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: regenerate SKILL.md files for gbrain-sync preamble block
Re-runs bun run gen:skill-docs after adding generateBrainSyncBlock
to scripts/resolvers/preamble.ts in a2aa8a07. CI check-freshness
caught the drift. All 36 SKILL.md files regenerated with the new
skill-start bash block + privacy-gate prose + skill-end sync
instructions baked in.
* fix(test): session-awareness reads AskUserQuestion Format from a Tier 2+ SKILL.md
The test was reading ROOT/SKILL.md (browse skill, Tier 1) which never
contained '## AskUserQuestion Format' — that section is only emitted
for Tier 2+ skills by scripts/resolvers/preamble.ts. As a result the
agent was prompted with an empty format guide and only emitted
'RECOMMENDATION' intermittently, making the test flaky.
Pre-existing on main (same ROOT/SKILL.md shape there) — surfaced now
because the agent run didn't hit the RECOMMENDATION/recommend/option a
fallback strings in this particular attempt.
Fix: read from office-hours/SKILL.md (Tier 3, always has the section)
with a fallback that scans for the first top-level skill dir whose
SKILL.md contains the header. Future template moves won't break this
test again.
* chore: bump to v1.9.0.0 for gbrain-sync landing
Changes just the VERSION + package.json + CHANGELOG header (1.7.0.0 → 1.9.0.0
and date 2026-04-22 → 2026-04-23). No code changes. User call: land gbrain-sync
as a bigger-signal release above main's 1.6.4.0, skipping 1.8.0.0.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
191 lines
9.8 KiB
Bash
Executable File
191 lines
9.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# gstack-config — read/write ~/.gstack/config.yaml
|
|
#
|
|
# Usage:
|
|
# gstack-config get <key> — read a config value (falls back to DEFAULTS)
|
|
# gstack-config set <key> <value> — write a config value
|
|
# gstack-config list — show all config (values + defaults)
|
|
# gstack-config defaults — show just the defaults table
|
|
#
|
|
# Env overrides (for testing):
|
|
# GSTACK_HOME — override ~/.gstack state directory (aligns with writer scripts)
|
|
# GSTACK_STATE_DIR — legacy alias for GSTACK_HOME (kept for backwards compat)
|
|
set -euo pipefail
|
|
|
|
STATE_DIR="${GSTACK_HOME:-${GSTACK_STATE_DIR:-$HOME/.gstack}}"
|
|
CONFIG_FILE="$STATE_DIR/config.yaml"
|
|
|
|
# Annotated header for new config files. Written once on first `set`.
|
|
# Default semantics: DEFAULTS table below is the canonical source. Header text
|
|
# is documentation that must stay in sync with DEFAULTS.
|
|
CONFIG_HEADER='# gstack configuration — edit freely, changes take effect on next skill run.
|
|
# Docs: https://github.com/garrytan/gstack
|
|
#
|
|
# ─── Behavior ────────────────────────────────────────────────────────
|
|
# proactive: true # Auto-invoke skills when your request matches one.
|
|
# # Set to false to only run skills you type explicitly.
|
|
#
|
|
# routing_declined: false # Set to true to skip the CLAUDE.md routing injection
|
|
# # prompt. Set back to false to be asked again.
|
|
#
|
|
# ─── Telemetry ───────────────────────────────────────────────────────
|
|
# telemetry: off # off | anonymous | community
|
|
# # off — no data sent, no local analytics (default)
|
|
# # anonymous — counter only, no device ID
|
|
# # community — usage data + stable device ID
|
|
#
|
|
# ─── Updates ─────────────────────────────────────────────────────────
|
|
# auto_upgrade: false # true = silently upgrade on session start
|
|
# update_check: true # false = suppress version check notifications
|
|
#
|
|
# ─── Skill naming ────────────────────────────────────────────────────
|
|
# skill_prefix: false # true = namespace skills as /gstack-qa, /gstack-ship
|
|
# # false = short names /qa, /ship
|
|
#
|
|
# ─── Checkpoint ──────────────────────────────────────────────────────
|
|
# checkpoint_mode: explicit # explicit | continuous
|
|
# # explicit — commit only when you run /ship or /checkpoint
|
|
# # continuous — auto-commit after each significant change
|
|
# # with WIP: prefix + [gstack-context] body
|
|
#
|
|
# checkpoint_push: false # true = push WIP commits to remote as you go
|
|
# # false = keep WIP commits local only (default)
|
|
# # Pushing can trigger CI/deploy hooks — opt in carefully.
|
|
#
|
|
# ─── Writing style (V1) ──────────────────────────────────────────────
|
|
# explain_level: default # default = jargon-glossed, outcome-framed prose
|
|
# # (V1 default — more accessible for everyone)
|
|
# # terse = V0 prose style, no glosses, no outcome-framing layer
|
|
# # (for power users who know the terms)
|
|
# # Unknown values default to "default" with a warning.
|
|
# # See docs/designs/PLAN_TUNING_V1.md for rationale.
|
|
#
|
|
# ─── GBrain sync (v1.7+) ─────────────────────────────────────────────
|
|
# gbrain_sync_mode: off # off | artifacts-only | full
|
|
# # off — no sync (default)
|
|
# # artifacts-only — sync plans/designs/retros/learnings only
|
|
# # (skip behavioral data: question-log,
|
|
# # developer-profile, timeline)
|
|
# # full — sync everything allowlisted
|
|
# # Set by the first-run privacy stop-gate. See docs/gbrain-sync.md.
|
|
#
|
|
# gbrain_sync_mode_prompted: false
|
|
# # Set to true once the privacy gate has asked the user.
|
|
# # Flip back to false to be re-prompted.
|
|
#
|
|
# ─── Advanced ────────────────────────────────────────────────────────
|
|
# codex_reviews: enabled # disabled = skip Codex adversarial reviews in /ship
|
|
# gstack_contributor: false # true = file field reports when gstack misbehaves
|
|
# skip_eng_review: false # true = skip eng review gate in /ship (not recommended)
|
|
#
|
|
'
|
|
|
|
# DEFAULTS table — canonical default values for known keys.
|
|
# `get <key>` returns DEFAULTS[key] when the key is absent from the config file
|
|
# AND the env override is not set. Keep in sync with the CONFIG_HEADER comments.
|
|
lookup_default() {
|
|
case "$1" in
|
|
proactive) echo "true" ;;
|
|
routing_declined) echo "false" ;;
|
|
telemetry) echo "off" ;;
|
|
auto_upgrade) echo "false" ;;
|
|
update_check) echo "true" ;;
|
|
skill_prefix) echo "false" ;;
|
|
checkpoint_mode) echo "explicit" ;;
|
|
checkpoint_push) echo "false" ;;
|
|
codex_reviews) echo "enabled" ;;
|
|
gstack_contributor) echo "false" ;;
|
|
skip_eng_review) echo "false" ;;
|
|
cross_project_learnings) echo "" ;; # intentionally empty → unset triggers first-time prompt
|
|
gbrain_sync_mode) echo "off" ;;
|
|
gbrain_sync_mode_prompted) echo "false" ;;
|
|
*) echo "" ;;
|
|
esac
|
|
}
|
|
|
|
case "${1:-}" in
|
|
get)
|
|
KEY="${2:?Usage: gstack-config get <key>}"
|
|
# Validate key (alphanumeric + underscore only)
|
|
if ! printf '%s' "$KEY" | grep -qE '^[a-zA-Z0-9_]+$'; then
|
|
echo "Error: key must contain only alphanumeric characters and underscores" >&2
|
|
exit 1
|
|
fi
|
|
VALUE=$(grep -E "^${KEY}:" "$CONFIG_FILE" 2>/dev/null | tail -1 | awk '{print $2}' | tr -d '[:space:]' || true)
|
|
if [ -z "$VALUE" ]; then
|
|
VALUE=$(lookup_default "$KEY")
|
|
fi
|
|
printf '%s' "$VALUE"
|
|
;;
|
|
set)
|
|
KEY="${2:?Usage: gstack-config set <key> <value>}"
|
|
VALUE="${3:?Usage: gstack-config set <key> <value>}"
|
|
# Validate key (alphanumeric + underscore only)
|
|
if ! printf '%s' "$KEY" | grep -qE '^[a-zA-Z0-9_]+$'; then
|
|
echo "Error: key must contain only alphanumeric characters and underscores" >&2
|
|
exit 1
|
|
fi
|
|
# V1: whitelist values for keys with closed value domains. Unknown values warn + default.
|
|
if [ "$KEY" = "explain_level" ] && [ "$VALUE" != "default" ] && [ "$VALUE" != "terse" ]; then
|
|
echo "Warning: explain_level '$VALUE' not recognized. Valid values: default, terse. Using default." >&2
|
|
VALUE="default"
|
|
fi
|
|
if [ "$KEY" = "gbrain_sync_mode" ] && [ "$VALUE" != "off" ] && [ "$VALUE" != "artifacts-only" ] && [ "$VALUE" != "full" ]; then
|
|
echo "Warning: gbrain_sync_mode '$VALUE' not recognized. Valid values: off, artifacts-only, full. Using off." >&2
|
|
VALUE="off"
|
|
fi
|
|
mkdir -p "$STATE_DIR"
|
|
# Write annotated header on first creation
|
|
if [ ! -f "$CONFIG_FILE" ]; then
|
|
printf '%s' "$CONFIG_HEADER" > "$CONFIG_FILE"
|
|
fi
|
|
# Escape sed special chars in value and drop embedded newlines
|
|
ESC_VALUE="$(printf '%s' "$VALUE" | head -1 | sed 's/[&/\]/\\&/g')"
|
|
if grep -qE "^${KEY}:" "$CONFIG_FILE" 2>/dev/null; then
|
|
# Portable in-place edit (BSD sed uses -i '', GNU sed uses -i without arg)
|
|
_tmpfile="$(mktemp "${CONFIG_FILE}.XXXXXX")"
|
|
sed "/^${KEY}:/s/.*/${KEY}: ${ESC_VALUE}/" "$CONFIG_FILE" > "$_tmpfile" && mv "$_tmpfile" "$CONFIG_FILE"
|
|
else
|
|
echo "${KEY}: ${VALUE}" >> "$CONFIG_FILE"
|
|
fi
|
|
# Auto-relink skills when prefix setting changes (skip during setup to avoid recursive call)
|
|
if [ "$KEY" = "skill_prefix" ] && [ -z "${GSTACK_SETUP_RUNNING:-}" ]; then
|
|
GSTACK_RELINK="$(dirname "$0")/gstack-relink"
|
|
[ -x "$GSTACK_RELINK" ] && "$GSTACK_RELINK" || true
|
|
fi
|
|
;;
|
|
list)
|
|
if [ -f "$CONFIG_FILE" ]; then
|
|
cat "$CONFIG_FILE"
|
|
fi
|
|
echo ""
|
|
echo "# ─── Active values (including defaults for unset keys) ───"
|
|
for KEY in proactive routing_declined telemetry auto_upgrade update_check \
|
|
skill_prefix checkpoint_mode checkpoint_push codex_reviews \
|
|
gstack_contributor skip_eng_review gbrain_sync_mode \
|
|
gbrain_sync_mode_prompted; do
|
|
VALUE=$(grep -E "^${KEY}:" "$CONFIG_FILE" 2>/dev/null | tail -1 | awk '{print $2}' | tr -d '[:space:]' || true)
|
|
SOURCE="default"
|
|
if [ -n "$VALUE" ]; then
|
|
SOURCE="set"
|
|
else
|
|
VALUE=$(lookup_default "$KEY")
|
|
fi
|
|
printf ' %-24s %s (%s)\n' "$KEY:" "$VALUE" "$SOURCE"
|
|
done
|
|
;;
|
|
defaults)
|
|
echo "# gstack-config defaults"
|
|
for KEY in proactive routing_declined telemetry auto_upgrade update_check \
|
|
skill_prefix checkpoint_mode checkpoint_push codex_reviews \
|
|
gstack_contributor skip_eng_review gbrain_sync_mode \
|
|
gbrain_sync_mode_prompted; do
|
|
printf ' %-24s %s\n' "$KEY:" "$(lookup_default "$KEY")"
|
|
done
|
|
;;
|
|
*)
|
|
echo "Usage: gstack-config {get|set|list|defaults} [key] [value]"
|
|
exit 1
|
|
;;
|
|
esac
|