garrytan
diff --git a/‎CHANGELOG.md‎
Lines changed: 167 additions & 78 deletions b/‎CHANGELOG.md‎
Lines changed: 167 additions & 78 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 6 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎USING_GBRAIN_WITH_GSTACK.md‎
Lines changed: 2 additions & 2 deletions b/‎USING_GBRAIN_WITH_GSTACK.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎bin/gstack-gbrain-install‎
Lines changed: 61 additions & 8 deletions b/‎bin/gstack-gbrain-install‎
Lines changed: 61 additions & 8 deletions
diff --git a/‎bin/gstack-gbrain-sync.ts‎
Lines changed: 85 additions & 25 deletions b/‎bin/gstack-gbrain-sync.ts‎
Lines changed: 85 additions & 25 deletions
diff --git a/‎bin/gstack-jsonl-merge‎
Lines changed: 10 additions & 3 deletions b/‎bin/gstack-jsonl-merge‎
Lines changed: 10 additions & 3 deletions
@@ -938,4 +938,10 @@ file globs. Run `/sync-gbrain` after meaningful code changes; for ongoing
 auto-sync across all worktrees, run `gbrain autopilot --install` once per
 machine — gbrain's daemon handles incremental refresh on a schedule.
 
+Safety: don't run `/sync-gbrain` while `gbrain autopilot` is active — the
+orchestrator refuses destructive source ops when it detects a running autopilot
+to avoid racing it (#1734). Prefer registering user repos with `gbrain sources
+add --path <dir>` (no `--url`): URL-managed sources can auto-reclone, and the
+sync code walk for them requires an explicit `--allow-reclone` opt-in.
+
 <!-- gstack-gbrain-search-guidance:end -->
@@ -136,7 +136,7 @@ The skill runs three stages — code, memory, brain-sync — independently. A fa
 
 1. **Pre-flight.** Checks `gbrain_local_status` (the local engine's health). If the engine is `broken-db` or `broken-config`, the skill STOPs with a remediation menu — it refuses to silently degrade. If the local engine is missing and you're in remote-MCP mode (Path 4), the code stage SKIPs cleanly and only brain-sync runs.
 2. **Code stage.** Registers the cwd as a federated source via `gbrain sources add`, writes a `.gbrain-source` pin file in the repo root (kubectl-style context — every worktree gets its own pin, so Conductor sibling worktrees don't collide), runs `gbrain sync --strategy code`.
-3. **Memory stage.** Stages your `~/.gstack/` transcripts + curated memory. In local-stdio MCP mode, ingests into the local engine. In remote-http MCP mode, persists staged markdown to `~/.gstack/transcripts/run-<pid>-<ts>/` for the remote brain admin's pull pipeline.
+3. **Memory stage.** Stages your `~/.gstack/` transcripts + curated memory. In local-stdio MCP mode, ingests into the local engine. In remote-http MCP mode, persists staged markdown to `~/.gstack/transcripts/run-<pid>-<ts>/` for the remote brain admin's pull pipeline. The ingest timeout is 30 minutes by default; raise it for a big brain with `GSTACK_INGEST_TIMEOUT_MS` (accepts 1 min–24h). On timeout the gbrain import checkpoint is preserved, so the next `/sync-gbrain` resumes instead of starting over.
 4. **Brain-sync stage.** Pushes curated artifacts (plans, designs, retros) to your private artifacts repo if you have one configured.
 5. **CLAUDE.md guidance.** Capability-checks the round-trip (write a page → search → find it). If green, writes the `## GBrain Search Guidance` block to your project's CLAUDE.md. If red, REMOVES the block — the agent should never be told to use a tool that isn't installed.
 
@@ -379,7 +379,7 @@ Another gstack session in a sibling Conductor workspace may be holding a lock on
 ## Related skills + next steps
 
 - `/health` — includes a GBrain dimension (doctor status, sync queue depth, last-push age) in its 0-10 composite score. The dimension is omitted when gbrain isn't installed; running `/health` on a non-gbrain machine doesn't penalize that choice.
-- `/gstack-upgrade` — keeps gstack itself up to date. Does NOT upgrade gbrain independently. To bump gbrain, update `PINNED_COMMIT` in `bin/gstack-gbrain-install` and re-run `/setup-gbrain`.
+- `/gstack-upgrade` — keeps gstack itself up to date. Does NOT upgrade gbrain independently. gbrain installs at the latest HEAD by default; to refresh it, `git pull` in your gbrain clone (default `~/gbrain`) and re-run `/setup-gbrain`. Pin a specific commit with `gstack-gbrain-install --pinned-commit <sha>` if you need reproducibility. Installs below the minimum tested version are refused.
 - `/retro` — weekly retrospective pulls learnings and plans from your gbrain when memory sync is on, letting the retro reference cross-machine history.
 
 Run `/setup-gbrain` and see what sticks.
@@ -19,9 +19,14 @@
 #   - git
 #   - network reachability to https://github.com
 #
-# The pinned commit is declared here rather than resolved dynamically so
-# upgrades are explicit and reviewable. Update PINNED_COMMIT when gstack
-# verifies compatibility with a new gbrain release.
+# gbrain installs at the latest default-branch HEAD by default — the hard pin
+# was removed in #1744 (it had drifted ~23 versions behind). Pass
+# --pinned-commit <sha> to install a specific commit for reproducibility. A
+# minimum-version floor (MIN_GBRAIN_VERSION) hard-fails the install when the
+# resulting gbrain is too old for gstack's sync integration, and a fast
+# `gbrain doctor` self-test hard-fails a broken install when gbrain is already
+# configured. This keeps the version gate that the pin used to provide without
+# freezing users 23 releases behind.
 #
 # Env:
 #   GBRAIN_INSTALL_DIR — override default install path (~/gbrain)
@@ -33,8 +38,14 @@
 set -euo pipefail
 
 # --- defaults ---
-PINNED_COMMIT="08b3698e90532b7b66c445e6b1d8cdfe71822802"  # gbrain v0.18.2
-PINNED_TAG="v0.18.2"
+# No version pin by default — install the latest default-branch HEAD (#1744).
+# --pinned-commit <sha> overrides for reproducibility.
+PINNED_COMMIT=""
+PINNED_TAG=""
+# Minimum gbrain version gstack's integration is known to work with. The
+# `sources list --json` wrapped-object shape + federated sources landed by 0.20;
+# older predates the surface gstack drives. Hard-fail below this floor (#1744).
+MIN_GBRAIN_VERSION="0.20.0"
 GBRAIN_REPO_URL="https://github.com/garrytan/gbrain.git"
 DEFAULT_INSTALL_DIR="${GBRAIN_INSTALL_DIR:-$HOME/gbrain}"
 INSTALL_DIR="$DEFAULT_INSTALL_DIR"
@@ -113,16 +124,20 @@ elif [ -n "$DETECTED_CLONE" ]; then
 else
   # Fresh clone path.
   if $DRY_RUN; then
-    log "DRY RUN: would clone $GBRAIN_REPO_URL @ $PINNED_COMMIT → $INSTALL_DIR"
+    log "DRY RUN: would clone $GBRAIN_REPO_URL ${PINNED_COMMIT:+@ $PINNED_COMMIT }→ $INSTALL_DIR (latest HEAD unless --pinned-commit)"
     exit 0
   fi
   if [ -d "$INSTALL_DIR" ]; then
     fail "install dir $INSTALL_DIR exists but is not a valid gbrain clone. Remove it or pass --install-dir <other>."
   fi
   log "cloning $GBRAIN_REPO_URL → $INSTALL_DIR"
   git clone --quiet "$GBRAIN_REPO_URL" "$INSTALL_DIR"
-  ( cd "$INSTALL_DIR" && git checkout --quiet "$PINNED_COMMIT" )
-  log "pinned to $PINNED_COMMIT${PINNED_TAG:+ ($PINNED_TAG)}"
+  if [ -n "$PINNED_COMMIT" ]; then
+    ( cd "$INSTALL_DIR" && git checkout --quiet "$PINNED_COMMIT" )
+    log "checked out pinned commit $PINNED_COMMIT${PINNED_TAG:+ ($PINNED_TAG)}"
+  else
+    log "installed latest gbrain (default-branch HEAD)"
+  fi
 fi
 
 if $DRY_RUN; then
@@ -195,6 +210,44 @@ fi
 
 log "installed gbrain $actual_version from $INSTALL_DIR"
 
+# --- minimum-version floor (#1744) ---
+# Unpinning means new installs track gbrain HEAD. Hard-fail if the resulting
+# version is below the floor gstack's sync integration needs — same exit-3 posture
+# as the PATH-shadow / version-mismatch failures above. A warning here is exactly
+# how the data-loss class slipped through, so this gate fails closed.
+version_lt() {
+  # 0 (true) when $1 < $2 by version sort; equal versions are NOT less-than.
+  [ "$1" = "$2" ] && return 1
+  [ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | head -1)" = "$1" ]
+}
+if version_lt "$actual_norm" "$MIN_GBRAIN_VERSION"; then
+  echo "" >&2
+  echo "gstack-gbrain-install: gbrain $actual_version is below the minimum gstack-tested version ($MIN_GBRAIN_VERSION)." >&2
+  echo "  gstack's sync integration needs the v0.20+ source/list surface." >&2
+  echo "  Fix: update the gbrain clone at $INSTALL_DIR to a newer release (git pull), then" >&2
+  echo "  re-run /setup-gbrain. Or pass --pinned-commit <sha> to install a specific newer commit." >&2
+  echo "" >&2
+  exit 3
+fi
+
+# --- functional self-test when gbrain is already configured (#1744) ---
+# When a brain config exists (re-install / detected clone), run a fast doctor as
+# a hard gate so a broken gbrain is caught at setup, not at data-loss time.
+# Pre-init installs skip this (config not written yet); the full
+# `/sync-gbrain --dry-run` self-test runs from /setup-gbrain after `gbrain init`.
+_GBRAIN_HOME_CHECK="${GBRAIN_HOME:-$HOME/.gbrain}"
+if [ -f "$_GBRAIN_HOME_CHECK/config.json" ]; then
+  if ! gbrain doctor --fast >/dev/null 2>&1; then
+    echo "" >&2
+    echo "gstack-gbrain-install: gbrain $actual_version installed but 'gbrain doctor --fast' failed." >&2
+    echo "  Refusing to leave a broken gbrain in place. Run 'gbrain doctor' to see what's wrong," >&2
+    echo "  fix it, then re-run /setup-gbrain." >&2
+    echo "" >&2
+    exit 3
+  fi
+  log "gbrain doctor --fast passed"
+fi
+
 # v1.40.0.0 post-install validation (T6 / codex review #19): --ignore-scripts
 # may skip artifacts gbrain needs at runtime, especially on Windows
 # MSYS/MINGW where we DID pass --ignore-scripts. `gbrain --version` above
 
@@ -37,9 +37,10 @@ import { createHash } from "crypto";
 
 import "../lib/conductor-env-shim";
 import { detectEngineTier, withErrorContext, canonicalizeRemote } from "../lib/gstack-memory-helpers";
-import { ensureSourceRegistered, sourcePageCount } from "../lib/gbrain-sources";
+import { ensureSourceRegistered, sourcePageCount, parseSourcesList } from "../lib/gbrain-sources";
+import { detectAutopilot, decideSourceRemove, decideCodeSync } from "../lib/gbrain-guards";
 import { localEngineStatus, type LocalEngineStatus } from "../lib/gbrain-local-status";
-import { buildGbrainEnv, spawnGbrain, execGbrainJson } from "../lib/gbrain-exec";
+import { buildGbrainEnv, spawnGbrain, execGbrainJson, NEEDS_SHELL_ON_WINDOWS } from "../lib/gbrain-exec";
 
 // ── Types ──────────────────────────────────────────────────────────────────
 
@@ -52,14 +53,16 @@ interface CliArgs {
   noMemory: boolean;
   noBrainSync: boolean;
   codeOnly: boolean;
+  /** #1734: opt-in to sync a URL-managed source whose code walk may auto-reclone. */
+  allowReclone: boolean;
 }
 
 interface CodeStageDetail {
   source_id?: string;
   source_path?: string;
   page_count?: number | null;
   last_imported?: string;
-  status?: "ok" | "skipped" | "failed";
+  status?: "ok" | "skipped" | "failed" | "refused-autopilot" | "refused-reclone";
 }
 
 interface StageResult {
@@ -205,6 +208,8 @@ Options:
   --no-memory          Skip the gstack-memory-ingest stage (transcripts + artifacts).
   --no-brain-sync      Skip the gstack-brain-sync git pipeline stage.
   --code-only          Only run the code-import stage (alias for --no-memory --no-brain-sync).
+  --allow-reclone      Permit the code walk for URL-managed sources (remote_url set)
+                       even though gbrain may auto-reclone the working tree (#1734).
   --help               This text.
 
 Stages run in order: code → memory ingest → curated git push.
@@ -220,6 +225,7 @@ function parseArgs(): CliArgs {
   let noMemory = false;
   let noBrainSync = false;
   let codeOnly = false;
+  let allowReclone = false;
 
   for (let i = 0; i < args.length; i++) {
     const a = args[i];
@@ -231,6 +237,7 @@ function parseArgs(): CliArgs {
       case "--no-code": noCode = true; break;
       case "--no-memory": noMemory = true; break;
       case "--no-brain-sync": noBrainSync = true; break;
+      case "--allow-reclone": allowReclone = true; break;
       case "--code-only":
         codeOnly = true;
         noMemory = true;
@@ -247,7 +254,7 @@ function parseArgs(): CliArgs {
     }
   }
 
-  return { mode, quiet, noCode, noMemory, noBrainSync, codeOnly };
+  return { mode, quiet, noCode, noMemory, noBrainSync, codeOnly, allowReclone };
 }
 
 // ── Helpers ────────────────────────────────────────────────────────────────
@@ -407,10 +414,7 @@ export function sourceLocalPath(sourceId: string, env?: NodeJS.ProcessEnv): stri
     { baseEnv: env },
   );
   if (!raw) return null;
-  const list: Array<{ id?: string; local_path?: string }> = Array.isArray(raw)
-    ? (raw as Array<{ id?: string; local_path?: string }>)
-    : ((raw as { sources?: Array<{ id?: string; local_path?: string }> }).sources ?? []);
-  const found = list.find((s) => s.id === sourceId);
+  const found = parseSourcesList(raw).find((s) => s.id === sourceId);
   return found?.local_path ?? null;
 }
 
@@ -469,20 +473,50 @@ export function planHostnameFoldMigration(
   return { kind: "pending-cleanup", oldId: legacyPathHashId };
 }
 
+export interface GuardedRemoveResult {
+  removed: boolean;
+  /** True when a guard refused the remove (autopilot active or unsafe source). */
+  skipped: boolean;
+  reason: string;
+}
+
+/**
+ * #1734: run `gbrain sources remove <id> --confirm-destructive` only behind the
+ * data-loss guards. Checked immediately before the destructive op (E8: as late
+ * as possible) so the autopilot window is as small as we can make it without a
+ * gbrain-side lease. Refuses when autopilot is active or when the source is
+ * user-managed and gbrain can't keep its storage. Pure side-effect helper; the
+ * caller decides whether a skip is fatal (it never is today — removes are
+ * best-effort cleanup).
+ */
+export function safeSourcesRemove(sourceId: string, env?: NodeJS.ProcessEnv): GuardedRemoveResult {
+  const ap = detectAutopilot(env);
+  if (ap.active) {
+    return {
+      removed: false,
+      skipped: true,
+      reason: `autopilot active (${ap.signal}); refusing destructive remove of ${sourceId}. ` +
+        `Stop autopilot, then re-run /sync-gbrain.`,
+    };
+  }
+  const decision = decideSourceRemove(sourceId, env);
+  if (!decision.allow) {
+    return { removed: false, skipped: true, reason: decision.reason };
+  }
+  const r = spawnGbrain(
+    ["sources", "remove", sourceId, "--confirm-destructive", ...decision.extraArgs],
+    { baseEnv: env },
+  );
+  return { removed: r.status === 0, skipped: false, reason: decision.reason };
+}
+
 /**
  * Remove an orphaned source. Called only after new-source sync verifies pages
- * exist, so the old source is provably redundant before deletion.
- *
- * Flag note: existing call sites used `--confirm-destructive` here and
- * `--yes` in `lib/gbrain-sources.ts` — gbrain 0.35.0.0 accepts neither
- * deterministically (the subcommand surface help is generic). We pass
- * `--confirm-destructive` to match the existing call site convention; the
- * flag-helper centralization in commit 4 (lib/gbrain-exec.ts) will resolve
- * the inconsistency across the codebase.
+ * exist, so the old source is provably redundant before deletion. Routed through
+ * safeSourcesRemove for the #1734 guards.
  */
 export function removeOrphanedSource(oldId: string, env?: NodeJS.ProcessEnv): boolean {
-  const r = spawnGbrain(["sources", "remove", oldId, "--confirm-destructive"], { baseEnv: env });
-  return r.status === 0;
+  return safeSourcesRemove(oldId, env).removed;
 }
 
 /**
@@ -661,13 +695,12 @@ async function runCodeImport(args: CliArgs): Promise<StageResult> {
   const legacyId = deriveLegacyCodeSourceId(root);
   let legacyRemoved = false;
   if (legacyId !== sourceId) {
-    const rm = spawnGbrain(["sources", "remove", legacyId, "--confirm-destructive"], {
-      timeout: 30_000,
-      baseEnv: gbrainEnv,
-    });
-    // Treat absent-source as success (clean state). gbrain emits "not found" on
-    // missing id; treat any non-zero exit without "not found" as a soft fail.
-    if (rm.status === 0) legacyRemoved = true;
+    // #1734: route through the data-loss guards (autopilot + source-safety).
+    const rm = safeSourcesRemove(legacyId, gbrainEnv);
+    if (rm.skipped && !args.quiet) {
+      console.error(`[sync:code] legacy-source cleanup skipped: ${rm.reason}`);
+    }
+    if (rm.removed) legacyRemoved = true;
   }
 
   // Step 0b: Hostname-fold migration (#1414).
@@ -720,6 +753,29 @@ async function runCodeImport(args: CliArgs): Promise<StageResult> {
     process.env.GSTACK_SYNC_CODE_TIMEOUT_MS,
     "GSTACK_SYNC_CODE_TIMEOUT_MS",
   );
+
+  // #1734 guards, checked immediately before the destructive walk (E8):
+  //   - autopilot active → refuse (the race that wiped a working tree).
+  //   - URL-managed source → the walk can auto-reclone (rm-rf); require
+  //     --allow-reclone. Both surface a visible reason and fail the stage so the
+  //     verdict shows ERR rather than silently skipping protection.
+  const apBeforeWalk = detectAutopilot(gbrainEnv);
+  if (apBeforeWalk.active) {
+    return {
+      name: "code", ran: true, ok: false, duration_ms: Date.now() - t0,
+      summary: `refused: gbrain autopilot active (${apBeforeWalk.signal}). Stop autopilot, then re-run /sync-gbrain.`,
+      detail: { source_id: sourceId, source_path: root, status: "refused-autopilot" },
+    };
+  }
+  const reclone = decideCodeSync(sourceId, gbrainEnv, args.allowReclone);
+  if (!reclone.allow) {
+    return {
+      name: "code", ran: true, ok: false, duration_ms: Date.now() - t0,
+      summary: `refused: ${reclone.reason}`,
+      detail: { source_id: sourceId, source_path: root, status: "refused-reclone" },
+    };
+  }
+
   const walkResult = spawnGbrain(["sync", "--strategy", "code", "--source", sourceId], {
     stdio: args.quiet ? ["ignore", "ignore", "ignore"] : ["ignore", "inherit", "inherit"],
     timeout: codeTimeoutMs,
@@ -961,13 +1017,17 @@ function runBrainSyncPush(args: CliArgs): StageResult {
     return { name: "brain-sync", ran: false, ok: true, duration_ms: 0, summary: "skipped (gstack-brain-sync not installed)" };
   }
 
+  // #1731: gstack-brain-sync is a bash shebang script; Windows can't spawn it
+  // without a shell, which surfaced as "brain-sync exited undefined".
   spawnSync(brainSyncPath, ["--discover-new"], {
     stdio: args.quiet ? ["ignore", "ignore", "ignore"] : ["ignore", "inherit", "inherit"],
     timeout: 60 * 1000,
+    shell: NEEDS_SHELL_ON_WINDOWS,
   });
   const result = spawnSync(brainSyncPath, ["--once"], {
     stdio: args.quiet ? ["ignore", "ignore", "ignore"] : ["ignore", "inherit", "inherit"],
     timeout: 60 * 1000,
+    shell: NEEDS_SHELL_ON_WINDOWS,
   });
 
   return {
 
@@ -53,18 +53,25 @@ for path in paths:
                     continue
                 if line in seen:
                     continue
-                # Prefer ISO ts field for sort; fall back to SHA-256.
+                # Prefer ISO ts field for sort; fall back to SHA-256. The line
+                # content is the final tiebreaker so the order is total: two
+                # entries sharing a ts must resolve identically regardless of
+                # which side they arrive on. Without it, equal-ts entries fall
+                # back to insertion order (base, ours, theirs), and since ours
+                # and theirs are swapped depending on which machine runs the
+                # merge, the two sides produce divergent files that never
+                # converge.
                 sort_key = None
                 try:
                     obj = json.loads(line)
                     ts = obj.get('ts') or obj.get('timestamp')
                     if isinstance(ts, str):
-                        sort_key = (0, ts)
+                        sort_key = (0, ts, line)
                 except (json.JSONDecodeError, ValueError, TypeError):
                     pass
                 if sort_key is None:
                     h = hashlib.sha256(line.encode('utf-8')).hexdigest()
-                    sort_key = (1, h)
+                    sort_key = (1, h, line)
                 seen[line] = sort_key
     except FileNotFoundError:
         # Absent base / absent ours / absent theirs are all valid.