Stable release. Published to npm under the latest tag.
npx get-shit-done-cc@latestWhat's in this release
1.42.1 is a safety and control-surface release. The headline additions are the
package legitimacy gate, skill-surface budgeting, and the installer migration
framework — three changes that make GSD safer to install, safer to update, and easier
to run in constrained contexts. The release also ships configurable /gsd-ship PR body
sections, /gsd-review reviewer defaults, optional fallow structural review, and
quota-aware execution recovery. Underneath that, 30+ correctness fixes cover
project_code phase directories, phase completion, nested git detection, Codex
install migration, SDK readiness, and decimal-phase dependencies.
Added
-
Package legitimacy gate against slopsquatting — researchers audit external
packages withslopcheck, planners add human verification for unverified packages,
and executors stop on package install failures instead of trying similarly named
alternatives. This closes the path where AI-hallucinated package names could flow
from research intonpm install/pip install/cargo add.
(#3215) -
Skill surface budgeting — install with
--profile=core,--profile=standard,
or the defaultfull; profiles persist in.gsd-profile. Use/gsd:surfaceto
list, enable, disable, reset, or switch skill clusters without reinstalling.
--minimaland--core-onlyremain aliases for--profile=core.
(#3408) -
Installer migration framework — install now has explicit migration records,
baseline scanning, legacy cleanup, user-owned artifact preservation, dry-run
reporting, rollback protection, and ambiguous stale-file guardrails.
(#3398,
#3399,
#3400,
#3402,
#3404) -
Configurable
/gsd-shipPR body sections —ship.pr_body_sectionsappends
project-specific PRD-style sections while preserving the requiredSummary,
Changes,Requirements Addressed,Verification, andKey Decisionssections.
(#3391) -
review.default_reviewers— no-flag/gsd-reviewcan default to a configured
reviewer subset. Explicit reviewer flags and--allstill take precedence.
(#3464) -
Optional fallow structural review pre-pass —
code_quality.fallow.*runs a
structural pass before/gsd-code-review, writesFALLOW.json, and embeds
structural findings inREVIEW.md.
(#3424) -
Structured CLI error mode —
gsd-tools --json-errorsreturns machine-readable
error envelopes for automation and SDK callers while preserving human-readable output
by default.
(#3255)
Changed
-
Human verification defaults to end-of-phase —
workflow.human_verify_mode: "end-of-phase"keeps human checks in verification blocks instead of scattering
mid-flight checkpoint tasks. Set"mid-flight"to restore the previous blocking
checkpoint behavior.
(#3309) -
Quota and rate-limit failures get a distinct recovery path — execute-phase
classifies provider quota failures (429,rate limit,usage limit,
RESOURCE_EXHAUSTED, etc.) and guides wait-and-resume instead of retry-now.
(#3095) -
Milestone tags can be disabled —
git.create_tag: falselets projects with
external release automation complete milestones without creating local tags.
Existing tag collisions now fail clearly instead of overwriting tags.
(#3086) -
Statusline context meter can move to the front —
statusline.context_position: "front"renders the context meter after the model name so it stays visible in narrow
terminals.
(#2937) -
Reasoning effort is transported with resolved model IDs — runtime-aware model
resolution now carriesreasoning_effortwhere supported, including Codex config
output and SDK query paths.
(#3474) -
Shell command projection and SDK architecture seams deepened — hook commands,
path actions, subprocess execution, platform file I/O, SDK compatibility policy, and
runtime skill policy now flow through narrower typed modules.
(#3238,
#3316,
#3470,
#3476,
#3481,
#3484)
Fixed
-
project_codephase directory prefixes apply consistently — first-touch
/gsd-discuss-phase,/gsd-plan-phase, import, gap-planning, and backlog creation
paths now create prefixed phase directories consistently.
(#3287,
#3298) -
Phase completion is idempotent and refreshes state —
state complete-phaseand
phase.completeno longer leave staleSTATE.mdprogress, focus, or body
frontmatter fields behind.
(#3489,
#3517) -
Nested git worktrees are detected —
/gsd-new-projectand ingest flows avoid
creating nested.gitdirectories when run inside an existing repository or
worktree.
(#3491) -
Codex install and hook migration are safer — AoT hooks use event-name leaf keys,
duplicate legacyhooks.jsonentries are removed, user hooks are preserved, and
unsupported execute-phase worktrees are blocked.
(#3346,
#3357,
#3360) -
SDK install readiness is durable —
--sdknow forces SDK deployment, stale shims
are detected, Windows PATH probing is hardened, and "GSD SDK ready" only prints when
the shim is reachable.
(#3033,
#3211,
#3231,
#3359) -
User custom skills are preserved during update detection —
detect-custom-files
now scansskills/, preventing user-added skill files from being missed during
patch preservation.
(#3317) -
Decimal-phase
depends_onreferences resolve correctly — SDK phase indexing now
expands same-phase short forms such asdepends_on: [01]and warns on unresolved
references.
(#3488) -
gsd-sdk query commit --files --respect-stagedpreserves interactive staging —
respect-staged mode now avoids restaging pathspecs and commits only the already
staged hunks within the requested file scope.
(#3522)
What was in 1.41.0
RELEASE-v1.41.0.md — per-phase-type model selection,
dynamic routing with failure-tier escalation, the optional update banner,
issue-driven orchestration, MVP mode SDK query verbs, graphify commit-based
staleness, and 25+ correctness fixes across Homebrew node paths, milestone archives,
secure-phase audits, cross-runtime installs, and statusline parsing.
Installing
# npm (global)
npm install -g get-shit-done-cc@latest
# npx (one-shot)
npx get-shit-done-cc@latest
# Pin to this exact version
npm install -g get-shit-done-cc@1.42.1The installer is idempotent — re-running on an existing install updates in-place,
preserving your .planning/ directory and local patches.