@mediadatafusion/pi-workflow-suite 0.0.10 → 0.0.11

package/extensions/workflow-state.ts

@@ -163,12 +163,32 @@ export interface CompletedPlanSummary {
   finalReport?: string;
 }
 
+export interface BlockedPlanResumeSnapshot {
+  task?: string;
+  originalTask?: string;
+  approvedPlan?: string;
+  planHistoryId?: string;
+  approvedPlanHistoryId?: string;
+  executionSummary?: string;
+  validationReport?: string;
+  validationVerdict?: "PASS" | "PARTIAL PASS" | "FAIL" | "UNKNOWN";
+  lastValidationFailure?: string;
+  lastRepairAttempt?: string;
+  repairHistory?: WorkflowRepairHistoryEntry[];
+  lastRepairStatus?: "none" | "running" | "completed" | "failed" | "blocked";
+  currentValidationRetry?: number;
+  workflowValidationRetryCount?: number;
+  planRuntime?: PlanRuntimeState;
+  planProgress?: PlanProgressState;
+}
+
 export interface WorkflowFinalStopSummary {
   stoppedAt: string;
   kind: "plan" | "mission";
   status: "completed" | "blocked";
   title: string;
   summary: string;
+  blockedPlanSnapshot?: BlockedPlanResumeSnapshot;
 }
 
 export interface CompletedMissionSummary {
@@ -234,10 +254,20 @@ export interface WorkflowState {
   lastRepairAttempt?: string;
   repairHistory?: WorkflowRepairHistoryEntry[];
   lastRepairStatus?: "none" | "running" | "completed" | "failed" | "blocked";
+  concreteRepairableIssue?: boolean;
+  manualVerificationRequired?: boolean;
+  evidenceGap?: boolean;
+  lastValidationCompletedAt?: string;
   planStepValidationIndex?: number;
   planExecutionStepIndex?: number;
   planRuntime?: PlanRuntimeState;
   planProgress?: PlanProgressState;
+  planProgressLastToolStep?: number;
+  planProgressLastToolStatus?: PlanStepStatus;
+  planProgressLastToolAt?: string;
+  planTokensUsed?: number;
+  missionTokensUsed?: number;
+  standardTokensUsed?: number;
   standardRuntime?: StandardRuntimeState;
   standardTodo?: StandardTodoState;
   standardLastAutoCheckAt?: string;
@@ -291,6 +321,15 @@ export interface SavedWorkflowPlan {
   finalReport?: string;
   modelsUsed?: WorkflowState["modelsUsed"];
   subagents?: Record<string, unknown>;
+  planProgress?: WorkflowState["planProgress"];
+  planRuntime?: WorkflowState["planRuntime"];
+  planExecutionStepIndex?: number;
+  planStepValidationIndex?: number;
+  currentValidationRetry?: number;
+  workflowValidationRetryCount?: number;
+  repairRetryState?: WorkflowState["repairRetryState"];
+  repairHistory?: WorkflowState["repairHistory"];
+  reviewHistory?: WorkflowState["reviewHistory"];
 }
 
 export interface PlanSavingOptions {
@@ -385,6 +424,9 @@ export interface MissionState {
   reviewHistory?: WorkflowReviewHistoryEntry[];
   reviewRepairInProgress?: boolean;
   lastValidationResult?: string;
+  concreteRepairableIssue?: boolean;
+  manualVerificationRequired?: boolean;
+  evidenceGap?: boolean;
   modelsUsed: Record<string, string>;
   subagentsUsed: string[];
   approvalRequired: boolean;
@@ -535,6 +577,15 @@ export function saveWorkflowPlan(state: WorkflowState, options: PlanSavingOption
     finalReport: options.finalReport?.trim() ? (redactSecrets(compact(options.finalReport, 5000)) ?? compact(options.finalReport, 5000)) : undefined,
     modelsUsed: state.modelsUsed,
     subagents: options.subagents,
+    planProgress: state.planProgress,
+    planRuntime: state.planRuntime,
+    planExecutionStepIndex: state.planExecutionStepIndex,
+    planStepValidationIndex: state.planStepValidationIndex,
+    currentValidationRetry: state.currentValidationRetry,
+    workflowValidationRetryCount: state.workflowValidationRetryCount,
+    repairRetryState: state.repairRetryState,
+    repairHistory: state.repairHistory,
+    reviewHistory: state.reviewHistory,
   };
 
   writeFileSync(LATEST_PLAN_FILE, JSON.stringify(record, null, 2) + "\n", { encoding: "utf8", mode: 0o600 });
@@ -714,8 +765,10 @@ function activeElapsedMs(startedAt: string | null | undefined, nowMs: number, la
   const parsed = Date.parse(startedAt ?? "");
   if (!Number.isFinite(parsed)) return 0;
   const updated = Date.parse(lastUpdatedAt ?? "");
-  const end = parsed < RUNTIME_SESSION_STARTED_AT_MS && Number.isFinite(updated) && updated < RUNTIME_SESSION_STARTED_AT_MS
-    ? Math.max(parsed, updated)
+  const end = parsed < RUNTIME_SESSION_STARTED_AT_MS
+    ? (Number.isFinite(updated) && updated < RUNTIME_SESSION_STARTED_AT_MS
+        ? Math.max(parsed, updated)
+        : RUNTIME_SESSION_STARTED_AT_MS)
     : nowMs;
   return Math.max(0, end - parsed);
 }
@@ -770,7 +823,9 @@ export function planActiveRuntimeMs(state: WorkflowState, now = new Date()): num
 export function planWallClockAgeMs(state: WorkflowState, now = new Date()): number {
   const start = Date.parse(state.planRuntime?.createdAt ?? "");
   if (!Number.isFinite(start)) return 0;
-  return Math.max(0, now.getTime() - start);
+  const terminalTimestamp = planRuntimeCounterState(state) === "stopped" ? state.updatedAt : undefined;
+  const end = terminalTimestamp ? Date.parse(terminalTimestamp) : now.getTime();
+  return Math.max(0, (Number.isFinite(end) ? end : now.getTime()) - start);
 }
 
 export function applyStandardRuntimeAccounting(previous: WorkflowState | undefined, state: WorkflowState, now = new Date()): WorkflowState {
@@ -826,7 +881,9 @@ export function standardActiveRuntimeMs(state: WorkflowState, now = new Date()):
 export function standardWallClockAgeMs(state: WorkflowState, now = new Date()): number {
   const start = Date.parse(state.standardRuntime?.createdAt ?? "");
   if (!Number.isFinite(start)) return 0;
-  return Math.max(0, now.getTime() - start);
+  const terminalTimestamp = standardRuntimeCounterState(state) === "stopped" ? state.updatedAt : undefined;
+  const end = terminalTimestamp ? Date.parse(terminalTimestamp) : now.getTime();
+  return Math.max(0, (Number.isFinite(end) ? end : now.getTime()) - start);
 }
 
 export function applyMissionRuntimeAccounting(previous: MissionState | undefined, mission: MissionState, now = new Date()): MissionState {
@@ -859,7 +916,7 @@ export function applyMissionRuntimeAccounting(previous: MissionState | undefined
       lastResumedAt: mission.lastResumedAt ?? nowIso,
     };
   } else if (nextActive && previousStartedAt) {
-    next = { ...next, activeRunStartedAt: previousStartedAt };
+    next = { ...next, activeRunStartedAt: Date.parse(previousStartedAt) < RUNTIME_SESSION_STARTED_AT_MS ? nowIso : previousStartedAt };
   } else if (!nextActive) {
     next = { ...next, activeRunStartedAt: null };
   }

package/extensions/workflow-tool-guard.ts

@@ -1,6 +1,7 @@
 import { existsSync, realpathSync } from "node:fs";
 import { execFileSync } from "node:child_process";
-import { isAbsolute, resolve } from "node:path";
+import { isAbsolute, resolve, join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
 import { getAgentDir, type ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { loadWorkflowSettings } from "./workflow-model-router.js";
 import type { WorkflowState } from "./workflow-state.js";
@@ -22,9 +23,9 @@ export const EXECUTION_RESULT_TOOLS = [WORKFLOW_EXECUTION_RESULT_TOOL, MISSION_M
 export const VALIDATION_RESULT_TOOLS = [WORKFLOW_VALIDATION_RESULT_TOOL];
 export const REPAIR_RESULT_TOOLS = [WORKFLOW_REPAIR_RESULT_TOOL];
 export const STANDARD_RESULT_TOOLS = [STANDARD_HANDOFF_RESULT_TOOL];
-export const BASE_EXECUTE_TOOLS = ["read", "grep", "find", "ls", "edit", "write", "bash", WORKFLOW_PROGRESS_TOOL, WORKFLOW_DIAGRAM_TOOL];
-export const EXECUTE_TOOLS = [...BASE_EXECUTE_TOOLS, ...EXECUTION_RESULT_TOOLS, ...REPAIR_RESULT_TOOLS];
-export const VALIDATOR_TOOLS = ["read", "grep", "find", "ls", "bash", WORKFLOW_DIAGRAM_TOOL, ...REVIEW_RESULT_TOOLS, ...VALIDATION_RESULT_TOOLS];
+export const BASE_EXECUTE_TOOLS = ["read", "grep", "find", "ls", "edit", "write", "bash", WORKFLOW_DIAGRAM_TOOL];
+export const EXECUTE_TOOLS = [...BASE_EXECUTE_TOOLS, WORKFLOW_PROGRESS_TOOL, ...EXECUTION_RESULT_TOOLS, ...REPAIR_RESULT_TOOLS];
+export const VALIDATOR_TOOLS = ["read", "grep", "find", "ls", "bash", "write", WORKFLOW_DIAGRAM_TOOL, ...REVIEW_RESULT_TOOLS, ...VALIDATION_RESULT_TOOLS];
 
 
 const PATH_SCOPED_TOOLS = new Set(["read", "grep", "find", "ls", "edit", "write"]);
@@ -80,11 +81,23 @@ function piRuntimeInstructionPath(candidate: string): boolean {
     || rel === "themes" || rel.startsWith("themes/");
 }
 
+function packageInstructionPath(candidate: string): boolean {
+  const root = safeRealpath(join(dirname(fileURLToPath(import.meta.url)), ".."));
+  if (!pathInsideRoot(candidate, root)) return false;
+  const rel = candidate === root ? "" : candidate.slice(root.length + 1);
+  return rel === "skills" || rel.startsWith("skills/")
+    || rel === "agents" || rel.startsWith("agents/")
+    || rel === "config/prompts" || rel.startsWith("config/prompts/")
+    || rel === "prompts" || rel.startsWith("prompts/")
+    || rel === "themes" || rel.startsWith("themes/");
+}
+
 function repoLockPathBlock(pathValue: unknown, cwd: string, tool: string): string | undefined {
   const root = repoLockRoot(cwd);
   const candidate = resolveCandidatePath(typeof pathValue === "string" && pathValue.trim() ? pathValue.trim() : ".", cwd);
   if (!pathInsideRoot(candidate, root)) {
-    if ((tool === "read" || tool === "grep" || tool === "find" || tool === "ls") && piRuntimeInstructionPath(candidate)) return undefined;
+    if ((tool === "read" || tool === "grep" || tool === "find" || tool === "ls") && (piRuntimeInstructionPath(candidate) || packageInstructionPath(candidate))) return undefined;
+    if (candidate.startsWith("/private/tmp/") || candidate.startsWith("/tmp/") || candidate.startsWith("/var/tmp/")) return undefined;
     return `Repo Lock blocked path outside current repository: ${candidate} (repo root: ${root})`;
   }
   if ((tool === "edit" || tool === "write") && protectedRepoPath(candidate, root)) return `Repo Lock blocked ${tool} for protected project control path: ${candidate}`;
@@ -123,6 +136,8 @@ function repoLockBashBlock(command: string, cwd: string): string | undefined {
     if (raw === "." || raw === "./" || raw === "/") continue;
     const cleaned = raw.replace(/[),]+$/, "");
     if (!cleaned || cleaned.startsWith("./node_modules/.bin")) continue;
+    if (cleaned.startsWith("/dev/")) continue;
+    if (cleaned.startsWith("/tmp/") || cleaned.startsWith("/private/tmp/") || cleaned.startsWith("/var/tmp/")) continue;
     const candidate = resolveCandidatePath(cleaned, cwd);
     if (!pathInsideRoot(candidate, root)) return `Repo Lock blocked bash path outside current repository: ${cleaned} -> ${candidate} (repo root: ${root})`;
   }
@@ -147,6 +162,26 @@ const BLOCKED_EXECUTE_BASH: RegExp[] = [
   /\bpnpm\s+add\b/i,
   /\byarn\s+add\b/i,
   /\bpip\s+install\b/i,
+  /\bpip3?\s+install\b/i,
+  /\bbundle\s+install\b/i,
+  /\bgem\s+install\b/i,
+  /\bcargo\s+install\b/i,
+  /\bgo\s+(?:get|install)\b/i,
+  /\bdeno\s+(?:install|add|cache)\b/i,
+  /\bcomposer\s+(?:install|require|update)\b/i,
+  /\bmix\s+(?:deps\.get|deps\.compile)\b/i,
+  /\bbrew\s+install\b/i,
+  /\bapt\s+(?:install|get\s+install)\b/i,
+  /\byum\s+install\b/i,
+  /\bdnf\s+install\b/i,
+  /\bapk\s+add\b/i,
+  /\bnuget\s+install\b/i,
+  /\bdotnet\s+(?:add\s+package|tool\s+install|restore)\b/i,
+  /\bcabal\s+(?:install|update)\b/i,
+  /\bstack\s+(?:install|update)\b/i,
+  /\bconan\s+install\b/i,
+  /\bvcpkg\s+install\b/i,
+  /\bcoursier\s+(?:install|fetch)\b/i,
   /\bcurl\b[^\n]*\|\s*sh\b/i,
   /\bwget\b[^\n]*\|\s*sh\b/i,
   /\bvercel\s+deploy\b/i,
@@ -165,7 +200,7 @@ function isPlanMode(mode: WorkflowState["mode"]): boolean {
 }
 
 function isValidatorMode(mode: WorkflowState["mode"]): boolean {
-  return mode === "reviewing" || mode === "reviewed" || mode === "validating" || mode === "revalidating" || mode === "validated" || mode === "mission_validating" || mode === "mission_revalidating" || mode === "mission_final_validating";
+  return mode === "reviewing" || mode === "reviewed" || mode === "validating" || mode === "revalidating" || mode === "mission_validating" || mode === "mission_revalidating" || mode === "mission_final_validating";
 }
 
 function isValidationResultMode(mode: WorkflowState["mode"]): boolean {
@@ -180,9 +215,17 @@ function isSubagentWorker(): boolean {
   return process.env.PI_SUBAGENT_WORKER === "1";
 }
 
+const PACKAGE_INSTALL_RE = /\b(?:npm\s+install|pnpm\s+add|yarn\s+add|pip3?\s+install|bundle\s+install|gem\s+install|cargo\s+install|go\s+(?:get|install)|deno\s+(?:install|add|cache)|composer\s+(?:install|require|update)|mix\s+deps\.(?:get|compile)|brew\s+install|apt(?:-get)?\s+install|yum\s+install|dnf\s+install|apk\s+add|nuget\s+install|dotnet\s+(?:add\s+package|tool\s+install|restore)|cabal\s+(?:install|update)|stack\s+(?:install|update)|conan\s+install|vcpkg\s+install|coursier\s+(?:install|fetch))\b/i;
+
+function isPackageInstallCommand(command: string): boolean {
+  return PACKAGE_INSTALL_RE.test(command);
+}
+
 function commandBlocked(command: string, cwd?: string): boolean {
   const settings = loadWorkflowSettings(cwd);
-  return settings.safety.blockDestructiveCommands !== false && isBlockedExecuteCommand(command);
+  if (settings.safety.blockDestructiveCommands === false) return false;
+  if (isPackageInstallCommand(command) && settings.safety.allowPackageInstallInExecution !== false) return false;
+  return isBlockedExecuteCommand(command);
 }
 
 function standardTodoMode(settings: ReturnType<typeof loadWorkflowSettings>): "off" | "manual" | "auto" | "required" {
@@ -202,17 +245,32 @@ function standardTaskLooksSubstantive(task: string | undefined): boolean {
   return text.length >= 8 || text.split(/\s+/).filter(Boolean).length >= 2;
 }
 
-function standardSafeReadOnlyBash(command: string): boolean {
+function stripTimeoutPrefix(command: string): string {
+  return command.replace(/^timeout\s+\d+[smhd]?\s+/, "").trim() || command;
+}
+
+const DESTRUCTIVE_WORD_RE = /\b(?:install|add|update|upgrade|publish|deploy|push|checkout|switch|commit|merge|rebase|stash|tag|apply|am|restore|sed\s+-i|perl\s+-pi|chmod|chown|curl\s.*\|\s*(?:sh|bash)|wget\s.*\|\s*(?:sh|bash))\b/i;
+
+const SAFE_READ_ONLY_COMMANDS_RE = /^(?:git\s+(?:status|log|diff|show|branch|rev-parse|ls-files|describe|remote|tag|shortlog|count-objects|blame|name-rev)\b|cat\b|head\b|tail\b|less\b|more\b|wc\b|file\b|stat\b|which\b|where\b|command\s+-v\b|type\b|echo\b|printf\b|printenv\b|env\b|uname\b|date\b|id\b|whoami\b|hostname\b|pwd\b|ls\b|du\b|df\b|diff\b|comm\b|sort\b|uniq\b|cut\b|tr\b|awk\b|jq\b|yq\b|xq\b|(?:npm|pnpm|yarn|bun)\s+(?:run\s+)?(?:build|test|lint|typecheck|type-check|check[\s:]?\w*|dev|start|preview|serve|watch|format|analyze|compile|ci|validate|verify|coverage|bench|benchmark|bundle|pack|dist|static|docs|doc|stylelint|e2e|integration|unit)\b|(?:npm|pnpm|yarn|bun)\s+(?:exec|info|ls|list|query|outdated|why|view|pack\s+--dry-run)\b|npx\s+(?:serve|http-server|lite-server|tsc|vite|eslint|prettier|vitest|jest|mocha|cypress|playwright|webpack|rollup|parcel|turbo|nx|ts-node|tsx|esbuild|swc|babel|stylelint|biome|rome|knip|typedoc|compodoc|angular-cli|react-scripts|next|nuxt|remix|astro|svelte-kit)\b|pnpm\s+(?:exec|dlx)\s+\w+\b|bun\s+(?:test|check|build|run)\b|deno\s+(?:check|test|build|lint|task|info|doc|compile|fmt|eval|cache)\b|cargo\s+(?:build|test|check|clippy|doc|bench|run|metadata|locate-project|tree|version)\b|(?:rustc|rustup)\s+(?:--version|--print|which)\b|go\s+(?:build|test|vet|run|doc|list|mod\s+(?:verify|tidy|graph|download|why))\b|python3?\s+(?:--version|-V|-c\b|-m\s+(?:pytest|unittest|mypy|pylint|flake8|black|isort|ruff|json\.tool|compileall|bandit|pyright|http\.server|html\.parser|html))\b|pip3?\s+(?:list|show|check|debug|index\s+versions)\b|tsc\b|node\s+(?:--version|-v|--check|-c|-e|--eval)\b|make\s+(?:build|test|check|lint|all|verify|docs|format|static|analyze)\b|cmake\s+(?:--build|--version)\b|(?:dotnet|msbuild)\s+(?:build|test|restore|check|format|lint|pack)\b|(?:gradle|\.\/gradlew|gradlew\.bat)\s+(?:build|test|check|compile|lint|dependencies|projects|tasks)\b|mvn\s+(?:compile|test|verify|checkstyle|pmd|versions:display|dependency:tree|dependency:list)\b|(?:swift|swiftc)\s+(?:build|test|package\s+(?:describe|dump-package))\b|(?:bundle|gem)\s+(?:exec|list|check|info|query)\b|rake\s+(?:test|spec|lint|check|notes|stats|about)\b|php\s+(?:--version|-v|-l)\b|(?:php\s+)?artisan\s+(?:--version|route:list|config:show|env)\b|composer\s+(?:validate|check|show|outdated|info|diagnose)\b|mix\s+(?:test|compile|lint|format|docs)\b|bazel\s+(?:build|test|query|cquery|info|version)\b|buck\s+(?:build|test|query|audit)\b|curl\s+(?:-[^\s]*[sSfIv][^\s]*\s+)+(?:https?:\/\/|localhost|\$)|kill\s+\$!\b|kill\s+-0\s+\$\w+\b|wait\s+\$!\b|wait\s+\$\w+\b|sleep\s+[0-9.]+[smhd]?\b|ps\s+(?:aux?|-[a-z]*[eE][a-z]*|-[a-z]*[pP][a-z]*)\b|pgrep\s+-\w+\s+\w+|true\b|false\b|\.\s*\/node_modules\/\.bin\/\S+\b)/i;
+
+export function standardSafeReadOnlyBash(command: string): boolean {
   const trimmed = command.trim();
   if (!trimmed || isBlockedExecuteCommand(trimmed)) return false;
-  return /^(?:git\s+(?:status|log|diff|show|branch|rev-parse)\b|python3?\s+-m\s+json\.tool\b|npm\s+run\s+(?:lint|test)\b|npx\s+tsc\s+--noEmit\b|tsc\s+--noEmit\b)/i.test(trimmed);
+  const cmd = stripTimeoutPrefix(trimmed);
+  return SAFE_READ_ONLY_COMMANDS_RE.test(cmd);
+}
+
+function stripSafePreamble(command: string): string {
+  return command.replace(/^(?:set\s+[-+][euxo]+(?:\s+[^\n]*)?|export\s+\w+=["']?[^\n"']*["']?|\w+=\S+)\s*\n+/gm, "").trim() || command;
 }
 
 function validatorSafeEvidenceBash(command: string): boolean {
   const trimmed = command.trim();
-  if (!trimmed || isBlockedExecuteCommand(trimmed)) return false;
-  if (/\b(?:install|add|update|upgrade|publish|deploy|push|reset|clean|checkout|switch|commit|merge|rebase|stash|tag|apply|am|restore|rm|mv|cp|mkdir|touch|sed\s+-i|perl\s+-pi|tee|chmod|chown|kill|open)\b/i.test(trimmed)) return false;
-  return /^(?:git\s+(?:status|log|diff|show|branch|rev-parse|ls-files)\b|npm\s+run\s+(?:typecheck|check:ts|lint|test|build)\b|npx\s+tsc\s+--noEmit\b|tsc\s+--noEmit\b|python3?\s+-m\s+json\.tool\b)/i.test(trimmed);
+  if (!trimmed) return false;
+  const cmd = stripSafePreamble(stripTimeoutPrefix(trimmed));
+  if (isBlockedExecuteCommand(cmd)) return false;
+  if (DESTRUCTIVE_WORD_RE.test(cmd)) return false;
+  return true;
 }
 
 function standardTodoTitleLooksGeneric(title: string): boolean {
@@ -238,6 +296,31 @@ function standardRequiredTodoMissing(state: WorkflowState, settings: ReturnType<
     && standardTaskLooksSubstantive(task);
 }
 
+function planProgressRelevantWorkTool(tool: string, input: unknown): boolean {
+  if (tool === "edit" || tool === "write") return true;
+  if (tool !== "bash") return false;
+  const command = String((input as { command?: unknown } | undefined)?.command ?? "");
+  return Boolean(command.trim()) && !standardSafeReadOnlyBash(command);
+}
+
+function currentPlanProgressStepNumber(state: WorkflowState): number | undefined {
+  const steps = state.planProgress?.steps ?? [];
+  if (!steps.length) return undefined;
+  if (steps.every((step) => step.status === "completed" || step.status === "skipped")) return undefined;
+  const activeIndex = steps.findIndex((step) => step.status === "active");
+  const fallbackIndex = Math.max(0, Math.min(steps.length - 1, Math.floor(state.planProgress?.currentStepIndex ?? 0)));
+  return (activeIndex >= 0 ? activeIndex : fallbackIndex) + 1;
+}
+
+function planProgressToolRequiredBlock(state: WorkflowState, tool: string, input: unknown): string | undefined {
+  if (state.mode !== "executing" && state.mode !== "repairing") return undefined;
+  if (!planProgressRelevantWorkTool(tool, input)) return undefined;
+  const stepNumber = currentPlanProgressStepNumber(state);
+  if (!stepNumber) return undefined;
+  if (state.planProgressLastToolStatus === "active" && state.planProgressLastToolStep === stepNumber) return undefined;
+  return `Plan execution ${tool} is blocked until workflow_progress({ step: ${stepNumber}, status: "active" }) is called for the current approved Plan step.`;
+}
+
 export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowState): void {
   pi.on("tool_call", async (event, ctx) => {
     const state = getState();
@@ -272,13 +355,16 @@ export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowStat
 
     if (tool === STANDARD_HANDOFF_RESULT_TOOL && state.mode !== "standard") return { block: true, reason: "Standard handoff result is only available while Standard Mode is active." };
 
-    if ((tool === WORKFLOW_PLAN_RESULT_TOOL && state.mode !== "planning") || (tool === MISSION_PLAN_RESULT_TOOL && state.mode !== "mission_planning")) return { block: true, reason: `${tool} is only available during its planning phase.` };
+    if (tool === WORKFLOW_PLAN_RESULT_TOOL && state.mode !== "planning" && state.mode !== "executing" && state.mode !== "repairing") return { block: true, reason: `${tool} is only available during its planning phase.` };
+    if (tool === MISSION_PLAN_RESULT_TOOL && state.mode !== "mission_planning") return { block: true, reason: `${tool} is only available during its planning phase.` };
     if (tool === WORKFLOW_REVIEW_RESULT_TOOL && state.mode !== "reviewing" && state.mode !== "mission_plan_ready") return { block: true, reason: "workflow_review_result is only available during review phases." };
     if (tool === WORKFLOW_EXECUTION_RESULT_TOOL && state.mode !== "executing") return { block: true, reason: "workflow_execution_result is only available during Plan execution." };
     if (tool === MISSION_MILESTONE_RESULT_TOOL && state.mode !== "mission_running") return { block: true, reason: "mission_milestone_result is only available during Mission execution." };
     if (tool === WORKFLOW_VALIDATION_RESULT_TOOL && !isValidationResultMode(state.mode)) return { block: true, reason: "workflow_validation_result is only available during validation phases." };
     if (tool === WORKFLOW_REPAIR_RESULT_TOOL && state.mode !== "repairing" && state.mode !== "mission_repairing") return { block: true, reason: "workflow_repair_result is only available during repair phases." };
 
+    if (tool === WORKFLOW_PROGRESS_TOOL && state.mode !== "executing" && state.mode !== "repairing") return { block: true, reason: "Plan step progress tracking is only available during Plan execution." };
+
     if (tool === "standard_todo") {
       if (state.mode !== "standard") return { block: true, reason: "Standard Mode To Do is only available while Standard Mode is active." };
       if (state.standardClarificationPending || state.standardClarificationStage === "drafting" || state.standardClarificationStage === "awaiting_answer") return { block: true, reason: "Standard Mode To Do is blocked until the pending Standard clarification is answered." };
@@ -292,14 +378,18 @@ export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowStat
       }
     }
 
+    const planProgressBlock = planProgressToolRequiredBlock(state, tool, event.input);
+    if (planProgressBlock) return { block: true, reason: planProgressBlock };
+
     if (isPlanMode(state.mode)) {
+      if (state.mode === "plan_approved" && state.approvedPlan) return;
       if (tool === "edit" || tool === "write") return { block: true, reason: `Workflow Plan Mode blocks ${tool}. Allowed tools: ${PLAN_TOOLS.join(", ")}${settings.safety.disableBashInPlanMode === false ? ", bash (safe commands)" : ""}` };
       if (tool === "bash" && settings.safety.disableBashInPlanMode !== false) return { block: true, reason: `Workflow Plan Mode blocks bash. Allowed tools: ${PLAN_TOOLS.join(", ")}` };
     }
 
     if (isValidatorMode(state.mode)) {
-      if (tool === "edit" || tool === "write") return { block: true, reason: `Workflow Review/Validator Mode blocks ${tool}. Allowed tools: ${VALIDATOR_TOOLS.join(", ")}` };
-      if (tool === "bash") {
+      if (tool === "edit") return { block: true, reason: `Workflow Review/Validator Mode blocks ${tool}. Allowed tools: ${VALIDATOR_TOOLS.join(", ")}` };
+      if (tool === "bash" && settings.safety.disableBashInValidatorMode !== false) {
         const command = String((event.input as { command?: unknown }).command ?? "");
         if (!validatorSafeEvidenceBash(command)) return { block: true, reason: `Workflow Review/Validator Mode blocks unsafe bash. Allowed bash is limited to safe read-only evidence commands.` };
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mediadatafusion/pi-workflow-suite",
-  "version": "0.0.10",
+  "version": "0.0.11",
   "description": "Structured workflow orchestration suite for Pi with Standard, Plan, Mission, compaction, diagrams, web access, repo lock, and safety gates.",
   "license": "Apache-2.0",
   "repository": {
@@ -36,6 +36,7 @@
   "type": "module",
   "files": [
     "extensions/",
+    "!extensions/*.bak",
     "skills/",
     "agents/",
     "config/",
@@ -105,7 +106,7 @@
   "scripts": {
     "check:ts": "tsc --noEmit --noCheck",
     "typecheck": "tsc --noEmit",
-    "validate": "npm run check:ts && ./scripts/check-clean-release-tree.sh && npm run check:package-size && git diff --check",
+    "validate": "npm run check:ts && ./scripts/test-workflow-forced-subagent-regression.sh && ./scripts/test-agent-skill-boundary-regression.sh && ./scripts/test-startup-visual-mode-entry-regression.sh && ./scripts/test-settings-health-regression.sh && ./scripts/test-handoff-visibility-regression.sh && ./scripts/test-mission-milestone-handoff-regression.sh && ./scripts/test-plan-handoff-chain-regression.sh && ./scripts/test-plan-step-progress-regression.sh && ./scripts/test-standard-mode-regression.sh && ./scripts/test-final-handoff-summary-regression.sh && ./scripts/test-clarification-answer-handoff-regression.sh && ./scripts/test-validation-evidence-contract-regression.sh && ./scripts/test-mermaid-guidance-regression.sh && ./scripts/test-runtime-web-tools-regression.sh && ./scripts/test-repolock-scope-regression.sh && ./scripts/test-repo-lock-version-regression.sh && ./scripts/test-package-menu-surface.sh && npm run check:package-size && git diff --check",
     "check:package-size": "node scripts/check-package-size.mjs",
     "prepack": "node scripts/prepare-package-readme.mjs apply",
     "postpack": "node scripts/prepare-package-readme.mjs restore --pack",