@mediadatafusion/pi-workflow-suite 0.0.9 → 0.0.11

package/extensions/workflow-parsers.ts

@@ -204,7 +204,8 @@ export function formatAnswersForPlanner(questions: ClarificationQuestion[], answ
 
 export function planValidationStatusForVerdict(verdict: WorkflowState["validationVerdict"]): PlanValidationStatus {
   if (verdict === "PASS") return "pass";
-  if (verdict === "UNKNOWN" || verdict === "PARTIAL PASS") return "unknown";
+  if (verdict === "PARTIAL PASS") return "partial pass";
+  if (verdict === "UNKNOWN") return "unknown";
   return "fail";
 }
 

package/extensions/workflow-state.ts

@@ -93,7 +93,7 @@ export interface StandardRuntimeState {
 
 export type PlanLifecycleStatus = "planning" | "awaiting_clarification" | "plan_ready" | "approved" | "reviewing" | "executing" | "validating" | "repairing" | "revalidating" | "completed" | "blocked";
 export type PlanStepStatus = "pending" | "active" | "completed" | "failed" | "blocked" | "skipped";
-export type PlanValidationStatus = "pending" | "running" | "pass" | "fail" | "unknown";
+export type PlanValidationStatus = "pending" | "running" | "pass" | "partial pass" | "fail" | "unknown";
 
 export interface PlanProgressStep {
   id: string;
@@ -163,12 +163,32 @@ export interface CompletedPlanSummary {
   finalReport?: string;
 }
 
+export interface BlockedPlanResumeSnapshot {
+  task?: string;
+  originalTask?: string;
+  approvedPlan?: string;
+  planHistoryId?: string;
+  approvedPlanHistoryId?: string;
+  executionSummary?: string;
+  validationReport?: string;
+  validationVerdict?: "PASS" | "PARTIAL PASS" | "FAIL" | "UNKNOWN";
+  lastValidationFailure?: string;
+  lastRepairAttempt?: string;
+  repairHistory?: WorkflowRepairHistoryEntry[];
+  lastRepairStatus?: "none" | "running" | "completed" | "failed" | "blocked";
+  currentValidationRetry?: number;
+  workflowValidationRetryCount?: number;
+  planRuntime?: PlanRuntimeState;
+  planProgress?: PlanProgressState;
+}
+
 export interface WorkflowFinalStopSummary {
   stoppedAt: string;
   kind: "plan" | "mission";
   status: "completed" | "blocked";
   title: string;
   summary: string;
+  blockedPlanSnapshot?: BlockedPlanResumeSnapshot;
 }
 
 export interface CompletedMissionSummary {
@@ -234,9 +254,20 @@ export interface WorkflowState {
   lastRepairAttempt?: string;
   repairHistory?: WorkflowRepairHistoryEntry[];
   lastRepairStatus?: "none" | "running" | "completed" | "failed" | "blocked";
+  concreteRepairableIssue?: boolean;
+  manualVerificationRequired?: boolean;
+  evidenceGap?: boolean;
+  lastValidationCompletedAt?: string;
   planStepValidationIndex?: number;
+  planExecutionStepIndex?: number;
   planRuntime?: PlanRuntimeState;
   planProgress?: PlanProgressState;
+  planProgressLastToolStep?: number;
+  planProgressLastToolStatus?: PlanStepStatus;
+  planProgressLastToolAt?: string;
+  planTokensUsed?: number;
+  missionTokensUsed?: number;
+  standardTokensUsed?: number;
   standardRuntime?: StandardRuntimeState;
   standardTodo?: StandardTodoState;
   standardLastAutoCheckAt?: string;
@@ -290,6 +321,15 @@ export interface SavedWorkflowPlan {
   finalReport?: string;
   modelsUsed?: WorkflowState["modelsUsed"];
   subagents?: Record<string, unknown>;
+  planProgress?: WorkflowState["planProgress"];
+  planRuntime?: WorkflowState["planRuntime"];
+  planExecutionStepIndex?: number;
+  planStepValidationIndex?: number;
+  currentValidationRetry?: number;
+  workflowValidationRetryCount?: number;
+  repairRetryState?: WorkflowState["repairRetryState"];
+  repairHistory?: WorkflowState["repairHistory"];
+  reviewHistory?: WorkflowState["reviewHistory"];
 }
 
 export interface PlanSavingOptions {
@@ -384,6 +424,9 @@ export interface MissionState {
   reviewHistory?: WorkflowReviewHistoryEntry[];
   reviewRepairInProgress?: boolean;
   lastValidationResult?: string;
+  concreteRepairableIssue?: boolean;
+  manualVerificationRequired?: boolean;
+  evidenceGap?: boolean;
   modelsUsed: Record<string, string>;
   subagentsUsed: string[];
   approvalRequired: boolean;
@@ -534,6 +577,15 @@ export function saveWorkflowPlan(state: WorkflowState, options: PlanSavingOption
     finalReport: options.finalReport?.trim() ? (redactSecrets(compact(options.finalReport, 5000)) ?? compact(options.finalReport, 5000)) : undefined,
     modelsUsed: state.modelsUsed,
     subagents: options.subagents,
+    planProgress: state.planProgress,
+    planRuntime: state.planRuntime,
+    planExecutionStepIndex: state.planExecutionStepIndex,
+    planStepValidationIndex: state.planStepValidationIndex,
+    currentValidationRetry: state.currentValidationRetry,
+    workflowValidationRetryCount: state.workflowValidationRetryCount,
+    repairRetryState: state.repairRetryState,
+    repairHistory: state.repairHistory,
+    reviewHistory: state.reviewHistory,
   };
 
   writeFileSync(LATEST_PLAN_FILE, JSON.stringify(record, null, 2) + "\n", { encoding: "utf8", mode: 0o600 });
@@ -713,8 +765,10 @@ function activeElapsedMs(startedAt: string | null | undefined, nowMs: number, la
   const parsed = Date.parse(startedAt ?? "");
   if (!Number.isFinite(parsed)) return 0;
   const updated = Date.parse(lastUpdatedAt ?? "");
-  const end = parsed < RUNTIME_SESSION_STARTED_AT_MS && Number.isFinite(updated) && updated < RUNTIME_SESSION_STARTED_AT_MS
-    ? Math.max(parsed, updated)
+  const end = parsed < RUNTIME_SESSION_STARTED_AT_MS
+    ? (Number.isFinite(updated) && updated < RUNTIME_SESSION_STARTED_AT_MS
+        ? Math.max(parsed, updated)
+        : RUNTIME_SESSION_STARTED_AT_MS)
     : nowMs;
   return Math.max(0, end - parsed);
 }
@@ -769,7 +823,9 @@ export function planActiveRuntimeMs(state: WorkflowState, now = new Date()): num
 export function planWallClockAgeMs(state: WorkflowState, now = new Date()): number {
   const start = Date.parse(state.planRuntime?.createdAt ?? "");
   if (!Number.isFinite(start)) return 0;
-  return Math.max(0, now.getTime() - start);
+  const terminalTimestamp = planRuntimeCounterState(state) === "stopped" ? state.updatedAt : undefined;
+  const end = terminalTimestamp ? Date.parse(terminalTimestamp) : now.getTime();
+  return Math.max(0, (Number.isFinite(end) ? end : now.getTime()) - start);
 }
 
 export function applyStandardRuntimeAccounting(previous: WorkflowState | undefined, state: WorkflowState, now = new Date()): WorkflowState {
@@ -825,7 +881,9 @@ export function standardActiveRuntimeMs(state: WorkflowState, now = new Date()):
 export function standardWallClockAgeMs(state: WorkflowState, now = new Date()): number {
   const start = Date.parse(state.standardRuntime?.createdAt ?? "");
   if (!Number.isFinite(start)) return 0;
-  return Math.max(0, now.getTime() - start);
+  const terminalTimestamp = standardRuntimeCounterState(state) === "stopped" ? state.updatedAt : undefined;
+  const end = terminalTimestamp ? Date.parse(terminalTimestamp) : now.getTime();
+  return Math.max(0, (Number.isFinite(end) ? end : now.getTime()) - start);
 }
 
 export function applyMissionRuntimeAccounting(previous: MissionState | undefined, mission: MissionState, now = new Date()): MissionState {
@@ -858,7 +916,7 @@ export function applyMissionRuntimeAccounting(previous: MissionState | undefined
       lastResumedAt: mission.lastResumedAt ?? nowIso,
     };
   } else if (nextActive && previousStartedAt) {
-    next = { ...next, activeRunStartedAt: previousStartedAt };
+    next = { ...next, activeRunStartedAt: Date.parse(previousStartedAt) < RUNTIME_SESSION_STARTED_AT_MS ? nowIso : previousStartedAt };
   } else if (!nextActive) {
     next = { ...next, activeRunStartedAt: null };
   }

package/extensions/workflow-tool-guard.ts

@@ -1,6 +1,7 @@
 import { existsSync, realpathSync } from "node:fs";
 import { execFileSync } from "node:child_process";
-import { isAbsolute, resolve } from "node:path";
+import { isAbsolute, resolve, join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
 import { getAgentDir, type ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { loadWorkflowSettings } from "./workflow-model-router.js";
 import type { WorkflowState } from "./workflow-state.js";
@@ -22,9 +23,9 @@ export const EXECUTION_RESULT_TOOLS = [WORKFLOW_EXECUTION_RESULT_TOOL, MISSION_M
 export const VALIDATION_RESULT_TOOLS = [WORKFLOW_VALIDATION_RESULT_TOOL];
 export const REPAIR_RESULT_TOOLS = [WORKFLOW_REPAIR_RESULT_TOOL];
 export const STANDARD_RESULT_TOOLS = [STANDARD_HANDOFF_RESULT_TOOL];
-export const BASE_EXECUTE_TOOLS = ["read", "grep", "find", "ls", "edit", "write", "bash", WORKFLOW_PROGRESS_TOOL, WORKFLOW_DIAGRAM_TOOL];
-export const EXECUTE_TOOLS = [...BASE_EXECUTE_TOOLS, ...EXECUTION_RESULT_TOOLS, ...REPAIR_RESULT_TOOLS];
-export const VALIDATOR_TOOLS = ["read", "grep", "find", "ls", "bash", WORKFLOW_DIAGRAM_TOOL, ...REVIEW_RESULT_TOOLS, ...VALIDATION_RESULT_TOOLS];
+export const BASE_EXECUTE_TOOLS = ["read", "grep", "find", "ls", "edit", "write", "bash", WORKFLOW_DIAGRAM_TOOL];
+export const EXECUTE_TOOLS = [...BASE_EXECUTE_TOOLS, WORKFLOW_PROGRESS_TOOL, ...EXECUTION_RESULT_TOOLS, ...REPAIR_RESULT_TOOLS];
+export const VALIDATOR_TOOLS = ["read", "grep", "find", "ls", "bash", "write", WORKFLOW_DIAGRAM_TOOL, ...REVIEW_RESULT_TOOLS, ...VALIDATION_RESULT_TOOLS];
 
 
 const PATH_SCOPED_TOOLS = new Set(["read", "grep", "find", "ls", "edit", "write"]);
@@ -58,33 +59,87 @@ function pathInsideRoot(candidate: string, root: string): boolean {
   return candidate === root || candidate.startsWith(`${root}/`);
 }
 
-function piRuntimeRoot(): string {
-  return safeRealpath(getAgentDir());
+function repoLockRoot(cwd: string): string {
+  return process.env.PI_WORKFLOW_REPO_LOCK_ENABLED === "1" && process.env.PI_WORKFLOW_REPO_LOCK_ROOT
+    ? safeRealpath(process.env.PI_WORKFLOW_REPO_LOCK_ROOT)
+    : repoRootForCwd(cwd);
 }
 
-function pathInsideRepoOrPiRuntime(candidate: string, root: string): boolean {
-  const piRoot = piRuntimeRoot();
-  return pathInsideRoot(candidate, root) || pathInsideRoot(candidate, piRoot);
+function protectedRepoPath(candidate: string, root: string): boolean {
+  const rel = candidate === root ? "" : candidate.slice(root.length + 1);
+  return rel === ".pi" || rel.startsWith(".pi/");
 }
 
-function repoLockPathBlock(pathValue: unknown, cwd: string): string | undefined {
-  const root = repoRootForCwd(cwd);
+function piRuntimeInstructionPath(candidate: string): boolean {
+  const root = safeRealpath(getAgentDir());
+  if (!pathInsideRoot(candidate, root)) return false;
+  const rel = candidate === root ? "" : candidate.slice(root.length + 1);
+  return rel === "skills" || rel.startsWith("skills/")
+    || rel === "agents" || rel.startsWith("agents/")
+    || rel === "config/prompts" || rel.startsWith("config/prompts/")
+    || rel === "prompts" || rel.startsWith("prompts/")
+    || rel === "themes" || rel.startsWith("themes/");
+}
+
+function packageInstructionPath(candidate: string): boolean {
+  const root = safeRealpath(join(dirname(fileURLToPath(import.meta.url)), ".."));
+  if (!pathInsideRoot(candidate, root)) return false;
+  const rel = candidate === root ? "" : candidate.slice(root.length + 1);
+  return rel === "skills" || rel.startsWith("skills/")
+    || rel === "agents" || rel.startsWith("agents/")
+    || rel === "config/prompts" || rel.startsWith("config/prompts/")
+    || rel === "prompts" || rel.startsWith("prompts/")
+    || rel === "themes" || rel.startsWith("themes/");
+}
+
+function repoLockPathBlock(pathValue: unknown, cwd: string, tool: string): string | undefined {
+  const root = repoLockRoot(cwd);
   const candidate = resolveCandidatePath(typeof pathValue === "string" && pathValue.trim() ? pathValue.trim() : ".", cwd);
-  if (!pathInsideRepoOrPiRuntime(candidate, root)) return `Repo Lock blocked path outside current repository or Pi runtime: ${candidate} (repo root: ${root}; Pi runtime: ${piRuntimeRoot()})`;
+  if (!pathInsideRoot(candidate, root)) {
+    if ((tool === "read" || tool === "grep" || tool === "find" || tool === "ls") && (piRuntimeInstructionPath(candidate) || packageInstructionPath(candidate))) return undefined;
+    if (candidate.startsWith("/private/tmp/") || candidate.startsWith("/tmp/") || candidate.startsWith("/var/tmp/")) return undefined;
+    return `Repo Lock blocked path outside current repository: ${candidate} (repo root: ${root})`;
+  }
+  if ((tool === "edit" || tool === "write") && protectedRepoPath(candidate, root)) return `Repo Lock blocked ${tool} for protected project control path: ${candidate}`;
   return undefined;
 }
 
+function stripHereDocBodies(command: string): string {
+  const lines = command.split("\n");
+  const kept: string[] = [];
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    kept.push(line);
+    const match = line.match(/<<[-]?\s*['\"]?([A-Za-z_][A-Za-z0-9_]*)['\"]?/);
+    if (!match) continue;
+    const marker = match[1];
+    i++;
+    while (i < lines.length && lines[i].trim() !== marker) i++;
+  }
+  return kept.join("\n");
+}
+
+function stripUriTokens(command: string): string {
+  return command.replace(/\b[A-Za-z][A-Za-z0-9+.-]*:\/\/[^\s'"`;&|)]*/g, " ");
+}
+
+function bashPathCandidates(command: string): string[] {
+  const trimmed = stripUriTokens(stripHereDocBodies(command)).trim();
+  if (!trimmed) return [];
+  return Array.from(trimmed.matchAll(/(?:^|[\s=:'"`])((?:\.{1,2}|~|\/)[^\s'"`;&|)]*)/g)).map((match) => match[1]).filter(Boolean);
+}
+
 function repoLockBashBlock(command: string, cwd: string): string | undefined {
-  const trimmed = command.trim();
-  if (!trimmed) return undefined;
-  const root = repoRootForCwd(cwd);
-  const pathCandidates = Array.from(trimmed.matchAll(/(?:^|[\s=:'"`])((?:\.{1,2}|~|\/)[^\s'"`;&|)]*)/g)).map((match) => match[1]).filter(Boolean);
+  const root = repoLockRoot(cwd);
+  const pathCandidates = bashPathCandidates(command);
   for (const raw of pathCandidates) {
-    if (raw === "." || raw === "./") continue;
+    if (raw === "." || raw === "./" || raw === "/") continue;
     const cleaned = raw.replace(/[),]+$/, "");
     if (!cleaned || cleaned.startsWith("./node_modules/.bin")) continue;
+    if (cleaned.startsWith("/dev/")) continue;
+    if (cleaned.startsWith("/tmp/") || cleaned.startsWith("/private/tmp/") || cleaned.startsWith("/var/tmp/")) continue;
     const candidate = resolveCandidatePath(cleaned, cwd);
-    if (!pathInsideRepoOrPiRuntime(candidate, root)) return `Repo Lock blocked bash path outside current repository or Pi runtime: ${cleaned} -> ${candidate} (repo root: ${root}; Pi runtime: ${piRuntimeRoot()})`;
+    if (!pathInsideRoot(candidate, root)) return `Repo Lock blocked bash path outside current repository: ${cleaned} -> ${candidate} (repo root: ${root})`;
   }
   return undefined;
 }
@@ -107,6 +162,26 @@ const BLOCKED_EXECUTE_BASH: RegExp[] = [
   /\bpnpm\s+add\b/i,
   /\byarn\s+add\b/i,
   /\bpip\s+install\b/i,
+  /\bpip3?\s+install\b/i,
+  /\bbundle\s+install\b/i,
+  /\bgem\s+install\b/i,
+  /\bcargo\s+install\b/i,
+  /\bgo\s+(?:get|install)\b/i,
+  /\bdeno\s+(?:install|add|cache)\b/i,
+  /\bcomposer\s+(?:install|require|update)\b/i,
+  /\bmix\s+(?:deps\.get|deps\.compile)\b/i,
+  /\bbrew\s+install\b/i,
+  /\bapt\s+(?:install|get\s+install)\b/i,
+  /\byum\s+install\b/i,
+  /\bdnf\s+install\b/i,
+  /\bapk\s+add\b/i,
+  /\bnuget\s+install\b/i,
+  /\bdotnet\s+(?:add\s+package|tool\s+install|restore)\b/i,
+  /\bcabal\s+(?:install|update)\b/i,
+  /\bstack\s+(?:install|update)\b/i,
+  /\bconan\s+install\b/i,
+  /\bvcpkg\s+install\b/i,
+  /\bcoursier\s+(?:install|fetch)\b/i,
   /\bcurl\b[^\n]*\|\s*sh\b/i,
   /\bwget\b[^\n]*\|\s*sh\b/i,
   /\bvercel\s+deploy\b/i,
@@ -125,7 +200,7 @@ function isPlanMode(mode: WorkflowState["mode"]): boolean {
 }
 
 function isValidatorMode(mode: WorkflowState["mode"]): boolean {
-  return mode === "reviewing" || mode === "reviewed" || mode === "validating" || mode === "revalidating" || mode === "validated" || mode === "mission_validating" || mode === "mission_revalidating" || mode === "mission_final_validating";
+  return mode === "reviewing" || mode === "reviewed" || mode === "validating" || mode === "revalidating" || mode === "mission_validating" || mode === "mission_revalidating" || mode === "mission_final_validating";
 }
 
 function isValidationResultMode(mode: WorkflowState["mode"]): boolean {
@@ -140,9 +215,17 @@ function isSubagentWorker(): boolean {
   return process.env.PI_SUBAGENT_WORKER === "1";
 }
 
+const PACKAGE_INSTALL_RE = /\b(?:npm\s+install|pnpm\s+add|yarn\s+add|pip3?\s+install|bundle\s+install|gem\s+install|cargo\s+install|go\s+(?:get|install)|deno\s+(?:install|add|cache)|composer\s+(?:install|require|update)|mix\s+deps\.(?:get|compile)|brew\s+install|apt(?:-get)?\s+install|yum\s+install|dnf\s+install|apk\s+add|nuget\s+install|dotnet\s+(?:add\s+package|tool\s+install|restore)|cabal\s+(?:install|update)|stack\s+(?:install|update)|conan\s+install|vcpkg\s+install|coursier\s+(?:install|fetch))\b/i;
+
+function isPackageInstallCommand(command: string): boolean {
+  return PACKAGE_INSTALL_RE.test(command);
+}
+
 function commandBlocked(command: string, cwd?: string): boolean {
   const settings = loadWorkflowSettings(cwd);
-  return settings.safety.blockDestructiveCommands !== false && isBlockedExecuteCommand(command);
+  if (settings.safety.blockDestructiveCommands === false) return false;
+  if (isPackageInstallCommand(command) && settings.safety.allowPackageInstallInExecution !== false) return false;
+  return isBlockedExecuteCommand(command);
 }
 
 function standardTodoMode(settings: ReturnType<typeof loadWorkflowSettings>): "off" | "manual" | "auto" | "required" {
@@ -162,17 +245,32 @@ function standardTaskLooksSubstantive(task: string | undefined): boolean {
   return text.length >= 8 || text.split(/\s+/).filter(Boolean).length >= 2;
 }
 
-function standardSafeReadOnlyBash(command: string): boolean {
+function stripTimeoutPrefix(command: string): string {
+  return command.replace(/^timeout\s+\d+[smhd]?\s+/, "").trim() || command;
+}
+
+const DESTRUCTIVE_WORD_RE = /\b(?:install|add|update|upgrade|publish|deploy|push|checkout|switch|commit|merge|rebase|stash|tag|apply|am|restore|sed\s+-i|perl\s+-pi|chmod|chown|curl\s.*\|\s*(?:sh|bash)|wget\s.*\|\s*(?:sh|bash))\b/i;
+
+const SAFE_READ_ONLY_COMMANDS_RE = /^(?:git\s+(?:status|log|diff|show|branch|rev-parse|ls-files|describe|remote|tag|shortlog|count-objects|blame|name-rev)\b|cat\b|head\b|tail\b|less\b|more\b|wc\b|file\b|stat\b|which\b|where\b|command\s+-v\b|type\b|echo\b|printf\b|printenv\b|env\b|uname\b|date\b|id\b|whoami\b|hostname\b|pwd\b|ls\b|du\b|df\b|diff\b|comm\b|sort\b|uniq\b|cut\b|tr\b|awk\b|jq\b|yq\b|xq\b|(?:npm|pnpm|yarn|bun)\s+(?:run\s+)?(?:build|test|lint|typecheck|type-check|check[\s:]?\w*|dev|start|preview|serve|watch|format|analyze|compile|ci|validate|verify|coverage|bench|benchmark|bundle|pack|dist|static|docs|doc|stylelint|e2e|integration|unit)\b|(?:npm|pnpm|yarn|bun)\s+(?:exec|info|ls|list|query|outdated|why|view|pack\s+--dry-run)\b|npx\s+(?:serve|http-server|lite-server|tsc|vite|eslint|prettier|vitest|jest|mocha|cypress|playwright|webpack|rollup|parcel|turbo|nx|ts-node|tsx|esbuild|swc|babel|stylelint|biome|rome|knip|typedoc|compodoc|angular-cli|react-scripts|next|nuxt|remix|astro|svelte-kit)\b|pnpm\s+(?:exec|dlx)\s+\w+\b|bun\s+(?:test|check|build|run)\b|deno\s+(?:check|test|build|lint|task|info|doc|compile|fmt|eval|cache)\b|cargo\s+(?:build|test|check|clippy|doc|bench|run|metadata|locate-project|tree|version)\b|(?:rustc|rustup)\s+(?:--version|--print|which)\b|go\s+(?:build|test|vet|run|doc|list|mod\s+(?:verify|tidy|graph|download|why))\b|python3?\s+(?:--version|-V|-c\b|-m\s+(?:pytest|unittest|mypy|pylint|flake8|black|isort|ruff|json\.tool|compileall|bandit|pyright|http\.server|html\.parser|html))\b|pip3?\s+(?:list|show|check|debug|index\s+versions)\b|tsc\b|node\s+(?:--version|-v|--check|-c|-e|--eval)\b|make\s+(?:build|test|check|lint|all|verify|docs|format|static|analyze)\b|cmake\s+(?:--build|--version)\b|(?:dotnet|msbuild)\s+(?:build|test|restore|check|format|lint|pack)\b|(?:gradle|\.\/gradlew|gradlew\.bat)\s+(?:build|test|check|compile|lint|dependencies|projects|tasks)\b|mvn\s+(?:compile|test|verify|checkstyle|pmd|versions:display|dependency:tree|dependency:list)\b|(?:swift|swiftc)\s+(?:build|test|package\s+(?:describe|dump-package))\b|(?:bundle|gem)\s+(?:exec|list|check|info|query)\b|rake\s+(?:test|spec|lint|check|notes|stats|about)\b|php\s+(?:--version|-v|-l)\b|(?:php\s+)?artisan\s+(?:--version|route:list|config:show|env)\b|composer\s+(?:validate|check|show|outdated|info|diagnose)\b|mix\s+(?:test|compile|lint|format|docs)\b|bazel\s+(?:build|test|query|cquery|info|version)\b|buck\s+(?:build|test|query|audit)\b|curl\s+(?:-[^\s]*[sSfIv][^\s]*\s+)+(?:https?:\/\/|localhost|\$)|kill\s+\$!\b|kill\s+-0\s+\$\w+\b|wait\s+\$!\b|wait\s+\$\w+\b|sleep\s+[0-9.]+[smhd]?\b|ps\s+(?:aux?|-[a-z]*[eE][a-z]*|-[a-z]*[pP][a-z]*)\b|pgrep\s+-\w+\s+\w+|true\b|false\b|\.\s*\/node_modules\/\.bin\/\S+\b)/i;
+
+export function standardSafeReadOnlyBash(command: string): boolean {
   const trimmed = command.trim();
   if (!trimmed || isBlockedExecuteCommand(trimmed)) return false;
-  return /^(?:git\s+(?:status|log|diff|show|branch|rev-parse)\b|python3?\s+-m\s+json\.tool\b|npm\s+run\s+(?:lint|test)\b|npx\s+tsc\s+--noEmit\b|tsc\s+--noEmit\b)/i.test(trimmed);
+  const cmd = stripTimeoutPrefix(trimmed);
+  return SAFE_READ_ONLY_COMMANDS_RE.test(cmd);
+}
+
+function stripSafePreamble(command: string): string {
+  return command.replace(/^(?:set\s+[-+][euxo]+(?:\s+[^\n]*)?|export\s+\w+=["']?[^\n"']*["']?|\w+=\S+)\s*\n+/gm, "").trim() || command;
 }
 
 function validatorSafeEvidenceBash(command: string): boolean {
   const trimmed = command.trim();
-  if (!trimmed || isBlockedExecuteCommand(trimmed)) return false;
-  if (/\b(?:install|add|update|upgrade|publish|deploy|push|reset|clean|checkout|switch|commit|merge|rebase|stash|tag|apply|am|restore|rm|mv|cp|mkdir|touch|sed\s+-i|perl\s+-pi|tee|chmod|chown|kill|open)\b/i.test(trimmed)) return false;
-  return /^(?:git\s+(?:status|log|diff|show|branch|rev-parse|ls-files)\b|npm\s+run\s+(?:typecheck|check:ts|lint|test|build)\b|npx\s+tsc\s+--noEmit\b|tsc\s+--noEmit\b|python3?\s+-m\s+json\.tool\b)/i.test(trimmed);
+  if (!trimmed) return false;
+  const cmd = stripSafePreamble(stripTimeoutPrefix(trimmed));
+  if (isBlockedExecuteCommand(cmd)) return false;
+  if (DESTRUCTIVE_WORD_RE.test(cmd)) return false;
+  return true;
 }
 
 function standardTodoTitleLooksGeneric(title: string): boolean {
@@ -198,26 +296,42 @@ function standardRequiredTodoMissing(state: WorkflowState, settings: ReturnType<
     && standardTaskLooksSubstantive(task);
 }
 
+function planProgressRelevantWorkTool(tool: string, input: unknown): boolean {
+  if (tool === "edit" || tool === "write") return true;
+  if (tool !== "bash") return false;
+  const command = String((input as { command?: unknown } | undefined)?.command ?? "");
+  return Boolean(command.trim()) && !standardSafeReadOnlyBash(command);
+}
+
+function currentPlanProgressStepNumber(state: WorkflowState): number | undefined {
+  const steps = state.planProgress?.steps ?? [];
+  if (!steps.length) return undefined;
+  if (steps.every((step) => step.status === "completed" || step.status === "skipped")) return undefined;
+  const activeIndex = steps.findIndex((step) => step.status === "active");
+  const fallbackIndex = Math.max(0, Math.min(steps.length - 1, Math.floor(state.planProgress?.currentStepIndex ?? 0)));
+  return (activeIndex >= 0 ? activeIndex : fallbackIndex) + 1;
+}
+
+function planProgressToolRequiredBlock(state: WorkflowState, tool: string, input: unknown): string | undefined {
+  if (state.mode !== "executing" && state.mode !== "repairing") return undefined;
+  if (!planProgressRelevantWorkTool(tool, input)) return undefined;
+  const stepNumber = currentPlanProgressStepNumber(state);
+  if (!stepNumber) return undefined;
+  if (state.planProgressLastToolStatus === "active" && state.planProgressLastToolStep === stepNumber) return undefined;
+  return `Plan execution ${tool} is blocked until workflow_progress({ step: ${stepNumber}, status: "active" }) is called for the current approved Plan step.`;
+}
+
 export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowState): void {
   pi.on("tool_call", async (event, ctx) => {
     const state = getState();
     const tool = event.toolName;
     const settings = loadWorkflowSettings(ctx.cwd);
 
-    // Sub-agent child processes should obey their own --tools allow-list from the
-    // agent file. Parent workflow phase guards must not remove bash/read tools.
-    // Destructive bash remains blocked when global safety requires it.
-    if (isSubagentWorker()) {
-      if (tool === "bash") {
-        const command = String((event.input as { command?: unknown }).command ?? "");
-        if (commandBlocked(command, ctx.cwd)) return { block: true, reason: `Workflow safety blocked destructive sub-agent bash command: ${command}` };
-      }
-      return;
-    }
-
-    if (repoLockEnabled(settings)) {
+    const effectiveRepoLockEnabled = repoLockEnabled(settings) || process.env.PI_WORKFLOW_REPO_LOCK_ENABLED === "1";
+    if (effectiveRepoLockEnabled) {
       if (PATH_SCOPED_TOOLS.has(tool)) {
-        const reason = repoLockPathBlock((event.input as { path?: unknown }).path, ctx.cwd);
+        const input = event.input as { path?: unknown; file_path?: unknown };
+        const reason = repoLockPathBlock(input.path ?? input.file_path, ctx.cwd, tool);
         if (reason) return { block: true, reason };
       }
       if (tool === "bash") {
@@ -226,20 +340,31 @@ export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowStat
         if (reason) return { block: true, reason };
       }
       if (tool === "subagent") {
-        const reason = repoLockPathBlock(".", ctx.cwd);
+        const reason = repoLockPathBlock(".", ctx.cwd, tool);
         if (reason) return { block: true, reason };
       }
     }
 
+    if (isSubagentWorker()) {
+      if (tool === "bash") {
+        const command = String((event.input as { command?: unknown }).command ?? "");
+        if (commandBlocked(command, ctx.cwd)) return { block: true, reason: `Workflow safety blocked destructive sub-agent bash command: ${command}` };
+      }
+      return;
+    }
+
     if (tool === STANDARD_HANDOFF_RESULT_TOOL && state.mode !== "standard") return { block: true, reason: "Standard handoff result is only available while Standard Mode is active." };
 
-    if ((tool === WORKFLOW_PLAN_RESULT_TOOL && state.mode !== "planning") || (tool === MISSION_PLAN_RESULT_TOOL && state.mode !== "mission_planning")) return { block: true, reason: `${tool} is only available during its planning phase.` };
+    if (tool === WORKFLOW_PLAN_RESULT_TOOL && state.mode !== "planning" && state.mode !== "executing" && state.mode !== "repairing") return { block: true, reason: `${tool} is only available during its planning phase.` };
+    if (tool === MISSION_PLAN_RESULT_TOOL && state.mode !== "mission_planning") return { block: true, reason: `${tool} is only available during its planning phase.` };
     if (tool === WORKFLOW_REVIEW_RESULT_TOOL && state.mode !== "reviewing" && state.mode !== "mission_plan_ready") return { block: true, reason: "workflow_review_result is only available during review phases." };
     if (tool === WORKFLOW_EXECUTION_RESULT_TOOL && state.mode !== "executing") return { block: true, reason: "workflow_execution_result is only available during Plan execution." };
     if (tool === MISSION_MILESTONE_RESULT_TOOL && state.mode !== "mission_running") return { block: true, reason: "mission_milestone_result is only available during Mission execution." };
     if (tool === WORKFLOW_VALIDATION_RESULT_TOOL && !isValidationResultMode(state.mode)) return { block: true, reason: "workflow_validation_result is only available during validation phases." };
     if (tool === WORKFLOW_REPAIR_RESULT_TOOL && state.mode !== "repairing" && state.mode !== "mission_repairing") return { block: true, reason: "workflow_repair_result is only available during repair phases." };
 
+    if (tool === WORKFLOW_PROGRESS_TOOL && state.mode !== "executing" && state.mode !== "repairing") return { block: true, reason: "Plan step progress tracking is only available during Plan execution." };
+
     if (tool === "standard_todo") {
       if (state.mode !== "standard") return { block: true, reason: "Standard Mode To Do is only available while Standard Mode is active." };
       if (state.standardClarificationPending || state.standardClarificationStage === "drafting" || state.standardClarificationStage === "awaiting_answer") return { block: true, reason: "Standard Mode To Do is blocked until the pending Standard clarification is answered." };
@@ -253,14 +378,18 @@ export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowStat
       }
     }
 
+    const planProgressBlock = planProgressToolRequiredBlock(state, tool, event.input);
+    if (planProgressBlock) return { block: true, reason: planProgressBlock };
+
     if (isPlanMode(state.mode)) {
+      if (state.mode === "plan_approved" && state.approvedPlan) return;
       if (tool === "edit" || tool === "write") return { block: true, reason: `Workflow Plan Mode blocks ${tool}. Allowed tools: ${PLAN_TOOLS.join(", ")}${settings.safety.disableBashInPlanMode === false ? ", bash (safe commands)" : ""}` };
       if (tool === "bash" && settings.safety.disableBashInPlanMode !== false) return { block: true, reason: `Workflow Plan Mode blocks bash. Allowed tools: ${PLAN_TOOLS.join(", ")}` };
     }
 
     if (isValidatorMode(state.mode)) {
-      if (tool === "edit" || tool === "write") return { block: true, reason: `Workflow Review/Validator Mode blocks ${tool}. Allowed tools: ${VALIDATOR_TOOLS.join(", ")}` };
-      if (tool === "bash") {
+      if (tool === "edit") return { block: true, reason: `Workflow Review/Validator Mode blocks ${tool}. Allowed tools: ${VALIDATOR_TOOLS.join(", ")}` };
+      if (tool === "bash" && settings.safety.disableBashInValidatorMode !== false) {
         const command = String((event.input as { command?: unknown }).command ?? "");
         if (!validatorSafeEvidenceBash(command)) return { block: true, reason: `Workflow Review/Validator Mode blocks unsafe bash. Allowed bash is limited to safe read-only evidence commands.` };
       }
@@ -281,7 +410,7 @@ export function registerToolGuard(pi: ExtensionAPI, getState: () => WorkflowStat
       return;
     }
 
-    if (repoLockEnabled(settings)) {
+    if (repoLockEnabled(settings) || process.env.PI_WORKFLOW_REPO_LOCK_ENABLED === "1") {
       const reason = repoLockBashBlock(event.command, ctx.cwd);
       if (reason) return { result: { output: reason, exitCode: 1, cancelled: false, truncated: false } };
     }

package/extensions/workflow-validation-classifier.ts

@@ -40,10 +40,12 @@ export function validationReportHasRepairableIssue(text?: string): boolean {
   if (!normalized.trim()) return false;
   const actionable = normalized
     .replace(/\bno (actual |concrete )?(code |repairable )?(failure|failures|issue|issues|defect|defects)\b/g, " ")
+    .replace(/\bno (blocking|remaining|required) (issue|issues|action|actions|fix|fixes|gap|gaps)\b/g, " ")
+    .replace(/\brequired action (?:is )?(?:manual|visual|browser) (?:verification|qa|inspection|confirmation)\b/g, " ")
     .replace(/\bno automated repair is needed\b/g, " ")
     .replace(/\bno specific missing requirements? (?:is |are )?identified\b/g, " ")
     .replace(/\bmanual[-\s]only\b/g, " ");
-  return /\b(needs? repair|needs? revision|repair pass|repairable (issue|failure|defect)|concrete (issue|failure|defect|regression)|critical issues?|must fix|required fixes|fixes required|missing requirements?|not fully meet|does not fully meet|not (a )?full final artifact|acceptable as (a )?checkpoint baseline but not (a )?(full )?final artifact|unexpected changes?|regression introduced|build (failed|error)|type error|tests? failed|new lint error|incomplete (file|artifact|implementation|coverage)|persistent artifact|structured artifact|risk register artifact|artifact required|(?:produce|create|add|write) (a )?(structured |persistent )?(risk register )?artifact|missing (file|config|import|export|declaration|function|module|dependency))\b/.test(actionable);
+  return /\b(needs? repair|needs? revision|repair pass|repairable (issue|failure|defect)|concrete (issue|failure|defect|regression)|blocking issues?|critical issues?|must fix|required (fixes?|actions?)|fixes required|remaining (fixes?|issues?|gaps?)|should be fixed before advancing|apply (the )?(two |[0-9]+ )?remaining fixes?|needs? to be (replaced|updated|expanded|corrected)|missing requirements?|not fully meet|does not fully meet|not (a )?full final artifact|acceptable as (a )?checkpoint baseline but not (a )?(full )?final artifact|unexpected changes?|regression introduced|build (failed|error)|type error|tests? failed|new lint error|incomplete (file|artifact|implementation|coverage)|persistent artifact|structured artifact|risk register artifact|artifact required|(?:produce|create|add|write) (a )?(structured |persistent )?(risk register )?artifact|missing (file|config|import|export|declaration|function|module|dependency))\b/.test(actionable);
 }
 
 export function validationReportIsEvidenceGap(text?: string): boolean {
@@ -94,7 +96,8 @@ export function normalizeValidationVerdict(verdict: WorkflowState["validationVer
 // Re-export the verdict-to-status helper so consumers do not need workflow-parsers.
 export function planValidationStatusForVerdict(verdict: WorkflowState["validationVerdict"]): PlanValidationStatus {
   if (verdict === "PASS") return "pass";
-  if (verdict === "UNKNOWN" || verdict === "PARTIAL PASS") return "unknown";
+  if (verdict === "PARTIAL PASS") return "partial pass";
+  if (verdict === "UNKNOWN") return "unknown";
   return "fail";
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mediadatafusion/pi-workflow-suite",
-  "version": "0.0.9",
+  "version": "0.0.11",
   "description": "Structured workflow orchestration suite for Pi with Standard, Plan, Mission, compaction, diagrams, web access, repo lock, and safety gates.",
   "license": "Apache-2.0",
   "repository": {
@@ -36,6 +36,7 @@
   "type": "module",
   "files": [
     "extensions/",
+    "!extensions/*.bak",
     "skills/",
     "agents/",
     "config/",
@@ -71,7 +72,8 @@
       "./skills"
     ],
     "prompts": [
-      "./config/prompts"
+      "./config/prompts",
+      "!*.md"
     ],
     "themes": [
       "./themes"
@@ -104,7 +106,7 @@
   "scripts": {
     "check:ts": "tsc --noEmit --noCheck",
     "typecheck": "tsc --noEmit",
-    "validate": "npm run check:ts && ./scripts/check-clean-release-tree.sh && npm run check:package-size && git diff --check",
+    "validate": "npm run check:ts && ./scripts/test-workflow-forced-subagent-regression.sh && ./scripts/test-agent-skill-boundary-regression.sh && ./scripts/test-startup-visual-mode-entry-regression.sh && ./scripts/test-settings-health-regression.sh && ./scripts/test-handoff-visibility-regression.sh && ./scripts/test-mission-milestone-handoff-regression.sh && ./scripts/test-plan-handoff-chain-regression.sh && ./scripts/test-plan-step-progress-regression.sh && ./scripts/test-standard-mode-regression.sh && ./scripts/test-final-handoff-summary-regression.sh && ./scripts/test-clarification-answer-handoff-regression.sh && ./scripts/test-validation-evidence-contract-regression.sh && ./scripts/test-mermaid-guidance-regression.sh && ./scripts/test-runtime-web-tools-regression.sh && ./scripts/test-repolock-scope-regression.sh && ./scripts/test-repo-lock-version-regression.sh && ./scripts/test-package-menu-surface.sh && npm run check:package-size && git diff --check",
     "check:package-size": "node scripts/check-package-size.mjs",
     "prepack": "node scripts/prepare-package-readme.mjs apply",
     "postpack": "node scripts/prepare-package-readme.mjs restore --pack",

package/scripts/install-to-live.sh

@@ -14,7 +14,7 @@ printf 'A live backup will be created before installing files.\n'
 is_forbidden_path() {
   local rel="$1"
   case "$rel" in
-    auth.json|settings.json|workflow-settings.json|active.json|workflows/*|missions/*|plans/*|sessions/*|logs/*|*.log|*.backup.*|*.broken.*|.env|.env.*|.factory/*|.cursor/*|*.DS_Store|*.tmp)
+    auth.json|settings.json|workflow-settings.json|active.json|workflows/*|missions/*|plans/*|sessions/*|logs/*|*.log|*.backup.*|*.broken.*|.env|.env.*|.factory/*|.cursor/*|.kilo/*|node_modules/*|*.DS_Store|*.tmp)
       return 0
       ;;
   esac
@@ -83,5 +83,6 @@ install_dir "extensions"
 install_dir "agents"
 install_dir "skills"
 install_dir "config"
+install_dir "themes"
 
 printf 'install complete; auth, settings, and workflow state were not touched\n'