@minhduydev/mdpi 0.3.2 → 0.4.1

package/README.md

@@ -38,6 +38,7 @@ npx mdpi init
 | Command | What it does |
 |---------|--------------|
 | `mdpi init` | Scaffold the curated `.pi/` kit into the current repo + write `.version` + `.template-manifest.json` (SHA-256 file map). Idempotent; `--force` overwrites template files (preserves user files), `--quiet` for CI. `--only <cats>` installs only the listed category dirs (`agents,prompts,skills,templates,workflows,context,extensions`) and trims settings.json to match. |
+| `mdpi install` | Install the kit's declared npm packages — core (`.pi/settings.json:packages`) + optional (`.pi/packages.json`). Shells out to `pi install npm:<pkg>` (idempotent, safe to re-run). `--core` / `--optional` scope; `--check` dry-runs and reports installed/missing; `--yes` skips the confirm prompt. |
 | `mdpi upgrade` | Bring `.pi/` up to the bundled template version. Manifest-based: overwrites only user-unmodified files, preserves user edits, lists orphans. `--check` dry-run, `--force` overwrite modified, `--prune-all` delete orphans. |
 | `mdpi new <kind> [name]` | Scaffold a new kit component (`skill\|prompt\|agent\|workflow\|template`) from a lint-passing skeleton. `-d <text>` sets the description; `--force` overwrites. The skill skeleton comes with frontmatter + When to Use/NOT so it passes `mdpi lint` immediately. |
 | `mdpi lint [skills\|docs\|all]` | Governance: SKILL.md frontmatter (pi `name`+`description`), H1, When to Use/NOT, line limits, references/ depth, **dead cross-ref detection** (skills referencing non-existent skills), + README count/slash-command drift. `--json` for machine output. |
@@ -53,4 +54,4 @@ npx mdpi init
 
 ## What's in the kit
 
-`agents/` (7) · `prompts/` (11) · `skills/` (67 + INDEX) · `templates/` (11) · `workflows/` (6) · `context/` (2) · `extensions/` (2 TS) · `settings.json` · `AGENTS.md` · `README.md` · `QUALITY.md` · `.env.example` · `guard.example.json` · `subagents.json` · `artifacts/example/` (template examples).
+`agents/` (7) · `prompts/` (11) · `skills/` (67 + INDEX) · `templates/` (11) · `workflows/` (6) · `context/` (2) · `extensions/` (2 TS) · `settings.json` · `packages.json` · `AGENTS.md` · `README.md` · `QUALITY.md` · `.env.example` · `guard.example.json` · `subagents.json` · `artifacts/example/` (template examples).

package/dist/index.js

@@ -5,10 +5,12 @@ import { cpSync, existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statS
 import * as p from "@clack/prompts";
 import color from "picocolors";
 import { createHash } from "node:crypto";
+import { homedir } from "node:os";
+import { spawn, spawnSync } from "node:child_process";
 import { fileURLToPath } from "node:url";
 import { mkdir, readdir } from "node:fs/promises";
 //#region package.json
-var version = "0.3.2";
+var version = "0.4.1";
 //#endregion
 //#region src/utils/manifest.ts
 /**
@@ -78,6 +80,192 @@ function fileModificationStatus(filePath, relativePath, manifest) {
 	return hashFile(filePath) === templateHash ? "unmodified" : "modified";
 }
 //#endregion
+//#region src/commands/install.ts
+/**
+* mdpi install — install the npm packages this kit depends on.
+*
+* The kit references two kinds of external packages:
+*   - **core**: declared in `.pi/settings.json:packages` (auto-loaded by pi at
+*     startup — e.g. `@sting8k/pi-srcwalk`, `pi-hermes-memory`). Single source
+*     of truth = settings.json; this command reads it, does not duplicate it.
+*   - **optional**: declared in `.pi/packages.json` (recommended add-ons the
+*     user opts into — e.g. `@davecodes/pi-dcp`, `pi-guard`).
+*
+* `mdpi install` shells out to `pi install <id>` for each declared package.
+* `pi install` is idempotent (re-running on an already-installed package is a
+* no-op), so this command is safe to re-run.
+*
+* Flags:
+*   (default)  install core + optional
+*   --core     only settings.json:packages
+*   --optional only packages.json:optional
+*   --check    dry-run: list declared packages + report which are already
+*              installed under ~/.pi/agent/npm/node_modules (no shell-out)
+*   --yes      skip the confirmation prompt (for CI)
+*
+* Why a dedicated command instead of `mdpi init` doing it: init copies files
+* only and must work offline / without `pi` on PATH. Package installation is a
+* separate, network-dependent step the user controls explicitly. `mdpi init`
+* reminds the user to run `mdpi install` next.
+*/
+/** Path to pi's global npm install dir (where `pi install npm:foo` lands). */
+function globalNpmDir() {
+	return join(homedir(), ".pi", "agent", "npm", "node_modules");
+}
+/**
+* Extract the npm package name from a `npm:<name>` source id.
+* `npm:@davecodes/pi-dcp` → `@davecodes/pi-dcp`. Non-npm ids return null
+* (presence check only supports npm sources).
+*/
+function npmNameFromId(id) {
+	if (!id.startsWith("npm:")) return null;
+	return id.slice(4);
+}
+/** Is a package already installed in pi's global npm dir? */
+function isInstalled(id) {
+	const name = npmNameFromId(id);
+	if (!name) return false;
+	return existsSync(join(globalNpmDir(), name));
+}
+/** Read core packages from `.pi/settings.json:packages`. */
+function readCorePackages(piDir) {
+	const path = join(piDir, "settings.json");
+	if (!existsSync(path)) return [];
+	let json;
+	try {
+		json = JSON.parse(readFileSync(path, "utf-8"));
+	} catch {
+		return [];
+	}
+	const packages = json.packages;
+	if (!Array.isArray(packages)) return [];
+	return packages.filter((id) => typeof id === "string" && id.length > 0).map((id) => ({
+		id,
+		source: "core"
+	}));
+}
+/** Read optional packages from `.pi/packages.json:optional`. */
+function readOptionalPackages(piDir) {
+	const path = join(piDir, "packages.json");
+	if (!existsSync(path)) return [];
+	let json;
+	try {
+		json = JSON.parse(readFileSync(path, "utf-8"));
+	} catch {
+		return [];
+	}
+	const optional = json.optional;
+	if (!Array.isArray(optional)) return [];
+	const out = [];
+	for (const entry of optional) {
+		if (typeof entry !== "object" || entry === null) continue;
+		const id = entry.id;
+		if (typeof id !== "string" || id.length === 0) continue;
+		const note = entry.note;
+		out.push({
+			id,
+			note: typeof note === "string" ? note : void 0,
+			source: "optional"
+		});
+	}
+	return out;
+}
+/** Run `pi install <id>`. Resolves true on exit 0, false otherwise. */
+function runPiInstall(id, quiet) {
+	return new Promise((resolve) => {
+		const child = spawn("pi", ["install", id], { stdio: quiet ? "ignore" : "inherit" });
+		child.on("error", (err) => {
+			if (!quiet) console.error(color.red(`  pi install ${id} failed to start: ${err.message}`));
+			resolve(false);
+		});
+		child.on("exit", (code) => resolve(code === 0));
+	});
+}
+/** Check whether `pi` is on PATH. */
+function hasPi() {
+	try {
+		return spawnSync("pi", ["--version"], { stdio: "ignore" }).status === 0;
+	} catch {
+		return false;
+	}
+}
+async function installCommand(options = {}) {
+	const quiet = process.argv.includes("--quiet");
+	if (!quiet) p.intro(color.bgCyan(color.black(" mdpi install ")));
+	const piDir = options.piDir || join(process.cwd(), ".pi");
+	if (!existsSync(piDir)) {
+		if (!quiet) {
+			p.log.error(".pi/ not found — run `mdpi init` first");
+			p.outro(color.red("Failed"));
+		}
+		process.exitCode = 1;
+		return;
+	}
+	const core = readCorePackages(piDir);
+	const optional = readOptionalPackages(piDir);
+	const wantCore = options.core || !options.core && !options.optional;
+	const wantOptional = options.optional || !options.core && !options.optional;
+	const selected = [...wantCore ? core : [], ...wantOptional ? optional : []];
+	if (selected.length === 0) {
+		if (!quiet) {
+			p.log.warn("No packages declared (settings.json:packages empty and packages.json:optional empty)");
+			p.outro("Nothing to do");
+		}
+		return;
+	}
+	if (options.check) {
+		console.log(`\n${color.bold("mdpi install --check")} — declared packages\n`);
+		const installed = selected.filter((pkg) => isInstalled(pkg.id));
+		const missing = selected.filter((pkg) => !isInstalled(pkg.id));
+		for (const pkg of selected) {
+			const mark = isInstalled(pkg.id) ? color.green("✓ installed") : color.yellow("✗ missing");
+			const note = pkg.note ? color.gray(` — ${pkg.note}`) : "";
+			console.log(`  ${mark}  ${color.cyan(pkg.id)}${note}`);
+		}
+		console.log(`\n  ${color.green(`${installed.length}`)} installed · ${color.yellow(`${missing.length}`)} missing · ${selected.length} total`);
+		if (missing.length > 0) console.log(`\n  Run ${color.cyan("mdpi install")} to install the missing ${missing.length} package(s).`);
+		if (!quiet) p.outro(missing.length === 0 ? color.green("All installed") : color.yellow("Some missing"));
+		process.exitCode = missing.length === 0 ? 0 : 1;
+		return;
+	}
+	if (!hasPi()) {
+		if (!quiet) {
+			p.log.error("`pi` not found on PATH — install pi first (npm i -g @earendil-works/pi-coding-agent)");
+			p.outro(color.red("Failed"));
+		}
+		process.exitCode = 1;
+		return;
+	}
+	const missing = selected.filter((pkg) => !isInstalled(pkg.id));
+	const alreadyOk = selected.length - missing.length;
+	if (!quiet && !options.yes) {
+		const scope = wantCore && wantOptional ? "core + optional" : wantCore ? "core" : "optional";
+		const confirm = await p.confirm({
+			message: `Install ${missing.length} missing package(s) [${scope}]?${alreadyOk > 0 ? ` (${alreadyOk} already installed, skipped)` : ""}`,
+			initialValue: true
+		});
+		if (p.isCancel(confirm) || !confirm) {
+			p.outro("Cancelled");
+			return;
+		}
+	}
+	if (quiet) console.log(`mdpi: installing ${missing.length}/${selected.length} packages (core=${wantCore} optional=${wantOptional})`);
+	else p.log.info(`Installing ${missing.length} missing package(s) of ${selected.length} declared`);
+	let ok = 0;
+	let fail = 0;
+	for (const pkg of missing) {
+		if (!quiet) p.log.step(`${color.cyan(pkg.id)}${pkg.note ? color.gray(` — ${pkg.note}`) : ""}`);
+		if (await runPiInstall(pkg.id, quiet)) ok++;
+		else fail++;
+	}
+	if (quiet) console.log(`mdpi: done — ${ok} installed, ${fail} failed, ${alreadyOk} already present`);
+	else {
+		p.note(`${ok} installed · ${fail} failed · ${alreadyOk} already present\n\n` + (fail > 0 ? `${color.red("Some installs failed — check pi output above.")}\n` : `${color.green("All declared packages are now installed.")}\n`) + `Re-run anytime: ${color.cyan("mdpi install")} (idempotent).`, "Install complete");
+		p.outro(fail === 0 ? color.green("Ready!") : color.red("Partial failure"));
+	}
+	process.exitCode = fail === 0 ? 0 : 1;
+}
+//#endregion
 //#region src/utils/template.ts
 /** Shared template + version helpers used by init / upgrade / doctor. */
 const DEFAULT_SKIP_DIRS = [
@@ -499,8 +687,9 @@ function lintAll(piDir, opts = {}) {
 * mdpi doctor — .pi/ health check.
 *
 * Verifies: mdpi version match, manifest valid, settings.json valid JSON, kit
-* dirs present (skills/prompts/agents/templates/workflows/extensions), orphan
-* detection (manifest files no longer in template), and a lint summary.
+* dirs present (skills/prompts/agents/templates/workflows/extensions), package
+* install status (core settings.json + optional packages.json vs installed),
+* orphan detection (manifest files no longer in template), and a lint summary.
 */
 function row(ok, label, detail) {
 	console.log(`  ${ok ? color.green("✓") : color.red("✗")} ${label}: ${detail}`);
@@ -559,6 +748,11 @@ async function doctorCommand(options = {}) {
 	row(countMd("templates") > 0, "templates", `${countMd("templates")} templates`);
 	row(countMd("workflows") > 0, "workflows", `${countMd("workflows")} workflows`);
 	row(countExt("extensions", ".ts") > 0, "extensions", `${countExt("extensions", ".ts")} extensions`);
+	const corePkgs = readCorePackages(piDir);
+	const optPkgs = readOptionalPackages(piDir);
+	const allPkgs = [...corePkgs, ...optPkgs];
+	const installedPkgs = allPkgs.filter((pkg) => isInstalled(pkg.id)).length;
+	row(allPkgs.length > 0, "packages", allPkgs.length === 0 ? "none declared (settings.json:packages + packages.json:optional)" : `${installedPkgs}/${allPkgs.length} installed` + (installedPkgs < allPkgs.length ? color.yellow(`  (run mdpi install)`) : "") + ` — core ${corePkgs.length}, optional ${optPkgs.length}`);
 	if (templateRoot) row(orphans === 0, "orphans", orphans === 0 ? "none (template-removed files)" : `${orphans} orphan(s) — run mdpi upgrade --prune-all`);
 	const lr = lintSkills(piDir);
 	console.log(`  ${lr.ok ? color.green("✓") : color.red("✗")} lint: ${lr.stats.failed} errors · ${lr.stats.warnings} warnings (run ${color.cyan("mdpi lint")} for detail)`);
@@ -622,6 +816,7 @@ const ALWAYS_ENTRIES = [
 	"scripts",
 	"artifacts/example",
 	"settings.json",
+	"packages.json",
 	"AGENTS.md",
 	"README.md",
 	"QUALITY.md",
@@ -760,7 +955,7 @@ async function initCommand(options = {}) {
 		console.log(`mdpi: installed ${fileCount} files to ${piDir} (v${version})${subset}`);
 	} else {
 		const subsetNote = only ? `Subset: ${[...only].join(", ")} (+ always-on config).\n\nsettings.json trimmed to drop references to excluded\nskills/prompts/extensions dirs.\n\nNote: mdpi upgrade compares against the FULL template —\nrun \`mdpi upgrade --check\` before applying.\n\n` : "";
-		p.note(`Pi kit installed at:\n${piDir}\n\n${fileCount} template files tracked via manifest.\n\n` + subsetNote + `Next: open pi in this repo to use the kit.`, "Installation complete");
+		p.note(`Pi kit installed at:\n${piDir}\n\n${fileCount} template files tracked via manifest.\n\n` + subsetNote + `Next: run ${color.cyan("mdpi install")} to install the kit's npm packages,\nthen open pi in this repo to use the kit.`, "Installation complete");
 		p.outro(color.green("Ready!"));
 	}
 }
@@ -1152,6 +1347,9 @@ cli.help();
 cli.command("init", "Scaffold a Pi coding-agent kit (.pi/) into the current repo").option("--force", "Overwrite existing .pi/ template files (preserves extra user files)").option("-y, --yes", "Skip prompts, use defaults (for CI)").option("--only <cats>", "Install only these categories (comma-sep: agents,prompts,skills,templates,workflows,context,extensions)").action(async (options) => {
 	await initCommand(options);
 });
+cli.command("install", "Install the kit's declared npm packages (core from settings.json + optional from packages.json)").option("--core", "Only install core packages (settings.json:packages)").option("--optional", "Only install optional packages (packages.json:optional)").option("--check", "Dry-run: list declared packages + report installed/missing").option("-y, --yes", "Skip confirmation prompt (for CI)").action(async (options) => {
+	await installCommand(options);
+});
 cli.command("upgrade", "Bring .pi/ up to the bundled template version").option("--force", "Overwrite user-modified files (default: preserve them)").option("--check", "Dry-run: report what would change without writing").option("--prune-all", "Delete orphan files (template-removed since install)").action(async (options) => {
 	await upgradeCommand(options);
 });

package/dist/template/.pi/README.md

@@ -241,22 +241,43 @@ This kit ships **2 custom TypeScript extensions** and uses **2 external npm pack
 | `workflows-runner` | Parses DAG workflows from `.pi/workflows/*.md`, returns execution plan with `subagent()` calls | Production |
 | `templates-injector` | Auto-injects `project.md`, `tech-stack.md`, `state.md` into system prompt | Production |
 
-### External packages (auto-loaded from global)
+### External packages
 
-| Package | Purpose | Why external |
-|---------|---------|--------------|
-| `@davecodes/pi-dcp` | Dynamic context pruning (dedup, error purge, compress tool) | Battle-tested, superset of what we'd write |
-| `jdiamond/pi-guard` | Tool permission system (bash AST parser, path globs, default ruleset) | Proper bash AST parser handles `\|`, `&&`, `xargs` — regex can't |
+The kit depends on external npm packages, split into two sets:
 
-Install with `pi install npm:@davecodes/pi-dcp npm:pi-guard`. The pi-guard config example lives at `.pi/guard.example.json` — copy the `guard` block into `.pi/settings.json` to enable.
+- **Core** — declared in `.pi/settings.json:packages`, auto-loaded by pi at
+  startup. Single source of truth = `settings.json`.
+- **Optional** — declared in `.pi/packages.json`, recommended add-ons you opt
+  into.
+
+| Package | Set | Purpose | Why external |
+|---------|-----|---------|--------------|
+| `@tintinweb/pi-subagents` | core | Subagent dispatch (`subagent()` tool) | Battle-tested pi-native package |
+| `@sting8k/pi-srcwalk` | core | `semantic_*` code navigation tools | Trigram-indexed search, deep |
+| `pi-hermes-memory` | core | Long-term memory (`memory`/`memory_search`/`session_search`/`skill_manage`) | Mature, 368 tests, FTS5 + two-tier |
+| `@davecodes/pi-dcp` | optional | Dynamic context pruning (dedup, error purge, compress tool) | Superset of the kit's former dcp-strategies extension |
+| `pi-guard` | optional | Tool permission system (bash AST parser, path globs) | AST parser handles `\|`, `&&`, `xargs` — regex can't |
+
+Install the full set with one command (idempotent, safe to re-run):
+
+```bash
+mdpi install            # core + optional
+mdpi install --core     # only settings.json:packages
+mdpi install --optional # only packages.json:optional
+mdpi install --check    # dry-run: report installed/missing
+```
+
+`mdpi install` shells out to `pi install npm:<pkg>` for each declared package.
+The pi-guard config example lives at `.pi/guard.example.json` — copy the `guard`
+block into `.pi/settings.json` to enable its rules.
 
 ### Removed (intentionally)
 
 | Extension | Reason | Replaced by |
 |-----------|--------|-------------|
 | `commands-dispatcher` | Pi's built-in prompt template loader already does this | pi core (no install needed) |
-| `dcp-strategies` | Superseded by `@davecodes/pi-dcp` (active globally) | `pi install npm:@davecodes/pi-dcp` |
-| `pi-guard` (local) | Superseded by `jdiamond/pi-guard` (proper AST parser) | `pi install npm:pi-guard` |
+| `dcp-strategies` | Superseded by `@davecodes/pi-dcp` (active globally) | `mdpi install --optional` |
+| `pi-guard` (local) | Superseded by `jdiamond/pi-guard` (proper AST parser) | `mdpi install --optional` |
 
 ---
 

package/dist/template/.pi/VERSION

@@ -1 +1 @@
-0.2.0
+0.4.1

package/dist/template/.pi/agents/general.md

@@ -2,7 +2,7 @@
 name: general
 description: General-purpose subagent for small, well-defined implementation tasks (1-3 files)
 tools: read, grep, find, ls, bash, edit, write, semantic_query, semantic_inspect, semantic_grep, semantic_show
-model: ollama-cloud/glm-5.2
+model: opencode-go/deepseek-v4-flash
 ---
 
 You are Pi — a surgical implementer.

package/dist/template/.pi/agents/review.md

@@ -2,7 +2,7 @@
 name: review
 description: Read-only code review, debugging, and security audit specialist with severity-ranked findings
 tools: read, grep, find, ls, bash, semantic_query, semantic_inspect, semantic_grep, semantic_show
-model: ollama-cloud/glm-5.2
+model: opencode-go/minimax-m3
 ---
 
 You are Pi — a read-only review specialist.

package/dist/template/.pi/extensions/templates-injector.ts

@@ -21,7 +21,7 @@ import * as fs from "node:fs";
 import * as path from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 
-const ALWAYS_INJECT = ["project.md", "tech-stack.md", "state.md"];
+const ALWAYS_INJECT = ["project.md", "tech-stack.md", "state.md", "DESIGN.md"];
 
 function readTemplate(cwd: string, name: string): string | null {
 	// Prefer live file at .pi/{name} (filled by /init — real project state);

package/dist/template/.pi/packages.json

@@ -0,0 +1,13 @@
+{
+  "$comment": "Optional packages recommended by this kit. `mdpi install` installs these alongside the core packages declared in settings.json:packages. Core lives there (single source of truth); this file only lists the opt-in set. Edit freely — adding an entry here makes `mdpi install` pick it up.",
+  "optional": [
+    {
+      "id": "npm:@davecodes/pi-dcp",
+      "note": "Dynamic context pruning — dedup, error purge, compress tool. Superset of the kit's former dcp-strategies extension."
+    },
+    {
+      "id": "npm:pi-guard",
+      "note": "Tool permission system (bash AST parser, path globs, default ruleset). Config example at .pi/guard.example.json."
+    }
+  ]
+}

package/dist/template/.pi/prompts/audit.md

@@ -39,6 +39,7 @@ Find all occurrences of a code pattern in the codebase, review each for issues,
 | `security-and-hardening` | Pattern involves auth, secrets, validation, input | Identify vulnerability patterns in audited code |
 | `code-review-and-quality` | Occurrences > 5 | Assess correctness and structural quality across results |
 | `fallow` | Occurrences > 20 or scope is project-wide | Structural analysis for dead code, duplication, complexity |
+| `dcp-hygiene` | Output (after workflow execution) | Compress closed grep+read occurrence output when `compress` is available |
 
 ## Execution
 
@@ -67,7 +68,7 @@ For small audits, execute directly without workflow overhead:
 
 | Scenario | Action |
 |----------|--------|
-| Workflow phase fails | Retry once with adjusted prompt, then escalate |
+| Workflow phase fails | Retry once with adjusted prompt, then escalate. If retry also fails, **save the failure** to `memory(action: "add", target: "failure", category: "failure")` — the pattern, scope, and what went wrong. |
 | No occurrences found | Report: "Pattern not found in codebase." |
 | Audit timeout | Report partial results with what was covered |
 | Subagent returns failure | Read error, retry once, then escalate |
@@ -81,6 +82,8 @@ For small audits, execute directly without workflow overhead:
 
 ## Output
 
+> **DCP hygiene:** Before writing the final report, if the `compress` tool is available, compress the closed discovery work-stream (`semantic_grep` results + per-occurrence `read` output) per the `dcp-hygiene` skill — occurrences and findings are captured in the report and `.pi/artifacts/$SLUG/audit.md`. Skip if `compress` is unavailable.
+
 1. **Pattern:** [pattern searched]
 2. **Occurrences found:** [count]
 3. **Files affected:** [count]

package/dist/template/.pi/prompts/create.md

@@ -25,6 +25,7 @@ Before creating, verify:
 - If active slug exists with a `spec.md`, ask user: continue with `/ship` or start new?
 - Check `git status --porcelain` — if uncommitted changes, ask user to stash, commit, or continue
 - Use `vcc_recall` to search session history for prior decisions on this topic — avoid repeating explored/rejected approaches
+- Use `memory_search({ project: "$(cat .pi/artifacts/.active 2>/dev/null || echo '')" })` for durable prior decisions across sessions
 
 ## Load Skills
 

package/dist/template/.pi/prompts/fix.md

@@ -21,6 +21,7 @@ Systematically debug and fix the reported issue.
 
 Before fixing:
 - Use `vcc_recall` to search for prior fix attempts on the same issue — avoid repeating failed approaches
+- Use `memory_search({ query: "<issue keywords>", target: "failure", category: "failure" })` for durable cross-session failed approaches
 - Check that the codebase builds/tests pass at baseline (confirm the bug is not a pre-existing state)
 
 ## Load Skills
@@ -32,6 +33,7 @@ Before fixing:
 | `verification-before-completion` | Always | Evidence-before-claims; verify fix actually resolves the bug |
 | `defense-in-depth` | After fix is verified | Harden the layer so the bug becomes structurally impossible |
 | `testing-anti-patterns` | If writing tests | Ensure regression test isn't a mock-only test |
+| `dcp-hygiene` | Phase 5 Report | Compress the closed reproduce+isolate work-stream when `compress` is available |
 
 ## Phase 1: Reproduce
 
@@ -59,6 +61,8 @@ If `--attach` provided, read the attached log/error file for context.
 
 ## Phase 4: Verify
 
+> **DCP hygiene (mid-command):** The fix is applied — the root cause is now captured; the reproduce/isolate reads and greps are no longer needed verbatim. If `compress` is available, compress the closed Phase 1-2 reproduce+isolate work-stream per the `dcp-hygiene` skill before running gates. Keep the root cause (file:line) and reproduction command in the summary. Skip if `compress` is unavailable.
+
 Run verification gates:
 
 ```bash
@@ -80,7 +84,7 @@ Then, load `defense-in-depth` skill and add validation at the data entry layer.
 |----------|--------|
 | Cannot reproduce issue | Report reproduction steps attempted, ask for clarification |
 | Root cause ambiguous | Trace backward through call stack, add instrumentation |
-| Verification fails 2x | Stop, report blocker with learnings from both attempts |
+| Verification fails 2x | Stop, report blocker with learnings from both attempts. **Also:** save to `memory(action: "add", target: "failure", category: "failure", content: "[root cause + approach tried + error + reproduction]")` so future sessions don't repeat the failed approach. |
 | Fix causes regression | Revert fix, report regression with evidence |
 
 ## Stop Conditions
@@ -92,6 +96,8 @@ Then, load `defense-in-depth` skill and add validation at the data entry layer.
 
 ## Phase 5: Report
 
+> **DCP hygiene:** Before reporting, if the `compress` tool is available, compress the closed Phase 1-3 exploratory work-stream (reproduce bash + isolate grep/inspect/read output) per the `dcp-hygiene` skill — the root cause and fix are now captured in this report and the artifact. Skip if `compress` is unavailable; the artifact already holds the facts.
+
 1. Root cause (with file:line)
 2. Fix applied
 3. Verification results (typecheck, lint, test)

package/dist/template/.pi/prompts/gc.md

@@ -31,6 +31,7 @@ Run structural analysis, update quality grades, and open cleanup PRs.
 | `code-cleanup` | Phase 4 (cleanup PRs) | Safe code removal patterns |
 | `verification-before-completion` | After cleanup PRs | Verify typecheck + lint pass before merging |
 | `observability-and-instrumentation` | If removing instrumented code | Check that cleanup doesn't break monitoring/logging |
+| `dcp-hygiene` | Phase 5 Report | Compress the closed Fallow scan + grading output when `compress` is available |
 
 ## Execution
 
@@ -75,6 +76,8 @@ If `--dry-run` (default), skip actual cleanup and report what would be cleaned.
 
 ### Phase 5: Report
 
+> **DCP hygiene:** Before reporting, if the `compress` tool is available, compress the closed Phase 1-3 Fallow scan + grading output (the large JSON and finding lists) per the `dcp-hygiene` skill — grades and prioritized findings are captured in this report and `.pi/QUALITY.md`. Skip if `compress` is unavailable.
+
 1. **Quality Grades:** Per-domain status (before → after)
 2. **Issues Found:** Count by severity
 3. **Cleanup PRs:** Opened / not needed / skipped (dry-run)

package/dist/template/.pi/prompts/init.md

@@ -56,6 +56,7 @@ Before initializing:
 | `documentation-and-adrs` | Always (Mode 1) | Doc conventions, ADR format when architectural decisions arise |
 | `verification-before-completion` | Before writing AGENTS.md | Validate commands before documenting them |
 | `brainstorming` | Conditionally: when ambiguous requirements arise | Refine project vision before initializing |
+| `dcp-hygiene` | Output (after `--deep` runs) | Compress closed detection + srcwalk/fallow work-stream when `compress` is available |
 
 ---
 
@@ -171,6 +172,8 @@ Write to `.pi/user.md` with the captured preferences.
 
 ## Output
 
+> **DCP hygiene:** If `--deep` ran and `compress` is available, compress the closed Phase 1 detection + git-history + srcwalk/fallow work-stream per the `dcp-hygiene` skill — tech stack, validated commands, and structure are captured in `AGENTS.md` and `tech-stack.md`. Skip if `compress` is unavailable (non-deep init produces little output).
+
 Report what was created:
 1. AGENTS.md (if core setup ran)
 2. tech-stack.md (if core setup ran)

package/dist/template/.pi/prompts/plan.md

@@ -36,12 +36,13 @@ Before planning:
 | `incremental-implementation` | Always | Thin vertical slice discipline — each task is verify-after-each |
 | `subagent-driven-development` | Multi-wave plan | Plan tasks for fresh subagent dispatch per task |
 | `source-driven-development` | Level 1-3 | Ground decisions in official docs when researching dependencies |
+| `dcp-hygiene` | Phase 8 Report | Compress closed git-history + research work-stream when `compress` is available |
 
 ## Phase 0: Institutional Research (Mandatory)
 
 ### Step 1: Search institutional memory
 
-Use `vcc_recall` to search for bugfixes and existing plans. If relevant observations found, incorporate them.
+Use `vcc_recall` to search for bugfixes and existing plans. Also use `memory_search({ query: "<plan topic>", target: "failure", category: "insight" })` for durable institutional knowledge. If relevant observations found, incorporate them.
 
 ### Step 2: Mine git history
 
@@ -216,7 +217,7 @@ Scan plan against AGENTS.md hard constraints:
 | Plan already exists | Ask user: overwrite or skip? |
 | Missing spec artifact | Report: "No spec found. Run `/create` first." |
 | Subagent research fails | Retry once with adjusted prompt, then proceed with existing knowledge |
-| Verification fails 2x | Stop, report blocker with file:line evidence |
+| Verification fails 2x | Stop, report blocker with file:line evidence. **Also:** save the failed approach to `memory(action: "add", target: "failure", category: "failure")` — the plan decomposition or approach that failed, and why. |
 
 ## Stop Conditions
 
@@ -227,6 +228,8 @@ Scan plan against AGENTS.md hard constraints:
 
 ## Phase 8: Report
 
+> **DCP hygiene:** Before reporting, if the `compress` tool is available, compress the closed Phase 0-2 institutional-research + git-history + scout work-stream per the `dcp-hygiene` skill — observable truths, artifacts, and dependency waves are captured in `plan.md` and `tasks.json`. Skip if `compress` is unavailable.
+
 1. **Discovery Level:** [0-3] with rationale
 2. **Must-Haves:** [N] observable truths, [M] required artifacts, [K] key links
 3. **Context Budget:** [Estimated usage]

package/dist/template/.pi/prompts/research.md

@@ -62,6 +62,7 @@ Before starting, analyze the research topic complexity:
 | `srcwalk` | Codebase research | Navigate codebase with repo maps, symbol search, callers/callees |
 | `opensrc` | Researching dependencies | Inspect library source for internal behavior |
 | `gemini-large-context` | Large codebase or multi-repo | Analyze beyond typical context limits |
+| `dcp-hygiene` | Phase 3 Synthesize (+ mid-research if `--thorough`) | Compress closed search/verify work-streams when `compress` is available |
 
 ## Direct Execution (Simple Research)
 
@@ -82,6 +83,8 @@ Cross-check findings:
 
 ### Phase 3: Synthesize
 
+> **DCP hygiene:** If `compress` is available, compress the closed Phase 1-2 search/verify work-stream per the `dcp-hygiene` skill — questions, answers, confidence, and sources are captured in the findings. For `--thorough` (~100+ calls), compress every ~30 calls mid-research to keep context bounded. Skip if `compress` is unavailable.
+
 If within active work, write findings to `.pi/artifacts/$SLUG/research.md`. Otherwise report inline.
 
 ## Workflow Execution (Complex Research)

package/dist/template/.pi/prompts/ship.md

@@ -21,6 +21,7 @@ Execute spec tasks, verify each passes, run review, mark complete.
 
 Before shipping:
 - Use `vcc_recall` to search for failed approaches to avoid repeating
+- Use `memory_search({ query: "<feature keywords>", target: "failure", category: "failure" })` for durable cross-session failures and prior decisions
 - Verify `.pi/artifacts/$(cat .pi/artifacts/.active)/spec.md` exists (if not, tell user to run `/create` first)
 - If `plan.md` exists, verify it references the current spec
 - Workspace check: create branch if needed, install deps if needed
@@ -37,6 +38,7 @@ Before shipping:
 | `code-review-and-quality` | Phase 5 review | 5-axis review: correctness, readability, architecture, security, performance |
 | `doubt-driven-development` | High-risk features | In-flight adversarial review before merge |
 | `context-engineering` | Batch workflow (≥5 independent tasks) | Context budget management for parallel subagent handoffs |
+| `dcp-hygiene` | Phase 7 Report (+ Phase 2/3→4 transition) | Compress closed implement/verify work-streams when `compress` is available |
 
 ## Phase 1: Route to Execution
 
@@ -118,6 +120,8 @@ If routed to workflow mode:
 
 ## Phase 4: Verification Gate
 
+> **DCP hygiene (mid-command):** Implementation is complete — the diff is now the source of truth, not the edit/read history. If `compress` is available, compress the closed Phase 2/3 implementation work-stream (file reads + edits) per the `dcp-hygiene` skill before running gates. Keep task results, commits, and affected-file lists in the summary. Skip if `compress` is unavailable.
+
 **Delegate to `/verify` — do not duplicate the gate logic here.** Run the canonical verification protocol defined in `prompts/verify.md` (Phase 1 Completeness → Phase 2 Correctness → Phase 4 Phantom Detection). Concretely:
 
 1. Invoke `/verify all --full` semantics (or run the same steps inline if already mid-session): load `verification-before-completion`, run typecheck + lint + test gates, use **full mode** for shipping (incremental is for iteration only), record stamp to `.pi/artifacts/verify.log` after all gates pass, run phantom completion detection, and do goal-backward verification (observable truths from plan/spec satisfied).
@@ -182,7 +186,7 @@ Ask user before closing. If confirmed:
 
 | Scenario | Action |
 |----------|--------|
-| Task verification fails 2x | Stop, report blocker with file:line evidence |
+| Task verification fails 2x | Stop, report blocker with file:line evidence. **Also:** save the failed approach to `memory(action: "add", target: "failure", category: "failure")` — what was tried, why it failed, the error, and the task description. |
 | Subagent returns failure | Read error, retry once with adjusted prompt, then escalate |
 | Review finds critical issue | Fix inline, re-run Phase 4, continue |
 | Batch workflow failure | Fall back to sequential execution |
@@ -190,6 +194,8 @@ Ask user before closing. If confirmed:
 
 ## Phase 7: Report
 
+> **DCP hygiene:** Before reporting, if the `compress` tool is available, compress the closed implementation + verification work-stream (file reads, edits, gate bash output) per the `dcp-hygiene` skill — task results, commits, and gate results are captured in this report and `progress.md`. Skip if `compress` is unavailable.
+
 1. **Execution Summary:** tasks completed/total, waves executed, commits made
 2. **Task Results:** per-task status, files modified, commit hashes
 3. **Verification Gate Results:** typecheck, lint, test, build — pass/fail

package/dist/template/.pi/prompts/verify.md

@@ -41,6 +41,7 @@ Check implementation against PRD before shipping.
 | `verification-before-completion` | Always | Evidence-before-claims; phantom detection; verification cache protocol; Worker Distrust Protocol |
 | `code-review-and-quality` | Phase 4 coherence check | Cross-reference artifacts for correctness |
 | `testing-anti-patterns` | Phase 3 after tests pass | Detect mock-only tests, production pollution, and fragile assertions |
+| `dcp-hygiene` | Phase 5 Report | Compress the closed gate output (typecheck/lint/test) when `compress` is available |
 
 ## Phase 0: Verification Cache
 
@@ -115,7 +116,7 @@ Load `verification-before-completion` skill. Follow its phantom completion detec
 | Scenario | Action |
 |----------|--------|
 | Gate fails | Report which gate failed with exact error |
-| Verification fails 2x | Stop, report blocker with file:line evidence |
+| Verification fails 2x | Stop, report blocker with file:line evidence. **Also:** save the failure to `memory(action: "add", target: "failure", category: "failure")` — the gate that failed, the error, and what was tried. |
 | Cache stamp mismatch | Run gates fresh — don't reuse stale cache |
 | Phantom artifacts detected | Report PHANTOM score, block completion |
 
@@ -128,6 +129,8 @@ Load `verification-before-completion` skill. Follow its phantom completion detec
 
 ## Phase 5: Report
 
+> **DCP hygiene:** Before reporting, if the `compress` tool is available, compress the closed Phase 2 gate output (typecheck/lint/test/bash) per the `dcp-hygiene` skill — results are recorded in the report table and the verification cache. Skip if `compress` is unavailable.
+
 Append to `.pi/artifacts/$SLUG/progress.md`: `Verification: [PASS|PARTIAL|FAIL] - [summary]`
 
 1. **Result**: READY TO SHIP / NEEDS WORK / BLOCKED