npm - @themoltnet/pi-extension - Versions diffs - 0.13.5 → 0.15.0 - Mend

@themoltnet/pi-extension 0.13.5 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -2,17 +2,17 @@ import { createRequire } from "node:module";
 import { execFileSync } from "node:child_process";
 import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync } from "node:fs";
 import path, { join } from "node:path";
-import { DefaultResourceLoader, SessionManager, createAgentSession, createBashTool, createBashToolDefinition, createEditTool, createEditToolDefinition, createReadTool, createReadToolDefinition, createWriteTool, createWriteToolDefinition, defineTool } from "@earendil-works/pi-coding-agent";
+import { DefaultResourceLoader, SessionManager, createAgentSession, createBashTool, createBashToolDefinition, createEditTool, createEditToolDefinition, createReadTool, createReadToolDefinition, createSyntheticSourceInfo, createWriteTool, createWriteToolDefinition, defineTool, parseFrontmatter } from "@earendil-works/pi-coding-agent";
 import { createHash } from "node:crypto";
 import crypto, { createHash as createHash$1 } from "crypto";
 import { readFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { Type, getModel } from "@earendil-works/pi-ai";
-import { RealFSProvider, ShadowProvider, VM, VmCheckpoint, createHttpHooks, createShadowPathPredicate, ensureImageSelector, loadGuestAssets } from "@earendil-works/gondolin";
+import { MemoryProvider, RealFSProvider, ShadowProvider, VM, VmCheckpoint, createHttpHooks, createShadowPathPredicate, ensureImageSelector, loadGuestAssets } from "@earendil-works/gondolin";
 import { parseEnv } from "node:util";
 import { SpanStatusCode, context, metrics, trace } from "@opentelemetry/api";
-import { FormatRegistry, Type as Type$1 } from "@sinclair/typebox";
 import { Value } from "@sinclair/typebox/value";
+import { FormatRegistry, Type as Type$1 } from "@sinclair/typebox";
 //#region \0rolldown/runtime.js
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -2424,13 +2424,31 @@ function problemToError(problem, statusCode) {
 //#endregion
 //#region ../sdk/src/agent-context.ts
 function unwrapResult(result) {
-	if (result.error) {
+	if (result.error !== void 0 && result.error !== null) {
 		const error = result.error;
-		throw problemToError(error, error.status ?? 500);
+		if (isProblemDetails(error)) throw problemToError(error, error.status);
+		if (error instanceof Error && result.response === void 0) {
+			const networkError = new NetworkError(error.message, { detail: error.cause ? stringifyUnknown(error.cause) : void 0 });
+			networkError.stack = error.stack;
+			throw networkError;
+		}
+		throw new MoltNetError(`Unexpected error from MoltNet API: ${stringifyUnknown(error)}`, { code: "UNKNOWN" });
 	}
 	if (result.data === void 0) throw new MoltNetError("Unexpected empty response from MoltNet API", { code: "EMPTY_RESPONSE" });
 	return result.data;
 }
+function isProblemDetails(error) {
+	if (!error || typeof error !== "object") return false;
+	return typeof error.status === "number" && ("title" in error || "detail" in error);
+}
+function stringifyUnknown(value) {
+	if (value instanceof Error) return `${value.name}: ${value.message}`;
+	try {
+		return JSON.stringify(value) ?? String(value);
+	} catch {
+		return String(value);
+	}
+}
 function unwrapRequired(result, message, code) {
 	if (result.error || !result.data) throw new MoltNetError(message, { code });
 	return result.data;
@@ -8057,138 +8075,29 @@ function pruneOldSnapshots(maxCached, currentDir) {
 	});
 }
 //#endregion
-//#region src/tool-operations.ts
-/**
-* Gondolin tool operations: redirect pi's built-in tool operations
-* (read, write, edit, bash) to execute inside the VM.
-*
-* Follows the same pattern as upstream pi-gondolin.ts — pi's tool factories
-* accept an `operations` object that provides the underlying I/O.
-*/
+//#region src/vm-manager.ts
 var GUEST_WORKSPACE$2 = "/workspace";
-function shQuote(s) {
-	return "'" + s.replace(/'/g, "'\\''") + "'";
-}
 /**
-* Map a host-side absolute path to a guest-side /workspace path.
-* Throws if the path escapes the workspace.
-*/
-function toGuestPath(localCwd, localPath) {
-	if (localPath === GUEST_WORKSPACE$2 || localPath.startsWith(`${GUEST_WORKSPACE$2}/`)) return localPath;
-	const rel = path.relative(localCwd, localPath);
-	if (rel === "") return GUEST_WORKSPACE$2;
-	if (rel.startsWith("..") || path.isAbsolute(rel)) throw new Error(`path escapes workspace: ${localPath}`);
-	const posixRel = rel.split(path.sep).join(path.posix.sep);
-	return path.posix.join(GUEST_WORKSPACE$2, posixRel);
-}
-function createGondolinReadOps(vm, localCwd) {
-	return {
-		readFile: async (p) => {
-			const r = await vm.exec(["/bin/cat", toGuestPath(localCwd, p)]);
-			if (!r.ok) throw new Error(`cat failed (${r.exitCode}): ${r.stderr}`);
-			return r.stdoutBuffer;
-		},
-		access: async (p) => {
-			if (!(await vm.exec([
-				"/bin/sh",
-				"-lc",
-				`test -r ${shQuote(toGuestPath(localCwd, p))}`
-			])).ok) throw new Error(`not readable: ${p}`);
-		},
-		detectImageMimeType: async (p) => {
-			try {
-				const r = await vm.exec([
-					"/bin/sh",
-					"-lc",
-					`file --mime-type -b ${shQuote(toGuestPath(localCwd, p))}`
-				]);
-				if (!r.ok) return null;
-				const m = r.stdout.trim();
-				return [
-					"image/jpeg",
-					"image/png",
-					"image/gif",
-					"image/webp"
-				].includes(m) ? m : null;
-			} catch {
-				return null;
-			}
-		}
-	};
-}
-function createGondolinWriteOps(vm, localCwd) {
-	return {
-		writeFile: async (p, content) => {
-			const guestPath = toGuestPath(localCwd, p);
-			const dir = path.posix.dirname(guestPath);
-			const b64 = Buffer.from(content, "utf8").toString("base64");
-			const r = await vm.exec([
-				"/bin/sh",
-				"-lc",
-				[
-					"set -eu",
-					`mkdir -p ${shQuote(dir)}`,
-					`echo ${shQuote(b64)} | base64 -d > ${shQuote(guestPath)}`
-				].join("\n")
-			]);
-			if (!r.ok) throw new Error(`write failed (${r.exitCode}): ${r.stderr}`);
-		},
-		mkdir: async (dir) => {
-			const r = await vm.exec([
-				"/bin/mkdir",
-				"-p",
-				toGuestPath(localCwd, dir)
-			]);
-			if (!r.ok) throw new Error(`mkdir failed (${r.exitCode}): ${r.stderr}`);
-		}
-	};
-}
-function createGondolinEditOps(vm, localCwd) {
-	const r = createGondolinReadOps(vm, localCwd);
-	const w = createGondolinWriteOps(vm, localCwd);
-	return {
-		readFile: r.readFile,
-		access: r.access,
-		writeFile: w.writeFile
-	};
-}
-function createGondolinBashOps(vm, localCwd) {
-	return { exec: async (command, cwd, { onData, signal, timeout, env }) => {
-		const guestCwd = toGuestPath(localCwd, cwd);
-		const ac = new AbortController();
-		const onAbort = () => ac.abort();
-		signal?.addEventListener("abort", onAbort, { once: true });
-		let timedOut = false;
-		const timer = timeout && timeout > 0 ? setTimeout(() => {
-			timedOut = true;
-			ac.abort();
-		}, timeout * 1e3) : void 0;
-		try {
-			const proc = vm.exec([
-				"/bin/sh",
-				"-lc",
-				command
-			], {
-				cwd: guestCwd,
-				signal: ac.signal,
-				stdout: "pipe",
-				stderr: "pipe"
-			});
-			for await (const chunk of proc.output()) onData(typeof chunk.data === "string" ? Buffer.from(chunk.data, "utf8") : chunk.data);
-			return { exitCode: (await proc).exitCode };
-		} catch (err) {
-			if (signal?.aborted) throw new Error("aborted");
-			if (timedOut) throw new Error(`timeout:${timeout}`);
-			throw err;
-		} finally {
-			if (timer) clearTimeout(timer);
-			signal?.removeEventListener("abort", onAbort);
-		}
-	} };
-}
-//#endregion
-//#region src/vm-manager.ts
-var GUEST_WORKSPACE$1 = "/workspace";
+* Memory-backed VFS mount used by the daemon to inject task-context
+* skills (#943 slice 1.5). Sibling of /workspace, NOT a sub-path —
+* Gondolin mounts can't nest. The agent's Gondolin-bound Read tool
+* accepts paths under this prefix (see toGuestPath in tool-operations.ts).
+*
+* Why MemoryProvider rather than a path under /workspace:
+*   - Injected skills are ephemeral by intent: per-task-attempt input
+*     scoped to the VM lifetime. MemoryProvider models that exactly —
+*     in-memory, per-VM-instance, zero host artefacts, automatic
+*     cleanup on VM close.
+*   - Writing under /workspace fails in worktrees because we symlink
+*     `.moltnet/` to the main repo (so credentials are reachable from
+*     worktrees), and Gondolin's RealFSProvider correctly refuses to
+*     create paths whose ancestors' realpath escapes the mount root.
+*     That refusal is a deliberate sandbox-escape protection, not a
+*     bug. See diary semantic entry cd27d9d3-efdc-4aec-ac0d-5fd8ce258d1f
+*     and episodic 7affbfeb-18a2-4963-aeac-c177eb2afa2d for the full
+*     investigation and the alternatives we rejected.
+*/
+var GUEST_TASK_SKILLS_MOUNT = "/moltnet-task-skills";
 /**
 * Resolve the main worktree root (where .moltnet/ lives — it's untracked,
 * only exists in the main worktree, not in git worktrees).
@@ -8317,7 +8226,10 @@ async function resumeVm(config) {
 		env: vmEnv,
 		...resources?.memory && { memory: resources.memory },
 		...resources?.cpus && { cpus: resources.cpus },
-		vfs: { mounts: { [GUEST_WORKSPACE$1]: workspaceProvider } }
+		vfs: { mounts: {
+			[GUEST_WORKSPACE$2]: workspaceProvider,
+			[GUEST_TASK_SKILLS_MOUNT]: new MemoryProvider()
+		} }
 	});
 	await vm.exec(`sh -c '
     cp /etc/gondolin/mitm/ca.crt /usr/local/share/ca-certificates/gondolin-mitm.crt
@@ -8347,7 +8259,7 @@ nameserver 1.1.1.1" > /etc/resolv.conf'`);
 		vm,
 		credentials: creds,
 		mountPath: config.mountPath,
-		guestWorkspace: GUEST_WORKSPACE$1,
+		guestWorkspace: GUEST_WORKSPACE$2,
 		agentDir
 	};
 }
@@ -8400,6 +8312,137 @@ function ensureRelativeWorktreePaths(gitconfig) {
 	return `${gitconfig}${gitconfig.endsWith("\n") ? "" : "\n"}[worktree]\n\tuseRelativePaths = true\n`;
 }
 //#endregion
+//#region src/tool-operations.ts
+/**
+* Gondolin tool operations: redirect pi's built-in tool operations
+* (read, write, edit, bash) to execute inside the VM.
+*
+* Follows the same pattern as upstream pi-gondolin.ts — pi's tool factories
+* accept an `operations` object that provides the underlying I/O.
+*/
+var GUEST_WORKSPACE$1 = "/workspace";
+function shQuote(s) {
+	return "'" + s.replace(/'/g, "'\\''") + "'";
+}
+/**
+* Map a host-side absolute path to a guest-side /workspace path.
+* Throws if the path escapes the workspace.
+*/
+function toGuestPath(localCwd, localPath) {
+	if (localPath === GUEST_WORKSPACE$1 || localPath.startsWith(`${GUEST_WORKSPACE$1}/`)) return localPath;
+	if (localPath === "/moltnet-task-skills" || localPath.startsWith(`/moltnet-task-skills/`)) return localPath;
+	const rel = path.relative(localCwd, localPath);
+	if (rel === "") return GUEST_WORKSPACE$1;
+	if (rel.startsWith("..") || path.isAbsolute(rel)) throw new Error(`path escapes workspace: ${localPath}`);
+	const posixRel = rel.split(path.sep).join(path.posix.sep);
+	return path.posix.join(GUEST_WORKSPACE$1, posixRel);
+}
+function createGondolinReadOps(vm, localCwd) {
+	return {
+		readFile: async (p) => {
+			const r = await vm.exec(["/bin/cat", toGuestPath(localCwd, p)]);
+			if (!r.ok) throw new Error(`cat failed (${r.exitCode}): ${r.stderr}`);
+			return r.stdoutBuffer;
+		},
+		access: async (p) => {
+			if (!(await vm.exec([
+				"/bin/sh",
+				"-lc",
+				`test -r ${shQuote(toGuestPath(localCwd, p))}`
+			])).ok) throw new Error(`not readable: ${p}`);
+		},
+		detectImageMimeType: async (p) => {
+			try {
+				const r = await vm.exec([
+					"/bin/sh",
+					"-lc",
+					`file --mime-type -b ${shQuote(toGuestPath(localCwd, p))}`
+				]);
+				if (!r.ok) return null;
+				const m = r.stdout.trim();
+				return [
+					"image/jpeg",
+					"image/png",
+					"image/gif",
+					"image/webp"
+				].includes(m) ? m : null;
+			} catch {
+				return null;
+			}
+		}
+	};
+}
+function createGondolinWriteOps(vm, localCwd) {
+	return {
+		writeFile: async (p, content) => {
+			const guestPath = toGuestPath(localCwd, p);
+			const dir = path.posix.dirname(guestPath);
+			const b64 = Buffer.from(content, "utf8").toString("base64");
+			const r = await vm.exec([
+				"/bin/sh",
+				"-lc",
+				[
+					"set -eu",
+					`mkdir -p ${shQuote(dir)}`,
+					`echo ${shQuote(b64)} | base64 -d > ${shQuote(guestPath)}`
+				].join("\n")
+			]);
+			if (!r.ok) throw new Error(`write failed (${r.exitCode}): ${r.stderr}`);
+		},
+		mkdir: async (dir) => {
+			const r = await vm.exec([
+				"/bin/mkdir",
+				"-p",
+				toGuestPath(localCwd, dir)
+			]);
+			if (!r.ok) throw new Error(`mkdir failed (${r.exitCode}): ${r.stderr}`);
+		}
+	};
+}
+function createGondolinEditOps(vm, localCwd) {
+	const r = createGondolinReadOps(vm, localCwd);
+	const w = createGondolinWriteOps(vm, localCwd);
+	return {
+		readFile: r.readFile,
+		access: r.access,
+		writeFile: w.writeFile
+	};
+}
+function createGondolinBashOps(vm, localCwd) {
+	return { exec: async (command, cwd, { onData, signal, timeout, env }) => {
+		const guestCwd = toGuestPath(localCwd, cwd);
+		const ac = new AbortController();
+		const onAbort = () => ac.abort();
+		signal?.addEventListener("abort", onAbort, { once: true });
+		let timedOut = false;
+		const timer = timeout && timeout > 0 ? setTimeout(() => {
+			timedOut = true;
+			ac.abort();
+		}, timeout * 1e3) : void 0;
+		try {
+			const proc = vm.exec([
+				"/bin/sh",
+				"-lc",
+				command
+			], {
+				cwd: guestCwd,
+				signal: ac.signal,
+				stdout: "pipe",
+				stderr: "pipe"
+			});
+			for await (const chunk of proc.output()) onData(typeof chunk.data === "string" ? Buffer.from(chunk.data, "utf8") : chunk.data);
+			return { exitCode: (await proc).exitCode };
+		} catch (err) {
+			if (signal?.aborted) throw new Error("aborted");
+			if (timedOut) throw new Error(`timeout:${timeout}`);
+			throw err;
+		} finally {
+			if (timer) clearTimeout(timer);
+			signal?.removeEventListener("abort", onAbort);
+		}
+	} };
+}
+//#endregion
 //#region src/otel/index.ts
 var TRACER_NAME = "@themoltnet/pi-extension/otel";
 function stripReservedAttrs(attrs) {
@@ -8537,6 +8580,94 @@ function extractUsage(message) {
 	};
 }
 //#endregion
+//#region src/runtime/agent-session-factory.ts
+var NO_SKILLS = () => ({
+	skills: [],
+	diagnostics: []
+});
+/**
+* Construct an in-memory `AgentSession`. The caller is responsible for
+* eventually invoking `session.prompt(...)` and for tearing down — the
+* helper does no lifecycle management beyond construction.
+*/
+async function buildAgentSession(args) {
+	const piOtelExtension = createPiOtelExtension({
+		agentName: args.agentName,
+		spanAttributes: args.otelSpanAttrs
+	});
+	const resourceLoader = new DefaultResourceLoader({
+		cwd: args.mountPath,
+		agentDir: args.piAuthDir,
+		extensionFactories: [piOtelExtension],
+		appendSystemPrompt: args.appendSystemPrompt,
+		skillsOverride: args.skillsOverride ?? NO_SKILLS
+	});
+	await resourceLoader.reload();
+	return (await createAgentSession({
+		agentDir: args.piAuthDir,
+		cwd: args.mountPath,
+		model: args.modelHandle,
+		customTools: args.customTools,
+		sessionManager: SessionManager.inMemory(),
+		resourceLoader
+	})).session;
+}
+//#endregion
+//#region ../agent-runtime/src/context-bindings.ts
+var PROMPT_SEPARATOR = "\n\n---\n\n";
+/**
+* Resolve `task.input.context[]` into delivered side-effects (skills
+* persisted via `deliver.skill`) and prompt fragments
+* (`systemPromptPrefix`, `userInlineSuffix`) the caller weaves into the
+* built prompt.
+*
+* Per-binding semantics (V1):
+*   - `skill`         → `deliver.skill({ slug, content })` once per ref.
+*                       Slug collisions on distinct contents are
+*                       refused loudly.
+*   - `prompt_prefix` → content appended to `systemPromptPrefix` with
+*                       the canonical `\n\n---\n\n` separator (in
+*                       declared order).
+*   - `user_inline`   → content appended to `userInlineSuffix` in
+*                       declared order, same separator.
+*
+* No fetching, no hashing — bytes are inlined in `ContextRef.content`,
+* and the task's `inputCid` already pins the entire input. The imposer
+* chose these bytes; the resolver just dispatches them.
+*
+* The function is pure with respect to its arguments: file writes are
+* confined to the injected `deliver` callback, which makes the
+* resolver trivial to test.
+*/
+async function resolveTaskContext(args) {
+	const promptParts = [];
+	const userParts = [];
+	const injected = [];
+	const usedSlugs = /* @__PURE__ */ new Map();
+	for (const ref of args.context) {
+		if (ref.binding === "skill") {
+			const prior = usedSlugs.get(ref.slug);
+			if (prior !== void 0) {
+				if (prior !== ref.content) throw new Error(`slug collision on '${ref.slug}': two skill entries share the same slug but have different content`);
+				injected.push(ref);
+				continue;
+			}
+			usedSlugs.set(ref.slug, ref.content);
+			await args.deliver.skill({
+				slug: ref.slug,
+				content: ref.content
+			});
+		} else if (ref.binding === "prompt_prefix") promptParts.push(ref.content);
+		else userParts.push(ref.content);
+		injected.push(ref);
+	}
+	return {
+		injected,
+		systemPromptPrefix: promptParts.join(PROMPT_SEPARATOR),
+		userInlineSuffix: userParts.join(PROMPT_SEPARATOR)
+	};
+}
+//#endregion
 //#region ../tasks/src/formats.ts
 /**
 * Register TypeBox string formats used across Task / TaskOutput / task-type
@@ -8551,6 +8682,55 @@ var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a
 if (!FormatRegistry.Has("uuid")) FormatRegistry.Set("uuid", (v) => UUID_RE.test(v));
 if (!FormatRegistry.Has("date-time")) FormatRegistry.Set("date-time", (v) => !Number.isNaN(Date.parse(v)));
 //#endregion
+//#region ../tasks/src/context.ts
+/**
+* How an executor delivers a context entry to its underlying LLM.
+* V1 bindings only; Tier-2 (reference_file, mcp_resource, imported_file,
+* tool_response_seed, additional_context_hook) ship in a later slice.
+*/
+var ContextBinding = Type$1.Union([
+	Type$1.Literal("skill"),
+	Type$1.Literal("prompt_prefix"),
+	Type$1.Literal("user_inline")
+], { $id: "ContextBinding" });
+/**
+* One context entry. Bytes are inlined: the imposer chose them, and the
+* task's `inputCid` already pins the entire input — including
+* `context[]` — so we don't need a separate per-entry hash, fetcher, or
+* flagged-content gate. Tasks reference rendered packs (or any other
+* external content) by copying their bytes into `content` at task
+* creation time.
+*
+* - `slug` — short identifier the daemon uses to disambiguate
+*            entries. For `skill` binding it becomes the directory
+*            name under the runtime's skill discovery path. Must be
+*            kebab-case-safe (alphanumeric + dashes/underscores).
+* - `binding` — how the bytes are delivered to the LLM (see above).
+* - `content` — the actual bytes (UTF-8 text). Capped at 32 KiB per
+*               entry; total per-task context bytes are bounded by the
+*               soft `maxItems` cap and per-binding daemon limits.
+*/
+var ContextRef = Type$1.Object({
+	slug: Type$1.String({
+		minLength: 1,
+		maxLength: 64,
+		pattern: "^[a-zA-Z0-9_-]+$"
+	}),
+	binding: ContextBinding,
+	content: Type$1.String({
+		minLength: 1,
+		maxLength: 32768
+	})
+}, {
+	$id: "ContextRef",
+	additionalProperties: false
+});
+/** Reusable input fragment for any task type. Soft cap at 5 items. */
+var TaskContext = Type$1.Array(ContextRef, {
+	$id: "TaskContext",
+	maxItems: 5
+});
+//#endregion
 //#region ../tasks/src/rubric.ts
 /**
 * Rubric — structured acceptance criteria used by judgment tasks.
@@ -9099,6 +9279,60 @@ var RenderPackOutput = Type$1.Object({
 	additionalProperties: false
 });
 //#endregion
+//#region ../tasks/src/task-types/run-eval.ts
+/**
+* `run_eval` — execute a scenario prompt under a named variant for
+* later cross-variant grading by `judge_eval_variant` (Slice 2).
+*
+* output_kind: artifact
+* criteria: optional (when set, output.verification is required —
+*   producer self-assessment; the judge is the binding evaluator)
+* references: not required (scenario lives entirely in input)
+*/
+var RUN_EVAL_TYPE = "run_eval";
+var RunEvalInput = Type$1.Object({
+	scenario: Type$1.Object({
+		prompt: Type$1.String({ minLength: 1 }),
+		inputFiles: Type$1.Optional(Type$1.Array(Type$1.String({ minLength: 1 })))
+	}, { additionalProperties: false }),
+	variantLabel: Type$1.String({
+		minLength: 1,
+		maxLength: 64
+	}),
+	context: TaskContext,
+	successCriteria: Type$1.Optional(SuccessCriteria)
+}, {
+	$id: "RunEvalInput",
+	additionalProperties: false
+});
+var RunEvalOutput = Type$1.Object({
+	response: Type$1.String({ minLength: 1 }),
+	artifacts: Type$1.Optional(Type$1.Array(Type$1.Object({
+		path: Type$1.String({ minLength: 1 }),
+		cid: Type$1.String({ minLength: 1 })
+	}, { additionalProperties: false }))),
+	totalTokens: Type$1.Integer({ minimum: 0 }),
+	durationMs: Type$1.Integer({ minimum: 0 }),
+	traceparent: Type$1.String({ minLength: 1 }),
+	verification: Type$1.Optional(VerificationRecord)
+}, {
+	$id: "RunEvalOutput",
+	additionalProperties: false
+});
+/**
+* Cross-field rule mirroring the `requireVerificationWhenCriteriaPresent`
+* rule used by the brief task types: when input declares
+* `successCriteria`, output MUST carry `verification`; when it doesn't,
+* output MUST NOT carry one.
+*/
+function validateRunEvalOutput(output, input) {
+	const hasCriteria = input !== null && input !== void 0 && input.successCriteria !== void 0;
+	const hasVerification = output !== null && output !== void 0 && output.verification !== void 0;
+	if (hasCriteria && !hasVerification) return "output.verification is required because input.successCriteria is set; the producer LLM must self-assess against the criteria";
+	if (!hasCriteria && hasVerification) return "output.verification was supplied but input.successCriteria is unset; omit verification when there are no criteria to assess against";
+	return null;
+}
+//#endregion
 //#region ../tasks/src/task-types/index.ts
 /**
 * Validate that a judgment-task input carries a rubric inside its
@@ -9177,6 +9411,14 @@ var BUILT_IN_TASK_TYPES = {
 		requiresReferences: true,
 		validateInput: validateJudgmentInput,
 		validateOutput: validateJudgePackOutput
+	},
+	[RUN_EVAL_TYPE]: {
+		name: RUN_EVAL_TYPE,
+		inputSchema: RunEvalInput,
+		outputSchema: RunEvalOutput,
+		outputKind: "artifact",
+		requiresReferences: false,
+		validateOutput: validateRunEvalOutput
 	}
 };
 //#endregion
@@ -9231,6 +9473,15 @@ function validateTaskOutput(taskType, output, input) {
 function getTaskOutputSchema(taskType) {
 	return getTaskTypeEntry(taskType)?.outputSchema ?? null;
 }
+/**
+* Whether sessions running this task type should have the generic
+* `subagent` custom tool registered. Returns `false` for unknown task
+* types and for task types that didn't opt in. See `TaskTypeEntry`
+* for the design rationale.
+*/
+function taskTypeUsesSubagents(taskType) {
+	return getTaskTypeEntry(taskType)?.usesSubagents === true;
+}
 //#endregion
 //#region ../tasks/src/wire.ts
 /**
@@ -9275,6 +9526,14 @@ var ExecutorTrustLevel = Type$1.Union([
 	Type$1.Literal("releaseVerifiedTool"),
 	Type$1.Literal("sandboxAttested")
 ], { $id: "ExecutorTrustLevel" });
+/** Identifies a (provider, model) daemon pair allowed to claim a task. */
+var ExecutorRef = Type$1.Object({
+	provider: Type$1.String({ minLength: 1 }),
+	model: Type$1.String({ minLength: 1 })
+}, {
+	$id: "ExecutorRef",
+	additionalProperties: false
+});
 var OutputKind = Type$1.Union([Type$1.Literal("artifact"), Type$1.Literal("judgment")], { $id: "OutputKind" });
 var TaskMessageKind = Type$1.Union([
 	Type$1.Literal("text_delta"),
@@ -9367,6 +9626,7 @@ Type$1.Object({
 	imposedByHumanId: Type$1.Union([Uuid, Type$1.Null()]),
 	acceptedAttemptN: Type$1.Union([Type$1.Number(), Type$1.Null()]),
 	requiredExecutorTrustLevel: ExecutorTrustLevel,
+	allowedExecutors: Type$1.Array(ExecutorRef, { maxItems: 16 }),
 	status: TaskStatus,
 	queuedAt: IsoTimestamp,
 	completedAt: Type$1.Union([IsoTimestamp, Type$1.Null()]),
@@ -9552,7 +9812,7 @@ function buildFinalOutputBlock(opts) {
 //#endregion
 //#region ../agent-runtime/src/prompts/assess-brief.ts
 /**
-* Build the system prompt for an `assess_brief` judge attempt.
+* Build the first user-message prompt for an `assess_brief` judge attempt.
 *
 * Design note — no pre-resolved `target` projection
 * --------------------------------------------------
@@ -9573,7 +9833,7 @@ function buildFinalOutputBlock(opts) {
 * future task types whose products are docs / configs / changes /
 * anything) work without any code path here.
 */
-function buildAssessBriefPrompt(input, ctx) {
+function buildAssessBriefUserPrompt(input, ctx) {
 	const rubric = input.successCriteria.rubric;
 	const criteriaList = rubric.criteria.map((c, i) => `${i + 1}. **${c.id}** (weight ${c.weight}, scoring: \`${c.scoring}\`) — ${c.description}`).join("\n");
 	const preambleSection = rubric.preamble ? [
@@ -9688,7 +9948,7 @@ function buildSelfVerificationBlock(taskId) {
 //#endregion
 //#region ../agent-runtime/src/prompts/curate-pack.ts
 /**
-* Build the system prompt for a `curate_pack` task.
+* Build the first user-message prompt for a `curate_pack` task.
 *
 * Design note: this prompt is deliberately NOT a numbered command
 * sequence. The curator's value comes from judgment — inferring scope
@@ -9709,7 +9969,7 @@ function buildSelfVerificationBlock(taskId) {
 * emits pruned state at phase boundaries so a follow-up session can
 * resume without replaying the tool history.
 */
-function buildCuratePackPrompt(input, ctx) {
+function buildCuratePackUserPrompt(input, ctx) {
 	const { diaryId, taskPrompt, entryTypes, tagFilters, tokenBudget, recipe } = input;
 	const entryTypesPinned = Boolean(entryTypes);
 	const resolvedRecipe = recipe ?? "topic-focused-v1";
@@ -9845,13 +10105,13 @@ function buildCuratePackPrompt(input, ctx) {
 //#endregion
 //#region ../agent-runtime/src/prompts/fulfill-brief.ts
 /**
-* Build the system prompt for a `fulfill_brief` task.
+* Build the first user-message prompt for a `fulfill_brief` task.
 *
 * Generalized from the original `resolve-issue` prompt. No longer
 * GitHub-specific; references live on `Task.references[]` and the agent
 * is told to inspect them itself.
 */
-function buildFulfillBriefPrompt(input, ctx) {
+function buildFulfillBriefUserPrompt(input, ctx) {
 	const { brief, title, acceptanceCriteria, seedFiles, scopeHint } = input;
 	const criteriaSection = acceptanceCriteria?.length ? [
 		"### Acceptance criteria",
@@ -9931,7 +10191,7 @@ function buildFulfillBriefPrompt(input, ctx) {
 }
 //#endregion
 //#region ../agent-runtime/src/prompts/judge-pack.ts
-function buildJudgePackPrompt(input, ctx) {
+function buildJudgePackUserPrompt(input, ctx) {
 	const { renderedPackId, sourcePackId, successCriteria } = input;
 	const rubric = successCriteria.rubric;
 	const criteriaList = rubric.criteria.map((c, i) => `${i + 1}. **${c.id}** (weight ${c.weight}, scoring: \`${c.scoring}\`) — ${c.description}`).join("\n");
@@ -10058,10 +10318,10 @@ function buildJudgePackPrompt(input, ctx) {
 //#endregion
 //#region ../agent-runtime/src/prompts/render-pack.ts
 /**
-* Build the system prompt for a `render_pack` task. Almost mechanical:
+* Build the first user-message prompt for a `render_pack` task. Almost mechanical:
 * wraps `moltnet_pack_render` and emits the receipt.
 */
-function buildRenderPackPrompt(input, ctx) {
+function buildRenderPackUserPrompt(input, ctx) {
 	const { packId, persist = true, pinned = false } = input;
 	return [
 		"# Render Pack Agent",
@@ -10115,19 +10375,87 @@ function buildRenderPackPrompt(input, ctx) {
 	].join("\n");
 }
 //#endregion
+//#region ../agent-runtime/src/prompts/run-eval.ts
+/**
+* Build the first user-message prompt for a `run_eval` task.
+*
+* Free-form: no git workflow, no commit ceremony. The executor produces
+* a textual response (and optional file artifacts) that a later
+* `judge_eval_variant` task (Slice 2) grades against the rubric.
+*
+* Context delivery is handled by `resolveTaskContext` (see
+* libs/agent-runtime/src/context-bindings.ts) and runs BEFORE this
+* prompt is rendered: `prompt_prefix` items are concatenated ahead of
+* the body, `skill` items are persisted at the runtime's skill path,
+* and `user_inline` items are appended to the first user message. This
+* builder does NOT inline `input.context[]` itself.
+*/
+function buildRunEvalUserPrompt(input, ctx) {
+	const { scenario, variantLabel, successCriteria } = input;
+	const inputFilesSection = scenario.inputFiles?.length ? [
+		"### Input files",
+		"",
+		...scenario.inputFiles.map((f) => `- \`${f}\``),
+		""
+	].join("\n") : "";
+	const verificationSection = successCriteria ? buildSelfVerificationBlock(ctx.taskId) : "";
+	const correlationSection = ctx.correlationId ? [
+		"### Correlation",
+		"",
+		`This task carries correlationId \`${ctx.correlationId}\`. It joins`,
+		"this variant to its sibling `run_eval` tasks (other variants of the",
+		"same scenario) and to the eventual `judge_eval_variant` task that",
+		"will grade them together. You do not need to act on it directly —",
+		"it is recorded for cross-variant aggregation at query time.",
+		""
+	].join("\n") : "";
+	const finalOutputBlock = buildFinalOutputBlock({
+		taskType: "run_eval",
+		outputSchemaName: "RunEvalOutput",
+		shapeSketch: [
+			"{",
+			"  \"response\": \"<your free-form answer>\",",
+			"  \"artifacts\": [{ \"path\": \"...\", \"cid\": \"...\" }],  // optional",
+			"  \"totalTokens\": <int>,",
+			"  \"durationMs\": <int>,",
+			"  \"traceparent\": \"<from claim>\",",
+			"  \"verification\": <required iff input.successCriteria; see Self-verification>",
+			"}"
+		].join("\n")
+	});
+	return [
+		"# Run Eval Agent\n",
+		`You are running an evaluation scenario as variant \`${variantLabel}\`.\nTask id: \`${ctx.taskId}\`\n`,
+		correlationSection,
+		`### Scenario\n\n${scenario.prompt}\n`,
+		inputFilesSection,
+		verificationSection,
+		finalOutputBlock
+	].filter((s) => s !== "").join("\n");
+}
+//#endregion
 //#region ../agent-runtime/src/prompts/index.ts
 /**
-* Resolve the correct prompt builder for `task.taskType` and invoke it.
-* Throws if the type is unknown or the input fails TypeBox validation.
-*/
-function buildPromptForTask(task, ctx) {
+* Resolve the correct user-prompt builder for `task.taskType` and
+* invoke it. Throws if the type is unknown or the input fails TypeBox
+* validation.
+*
+* Role note: the returned string is delivered as the **first user
+* message** of the agent's session (pi-coding-agent's
+* `session.prompt(text)` puts text in the user role). The system
+* prompt is built separately by pi from `appendSystemPrompt` (the
+* runtime instructor lives there). Builders here are free-form Markdown
+* for the user turn; they don't replace or prepend to the system
+* prompt.
+*/
+function buildTaskUserPrompt(task, ctx) {
 	switch (task.taskType) {
 		case FULFILL_BRIEF_TYPE:
 			if (!Value.Check(FulfillBriefInput, task.input)) {
 				const errors = [...Value.Errors(FulfillBriefInput, task.input)];
 				throw new Error(`fulfill_brief input failed validation: ${JSON.stringify(errors.slice(0, 3))}`);
 			}
-			return buildFulfillBriefPrompt(task.input, {
+			return buildFulfillBriefUserPrompt(task.input, {
 				diaryId: ctx.diaryId,
 				taskId: ctx.taskId,
 				correlationId: task.correlationId
@@ -10137,7 +10465,7 @@ function buildPromptForTask(task, ctx) {
 				const errors = [...Value.Errors(AssessBriefInput, task.input)];
 				throw new Error(`assess_brief input failed validation: ${JSON.stringify(errors.slice(0, 3))}`);
 			}
-			return buildAssessBriefPrompt(task.input, {
+			return buildAssessBriefUserPrompt(task.input, {
 				diaryId: ctx.diaryId,
 				taskId: ctx.taskId
 			});
@@ -10146,7 +10474,7 @@ function buildPromptForTask(task, ctx) {
 				const errors = [...Value.Errors(CuratePackInput, task.input)];
 				throw new Error(`curate_pack input failed validation: ${JSON.stringify(errors.slice(0, 3))}`);
 			}
-			return buildCuratePackPrompt(task.input, {
+			return buildCuratePackUserPrompt(task.input, {
 				diaryId: ctx.diaryId,
 				taskId: ctx.taskId
 			});
@@ -10155,7 +10483,7 @@ function buildPromptForTask(task, ctx) {
 				const errors = [...Value.Errors(RenderPackInput, task.input)];
 				throw new Error(`render_pack input failed validation: ${JSON.stringify(errors.slice(0, 3))}`);
 			}
-			return buildRenderPackPrompt(task.input, {
+			return buildRenderPackUserPrompt(task.input, {
 				diaryId: ctx.diaryId,
 				taskId: ctx.taskId
 			});
@@ -10164,10 +10492,20 @@ function buildPromptForTask(task, ctx) {
 				const errors = [...Value.Errors(JudgePackInput, task.input)];
 				throw new Error(`judge_pack input failed validation: ${JSON.stringify(errors.slice(0, 3))}`);
 			}
-			return buildJudgePackPrompt(task.input, {
+			return buildJudgePackUserPrompt(task.input, {
 				diaryId: ctx.diaryId,
 				taskId: ctx.taskId
 			});
+		case RUN_EVAL_TYPE:
+			if (!Value.Check(RunEvalInput, task.input)) {
+				const errors = [...Value.Errors(RunEvalInput, task.input)];
+				throw new Error(`run_eval input failed validation: ${JSON.stringify(errors.slice(0, 3))}`);
+			}
+			return buildRunEvalUserPrompt(task.input, {
+				diaryId: ctx.diaryId,
+				taskId: ctx.taskId,
+				correlationId: task.correlationId
+			});
 		default: throw new Error(`No prompt builder registered for taskType="${task.taskType}"`);
 	}
 }
@@ -13639,6 +13977,133 @@ var require_multistream = /* @__PURE__ */ __commonJSMin(((exports, module) => {
 	module.exports.pino = pino;
 })))();
 //#endregion
+//#region ../agent-runtime/src/subagent-output-contracts.ts
+var REGISTRY = /* @__PURE__ */ new Map();
+/**
+* Resolve a subagent output contract by name. Returns `null` for
+* unknown names — callers (the subagent custom tool) decide whether
+* that's a tool error the parent LLM can recover from or a hard fail.
+*/
+function getSubagentOutputContract(name) {
+	return REGISTRY.get(name) ?? null;
+}
+/**
+* List all registered contracts. Useful for diagnostics and for the
+* subagent tool's parameter description so a parent LLM can see what
+* contracts are available without enumerating them in its prompt.
+*/
+function listSubagentOutputContracts() {
+	return [...REGISTRY.values()];
+}
+//#endregion
+//#region src/runtime/inject-task-context.ts
+/**
+* Slice 1.5 of #943 — wire the agent-runtime resolver into the
+* pi-extension execution path.
+*
+* `resolveTaskContext` is a pure dispatcher; this module provides the
+* Gondolin-aware deliverer and the post-resolution shape the
+* `execute-pi-task` caller needs to splice into pi's setup:
+*
+*   - `systemPromptPrefix` → fed into `appendSystemPrompt` alongside
+*      the runtime instructor (it IS a system-prompt fragment).
+*   - `userInlineSuffix`   → appended to the `buildTaskUserPrompt`
+*      output BEFORE `session.prompt(text)`.
+*   - `skills`             → spliced into the `skillsOverride` callback's
+*      return value. pi includes them in `<available_skills>` in the
+*      system prompt; the agent fetches the body on demand via the
+*      Read tool.
+*
+* Skill files are written into the VM at
+* `/workspace/.moltnet/skills/<slug>/SKILL.md`. The agent's
+* Gondolin-bound Read tool is scoped to `/workspace`, so that path is
+* the only location the agent can actually read at runtime. pi only
+* reads `<available_skills>` metadata (name, description, location),
+* never the file body, so we construct synthetic `Skill` objects
+* pointing at the in-VM path without ever materialising the file on
+* the host.
+*/
+/**
+* Where in the VM we write skill bodies — the memory-backed mount
+* declared in `vm-manager.ts`. See the comment on
+* `GUEST_TASK_SKILLS_MOUNT` there for the full rationale (ephemeral
+* by intent + the worktree symlink interaction with Gondolin's
+* sandbox-escape protection). The agent's Gondolin Read tool accepts
+* paths under this mount via `toGuestPath` in `tool-operations.ts`.
+*/
+var SKILL_ROOT_IN_VM = GUEST_TASK_SKILLS_MOUNT;
+/** Bounds borrowed from pi's skill validation; conservative caps so a
+*  malformed SKILL.md doesn't bloat the system prompt. */
+var MAX_SKILL_NAME = 64;
+var MAX_SKILL_DESCRIPTION = 1024;
+/**
+* Resolve a task's `input.context[]` and inject the side effects pi
+* needs. Safe to call with an empty array — returns an inert result.
+*/
+async function injectTaskContext(args) {
+	const skills = [];
+	const resolved = await resolveTaskContext({
+		context: args.context,
+		deliver: { skill: async ({ slug, content }) => {
+			const dir = `${SKILL_ROOT_IN_VM}/${slug}`;
+			const filePath = `${dir}/SKILL.md`;
+			await args.fs.mkdir(dir, { recursive: true });
+			await args.fs.writeFile(filePath, content, { mode: 420 });
+			skills.push(buildSyntheticSkill({
+				slug,
+				content,
+				filePath,
+				dir
+			}));
+		} }
+	});
+	return {
+		injected: resolved.injected,
+		skills,
+		systemPromptPrefix: resolved.systemPromptPrefix,
+		userInlineSuffix: resolved.userInlineSuffix
+	};
+}
+/**
+* Build a `Skill` object pi will faithfully render in
+* `<available_skills>`. We extract `name` and `description` from the
+* skill content's YAML frontmatter using pi's own `parseFrontmatter`
+* helper (proper YAML, not a regex hack) and fall back to the slug +
+* a generic description so a SKILL.md without frontmatter still
+* renders something meaningful.
+*
+* Frontmatter parsing is best-effort: a malformed YAML block is
+* optional metadata, not a reason to fail the task. We swallow parser
+* errors and fall back to the slug-derived metadata; the skill body
+* is unaffected.
+*
+* pi's `formatSkillsForPrompt` only reads `name`, `description`, and
+* `filePath` — `sourceInfo`/`baseDir` exist on the type but never
+* surface in the prompt, so a synthetic `SourceInfo` is enough.
+*/
+function buildSyntheticSkill(args) {
+	let fm = {};
+	try {
+		fm = parseFrontmatter(args.content).frontmatter;
+	} catch {}
+	return {
+		name: clip(typeof fm.name === "string" && fm.name.trim().length > 0 ? fm.name.trim() : args.slug, MAX_SKILL_NAME),
+		description: clip(typeof fm.description === "string" && fm.description.trim().length > 0 ? fm.description.trim() : `Task-injected context skill (${args.slug})`, MAX_SKILL_DESCRIPTION),
+		filePath: args.filePath,
+		baseDir: args.dir,
+		sourceInfo: createSyntheticSourceInfo(args.filePath, {
+			source: "moltnet:task-context",
+			scope: "temporary",
+			origin: "top-level",
+			baseDir: args.dir
+		}),
+		disableModelInvocation: fm["disable-model-invocation"] === true
+	};
+}
+function clip(s, max) {
+	return s.length > max ? s.slice(0, max) : s;
+}
+//#endregion
 //#region src/runtime/runtime-instructor.ts
 /**
 * Build the daemon-controlled invariant prose injected into the system prompt
@@ -13724,6 +14189,190 @@ function buildRuntimeInstructor(ctx) {
 	].join("\n");
 }
 //#endregion
+//#region src/runtime/subagent-tool.ts
+var SUBAGENT_SUBMIT_TOOL_NAME = "submit_subagent_output";
+/**
+* Parameters shape the parent LLM sees when calling the subagent tool.
+*
+*   - `task`         — natural-language instructions for the subagent.
+*                      The parent authors this per call. Must be
+*                      non-empty.
+*   - `output_schema` — name of a registered SubagentOutputContract.
+*                      Resolved at call time; unknown names error.
+*/
+var SubagentToolParameters = Type$1.Object({
+	task: Type$1.String({
+		minLength: 1,
+		description: "Natural-language instructions for the subagent. The subagent starts with a fresh conversation and a narrowed system prompt; this is the only context it has from you."
+	}),
+	output_schema: Type$1.String({
+		minLength: 1,
+		description: "Name of a registered subagent output contract. The subagent must submit a structured payload via `submit_subagent_output` matching this contract."
+	})
+}, { additionalProperties: false });
+var DEFAULT_SUBAGENT_TIMEOUT_MS = 300 * 1e3;
+/**
+* Build the subagent custom tool for a parent session. The handle
+* exposes the call counter so executors can emit summary telemetry
+* when the parent terminates.
+*/
+function createSubagentTool(args) {
+	const buildSession = args.buildAgentSession ?? buildAgentSession;
+	let callCount = 0;
+	return {
+		tool: defineTool({
+			name: "subagent",
+			label: "Delegate to subagent",
+			description: subagentToolDescription(),
+			parameters: SubagentToolParameters,
+			async execute(_id, params) {
+				if (!Value.Check(SubagentToolParameters, params)) return toolError(`subagent: invalid parameters: ${JSON.stringify([...Value.Errors(SubagentToolParameters, params)].slice(0, 3))}`);
+				const { task, output_schema } = params;
+				const contract = getSubagentOutputContract(output_schema);
+				if (!contract) return toolError(`subagent: unknown output_schema "${output_schema}". Registered contracts: [${listSubagentOutputContracts().map((c) => c.name).join(", ")}]`);
+				callCount += 1;
+				const callIndex = callCount;
+				let captured = null;
+				const submitTool = defineTool({
+					name: SUBAGENT_SUBMIT_TOOL_NAME,
+					label: `Submit ${output_schema}`,
+					description: `Submit your structured output for this subagent task. Call exactly once when done. Args MUST match the ${output_schema} contract; mismatches return a tool error you can recover from in the same session.`,
+					parameters: contract.parametersSchema,
+					async execute(_innerId, innerParams) {
+						if (!Value.Check(contract.parametersSchema, innerParams)) return toolError(`submit_subagent_output: schema validation failed: ${[...Value.Errors(contract.parametersSchema, innerParams)].slice(0, 3).map((e) => `${e.path}: ${e.message}`).join("; ")}. Re-call with a corrected payload.`);
+						captured = innerParams;
+						return {
+							content: [{
+								type: "text",
+								text: "Output captured. Subagent session will terminate; no further action needed."
+							}],
+							details: { captured: true },
+							terminate: true
+						};
+					}
+				});
+				const subagentInstructor = buildSubagentInstructor({
+					contractName: output_schema,
+					contractDescription: contract.description,
+					parentTaskId: args.parentTaskId,
+					callIndex
+				});
+				const session = await buildSession({
+					mountPath: args.mountPath,
+					piAuthDir: args.piAuthDir,
+					modelHandle: args.modelHandle,
+					agentName: args.agentName,
+					customTools: [...args.inheritedCustomTools, submitTool],
+					appendSystemPrompt: [args.parentRuntimeInstructor, subagentInstructor],
+					skillsOverride: () => ({
+						skills: [],
+						diagnostics: []
+					}),
+					otelSpanAttrs: {
+						"moltnet.task.id": args.parentTaskId,
+						"moltnet.task.type": args.parentTaskType,
+						"moltnet.task.attempt": args.parentAttemptN,
+						"moltnet.subagent.contract": output_schema,
+						"moltnet.subagent.index": callIndex
+					}
+				});
+				let abortReason = null;
+				let abortInvoked = false;
+				const fireAbort = (reason) => {
+					if (abortInvoked) return;
+					abortInvoked = true;
+					abortReason = reason;
+					session.abort().catch((err) => {
+						const message = err instanceof Error ? err.message : String(err);
+						process.stderr.write(`[subagent] inner session.abort() failed: ${message}\n`);
+					});
+				};
+				const cancelListener = args.parentCancelSignal ? (() => {
+					const signal = args.parentCancelSignal;
+					const listener = () => fireAbort("parent_cancelled");
+					if (signal.aborted) listener();
+					else signal.addEventListener("abort", listener, { once: true });
+					return () => signal.removeEventListener("abort", listener);
+				})() : null;
+				const timeoutMs = args.timeoutMs === void 0 || args.timeoutMs < 0 ? DEFAULT_SUBAGENT_TIMEOUT_MS : args.timeoutMs;
+				const timeoutHandle = timeoutMs > 0 ? setTimeout(() => fireAbort("subagent_timed_out"), timeoutMs) : null;
+				try {
+					await session.prompt(task);
+				} catch (err) {
+					return toolError(`subagent: inner session.prompt() threw: ${err instanceof Error ? err.message : String(err)}`);
+				} finally {
+					if (timeoutHandle) clearTimeout(timeoutHandle);
+					if (cancelListener) cancelListener();
+				}
+				if (abortReason !== null) return toolError(`subagent: ${abortReason === "subagent_timed_out" ? `subagent timed out after ${timeoutMs}ms` : "parent task was cancelled"}. The parent should fail this task or retry with a clearer scope.`);
+				if (captured === null) return toolError(`subagent: inner session ended without calling ${SUBAGENT_SUBMIT_TOOL_NAME}. The parent should retry with clearer instructions or fail the task.`);
+				return {
+					content: [{
+						type: "text",
+						text: JSON.stringify(captured)
+					}],
+					details: {
+						captured: true,
+						contract: output_schema,
+						callIndex
+					}
+				};
+			}
+		}),
+		getCallCount: () => callCount
+	};
+}
+function subagentToolDescription() {
+	return [
+		"Delegate a sub-task to a fresh subagent session with isolated context.",
+		"",
+		"The subagent starts with no conversation history and only the `task` ",
+		"string you provide as its instructions. It runs in the same VM with ",
+		"the same tools you have (Gondolin-routed Read/Write/Edit/Bash, ",
+		"moltnet_* tools), and is expected to call ",
+		`\`${SUBAGENT_SUBMIT_TOOL_NAME}\` with a payload matching the named `,
+		"contract before its session ends.",
+		"",
+		"On success, the tool result is the JSON-stringified subagent payload.",
+		"On failure (unknown contract, validation error, subagent did not ",
+		"submit) the tool returns isError:true with a recoverable message."
+	].join("\n");
+}
+function buildSubagentInstructor(args) {
+	return [
+		"# You are a subagent",
+		"",
+		`Parent task: \`${args.parentTaskId}\` (subagent call #${args.callIndex}).`,
+		"",
+		`Your assigned output contract is \`${args.contractName}\`:`,
+		`${args.contractDescription}`,
+		"",
+		"Rules for this session:",
+		"",
+		`- You MUST call \`${SUBAGENT_SUBMIT_TOOL_NAME}\` exactly once with a `,
+		"  payload matching the contract above. Your session terminates on ",
+		"  the valid call.",
+		"- The parent's message above is your task. Do not invent additional ",
+		"  steps the parent did not request.",
+		"- All MoltNet runtime invariants from the parent runtime instructor ",
+		"  apply (diary discipline, gh-auth pattern, etc.) IF you take any ",
+		"  action that would trigger them. Most subagents do not commit code ",
+		"  or open PRs — only do so if your task message explicitly requires it.",
+		"- You do NOT have access to the `subagent` tool. Do not attempt nested ",
+		"  delegation; do the work yourself."
+	].join("\n");
+}
+function toolError(text) {
+	return {
+		content: [{
+			type: "text",
+			text
+		}],
+		details: { captured: false },
+		isError: true
+	};
+}
+//#endregion
 //#region src/runtime/task-output.ts
 var METER_NAME = "@themoltnet/pi-extension/task-output";
 var parseResultCounter = null;
@@ -13962,6 +14611,7 @@ function resolveSubmitTools(taskType, opts = {}) {
 * Anthropic-SDK one) plug in via the `executeTask` function injected into
 * `AgentRuntime`.
 */
+var noopTurnEventHandler = () => {};
 /**
 * Factory that builds a pi-specific `executeTask` function suitable for
 * injection into `AgentRuntime`. The returned function caches the resolved
@@ -14034,6 +14684,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 	const taskTeamId = task.teamId ?? "";
 	let reporterOpen = false;
 	let session = null;
+	let subagentHandle = null;
 	const finalUsage = emptyUsage(opts.provider, opts.model);
 	let cancelListener = null;
 	const makeFailedOutput = (code, message, usage = finalUsage) => ({
@@ -14058,10 +14709,25 @@ async function executePiTask(claimedTask, reporter, opts) {
 			attemptN
 		});
 		reporterOpen = true;
-		const emit = (kind, payload) => reporter.record({
-			kind,
-			payload
-		});
+		let onTurnEvent;
+		if (opts.makeOnTurnEvent) try {
+			onTurnEvent = opts.makeOnTurnEvent(claimedTask);
+		} catch (err) {
+			process.stderr.write(`[emit] makeOnTurnEvent threw: ${err instanceof Error ? err.message : String(err)}\n`);
+			onTurnEvent = noopTurnEventHandler;
+		}
+		else onTurnEvent = opts.onTurnEvent ?? noopTurnEventHandler;
+		const emit = (kind, payload) => {
+			try {
+				onTurnEvent(kind, summarizePayloadForLog(kind, payload));
+			} catch (err) {
+				process.stderr.write(`[emit] onTurnEvent threw for kind="${kind}": ${err instanceof Error ? err.message : String(err)}\n`);
+			}
+			return reporter.record({
+				kind,
+				payload
+			});
+		};
 		await emit("info", {
 			event: "execute_start",
 			taskType: task.taskType,
@@ -14071,7 +14737,7 @@ async function executePiTask(claimedTask, reporter, opts) {
 		});
 		let taskPrompt;
 		try {
-			taskPrompt = buildPromptForTask(task, {
+			taskPrompt = buildTaskUserPrompt(task, {
 				diaryId,
 				taskId: task.id,
 				extras: opts.promptExtras
@@ -14084,6 +14750,30 @@ async function executePiTask(claimedTask, reporter, opts) {
 			});
 			return makeFailedOutput("prompt_build_failed", message);
 		}
+		const rawContext = task.input.context;
+		let injectedContext;
+		try {
+			const contextArray = rawContext === void 0 ? [] : rawContext;
+			if (!Value.Check(TaskContext, contextArray)) throw new Error(`task.input.context failed TaskContext validation: ${JSON.stringify([...Value.Errors(TaskContext, contextArray)].slice(0, 3))}`);
+			injectedContext = await injectTaskContext({
+				context: contextArray,
+				fs: managed.vm.fs
+			});
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			await emit("error", {
+				message,
+				phase: "context_resolution"
+			});
+			return makeFailedOutput("context_resolution_failed", message);
+		}
+		if (injectedContext.injected.length > 0) await emit("info", {
+			event: "context_injected",
+			count: injectedContext.injected.length,
+			bindings: injectedContext.injected.map((r) => r.binding),
+			slugs: injectedContext.injected.map((r) => r.slug)
+		});
+		if (injectedContext.userInlineSuffix) taskPrompt = `${taskPrompt}\n\n---\n\n${injectedContext.userInlineSuffix}`;
 		const gondolinCustomTools = [
 			createReadToolDefinition(mountPath, { operations: createGondolinReadOps(managed.vm, mountPath) }),
 			createWriteToolDefinition(mountPath, { operations: createGondolinWriteOps(managed.vm, mountPath) }),
@@ -14112,14 +14802,6 @@ async function executePiTask(claimedTask, reporter, opts) {
 			});
 			const piAuthDir = process.env.PI_CODING_AGENT_DIR ?? join(homedir(), ".pi", "agent");
 			const modelHandle = getModel(opts.provider, opts.model);
-			const piOtelExtension = createPiOtelExtension({
-				agentName: opts.agentName,
-				spanAttributes: {
-					"moltnet.task.id": task.id,
-					"moltnet.task.attempt": attemptN,
-					"moltnet.task.type": task.taskType
-				}
-			});
 			const runtimeInstructor = buildRuntimeInstructor({
 				taskId: task.id,
 				taskType: task.taskType,
@@ -14128,29 +14810,47 @@ async function executePiTask(claimedTask, reporter, opts) {
 				agentName: opts.agentName,
 				correlationId: task.correlationId ?? null
 			});
-			const resourceLoader = new DefaultResourceLoader({
-				cwd: mountPath,
-				agentDir: piAuthDir,
-				extensionFactories: [piOtelExtension],
-				appendSystemPrompt: [runtimeInstructor],
-				skillsOverride: () => ({
-					skills: [],
-					diagnostics: []
-				})
-			});
-			await resourceLoader.reload();
-			session = (await createAgentSession({
-				agentDir: piAuthDir,
-				cwd: mountPath,
-				model: modelHandle,
+			const appendSystemPrompt = [runtimeInstructor];
+			if (injectedContext.systemPromptPrefix) appendSystemPrompt.push(injectedContext.systemPromptPrefix);
+			const injectedSkills = injectedContext.skills;
+			const parentSubagentTools = [];
+			if (taskTypeUsesSubagents(task.taskType)) {
+				subagentHandle = createSubagentTool({
+					mountPath,
+					piAuthDir,
+					modelHandle,
+					agentName: opts.agentName,
+					inheritedCustomTools: [...gondolinCustomTools, ...moltnetTools],
+					parentRuntimeInstructor: runtimeInstructor,
+					parentTaskId: task.id,
+					parentTaskType: task.taskType,
+					parentAttemptN: attemptN,
+					parentCancelSignal: reporter.cancelSignal
+				});
+				parentSubagentTools.push(subagentHandle.tool);
+			}
+			session = await buildAgentSession({
+				mountPath,
+				piAuthDir,
+				modelHandle,
+				agentName: opts.agentName,
 				customTools: [
 					...gondolinCustomTools,
 					...moltnetTools,
-					...submitTools
+					...submitTools,
+					...parentSubagentTools
 				],
-				sessionManager: SessionManager.inMemory(),
-				resourceLoader
-			})).session;
+				appendSystemPrompt,
+				skillsOverride: () => ({
+					skills: injectedSkills,
+					diagnostics: []
+				}),
+				otelSpanAttrs: {
+					"moltnet.task.id": task.id,
+					"moltnet.task.attempt": attemptN,
+					"moltnet.task.type": task.taskType
+				}
+			});
 		} catch (err) {
 			const message = err instanceof Error ? err.message : String(err);
 			await emit("error", {
@@ -14221,6 +14921,10 @@ async function executePiTask(claimedTask, reporter, opts) {
 				phase: "session_prompt"
 			});
 		}
+		if (subagentHandle && subagentHandle.getCallCount() > 0) await emit("info", {
+			event: "subagent_summary",
+			callCount: subagentHandle.getCallCount()
+		});
 		await Promise.all(recordingPromise);
 		const cancelled = reporter.cancelSignal.aborted;
 		let parsedOutput = null;
@@ -14359,6 +15063,27 @@ function wireSessionAbort(cancelSignal, session) {
 * `task_messages.payload` row. Bodies above 4 KiB are replaced with a
 * `{ truncated, original_size }` marker so the JSONL/DB size stays bounded.
 */
+function summarizePayloadForLog(kind, payload) {
+	switch (kind) {
+		case "text_delta": {
+			const delta = payload.delta;
+			return { chars: typeof delta === "string" ? delta.length : 0 };
+		}
+		case "tool_call_start": return { tool: payload.tool_name };
+		case "tool_call_end": return {
+			tool: payload.tool_name,
+			is_error: payload.is_error === true,
+			...payload.is_error === true && payload.result !== void 0 ? { result: payload.result } : {}
+		};
+		case "turn_end": return { stop_reason: payload.stop_reason };
+		case "error": return {
+			phase: payload.phase,
+			message: typeof payload.message === "string" ? payload.message.slice(0, TRUNCATE_LIMIT) : payload.message
+		};
+		case "info": return Object.fromEntries(Object.entries(payload).map(([k, v]) => [k, typeof v === "string" ? v.slice(0, TRUNCATE_LIMIT) : v]));
+		default: return payload;
+	}
+}
 var TRUNCATE_LIMIT = 4 * 1024;
 function truncateForWire(value) {
 	if (value === null || value === void 0) return value;
@@ -14659,4 +15384,4 @@ function moltnetExtension(pi) {
 	registerMoltnetReflectCommand(pi, state);
 }
 //#endregion
-export { HOST_EXEC_DEFAULT_BASE_ENV, activateAgentEnv, createGondolinBashOps, createGondolinEditOps, createGondolinReadOps, createGondolinWriteOps, createMoltNetTools, createPiOtelExtension, createPiTaskExecutor, moltnetExtension as default, ensureSnapshot, executePiTask, findMainWorktree, loadCredentials, resumeVm, toGuestPath };
+export { HOST_EXEC_DEFAULT_BASE_ENV, activateAgentEnv, buildAgentSession, createGondolinBashOps, createGondolinEditOps, createGondolinReadOps, createGondolinWriteOps, createMoltNetTools, createPiOtelExtension, createPiTaskExecutor, createSubagentTool, moltnetExtension as default, ensureSnapshot, executePiTask, findMainWorktree, injectTaskContext, loadCredentials, resumeVm, toGuestPath };