pi-crew 0.1.45 → 0.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (178) hide show
  1. package/CHANGELOG.md +97 -0
  2. package/README.md +5 -5
  3. package/agents/analyst.md +11 -11
  4. package/agents/critic.md +11 -11
  5. package/agents/executor.md +11 -11
  6. package/agents/explorer.md +11 -11
  7. package/agents/planner.md +11 -11
  8. package/agents/reviewer.md +11 -11
  9. package/agents/security-reviewer.md +11 -11
  10. package/agents/test-engineer.md +11 -11
  11. package/agents/verifier.md +11 -11
  12. package/agents/writer.md +11 -11
  13. package/docs/next-upgrade-roadmap.md +808 -0
  14. package/docs/research/AGENT-EXECUTION-ARCHITECTURE.md +261 -0
  15. package/docs/research/AGENT-LIFECYCLE-COMPARISON.md +111 -0
  16. package/docs/research/AUDIT_OH_MY_PI.md +261 -0
  17. package/docs/research/AUDIT_PI_CREW.md +457 -0
  18. package/docs/research/CAVEMAN-DEEP-RESEARCH.md +281 -0
  19. package/docs/research/COMPARISON_OH_MY_PI_VS_PI_CREW.md +264 -0
  20. package/docs/research/DEEP-RESEARCH-PI-POWERBAR.md +343 -0
  21. package/docs/research/DEEP_RESEARCH_SUBAGENT_ARCHITECTURE.md +480 -0
  22. package/docs/research/GAP_CLOSURE_IMPLEMENTATION_PLAN.md +354 -0
  23. package/docs/research/IMPLEMENTATION_PLAN.md +385 -0
  24. package/docs/research/LIVE-SESSION-PRODUCTION-READY-PLAN.md +502 -0
  25. package/docs/research/OH-MY-PI-DEEP-RESEARCH-v14.7.6.md +266 -0
  26. package/docs/research/REMAINING-GAPS-PLAN.md +363 -0
  27. package/docs/research/SESSION-SUMMARY-2026-05-08.md +146 -0
  28. package/docs/research/UI-RESPONSIVENESS-AUDIT.md +173 -0
  29. package/docs/research-awesome-agent-skills-distillation.md +100 -0
  30. package/docs/research-oh-my-pi-distillation.md +369 -0
  31. package/docs/source-runtime-refactor-map.md +24 -0
  32. package/docs/usage.md +3 -3
  33. package/install.mjs +52 -8
  34. package/package.json +99 -98
  35. package/schema.json +10 -1
  36. package/skills/async-worker-recovery/SKILL.md +42 -0
  37. package/skills/context-artifact-hygiene/SKILL.md +52 -0
  38. package/skills/delegation-patterns/SKILL.md +54 -0
  39. package/skills/mailbox-interactive/SKILL.md +40 -0
  40. package/skills/model-routing-context/SKILL.md +39 -0
  41. package/skills/multi-perspective-review/SKILL.md +58 -0
  42. package/skills/observability-reliability/SKILL.md +41 -0
  43. package/skills/orchestration/SKILL.md +157 -0
  44. package/skills/ownership-session-security/SKILL.md +41 -0
  45. package/skills/pi-extension-lifecycle/SKILL.md +39 -0
  46. package/skills/requirements-to-task-packet/SKILL.md +63 -0
  47. package/skills/resource-discovery-config/SKILL.md +41 -0
  48. package/skills/runtime-state-reader/SKILL.md +44 -0
  49. package/skills/secure-agent-orchestration-review/SKILL.md +45 -0
  50. package/skills/state-mutation-locking/SKILL.md +42 -0
  51. package/skills/systematic-debugging/SKILL.md +67 -0
  52. package/skills/ui-render-performance/SKILL.md +39 -0
  53. package/skills/verification-before-done/SKILL.md +57 -0
  54. package/skills/worktree-isolation/SKILL.md +39 -0
  55. package/src/agents/agent-config.ts +6 -0
  56. package/src/agents/agent-search.ts +98 -0
  57. package/src/agents/agent-serializer.ts +38 -34
  58. package/src/agents/discover-agents.ts +29 -15
  59. package/src/config/config.ts +72 -24
  60. package/src/config/defaults.ts +25 -0
  61. package/src/extension/autonomous-policy.ts +26 -33
  62. package/src/extension/help.ts +1 -0
  63. package/src/extension/management.ts +5 -0
  64. package/src/extension/project-init.ts +62 -2
  65. package/src/extension/register.ts +69 -22
  66. package/src/extension/registration/commands.ts +64 -25
  67. package/src/extension/registration/compaction-guard.ts +1 -1
  68. package/src/extension/registration/subagent-helpers.ts +8 -0
  69. package/src/extension/registration/subagent-tools.ts +149 -148
  70. package/src/extension/registration/team-tool.ts +14 -10
  71. package/src/extension/run-index.ts +35 -21
  72. package/src/extension/run-maintenance.ts +30 -5
  73. package/src/extension/team-tool/api.ts +47 -9
  74. package/src/extension/team-tool/cancel.ts +109 -5
  75. package/src/extension/team-tool/context.ts +8 -0
  76. package/src/extension/team-tool/intent-policy.ts +42 -0
  77. package/src/extension/team-tool/lifecycle-actions.ts +120 -79
  78. package/src/extension/team-tool/parallel-dispatch.ts +156 -0
  79. package/src/extension/team-tool/respond.ts +46 -18
  80. package/src/extension/team-tool/run.ts +55 -12
  81. package/src/extension/team-tool/status.ts +13 -2
  82. package/src/extension/team-tool-types.ts +3 -0
  83. package/src/extension/team-tool.ts +45 -14
  84. package/src/hooks/registry.ts +61 -0
  85. package/src/hooks/types.ts +41 -0
  86. package/src/observability/event-to-metric.ts +8 -1
  87. package/src/runtime/agent-control.ts +169 -63
  88. package/src/runtime/async-runner.ts +3 -1
  89. package/src/runtime/background-runner.ts +78 -53
  90. package/src/runtime/cancellation-token.ts +89 -0
  91. package/src/runtime/cancellation.ts +61 -0
  92. package/src/runtime/capability-inventory.ts +116 -0
  93. package/src/runtime/child-pi.ts +458 -444
  94. package/src/runtime/code-summary.ts +247 -0
  95. package/src/runtime/crash-recovery.ts +182 -0
  96. package/src/runtime/crew-agent-records.ts +70 -10
  97. package/src/runtime/crew-agent-runtime.ts +1 -0
  98. package/src/runtime/custom-tools/irc-tool.ts +201 -0
  99. package/src/runtime/custom-tools/submit-result-tool.ts +90 -0
  100. package/src/runtime/deadletter.ts +1 -0
  101. package/src/runtime/delivery-coordinator.ts +48 -25
  102. package/src/runtime/effectiveness.ts +81 -0
  103. package/src/runtime/event-stream-bridge.ts +90 -0
  104. package/src/runtime/live-agent-control.ts +2 -1
  105. package/src/runtime/live-agent-manager.ts +179 -85
  106. package/src/runtime/live-control-realtime.ts +1 -1
  107. package/src/runtime/live-extension-bridge.ts +150 -0
  108. package/src/runtime/live-irc.ts +92 -0
  109. package/src/runtime/live-session-health.ts +100 -0
  110. package/src/runtime/live-session-runtime.ts +599 -305
  111. package/src/runtime/manifest-cache.ts +17 -2
  112. package/src/runtime/mcp-proxy.ts +113 -0
  113. package/src/runtime/model-fallback.ts +6 -4
  114. package/src/runtime/notebook-helpers.ts +90 -0
  115. package/src/runtime/orphan-sentinel.ts +7 -0
  116. package/src/runtime/output-validator.ts +187 -0
  117. package/src/runtime/parallel-utils.ts +57 -0
  118. package/src/runtime/parent-guard.ts +80 -0
  119. package/src/runtime/pi-args.ts +18 -3
  120. package/src/runtime/process-status.ts +5 -1
  121. package/src/runtime/prose-compressor.ts +164 -0
  122. package/src/runtime/result-extractor.ts +121 -0
  123. package/src/runtime/retry-executor.ts +81 -64
  124. package/src/runtime/runtime-resolver.ts +23 -10
  125. package/src/runtime/semaphore.ts +131 -0
  126. package/src/runtime/sensitive-paths.ts +92 -0
  127. package/src/runtime/skill-instructions.ts +222 -0
  128. package/src/runtime/stale-reconciler.ts +4 -14
  129. package/src/runtime/stream-preview.ts +177 -0
  130. package/src/runtime/subagent-manager.ts +6 -2
  131. package/src/runtime/subprocess-tool-registry.ts +67 -0
  132. package/src/runtime/task-output-context.ts +177 -127
  133. package/src/runtime/task-runner/capabilities.ts +78 -0
  134. package/src/runtime/task-runner/live-executor.ts +107 -101
  135. package/src/runtime/task-runner/prompt-builder.ts +72 -8
  136. package/src/runtime/task-runner/prompt-pipeline.ts +64 -0
  137. package/src/runtime/task-runner/run-projection.ts +104 -0
  138. package/src/runtime/task-runner.ts +115 -5
  139. package/src/runtime/team-runner.ts +134 -19
  140. package/src/runtime/workspace-tree.ts +298 -0
  141. package/src/runtime/yield-handler.ts +189 -0
  142. package/src/schema/config-schema.ts +7 -0
  143. package/src/schema/team-tool-schema.ts +14 -4
  144. package/src/skills/discover-skills.ts +67 -0
  145. package/src/state/active-run-registry.ts +167 -0
  146. package/src/state/artifact-store.ts +4 -1
  147. package/src/state/atomic-write.ts +50 -1
  148. package/src/state/blob-store.ts +117 -0
  149. package/src/state/contracts.ts +2 -1
  150. package/src/state/event-log-rotation.ts +158 -0
  151. package/src/state/event-log.ts +52 -2
  152. package/src/state/mailbox.ts +129 -9
  153. package/src/state/state-store.ts +32 -5
  154. package/src/state/types.ts +64 -2
  155. package/src/teams/team-config.ts +1 -0
  156. package/src/ui/agent-management-overlay.ts +144 -0
  157. package/src/ui/crew-widget.ts +15 -5
  158. package/src/ui/dashboard-panes/cancellation-pane.ts +43 -0
  159. package/src/ui/dashboard-panes/capability-pane.ts +60 -0
  160. package/src/ui/dashboard-panes/mailbox-pane.ts +35 -11
  161. package/src/ui/dashboard-panes/progress-pane.ts +2 -0
  162. package/src/ui/live-run-sidebar.ts +4 -0
  163. package/src/ui/powerbar-publisher.ts +77 -15
  164. package/src/ui/render-coalescer.ts +51 -0
  165. package/src/ui/run-dashboard.ts +4 -0
  166. package/src/ui/run-event-bus.ts +209 -0
  167. package/src/ui/run-snapshot-cache.ts +78 -18
  168. package/src/ui/snapshot-types.ts +10 -0
  169. package/src/ui/transcript-entries.ts +258 -0
  170. package/src/utils/ids.ts +5 -0
  171. package/src/utils/incremental-reader.ts +104 -0
  172. package/src/utils/paths.ts +4 -2
  173. package/src/utils/scan-cache.ts +137 -0
  174. package/src/utils/sse-parser.ts +134 -0
  175. package/src/utils/task-name-generator.ts +337 -0
  176. package/src/utils/visual.ts +33 -2
  177. package/src/workflows/workflow-config.ts +1 -0
  178. package/src/worktree/cleanup.ts +2 -1
@@ -0,0 +1,157 @@
1
+ ---
2
+ name: orchestration
3
+ description: Multi-phase orchestration skill for pi-crew planners and executors. Use when decomposing complex tasks into parallel phases, dispatching workers, verifying gates, and iterating until closure.
4
+ ---
5
+
6
+ # orchestration
7
+
8
+ Use this skill when orchestrating multi-phase tasks across pi-crew teams and workers.
9
+
10
+ ## Role definition
11
+
12
+ You are the orchestrator — bạn là người điều phối, không phải người thực thi.
13
+
14
+ You decompose, dispatch, verify, and iterate. You do NOT edit code directly. If you find yourself opening a file to fix a typo "real quick," stop — spawn a worker instead.
15
+
16
+ ## Rules (8 orchestration rules)
17
+
18
+ Adapted from oh-my-pi's orchestrate command pattern for pi-crew context.
19
+
20
+ ### 1. Do not yield until everything is closed
21
+
22
+ Không trả lại control khi vẫn còn việc chưa xong. Run every phase to completion. The orchestrator owns the full lifecycle — from first dispatch to final green gate.
23
+
24
+ ### 2. Enumerate the full surface before dispatching
25
+
26
+ Before writing any task packet, read every referenced file and understand the complete work surface. Liệt kê toàn bộ surface trước khi giao việc — không giao việc khi chưa hiểu hết scope.
27
+
28
+ ### 3. Parallelize maximally
29
+
30
+ Every set of edits with disjoint file scope MUST ship as one batch. Nếu 5 tasks chỉnh 5 file khác nhau và không phụ thuộc nhau, dispatch tất cả cùng lúc. Never serialize what can be parallelized.
31
+
32
+ ### 4. Each task assignment is self-contained
33
+
34
+ Subagents have no shared context. Mỗi worker chỉ biết những gì bạn ghi trong task packet. Include all necessary context, file paths, constraints, and acceptance criteria in every task.
35
+
36
+ ### 5. Verify after every phase before launching the next
37
+
38
+ Run appropriate gates between phases: typecheck, tests, lint. Không bỏ qua verification — một phase đỏ không được phép chuyển sang phase tiếp theo.
39
+
40
+ ### 6. Commit policy — green only
41
+
42
+ Commit after each green phase. Never commit a red tree. Chỉ commit khi tất cả gates pass. If the phase fails, fix it first.
43
+
44
+ ### 7. Respawn, do not absorb
45
+
46
+ If a subagent returns incomplete or broken work, spawn a corrective subagent with a focused fix-up task packet. Không tự sửa lỗi của worker — respawn worker mới để sửa.
47
+
48
+ ### 8. No scope creep, no scope shrink
49
+
50
+ Maintain the original scope exactly. Không mở rộng scope vì "thấy thêm việc," cũng không thu hẹp vì "tạm đủ." If scope needs to change, escalate to the requester.
51
+
52
+ ## Workflow (7 steps)
53
+
54
+ ### Step 1 — Ingest
55
+
56
+ - Read every referenced file in the goal/task description.
57
+ - Run `git status` and `git diff` to understand current tree state.
58
+ - Identify all files, symbols, and subsystems in scope.
59
+ - Check workspace tree for project context and existing patterns.
60
+
61
+ ### Step 2 — Plan
62
+
63
+ - Materialize the full work surface as ordered phases.
64
+ - For each phase, enumerate: files to touch, workers needed, dependencies on other phases.
65
+ - Phases must be ordered by dependency; tasks within a phase must be independent (disjoint file scope).
66
+ - Write the plan down — không giữ plan trong head.
67
+
68
+ ### Step 3 — Dispatch phase
69
+
70
+ - Launch all parallel subagents in one `team` call.
71
+ - Each subagent receives a complete task packet (see `task-packet` skill).
72
+ - Set explicit file ownership per worker — no two workers touch the same file.
73
+ - Use `workspaceMode: 'worktree'` when parallel edits risk conflict.
74
+
75
+ ### Step 4 — Verify phase
76
+
77
+ - Run verification gates: typecheck, tests, lint as appropriate.
78
+ - If green → proceed to commit.
79
+ - If red → dispatch fix-up subagents with precise failure context (error output, file, line). Do NOT fix it yourself.
80
+
81
+ ### Step 5 — Commit phase (if applicable)
82
+
83
+ - Only when all gates are green.
84
+ - Commit message should reference the phase and what was accomplished.
85
+ - Never commit a red tree.
86
+
87
+ ### Step 6 — Advance
88
+
89
+ - Mark current phase done.
90
+ - Immediately start the next phase — do not pause to ask "ready to continue?"
91
+ - Loop back to Step 3 for the next phase.
92
+
93
+ ### Step 7 — Final verification
94
+
95
+ - Run the full gate set one more time after all phases complete.
96
+ - This is the final safety net — typecheck, tests, lint, everything.
97
+ - Only report DONE when final verification is green.
98
+
99
+ ## Anti-patterns
100
+
101
+ These are the behaviours that kill orchestration quality — tránh xa:
102
+
103
+ | Anti-pattern | Why it's wrong |
104
+ |---|---|
105
+ | Editing files yourself "because it's faster" | You are the orchestrator, not an editor. Speed comes from correct delegation, not shortcutting. |
106
+ | Yielding after phase 1 with "ready to continue?" | The requester gave you a goal, not a conversation. Drive to completion. |
107
+ | Dispatching one subagent at a time when five could run in parallel | Wasted time. Enumerate first, then batch-dispatch all independent tasks. |
108
+ | Skipping typecheck/tests between phases | A red phase propagates errors forward. Always verify before advancing. |
109
+ | Marking todos done without verifying | Unverified work is undone work. Run the gate, check the output, then mark done. |
110
+
111
+ ## pi-crew specific adaptations
112
+
113
+ ### Task delegation pattern
114
+
115
+ Use the `team` tool with appropriate action for dispatching work:
116
+
117
+ - `action: 'run'` with a named team for multi-role work (implementation, review, research).
118
+ - Assign one worker per file/symbol to avoid edit conflicts.
119
+ - Each task packet must be fully self-contained — workers cannot see each other's context.
120
+
121
+ ### Mailbox coordination
122
+
123
+ - Use mailbox (`inbox`/`outbox`) for cross-worker coordination when workers need to signal completion or report blockers.
124
+ - Orchestrator checks mailbox after each phase to collect worker results.
125
+ - Workers report one of: DONE, DONE_WITH_CONCERNS, BLOCKED, NEEDS_CONTEXT.
126
+
127
+ ### Team/workflow/role concepts
128
+
129
+ | Concept | When to use |
130
+ |---|---|
131
+ | `team: 'implementation'` | Complex multi-phase implementation with parallel specialists |
132
+ | `team: 'fast-fix'` | Small targeted fixes, single-phase |
133
+ | `team: 'review'` | Code review and security review phases |
134
+ | `team: 'research'` | Investigation before implementation planning |
135
+ | `team: 'parallel-research'` | Multi-project/source audits |
136
+ | `workflow: 'implementation'` | Adaptive fanout where planner decides subagent allocation |
137
+
138
+ ### Workspace tree context
139
+
140
+ - Read `AGENTS.md` and project-level config before planning phases.
141
+ - Different subprojects have different build/test commands — use the right ones.
142
+ - pi-mono: `npm run check` (requires prior build), `./test.sh`
143
+ - pi-crew: `npm test`, `npm run typecheck`
144
+ - pi-subagents: `npm test`, `npm run test:all`
145
+
146
+ ## Verification
147
+
148
+ For orchestration skill itself:
149
+
150
+ ```bash
151
+ cd pi-crew
152
+ npx tsc --noEmit
153
+ node --experimental-strip-types --test test/unit/team-recommendation.test.ts
154
+ npm test
155
+ ```
156
+
157
+ For orchestrated work: run the gate commands appropriate to the target subproject after each phase, and again after final phase.
@@ -0,0 +1,41 @@
1
+ ---
2
+ name: ownership-session-security
3
+ description: Session ownership and authorization workflow. Use when implementing cancel, respond, steer, run ownership, cwd overrides, imported runs, or cross-session actions.
4
+ ---
5
+
6
+ # ownership-session-security
7
+
8
+ Use this skill for cross-session safety and trust-boundary work.
9
+
10
+ ## Source patterns distilled
11
+
12
+ - Pi session IDs: `ctx.sessionManager.getSessionId()` from Pi core `ExtensionContext`
13
+ - pi-crew ownership: `TeamRunManifest.ownerSessionId`, `src/extension/team-tool/run.ts`, `cancel.ts`, `respond.ts`
14
+ - Path safety: `src/utils/safe-paths.ts`, `src/state/state-store.ts`, `src/state/mailbox.ts`
15
+ - Destructive actions: `src/extension/team-tool/lifecycle-actions.ts`, `src/worktree/cleanup.ts`
16
+
17
+ ## Rules
18
+
19
+ - Propagate the active Pi session ID into `TeamContext` for every production tool/command path.
20
+ - New runs should record `ownerSessionId` when available.
21
+ - For owned runs, cross-session actions that mutate state must be rejected unless explicit force/admin semantics are designed and tested.
22
+ - Legacy runs without `ownerSessionId` may remain permissive for backward compatibility, but document this behavior.
23
+ - User/LLM-controlled path fields (`cwd`, import paths, artifact paths, task IDs) must be normalized and contained under an allowed base.
24
+ - Use `resolveContainedPath`, `resolveRealContainedPath`, `assertSafePathId`, and symlink checks rather than ad-hoc `startsWith` checks.
25
+ - Destructive management actions must require `confirm: true`; referenced resource deletes must require `force: true` where applicable.
26
+
27
+ ## Anti-patterns
28
+
29
+ - Assuming `ctx.sessionId` exists directly on Pi context.
30
+ - Letting `cwd: ../other-project` move run state into another project.
31
+ - Letting `respond`/`cancel` mutate a foreign owned run.
32
+ - Trusting task IDs, run IDs, or artifact paths from tool params without validation.
33
+
34
+ ## Verification
35
+
36
+ ```bash
37
+ cd pi-crew
38
+ npx tsc --noEmit
39
+ node --experimental-strip-types --test test/unit/cancel-ownership.test.ts test/unit/respond-tool.test.ts test/unit/cwd-override-security.test.ts test/unit/api-artifact-security.test.ts
40
+ npm test
41
+ ```
@@ -0,0 +1,39 @@
1
+ ---
2
+ name: pi-extension-lifecycle
3
+ description: Pi extension lifecycle and registration patterns. Use when adding or reviewing extension tools, commands, resources, providers, event handlers, session hooks, or context-sensitive Pi API usage.
4
+ ---
5
+
6
+ # pi-extension-lifecycle
7
+
8
+ Use this skill when working on Pi extension registration or lifecycle behavior.
9
+
10
+ ## Source patterns distilled
11
+
12
+ - Pi core: `source/pi-mono/packages/coding-agent/src/core/extensions/types.ts`, `loader.ts`, `runner.ts`
13
+ - Pi examples: `source/pi-mono/packages/coding-agent/examples/extensions/`
14
+ - pi-crew extension entry: `src/extension/register.ts`, `src/extension/registration/*.ts`
15
+
16
+ ## Rules
17
+
18
+ - Register tools, commands, shortcuts, widgets, providers, and event handlers from the extension factory or lifecycle callbacks.
19
+ - Tool definitions should use a TypeBox schema and an `execute(toolCallId, params, signal, onUpdate, ctx)` handler.
20
+ - Use fresh `ExtensionContext`/`ExtensionCommandContext` after session replacement (`newSession`, `fork`, `switchSession`, `reload`). Do not retain old context references for later work.
21
+ - For session-scoped work, derive session identity from `ctx.sessionManager.getSessionId()` and pass it into pi-crew `TeamContext`.
22
+ - Prefer small registration modules under `src/extension/registration/`; keep `index.ts` minimal.
23
+ - Clean up intervals, event subscriptions, child processes, and watchers on session switch/shutdown.
24
+ - Wrap optional Pi API hooks in compatibility checks/try-catch when supporting older Pi versions.
25
+
26
+ ## Anti-patterns
27
+
28
+ - Do not use stale context objects after session switch.
29
+ - Do not register duplicate tool/command names and assume override behavior.
30
+ - Do not perform blocking filesystem or network work inside extension render callbacks.
31
+ - Do not add hardcoded global keybindings without config or collision review.
32
+
33
+ ## Verification
34
+
35
+ ```bash
36
+ cd pi-crew
37
+ npx tsc --noEmit
38
+ npm test
39
+ ```
@@ -0,0 +1,63 @@
1
+ ---
2
+ name: requirements-to-task-packet
3
+ description: Use when a goal, issue, roadmap item, review finding, or user request must become actionable worker tasks.
4
+ ---
5
+
6
+ # requirements-to-task-packet
7
+
8
+ Core principle: workers need explicit task packets, not inherited ambiguity. Ask only when ambiguity changes architecture, safety, public behavior, or data loss risk; otherwise record assumptions.
9
+
10
+ Distilled from detailed reads of clarification, spec-to-implementation, subagent-driven development, and skill-authoring patterns.
11
+
12
+ ## Clarify or Proceed
13
+
14
+ Ask before implementation when ambiguity affects:
15
+
16
+ - security boundary, permissions, ownership, or secret handling;
17
+ - destructive operations, migrations, publishing, or public API behavior;
18
+ - architecture or data model;
19
+ - acceptance criteria or rollback expectations.
20
+
21
+ Proceed with explicit assumptions when ambiguity is local, reversible, and testable.
22
+
23
+ ## Task Packet Template
24
+
25
+ ```text
26
+ Objective:
27
+ Scope/paths:
28
+ Allowed edits:
29
+ Forbidden edits/non-goals:
30
+ Inputs/dependencies:
31
+ Relevant context/artifacts:
32
+ Assumptions:
33
+ Risks:
34
+ Acceptance criteria:
35
+ Verification commands:
36
+ Expected output artifacts:
37
+ Escalation conditions:
38
+ ```
39
+
40
+ ## Subagent Context Rules
41
+
42
+ - Give each worker fresh, curated context; do not rely on hidden parent history.
43
+ - Include exact upstream artifact paths and summaries when needed.
44
+ - Keep implementation tasks independent or explicitly sequenced.
45
+ - Require workers to report one of: DONE, DONE_WITH_CONCERNS, NEEDS_CONTEXT, BLOCKED.
46
+ - For BLOCKED/NEEDS_CONTEXT, change context/model/scope before retrying.
47
+
48
+ ## Acceptance Criteria
49
+
50
+ Use observable checks:
51
+
52
+ - command output, state transition, UI/status text, artifact contents;
53
+ - regression tests or named test files;
54
+ - security properties such as containment/ownership/no secrets;
55
+ - compatibility requirements such as Windows paths or Pi CLI flags;
56
+ - rollback notes.
57
+
58
+ ## Anti-patterns
59
+
60
+ - Broad “fix everything” prompts.
61
+ - Buried assumptions.
62
+ - Expanding scope because context remains.
63
+ - Treating tests as proof when the requirement was never asserted.
@@ -0,0 +1,41 @@
1
+ ---
2
+ name: resource-discovery-config
3
+ description: pi-crew resource and configuration discovery workflow. Use when changing agents, teams, workflows, skills, resource hooks, config precedence, or project/user overrides.
4
+ ---
5
+
6
+ # resource-discovery-config
7
+
8
+ Use this skill for pi-crew resource/config work.
9
+
10
+ ## Source patterns distilled
11
+
12
+ - Pi resource loader: `source/pi-mono/packages/coding-agent/src/core/resource-loader.ts`, extension `resources_discover` hook
13
+ - pi-crew discovery: `src/agents/discover-agents.ts`, `src/teams/discover-teams.ts`, `src/workflows/discover-workflows.ts`
14
+ - Config: `src/config/config.ts`, `src/schema/config-schema.ts`, `schema.json`, `docs/resource-formats.md`
15
+
16
+ ## Rules
17
+
18
+ - Respect discovery precedence: project resources should override user/builtin where supported.
19
+ - Keep built-in resource formats stable and documented.
20
+ - Project config (`.pi/pi-crew.json`) must be sanitized: do not allow dangerous user-only settings such as agent override injection if project trust is lower.
21
+ - Resource paths exposed through Pi hooks must point to package-root resources after build; verify `__dirname` resolution carefully.
22
+ - Avoid dynamic inline imports; keep discovery synchronous or async according to call-site expectations.
23
+ - Validate config with schema and provide actionable errors.
24
+ - When adding new config fields, update defaults, schema, docs, tests, and examples together.
25
+
26
+ ## Anti-patterns
27
+
28
+ - Resolving package skills to `src/skills` instead of package-root `skills` after publishing.
29
+ - Letting project-local config inject arbitrary global agent overrides.
30
+ - Introducing precedence ambiguity between project/user/builtin resources.
31
+ - Changing resource file syntax without migration notes.
32
+
33
+ ## Verification
34
+
35
+ ```bash
36
+ cd pi-crew
37
+ npx tsc --noEmit
38
+ node --experimental-strip-types --test test/unit/config-schema-validation.test.ts test/unit/config.test.ts test/unit/extension-api-surface.test.ts test/unit/agent-override-skills.test.ts
39
+ npm test
40
+ npm pack --dry-run
41
+ ```
@@ -0,0 +1,44 @@
1
+ ---
2
+ name: runtime-state-reader
3
+ description: Safe read-only navigation of pi-crew run state. Use for inspecting manifests, tasks, events, agents, artifacts, health, and diagnostics without modifying state.
4
+ ---
5
+
6
+ # runtime-state-reader
7
+
8
+ Use this skill when debugging or auditing a pi-crew run.
9
+
10
+ ## Source patterns distilled
11
+
12
+ - `src/state/types.ts`, `src/state/contracts.ts`, `src/state/state-store.ts`
13
+ - `src/state/event-log.ts`, `src/state/artifact-store.ts`, `src/runtime/crew-agent-records.ts`
14
+ - `src/extension/run-index.ts`, `src/extension/team-tool/status.ts`, `src/extension/team-tool/inspect.ts`
15
+
16
+ ## Rules
17
+
18
+ - Prefer exported state APIs over direct file parsing: `loadRunManifestById(cwd, runId)`, run index/list helpers, event readers, and agent readers.
19
+ - Treat state as append-mostly/durable. For review and debugging, do not mutate manifests/tasks/events.
20
+ - Validate run IDs and path-derived IDs; never concatenate untrusted path segments outside state helpers.
21
+ - Read events as JSONL; expect partial/corrupt trailing lines in crash scenarios and handle gracefully.
22
+ - Check status contracts before inferring behavior: terminal vs active run/task statuses matter.
23
+ - Agent aggregate records (`agents.json`) and per-agent status files can disagree briefly; prefer the latest loaded run state plus event log for final conclusions.
24
+ - Include exact paths inspected and distinguish direct evidence from inference.
25
+
26
+ ## Common inspection order
27
+
28
+ 1. Load manifest/tasks.
29
+ 2. Check run/task statuses and timestamps.
30
+ 3. Read recent events.
31
+ 4. Read agent records and per-agent output/status if needed.
32
+ 5. Inspect artifacts/diagnostics only through contained paths.
33
+ 6. Report root cause and smallest safe remediation.
34
+
35
+ ## Verification
36
+
37
+ For code changes to state readers:
38
+
39
+ ```bash
40
+ cd pi-crew
41
+ npx tsc --noEmit
42
+ node --experimental-strip-types --test test/unit/run-index.test.ts test/unit/crew-contracts.test.ts test/unit/atomic-write.test.ts
43
+ npm test
44
+ ```
@@ -0,0 +1,45 @@
1
+ ---
2
+ name: secure-agent-orchestration-review
3
+ description: Use when reviewing delegation, skill loading, tool access, worker prompts, artifacts, runtime config, state, ownership, or subprocess execution.
4
+ ---
5
+
6
+ # secure-agent-orchestration-review
7
+
8
+ Core principle: every delegated worker crosses trust boundaries. Safe orchestration requires contained paths, explicit ownership, scoped tools, non-invasive defaults, and prompt-injection resistance.
9
+
10
+ Distilled from detailed reads of security notice, insecure-defaults, sharp-edges, differential-review, guardrail, and skill quality patterns.
11
+
12
+ ## Trust Boundaries
13
+
14
+ Review:
15
+
16
+ - parent session ↔ child Pi worker;
17
+ - user prompt ↔ generated task packet;
18
+ - project skills ↔ package skills;
19
+ - global config ↔ project config;
20
+ - artifacts/logs ↔ future prompts/UI;
21
+ - mailbox/respond/steer/cancel ↔ session ownership;
22
+ - external skills/docs ↔ prompt injection/tool poisoning;
23
+ - runtime env/CLI args ↔ provider/model behavior.
24
+
25
+ ## Must-Check Findings
26
+
27
+ - Unsafe defaults: scaffold mode unexpectedly enabled, dangerous limits, missing depth guards, overbroad tools.
28
+ - Path containment: cwd override escape, symlink traversal, unsafe skill names, absolute path leakage.
29
+ - Prompt injection: untrusted output treated as instruction, skill metadata overtrusted, missing precedence text.
30
+ - Secrets: env/config/log/artifact/diagnostic leakage.
31
+ - Destructive commands: delete/prune/reset/force push without explicit confirmation.
32
+ - Ownership races: authorization checked outside lock, stale task/manifest written after re-read.
33
+ - Supply chain: external skill content imported without review, unknown tool requirements, hidden commands.
34
+
35
+ ## Secure Defaults for pi-crew
36
+
37
+ - Real execution should be explicit and disable-able, but generated config must not accidentally block normal workflows.
38
+ - Project overrides should be contained to the project root.
39
+ - Missing/invalid config should fall back safely.
40
+ - Skills should be loaded by safe name and source-labeled without absolute path disclosure.
41
+ - Worker prompts should state instruction precedence and treat artifacts as data.
42
+
43
+ ## Finding Format
44
+
45
+ Include severity, path/symbol, scenario, fix, and verification. Separate must-fix security issues from hardening suggestions.
@@ -0,0 +1,42 @@
1
+ ---
2
+ name: state-mutation-locking
3
+ description: Durable state mutation and locking workflow. Use when changing manifests, tasks, mailbox, claims, events, stale reconciliation, recovery, cancel/respond/resume, or retry logic.
4
+ ---
5
+
6
+ # state-mutation-locking
7
+
8
+ Use this skill before modifying pi-crew run state.
9
+
10
+ ## Source patterns distilled
11
+
12
+ - `src/state/locks.ts` — run-level sync/async locks
13
+ - `src/state/state-store.ts` — manifest/tasks persistence
14
+ - `src/state/contracts.ts` — allowed status transitions
15
+ - `src/state/mailbox.ts`, `src/state/task-claims.ts`, `src/state/atomic-write.ts`
16
+ - `src/runtime/crash-recovery.ts`, `src/runtime/stale-reconciler.ts`, `src/runtime/team-runner.ts`
17
+
18
+ ## Rules
19
+
20
+ - Mutations to a run's `manifest.json`, `tasks.json`, mailbox delivery state, claims, or recovery status must be protected by a run lock when concurrent actions are possible.
21
+ - Re-read manifest/tasks inside the lock before making a decision; pre-lock reads are only for locating the run.
22
+ - Persist with atomic write helpers (`atomicWriteJson`, async variants, or state-store helpers). Do not partially write JSON files.
23
+ - Respect status contracts. Do not transition terminal tasks/runs unless the action explicitly supports force semantics.
24
+ - Separate analysis from persistence: pure reconcilers should return intended repaired state; locked callers should persist it.
25
+ - In retry/resume paths, reload fresh task status immediately before execution and skip if the task is no longer retryable/runnable.
26
+ - Include event-log entries for externally visible state changes.
27
+
28
+ ## Anti-patterns
29
+
30
+ - Reading state, waiting/doing async work, then writing the old copy.
31
+ - Updating `tasks.json` from a reconciler or watcher without a lock.
32
+ - Cancelling/responding to runs owned by another session.
33
+ - Using `fs.writeFileSync` for JSON state outside atomic helpers.
34
+
35
+ ## Verification
36
+
37
+ ```bash
38
+ cd pi-crew
39
+ npx tsc --noEmit
40
+ node --experimental-strip-types --test test/unit/cancel-ownership.test.ts test/unit/respond-tool.test.ts test/unit/stale-reconciler.test.ts test/unit/api-claim.test.ts
41
+ npm test
42
+ ```
@@ -0,0 +1,67 @@
1
+ ---
2
+ name: systematic-debugging
3
+ description: Use when encountering a bug, test failure, blocked run, provider error, stale state, crash, or unexpected behavior before proposing fixes.
4
+ ---
5
+
6
+ # systematic-debugging
7
+
8
+ Core principle: no fixes without root-cause investigation first. Symptom patches create new bugs and hide the real failure.
9
+
10
+ Distilled from detailed reads of systematic-debugging, root-cause tracing, TDD, and error-analysis skill patterns.
11
+
12
+ ## Four Phases
13
+
14
+ ### 1. Root Cause Investigation
15
+
16
+ Before any fix:
17
+
18
+ - read error messages, stack traces, failing assertions, task status, and logs completely;
19
+ - reproduce narrowly and record the exact command/steps;
20
+ - check recent diffs, commits, config changes, dependency changes, and environment differences;
21
+ - trace data/control flow across component boundaries;
22
+ - add temporary diagnostics only when they answer a specific question.
23
+
24
+ For pi-crew, trace:
25
+
26
+ ```text
27
+ user/tool params → config resolution → team/workflow/agent discovery → model/runtime routing → child args/env → state/events/artifacts → status/UI
28
+ ```
29
+
30
+ ### 2. Pattern Analysis
31
+
32
+ - Find a similar working path in the codebase.
33
+ - Compare working vs broken behavior field-by-field.
34
+ - Identify dependencies: config home, project root markers, env vars, locks, stale caches, provider model capabilities.
35
+ - Do not assume small differences are irrelevant.
36
+
37
+ ### 3. Hypothesis and Test
38
+
39
+ - State one hypothesis: “I think X is the root cause because Y.”
40
+ - Test one variable at a time with the smallest read-only probe or targeted test.
41
+ - If wrong, discard the hypothesis instead of piling on fixes.
42
+ - After three failed fixes, question architecture or assumptions before continuing.
43
+
44
+ ### 4. Implementation
45
+
46
+ - Add or identify a failing regression test when practical.
47
+ - Fix the root cause, not the symptom.
48
+ - Avoid “while I’m here” refactors.
49
+ - Verify targeted behavior, then broader gates.
50
+
51
+ ## Evidence to Collect
52
+
53
+ - failing command and exit code;
54
+ - relevant manifest/tasks/events/mailbox files;
55
+ - effective config paths and redacted config;
56
+ - child Pi args/env after redaction;
57
+ - git diff and recent commits;
58
+ - provider/model/thinking resolution;
59
+ - async timing/race indicators.
60
+
61
+ ## Anti-patterns
62
+
63
+ - Fixing before reproducing.
64
+ - Assuming real user global config cannot pollute tests.
65
+ - Treating provider errors as only transient network failures.
66
+ - Removing guards because they reveal a blocked state.
67
+ - Editing unrelated layers before checking the hypothesis.
@@ -0,0 +1,39 @@
1
+ ---
2
+ name: ui-render-performance
3
+ description: Non-blocking Pi TUI render workflow. Use when changing widgets, powerbar/statusbar segments, dashboard panes, overlays, snapshot caches, or live UI refresh behavior.
4
+ ---
5
+
6
+ # ui-render-performance
7
+
8
+ Use this skill for Pi/pi-crew TUI work.
9
+
10
+ ## Source patterns distilled
11
+
12
+ - Pi TUI is synchronous immediate-mode/string rendering: `source/pi-mono/packages/coding-agent/src/modes/interactive/interactive-mode.ts`
13
+ - Pi extension examples use event-driven state updates, not render-time loading.
14
+ - pi-crew UI: `src/extension/register.ts`, `src/ui/run-dashboard.ts`, `src/ui/run-snapshot-cache.ts`, `src/ui/crew-widget.ts`, `src/ui/powerbar-publisher.ts`, `src/ui/render-scheduler.ts`
15
+
16
+ ## Rules
17
+
18
+ - Treat every `render(width)` and widget/powerbar update as a hot synchronous path.
19
+ - Render from in-memory snapshots only. Preload config, manifests, snapshots, agents, and mailbox counts asynchronously.
20
+ - Use `RenderScheduler.schedule()` to coalesce renders; avoid direct repeated rendering.
21
+ - Prefer `snapshotCache.get(runId)` in render paths. If a sync fallback is unavoidable, classify it as first-load/rare and document why.
22
+ - Keep dashboard panes pure: accept a snapshot/model and format strings; do not call `fs.readFileSync`, `fs.readdirSync`, `fs.statSync`, or network APIs from pane render methods.
23
+ - On session switch, cancel timers and ensure in-flight async preloads cannot update stale session UI.
24
+ - Watch TTL interactions: a preload interval shorter than cache TTL prevents render-time refresh gaps.
25
+
26
+ ## Anti-patterns
27
+
28
+ - Do not call `loadConfig()`, `manifestCache.list()`, or `refreshIfStale()` repeatedly inside `renderTick()` unless backed by preloaded frame data.
29
+ - Do not do large JSON parsing or directory scans inside widget render/update functions.
30
+ - Do not show stale health warnings for completed/cancelled/failed runs.
31
+
32
+ ## Verification
33
+
34
+ ```bash
35
+ cd pi-crew
36
+ npx tsc --noEmit
37
+ node --experimental-strip-types --test test/unit/run-snapshot-cache.test.ts test/unit/crew-widget.test.ts test/unit/powerbar-publisher.test.ts test/unit/run-dashboard.test.ts
38
+ npm test
39
+ ```
@@ -0,0 +1,57 @@
1
+ ---
2
+ name: verification-before-done
3
+ description: Use when about to claim work is complete, fixed, passing, reviewed, committed, or ready to hand off.
4
+ ---
5
+
6
+ # verification-before-done
7
+
8
+ Core principle: evidence before claims. A worker report, green-looking log, or previous run is not fresh verification.
9
+
10
+ Distilled from detailed reads of agent-skill patterns for verification-before-completion, TDD, review reception, and QA workflows.
11
+
12
+ ## Gate Function
13
+
14
+ Before any completion claim:
15
+
16
+ 1. Identify the command or inspection that proves the claim.
17
+ 2. Run the full command fresh, or explicitly state why a command cannot be run.
18
+ 3. Read the output, including exit code and failure counts.
19
+ 4. Compare the output to the claim.
20
+ 5. Report the claim only with the evidence.
21
+
22
+ ## Claim-to-Evidence Table
23
+
24
+ | Claim | Requires | Not sufficient |
25
+ |---|---|---|
26
+ | Tests pass | Fresh test output with zero failures | Prior run, “should pass” |
27
+ | Typecheck passes | Typecheck command exit 0 | Lint or targeted tests only |
28
+ | Bug fixed | Original symptom/regression test passes | Code changed |
29
+ | Requirements met | Checklist against request/plan | Generic test success |
30
+ | Agent completed | Worker output plus artifact/diff/state inspection | Worker says DONE |
31
+ | Safe to commit | Relevant checks pass and status reviewed | Partial local confidence |
32
+
33
+ ## Verification Ladder
34
+
35
+ Choose the smallest reliable gate, then escalate when risk requires it:
36
+
37
+ 1. Read-only inspection for plans/reviews.
38
+ 2. Targeted unit test for touched behavior.
39
+ 3. Typecheck for TypeScript/schema/API changes.
40
+ 4. Integration test for runtime, subprocess, state, filesystem, UI, config, or session behavior.
41
+ 5. Full suite before commit/release or broad changes.
42
+ 6. Real Pi smoke only when safe and needed.
43
+
44
+ ## Done Report
45
+
46
+ Include:
47
+
48
+ - changed files or read-only status;
49
+ - commands run and pass/fail result;
50
+ - artifacts, run IDs, logs, or state paths inspected;
51
+ - behavior actually verified;
52
+ - skipped checks and why;
53
+ - risks and rollback notes.
54
+
55
+ ## Red Flags
56
+
57
+ Stop before saying done if you are using words like “should”, “probably”, “looks”, “seems”, “I think”, or if you are trusting an agent report without checking evidence.