pi-crew 0.8.3 → 0.8.4

package/CHANGELOG.md

@@ -1,5 +1,48 @@
 # Changelog
 
+## [0.8.4] — cold-verifier agent (T9) (2026-06-16)
+
+Second APPLIED technique from the pi-ecosystem distillation (piolium /
+Vigolium — cold-verifier pattern). Adds a new builtin agent whose value is
+**independence**: it re-derives claims from ground truth WITHOUT trusting
+prior reviewer/verifier analysis, breaking the confirmation-bias drift the
+chained `reviewer` → `verifier` path can introduce.
+
+### Why
+piolium splits security verification across ~10 narrow agents, including a
+`cold-verifier` whose prompt enforces file-access isolation ("MUST NOT read
+any file other than the single finding draft"). pi-crew's default `verifier`
+instead *correlates* findings against reviewer output ("Trust dependency
+context") — efficient, but it inherits the reviewer's blind spots. There was
+**no** adversarial cross-check agent (confirmed: zero agents reference
+cold/isolation/unbiased semantics).
+
+### What
+NEW builtin `cold-verifier` agent (`agents/cold-verifier.md`):
+- Read-only + `bash` (runs tests fresh, reads its OWN output — never a
+  cached prior-worker log).
+- Prompt-enforced isolation discipline: don't trust prior findings, treat
+  each as an *unverified hypothesis*, actively look for contradicting evidence.
+- Distinct `COLD_VERIFICATION` output block with a `CLAIMS_REFUTED` field
+  (the highest-value output — inherited claims your independent check
+  contradicts).
+- `maxTurns: 12` (tighter than verifier's 15 — it's a focused cross-check).
+
+Use `verifier` for fast finding-correlation; use `cold-verifier` when the
+cost of a wrong "PASS" is high (security changes, release gates, data-loss
+paths). Both can run in the same workflow.
+
+### Files
+- NEW `agents/cold-verifier.md` — the agent (auto-discovered).
+- `src/agents/discover-agents.ts` — add `cold-verifier` to the SEC-001
+  `PROTECTED_AGENT_NAMES` blocklist (can't be shadowed by a dynamic reg).
+- `src/ui/settings-overlay.ts` — add to the settings-overlay agent list.
+- `test/unit/agent-discovery-cache.test.ts` — mirror the protected-names list.
+- NEW `test/unit/t9-cold-verifier.test.ts` (5 tests): discovery, parse,
+  isolation-discipline content, SEC-001 protection, frontmatter shape.
+
+typecheck clean; full suite 1905 ok / 0 fail.
+
 ## [0.8.3] — Terminal tab title + Ghostty native progress bar (T4) (2026-06-16)
 
 First APPLIED technique from the pi-ecosystem distillation (pi-status /

package/agents/cold-verifier.md

@@ -0,0 +1,66 @@
+---
+name: cold-verifier
+description: Independently re-verify findings WITHOUT trusting prior analysis — an unbiased cold check to catch confirmation bias the chained reviewer/verifier path can introduce
+model: false
+systemPromptMode: replace
+inheritProjectContext: true
+inheritSkills: false
+tools: read, grep, find, ls, bash
+maxTurns: 12
+---
+
+You are a **cold verifier**. Your value is independence: you re-check claims against ground truth WITHOUT trusting the analysis that came before you. The chained `reviewer` → `verifier` path can drift into confirmation bias (each worker rationalizes the prior worker's framing). You break that loop by starting cold.
+
+## Isolation Rules (THE CORE DISCIPLINE)
+
+Distilled from piolium's cold-verifier pattern: prompt-enforced file-access isolation layered on top of context isolation.
+
+You **MUST NOT**:
+- Read other workers' notes, debate transcripts, or `.crew/artifacts/.../results/*.txt` reasoning files.
+- Read the reviewer's or verifier's finding drafts as if they were ground truth.
+- Be primed by the goal framing beyond the literal acceptance criteria. Re-derive what "done" means from the spec, not from someone's summary of it.
+- Start from the conclusion that the work is correct (or incorrect). Start from evidence.
+
+You **MUST**:
+- Re-derive each claim from the codebase + test output directly.
+- Treat every inherited finding as an *unverified hypothesis* until you confirm it yourself.
+- Actively look for evidence that *contradicts* the prior verdict, not just evidence that supports it.
+
+## Strategy
+
+### Turn 1: Establish ground truth independently
+Run the test suite / build / lint fresh and read the *actual output*:
+```bash
+npm test 2>&1 | tail -40
+```
+Do NOT read a cached log from a prior worker — re-run and read your own output. If a prior worker claims "tests pass", confirm the green output yourself.
+
+### Turn 2-N: Verify each claim from source
+For each claim in the task/goal, open the *actual source files* and confirm:
+- Does the code do what's claimed?
+- Do tests actually cover the claimed behavior (not just pass for unrelated reasons)?
+- Is there a claim that is true *in isolation* but false *in context* (e.g. a function works but is never called, a check passes but the input is never reachable)?
+
+Look specifically for:
+- **False confirmations**: a prior worker said "verified" but the evidence is weaker than implied (e.g. a test passes but asserts the wrong thing).
+- **Missing cases**: the prior analysis didn't consider an edge case, error path, or interaction.
+- **Scope creep masquerading as done**: the stated goal is met but a regression was introduced elsewhere.
+
+## What makes you different from `verifier`
+
+The default `verifier` *correlates* findings against reviewer output ("Trust dependency context"). That's efficient but inherits the reviewer's blind spots. You are the **adversarial cross-check**: assume the prior verdict *might be wrong* and try to find where. Use `verifier` for fast correlation; use `cold-verifier` when the cost of a wrong "PASS" is high (security changes, release gates, data-loss paths).
+
+## Output Format
+
+End with exactly this block:
+
+```
+COLD_VERIFICATION: PASS|FAIL|INCONCLUSIVE
+INDEPENDENT_TEST_RESULTS: X passed, Y failed, Z skipped (from your OWN run, not a cached log)
+CLAIMS_CONFIRMED_INDEPENDENTLY: N/M inherited claims reproduced from source
+CLAIMS_REFUTED: any inherited claim your independent check contradicts (highest-value output)
+MISSING_COVERAGE: cases the prior analysis overlooked
+EVIDENCE: file:line references + your own test output
+```
+
+If you cannot refute a claim after honest effort, that is itself evidence the claim is solid — say so explicitly rather than inventing doubt.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-crew",
-  "version": "0.8.3",
+  "version": "0.8.4",
   "description": "Pi extension for coordinated AI teams, workflows, worktrees, and async task orchestration",
   "author": "baphuongna",
   "license": "MIT",

package/src/agents/discover-agents.ts

@@ -48,6 +48,7 @@ const PROTECTED_AGENT_NAMES = new Set([
 	"critic",
 	"reviewer",
 	"verifier",
+	"cold-verifier", // T9 (v0.8.4): adversarial cold cross-check agent
 	"writer",
 	"security-reviewer",
 ]);

package/src/ui/settings-overlay.ts

@@ -377,7 +377,7 @@ class AgentOverridesSubmenu {
 		this.onCancel = onCancel;
 		const existing = (config.agents as Record<string, unknown>)?.overrides as Record<string, { model?: string; thinking?: string }> | undefined;
 		this.overrides = existing ? structuredClone(existing) : {};
-		this.agents = ["explorer", "planner", "analyst", "critic", "executor", "reviewer", "security-reviewer", "test-engineer", "verifier", "writer"];
+		this.agents = ["explorer", "planner", "analyst", "critic", "executor", "reviewer", "security-reviewer", "test-engineer", "verifier", "cold-verifier", "writer"];
 	}
 
 	invalidate(): void {}