pi-crew 0.9.16 → 0.9.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +130 -0
- package/README.md +19 -0
- package/dist/build-meta.json +21784 -0
- package/dist/index.mjs +83169 -0
- package/dist/index.mjs.map +7 -0
- package/docs/A +358 -0
- package/docs/M-A +357 -0
- package/docs/REVIEW-FINDINGS-2026-06 +357 -0
- package/docs/Y +357 -0
- package/docs/a +357 -0
- package/docs/aA +358 -0
- package/docs/archive/README.md +91 -0
- package/docs/migration/atomic-write-v2-migration.md +297 -0
- package/docs/patterns/command-agent-skill.md +1 -1
- package/docs/perf/performance-review-2026-07.md +287 -0
- package/docs/skills/REFERENCE.md +0 -17
- package/docs//303/242mmaAAA/303/242 +357 -0
- package/index.bundle.ts +25 -0
- package/index.ts +95 -4
- package/package.json +15 -4
- package/skills/iterative-audit/SKILL.md +0 -1
- package/skills/widget-rendering/SKILL.md +17 -0
- package/src/adapters/claude-adapter.ts +1 -3
- package/src/adapters/export-util.ts +16 -16
- package/src/adapters/index.ts +5 -5
- package/src/agents/agent-config.ts +20 -14
- package/src/agents/agent-serializer.ts +1 -1
- package/src/agents/discover-agents.ts +83 -39
- package/src/benchmark/benchmark-runner.ts +51 -51
- package/src/benchmark/feedback-loop.ts +1 -1
- package/src/config/config.ts +303 -591
- package/src/config/defaults.ts +28 -2
- package/src/config/drift-detector.ts +11 -14
- package/src/config/markers.ts +201 -203
- package/src/config/resilient-parser.ts +14 -6
- package/src/config/role-tools.ts +3 -3
- package/src/config/suggestions.ts +5 -12
- package/src/config/types.ts +9 -25
- package/src/errors.ts +151 -157
- package/src/extension/action-suggestions.ts +54 -9
- package/src/extension/async-notifier.ts +43 -13
- package/src/extension/autonomous-policy.ts +77 -37
- package/src/extension/command-completions.ts +9 -8
- package/src/extension/context-status-injection.ts +14 -12
- package/src/extension/crew-autocomplete.ts +8 -16
- package/src/extension/crew-cleanup.ts +2 -1
- package/src/extension/crew-shortcuts.ts +9 -6
- package/src/extension/cross-extension-rpc.ts +136 -42
- package/src/extension/help.ts +1 -1
- package/src/extension/import-index.ts +10 -5
- package/src/extension/knowledge-injection.ts +88 -15
- package/src/extension/management.ts +89 -349
- package/src/extension/message-renderers.ts +3 -4
- package/src/extension/notification-router.ts +22 -5
- package/src/extension/notification-sink.ts +6 -3
- package/src/extension/pi-api.ts +17 -8
- package/src/extension/plan-orchestrate.ts +8 -27
- package/src/extension/project-init.ts +21 -6
- package/src/extension/register.ts +329 -975
- package/src/extension/registration/artifact-cleanup.ts +9 -4
- package/src/extension/registration/command-utils.ts +5 -1
- package/src/extension/registration/commands.ts +806 -314
- package/src/extension/registration/compaction-guard.ts +15 -15
- package/src/extension/registration/lifecycle.ts +259 -0
- package/src/extension/registration/observability.ts +293 -0
- package/src/extension/registration/subagent-helpers.ts +29 -7
- package/src/extension/registration/subagent-tools.ts +253 -44
- package/src/extension/registration/team-tool.ts +19 -84
- package/src/extension/registration/ui.ts +168 -0
- package/src/extension/registration/viewers.ts +64 -24
- package/src/extension/result-watcher.ts +18 -7
- package/src/extension/run-bundle-schema.ts +21 -6
- package/src/extension/run-export.ts +15 -6
- package/src/extension/run-import.ts +64 -29
- package/src/extension/run-index.ts +28 -9
- package/src/extension/run-maintenance.ts +32 -12
- package/src/extension/session-summary.ts +1 -1
- package/src/extension/team-manager-command.ts +64 -7
- package/src/extension/team-onboard.ts +149 -150
- package/src/extension/team-recommendation.ts +121 -21
- package/src/extension/team-tool/anchor.ts +31 -64
- package/src/extension/team-tool/api.ts +929 -141
- package/src/extension/team-tool/auto-summarize.ts +14 -26
- package/src/extension/team-tool/cache-control.ts +1 -5
- package/src/extension/team-tool/cancel.ts +138 -38
- package/src/extension/team-tool/chain-dispatch.ts +5 -13
- package/src/extension/team-tool/chain-executor.ts +29 -51
- package/src/extension/team-tool/config-patch.ts +1 -1
- package/src/extension/team-tool/context.ts +40 -20
- package/src/extension/team-tool/destructive-gate.ts +10 -5
- package/src/extension/team-tool/doctor.ts +170 -51
- package/src/extension/team-tool/explain.ts +228 -214
- package/src/extension/team-tool/failure-patterns.ts +3 -9
- package/src/extension/team-tool/goal-wrap.ts +71 -29
- package/src/extension/team-tool/goal.ts +185 -35
- package/src/extension/team-tool/handle-schedule.ts +34 -15
- package/src/extension/team-tool/handle-settings.ts +94 -56
- package/src/extension/team-tool/health-monitor.ts +27 -108
- package/src/extension/team-tool/inspect.ts +42 -9
- package/src/extension/team-tool/intent-policy.ts +4 -1
- package/src/extension/team-tool/lifecycle-actions.ts +244 -48
- package/src/extension/team-tool/orchestrate.ts +7 -18
- package/src/extension/team-tool/parallel-dispatch.ts +51 -29
- package/src/extension/team-tool/plan.ts +29 -5
- package/src/extension/team-tool/respond.ts +49 -16
- package/src/extension/team-tool/run-not-found.ts +3 -8
- package/src/extension/team-tool/run.ts +80 -317
- package/src/extension/team-tool/status.ts +135 -43
- package/src/extension/team-tool/workflow-manage.ts +92 -25
- package/src/extension/team-tool-types.ts +8 -1
- package/src/extension/team-tool.ts +142 -551
- package/src/extension/validate-resources.ts +39 -8
- package/src/hooks/registry.ts +66 -17
- package/src/hooks/types.ts +1 -1
- package/src/i18n.ts +25 -11
- package/src/observability/correlation.ts +17 -3
- package/src/observability/event-bus.ts +51 -56
- package/src/observability/event-to-metric.ts +117 -15
- package/src/observability/exporters/otlp-exporter.ts +56 -17
- package/src/observability/exporters/prometheus-exporter.ts +1 -1
- package/src/observability/metric-registry.ts +16 -4
- package/src/observability/metric-retention.ts +8 -2
- package/src/observability/metric-sink.ts +11 -3
- package/src/observability/metrics-primitives.ts +42 -9
- package/src/plugins/plugin-define.ts +2 -2
- package/src/plugins/plugin-registry.ts +25 -25
- package/src/plugins/plugins/index.ts +1 -1
- package/src/plugins/plugins/nextjs.ts +16 -16
- package/src/plugins/plugins/vite.ts +7 -11
- package/src/plugins/plugins/vitest.ts +6 -11
- package/src/runtime/adaptive-plan.ts +225 -40
- package/src/runtime/agent-control.ts +58 -15
- package/src/runtime/agent-memory.ts +15 -9
- package/src/runtime/agent-observability.ts +10 -2
- package/src/runtime/anchor-manager.ts +27 -25
- package/src/runtime/async-marker.ts +7 -1
- package/src/runtime/async-runner.ts +39 -24
- package/src/runtime/auto-summarize.ts +7 -13
- package/src/runtime/background-runner.ts +189 -251
- package/src/runtime/batch-barrier.ts +18 -16
- package/src/runtime/cancellation-token.ts +16 -6
- package/src/runtime/cancellation.ts +46 -8
- package/src/runtime/capability-inventory.ts +6 -4
- package/src/runtime/chain-parser.ts +44 -11
- package/src/runtime/chain-runner.ts +63 -69
- package/src/runtime/checkpoint.ts +12 -56
- package/src/runtime/child-pi.ts +344 -79
- package/src/runtime/coalesce-tasks.ts +268 -0
- package/src/runtime/code-summary.ts +71 -26
- package/src/runtime/compact-stages/index.ts +15 -5
- package/src/runtime/compact-stages/tail-capture-stage.ts +7 -2
- package/src/runtime/compact-stages/truncation-stage.ts +4 -1
- package/src/runtime/compaction-summary.ts +17 -10
- package/src/runtime/completion-guard.ts +33 -16
- package/src/runtime/crash-classification.ts +28 -7
- package/src/runtime/crash-recovery.ts +177 -37
- package/src/runtime/crew-agent-records.ts +145 -47
- package/src/runtime/crew-hooks.ts +9 -24
- package/src/runtime/cross-extension-rpc.ts +25 -23
- package/src/runtime/custom-tools/irc-tool.ts +43 -15
- package/src/runtime/custom-tools/submit-result-tool.ts +16 -5
- package/src/runtime/delivery-coordinator.ts +34 -7
- package/src/runtime/delta-conflict.ts +9 -21
- package/src/runtime/deterministic-ast.ts +1 -1
- package/src/runtime/diagnostic-export.ts +53 -20
- package/src/runtime/direct-run.ts +12 -2
- package/src/runtime/dwf-state-store.ts +1 -1
- package/src/runtime/dynamic-workflow-context.ts +187 -59
- package/src/runtime/dynamic-workflow-runner.ts +42 -20
- package/src/runtime/effectiveness.ts +16 -8
- package/src/runtime/errors/crew-errors.ts +7 -11
- package/src/runtime/event-stream-bridge.ts +9 -3
- package/src/runtime/foreground-control.ts +54 -14
- package/src/runtime/foreground-watchdog.ts +9 -6
- package/src/runtime/goal-achievement.ts +27 -10
- package/src/runtime/goal-evaluator.ts +54 -19
- package/src/runtime/goal-loop-runner.ts +280 -99
- package/src/runtime/goal-state-store.ts +27 -17
- package/src/runtime/green-contract.ts +11 -2
- package/src/runtime/group-join.ts +64 -31
- package/src/runtime/handoff-manager.ts +37 -42
- package/src/runtime/heartbeat-gradient.ts +10 -2
- package/src/runtime/heartbeat-watcher.ts +32 -6
- package/src/runtime/hidden-handoff.ts +13 -31
- package/src/runtime/important-line-classifier.ts +12 -2
- package/src/runtime/iteration-hooks.ts +25 -15
- package/src/runtime/live-agent-control.ts +55 -7
- package/src/runtime/live-agent-manager.ts +130 -27
- package/src/runtime/live-control-realtime.ts +23 -3
- package/src/runtime/live-irc.ts +4 -1
- package/src/runtime/live-session-health.ts +12 -4
- package/src/runtime/live-session-runtime.ts +379 -117
- package/src/runtime/manifest-cache.ts +28 -12
- package/src/runtime/mcp-proxy.ts +10 -18
- package/src/runtime/metric-parser.ts +1 -5
- package/src/runtime/model-fallback.ts +55 -18
- package/src/runtime/model-resolver.ts +2 -6
- package/src/runtime/model-scope.ts +19 -3
- package/src/runtime/notebook-helpers.ts +60 -62
- package/src/runtime/orphan-worker-registry.ts +37 -26
- package/src/runtime/output-validator.ts +18 -3
- package/src/runtime/overflow-recovery.ts +5 -4
- package/src/runtime/parallel-research.ts +29 -5
- package/src/runtime/parallel-utils.ts +9 -11
- package/src/runtime/path-overlap.ts +150 -0
- package/src/runtime/peer-dep.ts +12 -17
- package/src/runtime/per-write-validator.ts +1 -3
- package/src/runtime/phase-tracker.ts +342 -330
- package/src/runtime/pi-args.ts +26 -8
- package/src/runtime/pi-json-output.ts +1 -1
- package/src/runtime/pi-spawn.ts +30 -19
- package/src/runtime/pipeline-runner.ts +56 -55
- package/src/runtime/plan-templates.ts +5 -6
- package/src/runtime/policy-engine.ts +43 -7
- package/src/runtime/post-checks.ts +12 -4
- package/src/runtime/post-exit-stdio-guard.ts +2 -2
- package/src/runtime/process-lifecycle.ts +20 -10
- package/src/runtime/process-status.ts +16 -5
- package/src/runtime/progress-event-coalescer.ts +2 -1
- package/src/runtime/progress-tracker.ts +103 -103
- package/src/runtime/prose-compressor.ts +9 -11
- package/src/runtime/recovery-recipes.ts +118 -24
- package/src/runtime/replace.ts +25 -10
- package/src/runtime/resilient-edit.ts +10 -25
- package/src/runtime/result-extractor.ts +2 -6
- package/src/runtime/retry-executor.ts +20 -4
- package/src/runtime/retry-runner.ts +27 -51
- package/src/runtime/role-permission.ts +6 -1
- package/src/runtime/run-coalesced-task-group.ts +256 -0
- package/src/runtime/run-drift.ts +14 -15
- package/src/runtime/run-tracker.ts +6 -28
- package/src/runtime/runtime-policy.ts +1 -6
- package/src/runtime/runtime-resolver.ts +80 -15
- package/src/runtime/scheduler.ts +47 -18
- package/src/runtime/semaphore.ts +5 -7
- package/src/runtime/sensitive-paths.ts +2 -1
- package/src/runtime/session-usage.ts +1 -1
- package/src/runtime/settings-store.ts +16 -12
- package/src/runtime/sidechain-output.ts +6 -2
- package/src/runtime/single-agent-compose.ts +1 -4
- package/src/runtime/skill-effectiveness.ts +29 -97
- package/src/runtime/skill-instructions.ts +40 -83
- package/src/runtime/stale-reconciler.ts +73 -197
- package/src/runtime/stream-preview.ts +1 -1
- package/src/runtime/streaming-output.ts +1 -1
- package/src/runtime/subagent-manager.ts +44 -169
- package/src/runtime/subprocess-tool-registry.ts +4 -1
- package/src/runtime/supervisor-contact.ts +10 -5
- package/src/runtime/task-display.ts +19 -5
- package/src/runtime/task-graph-scheduler.ts +95 -21
- package/src/runtime/task-graph.ts +5 -11
- package/src/runtime/task-health.ts +54 -47
- package/src/runtime/task-id.ts +12 -19
- package/src/runtime/task-output-context.ts +265 -81
- package/src/runtime/task-packet.ts +12 -20
- package/src/runtime/task-quality.ts +6 -14
- package/src/runtime/task-runner/context-retrieval.ts +4 -13
- package/src/runtime/task-runner/live-executor.ts +114 -36
- package/src/runtime/task-runner/output-splitter.ts +152 -0
- package/src/runtime/task-runner/progress.ts +50 -12
- package/src/runtime/task-runner/prompt-builder.ts +31 -7
- package/src/runtime/task-runner/prompt-pipeline.ts +31 -7
- package/src/runtime/task-runner/result-utils.ts +3 -1
- package/src/runtime/task-runner/retrieval-orchestrator.ts +310 -0
- package/src/runtime/task-runner/run-projection.ts +27 -8
- package/src/runtime/task-runner/state-helpers.ts +50 -14
- package/src/runtime/task-runner/tail-read.ts +2 -6
- package/src/runtime/task-runner.ts +180 -326
- package/src/runtime/team-runner-artifacts.ts +13 -0
- package/src/runtime/team-runner.ts +456 -974
- package/src/runtime/tool-output-pruner.ts +6 -9
- package/src/runtime/tool-progress.ts +11 -21
- package/src/runtime/verification-gates.ts +33 -24
- package/src/runtime/verification-integrity.ts +2 -7
- package/src/runtime/verification-worktree.ts +62 -12
- package/src/runtime/worker-heartbeat.ts +5 -1
- package/src/runtime/worker-startup.ts +29 -5
- package/src/runtime/workflow-state.ts +17 -9
- package/src/runtime/workspace-lock.ts +30 -35
- package/src/runtime/workspace-tree.ts +20 -32
- package/src/runtime/yield-handler.ts +43 -9
- package/src/runtime/zombie-scanner.ts +5 -4
- package/src/schema/config-schema.ts +266 -172
- package/src/schema/team-tool-schema.ts +29 -74
- package/src/schema/validation-types.ts +25 -17
- package/src/skills/discover-skills.ts +35 -10
- package/src/skills/skill-templates.ts +109 -27
- package/src/skills/validate.ts +26 -8
- package/src/state/active-run-registry.ts +87 -28
- package/src/state/artifact-store.ts +9 -5
- package/src/state/atomic-write-v2.ts +85 -63
- package/src/state/atomic-write.ts +106 -27
- package/src/state/blob-store.ts +47 -20
- package/src/state/contracts.ts +20 -5
- package/src/state/crew-init.ts +5 -22
- package/src/state/decision-ledger.ts +19 -73
- package/src/state/event-log-rotation.ts +41 -15
- package/src/state/event-log.ts +168 -53
- package/src/state/event-reconstructor.ts +11 -1
- package/src/state/gitignore-manager.ts +2 -8
- package/src/state/health-store.ts +57 -57
- package/src/state/hook-instinct-bridge.ts +1 -1
- package/src/state/hook-integrations.ts +1 -1
- package/src/state/instinct-store.ts +17 -5
- package/src/state/jsonl-writer.ts +1 -1
- package/src/state/locks.ts +23 -9
- package/src/state/mailbox.ts +151 -28
- package/src/state/observation-store.ts +20 -14
- package/src/state/run-cache.ts +142 -135
- package/src/state/run-graph.ts +6 -15
- package/src/state/run-metrics.ts +5 -18
- package/src/state/schedule.ts +15 -9
- package/src/state/state-store.ts +137 -47
- package/src/state/task-claims.ts +12 -2
- package/src/state/tiered-eval.ts +52 -43
- package/src/state/types-eval.ts +2 -2
- package/src/state/types.ts +24 -20
- package/src/state/usage.ts +20 -4
- package/src/state/worker-atomic-writer.ts +6 -3
- package/src/subagents/index.ts +2 -2
- package/src/teams/discover-teams.ts +21 -6
- package/src/tools/safe-bash-extension.ts +5 -6
- package/src/tools/safe-bash.ts +10 -11
- package/src/types/new-api-types.ts +6 -10
- package/src/ui/agent-management-overlay.ts +52 -40
- package/src/ui/card-colors.ts +13 -4
- package/src/ui/crew-footer.ts +8 -7
- package/src/ui/crew-select-list.ts +1 -1
- package/src/ui/dashboard-panes/agents-pane.ts +41 -25
- package/src/ui/dashboard-panes/cancellation-pane.ts +1 -1
- package/src/ui/dashboard-panes/capability-pane.ts +32 -15
- package/src/ui/dashboard-panes/health-pane.ts +2 -1
- package/src/ui/dashboard-panes/metrics-pane.ts +4 -1
- package/src/ui/dashboard-panes/progress-pane.ts +12 -9
- package/src/ui/heartbeat-aggregator.ts +15 -4
- package/src/ui/keybinding-map.ts +40 -7
- package/src/ui/live-conversation-overlay.ts +36 -20
- package/src/ui/live-duration.ts +1 -4
- package/src/ui/live-run-sidebar.ts +88 -25
- package/src/ui/loaders.ts +2 -8
- package/src/ui/mascot.ts +20 -36
- package/src/ui/overlays/agent-picker-overlay.ts +11 -3
- package/src/ui/overlays/confirm-overlay.ts +4 -2
- package/src/ui/overlays/help-overlay.ts +25 -14
- package/src/ui/overlays/mailbox-compose-overlay.ts +48 -11
- package/src/ui/overlays/mailbox-compose-preview.ts +20 -5
- package/src/ui/overlays/mailbox-detail-overlay.ts +27 -6
- package/src/ui/pi-ui-compat.ts +7 -7
- package/src/ui/powerbar-publisher.ts +120 -42
- package/src/ui/render-diff.ts +10 -3
- package/src/ui/render-scheduler.ts +12 -4
- package/src/ui/run-action-dispatcher.ts +81 -18
- package/src/ui/run-dashboard.ts +172 -76
- package/src/ui/run-event-bus.ts +59 -37
- package/src/ui/run-snapshot-cache.ts +276 -86
- package/src/ui/settings-overlay.ts +361 -74
- package/src/ui/status-colors.ts +12 -1
- package/src/ui/syntax-highlight.ts +1 -1
- package/src/ui/terminal-status.ts +1 -3
- package/src/ui/theme-adapter.ts +16 -14
- package/src/ui/theme-discovery.ts +13 -2
- package/src/ui/tool-progress-formatter.ts +7 -7
- package/src/ui/tool-render.ts +128 -56
- package/src/ui/tool-renderers/brief-mode.ts +45 -27
- package/src/ui/tool-renderers/index.ts +109 -43
- package/src/ui/transcript-cache.ts +32 -6
- package/src/ui/transcript-entries.ts +25 -23
- package/src/ui/transcript-viewer.ts +78 -29
- package/src/ui/widget/index.ts +99 -40
- package/src/ui/widget/widget-formatters.ts +13 -6
- package/src/ui/widget/widget-model.ts +19 -8
- package/src/ui/widget/widget-renderer.ts +23 -13
- package/src/ui/widget/widget-types.ts +1 -1
- package/src/utils/bm25-search.ts +199 -199
- package/src/utils/conflict-detect.ts +22 -21
- package/src/utils/env-filter.ts +14 -7
- package/src/utils/file-coalescer.ts +5 -1
- package/src/utils/fingerprint.ts +3 -6
- package/src/utils/frontmatter.ts +3 -1
- package/src/utils/fs-watch.ts +2 -6
- package/src/utils/gh-protocol.ts +119 -44
- package/src/utils/git.ts +13 -15
- package/src/utils/guards.ts +2 -5
- package/src/utils/ids.ts +9 -2
- package/src/utils/incremental-reader.ts +14 -3
- package/src/utils/internal-error.ts +2 -1
- package/src/utils/names.ts +12 -3
- package/src/utils/paths.ts +49 -5
- package/src/utils/project-detector.ts +2 -2
- package/src/utils/redaction.ts +29 -19
- package/src/utils/resolve-shell.ts +9 -7
- package/src/utils/run-watcher-registry.ts +19 -31
- package/src/utils/safe-paths.ts +46 -29
- package/src/utils/scan-cache.ts +9 -2
- package/src/utils/session-utils.ts +2 -4
- package/src/utils/sleep.ts +12 -5
- package/src/utils/sse-parser.ts +5 -17
- package/src/utils/visual.ts +52 -32
- package/src/workflows/discover-workflows.ts +41 -109
- package/src/workflows/intermediate-store.ts +5 -21
- package/src/workflows/preflight-validator.ts +6 -33
- package/src/workflows/topology-analyzer.ts +5 -21
- package/src/workflows/workflow-config.ts +7 -6
- package/src/worktree/branch-freshness.ts +66 -8
- package/src/worktree/cleanup.ts +130 -20
- package/src/worktree/worktree-manager.ts +212 -69
- package/skills/artifact-analysis-loop/SKILL.md +0 -303
- package/skills/detection-pipeline-design/SKILL.md +0 -286
- package/skills/hunting-investigation-loop/SKILL.md +0 -402
- package/skills/incident-playbook-construction/SKILL.md +0 -384
- package/skills/security-review/SKILL.md +0 -561
- package/skills/threat-hypothesis-framework/SKILL.md +0 -176
- package/skills/ui-render-performance/SKILL.md +0 -58
- /package/docs/{followup-review-round3-2026-05-12.md → archive/followup-review-round3-2026-05-12.md} +0 -0
- /package/docs/{followup-review-round4-2026-05-13.md → archive/followup-review-round4-2026-05-13.md} +0 -0
- /package/docs/{pi-crew-bugs.md → archive/pi-crew-bugs.md} +0 -0
- /package/docs/{pi-crew-test-final.md → archive/pi-crew-test-final.md} +0 -0
- /package/docs/{pi-crew-test-results.md → archive/pi-crew-test-results.md} +0 -0
- /package/docs/{pi-crew-test-round2.md → archive/pi-crew-test-round2.md} +0 -0
- /package/docs/{pi-crew-test-round4.md → archive/pi-crew-test-round4.md} +0 -0
- /package/docs/{pi-crew-test-round5.md → archive/pi-crew-test-round5.md} +0 -0
- /package/docs/{pi-crew-test-round6.md → archive/pi-crew-test-round6.md} +0 -0
- /package/docs/{pi-crew-v0.5.10-audit-fix-plan.md → archive/pi-crew-v0.5.10-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.11-audit-fix-plan.md → archive/pi-crew-v0.5.11-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.12-audit-fix-plan.md → archive/pi-crew-v0.5.12-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.13-audit-fix-plan.md → archive/pi-crew-v0.5.13-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.14-audit-fix-plan.md → archive/pi-crew-v0.5.14-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.16-audit-fix-plan.md → archive/pi-crew-v0.5.16-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.17-audit-fix-plan.md → archive/pi-crew-v0.5.17-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.5-audit-fix-plan.md → archive/pi-crew-v0.5.5-audit-fix-plan.md} +0 -0
- /package/docs/{pi-crew-v0.5.9-audit-fix-plan.md → archive/pi-crew-v0.5.9-audit-fix-plan.md} +0 -0
- /package/docs/{pi-mono-opportunities.md → archive/pi-mono-opportunities.md} +0 -0
- /package/docs/{pi-mono-review.md → archive/pi-mono-review.md} +0 -0
- /package/docs/{pi-subagent4-comparison.md → archive/pi-subagent4-comparison.md} +0 -0
- /package/docs/{pi-subagents3-deep-analysis.md → archive/pi-subagents3-deep-analysis.md} +0 -0
|
@@ -1,402 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: hunting-investigation-loop
|
|
3
|
-
description: "Active hypothesis-driven investigation and threat hunting."
|
|
4
|
-
origin: distilled:anthropic-cybersecurity-skills
|
|
5
|
-
triggers:
|
|
6
|
-
- "hunt for"
|
|
7
|
-
- "find evidence of"
|
|
8
|
-
- "investigate"
|
|
9
|
-
- "active search"
|
|
10
|
-
- "forensic hunt"
|
|
11
|
-
---
|
|
12
|
-
# hunting-investigation-loop
|
|
13
|
-
|
|
14
|
-
Use this skill when conducting active, hypothesis-driven threat hunting and investigation.
|
|
15
|
-
|
|
16
|
-
## Source
|
|
17
|
-
|
|
18
|
-
Distilled from 28 `hunting-for-*` skills (Anthropic Cybersecurity Skills) and generalized for software/codebase context.
|
|
19
|
-
|
|
20
|
-
## When to Use
|
|
21
|
-
|
|
22
|
-
- Proactively hunting for indicators of compromise
|
|
23
|
-
- Investigating suspicious patterns without clear incident
|
|
24
|
-
- Periodic security assessments
|
|
25
|
-
- After threat intelligence suggests specific patterns
|
|
26
|
-
- Purple team exercises
|
|
27
|
-
|
|
28
|
-
## Core Loop
|
|
29
|
-
|
|
30
|
-
```
|
|
31
|
-
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
|
|
32
|
-
│ Form │ → │ Locate │ → │ Query │ → │ Analyze │
|
|
33
|
-
│ Hypothesis │ │ Data Sources│ │ Search │ │ Results │
|
|
34
|
-
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
|
|
35
|
-
↓
|
|
36
|
-
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
|
|
37
|
-
│ Report │ ← │ Document │ ← │ Scope │ ← │ Validate │
|
|
38
|
-
│ Findings │ │ Evidence │ │ Extent │ │ Findings │
|
|
39
|
-
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
|
|
40
|
-
```
|
|
41
|
-
|
|
42
|
-
## Investigation Loop
|
|
43
|
-
|
|
44
|
-
```markdown
|
|
45
|
-
## Hunting Investigation Loop
|
|
46
|
-
|
|
47
|
-
1. **Form Hypothesis** → "There might be [vulnerability/pattern] in [location]"
|
|
48
|
-
2. **Identify Hunt** → Search location: [files, commits, logs, configs]
|
|
49
|
-
3. **Execute Search** → Query: [grep, regex, pattern match]
|
|
50
|
-
4. **Analyze Results** → Filter: [true_positive, false_positive, noise]
|
|
51
|
-
5. **Validate** → Confirm: [secondary source, cross-reference]
|
|
52
|
-
6. **Scope** → Extent: [how many files, lines, occurrences]
|
|
53
|
-
7. **Document** → Findings: [file, line, pattern, severity]
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
## Hunt Structure
|
|
57
|
-
|
|
58
|
-
```yaml
|
|
59
|
-
hunt:
|
|
60
|
-
id: string # e.g., "HUNT-2026-001"
|
|
61
|
-
hypothesis: string # What we're testing
|
|
62
|
-
technique: string # e.g., "credential_theft", "injection"
|
|
63
|
-
status: [planned|running|completed|cancelled]
|
|
64
|
-
|
|
65
|
-
data_sources:
|
|
66
|
-
- name: string
|
|
67
|
-
type: [file|commit|log|config|database]
|
|
68
|
-
locations: [paths, globs, queries]
|
|
69
|
-
priority: [high|medium|low]
|
|
70
|
-
|
|
71
|
-
search_patterns:
|
|
72
|
-
- pattern: string
|
|
73
|
-
type: [regex|AST|signature|heuristic]
|
|
74
|
-
context_needed: int # Lines before/after
|
|
75
|
-
expected_findings: int # Estimated findings
|
|
76
|
-
|
|
77
|
-
validation:
|
|
78
|
-
methods:
|
|
79
|
-
- name: string
|
|
80
|
-
description: string
|
|
81
|
-
expected: string # What validation should confirm
|
|
82
|
-
cross_references:
|
|
83
|
-
- source: string
|
|
84
|
-
query: string
|
|
85
|
-
|
|
86
|
-
findings:
|
|
87
|
-
- file: string
|
|
88
|
-
line: number
|
|
89
|
-
evidence: string
|
|
90
|
-
confidence: [high|medium|low]
|
|
91
|
-
validated: boolean
|
|
92
|
-
|
|
93
|
-
scope:
|
|
94
|
-
total_findings: int
|
|
95
|
-
files_affected: int
|
|
96
|
-
severity: [critical|high|medium|low]
|
|
97
|
-
|
|
98
|
-
next_actions:
|
|
99
|
-
- investigate: [further analysis needed]
|
|
100
|
-
- contain: [immediate action required]
|
|
101
|
-
- remediate: [fix required]
|
|
102
|
-
- close: [false positive, no action]
|
|
103
|
-
```
|
|
104
|
-
|
|
105
|
-
## Hypothesis Templates
|
|
106
|
-
|
|
107
|
-
### Template 1: Credential Pattern Hunt
|
|
108
|
-
|
|
109
|
-
```yaml
|
|
110
|
-
hypothesis:
|
|
111
|
-
id: HUNT-2026-CRED-001
|
|
112
|
-
title: Hardcoded credentials in codebase
|
|
113
|
-
technique: credential_exposure
|
|
114
|
-
data_sources:
|
|
115
|
-
- name: source_code
|
|
116
|
-
type: file
|
|
117
|
-
locations: ["**/*.ts", "**/*.js", "**/*.py"]
|
|
118
|
-
- name: config_files
|
|
119
|
-
type: file
|
|
120
|
-
locations: ["**/*.json", "**/*.yaml", "**/*.env"]
|
|
121
|
-
search_patterns:
|
|
122
|
-
- pattern: '(password|secret|token|key)\s*[=:]\s*["\'][^"\']{10,}'
|
|
123
|
-
type: regex
|
|
124
|
-
- pattern: 'process\.env\.[A-Z_]{5,}'
|
|
125
|
-
type: regex
|
|
126
|
-
validation:
|
|
127
|
-
- method: git_history_check
|
|
128
|
-
description: Check if credentials were ever committed
|
|
129
|
-
- method: secret_scanner
|
|
130
|
-
description: Run trufflehog to confirm
|
|
131
|
-
```
|
|
132
|
-
|
|
133
|
-
### Template 2: Injection Pattern Hunt
|
|
134
|
-
|
|
135
|
-
```yaml
|
|
136
|
-
hypothesis:
|
|
137
|
-
id: HUNT-2026-INJ-001
|
|
138
|
-
title: Code injection vulnerabilities
|
|
139
|
-
technique: command_injection
|
|
140
|
-
data_sources:
|
|
141
|
-
- name: source_code
|
|
142
|
-
type: file
|
|
143
|
-
locations: ["**/*.ts", "**/*.js", "**/*.py", "**/*.go"]
|
|
144
|
-
search_patterns:
|
|
145
|
-
- pattern: '(eval|exec|Function|spawn)\s*\('
|
|
146
|
-
type: regex
|
|
147
|
-
- pattern: 'child_process.*exec.*template'
|
|
148
|
-
type: AST
|
|
149
|
-
validation:
|
|
150
|
-
- method: confirm_user_input_taint
|
|
151
|
-
description: Check if eval input includes user data
|
|
152
|
-
- method: test_in_sandbox
|
|
153
|
-
description: Execute with controlled input
|
|
154
|
-
```
|
|
155
|
-
|
|
156
|
-
### Template 3: Supply Chain Hunt
|
|
157
|
-
|
|
158
|
-
```yaml
|
|
159
|
-
hypothesis:
|
|
160
|
-
id: HUNT-2026-SUPPLY-001
|
|
161
|
-
title: Dependency confusion or typosquatting
|
|
162
|
-
technique: supply_chain_attack
|
|
163
|
-
data_sources:
|
|
164
|
-
- name: package_manifest
|
|
165
|
-
type: file
|
|
166
|
-
locations: ["package.json", "requirements.txt", "Cargo.toml"]
|
|
167
|
-
search_patterns:
|
|
168
|
-
- pattern: '"@private/.*"'
|
|
169
|
-
type: regex
|
|
170
|
-
- pattern: 'version.*>.*9999999'
|
|
171
|
-
type: regex
|
|
172
|
-
validation:
|
|
173
|
-
- method: npm_audit
|
|
174
|
-
description: Check for malicious packages
|
|
175
|
-
- method: typosquat_check
|
|
176
|
-
description: Check for similar package names
|
|
177
|
-
```
|
|
178
|
-
|
|
179
|
-
### Template 4: Persistence Mechanism Hunt
|
|
180
|
-
|
|
181
|
-
```yaml
|
|
182
|
-
hypothesis:
|
|
183
|
-
id: HUNT-2026-PERS-001
|
|
184
|
-
title: Malicious persistence mechanisms
|
|
185
|
-
technique: persistence
|
|
186
|
-
data_sources:
|
|
187
|
-
- name: startup_files
|
|
188
|
-
type: file
|
|
189
|
-
locations: ["**/startup/**", "**/init/**", "**/.profile"]
|
|
190
|
-
- name: cron_configs
|
|
191
|
-
type: file
|
|
192
|
-
locations: ["**/cron/**", "**/.crontab"]
|
|
193
|
-
- name: systemd
|
|
194
|
-
type: file
|
|
195
|
-
locations: ["**/*.service", "**/systemd/**"]
|
|
196
|
-
search_patterns:
|
|
197
|
-
- pattern: '(wget|curl).*\|.*(bash|sh)'
|
|
198
|
-
type: regex
|
|
199
|
-
- pattern: 'nohup.*background'
|
|
200
|
-
type: regex
|
|
201
|
-
validation:
|
|
202
|
-
- method: confirm_evil_binary
|
|
203
|
-
description: Check downloaded binary hash
|
|
204
|
-
- method: network_check
|
|
205
|
-
description: Check for suspicious network activity
|
|
206
|
-
```
|
|
207
|
-
|
|
208
|
-
## Hunt Execution
|
|
209
|
-
|
|
210
|
-
### Phase 1: Form Hypothesis
|
|
211
|
-
|
|
212
|
-
Before starting a hunt, clearly define:
|
|
213
|
-
- What you're looking for
|
|
214
|
-
- Why you think it might exist
|
|
215
|
-
- Where to look
|
|
216
|
-
- How to confirm
|
|
217
|
-
|
|
218
|
-
```markdown
|
|
219
|
-
## Hypothesis Formulation Checklist
|
|
220
|
-
|
|
221
|
-
- [ ] Clear technique/pattern being hunted
|
|
222
|
-
- [ ] Known attack chain context
|
|
223
|
-
- [ ] Data sources identified
|
|
224
|
-
- [ ] Search patterns defined
|
|
225
|
-
- [ ] Validation method specified
|
|
226
|
-
- [ ] False positive patterns identified
|
|
227
|
-
```
|
|
228
|
-
|
|
229
|
-
### Phase 2: Execute Search
|
|
230
|
-
|
|
231
|
-
Run searches in priority order:
|
|
232
|
-
|
|
233
|
-
```bash
|
|
234
|
-
# High priority - common locations
|
|
235
|
-
rg -n "pattern" --type ts src/ | head -50
|
|
236
|
-
|
|
237
|
-
# Config files
|
|
238
|
-
rg -n "pattern" --type json --type yaml config/ | head -20
|
|
239
|
-
|
|
240
|
-
# Check for encoded/obfuscated
|
|
241
|
-
rg -n "atob|b64decode|base64" --type js | head -20
|
|
242
|
-
```
|
|
243
|
-
|
|
244
|
-
### Phase 3: Analyze Results
|
|
245
|
-
|
|
246
|
-
Filter findings by:
|
|
247
|
-
1. **True Positive** - Actual vulnerability/indicator
|
|
248
|
-
2. **False Positive** - Known benign pattern
|
|
249
|
-
3. **Noise** - Irrelevant matches
|
|
250
|
-
|
|
251
|
-
```yaml
|
|
252
|
-
analysis:
|
|
253
|
-
true_positives:
|
|
254
|
-
count: int
|
|
255
|
-
examples:
|
|
256
|
-
- file: path
|
|
257
|
-
line: number
|
|
258
|
-
reason: why this is a finding
|
|
259
|
-
false_positives:
|
|
260
|
-
count: int
|
|
261
|
-
reasons:
|
|
262
|
-
- known_benign_pattern
|
|
263
|
-
- test_code
|
|
264
|
-
- excluded_by_validation
|
|
265
|
-
noise:
|
|
266
|
-
count: int
|
|
267
|
-
reasons:
|
|
268
|
-
- not_in_scope
|
|
269
|
-
- duplicate_findings
|
|
270
|
-
```
|
|
271
|
-
|
|
272
|
-
### Phase 4: Validate
|
|
273
|
-
|
|
274
|
-
For each potential finding:
|
|
275
|
-
1. Cross-reference with other data sources
|
|
276
|
-
2. Check git history for context
|
|
277
|
-
3. Verify with secondary method
|
|
278
|
-
4. Assess exploitability
|
|
279
|
-
|
|
280
|
-
```yaml
|
|
281
|
-
validation:
|
|
282
|
-
method_1:
|
|
283
|
-
name: secondary_source_check
|
|
284
|
-
result: [confirmed|suspected|false_positive]
|
|
285
|
-
evidence: string
|
|
286
|
-
method_2:
|
|
287
|
-
name: git_history_check
|
|
288
|
-
result: [confirmed|suspected|false_positive]
|
|
289
|
-
evidence: string
|
|
290
|
-
method_3:
|
|
291
|
-
name: exploitability_assessment
|
|
292
|
-
result: [confirmed|suspected|false_positive]
|
|
293
|
-
evidence: string
|
|
294
|
-
```
|
|
295
|
-
|
|
296
|
-
### Phase 5: Scope and Document
|
|
297
|
-
|
|
298
|
-
Document findings with:
|
|
299
|
-
- Exact location (file:line)
|
|
300
|
-
- Evidence (code snippet, pattern match)
|
|
301
|
-
- Confidence level
|
|
302
|
-
- Validation results
|
|
303
|
-
- Recommended action
|
|
304
|
-
|
|
305
|
-
## Hunt Report Format
|
|
306
|
-
|
|
307
|
-
```
|
|
308
|
-
Hunt Report: [HUNT-ID]
|
|
309
|
-
==============
|
|
310
|
-
|
|
311
|
-
Hypothesis: [what we tested]
|
|
312
|
-
Hunt Date: [timestamp]
|
|
313
|
-
Hypothesis: [technique/pattern]
|
|
314
|
-
|
|
315
|
-
## Executive Summary
|
|
316
|
-
|
|
317
|
-
- Total Findings: [N]
|
|
318
|
-
- Critical: [N] | High: [N] | Medium: [N] | Low: [N]
|
|
319
|
-
- Files Affected: [N]
|
|
320
|
-
- Confidence: [Overall assessment]
|
|
321
|
-
|
|
322
|
-
## Data Sources Searched
|
|
323
|
-
|
|
324
|
-
- [source 1]: [findings count]
|
|
325
|
-
- [source 2]: [findings count]
|
|
326
|
-
|
|
327
|
-
## Findings
|
|
328
|
-
|
|
329
|
-
### [Finding 1] - [Severity]
|
|
330
|
-
Location: [file:line]
|
|
331
|
-
Evidence:
|
|
332
|
-
```
|
|
333
|
-
[code snippet]
|
|
334
|
-
```
|
|
335
|
-
Validated: [YES/NO - how]
|
|
336
|
-
Recommendation: [action]
|
|
337
|
-
|
|
338
|
-
### [Finding 2]...
|
|
339
|
-
|
|
340
|
-
## False Positives
|
|
341
|
-
|
|
342
|
-
- [why certain matches were dismissed]
|
|
343
|
-
|
|
344
|
-
## Next Actions
|
|
345
|
-
|
|
346
|
-
- [ ] Investigate further: [specific items]
|
|
347
|
-
- [ ] Remediate: [specific items]
|
|
348
|
-
- [ ] Monitor: [specific items]
|
|
349
|
-
|
|
350
|
-
## Conclusion
|
|
351
|
-
|
|
352
|
-
[Overall assessment of hunt results]
|
|
353
|
-
```
|
|
354
|
-
|
|
355
|
-
## Hunt Status Tracking
|
|
356
|
-
|
|
357
|
-
```yaml
|
|
358
|
-
hunt_status:
|
|
359
|
-
planned:
|
|
360
|
-
- id: string
|
|
361
|
-
hypothesis: string
|
|
362
|
-
planned_date: date
|
|
363
|
-
running:
|
|
364
|
-
- id: string
|
|
365
|
-
start_time: timestamp
|
|
366
|
-
current_phase: [form|locate|query|analyze|validate|report]
|
|
367
|
-
findings_count: int
|
|
368
|
-
completed:
|
|
369
|
-
- id: string
|
|
370
|
-
end_time: timestamp
|
|
371
|
-
outcome: [findings_confirmed|no_findings|false_positive]
|
|
372
|
-
report_path: string
|
|
373
|
-
```
|
|
374
|
-
|
|
375
|
-
## Anti-Patterns
|
|
376
|
-
|
|
377
|
-
- **Don't** hunt without clear hypothesis (scattershot searching)
|
|
378
|
-
- **Don't** skip data source identification (missing coverage)
|
|
379
|
-
- **Don't** skip validation (false positive flood)
|
|
380
|
-
- **Don't** skip false positive documentation (repeating mistakes)
|
|
381
|
-
- **Don't** report without confidence level (misleads stakeholders)
|
|
382
|
-
|
|
383
|
-
## Tools
|
|
384
|
-
|
|
385
|
-
| Tool | Purpose |
|
|
386
|
-
|------|---------|
|
|
387
|
-
| `rg` (ripgrep) | Pattern search in files |
|
|
388
|
-
| `git log` | History investigation |
|
|
389
|
-
| `semgrep` | AST-based pattern matching |
|
|
390
|
-
| `grep` | Binary/encoded string search |
|
|
391
|
-
| `jq` | JSON log analysis |
|
|
392
|
-
|
|
393
|
-
## Verification
|
|
394
|
-
|
|
395
|
-
For hunting framework changes:
|
|
396
|
-
```bash
|
|
397
|
-
cd pi-crew
|
|
398
|
-
npx tsc --noEmit
|
|
399
|
-
node --experimental-strip-types --test test/unit/hunting-patterns.test.ts
|
|
400
|
-
```
|
|
401
|
-
|
|
402
|
-
*See also: `threat-hypothesis-framework` for structured hypothesis creation, `read-only-explorer` for exploration fundamentals.*
|