prjct-cli 2.23.4 → 2.23.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prjct-cli",
-  "version": "2.23.4",
+  "version": "2.23.5",
   "description": "Context layer for AI agents. Project context for Claude Code, Gemini CLI, and more.",
   "main": "dist/bin/prjct.mjs",
   "bin": {

package/templates/crew/agents/implementer.md

@@ -2,6 +2,7 @@
 name: implementer
 description: Worker. Implements exactly ONE prjct task end-to-end. Writes code, writes tests, self-verifies. Never approves its own work.
 tools: Read, Write, Edit, Glob, Grep, Bash
+model: opus
 ---
 
 # Implementer

package/templates/crew/agents/leader.md

@@ -2,6 +2,7 @@
 name: leader
 description: Orchestrator. Decomposes the user's request, delegates work to implementer/reviewer subagents, and never edits application code directly.
 tools: Read, Glob, Grep, Bash, Agent
+model: haiku
 ---
 
 # Leader (Orchestrator)
@@ -32,6 +33,20 @@ When you launch a subagent, instruct it to reply with a **one-screen summary**
 
 Subagents must not write reports to disk. Persistence on this project goes through `prjct` CLI verbs only — SQLite + the regenerated vault are the only allowed surfaces.
 
+## Model policy when dispatching (perf — non-negotiable)
+
+You run on a small model on purpose: you orchestrate, you do not implement. Apply the same discipline to what you dispatch — a subagent inherits your model unless its definition or your Agent call sets one:
+
+- `implementer` → `model: "opus"` (it writes code; the only role that gets max).
+- `reviewer` → `model: "sonnet"` (judgment, not implementation).
+- `Explore` / any read-only investigation subagent you spawn → set `model: "haiku"` in the Agent call — they route information, they don't write code.
+
+`implementer` and `reviewer` already pin their model in their own definitions; you must set it explicitly for `Explore` and any ad-hoc subagent. Never let a non-implementer subagent run on the max model — that is what made tasks crawl.
+
+## Point, don't carry — nothing leaves prjct (MUST)
+
+The plan, the task, and the memory live in prjct (SQLite + regenerated vault) — never in your dispatch prompt, never in a scratch file. When you delegate, your prompt NAMES where the work lives and the subagent reads it itself in its own window: `prjct context --md` (task + recent decisions), `prjct status --md` (active task), `prjct spec show <id> --md` (the plan), `prjct context memory <topic>` (memory). Do not paste task/plan/memory content into the subagent prompt — pass the command. Subagents persist back only through `prjct` verbs. No plan, memory, or task may exist outside prjct.
+
 Example correct prompt to a subagent:
 
 > "Investigate how `notes.py` serializes IDs. Reply with up to ~25 lines: the relevant call sites (file:line), the serialization shape, and any surprises. If the answer is bigger, capture details with `prjct remember learning '<summary>'` and reply with the mem id + headline."

package/templates/crew/agents/reviewer.md

@@ -2,6 +2,7 @@
 name: reviewer
 description: Strict reviewer. Approves or rejects an implementer's work against the project checkpoints and conventions. Never edits code.
 tools: Read, Glob, Grep, Bash
+model: sonnet
 ---
 
 # Reviewer

package/templates/skills/prjct/SKILL.md

@@ -271,15 +271,25 @@ Six named workflows for shipping quality. Each has an explicit methodology, mode
 
 Workflows that read many files (`review`, `security`, `investigate`, `audit`) MUST dispatch the read-and-analyze step as a subagent via the Agent tool with `subagent_type: "general-purpose"`. The subagent runs in a fresh context window and returns only the conclusion — the parent does not accumulate intermediate file reads. Without this, the parent's context fills with diffs, source files, and memory excerpts, leaving little budget for the user's actual conversation.
 
+**Model policy (perf — non-negotiable).** A subagent inherits the parent's model + effort UNLESS you set `model:` in the Agent call. Orchestrators and reviewers do NOT implement — running them on the parent's max model is exactly why a single task used to crawl through every agent. Set the model explicitly on every dispatch:
+
+- **Implementer** (the agent that writes code) → `model: "opus"`, full effort. ONLY this role gets max.
+- **Reviewers / judgment** (`review`, `security`, `investigate`, and the three `audit-spec` reviewers) → `model: "sonnet"`. Strong reasoning, ~no quality loss for judging a diff, far faster than Opus-max.
+- **Pure orchestration / routing** (crew leader, any fan-out step that only routes) → `model: "haiku"`.
+
+In every non-implementer subagent prompt, add one line: "Apply decent, not exhaustive, effort — you are reviewing/orchestrating: return the verdict, do not over-deliberate." Effort is prompt guidance (the Agent tool has no effort param); `model:` is the concrete lever — never omit it for a non-implementer.
+
 Dispatch pattern:
 
-1. Parent collects diff scope (`git diff <base>...HEAD --name-only`) and relevant memory (`prjct context memory <topic>`).
-2. Parent calls the Agent tool with: `{ description: "<workflow> on <scope>", subagent_type: "general-purpose", prompt: <methodology + diff scope + memory excerpts + output schema> }`.
+1. Parent collects diff scope (`git diff <base>...HEAD --name-only` — git, not prjct state) and identifies the memory TOPIC the subagent should pull (it does not pull it itself).
+2. Parent calls the Agent tool with: `{ description: "<workflow> on <scope>", subagent_type: "general-purpose", model: "sonnet" (per the model policy above — never omit it for a review subagent), prompt: <methodology + diff scope + the prjct COMMANDS the subagent runs to read plan/memory (`prjct context --md`, `prjct context memory <topic>`, `prjct spec show <id> --md`) + output schema> }`. The prompt names WHERE the plan/memory lives; it never carries the content.
 3. Subagent reads files, applies methodology, returns structured findings keyed by `file:line` with severity + fix recommendation.
 4. Parent persists each finding via `prjct remember` and surfaces a ranked summary to the user. Never echo subagent intermediate output.
 
 Skip the subagent only for: diffs under 5 files, conversational follow-ups on a previous finding, or when the parent already has the relevant files in context.
 
+**Nothing leaves prjct — point, don't carry (MUST).** No plan, no memory, no task is ever duplicated outside prjct's SQLite + regenerated vault — not into a dispatch prompt, not into a scratch file, not anywhere. A subagent's value is its FRESH window: do not pre-fill it. The dispatch prompt NAMES the location (`prjct spec show <id> --md` for the plan, `prjct context memory <topic>` for memory, `prjct context --md` for task state) and the subagent pulls it itself, in its own window. Pass changed git hunks (not whole files) and file PATHS + the Read tool — never pasted source, never pasted spec/memory. Everything a subagent produces persists back through `prjct remember` / `prjct capture`. No scratch `.md`, no report files, nothing written outside prjct, ever.
+
 ### Decision-brief format — AskUserQuestion
 
 When asking the user a non-trivial decision (architectural choice, destructive action, scope ambiguity, anything ship-and-regret), structure the question as a decision brief:
@@ -389,11 +399,11 @@ Use when: user asks for a full quality audit, a "ship-ready check", "review ever
 
 Methodology (orchestrator — dispatches the heavy work):
 1. Collect diff scope: `git diff <base>...HEAD --name-only --stat`. If diff is empty, abort with "Nothing to audit on this branch."
-2. Dispatch THREE subagents IN PARALLEL via the Agent tool — one tool-use block per subagent, all in the SAME message so they actually run concurrently:
+2. Dispatch THREE subagents IN PARALLEL via the Agent tool — one tool-use block per subagent, all in the SAME message so they actually run concurrently. Set `model: "sonnet"` on each (review/security/investigate are judgment roles — per the model policy, never the parent's max model) and tell each to apply decent, not exhaustive, effort:
    - Subagent A — `review` methodology against the diff (Production Bug Hunt + Completeness Gate).
    - Subagent B — `security` methodology against the diff (OWASP Top 10 + STRIDE, 8/10+ findings only).
    - Subagent C — `investigate` methodology, ONLY if the user mentioned a specific bug, recent failure, or anomaly. Skip otherwise.
-3. Each subagent receives: methodology spec, diff scope, relevant memory excerpts (`prjct context memory <topic> --tags severity:high`), and the structured output schema (`severity | file:line | issue | fix`).
+3. Each subagent receives: methodology spec, diff scope (changed git hunks, not whole files), the prjct COMMAND to pull memory itself (`prjct context memory <topic> --tags severity:high` — not pre-pasted excerpts), and the structured output schema (`severity | file:line | issue | fix`). Hand it paths + the Read tool — never paste source or memory into the prompt.
 4. Parent merges the three reports, dedupes findings (same file:line + same root cause = one entry, take highest severity), and ranks by severity × blast-radius.
 5. Surface the ranked list. For high-severity items that touch shared infra (`risk-areas/` cross-reference), use the decision-brief format before any auto-fix.
 6. Persist: each finding → `prjct remember gotcha` with `--tags workflow:audit,subagent:<a|b|c>,severity:<level>`.
@@ -403,6 +413,7 @@ Stop conditions: any subagent reports a "blocking" finding (severity=high AND ex
 Anti-patterns:
 - Running review/security/investigate sequentially instead of as parallel subagents (3× the wall time, 3× the parent context cost).
 - Letting the parent read every file the subagents read (defeats the entire context-rot defense).
+- Dispatching a reviewer/orchestrator subagent without `model:` set — it silently inherits the parent's max model and the whole fan-out crawls.
 - Auto-fixing security findings without the decision-brief gate.
 
 ### Outputs convention