npm - ultimate-pi - Versions diffs - 0.1.7 → 0.2.2 - Mend

ultimate-pi 0.1.7 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (524) hide show

package/.pi/extensions/policy-gate.ts ADDED Viewed

@@ -0,0 +1,349 @@
+/**
+ * policy-gate — plan-before-mutate and phase enforcement.
+ *
+ * Pi-compatible patterns:
+ * - default extension factory
+ * - state persisted via pi.appendEntry()
+ * - enforcement via before_agent_start + tool_call hooks
+ * - command surface via pi.registerCommand()
+ */
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
+interface PolicyState {
+	phase: HarnessPhase;
+	approvedPlan: boolean;
+	planId: string | null;
+	budgetBypass: boolean;
+	aborted: boolean;
+	abortReason: string | null;
+	abortedAt: string | null;
+	updatedAt: string;
+}
+interface SessionEntryLike {
+	type?: string;
+	customType?: string;
+	data?: unknown;
+}
+const PHASE_ORDER: HarnessPhase[] = [
+	"plan",
+	"execute",
+	"evaluate",
+	"adversary",
+	"merge",
+];
+const MUTATING_TOOLS = new Set(["write", "edit"]);
+const BASH_MUTATION_PATTERNS = [
+	/\bgit\s+commit\b/i,
+	/\bgit\s+push\b/i,
+	/\bgit\s+merge\b/i,
+	/\bgit\s+rebase\b/i,
+	/\brm\s+(-rf?|--recursive)\b/i,
+	/\bmv\b/i,
+	/\bcp\b/i,
+	/\bmkdir\b/i,
+	/\bchmod\b/i,
+	/\bchown\b/i,
+	/\bsed\s+-i\b/i,
+	/\bperl\s+-i\b/i,
+];
+function nowIso(): string {
+	return new Date().toISOString();
+}
+function defaultState(): PolicyState {
+	return {
+		phase: "execute",
+		approvedPlan: true,
+		planId: null,
+		budgetBypass: false,
+		aborted: false,
+		abortReason: null,
+		abortedAt: null,
+		updatedAt: nowIso(),
+	};
+}
+function isBootstrapPrompt(prompt: string): boolean {
+	const p = prompt.toLowerCase();
+	return (
+		p.includes("/harness-setup") ||
+		p.includes("harness-setup") ||
+		p.includes("full harness bootstrap")
+	);
+}
+function inferPhase(prompt: string, current: HarnessPhase): HarnessPhase {
+	const p = prompt.toLowerCase();
+	if (
+		p.includes("/harness-plan") ||
+		p.includes("harness-plan") ||
+		p.includes("/harness-auto") ||
+		p.includes("harness-auto")
+	)
+		return "plan";
+	if (p.includes("/harness-run") || p.includes("harness-run")) return "execute";
+	if (p.includes("/harness-eval") || p.includes("harness-eval"))
+		return "evaluate";
+	if (p.includes("/harness-review") || p.includes("harness-review"))
+		return "evaluate";
+	if (p.includes("/harness-critic") || p.includes("harness-critic"))
+		return "adversary";
+	if (p.includes("adversary")) return "adversary";
+	if (p.includes("merge gate") || p.includes("policy decision")) return "merge";
+	return "execute";
+}
+function hasApprovedPlanSignal(prompt: string): boolean {
+	const p = prompt.toLowerCase();
+	return (
+		p.includes("planpacket") ||
+		p.includes("--plan") ||
+		p.includes("approved plan") ||
+		p.includes("plan_id")
+	);
+}
+function hasAbortSignal(prompt: string): boolean {
+	const p = prompt.toLowerCase();
+	return p.includes("/harness-abort") || p.includes("harness-abort");
+}
+function isValidTransition(from: HarnessPhase, to: HarnessPhase): boolean {
+	if (from === to) return true;
+	if (to === "plan") return true;
+	if (to === "execute") return true;
+	const fromIndex = PHASE_ORDER.indexOf(from);
+	const toIndex = PHASE_ORDER.indexOf(to);
+	return toIndex === fromIndex + 1;
+}
+function isMutatingBash(command: string): boolean {
+	return BASH_MUTATION_PATTERNS.some((pattern) => pattern.test(command));
+}
+function getLatestPolicyState(ctx: {
+	sessionManager: { getEntries(): unknown[] };
+}): PolicyState {
+	const entries = ctx.sessionManager.getEntries() as SessionEntryLike[];
+	for (let i = entries.length - 1; i >= 0; i--) {
+		const entry = entries[i];
+		if (
+			entry.type !== "custom" ||
+			entry.customType !== "harness-policy-state"
+		) {
+			continue;
+		}
+		const candidate = entry.data as Partial<PolicyState> | undefined;
+		if (
+			candidate &&
+			typeof candidate.phase === "string" &&
+			PHASE_ORDER.includes(candidate.phase as HarnessPhase)
+		) {
+			return {
+				phase: candidate.phase as HarnessPhase,
+				approvedPlan: Boolean(candidate.approvedPlan),
+				planId: typeof candidate.planId === "string" ? candidate.planId : null,
+				budgetBypass: Boolean(candidate.budgetBypass),
+				aborted: Boolean(candidate.aborted),
+				abortReason:
+					typeof candidate.abortReason === "string"
+						? candidate.abortReason
+						: null,
+				abortedAt:
+					typeof candidate.abortedAt === "string" ? candidate.abortedAt : null,
+				updatedAt:
+					typeof candidate.updatedAt === "string"
+						? candidate.updatedAt
+						: nowIso(),
+			};
+		}
+	}
+	return defaultState();
+}
+export default function policyGate(pi: ExtensionAPI) {
+	let state = defaultState();
+	pi.on("session_start", async (_event, ctx) => {
+		state = getLatestPolicyState(ctx);
+	});
+	pi.on("before_agent_start", async (event) => {
+		const bootstrapPrompt = isBootstrapPrompt(event.prompt);
+		const abortSignal = hasAbortSignal(event.prompt);
+		if (abortSignal) {
+			state.phase = "plan";
+			state.approvedPlan = false;
+			state.planId = null;
+			state.budgetBypass = false;
+			state.aborted = true;
+			state.abortReason = "harness-abort command";
+			state.abortedAt = nowIso();
+			state.updatedAt = state.abortedAt;
+			pi.appendEntry("harness-policy-state", state);
+			return {
+				message: {
+					customType: "harness-policy-aborted",
+					display: true,
+					content: [
+						"Harness run aborted safely.",
+						"Mutating tools are now blocked until a new approved plan is attached.",
+						'Next step: /harness-plan "<task>"',
+					].join("\n"),
+				},
+				systemPrompt: `${event.systemPrompt}\n\n[PolicyGate]\nAbort lock active. Mutating tools must remain blocked until a new approved plan is attached.`,
+			};
+		}
+		const nextPhase = inferPhase(event.prompt, state.phase);
+		const planSignal = hasApprovedPlanSignal(event.prompt);
+		if (!isValidTransition(state.phase, nextPhase)) {
+			return {
+				message: {
+					customType: "harness-policy-violation",
+					display: true,
+					content: [
+						`Policy gate blocked invalid phase transition: ${state.phase} -> ${nextPhase}.`,
+						"Run /harness-plan first or continue in the current phase.",
+					].join("\n"),
+				},
+			};
+		}
+		if (nextPhase === "plan") {
+			state.approvedPlan = false;
+			state.planId = null;
+		}
+		if (nextPhase === "execute" && !state.approvedPlan && !planSignal) {
+			// Softened enforcement: flow mode defaults to execute without hard plan requirement.
+			state.approvedPlan = true;
+		}
+		if (planSignal) {
+			state.approvedPlan = true;
+			const planMatch = event.prompt.match(
+				/plan[_-]?id["'\s:=]+([A-Za-z0-9._:-]+)/i,
+			);
+			state.planId = planMatch?.[1] ?? state.planId;
+			state.aborted = false;
+			state.abortReason = null;
+			state.abortedAt = null;
+		}
+		state.budgetBypass = bootstrapPrompt;
+		state.phase = nextPhase;
+		state.updatedAt = nowIso();
+		pi.appendEntry("harness-policy-state", state);
+		return {
+			systemPrompt: `${event.systemPrompt}\n\n[PolicyGate]\nPhase=${state.phase}; ApprovedPlan=${state.approvedPlan}; PlanId=${state.planId ?? "none"}; Aborted=${state.aborted}.`,
+		};
+	});
+	pi.on("tool_call", async (event) => {
+		if (state.aborted && MUTATING_TOOLS.has(event.toolName)) {
+			return {
+				block: true,
+				reason:
+					"policy-gate: mutating tool blocked because harness-abort lock is active. Attach a new approved plan first.",
+			};
+		}
+		if (MUTATING_TOOLS.has(event.toolName)) {
+			if (state.phase !== "execute") {
+				return {
+					block: true,
+					reason: `policy-gate: ${event.toolName} blocked in phase '${state.phase}'. Allowed only in execute phase.`,
+				};
+			}
+		}
+		if (event.toolName === "bash") {
+			const command = String(event.input.command ?? "");
+			if (!isMutatingBash(command)) return undefined;
+			if (state.aborted) {
+				return {
+					block: true,
+					reason:
+						"policy-gate: mutating bash command blocked because harness-abort lock is active. Attach a new approved plan first.",
+				};
+			}
+			if (state.phase !== "execute") {
+				return {
+					block: true,
+					reason: `policy-gate: mutating bash command blocked in phase '${state.phase}'.`,
+				};
+			}
+		}
+		return undefined;
+	});
+	pi.registerCommand("harness-abort", {
+		description: "Safely abort current harness run and reset to plan phase",
+		handler: async (args, ctx) => {
+			const reason = args.trim();
+			state.phase = "plan";
+			state.approvedPlan = false;
+			state.planId = null;
+			state.budgetBypass = false;
+			state.aborted = true;
+			state.abortReason = reason.length > 0 ? reason : "manual abort";
+			state.abortedAt = nowIso();
+			state.updatedAt = state.abortedAt;
+			pi.appendEntry("harness-policy-state", state);
+			const lines = [
+				"Harness run aborted safely.",
+				"  phase: plan",
+				"  approvedPlan: false",
+				`  abortReason: ${state.abortReason}`,
+				`  abortedAt: ${state.abortedAt}`,
+				"Mutating tools are now blocked until a new approved plan is attached.",
+				'Next command: /harness-plan "<task>"',
+			];
+			if (ctx.hasUI) {
+				ctx.ui.notify(lines.join("\n"), "warning");
+				return;
+			}
+			pi.sendMessage({
+				customType: "harness-policy-aborted",
+				content: lines.join("\n"),
+				display: true,
+			});
+		},
+	});
+	pi.registerCommand("harness-policy-status", {
+		description: "Show current harness policy gate state",
+		handler: async (_args, ctx) => {
+			const latest = getLatestPolicyState(ctx);
+			const lines = [
+				"Harness policy gate:",
+				`  phase: ${latest.phase}`,
+				`  approvedPlan: ${latest.approvedPlan}`,
+				`  planId: ${latest.planId ?? "(none)"}`,
+				`  aborted: ${latest.aborted}`,
+				`  abortReason: ${latest.abortReason ?? "(none)"}`,
+				`  abortedAt: ${latest.abortedAt ?? "(none)"}`,
+				`  updatedAt: ${latest.updatedAt}`,
+			];
+			if (ctx.hasUI) {
+				ctx.ui.notify(lines.join("\n"), "info");
+				return;
+			}
+			pi.sendMessage({
+				customType: "harness-policy-status",
+				content: lines.join("\n"),
+				display: true,
+			});
+		},
+	});
+}

package/.pi/extensions/review-integrity.ts ADDED Viewed

@@ -0,0 +1,198 @@
+/**
+ * review-integrity — enforce evaluator/adversary isolation from executor session.
+ *
+ * If review phases (`evaluate`/`adversary`) run in the same session as execution,
+ * tool calls are blocked until the review is isolated (fork/switch session).
+ */
+import { appendFile, mkdir } from "node:fs/promises";
+import { join } from "node:path";
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
+const INCIDENTS_DIR = join(process.cwd(), ".pi", "harness", "incidents");
+const INCIDENT_FILE = join(INCIDENTS_DIR, "review-integrity.jsonl");
+interface IsolationState {
+	executorSessionId: string | null;
+	violationActive: boolean;
+	updatedAt: string;
+}
+interface SessionEntryLike {
+	type?: string;
+	customType?: string;
+	data?: {
+		phase?: HarnessPhase;
+		executorSessionId?: string;
+		violationActive?: boolean;
+		updatedAt?: string;
+	};
+}
+function nowIso(): string {
+	return new Date().toISOString();
+}
+function getPhase(ctx: {
+	sessionManager: { getEntries(): unknown[] };
+}): HarnessPhase {
+	const entries = ctx.sessionManager.getEntries() as SessionEntryLike[];
+	for (let i = entries.length - 1; i >= 0; i--) {
+		const entry = entries[i];
+		if (
+			entry.type === "custom" &&
+			entry.customType === "harness-policy-state"
+		) {
+			const phase = entry.data?.phase;
+			if (
+				phase === "plan" ||
+				phase === "execute" ||
+				phase === "evaluate" ||
+				phase === "adversary" ||
+				phase === "merge"
+			) {
+				return phase;
+			}
+		}
+	}
+	return "plan";
+}
+function restoreState(ctx: {
+	sessionManager: { getEntries(): unknown[] };
+}): IsolationState {
+	const entries = ctx.sessionManager.getEntries() as SessionEntryLike[];
+	for (let i = entries.length - 1; i >= 0; i--) {
+		const entry = entries[i];
+		if (
+			entry.type !== "custom" ||
+			entry.customType !== "harness-review-integrity"
+		)
+			continue;
+		const data = entry.data as Partial<IsolationState> | undefined;
+		return {
+			executorSessionId:
+				typeof data?.executorSessionId === "string"
+					? data.executorSessionId
+					: null,
+			violationActive: Boolean(data?.violationActive),
+			updatedAt:
+				typeof data?.updatedAt === "string" ? data.updatedAt : nowIso(),
+		};
+	}
+	return {
+		executorSessionId: null,
+		violationActive: false,
+		updatedAt: nowIso(),
+	};
+}
+async function appendIncident(payload: Record<string, unknown>): Promise<void> {
+	await mkdir(INCIDENTS_DIR, { recursive: true });
+	await appendFile(
+		INCIDENT_FILE,
+		`${JSON.stringify({ timestamp: nowIso(), ...payload })}\n`,
+		"utf-8",
+	);
+}
+export default function reviewIntegrity(pi: ExtensionAPI) {
+	let state: IsolationState = {
+		executorSessionId: null,
+		violationActive: false,
+		updatedAt: nowIso(),
+	};
+	pi.on("session_start", async (_event, ctx) => {
+		state = restoreState(ctx);
+	});
+	pi.on("agent_end", async (_event, ctx) => {
+		const phase = getPhase(ctx);
+		if (phase !== "execute") return;
+		state.executorSessionId = ctx.sessionManager.getSessionId();
+		state.violationActive = false;
+		state.updatedAt = nowIso();
+		pi.appendEntry("harness-review-integrity", state);
+	});
+	pi.on("before_agent_start", async (_event, ctx) => {
+		const phase = getPhase(ctx);
+		const currentSessionId = ctx.sessionManager.getSessionId();
+		const inReview = phase === "evaluate" || phase === "adversary";
+		if (!inReview) {
+			state.violationActive = false;
+			state.updatedAt = nowIso();
+			pi.appendEntry("harness-review-integrity", state);
+			return undefined;
+		}
+		if (
+			!state.executorSessionId ||
+			state.executorSessionId !== currentSessionId
+		) {
+			state.violationActive = false;
+			state.updatedAt = nowIso();
+			pi.appendEntry("harness-review-integrity", state);
+			return undefined;
+		}
+		state.violationActive = true;
+		state.updatedAt = nowIso();
+		pi.appendEntry("harness-review-integrity", state);
+		await appendIncident({
+			type: "review_integrity_violation",
+			session_id: currentSessionId,
+			phase,
+			reason:
+				"evaluator/adversary session is not isolated from executor session",
+			mitigation:
+				"fork or switch to a clean review session before running review tools",
+		});
+		return {
+			message: {
+				customType: "harness-review-integrity-block",
+				display: true,
+				content: [
+					"Review integrity violation: evaluator/adversary is sharing executor session context.",
+					"Fork/switch session, then rerun review to maintain independent evaluation guarantees.",
+				].join("\n"),
+			},
+		};
+	});
+	pi.on("tool_call", async (_event) => {
+		if (!state.violationActive) return undefined;
+		return {
+			block: true,
+			reason:
+				"review-integrity: tool call blocked because review session is not isolated from executor context.",
+		};
+	});
+	pi.registerCommand("harness-review-integrity-status", {
+		description: "Show current review-integrity isolation state",
+		handler: async (_args, ctx) => {
+			const latest = restoreState(ctx);
+			const lines = [
+				"Review integrity status:",
+				`  executorSessionId: ${latest.executorSessionId ?? "(none)"}`,
+				`  violationActive: ${latest.violationActive}`,
+				`  updatedAt: ${latest.updatedAt}`,
+			];
+			if (ctx.hasUI) {
+				ctx.ui.notify(lines.join("\n"), "info");
+				return;
+			}
+			pi.sendMessage({
+				customType: "harness-review-integrity-status",
+				content: lines.join("\n"),
+				display: true,
+			});
+		},
+	});
+}