ultimate-pi 0.17.0 → 0.18.1

package/.pi/lib/harness-context-mode-policy.ts

@@ -0,0 +1,256 @@
+/**
+ * Harness policy for context-mode execute tools (ctx_execute, ctx_batch_execute,
+ * ctx_execute_file). Mirrors bash/write phase rules so agents cannot bypass
+ * policy-gate via the MCP sandbox.
+ */
+
+import type { HarnessPhase } from "./harness-run-context.js";
+
+/** Union of policy-gate and harness-subagent bash mutation patterns. */
+export const BASH_MUTATION_PATTERNS: RegExp[] = [
+	/\bgit\s+(add|commit|push|merge|rebase|reset|checkout|cherry-pick|apply)\b/i,
+	/\brm\s+(-rf?|--recursive|-)/i,
+	/\bmv\b/i,
+	/\bcp\b/i,
+	/\bmkdir\b/i,
+	/\btouch\b/i,
+	/\btee\b/i,
+	/\bchmod\b/i,
+	/\bchown\b/i,
+	/\bsed\s+-i\b/i,
+	/\bperl\s+-i\b/i,
+	/\bnpm\s+(install|uninstall|ci)\b/i,
+	/\bpnpm\s+(add|install|remove)\b/i,
+	/\byarn\s+(add|install|remove)\b/i,
+];
+
+const CONTEXT_MODE_MUTATION_TOOLS = new Set([
+	"ctx_execute",
+	"ctx_batch_execute",
+	"ctx_execute_file",
+]);
+
+const JS_TS_FS_MUTATION_PATTERNS: RegExp[] = [
+	/\bwriteFile(?:Sync)?\s*\(/,
+	/\bappendFile(?:Sync)?\s*\(/,
+	/\bunlink(?:Sync)?\s*\(/,
+	/\brename(?:Sync)?\s*\(/,
+	/\bcopyFile(?:Sync)?\s*\(/,
+	/\bmkdir(?:Sync)?\s*\(/,
+	/\brm(?:Sync)?\s*\(/,
+	/\brmdir(?:Sync)?\s*\(/,
+	/\btruncate(?:Sync)?\s*\(/,
+	/\bcreateWriteStream\s*\(/,
+];
+
+const JS_TS_SHELL_ESCAPE_PATTERNS: RegExp[] = [
+	/\bexec(?:Sync)?\s*\(\s*[`'"]([^`'"]*)[`'"]/g,
+	/\bspawn(?:Sync)?\s*\(\s*[`'"]([^`'"]*)[`'"]/g,
+];
+
+const PYTHON_SHELL_ESCAPE_PATTERNS: RegExp[] = [
+	/\bos\.system\s*\(\s*['"]([^'"]*)['"]\s*\)/g,
+	/\bsubprocess\.(?:run|call|Popen)\s*\(\s*['"]([^'"]*)['"]/g,
+];
+
+export function normalizeContextModeToolName(toolName: string): string | null {
+	const raw = toolName.trim();
+	if (CONTEXT_MODE_MUTATION_TOOLS.has(raw)) return raw;
+	const prefixed = raw.replace(/^context_mode_/, "");
+	if (CONTEXT_MODE_MUTATION_TOOLS.has(prefixed)) return prefixed;
+	return null;
+}
+
+export function isMutatingBash(command: string): boolean {
+	return BASH_MUTATION_PATTERNS.some((pattern) => pattern.test(command));
+}
+
+/** Split shell on &&, ||, ;, | while respecting quotes (mirrors context-mode security). */
+export function splitChainedCommands(command: string): string[] {
+	const parts: string[] = [];
+	let current = "";
+	let inSingle = false;
+	let inDouble = false;
+	let inBacktick = false;
+
+	for (let i = 0; i < command.length; i++) {
+		const ch = command[i];
+		const prev = i > 0 ? command[i - 1] : "";
+
+		if (ch === "'" && !inDouble && !inBacktick && prev !== "\\") {
+			inSingle = !inSingle;
+			current += ch;
+		} else if (ch === '"' && !inSingle && !inBacktick && prev !== "\\") {
+			inDouble = !inDouble;
+			current += ch;
+		} else if (ch === "`" && !inSingle && !inDouble && prev !== "\\") {
+			inBacktick = !inBacktick;
+			current += ch;
+		} else if (!inSingle && !inDouble && !inBacktick) {
+			if (ch === ";") {
+				parts.push(current.trim());
+				current = "";
+			} else if (ch === "|" && command[i + 1] === "|") {
+				parts.push(current.trim());
+				current = "";
+				i++;
+			} else if (ch === "&" && command[i + 1] === "&") {
+				parts.push(current.trim());
+				current = "";
+				i++;
+			} else if (ch === "|") {
+				parts.push(current.trim());
+				current = "";
+			} else {
+				current += ch;
+			}
+		} else {
+			current += ch;
+		}
+	}
+
+	if (current.trim()) parts.push(current.trim());
+	return parts.length > 0 ? parts : [command.trim()];
+}
+
+export function isMutatingShellScript(script: string): boolean {
+	return splitChainedCommands(script).some((segment) =>
+		isMutatingBash(segment),
+	);
+}
+
+function extractRegexCommands(code: string, patterns: RegExp[]): string[] {
+	const commands: string[] = [];
+	for (const pattern of patterns) {
+		pattern.lastIndex = 0;
+		let match = pattern.exec(code);
+		while (match !== null) {
+			const cmd = match[match.length - 1];
+			if (cmd) commands.push(cmd);
+			match = pattern.exec(code);
+		}
+	}
+	return commands;
+}
+
+export function hasJsTsFsMutation(code: string): boolean {
+	return JS_TS_FS_MUTATION_PATTERNS.some((pattern) => pattern.test(code));
+}
+
+function hasEmbeddedMutatingShell(code: string, language: string): boolean {
+	const lang = language.toLowerCase();
+	if (lang === "javascript" || lang === "typescript") {
+		const cmds = extractRegexCommands(code, JS_TS_SHELL_ESCAPE_PATTERNS);
+		return cmds.some((cmd) => isMutatingShellScript(cmd));
+	}
+	if (lang === "python") {
+		const cmds = extractRegexCommands(code, PYTHON_SHELL_ESCAPE_PATTERNS);
+		return cmds.some((cmd) => isMutatingShellScript(cmd));
+	}
+	return false;
+}
+
+function codeLooksMutating(language: string, code: string): boolean {
+	const lang = language.toLowerCase();
+	if (lang === "shell") {
+		return isMutatingShellScript(code);
+	}
+	if (lang === "javascript" || lang === "typescript") {
+		return hasJsTsFsMutation(code) || hasEmbeddedMutatingShell(code, lang);
+	}
+	if (lang === "python") {
+		return hasEmbeddedMutatingShell(code, lang);
+	}
+	return hasEmbeddedMutatingShell(code, lang);
+}
+
+function ctxExecuteLooksMutating(input: Record<string, unknown>): boolean {
+	const language = String(input.language ?? "javascript");
+	const code = String(input.code ?? "");
+	if (!code.trim()) return false;
+	return codeLooksMutating(language, code);
+}
+
+function ctxBatchExecuteLooksMutating(input: Record<string, unknown>): boolean {
+	const commands = input.commands;
+	if (!Array.isArray(commands)) return false;
+	for (const entry of commands) {
+		if (typeof entry === "string" && isMutatingShellScript(entry)) return true;
+		if (entry && typeof entry === "object") {
+			const cmd = String((entry as { command?: string }).command ?? "");
+			if (cmd && isMutatingShellScript(cmd)) return true;
+		}
+	}
+	return false;
+}
+
+function ctxExecuteFileLooksMutating(input: Record<string, unknown>): boolean {
+	const language = String(input.language ?? "javascript");
+	const code = String(input.code ?? "");
+	if (!code.trim()) return false;
+	return codeLooksMutating(language, code);
+}
+
+export function contextModeInputLooksMutating(
+	canonicalTool: string,
+	input: Record<string, unknown>,
+): boolean {
+	switch (canonicalTool) {
+		case "ctx_execute":
+			return ctxExecuteLooksMutating(input);
+		case "ctx_batch_execute":
+			return ctxBatchExecuteLooksMutating(input);
+		case "ctx_execute_file":
+			return ctxExecuteFileLooksMutating(input);
+		default:
+			return false;
+	}
+}
+
+export type ContextModePolicyDecision =
+	| { blocked: false }
+	| { blocked: true; reason: string };
+
+export function evaluateContextModeMutation(
+	toolName: string,
+	input: Record<string, unknown>,
+	phase: HarnessPhase,
+	opts: {
+		aborted: boolean;
+		budgetBypass?: boolean;
+		readOnlyAgent?: boolean;
+	},
+): ContextModePolicyDecision {
+	const canonical = normalizeContextModeToolName(toolName);
+	if (!canonical) return { blocked: false };
+
+	if (opts.budgetBypass) return { blocked: false };
+
+	if (!contextModeInputLooksMutating(canonical, input)) {
+		return { blocked: false };
+	}
+
+	if (opts.aborted) {
+		return {
+			blocked: true,
+			reason:
+				"policy-gate: context-mode execute tool blocked because harness-abort lock is active. Attach a new approved plan first.",
+		};
+	}
+
+	if (opts.readOnlyAgent) {
+		return {
+			blocked: true,
+			reason: `policy-gate: ${canonical} mutating call blocked for read-only harness agent.`,
+		};
+	}
+
+	if (phase === "execute" || phase === "merge") {
+		return { blocked: false };
+	}
+
+	return {
+		blocked: true,
+		reason: `policy-gate: ${canonical} mutating call blocked in phase '${phase}'.`,
+	};
+}

package/.pi/lib/harness-project-config.ts

@@ -0,0 +1,91 @@
+/**
+ * Per-project harness enable/disable — `.pi/harness/project.json`.
+ * Default: enabled when the file is missing (backward compatible).
+ */
+
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+
+export const HARNESS_PROJECT_CONFIG_BASENAME = "project.json";
+
+export interface HarnessProjectConfig {
+	schema_version: "1.0.0";
+	enabled: boolean;
+	updated_at?: string;
+}
+
+export function harnessProjectConfigPath(projectRoot: string): string {
+	return join(projectRoot, ".pi", "harness", HARNESS_PROJECT_CONFIG_BASENAME);
+}
+
+function envOverrideEnabled(): boolean | null {
+	const raw = process.env.HARNESS_ENABLED?.trim().toLowerCase();
+	if (!raw) return null;
+	if (raw === "0" || raw === "false" || raw === "no") return false;
+	if (raw === "1" || raw === "true" || raw === "yes") return true;
+	return null;
+}
+
+export function readHarnessProjectConfig(
+	projectRoot: string = process.cwd(),
+): HarnessProjectConfig {
+	const fromEnv = envOverrideEnabled();
+	if (fromEnv !== null) {
+		return { schema_version: "1.0.0", enabled: fromEnv };
+	}
+
+	const path = harnessProjectConfigPath(projectRoot);
+	if (!existsSync(path)) {
+		return { schema_version: "1.0.0", enabled: true };
+	}
+
+	try {
+		const raw = JSON.parse(
+			readFileSync(path, "utf8"),
+		) as Partial<HarnessProjectConfig>;
+		if (typeof raw.enabled === "boolean") {
+			return {
+				schema_version: "1.0.0",
+				enabled: raw.enabled,
+				updated_at: raw.updated_at,
+			};
+		}
+	} catch {
+		// corrupt file — treat as enabled so operators are not locked out
+	}
+
+	return { schema_version: "1.0.0", enabled: true };
+}
+
+export function isHarnessProjectEnabled(projectRoot?: string): boolean {
+	return readHarnessProjectConfig(projectRoot ?? process.cwd()).enabled;
+}
+
+export function writeHarnessProjectEnabled(
+	projectRoot: string,
+	enabled: boolean,
+): HarnessProjectConfig {
+	const path = harnessProjectConfigPath(projectRoot);
+	mkdirSync(dirname(path), { recursive: true });
+	const config: HarnessProjectConfig = {
+		schema_version: "1.0.0",
+		enabled,
+		updated_at: new Date().toISOString(),
+	};
+	writeFileSync(path, `${JSON.stringify(config, null, "\t")}\n`, "utf8");
+	return config;
+}
+
+/** Slash commands that stay available while governance is disabled. */
+export const HARNESS_ALWAYS_ALLOWED_COMMANDS = new Set([
+	"harness-enable",
+	"harness-disable",
+	"harness-enabled-status",
+	"harness-setup",
+]);
+
+export function isHarnessWorkflowCommand(command: string): boolean {
+	if (!command.startsWith("harness-")) return false;
+	if (HARNESS_ALWAYS_ALLOWED_COMMANDS.has(command)) return false;
+	return true;
+}

package/.pi/lib/harness-repair-brief.ts

@@ -0,0 +1,145 @@
+/**
+ * Build repair-brief.yaml from on-disk review artifacts (path-first, ADR 0043/0044).
+ */
+
+import { join } from "node:path";
+import { harnessRunsRoot } from "./harness-run-context.js";
+import { readYamlFile } from "./harness-yaml.js";
+
+const REPAIR_BRIEF_SCHEMA = "1.0.0";
+
+function asRecord(v: unknown): Record<string, unknown> | null {
+	return v && typeof v === "object" && !Array.isArray(v)
+		? (v as Record<string, unknown>)
+		: null;
+}
+
+function stringList(v: unknown): string[] {
+	if (!Array.isArray(v)) return [];
+	return v.map((x) => (typeof x === "string" ? x.trim() : "")).filter(Boolean);
+}
+
+async function readArtifactYaml(
+	runRoot: string,
+	rel: string,
+	label: string,
+): Promise<Record<string, unknown> | null> {
+	const trimmed = rel.replace(/\\/g, "/").replace(/^\.\//, "");
+	try {
+		return asRecord(await readYamlFile(join(runRoot, trimmed), label));
+	} catch {
+		return null;
+	}
+}
+
+export interface SynthesizeRepairBriefInput {
+	runId: string;
+	projectRoot: string;
+	steerAttempt: number;
+	reviewOutcomePath?: string;
+	evalVerdictPath?: string;
+	adversaryReportPath?: string;
+	planPacketPath?: string;
+}
+
+export async function synthesizeRepairBrief(
+	input: SynthesizeRepairBriefInput,
+): Promise<Record<string, unknown>> {
+	const runRoot = join(harnessRunsRoot(input.projectRoot), input.runId);
+	const review = await readArtifactYaml(
+		runRoot,
+		input.reviewOutcomePath ?? "artifacts/review-outcome.yaml",
+		"review-outcome",
+	);
+	const evalDoc = await readArtifactYaml(
+		runRoot,
+		input.evalVerdictPath ?? "artifacts/eval-verdict.yaml",
+		"eval-verdict",
+	);
+	const adversary = await readArtifactYaml(
+		runRoot,
+		input.adversaryReportPath ?? "artifacts/adversary-report.yaml",
+		"adversary-report",
+	);
+	const planRel =
+		input.planPacketPath?.replace(/\\/g, "/") ?? "plan-packet.yaml";
+	const plan = await readArtifactYaml(runRoot, planRel, "plan-packet");
+
+	const remediation =
+		(typeof review?.remediation_class === "string" &&
+			review.remediation_class) ||
+		"implementation_gap";
+
+	const sourceArtifacts: Record<string, string> = {
+		"review-outcome":
+			input.reviewOutcomePath ?? "artifacts/review-outcome.yaml",
+	};
+	if (evalDoc) {
+		sourceArtifacts["eval-verdict"] =
+			input.evalVerdictPath ?? "artifacts/eval-verdict.yaml";
+	}
+	if (adversary) {
+		sourceArtifacts["adversary-report"] =
+			input.adversaryReportPath ?? "artifacts/adversary-report.yaml";
+	}
+	if (plan) {
+		sourceArtifacts["plan-packet"] = planRel;
+	}
+
+	const failedIds = [
+		...stringList(review?.failed_acceptance_check_ids),
+		...stringList(evalDoc?.failed_acceptance_check_ids),
+		...stringList(evalDoc?.failed_checks),
+	];
+	const uniqueFailed = [...new Set(failedIds)];
+
+	const fixDirectives: string[] = [];
+	for (const key of [
+		"fix_directives",
+		"repair_directives",
+		"recommendations",
+		"required_fixes",
+	]) {
+		fixDirectives.push(...stringList(review?.[key]));
+		fixDirectives.push(...stringList(adversary?.[key]));
+		fixDirectives.push(...stringList(evalDoc?.[key]));
+	}
+	if (typeof adversary?.summary === "string" && adversary.summary.trim()) {
+		fixDirectives.push(adversary.summary.trim());
+	}
+	if (typeof evalDoc?.summary === "string" && evalDoc.summary.trim()) {
+		fixDirectives.push(evalDoc.summary.trim());
+	}
+	const uniqueFixes = [...new Set(fixDirectives)];
+	if (uniqueFixes.length === 0) {
+		uniqueFixes.push(
+			"Address failures documented in review-outcome and eval-verdict; re-run acceptance checks.",
+		);
+	}
+
+	const execPlan = asRecord(plan?.execution_plan);
+	const priorityLakeIds = stringList(execPlan?.critical_path_lake_ids);
+	if (priorityLakeIds.length === 0) {
+		const lakes = Array.isArray(execPlan?.lakes) ? execPlan.lakes : [];
+		for (const lake of lakes) {
+			const l = asRecord(lake);
+			if (l && typeof l.id === "string") priorityLakeIds.push(l.id);
+		}
+	}
+
+	const brief: Record<string, unknown> = {
+		schema_version: REPAIR_BRIEF_SCHEMA,
+		run_id: input.runId,
+		steer_attempt: input.steerAttempt,
+		remediation_class: remediation,
+		source_artifacts: sourceArtifacts,
+		fix_directives: uniqueFixes,
+	};
+	if (uniqueFailed.length > 0) {
+		brief.failed_acceptance_check_ids = uniqueFailed;
+	}
+	if (priorityLakeIds.length > 0) {
+		brief.priority_lake_ids = [...new Set(priorityLakeIds)];
+	}
+	return brief;
+}