npm - ultimate-pi - Versions diffs - 0.17.0 → 0.18.1 - Mend

ultimate-pi 0.17.0 → 0.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/.agents/skills/harness-context/SKILL.md +13 -6
package/.agents/skills/harness-debate-plan/SKILL.md +37 -20
package/.agents/skills/harness-decisions/SKILL.md +1 -1
package/.agents/skills/harness-eval/SKILL.md +6 -21
package/.agents/skills/harness-governor/SKILL.md +4 -3
package/.agents/skills/harness-orchestration/SKILL.md +41 -53
package/.agents/skills/harness-plan/SKILL.md +23 -12
package/.agents/skills/harness-review/SKILL.md +52 -0
package/.agents/skills/harness-sentrux-setup/SKILL.md +16 -3
package/.agents/skills/harness-steer/SKILL.md +14 -0
package/.agents/skills/sentrux/SKILL.md +9 -9
package/.pi/agents/harness/planning/decompose.md +7 -4
package/.pi/agents/harness/planning/hypothesis-validator.md +2 -0
package/.pi/agents/harness/planning/hypothesis.md +3 -1
package/.pi/agents/harness/planning/plan-adversary.md +2 -0
package/.pi/agents/harness/planning/plan-evaluator.md +2 -0
package/.pi/agents/harness/planning/plan-synthesizer.md +25 -0
package/.pi/agents/harness/planning/planning-context.md +48 -0
package/.pi/agents/harness/planning/review-integrator.md +2 -0
package/.pi/agents/harness/planning/sprint-contract-auditor.md +2 -0
package/.pi/agents/harness/{adversary.md → reviewing/adversary.md} +3 -10
package/.pi/agents/harness/{evaluator.md → reviewing/evaluator.md} +3 -12
package/.pi/agents/harness/running/executor.md +45 -0
package/.pi/agents/harness/sentrux-steward.md +51 -0
package/.pi/extensions/00-harness-project-control.ts +133 -0
package/.pi/extensions/00-posthog-network-bootstrap.ts +11 -0
package/.pi/extensions/budget-guard.ts +2 -0
package/.pi/extensions/debate-orchestrator.ts +2 -0
package/.pi/extensions/harness-ask-user.ts +2 -2
package/.pi/extensions/harness-debate-tools.ts +2 -2
package/.pi/extensions/harness-live-widget.ts +60 -3
package/.pi/extensions/harness-plan-approval.ts +64 -58
package/.pi/extensions/harness-run-context.ts +715 -90
package/.pi/extensions/harness-subagent-submit.ts +46 -12
package/.pi/extensions/harness-subagents.ts +2 -2
package/.pi/extensions/harness-telemetry.ts +2 -0
package/.pi/extensions/harness-web-tools.ts +2 -2
package/.pi/extensions/lib/extension-load-guard.ts +10 -0
package/.pi/extensions/lib/harness-artifact-gate.ts +172 -0
package/.pi/extensions/lib/harness-posthog.ts +9 -5
package/.pi/extensions/lib/harness-spawn-topology.ts +165 -0
package/.pi/extensions/lib/harness-subagent-auth.ts +1 -2
package/.pi/extensions/lib/harness-subagent-policy.ts +28 -24
package/.pi/extensions/lib/harness-subagent-precheck.ts +36 -10
package/.pi/extensions/lib/harness-subagent-submit-pipeline.ts +66 -2
package/.pi/extensions/lib/harness-subagent-submit-registry.ts +22 -22
package/.pi/extensions/lib/harness-subagents-bridge.ts +7 -29
package/.pi/extensions/lib/harness-subprocess-bootstrap.ts +73 -0
package/.pi/extensions/lib/plan-approval/create-plan.ts +2 -3
package/.pi/extensions/lib/plan-approval/resolve-disk.ts +102 -0
package/.pi/extensions/lib/plan-approval/schema.ts +22 -8
package/.pi/extensions/lib/plan-approval/types.ts +1 -1
package/.pi/extensions/lib/plan-approval/validate.ts +2 -2
package/.pi/extensions/lib/plan-approval-readiness.ts +192 -0
package/.pi/extensions/lib/plan-debate-eligibility.ts +12 -5
package/.pi/extensions/lib/plan-debate-gate.ts +22 -1
package/.pi/extensions/lib/plan-debate-lanes.ts +32 -2
package/.pi/extensions/lib/plan-review-gate.ts +8 -0
package/.pi/extensions/lib/posthog-client.ts +76 -0
package/.pi/extensions/lib/spawn-policy.ts +3 -3
package/.pi/extensions/observation-bus.ts +2 -0
package/.pi/extensions/policy-gate.ts +26 -19
package/.pi/extensions/review-integrity.ts +91 -10
package/.pi/extensions/sentrux-rules-sync.ts +2 -0
package/.pi/extensions/test-diff-integrity.ts +1 -0
package/.pi/extensions/trace-recorder.ts +2 -0
package/.pi/harness/agents.manifest.json +37 -37
package/.pi/harness/corpus/cron.example +8 -0
package/.pi/harness/corpus/graphify-kb-updater.config.json +214 -0
package/.pi/harness/corpus/systemd/graphify-kb-updater.env.template +4 -0
package/.pi/harness/corpus/systemd/graphify-kb-updater.service +17 -0
package/.pi/harness/corpus/systemd/graphify-kb-updater.timer +11 -0
package/.pi/harness/docs/adrs/0001-harness-constitution.md +2 -1
package/.pi/harness/docs/adrs/0006-sentrux-dual-layer.md +8 -6
package/.pi/harness/docs/adrs/0009-sentrux-rules-lifecycle.md +6 -1
package/.pi/harness/docs/adrs/0031-harness-run-context.md +1 -1
package/.pi/harness/docs/adrs/0032-harness-command-orchestration.md +7 -0
package/.pi/harness/docs/adrs/0034-darwin-plan-research-pipeline.md +3 -3
package/.pi/harness/docs/adrs/0036-implementation-research-and-selective-debate.md +8 -5
package/.pi/harness/docs/adrs/0039-harness-post-run-review-gate.md +47 -0
package/.pi/harness/docs/adrs/0040-practice-grounded-orchestration.md +40 -0
package/.pi/harness/docs/adrs/0041-intelligent-planning-reconnaissance.md +39 -0
package/.pi/harness/docs/adrs/0042-agent-native-orchestration.md +35 -0
package/.pi/harness/docs/adrs/0043-path-first-harness-tools.md +38 -0
package/.pi/harness/docs/adrs/0044-harness-steer-loop.md +37 -0
package/.pi/harness/docs/adrs/0045-phase-scoped-agent-directories.md +33 -0
package/.pi/harness/docs/adrs/README.md +11 -0
package/.pi/harness/docs/graphify-kb-updater-runbook.md +163 -0
package/.pi/harness/docs/practice-map.md +110 -0
package/.pi/harness/env.harness.template +5 -3
package/.pi/harness/evals/smoke/sentrux-stub.json +1 -1
package/.pi/harness/evals/smoke/smoke-harness-plan.mjs +5 -2
package/.pi/harness/specs/README.md +1 -1
package/.pi/harness/specs/harness-run-context.schema.json +11 -0
package/.pi/harness/specs/harness-spawn-context.schema.json +15 -1
package/.pi/harness/specs/plan-execution-plan.schema.json +39 -1
package/.pi/harness/specs/plan-packet.schema.json +4 -0
package/.pi/harness/specs/plan-phase-status.schema.json +17 -0
package/.pi/harness/specs/plan-phase-waiver.schema.json +25 -0
package/.pi/harness/specs/plan-planning-context.schema.json +50 -0
package/.pi/harness/specs/repair-brief.schema.json +45 -0
package/.pi/harness/specs/review-outcome.schema.json +46 -0
package/.pi/harness/specs/sentrux-manifest-proposal.schema.json +80 -0
package/.pi/harness/specs/sentrux-signal.schema.json +43 -0
package/.pi/harness/specs/steer-state.schema.json +20 -0
package/.pi/lib/harness-context-mode-policy.ts +256 -0
package/.pi/lib/harness-project-config.ts +91 -0
package/.pi/lib/harness-repair-brief.ts +145 -0
package/.pi/lib/harness-run-context.ts +591 -32
package/.pi/lib/harness-ui-state.ts +114 -21
package/.pi/prompts/harness-auto.md +10 -10
package/.pi/prompts/harness-critic.md +3 -30
package/.pi/prompts/harness-eval.md +4 -37
package/.pi/prompts/harness-plan.md +116 -54
package/.pi/prompts/harness-review.md +150 -15
package/.pi/prompts/harness-run.md +62 -10
package/.pi/prompts/harness-sentrux-steward.md +55 -0
package/.pi/prompts/harness-setup.md +5 -4
package/.pi/prompts/harness-steer.md +30 -0
package/.pi/scripts/README.md +1 -0
package/.pi/scripts/graphify-kb-updater.mjs +398 -0
package/.pi/scripts/harness-agents-manifest.mjs +1 -1
package/.pi/scripts/harness-project-toggle.mjs +129 -0
package/.pi/scripts/harness-sentrux-cli.mjs +142 -0
package/.pi/scripts/harness-verify.mjs +22 -6
package/.pi/scripts/harness-web-policy-guard.mjs +68 -0
package/.pi/scripts/validate-plan-dag.mjs +3 -3
package/AGENTS.md +1 -0
package/CHANGELOG.md +23 -0
package/README.md +94 -58
package/package.json +5 -4
package/.pi/agents/harness/executor.md +0 -47
package/.pi/agents/harness/planning/scout-graphify.md +0 -37
package/.pi/agents/harness/planning/scout-semantic.md +0 -39
package/.pi/agents/harness/planning/scout-structure.md +0 -35
package/.pi/prompts/git-sync.md +0 -124
/package/.pi/agents/harness/{tie-breaker.md → reviewing/tie-breaker.md} +0 -0

package/.pi/extensions/harness-subagent-submit.ts CHANGED Viewed

@@ -6,10 +6,14 @@
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { Type } from "@sinclair/typebox";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
+import { resolveGuardedRunDir } from "../lib/harness-subagent-submit-path.js";
+import { claimHarnessGovernanceLoad } from "./lib/extension-load-guard.js";
 import { getHarnessPackageRoot } from "./lib/harness-paths.js";
 import { evaluateHarnessSubagentToolCall } from "./lib/harness-subagent-policy.js";
-import { executeSubmitPipeline } from "./lib/harness-subagent-submit-pipeline.js";
+import {
+	executeSubmitPipeline,
+	loadSubmitDocument,
+} from "./lib/harness-subagent-submit-pipeline.js";
 import { SUBMIT_TOOL_SPECS } from "./lib/harness-subagent-submit-registry.js";
 // @ts-expect-error pi extensions run as ESM
@@ -17,10 +21,18 @@ const MODULE_URL = import.meta.url;
 const DocumentSchema = Type.Object(
 	{
-		document: Type.Record(Type.String(), Type.Unknown(), {
-			description:
-				"Plan artifact fields (validated via plan-*.schema.json, persisted as canonical YAML on disk)",
-		}),
+		document: Type.Optional(
+			Type.Record(Type.String(), Type.Unknown(), {
+				description:
+					"Artifact fields (deprecated when source_path is set; ADR 0043)",
+			}),
+		),
+		source_path: Type.Optional(
+			Type.String({
+				description:
+					"Relative path under run dir, e.g. artifacts/.draft/decomposition.yaml",
+			}),
+		),
 	},
 	{ additionalProperties: false },
 );
@@ -48,7 +60,8 @@ function isSubprocessHarness(): boolean {
 }
 export default function harnessSubagentSubmit(pi: ExtensionAPI) {
-	if (!claimExtensionLoad("harness-subagent-submit", MODULE_URL)) return;
+	if (!claimHarnessGovernanceLoad("harness-subagent-submit", MODULE_URL))
+		return;
 	// Option A: only load submit tools in subprocess (`-e` bundle), not parent discovery.
 	if (process.env.PI_HARNESS_SUBPROCESS !== "1") {
 		return;
@@ -118,21 +131,42 @@ export default function harnessSubagentSubmit(pi: ExtensionAPI) {
 						isError: true,
 					};
 				}
-				const document = (params as { document?: Record<string, unknown> })
-					.document;
-				if (!document || typeof document !== "object") {
+				const runResolved = await resolveGuardedRunDir({
+					projectRoot,
+					runId,
+					runDirEnv,
+				});
+				if (!runResolved.ok) {
 					return {
-						content: [{ type: "text", text: "document object is required" }],
+						content: [{ type: "text", text: runResolved.error }],
 						details: {},
 						isError: true,
 					};
 				}
+				const loaded = await loadSubmitDocument({
+					projectRoot,
+					runDir: runResolved.runDir,
+					document: (params as { document?: Record<string, unknown> }).document,
+					source_path: (params as { source_path?: string }).source_path,
+				});
+				if (!loaded.ok) {
+					return {
+						content: [
+							{
+								type: "text",
+								text: `Validation failed:\n${loaded.validation_errors.join("\n")}`,
+							},
+						],
+						isError: true,
+						details: loaded,
+					};
+				}
 				const result = await executeSubmitPipeline({
 					projectRoot,
 					specsDir,
 					spec,
 					agentId,
-					document,
+					document: loaded.document,
 					runId,
 					runDirEnv,
 				});

package/.pi/extensions/harness-subagents.ts CHANGED Viewed

@@ -6,13 +6,13 @@
  */
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
+import { claimHarnessGovernanceLoad } from "./lib/extension-load-guard.js";
 // @ts-expect-error pi extensions run as ESM
 const MODULE_URL = import.meta.url;
 async function loadHarnessSubagents(): Promise<(pi: ExtensionAPI) => void> {
-	if (!claimExtensionLoad("harness-subagents", MODULE_URL)) {
+	if (!claimHarnessGovernanceLoad("harness-subagents", MODULE_URL)) {
 		return () => {};
 	}
 	const { getHarnessPackageRoot } = await import("./lib/harness-paths.js");

package/.pi/extensions/harness-telemetry.ts CHANGED Viewed

@@ -9,6 +9,7 @@
 import { createHash } from "node:crypto";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import {
 	captureHarnessEvent,
 	type HarnessPostHogEventName,
@@ -338,6 +339,7 @@ function mapCustomEntry(
 }
 export default function harnessTelemetry(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	const flushedHashes = new Set<string>();
 	let lastPolicyPhase: HarnessPhase | null = null;

package/.pi/extensions/harness-web-tools.ts CHANGED Viewed

@@ -4,7 +4,7 @@
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { Type } from "@sinclair/typebox";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
+import { claimHarnessGovernanceLoad } from "./lib/extension-load-guard.js";
 import {
 	harnessWebContextLine,
 	readTextExcerpt,
@@ -98,7 +98,7 @@ function sessionCwd(ctx: { cwd?: string }): string {
 }
 export default function harnessWebTools(pi: ExtensionAPI) {
-	if (!claimExtensionLoad("harness-web-tools", MODULE_URL)) return;
+	if (!claimHarnessGovernanceLoad("harness-web-tools", MODULE_URL)) return;
 	pi.on("before_agent_start", async (event) => {
 		return {
 			systemPrompt: `${event.systemPrompt}\n\n${harnessWebContextLine()}`,

package/.pi/extensions/lib/extension-load-guard.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { readFileSync } from "node:fs";
 import { join } from "node:path";
 import { fileURLToPath } from "node:url";
+import { isHarnessProjectEnabled } from "../../lib/harness-project-config.js";
 const LOAD_GUARD_KEY = Symbol.for("ultimate-pi.extension-load-guard");
@@ -37,3 +38,12 @@ export function claimExtensionLoad(key: string, moduleUrl: string): boolean {
 	registry.add(key);
 	return true;
 }
+/** Skip duplicate loads and skip all governance extensions when harness is disabled. */
+export function claimHarnessGovernanceLoad(
+	key: string,
+	moduleUrl: string,
+): boolean {
+	if (!isHarnessProjectEnabled()) return false;
+	return claimExtensionLoad(key, moduleUrl);
+}

package/.pi/extensions/lib/harness-artifact-gate.ts ADDED Viewed

@@ -0,0 +1,172 @@
+/**
+ * Content-aware gates for harness_artifact_ready (existence + minimal validity).
+ */
+import { constants } from "node:fs";
+import { access, readFile, stat } from "node:fs/promises";
+import { join } from "node:path";
+import { parse as parseYaml } from "yaml";
+import { validateAgainstHarnessSchema } from "../../lib/harness-schema-validate.js";
+export interface ArtifactGateResult {
+	ok: boolean;
+	errors: string[];
+}
+const ARTIFACT_SCHEMA: Record<string, string> = {
+	"artifacts/decomposition.yaml": "plan-decomposition-brief.schema.json",
+	"artifacts/hypothesis.yaml": "plan-hypothesis-brief.schema.json",
+	"artifacts/implementation-research.yaml":
+		"plan-implementation-research-brief.schema.json",
+	"artifacts/stack.yaml": "plan-stack-brief.schema.json",
+	"artifacts/planning-context.yaml": "plan-planning-context.schema.json",
+	"artifacts/eval-verdict.yaml": "eval-verdict.schema.json",
+	"artifacts/adversary-report.yaml": "adversary-report.schema.json",
+};
+const PREREQUISITE_ORDER: Record<string, string[]> = {
+	"artifacts/hypothesis.yaml": ["artifacts/decomposition.yaml"],
+	"artifacts/implementation-research.yaml": [
+		"artifacts/decomposition.yaml",
+		"artifacts/hypothesis.yaml",
+	],
+	"artifacts/stack.yaml": [
+		"artifacts/decomposition.yaml",
+		"artifacts/hypothesis.yaml",
+	],
+};
+async function fileExists(path: string): Promise<boolean> {
+	try {
+		await access(path, constants.R_OK);
+		return true;
+	} catch {
+		return false;
+	}
+}
+function artifactStatusBad(doc: Record<string, unknown>): string | null {
+	const status = String(doc.status ?? "ok").toLowerCase();
+	if (status === "partial" || status === "failed" || status === "error") {
+		return `artifact status is "${status}"`;
+	}
+	return null;
+}
+export async function validateHarnessArtifactFile(
+	runRoot: string,
+	relPath: string,
+	specsDir: string,
+): Promise<ArtifactGateResult> {
+	const normalized = relPath.replace(/\\/g, "/");
+	const abs = join(runRoot, normalized);
+	const errors: string[] = [];
+	if (!(await fileExists(abs))) {
+		return { ok: false, errors: [`missing file: ${normalized}`] };
+	}
+	const st = await stat(abs);
+	if (st.size < 8) {
+		errors.push(`${normalized}: file too small (${st.size} bytes)`);
+	}
+	let doc: Record<string, unknown> | null = null;
+	try {
+		const raw = await readFile(abs, "utf-8");
+		if (!raw.trim()) {
+			errors.push(`${normalized}: empty file`);
+		} else {
+			doc = parseYaml(raw) as Record<string, unknown>;
+			if (!doc || typeof doc !== "object" || Array.isArray(doc)) {
+				errors.push(`${normalized}: root must be a YAML object`);
+			}
+		}
+	} catch (e) {
+		errors.push(
+			`${normalized}: invalid YAML (${e instanceof Error ? e.message : String(e)})`,
+		);
+	}
+	const schemaFile = ARTIFACT_SCHEMA[normalized];
+	if (doc && schemaFile) {
+		const validation = await validateAgainstHarnessSchema(
+			specsDir,
+			schemaFile,
+			doc,
+		);
+		if (!validation.ok) {
+			errors.push(
+				`${normalized}: schema validation failed — ${validation.errors.join("; ")}`,
+			);
+		}
+	}
+	if (doc && normalized === "artifacts/planning-context.yaml") {
+		const statusErr = artifactStatusBad(doc);
+		if (statusErr) {
+			errors.push(`${normalized}: ${statusErr}`);
+		}
+		const coverage = doc.coverage as Record<string, unknown> | undefined;
+		if (coverage && typeof coverage === "object") {
+			for (const lane of ["architecture", "structure"] as const) {
+				const laneDoc = coverage[lane] as Record<string, unknown> | undefined;
+				const laneStatus = String(laneDoc?.status ?? "").toLowerCase();
+				if (laneStatus !== "ok" && laneStatus !== "partial") {
+					errors.push(
+						`${normalized}: coverage.${lane}.status must be ok or partial (got "${laneStatus || "missing"}")`,
+					);
+				}
+			}
+		}
+	}
+	const prereqs = PREREQUISITE_ORDER[normalized] ?? [];
+	for (const prereq of prereqs) {
+		if (!(await fileExists(join(runRoot, prereq)))) {
+			errors.push(`${normalized}: prerequisite missing (${prereq})`);
+		}
+	}
+	return { ok: errors.length === 0, errors };
+}
+export async function validateHarnessArtifactPaths(
+	runRoot: string,
+	paths: string[],
+	specsDir: string,
+): Promise<{
+	ok: boolean;
+	present: string[];
+	missing: string[];
+	errors: string[];
+}> {
+	const present: string[] = [];
+	const missing: string[] = [];
+	const errors: string[] = [];
+	for (const rel of paths) {
+		const normalized = rel.replace(/\\/g, "/");
+		const gate = await validateHarnessArtifactFile(
+			runRoot,
+			normalized,
+			specsDir,
+		);
+		if (gate.errors.some((e) => e.startsWith("missing file"))) {
+			missing.push(normalized);
+			continue;
+		}
+		if (!gate.ok) {
+			errors.push(...gate.errors);
+			continue;
+		}
+		present.push(normalized);
+	}
+	return {
+		ok: missing.length === 0 && errors.length === 0,
+		present,
+		missing,
+		errors,
+	};
+}

package/.pi/extensions/lib/harness-posthog.ts CHANGED Viewed

@@ -6,6 +6,7 @@
  */
 import { PostHog } from "posthog-node";
+import { getPostHogClientOptions } from "./posthog-client.js";
 export type HarnessPostHogEventName =
 	| "harness_run_started"
@@ -48,9 +49,7 @@ function getClient(): PostHog | null {
 	if (client) return client;
 	const apiKey = process.env.POSTHOG_API_KEY?.trim();
 	if (!apiKey) return null;
-	client = new PostHog(apiKey, {
-		host: process.env.POSTHOG_HOST?.trim() || "https://us.i.posthog.com",
-	});
+	client = new PostHog(apiKey, getPostHogClientOptions());
 	return client;
 }
@@ -109,6 +108,11 @@ export function captureHarnessEvent(
 export async function shutdownHarnessPostHog(): Promise<void> {
 	if (!client) return;
-	await client.shutdown();
-	client = null;
+	try {
+		await client.shutdown();
+	} catch {
+		// Best-effort telemetry — avoid noisy flush errors when offline / WSL DNS broken.
+	} finally {
+		client = null;
+	}
 }

package/.pi/extensions/lib/harness-spawn-topology.ts ADDED Viewed

@@ -0,0 +1,165 @@
+/**
+ * Harness subagent spawn topology rules (no vendor imports — testable in isolation).
+ */
+import { constants } from "node:fs";
+import { access } from "node:fs/promises";
+import { join } from "node:path";
+import type { HarnessPhase } from "../../lib/harness-run-context.js";
+export interface SpawnTopologyResult {
+	ok: boolean;
+	message?: string;
+}
+const DECOMPOSE_AGENT = "harness/planning/decompose";
+const HYPOTHESIS_AGENT = "harness/planning/hypothesis";
+const DEBATE_LANE_AGENTS = new Set([
+	"harness/planning/hypothesis-validator",
+	"harness/planning/plan-evaluator",
+	"harness/planning/plan-adversary",
+	"harness/planning/sprint-contract-auditor",
+	"harness/planning/review-integrator",
+]);
+const PLANNING_CONTEXT_AGENT = "harness/planning/planning-context";
+const PARALLEL_RESEARCH_AGENTS = new Set([
+	"harness/planning/implementation-researcher",
+	"harness/planning/stack-researcher",
+]);
+function countInSet(names: string[], allowed: Set<string>): number {
+	return names.filter((n) => allowed.has(n)).length;
+}
+function isReconnaissanceAgent(name: string): boolean {
+	return name === PLANNING_CONTEXT_AGENT;
+}
+async function decompositionReady(
+	projectRoot: string,
+	runId: string,
+): Promise<boolean> {
+	const path = join(
+		projectRoot,
+		".pi",
+		"harness",
+		"runs",
+		runId,
+		"artifacts",
+		"decomposition.yaml",
+	);
+	try {
+		await access(path, constants.R_OK);
+		return true;
+	} catch {
+		return false;
+	}
+}
+export async function validateHarnessSpawnTopology(
+	names: string[],
+	phase: HarnessPhase,
+	opts?: {
+		parallelTaskCount?: number;
+		projectRoot?: string;
+		runId?: string | null;
+	},
+): Promise<SpawnTopologyResult> {
+	const taskCount =
+		opts?.parallelTaskCount ?? (names.length > 1 ? names.length : 1);
+	if (taskCount > 1) {
+		const hasDecompose = names.includes(DECOMPOSE_AGENT);
+		const hasHypothesis = names.includes(HYPOTHESIS_AGENT);
+		if (hasDecompose && hasHypothesis) {
+			return {
+				ok: false,
+				message:
+					"Cannot spawn decompose and hypothesis in the same parallel batch. " +
+					"Gate artifacts/decomposition.yaml, then spawn hypothesis sequentially.",
+			};
+		}
+		const debateCount = countInSet(names, DEBATE_LANE_AGENTS);
+		const debateNames = names.filter((n) => DEBATE_LANE_AGENTS.has(n));
+		const parallelProbePair =
+			debateCount === 2 &&
+			debateNames.includes("harness/planning/plan-evaluator") &&
+			debateNames.includes("harness/planning/plan-adversary");
+		if (debateCount > 1 && !parallelProbePair) {
+			return {
+				ok: false,
+				message: `Review Gate: spawn one debate lane agent per subagent call (got ${debateCount}: ${debateNames.join(", ")}). Exception: plan-evaluator ∥ plan-adversary for parallel_probes.`,
+			};
+		}
+		const planningContext = names.filter(
+			(n) => n === PLANNING_CONTEXT_AGENT,
+		).length;
+		const research = countInSet(names, PARALLEL_RESEARCH_AGENTS);
+		const recon = planningContext;
+		if (planningContext > 1) {
+			return {
+				ok: false,
+				message: "At most one planning-context subagent per parallel batch.",
+			};
+		}
+		const otherHarness = names.filter(
+			(n) =>
+				n.startsWith("harness/") &&
+				!isReconnaissanceAgent(n) &&
+				!PARALLEL_RESEARCH_AGENTS.has(n) &&
+				!DEBATE_LANE_AGENTS.has(n) &&
+				n !== DECOMPOSE_AGENT &&
+				n !== HYPOTHESIS_AGENT,
+		);
+		if (
+			(recon > 0 && (research > 0 || otherHarness.length > 0)) ||
+			(research > 0 && otherHarness.length > 0)
+		) {
+			return {
+				ok: false,
+				message:
+					"Parallel batches may include only one independent group: " +
+					"research (≤2 lanes), optional single planning-context, " +
+					"or a single sequential lane agent.",
+			};
+		}
+		if (research > 2) {
+			return {
+				ok: false,
+				message:
+					"At most 2 research lanes (implementation-researcher, stack-researcher) per parallel batch.",
+			};
+		}
+	}
+	if (names.includes(HYPOTHESIS_AGENT) && opts?.projectRoot && opts?.runId) {
+		const ready = await decompositionReady(opts.projectRoot, opts.runId);
+		if (!ready) {
+			return {
+				ok: false,
+				message:
+					"Cannot spawn hypothesis before artifacts/decomposition.yaml exists. " +
+					"Complete decompose and harness_artifact_ready on decomposition first.",
+			};
+		}
+	}
+	if (phase === "plan") {
+		const mutating = names.filter((n) => n.startsWith("harness/running/"));
+		if (mutating.length > 0) {
+			return {
+				ok: false,
+				message: `Plan phase: cannot spawn mutating subagents (${mutating.join(", ")}).`,
+			};
+		}
+	}
+	return { ok: true };
+}

package/.pi/extensions/lib/harness-subagent-auth.ts CHANGED Viewed

@@ -51,8 +51,7 @@ const ROUTINE_PLANNING_AGENT_PATHS = new Set([
 	"harness/planning/review-integrator",
 	"harness/planning/hypothesis-validator",
 	"harness/planning/sprint-contract-auditor",
-	"harness/planning/scout-structure",
-	"harness/planning/scout-semantic",
+	"harness/planning/planning-context",
 	"harness/planning/decompose",
 	"harness/planning/hypothesis",
 	"harness/planning/stack-research",

package/.pi/extensions/lib/harness-subagent-policy.ts CHANGED Viewed

@@ -2,6 +2,11 @@
  * Per-agent tool policy for harness/* subagents (defense in depth with frontmatter).
  */
+import {
+	evaluateContextModeMutation,
+	isMutatingBash,
+} from "../../lib/harness-context-mode-policy.js";
+import type { HarnessPhase } from "../../lib/harness-run-context.js";
 import {
 	isSubmitToolName,
 	SUBMIT_TOOLS_BY_AGENT,
@@ -40,21 +45,6 @@ const PLANNING_BASH_DENY_PATTERNS = [
 	/\buv\s+tool\s+install\b.*cocoindex/i,
 ];
-const BASH_MUTATION_PATTERNS = [
-	/\brm\s+-/i,
-	/\bmv\s+/i,
-	/\bcp\s+/i,
-	/\btouch\s+/i,
-	/\bmkdir\s+/i,
-	/\btee\s+/i,
-	/\bgit\s+(add|commit|push|reset|checkout|merge|rebase|cherry-pick|apply)\b/i,
-	/\bnpm\s+(install|uninstall|ci)\b/i,
-	/\bpnpm\s+(add|install|remove)\b/i,
-	/\byarn\s+(add|install|remove)\b/i,
-	/\bsed\s+-i\b/i,
-	/\bperl\s+-i\b/i,
-];
 const READ_ONLY_KINDS = new Set<HarnessAgentKind>([
 	"planner",
 	"evaluator",
@@ -76,13 +66,13 @@ export function classifyHarnessAgent(agentType: string): HarnessAgentKind {
 		return "planner";
 	}
 	switch (id) {
-		case "executor":
+		case "running/executor":
 			return "executor";
-		case "evaluator":
+		case "reviewing/evaluator":
 			return "evaluator";
-		case "adversary":
+		case "reviewing/adversary":
 			return "adversary";
-		case "tie-breaker":
+		case "reviewing/tie-breaker":
 			return "tie_breaker";
 		case "meta-optimizer":
 			return "meta";
@@ -95,10 +85,6 @@ export function classifyHarnessAgent(agentType: string): HarnessAgentKind {
 	}
 }
-function isMutatingBash(command: string): boolean {
-	return BASH_MUTATION_PATTERNS.some((pattern) => pattern.test(command));
-}
 export function isHarnessPackageAgent(agentType: string): boolean {
 	return agentType.startsWith("harness/");
 }
@@ -141,7 +127,7 @@ export function evaluateHarnessSubagentToolCall(
 				return {
 					action: "block",
 					reason:
-						"submit_human_required is not available for harness/executor.",
+						"submit_human_required is not available for harness/running/executor.",
 				};
 			}
 			return { action: "allow" };
@@ -207,6 +193,24 @@ export function evaluateHarnessSubagentToolCall(
 		}
 	}
+	const ctxPhase =
+		(harnessSubagentPhaseHint(agentType) as HarnessPhase | null) ?? "plan";
+	const ctxDecision = evaluateContextModeMutation(
+		toolName,
+		input ?? {},
+		ctxPhase,
+		{ aborted: false, readOnlyAgent: true },
+	);
+	if (ctxDecision.blocked) {
+		return {
+			action: "block",
+			reason: ctxDecision.reason.replace(
+				/^policy-gate:/,
+				"harness-subagent-policy:",
+			),
+		};
+	}
 	return { action: "allow" };
 }