ultimate-pi 0.18.0 → 0.18.1

package/.pi/extensions/policy-gate.ts

@@ -13,6 +13,7 @@ import {
 	evaluateContextModeMutation,
 	isMutatingBash,
 } from "../lib/harness-context-mode-policy.js";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import {
 	extractWritePathFromToolInput,
 	getLatestRunContext,
@@ -126,6 +127,7 @@ function getLatestPolicyStateFull(ctx: {
 }
 
 export default function policyGate(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	let state = defaultState();
 
 	const appendPolicyState = (next: PolicyState): void => {

package/.pi/extensions/review-integrity.ts

@@ -8,6 +8,7 @@
 import { appendFile, mkdir } from "node:fs/promises";
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 
 type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
 
@@ -15,12 +16,13 @@ const INCIDENTS_DIR = join(process.cwd(), ".pi", "harness", "incidents");
 const INCIDENT_FILE = join(INCIDENTS_DIR, "review-integrity.jsonl");
 
 const REVIEW_SUBAGENT_TYPES = new Set([
-	"harness/evaluator",
-	"harness/adversary",
-	"harness/tie-breaker",
+	"harness/reviewing/evaluator",
+	"harness/reviewing/adversary",
+	"harness/reviewing/tie-breaker",
 ]);
 
-const EXECUTOR_SUBAGENT_TYPE = "harness/executor";
+const EXECUTOR_SUBAGENT_TYPE = "harness/running/executor";
+const PLANNING_SUBAGENT_PREFIX = "harness/planning/";
 
 interface IsolationState {
 	executorSessionId: string | null;
@@ -138,6 +140,70 @@ function agentsFromSubagentInput(
 	return names;
 }
 
+function latestCustomData(
+	entries: SessionEntryLike[],
+	customType: string,
+): Record<string, unknown> | null {
+	for (let i = entries.length - 1; i >= 0; i--) {
+		const entry = entries[i];
+		if (entry.type !== "custom" || entry.customType !== customType) continue;
+		return entry.data && typeof entry.data === "object" ? entry.data : null;
+	}
+	return null;
+}
+
+function collectStrings(value: unknown, depth = 0): string[] {
+	if (depth > 5 || value == null) return [];
+	if (typeof value === "string") return [value];
+	if (Array.isArray(value)) {
+		return value.flatMap((item) => collectStrings(item, depth + 1));
+	}
+	if (typeof value === "object") {
+		return Object.values(value).flatMap((item) =>
+			collectStrings(item, depth + 1),
+		);
+	}
+	return [];
+}
+
+export function hasPlanReviseRecommendation(entries: unknown[]): boolean {
+	const typedEntries = entries as SessionEntryLike[];
+	const runContext = latestCustomData(typedEntries, "harness-run-context");
+	const text = collectStrings({
+		next_recommended_command: runContext?.next_recommended_command,
+		last_completed_step: runContext?.last_completed_step,
+		last_outcome: runContext?.last_outcome,
+		phase: runContext?.phase,
+	})
+		.join("\n")
+		.toLowerCase();
+
+	return text.includes("/harness-plan") && text.includes("revise");
+}
+
+export function isPlanRevisePlanningSubagent(input: {
+	agents: string[];
+	entries: unknown[];
+	toolInput?: Record<string, unknown>;
+}): boolean {
+	if (input.agents.length === 0) return false;
+	if (
+		!input.agents.every((agent) => agent.startsWith(PLANNING_SUBAGENT_PREFIX))
+	) {
+		return false;
+	}
+	if (hasPlanReviseRecommendation(input.entries)) return true;
+
+	const toolText = collectStrings(input.toolInput).join("\n").toLowerCase();
+	return (
+		toolText.includes("harness-plan") &&
+		(toolText.includes("mode: revise") ||
+			toolText.includes("mode=revise") ||
+			toolText.includes("--mode revise") ||
+			toolText.includes("--mode=revise"))
+	);
+}
+
 async function appendIncident(payload: Record<string, unknown>): Promise<void> {
 	await mkdir(INCIDENTS_DIR, { recursive: true });
 	await appendFile(
@@ -148,6 +214,7 @@ async function appendIncident(payload: Record<string, unknown>): Promise<void> {
 }
 
 export default function reviewIntegrity(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	let state: IsolationState = {
 		executorSessionId: null,
 		violationActive: false,
@@ -175,7 +242,10 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 		const phase = getPhase(ctx);
 		const currentSessionId = ctx.sessionManager.getSessionId();
 		const inReview = phase === "evaluate" || phase === "adversary";
-		if (!inReview) {
+		if (
+			!inReview ||
+			hasPlanReviseRecommendation(ctx.sessionManager.getEntries())
+		) {
 			state.violationActive = false;
 			state.updatedAt = nowIso();
 			persist();
@@ -201,7 +271,7 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 				customType: "harness-review-integrity-hint",
 				display: true,
 				content: [
-					"Review phase in executor session: spawn harness/evaluator or harness/adversary via subagent (isolated subprocess).",
+					"Review phase in executor session: spawn harness/reviewing/evaluator or harness/reviewing/adversary via subagent (isolated subprocess).",
 					"Do not run review checks directly in this session.",
 				].join("\n"),
 			},
@@ -210,9 +280,8 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 
 	pi.on("tool_call", async (event, ctx) => {
 		if (event.toolName === "subagent") {
-			const agents = agentsFromSubagentInput(
-				event.input as Record<string, unknown> | undefined,
-			);
+			const toolInput = event.input as Record<string, unknown> | undefined;
+			const agents = agentsFromSubagentInput(toolInput);
 			if (agents.includes(EXECUTOR_SUBAGENT_TYPE)) {
 				state.executorSessionId = ctx.sessionManager.getSessionId();
 				state.violationActive = false;
@@ -226,6 +295,18 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 				persist();
 				return undefined;
 			}
+			if (
+				isPlanRevisePlanningSubagent({
+					agents,
+					entries: ctx.sessionManager.getEntries(),
+					toolInput,
+				})
+			) {
+				state.violationActive = false;
+				state.updatedAt = nowIso();
+				persist();
+				return undefined;
+			}
 		}
 
 		if (!state.violationActive) return undefined;
@@ -237,7 +318,7 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 			reason:
 				"direct tool use in review phase while sharing executor session context",
 			mitigation:
-				"spawn harness/evaluator or harness/adversary via subagent instead",
+				"spawn harness/reviewing/evaluator or harness/reviewing/adversary via subagent instead",
 		});
 
 		return {

package/.pi/extensions/sentrux-rules-sync.ts

@@ -4,6 +4,7 @@
 
 import { spawn } from "node:child_process";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import { resolveHarnessScript } from "./lib/harness-paths.js";
 
 function resolveSyncScript(): string {
@@ -36,6 +37,7 @@ function runSync(args: string[]): Promise<{ code: number; output: string }> {
 }
 
 export default function sentruxRulesSync(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	pi.on("session_start", async () => {
 		const { code, output } = await runSync(["--check"]);
 		if (code !== 0) {

package/.pi/extensions/test-diff-integrity.ts

@@ -13,6 +13,7 @@
 import { appendFile, mkdir } from "node:fs/promises";
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 
 const INCIDENTS_DIR = join(process.cwd(), ".pi", "harness", "incidents");
 const INCIDENT_FILE = join(INCIDENTS_DIR, "test-diff-integrity.jsonl");

package/.pi/extensions/trace-recorder.ts

@@ -10,6 +10,7 @@
 import { appendFile, mkdir, readFile, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import {
 	getLatestRunContext,
 	getRunIdFromSession,
@@ -182,6 +183,7 @@ function resolveRunIdForAgentStart(
 }
 
 export default function traceRecorder(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	let activeRun: ActiveRun | null = null;
 	let lastUserPrompt = "";
 

package/.pi/harness/agents.manifest.json

@@ -1,8 +1,8 @@
 {
 	"schema_version": "1.0.0",
 	"package": "ultimate-pi",
-	"package_version": "0.17.0",
-	"generated_at": "2026-05-23T10:14:51.637Z",
+	"package_version": "0.18.0",
+	"generated_at": "2026-05-23T19:00:12.987Z",
 	"agents": {
 		"pi-pi/agent-expert": {
 			"path": ".pi/agents/pi-pi/agent-expert.md",
@@ -44,18 +44,6 @@
 			"path": ".pi/agents/pi-pi/tui-expert.md",
 			"sha256": "a619b2ee3d3d94fe599abb61db0904f90d30335ec426851c3f1efdf2e5ce5390"
 		},
-		"harness/adversary": {
-			"path": ".pi/agents/harness/adversary.md",
-			"sha256": "697ee7c784e8eb30ce96f4f16e9bb5f9cdcaae76a4a7083ace2fe4272e6d732f"
-		},
-		"harness/evaluator": {
-			"path": ".pi/agents/harness/evaluator.md",
-			"sha256": "587ae14d6e91fd8af2b2842f568b9a1fa0b1d84fa6e18b4bc21c0ba2a9e62218"
-		},
-		"harness/executor": {
-			"path": ".pi/agents/harness/executor.md",
-			"sha256": "e222a5c54c74329cdcfa92918d9191fa603d8945b81ca94484db258cda012783"
-		},
 		"harness/incident-recorder": {
 			"path": ".pi/agents/harness/incident-recorder.md",
 			"sha256": "d42fa45de1a2fe3842d075c6f319315266588942e314f1b650caabac39bdc29a"
@@ -72,17 +60,29 @@
 			"path": ".pi/agents/harness/sentrux-steward.md",
 			"sha256": "0e63175d817adc0d65876f5c24fb54e4882081caf939ff9c658afee51fc6889c"
 		},
-		"harness/tie-breaker": {
-			"path": ".pi/agents/harness/tie-breaker.md",
-			"sha256": "1c54c1c3274291dea1ea8826563a7ad4fe1d9c4302984e907bfcd22cfc4f5eba"
-		},
 		"harness/trace-librarian": {
 			"path": ".pi/agents/harness/trace-librarian.md",
 			"sha256": "336b3f3f6141cef8750ab18d29bbe454caf26973830a86afe099d9e4ad8b0abe"
 		},
+		"harness/running/executor": {
+			"path": ".pi/agents/harness/running/executor.md",
+			"sha256": "a48c37b2922b98fe20156367ae8c8fe761ae139153d402035a5aa35c9a14f106"
+		},
+		"harness/reviewing/adversary": {
+			"path": ".pi/agents/harness/reviewing/adversary.md",
+			"sha256": "697ee7c784e8eb30ce96f4f16e9bb5f9cdcaae76a4a7083ace2fe4272e6d732f"
+		},
+		"harness/reviewing/evaluator": {
+			"path": ".pi/agents/harness/reviewing/evaluator.md",
+			"sha256": "587ae14d6e91fd8af2b2842f568b9a1fa0b1d84fa6e18b4bc21c0ba2a9e62218"
+		},
+		"harness/reviewing/tie-breaker": {
+			"path": ".pi/agents/harness/reviewing/tie-breaker.md",
+			"sha256": "1c54c1c3274291dea1ea8826563a7ad4fe1d9c4302984e907bfcd22cfc4f5eba"
+		},
 		"harness/planning/decompose": {
 			"path": ".pi/agents/harness/planning/decompose.md",
-			"sha256": "c9dd890d45cf4548e28d03aedb86d5fc4ed81022e920ad0005faf404994c6e96"
+			"sha256": "734eaa1bc87c337f6582c8f1c97baabf51e807731ab3c075c8960a9d207145e2"
 		},
 		"harness/planning/execution-plan-author": {
 			"path": ".pi/agents/harness/planning/execution-plan-author.md",
@@ -108,6 +108,10 @@
 			"path": ".pi/agents/harness/planning/plan-evaluator.md",
 			"sha256": "825f296c487d6aeacad5d320e155a3f23d0db6dea822fccc99a1305941a43da2"
 		},
+		"harness/planning/plan-synthesizer": {
+			"path": ".pi/agents/harness/planning/plan-synthesizer.md",
+			"sha256": "5bc3ec109179790c196df1328d362c1485cd5ff9295c31c3de93c050330295da"
+		},
 		"harness/planning/planning-context": {
 			"path": ".pi/agents/harness/planning/planning-context.md",
 			"sha256": "96a51d1f2daafc9eaa8869a06ede9d04fc9e19076d58a81041e346e4c81c8b08"
@@ -116,18 +120,6 @@
 			"path": ".pi/agents/harness/planning/review-integrator.md",
 			"sha256": "bba385463ca8833654cd0dc80f666344332293fe86d7420d2c36755a3f9e743a"
 		},
-		"harness/planning/scout-graphify": {
-			"path": ".pi/agents/harness/planning/scout-graphify.md",
-			"sha256": "edc117245476859d3bea93d6e1247cf9f580719bb3aabb91d885cc196c102f68"
-		},
-		"harness/planning/scout-semantic": {
-			"path": ".pi/agents/harness/planning/scout-semantic.md",
-			"sha256": "060ad9251068c68cc20418a45a5a5747b708895b946c8153d9e5034b28c59ad5"
-		},
-		"harness/planning/scout-structure": {
-			"path": ".pi/agents/harness/planning/scout-structure.md",
-			"sha256": "111d055b82f0e1dde4cddc61d53474d8ad650dba2fd988061fd40fa638ed8bc7"
-		},
 		"harness/planning/sprint-contract-auditor": {
 			"path": ".pi/agents/harness/planning/sprint-contract-auditor.md",
 			"sha256": "2321298529f70d03798d23346231c4c43ad4b7490a43f291430ca65b3ef93757"

package/.pi/harness/corpus/graphify-kb-updater.config.json

@@ -13,6 +13,16 @@
 			"risk_class": "medium",
 			"default_policy": "stage_until_rights_review"
 		},
+		"repo": {
+			"category": "public_repository_metadata",
+			"risk_class": "low_to_medium",
+			"default_policy": "allowlist_auto_promote_when_approved"
+		},
+		"release": {
+			"category": "public_repository_release_metadata",
+			"risk_class": "low_to_medium",
+			"default_policy": "allowlist_auto_promote_when_approved"
+		},
 		"book": {
 			"category": "book_or_longform_local_file",
 			"risk_class": "high",
@@ -111,12 +121,57 @@
 			"approved_by": "manual-review-required",
 			"approved_at": "manual-review-required",
 			"allowed_source_classes": ["paper"]
+		},
+		{
+			"domain": "github.com",
+			"approved": true,
+			"approved_by": "repo-policy",
+			"approved_at": "2026-05-23",
+			"allowed_source_classes": ["repo", "release"]
 		}
 	],
 	"article_queries": [
 		"agentic engineering harness engineering AI coding agents",
 		"AI coding harness evaluation orchestration context engineering"
 	],
+	"repo_sources": [
+		{
+			"title": "Graphify project repository metadata watch",
+			"url": "https://github.com/AI-App/Graphify",
+			"approved": false,
+			"rights_access": {
+				"license": "repository metadata only; source license requires review",
+				"access": "public repository metadata",
+				"approved_by": "manual-review-required",
+				"approved_at": "manual-review-required"
+			},
+			"provenance": {
+				"origin": "curated_repo_watchlist",
+				"locator": "https://github.com/AI-App/Graphify",
+				"notes": "Metadata candidate only until manually approved."
+			},
+			"competitor_labels": ["context_engineering"]
+		}
+	],
+	"release_feeds": [
+		{
+			"title": "OpenAI agents SDK release metadata watch",
+			"url": "https://github.com/openai/openai-agents-python/releases",
+			"approved": false,
+			"rights_access": {
+				"license": "release metadata only; linked artifacts require review",
+				"access": "public release metadata",
+				"approved_by": "manual-review-required",
+				"approved_at": "manual-review-required"
+			},
+			"provenance": {
+				"origin": "curated_release_watchlist",
+				"locator": "https://github.com/openai/openai-agents-python/releases",
+				"notes": "Release metadata candidate only until manually approved."
+			},
+			"competitor_labels": ["agentic_harnesses"]
+		}
+	],
 	"paper_feeds": [
 		{
 			"title": "arXiv software engineering agents search feed",

package/.pi/harness/docs/adrs/0006-sentrux-dual-layer.md

@@ -10,7 +10,7 @@ Evaluator trust requires both programmatic gates (policy, budget, integrity) and
 ## Decision
 
 1. **Rules file:** `.sentrux/rules.toml` synced from manifest — see [ADR 0009](0009-sentrux-rules-lifecycle.md).
-2. **Run observation:** `/harness-run` writes `artifacts/sentrux-signal.yaml` and appends session custom entry `harness-sentrux-signal` after `sentrux check` + `sentrux gate` (baseline from `sentrux gate --save` before execute).
+2. **Run observation:** `/harness-run` writes `artifacts/sentrux-signal.yaml` and appends session custom entry `harness-sentrux-signal` after root-resolved Sentrux `check` + `gate` via `harness-sentrux-cli.mjs` (baseline from `gate --save` before execute). Raw `sentrux check .` / `gate .` must not be used from `.pi/harness/runs/*` because Sentrux resolves `.sentrux/rules.toml` against the path argument.
 3. **Verify gate:** `harness-verify.mjs` with `HARNESS_SENTRUX_REQUIRED=true` prefers `$HARNESS_RUN_DIR/artifacts/sentrux-signal.yaml`; falls back to `.pi/harness/evals/smoke/sentrux-stub.json` only when no run signal exists (CI smoke / pre-run verify).
 4. **Evaluator:** `harness/evaluator` in `benchmark` mode reads `sentrux-signal.yaml` and `benchmark-log.yaml` — metrics are inputs, not executor optimization targets.
 5. Observations flow through `observation-bus.ts` as `HarnessObservation` envelopes when wired.
@@ -30,3 +30,4 @@ Evaluator trust requires both programmatic gates (policy, budget, integrity) and
 
 - `.pi/harness/specs/observation.schema.json`
 - `.pi/scripts/harness-verify.mjs`
+- `.pi/scripts/harness-sentrux-cli.mjs`

package/.pi/harness/docs/adrs/0044-harness-steer-loop.md

@@ -12,8 +12,9 @@ After `/harness-run`, failed benchmarks or blocked execution previously routed u
 1. **Always review** — `/harness-run` ends with `next_command: /harness-review` (including `blocked` / partial work). Remove benchmark fail-fast skip of verdict/adversary (ADR 0039 amended).
 2. **Review artifacts** — Parent writes `artifacts/review-outcome.yaml` and `artifacts/repair-brief.yaml` (path pointers, not pasted bodies).
 3. **Remediation routing** — `review-outcome.remediation_class`: `implementation_gap` → `/harness-steer`; `plan_gap` → `/harness-plan` revise with `repair_brief_path`; `pass` → policy status. **Review outcome wins** over executor `scope_drift` when they disagree; tie → `plan_gap`.
-4. **`/harness-steer`** — Thin orchestrator: read briefs, set policy **phase `execute`**, spawn `harness/executor` with `mode: repair`, then `/harness-review` again.
-5. **Caps** — `HARNESS_STEER_MAX_ATTEMPTS` (default 3). **Tiered review:** full review on initial run + steer 1; steers 2+ use lite (benchmark + verdict) unless prior `block_merge` or user forces full.
+4. **Plan-gap revise reset** — When review returns `plan_gap` and the next `/harness-plan` runs in revise mode, archive stale plan-phase debate state and generated planning artifacts under `artifacts/revisions/<timestamp>/` before the planner starts. Preserve review repair artifacts in place so the new planning round starts clean while retaining audit history.
+5. **`/harness-steer`** — Thin orchestrator: read briefs, set policy **phase `execute`**, spawn `harness/executor` with `mode: repair`, then `/harness-review` again.
+6. **Caps** — `HARNESS_STEER_MAX_ATTEMPTS` (default 3). **Tiered review:** full review on initial run + steer 1; steers 2+ use lite (benchmark + verdict) unless prior `block_merge` or user forces full.
 6. **Sentrux** — Refresh baseline or compare new violations only after steer mutations (avoid false degraded on every attempt).
 7. **Evaluate-phase writes** — Orchestrator may write review/steer YAML under run `artifacts/` in `evaluate`/`adversary` phase (allowlisted files).
 

package/.pi/harness/docs/adrs/0045-phase-scoped-agent-directories.md

@@ -0,0 +1,33 @@
+# ADR 0045: Phase-scoped harness agent directories
+
+Status: Accepted
+Date: 2026-05-24
+
+## Context
+
+Harness prompts had accumulated mixed agent ids such as `harness/executor`, `harness/evaluator`, and legacy planning `scout-*` agents. The current orchestration model is phase-scoped:
+
+- planning context is parent-led or handled by `harness/planning/planning-context`
+- execution is a single running agent
+- post-run review is handled by reviewing agents
+
+Flat run/review agent ids made prompt intent less obvious and left legacy planning scout agents discoverable even after ADR 0041 moved reconnaissance to parent tool use plus `planning-context.yaml`.
+
+## Decision
+
+Use phase-scoped agent directories and ids for run/review orchestration:
+
+- `.pi/agents/harness/running/executor.md` → `harness/running/executor`
+- `.pi/agents/harness/reviewing/evaluator.md` → `harness/reviewing/evaluator`
+- `.pi/agents/harness/reviewing/adversary.md` → `harness/reviewing/adversary`
+- `.pi/agents/harness/reviewing/tie-breaker.md` → `harness/reviewing/tie-breaker`
+
+Remove the legacy planning `scout-graphify`, `scout-structure`, and `scout-semantic` agents. Planning reconnaissance is represented by `artifacts/planning-context.yaml` only.
+
+## Consequences
+
+- `/harness-run` must spawn only `harness/running/executor`.
+- `/harness-review` must spawn only agents under `harness/reviewing/`.
+- Submit-tool allowlists, precheck/topology policy, review-integrity policy, tests, and `agents.manifest.json` track the new ids.
+- When post-run review records `next_recommended_command: "/harness-plan (mode: revise)"`, review-integrity treats `harness/planning/*` subagents as a phase handoff, not a review-isolation violation.
+- Old scout YAML artifacts no longer satisfy plan approval readiness; `artifacts/planning-context.yaml` is required unless explicitly waived.

package/.pi/harness/docs/adrs/README.md

@@ -30,6 +30,7 @@ Team-shared ADRs for the ultimate-pi harness live under `.pi/harness/docs/adrs/`
 | [0042](0042-agent-native-orchestration.md) | Agent-native orchestration (lakes, plan-verify probes, synthesizer) | Accepted |
 | [0043](0043-path-first-harness-tools.md) | Path-first harness tool contracts | Accepted |
 | [0044](0044-harness-steer-loop.md) | Post-run steer loop (repair vs plan revise) | Accepted |
+| [0045](0045-phase-scoped-agent-directories.md) | Phase-scoped harness agent directories | Accepted |
 
 ## Practice map
 

package/.pi/harness/docs/graphify-kb-updater-runbook.md

@@ -6,7 +6,8 @@
 
 The approved operating model is **hybrid allowlist auto-promotion with conservative staging**:
 
-- Daily local automation may auto-promote only explicitly approved allowlisted public sources with complete provenance and rights/access metadata.
+- Daily local automation may auto-promote only explicitly approved allowlisted public sources (`article`, `repo`, or `release`) with complete provenance and rights/access metadata.
+- Repository and release candidates are metadata-specific source classes; they do not inherit generic article behavior and must be authorized by `allowed_source_classes` on the allowlist entry.
 - Books, transcripts, YouTube/video material, paid/copyrighted/mirrored material, unclear-license content, and unknown open-web sources remain staged until manually approved.
 - Competitor monitoring is a curated taxonomy/watchlist/reporting signal, not an exhaustive crawler.
 - Pi-agent-open integration is intentionally limited/deferred: opening Pi should do at most a low-latency, no-network stale check. It must not perform synchronous web discovery, promotion, or Graphify mutation.
@@ -24,9 +25,11 @@ Allowlist auto-promotion requires all of the following:
 
 1. `.pi/harness/corpus/graphify-kb-updater.config.json` has `auto_promote_allowlist: true`.
 2. The candidate domain is present in `allowlist` with `approved: true`.
-3. The candidate itself has `approved: true`.
-4. `rights_access` is complete.
-5. The candidate is not a risky source class that requires manual review.
+3. If the allowlist entry has `allowed_source_classes`, it includes the candidate `kind` (`article`, `repo`, or `release`).
+4. The candidate itself has `approved: true`.
+5. `provenance.origin` and `provenance.locator` are complete.
+6. `rights_access` is complete.
+7. The candidate is not a risky source class that requires manual review.
 
 Risky source classes (`book`, `transcript`, `youtube`) always require explicit approval and complete rights/access metadata. Raw HTTP shell paths are forbidden; keep discovery/fetch through approved harness web/API abstractions and verify with `.pi/scripts/harness-web-policy-guard.mjs`.
 
@@ -66,12 +69,13 @@ node .pi/scripts/harness-web-policy-guard.mjs
 
 1. Review dry-run JSON: candidate count, source counts, competitor labels, duplicate/skipped/blocked counts, stale warnings, planned promotions, and graph action.
 2. For a candidate, add it to `.pi/harness/corpus/graphify-kb-updater.config.json` `review_queue` with:
-   - `kind` (`article`, `paper`, `book`, `transcript`, or `youtube`)
+   - `kind` (`article`, `repo`, `release`, `paper`, `book`, `transcript`, or `youtube`)
    - `title`
    - `url` or `path`
    - `approved: true`
    - `rights_access` object with all required fields
    - optional `competitor_labels` or provenance notes.
+   - for repo/release auto-promotion, an allowlist entry whose `allowed_source_classes` includes `repo` or `release`.
 3. For local files, you may place `<file>.rights.json` beside the source, but risky classes still require explicit approval before promotion.
 4. Run `--apply --refresh-graph`.
 5. Promoted sources land under `raw/graphify-kb-updates/<kind>/` with `.provenance.json` sidecars.
@@ -108,6 +112,7 @@ Each run reports:
 - `last_run_at`
 - `candidate_count`, `promoted_count`, `blocked_count`, `skipped_count`, `duplicate_skips`, `failure_count`
 - `counts.by_kind`, `counts.by_source_type`, `counts.by_competitor_label`, `counts.allowlisted`
+- `staged_count`, `review_queue_count`, and `review_queue` items with reason codes and next actions
 - `stale_warnings`
 - `changed_existing_count` for same URL/path content changes
 - `graph.action`, `graph.exit_status`, and Graphify report path when refreshed
@@ -117,6 +122,7 @@ Review these fields before enabling unattended mode and after every config chang
 
 ## Troubleshooting
 
+- `missing_complete_provenance`: add `provenance.origin` and `provenance.locator`.
 - `missing_rights_access_approval`: add complete rights/access metadata.
 - `manual_approval_required`: set `approved: true` after source and rights review.
 - `duplicate_unchanged`: candidate was already promoted and content hash is unchanged.

package/.pi/harness/docs/practice-map.md

@@ -70,7 +70,7 @@ See also: [ADRs](adrs/README.md), [ADR 0040](adrs/0040-practice-grounded-orchest
 |------|----------|-------------------|-------|
 | Gate | Change control | `plan_ready` required | Parent |
 | Pre-work | Fitness baseline | `sentrux gate --save` | Parent |
-| Work | Single implementer | `executor_strategy` | `harness/executor` |
+| Work | Single implementer | `executor_strategy` | `harness/running/executor` |
 | Post-work | Observation | `sentrux check` / signal artifact | Parent |
 | Handoff | Generator–evaluator | `submit_executor_handoff` | Executor |
 | Next | Always verify | **`/harness-review`** (not replan on blocked) | Parent routing |
@@ -95,7 +95,7 @@ See also: [ADRs](adrs/README.md), [ADR 0040](adrs/0040-practice-grounded-orchest
 |------|----------|-------|
 | 0 | Read review + repair briefs | Parent |
 | 1 | Policy phase → `execute` | Parent |
-| 2 | Repair scope | `harness/executor` `mode: repair` |
+| 2 | Repair scope | `harness/running/executor` `mode: repair` |
 | 3 | Re-verify | `/harness-review` |
 
 ## Anti-patterns

package/.pi/harness/specs/harness-spawn-context.schema.json

@@ -14,7 +14,7 @@
 		"agent": {
 			"type": "string",
 			"minLength": 1,
-			"description": "Target subagent id, e.g. harness/planning/scout-graphify"
+			"description": "Target subagent id, e.g. harness/running/executor"
 		},
 		"mode": {
 			"type": "string",

package/.pi/lib/harness-project-config.ts

@@ -0,0 +1,91 @@
+/**
+ * Per-project harness enable/disable — `.pi/harness/project.json`.
+ * Default: enabled when the file is missing (backward compatible).
+ */
+
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+
+export const HARNESS_PROJECT_CONFIG_BASENAME = "project.json";
+
+export interface HarnessProjectConfig {
+	schema_version: "1.0.0";
+	enabled: boolean;
+	updated_at?: string;
+}
+
+export function harnessProjectConfigPath(projectRoot: string): string {
+	return join(projectRoot, ".pi", "harness", HARNESS_PROJECT_CONFIG_BASENAME);
+}
+
+function envOverrideEnabled(): boolean | null {
+	const raw = process.env.HARNESS_ENABLED?.trim().toLowerCase();
+	if (!raw) return null;
+	if (raw === "0" || raw === "false" || raw === "no") return false;
+	if (raw === "1" || raw === "true" || raw === "yes") return true;
+	return null;
+}
+
+export function readHarnessProjectConfig(
+	projectRoot: string = process.cwd(),
+): HarnessProjectConfig {
+	const fromEnv = envOverrideEnabled();
+	if (fromEnv !== null) {
+		return { schema_version: "1.0.0", enabled: fromEnv };
+	}
+
+	const path = harnessProjectConfigPath(projectRoot);
+	if (!existsSync(path)) {
+		return { schema_version: "1.0.0", enabled: true };
+	}
+
+	try {
+		const raw = JSON.parse(
+			readFileSync(path, "utf8"),
+		) as Partial<HarnessProjectConfig>;
+		if (typeof raw.enabled === "boolean") {
+			return {
+				schema_version: "1.0.0",
+				enabled: raw.enabled,
+				updated_at: raw.updated_at,
+			};
+		}
+	} catch {
+		// corrupt file — treat as enabled so operators are not locked out
+	}
+
+	return { schema_version: "1.0.0", enabled: true };
+}
+
+export function isHarnessProjectEnabled(projectRoot?: string): boolean {
+	return readHarnessProjectConfig(projectRoot ?? process.cwd()).enabled;
+}
+
+export function writeHarnessProjectEnabled(
+	projectRoot: string,
+	enabled: boolean,
+): HarnessProjectConfig {
+	const path = harnessProjectConfigPath(projectRoot);
+	mkdirSync(dirname(path), { recursive: true });
+	const config: HarnessProjectConfig = {
+		schema_version: "1.0.0",
+		enabled,
+		updated_at: new Date().toISOString(),
+	};
+	writeFileSync(path, `${JSON.stringify(config, null, "\t")}\n`, "utf8");
+	return config;
+}
+
+/** Slash commands that stay available while governance is disabled. */
+export const HARNESS_ALWAYS_ALLOWED_COMMANDS = new Set([
+	"harness-enable",
+	"harness-disable",
+	"harness-enabled-status",
+	"harness-setup",
+]);
+
+export function isHarnessWorkflowCommand(command: string): boolean {
+	if (!command.startsWith("harness-")) return false;
+	if (HARNESS_ALWAYS_ALLOWED_COMMANDS.has(command)) return false;
+	return true;
+}

package/.pi/lib/harness-run-context.ts

@@ -1763,7 +1763,7 @@ export function nextStepAfterOutcome(input: {
 	return "/harness-run-status";
 }
 
-/** Read executor handoff artifact written by harness/executor submit pipeline. */
+/** Read executor handoff artifact written by harness/running/executor submit pipeline. */
 export async function readExecutorHandoffFromRun(
 	runId: string,
 	projectRoot: string,