ultimate-pi 0.18.0 → 0.19.0

package/.pi/extensions/lib/ask-user/dialog.ts

@@ -1,260 +0,0 @@
-import type { ExtensionUIContext } from "@earendil-works/pi-coding-agent";
-import {
-	Editor,
-	type EditorTheme,
-	Key,
-	matchesKey,
-	truncateToWidth,
-} from "@earendil-works/pi-tui";
-import type { AskResponse, DialogResult, ValidatedAskParams } from "./types.js";
-
-type DisplayOption = {
-	title: string;
-	description?: string;
-	isFreeform?: boolean;
-};
-
-interface CustomAnswer {
-	response: AskResponse;
-}
-
-function withTimeout<T>(
-	promise: Promise<T | null>,
-	ms: number | undefined,
-): Promise<T | null> {
-	if (!ms) return promise;
-	return Promise.race([
-		promise,
-		new Promise<null>((resolve) => {
-			setTimeout(() => resolve(null), ms);
-		}),
-	]);
-}
-
-export async function runAskDialog(
-	ui: ExtensionUIContext,
-	validated: ValidatedAskParams,
-): Promise<DialogResult> {
-	const { question, context, options, allowMultiple, allowFreeform } =
-		validated;
-
-	const displayOptions: DisplayOption[] = [...options];
-	if (allowFreeform) {
-		displayOptions.push({
-			title: "Type something…",
-			isFreeform: true,
-		});
-	}
-
-	// Freeform-only: no listed options
-	if (displayOptions.length === 0) {
-		const text = await ui.input(question, "");
-		if (!text?.trim()) {
-			return { response: null, cancelled: true };
-		}
-		return {
-			response: { kind: "freeform", text: text.trim() },
-			cancelled: false,
-		};
-	}
-
-	const result = await withTimeout(
-		ui.custom<CustomAnswer | null>((tui, theme, _kb, done) => {
-			let optionIndex = 0;
-			let editMode = false;
-			const selected = new Set<number>();
-			let cachedLines: string[] | undefined;
-
-			const editorTheme: EditorTheme = {
-				borderColor: (s) => theme.fg("accent", s),
-				selectList: {
-					selectedPrefix: (t) => theme.fg("accent", t),
-					selectedText: (t) => theme.fg("accent", t),
-					description: (t) => theme.fg("muted", t),
-					scrollInfo: (t) => theme.fg("dim", t),
-					noMatch: (t) => theme.fg("warning", t),
-				},
-			};
-			const editor = new Editor(tui, editorTheme);
-
-			editor.onSubmit = (value) => {
-				const trimmed = value.trim();
-				if (trimmed) {
-					done({ response: { kind: "freeform", text: trimmed } });
-				} else {
-					editMode = false;
-					editor.setText("");
-					refresh();
-				}
-			};
-
-			function refresh() {
-				cachedLines = undefined;
-				tui.requestRender();
-			}
-
-			function submitSelection() {
-				if (allowMultiple) {
-					const titles = [...selected]
-						.sort((a, b) => a - b)
-						.map((i) => displayOptions[i].title)
-						.filter((t) => t !== "Type something…");
-					if (titles.length === 0) return;
-					done({ response: { kind: "selection", selections: titles } });
-					return;
-				}
-				const opt = displayOptions[optionIndex];
-				if (opt.isFreeform) {
-					editMode = true;
-					refresh();
-					return;
-				}
-				done({
-					response: { kind: "selection", selections: [opt.title] },
-				});
-			}
-
-			function handleInput(data: string) {
-				if (editMode) {
-					if (matchesKey(data, Key.escape)) {
-						editMode = false;
-						editor.setText("");
-						refresh();
-						return;
-					}
-					editor.handleInput(data);
-					refresh();
-					return;
-				}
-
-				if (matchesKey(data, Key.up)) {
-					optionIndex = Math.max(0, optionIndex - 1);
-					refresh();
-					return;
-				}
-				if (matchesKey(data, Key.down)) {
-					optionIndex = Math.min(displayOptions.length - 1, optionIndex + 1);
-					refresh();
-					return;
-				}
-
-				if (allowMultiple && matchesKey(data, Key.space)) {
-					const opt = displayOptions[optionIndex];
-					if (!opt.isFreeform) {
-						if (selected.has(optionIndex)) {
-							selected.delete(optionIndex);
-						} else {
-							selected.add(optionIndex);
-						}
-						refresh();
-					}
-					return;
-				}
-
-				if (matchesKey(data, Key.enter)) {
-					submitSelection();
-					return;
-				}
-
-				if (matchesKey(data, Key.escape)) {
-					done(null);
-				}
-			}
-
-			function render(width: number): string[] {
-				if (cachedLines) return cachedLines;
-
-				const lines: string[] = [];
-				const add = (s: string) => lines.push(truncateToWidth(s, width));
-				const useOverlay = validated.displayMode !== "inline";
-
-				if (useOverlay) {
-					add(theme.fg("accent", "─".repeat(width)));
-				}
-
-				if (context) {
-					for (const line of context.split("\n")) {
-						add(theme.fg("muted", ` ${line}`));
-					}
-					lines.push("");
-				}
-
-				add(theme.fg("text", ` ${question}`));
-				lines.push("");
-
-				for (let i = 0; i < displayOptions.length; i++) {
-					const opt = displayOptions[i];
-					const isFreeform = opt.isFreeform === true;
-					const focused = i === optionIndex;
-					const checked = selected.has(i);
-					let prefix = "  ";
-					if (allowMultiple && !isFreeform) {
-						prefix = checked ? theme.fg("accent", "[x] ") : "[ ] ";
-					} else if (focused) {
-						prefix = theme.fg("accent", "> ");
-					}
-
-					const num = `${i + 1}. `;
-					const label = opt.title;
-					if (isFreeform && editMode && focused) {
-						add(prefix + theme.fg("accent", `${num}${label} ✎`));
-					} else if (focused && !allowMultiple) {
-						add(prefix + theme.fg("accent", `${num}${label}`));
-					} else {
-						add(`${prefix}${theme.fg("text", `${num}${label}`)}`);
-					}
-
-					if (opt.description) {
-						add(`     ${theme.fg("muted", opt.description)}`);
-					}
-				}
-
-				if (editMode) {
-					lines.push("");
-					add(theme.fg("muted", " Your answer:"));
-					for (const line of editor.render(width - 2)) {
-						add(` ${line}`);
-					}
-				}
-
-				lines.push("");
-				if (editMode) {
-					add(theme.fg("dim", " Enter to submit • Esc to go back"));
-				} else if (allowMultiple) {
-					add(
-						theme.fg(
-							"dim",
-							" ↑↓ navigate • Space toggle • Enter confirm • Esc cancel",
-						),
-					);
-				} else {
-					add(
-						theme.fg("dim", " ↑↓ navigate • Enter to select • Esc to cancel"),
-					);
-				}
-
-				if (useOverlay) {
-					add(theme.fg("accent", "─".repeat(width)));
-				}
-
-				cachedLines = lines;
-				return lines;
-			}
-
-			return {
-				render,
-				invalidate: () => {
-					cachedLines = undefined;
-				},
-				handleInput,
-			};
-		}),
-		validated.timeout,
-	);
-
-	if (!result) {
-		return { response: null, cancelled: true };
-	}
-
-	return { response: result.response, cancelled: false };
-}

package/.pi/extensions/lib/harness-subagent-auth.ts

@@ -1,209 +0,0 @@
-/**
- * Resolve concrete LLM credentials for harness subagent subprocesses.
- *
- * Parent sessions often use `router/<profile>` (pi-model-router). Subagents run with
- * `--no-extensions`, so they cannot use the logical router provider — they need
- * a real provider/model plus that provider's API key.
- *
- * Session-locked routing: subprocess model is chosen once from agent system prompt
- * complexity (same analysis as parent session lock), not from per-turn parent tier.
- */
-
-import { existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
-import { resolveTierFromPrompt } from "../../../vendor/pi-model-router/extensions/routing.js";
-import type {
-	RouterProfile,
-	RouterTier,
-	RoutingRule,
-} from "../../../vendor/pi-model-router/extensions/types.js";
-import type { AgentConfig } from "../../../vendor/pi-subagents/src/agents.js";
-
-const ROUTER_SENTINEL_KEY = "pi-model-router";
-const SENTINEL_API_KEYS = new Set([ROUTER_SENTINEL_KEY, "<authenticated>"]);
-
-interface ModelRouterJson {
-	defaultProfile?: string;
-	phaseBias?: number;
-	rules?: RoutingRule[];
-	profiles?: Record<string, RouterProfile>;
-}
-
-export function isUsableApiKey(key: string | undefined): key is string {
-	return Boolean(key && !SENTINEL_API_KEYS.has(key));
-}
-
-export function parseModelRef(
-	ref: string,
-): { provider: string; modelId: string } | null {
-	const slash = ref.indexOf("/");
-	if (slash <= 0) return null;
-	const provider = ref.slice(0, slash).trim();
-	const modelId = ref.slice(slash + 1).trim();
-	if (!provider || !modelId) return null;
-	return { provider, modelId };
-}
-
-/** Planning subagents that should prefer low/medium router tier for latency. */
-const ROUTINE_PLANNING_AGENT_PATHS = new Set([
-	"harness/planning/plan-evaluator",
-	"harness/planning/plan-adversary",
-	"harness/planning/review-integrator",
-	"harness/planning/hypothesis-validator",
-	"harness/planning/sprint-contract-auditor",
-	"harness/planning/planning-context",
-	"harness/planning/scout-structure",
-	"harness/planning/scout-semantic",
-	"harness/planning/decompose",
-	"harness/planning/hypothesis",
-	"harness/planning/stack-research",
-	"harness/planning/plan-validator",
-]);
-
-export function isRoutinePlanningAgent(agentName: string): boolean {
-	return ROUTINE_PLANNING_AGENT_PATHS.has(agentName);
-}
-
-export function thinkingToRouterTier(
-	thinking?: string,
-	agentName?: string,
-): RouterTier {
-	if (agentName && isRoutinePlanningAgent(agentName)) {
-		if (thinking === "high" || thinking === "xhigh") return "medium";
-		return "low";
-	}
-	if (thinking === "high" || thinking === "xhigh") return "high";
-	if (thinking === "off" || thinking === "minimal" || thinking === "low") {
-		return "low";
-	}
-	return "medium";
-}
-
-function loadModelRouterConfig(cwd: string): ModelRouterJson | undefined {
-	const path = join(cwd, ".pi", "model-router.json");
-	if (!existsSync(path)) return undefined;
-	try {
-		return JSON.parse(readFileSync(path, "utf8")) as ModelRouterJson;
-	} catch {
-		return undefined;
-	}
-}
-
-function resolveRouterProfileEntry(
-	config: ModelRouterJson,
-	profileId: string,
-): { profileId: string; profile: RouterProfile } | undefined {
-	const profiles = config.profiles;
-	if (!profiles) return undefined;
-	const candidates = [
-		profileId,
-		config.defaultProfile ?? "auto",
-		"auto",
-		"opencode-go",
-	];
-	const seen = new Set<string>();
-	for (const id of candidates) {
-		if (!id || seen.has(id)) continue;
-		seen.add(id);
-		const profile = profiles[id];
-		if (profile?.high?.model && profile.medium?.model && profile.low?.model) {
-			return { profileId: id, profile };
-		}
-	}
-	return undefined;
-}
-
-/** Tier from agent system prompt (+ optional task line) for session model lock. */
-export function resolveSubagentRouterTier(
-	cwd: string,
-	profileId: string,
-	agent: AgentConfig,
-	taskSnippet?: string,
-): RouterTier {
-	const config = loadModelRouterConfig(cwd);
-	if (config) {
-		const entry = resolveRouterProfileEntry(config, profileId);
-		if (entry) {
-			return resolveTierFromPrompt(
-				agent.systemPrompt ?? "",
-				taskSnippet?.trim() ?? "",
-				entry.profileId,
-				entry.profile,
-				config.rules,
-				config.phaseBias ?? 0.5,
-			);
-		}
-	}
-	return thinkingToRouterTier(agent.thinking, agent.name);
-}
-
-/** Map router profile tier → concrete `provider/model` from `.pi/model-router.json`. */
-export function resolveRouterConcreteModelRef(
-	cwd: string,
-	profileId: string,
-	tier: RouterTier,
-): string | undefined {
-	const path = join(cwd, ".pi", "model-router.json");
-	if (!existsSync(path)) return undefined;
-	const raw = loadModelRouterConfig(cwd);
-	if (!raw) return undefined;
-	const entry = resolveRouterProfileEntry(raw, profileId);
-	const model = entry?.profile[tier]?.model;
-	return typeof model === "string" && model.includes("/") ? model : undefined;
-}
-
-export interface ConcreteSubagentModel {
-	modelRef: string;
-	provider: string;
-	modelId: string;
-	routerProfile?: string;
-	routerTier?: RouterTier;
-}
-
-/**
- * Pick the subprocess model ref before resolving API keys.
- * Never returns `router/*` — always a concrete provider.
- */
-export function resolveConcreteSubagentModel(
-	cwd: string,
-	parentModel: { provider: string; id: string } | undefined,
-	agent: AgentConfig,
-	taskSnippet?: string,
-): ConcreteSubagentModel | undefined {
-	if (agent.model && !agent.model.startsWith("router/")) {
-		const parsed = parseModelRef(agent.model);
-		if (parsed) {
-			return { modelRef: agent.model, ...parsed };
-		}
-	}
-
-	const parentIsRouter = parentModel?.provider === "router";
-	const agentIsRouter = Boolean(agent.model?.startsWith("router/"));
-
-	if (!parentIsRouter && !agentIsRouter) {
-		if (parentModel && parentModel.provider !== "router") {
-			return {
-				modelRef: `${parentModel.provider}/${parentModel.id}`,
-				provider: parentModel.provider,
-				modelId: parentModel.id,
-			};
-		}
-		return undefined;
-	}
-
-	const profileId =
-		agentIsRouter && agent.model
-			? agent.model.slice("router/".length)
-			: (parentModel?.id ?? "auto");
-	const tier = resolveSubagentRouterTier(cwd, profileId, agent, taskSnippet);
-	const concrete = resolveRouterConcreteModelRef(cwd, profileId, tier);
-	if (!concrete) return undefined;
-	const parsed = parseModelRef(concrete);
-	if (!parsed || parsed.provider === "router") return undefined;
-	return {
-		modelRef: concrete,
-		...parsed,
-		routerProfile: profileId,
-		routerTier: tier,
-	};
-}

package/.pi/extensions/lib/harness-subagent-policy.ts

@@ -1,236 +0,0 @@
-/**
- * Per-agent tool policy for harness/* subagents (defense in depth with frontmatter).
- */
-
-import {
-	evaluateContextModeMutation,
-	isMutatingBash,
-} from "../../lib/harness-context-mode-policy.js";
-import type { HarnessPhase } from "../../lib/harness-run-context.js";
-import {
-	isSubmitToolName,
-	SUBMIT_TOOLS_BY_AGENT,
-} from "./harness-subagent-submit-registry.js";
-import {
-	evaluateSubagentToolCall,
-	type ToolCallDecision,
-} from "./spawn-policy.js";
-
-export type HarnessAgentKind =
-	| "planner"
-	| "executor"
-	| "evaluator"
-	| "adversary"
-	| "tie_breaker"
-	| "meta"
-	| "trace"
-	| "incident"
-	| "other";
-
-const MUTATING_TOOLS = new Set(["write", "edit"]);
-
-/** Planning agents must use submit_* → canonical artifacts/*.yaml, not JSON dumps. */
-const PLANNING_ARTIFACT_JSON_WRITE = /artifacts\/[^\s'"`;]+\.json\b/i;
-
-const PLANNING_BASH_DENY_PATTERNS = [
-	/\bgraphify\s+update\b/i,
-	/\bgraphify\s+extract\b/i,
-	/\bgraphify\s+install\b/i,
-	/\bccc\s+(index|init|reset|daemon)\b/i,
-	/\bccc\s+search\b.*--refresh/i,
-	/\bpip\s+install\b/i,
-	/\buv\s+tool\s+install\b/i,
-	/\bnpm\s+install\b/i,
-	/\bnpm\s+install\b.*cocoindex/i,
-	/\buv\s+tool\s+install\b.*cocoindex/i,
-];
-
-const READ_ONLY_KINDS = new Set<HarnessAgentKind>([
-	"planner",
-	"evaluator",
-	"adversary",
-	"tie_breaker",
-	"trace",
-	"incident",
-	"meta",
-]);
-
-export function isHarnessPlanningAgent(agentType: string): boolean {
-	const id = agentType.replace(/^harness\//, "");
-	return id.startsWith("planning/");
-}
-
-export function classifyHarnessAgent(agentType: string): HarnessAgentKind {
-	const id = agentType.replace(/^harness\//, "");
-	if (id.startsWith("planning/")) {
-		return "planner";
-	}
-	switch (id) {
-		case "executor":
-			return "executor";
-		case "evaluator":
-			return "evaluator";
-		case "adversary":
-			return "adversary";
-		case "tie-breaker":
-			return "tie_breaker";
-		case "meta-optimizer":
-			return "meta";
-		case "trace-librarian":
-			return "trace";
-		case "incident-recorder":
-			return "incident";
-		default:
-			return agentType.startsWith("harness/") ? "other" : "other";
-	}
-}
-
-export function isHarnessPackageAgent(agentType: string): boolean {
-	return agentType.startsWith("harness/");
-}
-
-export function evaluateHarnessSubagentToolCall(
-	toolName: string,
-	input: Record<string, unknown> | undefined,
-	agentType: string,
-): ToolCallDecision {
-	const base = evaluateSubagentToolCall(toolName, agentType);
-	if (base.action === "block") {
-		return base;
-	}
-
-	if (!isHarnessPackageAgent(agentType)) {
-		if (
-			isSubmitToolName(toolName) &&
-			process.env.PI_HARNESS_SUBPROCESS !== "1"
-		) {
-			return {
-				action: "block",
-				reason:
-					"harness-subagent-policy: submit_* tools are subprocess-only; parent orchestrator must use harness_artifact_ready and write_harness_yaml for merges.",
-			};
-		}
-		return { action: "allow" };
-	}
-
-	if (isSubmitToolName(toolName)) {
-		if (process.env.PI_HARNESS_SUBPROCESS !== "1") {
-			return {
-				action: "block",
-				reason:
-					"harness-subagent-policy: submit_* tools are not available in the parent harness session.",
-			};
-		}
-		if (toolName === "submit_human_required") {
-			const kind = classifyHarnessAgent(agentType);
-			if (kind === "executor") {
-				return {
-					action: "block",
-					reason:
-						"submit_human_required is not available for harness/executor.",
-				};
-			}
-			return { action: "allow" };
-		}
-		const allowed = SUBMIT_TOOLS_BY_AGENT[agentType];
-		if (!allowed?.has(toolName)) {
-			return {
-				action: "block",
-				reason: `harness-subagent-policy: ${toolName} is not allowed for ${agentType}.`,
-			};
-		}
-		return { action: "allow" };
-	}
-
-	const kind = classifyHarnessAgent(agentType);
-	if (!READ_ONLY_KINDS.has(kind)) {
-		return { action: "allow" };
-	}
-
-	if (toolName === "create_plan" || toolName === "approve_plan") {
-		return {
-			action: "block",
-			reason: `harness-subagent-policy: ${toolName} is parent-orchestrator only (not available in subagents).`,
-		};
-	}
-
-	if (MUTATING_TOOLS.has(toolName)) {
-		return {
-			action: "block",
-			reason: `harness-subagent-policy: ${toolName} blocked for harness/${kind} (read-only phase agent).`,
-		};
-	}
-
-	if (toolName === "bash") {
-		const command = String(input?.command ?? "");
-		if (
-			kind === "planner" &&
-			command &&
-			PLANNING_ARTIFACT_JSON_WRITE.test(command)
-		) {
-			return {
-				action: "block",
-				reason:
-					"harness-subagent-policy: artifacts must be YAML only — use submit_* (e.g. submit_hypothesis_brief → artifacts/hypothesis.yaml), not bash writes to .json.",
-			};
-		}
-		if (command && isMutatingBash(command)) {
-			return {
-				action: "block",
-				reason: `harness-subagent-policy: mutating bash blocked for harness/${kind}.`,
-			};
-		}
-		if (
-			command &&
-			isHarnessPlanningAgent(agentType) &&
-			PLANNING_BASH_DENY_PATTERNS.some((p) => p.test(command))
-		) {
-			return {
-				action: "block",
-				reason:
-					"harness-subagent-policy: planning scouts may use read-only graphify/sg/ccc commands only.",
-			};
-		}
-	}
-
-	const ctxPhase =
-		(harnessSubagentPhaseHint(agentType) as HarnessPhase | null) ?? "plan";
-	const ctxDecision = evaluateContextModeMutation(
-		toolName,
-		input ?? {},
-		ctxPhase,
-		{ aborted: false, readOnlyAgent: true },
-	);
-	if (ctxDecision.blocked) {
-		return {
-			action: "block",
-			reason: ctxDecision.reason.replace(
-				/^policy-gate:/,
-				"harness-subagent-policy:",
-			),
-		};
-	}
-
-	return { action: "allow" };
-}
-
-export { isSubmitToolName } from "./harness-subagent-submit-registry.js";
-
-export function harnessSubagentPhaseHint(agentType: string): string | null {
-	if (isHarnessPlanningAgent(agentType)) {
-		return "plan";
-	}
-	const kind = classifyHarnessAgent(agentType);
-	switch (kind) {
-		case "planner":
-			return "plan";
-		case "executor":
-			return "execute";
-		case "evaluator":
-			return "evaluate";
-		case "adversary":
-			return "adversary";
-		default:
-			return null;
-	}
-}