ultimate-pi 0.18.0 → 0.19.0

package/.pi/extensions/harness-subagent-governance.ts

@@ -0,0 +1,8 @@
+/**
+ * @deprecated Use subagent-governance.ts — re-export for subprocess -e path stability.
+ */
+export {
+	default,
+	harnessSubagentGovernanceExtensionPath,
+	subagentGovernanceExtensionPath,
+} from "./subagent-governance.js";

package/.pi/extensions/harness-subagent-submit.ts

@@ -1,84 +1,42 @@
 /**
  * Subprocess-only harness submit tools — validate + write artifacts under run_dir.
- * Loaded via `pi --no-extensions -e harness-subagent-submit.ts` for harness agents.
+ * Prefer harness-subagent-governance.ts bundle (AGT + submit) for harness spawns.
  */
 
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
-import { Type } from "@sinclair/typebox";
-import { resolveGuardedRunDir } from "../lib/harness-subagent-submit-path.js";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
-import { getHarnessPackageRoot } from "./lib/harness-paths.js";
-import { evaluateHarnessSubagentToolCall } from "./lib/harness-subagent-policy.js";
+import { claimHarnessGovernanceLoad } from "../lib/extension-load-guard.js";
+import { evaluateAgtHarnessToolCall } from "../lib/harness-agt-tool-guard.js";
+import { getHarnessPackageRoot } from "../lib/harness-paths.js";
 import {
-	executeSubmitPipeline,
-	loadSubmitDocument,
-} from "./lib/harness-subagent-submit-pipeline.js";
-import { SUBMIT_TOOL_SPECS } from "./lib/harness-subagent-submit-registry.js";
+	isSubprocessHarnessSubmit,
+	registerHarnessSubagentSubmitTools,
+	resolveHarnessSubmitRunContext,
+} from "../lib/harness-subagent-submit-register.js";
 
 // @ts-expect-error pi extensions run as ESM
 const MODULE_URL = import.meta.url;
 
-const DocumentSchema = Type.Object(
-	{
-		document: Type.Optional(
-			Type.Record(Type.String(), Type.Unknown(), {
-				description:
-					"Artifact fields (deprecated when source_path is set; ADR 0043)",
-			}),
-		),
-		source_path: Type.Optional(
-			Type.String({
-				description:
-					"Relative path under run dir, e.g. artifacts/.draft/decomposition.yaml",
-			}),
-		),
-	},
-	{ additionalProperties: false },
-);
-
-function resolveRunContext(): {
-	projectRoot: string;
-	specsDir: string;
-	runId: string;
-	runDirEnv?: string;
-	agentId: string;
-} {
-	const projectRoot = process.env.HARNESS_PKG_ROOT ?? process.cwd();
-	const specsDir = join(projectRoot, ".pi", "harness", "specs");
-	const runId = process.env.HARNESS_RUN_ID?.trim() ?? "";
-	const runDirEnv = process.env.HARNESS_RUN_DIR?.trim();
-	const agentId = process.env.HARNESS_AGENT_ID?.trim() ?? "";
-	return { projectRoot, specsDir, runId, runDirEnv, agentId };
-}
-
-function isSubprocessHarness(): boolean {
-	return (
-		process.env.PI_HARNESS_SUBPROCESS === "1" &&
-		Boolean(process.env.HARNESS_RUN_ID?.trim())
-	);
-}
-
 export default function harnessSubagentSubmit(pi: ExtensionAPI) {
-	if (!claimExtensionLoad("harness-subagent-submit", MODULE_URL)) return;
-	// Option A: only load submit tools in subprocess (`-e` bundle), not parent discovery.
+	if (!claimHarnessGovernanceLoad("harness-subagent-submit", MODULE_URL))
+		return;
 	if (process.env.PI_HARNESS_SUBPROCESS !== "1") {
 		return;
 	}
 
-	const _packageRoot = getHarnessPackageRoot(MODULE_URL);
+	const packageRoot = getHarnessPackageRoot(MODULE_URL);
+	registerHarnessSubagentSubmitTools(pi, packageRoot);
 
-	pi.on("tool_call", async (event) => {
+	pi.on("tool_call", async (event, ctx) => {
 		if (!event.toolName.startsWith("submit_")) return undefined;
-		const subprocessOk = isSubprocessHarness();
-		if (!subprocessOk) {
+		if (!isSubprocessHarnessSubmit()) {
 			return {
 				block: true,
 				reason:
 					"harness-subagent-submit: submit_* tools are only available in harness subagent subprocesses.",
 			};
 		}
-		const { agentId } = resolveRunContext();
+		const { agentId } = resolveHarnessSubmitRunContext(packageRoot);
 		if (!agentId) {
 			return {
 				block: true,
@@ -86,118 +44,32 @@ export default function harnessSubagentSubmit(pi: ExtensionAPI) {
 					"harness-subagent-submit: HARNESS_AGENT_ID is required for submit tools.",
 			};
 		}
-		const decision = evaluateHarnessSubagentToolCall(
-			event.toolName,
-			event.input as Record<string, unknown>,
-			agentId,
-		);
-		if (decision.action === "block") {
-			return { block: true, reason: decision.reason };
-		}
-		return undefined;
-	});
 
-	for (const spec of SUBMIT_TOOL_SPECS) {
-		pi.registerTool({
-			name: spec.toolName,
-			label: spec.toolName.replace(/^submit_/, "Submit "),
-			description: `Terminal harness artifact submit for ${spec.agents.join(", ")}. Call once with the full schema document before ending the turn.`,
-			parameters: DocumentSchema,
-			async execute(_id, params, _signal, _onUpdate, _ctx) {
-				if (!isSubprocessHarness()) {
-					return {
-						content: [
-							{
-								type: "text",
-								text: "submit tools require PI_HARNESS_SUBPROCESS and HARNESS_RUN_ID",
-							},
-						],
-						details: {},
-						isError: true,
-					};
-				}
-				const { projectRoot, specsDir, runId, runDirEnv, agentId } =
-					resolveRunContext();
-				if (!spec.agents.includes(agentId)) {
-					return {
-						content: [
-							{
-								type: "text",
-								text: `${spec.toolName} is not allowed for agent ${agentId}`,
-							},
-						],
-						details: { agentId, tool: spec.toolName },
-						isError: true,
-					};
-				}
-				const runResolved = await resolveGuardedRunDir({
-					projectRoot,
-					runId,
-					runDirEnv,
-				});
-				if (!runResolved.ok) {
-					return {
-						content: [{ type: "text", text: runResolved.error }],
-						details: {},
-						isError: true,
-					};
-				}
-				const loaded = await loadSubmitDocument({
-					projectRoot,
-					runDir: runResolved.runDir,
-					document: (params as { document?: Record<string, unknown> }).document,
-					source_path: (params as { source_path?: string }).source_path,
-				});
-				if (!loaded.ok) {
-					return {
-						content: [
-							{
-								type: "text",
-								text: `Validation failed:\n${loaded.validation_errors.join("\n")}`,
-							},
-						],
-						isError: true,
-						details: loaded,
-					};
-				}
-				const result = await executeSubmitPipeline({
-					projectRoot,
-					specsDir,
-					spec,
-					agentId,
-					document: loaded.document,
-					runId,
-					runDirEnv,
-				});
-				if (!result.ok) {
-					return {
-						content: [
-							{
-								type: "text",
-								text: `Validation failed:\n${(result.validation_errors ?? []).join("\n")}`,
-							},
-						],
-						isError: true,
-						details: result,
-					};
-				}
-				const lines = [`ok: wrote ${result.artifact_path}`];
-				if (result.lane_result?.messenger_posted) {
-					lines.push("messenger updated");
-				}
-				if (result.human_required) {
-					lines.push("human_required: parent must call ask_user");
-				}
-				return {
-					content: [{ type: "text", text: lines.join("\n") }],
-					details: result as unknown,
-				};
+		return evaluateAgtHarnessToolCall({
+			moduleUrl: MODULE_URL,
+			toolName: event.toolName,
+			toolInput: event.input as Record<string, unknown>,
+			policyState: {
+				phase:
+					(process.env.HARNESS_SUBAGENT_PHASE_HINT as
+						| "plan"
+						| "execute"
+						| "evaluate"
+						| "adversary"
+						| "merge") ?? "plan",
+				approvedPlan: true,
+				planId: null,
+				aborted: false,
+				budgetBypass: false,
 			},
+			entries: ctx.sessionManager.getEntries(),
+			sessionId: ctx.sessionManager.getSessionId(),
+			projectRoot: ctx.cwd,
 		});
-	}
+	});
 }
 
-/** Absolute path to the subprocess submit extension (Option A). */
+/** Absolute path to the subprocess submit extension (legacy standalone). */
 export function harnessSubagentSubmitExtensionPath(
 	packageRoot: string,
 ): string {

package/.pi/extensions/harness-subagents.ts

@@ -6,18 +6,18 @@
  */
 
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
+import { claimHarnessGovernanceLoad } from "../lib/extension-load-guard.js";
 
 // @ts-expect-error pi extensions run as ESM
 const MODULE_URL = import.meta.url;
 
 async function loadHarnessSubagents(): Promise<(pi: ExtensionAPI) => void> {
-	if (!claimExtensionLoad("harness-subagents", MODULE_URL)) {
+	if (!claimHarnessGovernanceLoad("harness-subagents", MODULE_URL)) {
 		return () => {};
 	}
-	const { getHarnessPackageRoot } = await import("./lib/harness-paths.js");
+	const { getHarnessPackageRoot } = await import("../lib/harness-paths.js");
 	const { createHarnessSubagentsExtension } = await import(
-		"./lib/harness-subagents-bridge.js"
+		"../lib/harness-subagents-bridge.js"
 	);
 	return createHarnessSubagentsExtension(getHarnessPackageRoot(MODULE_URL));
 }

package/.pi/extensions/harness-telemetry.ts

@@ -13,7 +13,8 @@ import {
 	captureHarnessEvent,
 	type HarnessPostHogEventName,
 	shutdownHarnessPostHog,
-} from "./lib/harness-posthog.js";
+} from "../lib/harness-posthog.js";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 
 type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
 
@@ -338,6 +339,7 @@ function mapCustomEntry(
 }
 
 export default function harnessTelemetry(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	const flushedHashes = new Set<string>();
 	let lastPolicyPhase: HarnessPhase | null = null;
 

package/.pi/extensions/harness-web-tools.ts

@@ -4,13 +4,13 @@
 
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { Type } from "@sinclair/typebox";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
+import { claimHarnessGovernanceLoad } from "../lib/extension-load-guard.js";
 import {
 	harnessWebContextLine,
 	readTextExcerpt,
 	runHarnessWeb,
 	summarizeSearchJson,
-} from "./lib/harness-web/run-cli.js";
+} from "../lib/harness-web/run-cli.js";
 
 // @ts-expect-error pi extensions run as ESM
 const MODULE_URL = import.meta.url;
@@ -98,7 +98,7 @@ function sessionCwd(ctx: { cwd?: string }): string {
 }
 
 export default function harnessWebTools(pi: ExtensionAPI) {
-	if (!claimExtensionLoad("harness-web-tools", MODULE_URL)) return;
+	if (!claimHarnessGovernanceLoad("harness-web-tools", MODULE_URL)) return;
 	pi.on("before_agent_start", async (event) => {
 		return {
 			systemPrompt: `${event.systemPrompt}\n\n${harnessWebContextLine()}`,

package/.pi/extensions/observation-bus.ts

@@ -7,6 +7,7 @@
 
 import { randomUUID } from "node:crypto";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import { getRunIdFromSession } from "../lib/harness-run-context.js";
 
 type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
@@ -87,6 +88,7 @@ function getRunId(ctx: {
 }
 
 export default function observationBus(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	const seen = new Set<string>();
 
 	pi.on("agent_end", async (_event, ctx) => {

package/.pi/extensions/policy-gate.ts

@@ -9,10 +9,9 @@
  */
 
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
-import {
-	evaluateContextModeMutation,
-	isMutatingBash,
-} from "../lib/harness-context-mode-policy.js";
+import { isHarnessAgtPolicyEnabled } from "../lib/agt/config.js";
+import { evaluateAgtHarnessToolCall } from "../lib/harness-agt-tool-guard.js";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import {
 	extractWritePathFromToolInput,
 	getLatestRunContext,
@@ -31,7 +30,7 @@ import {
 	userVisiblePromptSlice,
 	validatePlanPacket,
 } from "../lib/harness-run-context.js";
-import { bootstrapHarnessSubprocessFromEnv } from "./lib/harness-subprocess-bootstrap.js";
+import { bootstrapHarnessSubprocessFromEnv } from "../lib/harness-subprocess-bootstrap.js";
 
 type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
 
@@ -60,6 +59,9 @@ const PHASE_ORDER: HarnessPhase[] = [
 	"merge",
 ];
 
+// @ts-expect-error pi extensions run as ESM
+const MODULE_URL = import.meta.url;
+
 const MUTATING_TOOLS = new Set(["write", "edit"]);
 
 function nowIso(): string {
@@ -126,6 +128,7 @@ function getLatestPolicyStateFull(ctx: {
 }
 
 export default function policyGate(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	let state = defaultState();
 
 	const appendPolicyState = (next: PolicyState): void => {
@@ -248,6 +251,19 @@ export default function policyGate(pi: ExtensionAPI) {
 		const entries = ctx.sessionManager.getEntries();
 		const projectRoot = process.cwd();
 		const sessionId = ctx.sessionManager.getSessionId();
+
+		if (isHarnessAgtPolicyEnabled()) {
+			return evaluateAgtHarnessToolCall({
+				moduleUrl: MODULE_URL,
+				toolName: event.toolName,
+				toolInput: event.input as Record<string, unknown>,
+				policyState: state,
+				entries,
+				sessionId,
+				projectRoot,
+			});
+		}
+
 		const runCtx = getLatestRunContext(entries);
 
 		if (MUTATING_TOOLS.has(event.toolName)) {
@@ -272,6 +288,9 @@ export default function policyGate(pi: ExtensionAPI) {
 
 		if (event.toolName === "bash") {
 			const command = String(event.input.command ?? "");
+			const { isMutatingBash } = await import(
+				"../lib/harness-context-mode-policy.js"
+			);
 			if (!isMutatingBash(command)) return undefined;
 			if (state.aborted) {
 				return {
@@ -288,6 +307,9 @@ export default function policyGate(pi: ExtensionAPI) {
 			}
 		}
 
+		const { evaluateContextModeMutation } = await import(
+			"../lib/harness-context-mode-policy.js"
+		);
 		const ctxDecision = evaluateContextModeMutation(
 			event.toolName,
 			event.input as Record<string, unknown>,

package/.pi/extensions/review-integrity.ts

@@ -8,6 +8,7 @@
 import { appendFile, mkdir } from "node:fs/promises";
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 
 type HarnessPhase = "plan" | "execute" | "evaluate" | "adversary" | "merge";
 
@@ -15,12 +16,13 @@ const INCIDENTS_DIR = join(process.cwd(), ".pi", "harness", "incidents");
 const INCIDENT_FILE = join(INCIDENTS_DIR, "review-integrity.jsonl");
 
 const REVIEW_SUBAGENT_TYPES = new Set([
-	"harness/evaluator",
-	"harness/adversary",
-	"harness/tie-breaker",
+	"harness/reviewing/evaluator",
+	"harness/reviewing/adversary",
+	"harness/reviewing/tie-breaker",
 ]);
 
-const EXECUTOR_SUBAGENT_TYPE = "harness/executor";
+const EXECUTOR_SUBAGENT_TYPE = "harness/running/executor";
+const PLANNING_SUBAGENT_PREFIX = "harness/planning/";
 
 interface IsolationState {
 	executorSessionId: string | null;
@@ -138,6 +140,70 @@ function agentsFromSubagentInput(
 	return names;
 }
 
+function latestCustomData(
+	entries: SessionEntryLike[],
+	customType: string,
+): Record<string, unknown> | null {
+	for (let i = entries.length - 1; i >= 0; i--) {
+		const entry = entries[i];
+		if (entry.type !== "custom" || entry.customType !== customType) continue;
+		return entry.data && typeof entry.data === "object" ? entry.data : null;
+	}
+	return null;
+}
+
+function collectStrings(value: unknown, depth = 0): string[] {
+	if (depth > 5 || value == null) return [];
+	if (typeof value === "string") return [value];
+	if (Array.isArray(value)) {
+		return value.flatMap((item) => collectStrings(item, depth + 1));
+	}
+	if (typeof value === "object") {
+		return Object.values(value).flatMap((item) =>
+			collectStrings(item, depth + 1),
+		);
+	}
+	return [];
+}
+
+export function hasPlanReviseRecommendation(entries: unknown[]): boolean {
+	const typedEntries = entries as SessionEntryLike[];
+	const runContext = latestCustomData(typedEntries, "harness-run-context");
+	const text = collectStrings({
+		next_recommended_command: runContext?.next_recommended_command,
+		last_completed_step: runContext?.last_completed_step,
+		last_outcome: runContext?.last_outcome,
+		phase: runContext?.phase,
+	})
+		.join("\n")
+		.toLowerCase();
+
+	return text.includes("/harness-plan") && text.includes("revise");
+}
+
+export function isPlanRevisePlanningSubagent(input: {
+	agents: string[];
+	entries: unknown[];
+	toolInput?: Record<string, unknown>;
+}): boolean {
+	if (input.agents.length === 0) return false;
+	if (
+		!input.agents.every((agent) => agent.startsWith(PLANNING_SUBAGENT_PREFIX))
+	) {
+		return false;
+	}
+	if (hasPlanReviseRecommendation(input.entries)) return true;
+
+	const toolText = collectStrings(input.toolInput).join("\n").toLowerCase();
+	return (
+		toolText.includes("harness-plan") &&
+		(toolText.includes("mode: revise") ||
+			toolText.includes("mode=revise") ||
+			toolText.includes("--mode revise") ||
+			toolText.includes("--mode=revise"))
+	);
+}
+
 async function appendIncident(payload: Record<string, unknown>): Promise<void> {
 	await mkdir(INCIDENTS_DIR, { recursive: true });
 	await appendFile(
@@ -148,6 +214,7 @@ async function appendIncident(payload: Record<string, unknown>): Promise<void> {
 }
 
 export default function reviewIntegrity(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	let state: IsolationState = {
 		executorSessionId: null,
 		violationActive: false,
@@ -175,7 +242,10 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 		const phase = getPhase(ctx);
 		const currentSessionId = ctx.sessionManager.getSessionId();
 		const inReview = phase === "evaluate" || phase === "adversary";
-		if (!inReview) {
+		if (
+			!inReview ||
+			hasPlanReviseRecommendation(ctx.sessionManager.getEntries())
+		) {
 			state.violationActive = false;
 			state.updatedAt = nowIso();
 			persist();
@@ -201,7 +271,7 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 				customType: "harness-review-integrity-hint",
 				display: true,
 				content: [
-					"Review phase in executor session: spawn harness/evaluator or harness/adversary via subagent (isolated subprocess).",
+					"Review phase in executor session: spawn harness/reviewing/evaluator or harness/reviewing/adversary via subagent (isolated subprocess).",
 					"Do not run review checks directly in this session.",
 				].join("\n"),
 			},
@@ -210,9 +280,8 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 
 	pi.on("tool_call", async (event, ctx) => {
 		if (event.toolName === "subagent") {
-			const agents = agentsFromSubagentInput(
-				event.input as Record<string, unknown> | undefined,
-			);
+			const toolInput = event.input as Record<string, unknown> | undefined;
+			const agents = agentsFromSubagentInput(toolInput);
 			if (agents.includes(EXECUTOR_SUBAGENT_TYPE)) {
 				state.executorSessionId = ctx.sessionManager.getSessionId();
 				state.violationActive = false;
@@ -226,6 +295,18 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 				persist();
 				return undefined;
 			}
+			if (
+				isPlanRevisePlanningSubagent({
+					agents,
+					entries: ctx.sessionManager.getEntries(),
+					toolInput,
+				})
+			) {
+				state.violationActive = false;
+				state.updatedAt = nowIso();
+				persist();
+				return undefined;
+			}
 		}
 
 		if (!state.violationActive) return undefined;
@@ -237,7 +318,7 @@ export default function reviewIntegrity(pi: ExtensionAPI) {
 			reason:
 				"direct tool use in review phase while sharing executor session context",
 			mitigation:
-				"spawn harness/evaluator or harness/adversary via subagent instead",
+				"spawn harness/reviewing/evaluator or harness/reviewing/adversary via subagent instead",
 		});
 
 		return {

package/.pi/extensions/sentrux-rules-sync.ts

@@ -4,7 +4,8 @@
 
 import { spawn } from "node:child_process";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
-import { resolveHarnessScript } from "./lib/harness-paths.js";
+import { resolveHarnessScript } from "../lib/harness-paths.js";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 
 function resolveSyncScript(): string {
 	return resolveHarnessScript(
@@ -36,6 +37,7 @@ function runSync(args: string[]): Promise<{ code: number; output: string }> {
 }
 
 export default function sentruxRulesSync(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	pi.on("session_start", async () => {
 		const { code, output } = await runSync(["--check"]);
 		if (code !== 0) {

package/.pi/extensions/subagent-governance.ts

@@ -0,0 +1,92 @@
+/**
+ * Subprocess governance bundle: AGT policy on all tool_call + harness submit_* tools.
+ * Loaded via `pi --no-extensions -e subagent-governance.ts` for every subagent spawn.
+ */
+
+import { join } from "node:path";
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import {
+	getAgentKind,
+	harnessSubagentPhaseHint,
+} from "../lib/agents-policy.mjs";
+import { evaluateAgtToolCall } from "../lib/agt-tool-guard.js";
+import { claimSubagentGovernanceLoad } from "../lib/extension-load-guard.js";
+import { getHarnessPackageRoot } from "../lib/harness-paths.js";
+import { registerHarnessSubagentSubmitTools } from "../lib/harness-subagent-submit-register.js";
+
+// @ts-expect-error pi extensions run as ESM
+const MODULE_URL = import.meta.url;
+
+function policyStateFromEnv(packageRoot: string, projectRoot: string) {
+	const agentId = process.env.HARNESS_AGENT_ID?.trim() ?? "unknown";
+	const phase =
+		(process.env.HARNESS_SUBAGENT_PHASE_HINT?.trim() as
+			| "plan"
+			| "execute"
+			| "evaluate"
+			| "adversary"
+			| "merge") ??
+		(harnessSubagentPhaseHint(packageRoot, projectRoot, agentId) as
+			| "plan"
+			| "execute"
+			| "evaluate"
+			| "adversary"
+			| "merge"
+			| null) ??
+		"plan";
+	return {
+		phase,
+		approvedPlan: phase === "execute" || phase === "merge",
+		planId: process.env.HARNESS_PLAN_ID?.trim() || null,
+		aborted: false,
+		budgetBypass: false,
+	};
+}
+
+export function subagentGovernanceExtensionPath(packageRoot: string): string {
+	return join(packageRoot, ".pi", "extensions", "subagent-governance.ts");
+}
+
+/** @deprecated Use subagentGovernanceExtensionPath */
+export function harnessSubagentGovernanceExtensionPath(
+	packageRoot: string,
+): string {
+	return subagentGovernanceExtensionPath(packageRoot);
+}
+
+export default function subagentGovernance(pi: ExtensionAPI) {
+	if (!claimSubagentGovernanceLoad("subagent-governance", MODULE_URL)) return;
+	if (process.env.PI_HARNESS_SUBPROCESS !== "1") {
+		return;
+	}
+
+	const packageRoot = getHarnessPackageRoot(MODULE_URL);
+	const projectRoot = process.env.HARNESS_PROJECT_ROOT?.trim() || process.cwd();
+	const agentId = process.env.HARNESS_AGENT_ID?.trim() ?? "unknown";
+
+	if (agentId.startsWith("harness/")) {
+		registerHarnessSubagentSubmitTools(pi, packageRoot);
+		const kind = getAgentKind(packageRoot, projectRoot, agentId);
+		process.env.HARNESS_SUBAGENT_PHASE_HINT =
+			kind === "executor"
+				? "execute"
+				: kind === "evaluator"
+					? "evaluate"
+					: kind === "adversary"
+						? "adversary"
+						: "plan";
+	}
+
+	pi.on("tool_call", async (event, ctx) => {
+		const state = policyStateFromEnv(packageRoot, projectRoot);
+		return evaluateAgtToolCall({
+			moduleUrl: MODULE_URL,
+			toolName: event.toolName,
+			toolInput: (event.input ?? {}) as Record<string, unknown>,
+			policyState: state,
+			entries: ctx.sessionManager.getEntries(),
+			sessionId: ctx.sessionManager.getSessionId(),
+			projectRoot: ctx.cwd,
+		});
+	});
+}