ultimate-pi 0.18.0 → 0.19.0

package/.pi/extensions/test-diff-integrity.ts

@@ -13,6 +13,7 @@
 import { appendFile, mkdir } from "node:fs/promises";
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 
 const INCIDENTS_DIR = join(process.cwd(), ".pi", "harness", "incidents");
 const INCIDENT_FILE = join(INCIDENTS_DIR, "test-diff-integrity.jsonl");

package/.pi/extensions/trace-recorder.ts

@@ -10,6 +10,8 @@
 import { appendFile, mkdir, readFile, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { captureHarnessEvent } from "../lib/harness-posthog.js";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
 import {
 	getLatestRunContext,
 	getRunIdFromSession,
@@ -19,7 +21,6 @@ import {
 	phaseTraceFileName,
 	saveRunContextToDisk,
 } from "../lib/harness-run-context.js";
-import { captureHarnessEvent } from "./lib/harness-posthog.js";
 
 interface ToolSpan {
 	tool_call_id: string;
@@ -182,6 +183,7 @@ function resolveRunIdForAgentStart(
 }
 
 export default function traceRecorder(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
 	let activeRun: ActiveRun | null = null;
 	let lastUserPrompt = "";
 

package/.pi/extensions/{ultimate-pi-vcc.ts → vcc-compaction.ts}

@@ -11,7 +11,7 @@
 
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import registerVcc from "../../vendor/pi-vcc/index.js";
-import { claimExtensionLoad } from "./lib/extension-load-guard.js";
+import { claimExtensionLoad } from "../lib/extension-load-guard.js";
 
 // @ts-expect-error pi extensions run as ESM
 const MODULE_URL = import.meta.url;

package/.pi/harness/README.md

@@ -8,7 +8,7 @@ Phase 1–2 scaffold for the Pi harness runtime surfaces.
 - `debates/` - debate round artifacts and consensus packets.
 - `docs/adrs/` - team-shared Architectural Decision Records ([index](docs/adrs/README.md)).
 - `evals/smoke/` - deterministic fixtures (no CI LLM).
-- `evolution/` - self-healing rules + meta-optimizer (JSONL-first).
+- `evolution/` - self-healing rules and chaos drills (JSONL-first).
 - `corpus/` - ingest notes for graphify/raw sources.
 - `sentrux/` - `architecture.manifest.json` source for `.sentrux/rules.toml` ([ADR 0009](docs/adrs/0009-sentrux-rules-lifecycle.md)).
 
@@ -31,7 +31,11 @@ manifest (`package.json`).
 
 - `harness-run-context.ts` - active run + plan injection; short commands without run/plan args
 - `harness-live-widget.ts` - footer status (current/next phase + plain-language status hint; no run id in UI)
-- `policy-gate.ts` - phase state machine + plan-before-mutate enforcement
+- `policy-gate.ts` - phase state machine; tool allow/deny via AGT `PolicyEngine` (YAML under `.pi/harness/policies/`, see [ADR 0046](docs/adrs/0046-agt-policy-engine.md))
+- `subagent-governance.ts` (alias `harness-subagent-governance.ts`) - subprocess AGT + `submit_*` for all subagents
+- **Agent tool SSOT:** `.pi/harness/agents.policy.yaml` (package) and optional `<project>/.pi/agents.policy.yaml` — not agent `.md` frontmatter ([ADR 0049](docs/adrs/0049-agents-policy-manifest.md))
+- **Project AGT rules:** `<project>/.pi/policies/*.yaml` merged after package policies
+- `agt-prompt-guard.ts` / `agt-kill-switch.ts` - PromptDefense + kill switch ([ADR 0047](docs/adrs/0047-agt-layered-security.md))
 - `budget-guard.ts` - hard-stop token budget checks + budget exhausted artifacts
 - `trace-recorder.ts` - append-only run traces + HarnessRunRecord + compact index
 - `harness-telemetry.ts` - PostHog `harness_*` domain events (dual layer with `@posthog/pi`)

package/.pi/harness/agents.manifest.json

@@ -1,8 +1,9 @@
 {
 	"schema_version": "1.0.0",
 	"package": "ultimate-pi",
-	"package_version": "0.17.0",
-	"generated_at": "2026-05-23T10:14:51.637Z",
+	"package_version": "0.18.1",
+	"generated_at": "2026-05-24T19:33:40.491Z",
+	"policy_sha256": "4c1cf8f0377e70bbcd34eecc26a2e02717fea950af3898ef03ebbab9260dfd17",
 	"agents": {
 		"pi-pi/agent-expert": {
 			"path": ".pi/agents/pi-pi/agent-expert.md",
@@ -44,97 +45,85 @@
 			"path": ".pi/agents/pi-pi/tui-expert.md",
 			"sha256": "a619b2ee3d3d94fe599abb61db0904f90d30335ec426851c3f1efdf2e5ce5390"
 		},
-		"harness/adversary": {
-			"path": ".pi/agents/harness/adversary.md",
-			"sha256": "697ee7c784e8eb30ce96f4f16e9bb5f9cdcaae76a4a7083ace2fe4272e6d732f"
-		},
-		"harness/evaluator": {
-			"path": ".pi/agents/harness/evaluator.md",
-			"sha256": "587ae14d6e91fd8af2b2842f568b9a1fa0b1d84fa6e18b4bc21c0ba2a9e62218"
-		},
-		"harness/executor": {
-			"path": ".pi/agents/harness/executor.md",
-			"sha256": "e222a5c54c74329cdcfa92918d9191fa603d8945b81ca94484db258cda012783"
-		},
 		"harness/incident-recorder": {
 			"path": ".pi/agents/harness/incident-recorder.md",
-			"sha256": "d42fa45de1a2fe3842d075c6f319315266588942e314f1b650caabac39bdc29a"
-		},
-		"harness/meta-optimizer": {
-			"path": ".pi/agents/harness/meta-optimizer.md",
-			"sha256": "cbaab35367126796b7136389a02ab41b4fd1fe7098cf83be562d7b7493ccc297"
+			"sha256": "4efbdb9482b1038e2bd08cae9898aed9ef983903107ddab6c84d51436d5d3296"
 		},
 		"harness/sentrux-bootstrap": {
 			"path": ".pi/agents/harness/sentrux-bootstrap.md",
-			"sha256": "3a0b43b94386a7c541b8a806a37524a5e53f1c8049270db7a420680df5799eeb"
+			"sha256": "6132e83b400b6bc381841a09205eda00a2349ec127368f9d164631d73faadd1a"
 		},
 		"harness/sentrux-steward": {
 			"path": ".pi/agents/harness/sentrux-steward.md",
-			"sha256": "0e63175d817adc0d65876f5c24fb54e4882081caf939ff9c658afee51fc6889c"
-		},
-		"harness/tie-breaker": {
-			"path": ".pi/agents/harness/tie-breaker.md",
-			"sha256": "1c54c1c3274291dea1ea8826563a7ad4fe1d9c4302984e907bfcd22cfc4f5eba"
+			"sha256": "d806cbf2c2e211c6b4c95e35893bc250c8a0fab6fae92190766eab16cd091d51"
 		},
 		"harness/trace-librarian": {
 			"path": ".pi/agents/harness/trace-librarian.md",
-			"sha256": "336b3f3f6141cef8750ab18d29bbe454caf26973830a86afe099d9e4ad8b0abe"
+			"sha256": "083ce6a3508bab2f5bc57e8ab13256c55fff58e0eac95cb6542bdd47fd02de65"
+		},
+		"harness/running/executor": {
+			"path": ".pi/agents/harness/running/executor.md",
+			"sha256": "219c9307567acc95a9c1b1340f899fac860406fb2c2e84f51b4a8c3ba3a0e2ec"
+		},
+		"harness/reviewing/adversary": {
+			"path": ".pi/agents/harness/reviewing/adversary.md",
+			"sha256": "01ae05b38943c1d1fea373701dc060cc3a3f5125f2a03af468a6a1a877f1c83c"
+		},
+		"harness/reviewing/evaluator": {
+			"path": ".pi/agents/harness/reviewing/evaluator.md",
+			"sha256": "5d6d34654d5c223e5549de9b7b0277b4e28745b2409545ecf3034bd0789c3fa3"
+		},
+		"harness/reviewing/tie-breaker": {
+			"path": ".pi/agents/harness/reviewing/tie-breaker.md",
+			"sha256": "80312a10772fde4bccc294a4ba7c470bf46d3054207393d2af42af277e5edad6"
 		},
 		"harness/planning/decompose": {
 			"path": ".pi/agents/harness/planning/decompose.md",
-			"sha256": "c9dd890d45cf4548e28d03aedb86d5fc4ed81022e920ad0005faf404994c6e96"
+			"sha256": "944c7221b7bf8e15cd8cf324c3d5ae135c643c6387d8f611cf9128f9ea922963"
 		},
 		"harness/planning/execution-plan-author": {
 			"path": ".pi/agents/harness/planning/execution-plan-author.md",
-			"sha256": "55ece0f1ee14abd17fe7b3e478b548240f637eacbfc2a34758e98d3878dc82fd"
+			"sha256": "3b83edca1eb393941e04213c5cabe0e4b180e52df59169ba24904341a369ead5"
 		},
 		"harness/planning/hypothesis-validator": {
 			"path": ".pi/agents/harness/planning/hypothesis-validator.md",
-			"sha256": "20411e5d734b14b05ae11153133089e044f46784e5b4741712f608665bbf4376"
+			"sha256": "ee68aa5c04b903320116cfa21cea8f130199fd21e1fd1a8a747830bf53920fdb"
 		},
 		"harness/planning/hypothesis": {
 			"path": ".pi/agents/harness/planning/hypothesis.md",
-			"sha256": "bbb91ac0de39c9de4bf388f0cf926151b6b6a7771d2a0d01d1009a1860daef77"
+			"sha256": "c974f5381aa562589942e8d52b48bdace6663e10caed6bf5f2fb9ce11d84b0bc"
 		},
 		"harness/planning/implementation-researcher": {
 			"path": ".pi/agents/harness/planning/implementation-researcher.md",
-			"sha256": "d1bbaaf1e67ad98350319f973062f01a25ca70874c99cb335c99bec866da1f6d"
+			"sha256": "8664ad35c63adcc3a6c52b84360d5e8217f9f581b0a9f23b565187a8f7c7bf22"
 		},
 		"harness/planning/plan-adversary": {
 			"path": ".pi/agents/harness/planning/plan-adversary.md",
-			"sha256": "d9a953c0f8f900dc9a95816ada401955dafade7bf5907406cbe3bf3ba760c469"
+			"sha256": "305cfa6cd0d4e6493a2dad2f01d8cb0b0dddc06df11f871746f6da7124c9d16b"
 		},
 		"harness/planning/plan-evaluator": {
 			"path": ".pi/agents/harness/planning/plan-evaluator.md",
-			"sha256": "825f296c487d6aeacad5d320e155a3f23d0db6dea822fccc99a1305941a43da2"
+			"sha256": "1a6f465f4d400bcf32b9e82a1032ae789354f264af31c8d358b2a0dde7df81bf"
+		},
+		"harness/planning/plan-synthesizer": {
+			"path": ".pi/agents/harness/planning/plan-synthesizer.md",
+			"sha256": "5bc3ec109179790c196df1328d362c1485cd5ff9295c31c3de93c050330295da"
 		},
 		"harness/planning/planning-context": {
 			"path": ".pi/agents/harness/planning/planning-context.md",
-			"sha256": "96a51d1f2daafc9eaa8869a06ede9d04fc9e19076d58a81041e346e4c81c8b08"
+			"sha256": "4427e3c50fe0970a753df458ee41fde93b8c9d4ee7034c7541df7a97e978b17e"
 		},
 		"harness/planning/review-integrator": {
 			"path": ".pi/agents/harness/planning/review-integrator.md",
-			"sha256": "bba385463ca8833654cd0dc80f666344332293fe86d7420d2c36755a3f9e743a"
-		},
-		"harness/planning/scout-graphify": {
-			"path": ".pi/agents/harness/planning/scout-graphify.md",
-			"sha256": "edc117245476859d3bea93d6e1247cf9f580719bb3aabb91d885cc196c102f68"
-		},
-		"harness/planning/scout-semantic": {
-			"path": ".pi/agents/harness/planning/scout-semantic.md",
-			"sha256": "060ad9251068c68cc20418a45a5a5747b708895b946c8153d9e5034b28c59ad5"
-		},
-		"harness/planning/scout-structure": {
-			"path": ".pi/agents/harness/planning/scout-structure.md",
-			"sha256": "111d055b82f0e1dde4cddc61d53474d8ad650dba2fd988061fd40fa638ed8bc7"
+			"sha256": "3f60c41768cad24150718b4a415b9636b0df6892195986a90fc77e2d0a6be537"
 		},
 		"harness/planning/sprint-contract-auditor": {
 			"path": ".pi/agents/harness/planning/sprint-contract-auditor.md",
-			"sha256": "2321298529f70d03798d23346231c4c43ad4b7490a43f291430ca65b3ef93757"
+			"sha256": "402c585168c5510b5f22837d2fb157726b928fa59108a8580437ac6ac08d04f5"
 		},
 		"harness/planning/stack-researcher": {
 			"path": ".pi/agents/harness/planning/stack-researcher.md",
-			"sha256": "ce546ef3aca19da7f334f07cef8f510b79068bffeb7f276c428f3e6236bbe96b"
+			"sha256": "641bcd714df327579ff28db04aeabf5d7ee5f36e333e5ae6971967c591863ca4"
 		}
 	}
 }

package/.pi/harness/agents.policy.yaml

@@ -0,0 +1,275 @@
+# Generated/maintained SSOT for harness agent tools (see ADR 0049).
+# Regenerate hints: node .pi/scripts/generate-agents-policy-yaml.mjs
+
+apiVersion: harness.toolkit/v1
+kinds:
+  planner:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_batch_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+  executor:
+    tools:
+      - read
+      - write
+      - edit
+      - bash
+      - grep
+      - find
+      - ls
+    extensions: true
+    read_only: false
+  evaluator:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_batch_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+  adversary:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_batch_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+  tie_breaker:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_batch_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+  trace:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_batch_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+  incident:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_batch_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+  other:
+    tools:
+      - read
+      - grep
+      - find
+      - ls
+      - ctx_read
+      - ctx_search
+      - ctx_execute
+      - ctx_tree
+    extensions: false
+    read_only: true
+agents:
+  harness/incident-recorder:
+    kind: incident
+    tools_add:
+      - submit_human_required
+    extensions: false
+    max_turns: 15
+    thinking: medium
+    submit_tool: submit_human_required
+  harness/sentrux-bootstrap:
+    kind: planner
+    tools_add:
+      - bash
+    extensions: true
+    max_turns: 12
+    thinking: low
+  harness/sentrux-steward:
+    kind: planner
+    tools_add:
+      - bash
+      - submit_sentrux_manifest_proposal
+    extensions: false
+    max_turns: 16
+    thinking: high
+    submit_tool: submit_sentrux_manifest_proposal
+  harness/trace-librarian:
+    kind: trace
+    tools_add:
+      - submit_human_required
+    extensions: false
+    max_turns: 20
+    thinking: medium
+    submit_tool: submit_human_required
+  harness/running/executor:
+    kind: executor
+    tools_add:
+      - submit_executor_handoff
+    extensions: true
+    max_turns: 20
+    thinking: medium
+    submit_tool: submit_executor_handoff
+  harness/reviewing/adversary:
+    kind: adversary
+    tools_add:
+      - submit_adversary_report
+    extensions: false
+    max_turns: 20
+    thinking: high
+    submit_tool: submit_adversary_report
+  harness/reviewing/evaluator:
+    kind: evaluator
+    tools_add:
+      - submit_eval_verdict
+    extensions: false
+    max_turns: 20
+    thinking: high
+    submit_tool: submit_eval_verdict
+  harness/reviewing/tie-breaker:
+    kind: tie_breaker
+    tools_add:
+      - submit_human_required
+    extensions: false
+    max_turns: 15
+    thinking: high
+    submit_tool: submit_human_required
+  harness/planning/decompose:
+    kind: planner
+    tools_add:
+      - bash
+      - submit_decomposition_brief
+      - submit_human_required
+    extensions: false
+    max_turns: 12
+    thinking: medium
+  harness/planning/execution-plan-author:
+    kind: planner
+    tools_add:
+      - submit_execution_plan_brief
+    extensions: false
+    max_turns: 18
+    thinking: high
+    submit_tool: submit_execution_plan_brief
+  harness/planning/hypothesis-validator:
+    kind: planner
+    tools_add:
+      - submit_hypothesis_validation
+    extensions: false
+    max_turns: 10
+    thinking: medium
+    submit_tool: submit_hypothesis_validation
+  harness/planning/hypothesis:
+    kind: planner
+    tools_add:
+      - bash
+      - submit_hypothesis_brief
+    extensions: false
+    max_turns: 14
+    thinking: medium
+    submit_tool: submit_hypothesis_brief
+  harness/planning/implementation-researcher:
+    kind: planner
+    tools_add:
+      - bash
+      - web_search
+      - web_fetch
+      - submit_implementation_research
+    extensions: false
+    max_turns: 14
+    thinking: medium
+    submit_tool: submit_implementation_research
+  harness/planning/plan-adversary:
+    kind: planner
+    tools_add:
+      - submit_adversary_brief
+    extensions: false
+    max_turns: 14
+    thinking: medium
+    submit_tool: submit_adversary_brief
+  harness/planning/plan-evaluator:
+    kind: planner
+    tools_add:
+      - submit_validation_turn
+    extensions: false
+    max_turns: 14
+    thinking: medium
+    submit_tool: submit_validation_turn
+  harness/planning/plan-synthesizer:
+    kind: planner
+    tools_add:
+      - submit_decomposition_brief
+      - submit_hypothesis_brief
+      - submit_execution_plan_brief
+    extensions: false
+  harness/planning/planning-context:
+    kind: planner
+    tools_add:
+      - bash
+      - submit_planning_context
+    extensions: false
+    max_turns: 12
+    thinking: low
+    submit_tool: submit_planning_context
+  harness/planning/review-integrator:
+    kind: planner
+    tools_add:
+      - submit_review_round_draft
+    extensions: false
+    max_turns: 12
+    thinking: medium
+    submit_tool: submit_review_round_draft
+  harness/planning/sprint-contract-auditor:
+    kind: planner
+    tools_add:
+      - submit_sprint_audit
+    extensions: false
+    max_turns: 12
+    thinking: medium
+    submit_tool: submit_sprint_audit
+  harness/planning/stack-researcher:
+    kind: planner
+    tools_add:
+      - bash
+      - web_search
+      - web_fetch
+      - submit_stack_brief
+    extensions: false
+    max_turns: 16
+    thinking: medium
+    submit_tool: submit_stack_brief

package/.pi/harness/corpus/graphify-kb-updater.config.json

@@ -13,6 +13,16 @@
 			"risk_class": "medium",
 			"default_policy": "stage_until_rights_review"
 		},
+		"repo": {
+			"category": "public_repository_metadata",
+			"risk_class": "low_to_medium",
+			"default_policy": "allowlist_auto_promote_when_approved"
+		},
+		"release": {
+			"category": "public_repository_release_metadata",
+			"risk_class": "low_to_medium",
+			"default_policy": "allowlist_auto_promote_when_approved"
+		},
 		"book": {
 			"category": "book_or_longform_local_file",
 			"risk_class": "high",
@@ -111,12 +121,57 @@
 			"approved_by": "manual-review-required",
 			"approved_at": "manual-review-required",
 			"allowed_source_classes": ["paper"]
+		},
+		{
+			"domain": "github.com",
+			"approved": true,
+			"approved_by": "repo-policy",
+			"approved_at": "2026-05-23",
+			"allowed_source_classes": ["repo", "release"]
 		}
 	],
 	"article_queries": [
 		"agentic engineering harness engineering AI coding agents",
 		"AI coding harness evaluation orchestration context engineering"
 	],
+	"repo_sources": [
+		{
+			"title": "Graphify project repository metadata watch",
+			"url": "https://github.com/AI-App/Graphify",
+			"approved": false,
+			"rights_access": {
+				"license": "repository metadata only; source license requires review",
+				"access": "public repository metadata",
+				"approved_by": "manual-review-required",
+				"approved_at": "manual-review-required"
+			},
+			"provenance": {
+				"origin": "curated_repo_watchlist",
+				"locator": "https://github.com/AI-App/Graphify",
+				"notes": "Metadata candidate only until manually approved."
+			},
+			"competitor_labels": ["context_engineering"]
+		}
+	],
+	"release_feeds": [
+		{
+			"title": "OpenAI agents SDK release metadata watch",
+			"url": "https://github.com/openai/openai-agents-python/releases",
+			"approved": false,
+			"rights_access": {
+				"license": "release metadata only; linked artifacts require review",
+				"access": "public release metadata",
+				"approved_by": "manual-review-required",
+				"approved_at": "manual-review-required"
+			},
+			"provenance": {
+				"origin": "curated_release_watchlist",
+				"locator": "https://github.com/openai/openai-agents-python/releases",
+				"notes": "Release metadata candidate only until manually approved."
+			},
+			"competitor_labels": ["agentic_harnesses"]
+		}
+	],
 	"paper_feeds": [
 		{
 			"title": "arXiv software engineering agents search feed",

package/.pi/harness/docs/adrs/0006-sentrux-dual-layer.md

@@ -10,7 +10,7 @@ Evaluator trust requires both programmatic gates (policy, budget, integrity) and
 ## Decision
 
 1. **Rules file:** `.sentrux/rules.toml` synced from manifest — see [ADR 0009](0009-sentrux-rules-lifecycle.md).
-2. **Run observation:** `/harness-run` writes `artifacts/sentrux-signal.yaml` and appends session custom entry `harness-sentrux-signal` after `sentrux check` + `sentrux gate` (baseline from `sentrux gate --save` before execute).
+2. **Run observation:** `/harness-run` writes `artifacts/sentrux-signal.yaml` and appends session custom entry `harness-sentrux-signal` after root-resolved Sentrux `check` + `gate` via `harness-sentrux-cli.mjs` (baseline from `gate --save` before execute). Raw `sentrux check .` / `gate .` must not be used from `.pi/harness/runs/*` because Sentrux resolves `.sentrux/rules.toml` against the path argument.
 3. **Verify gate:** `harness-verify.mjs` with `HARNESS_SENTRUX_REQUIRED=true` prefers `$HARNESS_RUN_DIR/artifacts/sentrux-signal.yaml`; falls back to `.pi/harness/evals/smoke/sentrux-stub.json` only when no run signal exists (CI smoke / pre-run verify).
 4. **Evaluator:** `harness/evaluator` in `benchmark` mode reads `sentrux-signal.yaml` and `benchmark-log.yaml` — metrics are inputs, not executor optimization targets.
 5. Observations flow through `observation-bus.ts` as `HarnessObservation` envelopes when wired.
@@ -30,3 +30,4 @@ Evaluator trust requires both programmatic gates (policy, budget, integrity) and
 
 - `.pi/harness/specs/observation.schema.json`
 - `.pi/scripts/harness-verify.mjs`
+- `.pi/scripts/harness-sentrux-cli.mjs`

package/.pi/harness/docs/adrs/0030-inhouse-vcc-compaction.md

@@ -10,7 +10,7 @@ ultimate-pi depended on the npm package `@sting8k/pi-vcc` for deterministic, vie
 
 ## Decision
 
-1. Vendor [sting8k/pi-vcc](https://github.com/sting8k/pi-vcc) under `vendor/pi-vcc/` (refresh via `npm run vendor:sync-vcc`), following the same pattern as `vendor/pi-model-router`.
+1. Vendor [sting8k/pi-vcc](https://github.com/sting8k/pi-vcc) under `vendor/pi-vcc/` (refresh via `npm run vendor:sync-vcc`), following the pinned-vendor pattern documented in `THIRD_PARTY_NOTICES.md`.
 2. Load compaction through [`.pi/extensions/ultimate-pi-vcc.ts`](../../../extensions/ultimate-pi-vcc.ts).
 3. Remove `@sting8k/pi-vcc` from `package.json` dependencies and from `.pi/settings*.json` `packages` arrays.
 4. **Configuration is env-only** — no JSON config files (`PI_VCC_CONFIG_PATH` and `.pi/pi-vcc-config.json` are not used).

package/.pi/harness/docs/adrs/0035-plan-phase-review-gate.md

@@ -32,4 +32,4 @@ Early implementation treated debate as a fixed four-round checklist with single
 
 - [ADR-0033](0033-parent-orchestrated-planning.md), [ADR-0034](0034-darwin-plan-research-pipeline.md)
 - `raw/decisions/adr-020.md`, `raw/modules/structured-planning.md`
-- `.pi/prompts/planning-rubrics.md`, `.pi/prompts/harness-plan.md` Phase 5
+- `.pi/harness/docs/planning-rubrics.md`, `.pi/prompts/harness-plan.md` Phase 5

package/.pi/harness/docs/adrs/0044-harness-steer-loop.md

@@ -12,8 +12,9 @@ After `/harness-run`, failed benchmarks or blocked execution previously routed u
 1. **Always review** — `/harness-run` ends with `next_command: /harness-review` (including `blocked` / partial work). Remove benchmark fail-fast skip of verdict/adversary (ADR 0039 amended).
 2. **Review artifacts** — Parent writes `artifacts/review-outcome.yaml` and `artifacts/repair-brief.yaml` (path pointers, not pasted bodies).
 3. **Remediation routing** — `review-outcome.remediation_class`: `implementation_gap` → `/harness-steer`; `plan_gap` → `/harness-plan` revise with `repair_brief_path`; `pass` → policy status. **Review outcome wins** over executor `scope_drift` when they disagree; tie → `plan_gap`.
-4. **`/harness-steer`** — Thin orchestrator: read briefs, set policy **phase `execute`**, spawn `harness/executor` with `mode: repair`, then `/harness-review` again.
-5. **Caps** — `HARNESS_STEER_MAX_ATTEMPTS` (default 3). **Tiered review:** full review on initial run + steer 1; steers 2+ use lite (benchmark + verdict) unless prior `block_merge` or user forces full.
+4. **Plan-gap revise reset** — When review returns `plan_gap` and the next `/harness-plan` runs in revise mode, archive stale plan-phase debate state and generated planning artifacts under `artifacts/revisions/<timestamp>/` before the planner starts. Preserve review repair artifacts in place so the new planning round starts clean while retaining audit history.
+5. **`/harness-steer`** — Thin orchestrator: read briefs, set policy **phase `execute`**, spawn `harness/executor` with `mode: repair`, then `/harness-review` again.
+6. **Caps** — `HARNESS_STEER_MAX_ATTEMPTS` (default 3). **Tiered review:** full review on initial run + steer 1; steers 2+ use lite (benchmark + verdict) unless prior `block_merge` or user forces full.
 6. **Sentrux** — Refresh baseline or compare new violations only after steer mutations (avoid false degraded on every attempt).
 7. **Evaluate-phase writes** — Orchestrator may write review/steer YAML under run `artifacts/` in `evaluate`/`adversary` phase (allowlisted files).
 

package/.pi/harness/docs/adrs/0045-harness-lens-minimal-contract.md

@@ -0,0 +1,49 @@
+# ADR 0045: Harness-lens minimal contract
+
+## Status
+
+Accepted — 2026-05-24
+
+## Context
+
+ultimate-pi previously shipped a trimmed fork of pi-lens with bundled YAML rules, ast-grep pi tools, and JS/TS-centric session scans. That overlapped Sentrux (architecture gate), shell `sg` (structural search), and graphify/ccc (recon). Target projects can be any stack (Go, Python, Rust, polyglot monorepos).
+
+## Decision
+
+Replace the fork with a **harness-native** extension at `.pi/extensions/lib/harness-lens/`:
+
+| Concern | Owner |
+|---------|--------|
+| Recon | graphify, ccc |
+| Structural search | shell `sg` only |
+| Architecture gate | Sentrux |
+| Edit autopatch, secrets block, deferred format, LSP | harness-lens |
+
+### Runtime contract
+
+- **Edit autopatch** — indentation-only oldText correction on `tool_call` (edit).
+- **Secrets** — regex scanner blocks writes with credentials (stack-agnostic).
+- **Deferred format** — queue on `tool_result`, run at `agent_end` (default). `--immediate-format` and `--no-autoformat` unchanged.
+- **Formatters** — PATH binaries only when the **target project** declares config (`biome.json`, `ruff` in `pyproject.toml`, `.prettierrc`, `go.mod` + gofmt, `Cargo.toml` + rustfmt, etc.). No bundled biome/ruff config in lens; no lazy gem/rustup installs.
+- **LSP** — `lsp_diagnostics`, `lsp_navigation`; auto-touch on read/write/edit; installer catalog is **LSP servers only** (no shadow-install of biome/ruff/sg).
+- **Session bootstrap** — `project-profile.ts` detects FileKinds from tree + markers; pre-install at most 2–3 LSP defaults for detected kinds only.
+
+### External projects
+
+- **Detect, don't assume** — no JS/TS export guard, no default biome for Go-only repos.
+- **Harness setup tools ≠ lens stack** — `/harness-setup` may install global `sg` and optional `biome` on the machine; lens does not require them for unrelated stacks.
+- **Graceful degradation** — missing LSP or formatter on PATH → skip with debug log.
+
+### Flags
+
+`--no-lens`, `--no-lsp`, `--no-autoformat`, `--immediate-format`, `--lens-guard` (interactive commit block when blockers present).
+
+### Removed
+
+- Bundled `rules/` YAML corpus, ast-grep pi tools, upstream `UPSTREAM_PIN.md` sync, duplicate export guard, AgentBehaviorClient, rules-scanner injection, cosmetic todo/go/rust scans.
+
+## Consequences
+
+- Smaller npm payload and one quality story per concern.
+- Agents on external repos get stack-appropriate LSP/format behavior without harness JS defaults.
+- `harness-verify.mjs` asserts no `lib/lens`, no bundled rules, no `ast_grep_search` in index.