ultimate-pi 0.18.0 → 0.19.0

package/.pi/lib/agents-policy.mjs

@@ -0,0 +1,325 @@
+/**
+ * agents.policy.yaml loader — package + project merge (SSOT for agent tools).
+ */
+
+import { existsSync, readFileSync, readdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { parse as parseYaml } from "yaml";
+
+const BUILTIN_DENY_TOOLS = new Set([
+	"subagent",
+	"Agent",
+	"get_subagent_result",
+	"steer_subagent",
+	"blackboard",
+]);
+
+const PLANNING_BASH_DENY_PATTERNS = [
+	/\bgraphify\s+update\b/i,
+	/\bgraphify\s+extract\b/i,
+	/\bgraphify\s+install\b/i,
+	/\bccc\s+(index|init|reset|daemon)\b/i,
+	/\bccc\s+search\b.*--refresh/i,
+	/\bpip\s+install\b/i,
+	/\buv\s+tool\s+install\b/i,
+	/\bnpm\s+install\b/i,
+];
+
+const PLANNING_ARTIFACT_JSON_WRITE = /artifacts\/[^\s'"`;]+\.json\b/i;
+
+const MUTATING_TOOLS = new Set(["write", "edit"]);
+
+const cache = new Map();
+
+export function packageAgentsPolicyPath(packageRoot) {
+	return join(packageRoot, ".pi", "harness", "agents.policy.yaml");
+}
+
+export function projectAgentsPolicyPath(projectRoot) {
+	return join(projectRoot, ".pi", "agents.policy.yaml");
+}
+
+export function projectPoliciesDir(projectRoot) {
+	return join(projectRoot, ".pi", "policies");
+}
+
+function readYamlFile(path) {
+	if (!existsSync(path)) return null;
+	try {
+		return parseYaml(readFileSync(path, "utf8"));
+	} catch {
+		return null;
+	}
+}
+
+function normalizeKindEntry(raw) {
+	if (!raw || typeof raw !== "object") return null;
+	const tools = Array.isArray(raw.tools) ? raw.tools.map(String) : [];
+	return {
+		tools,
+		extensions: raw.extensions === false ? false : Boolean(raw.extensions),
+		readOnly: raw.read_only === true,
+		maxTurns:
+			typeof raw.max_turns === "number" && raw.max_turns > 0
+				? raw.max_turns
+				: undefined,
+		thinking:
+			typeof raw.thinking === "string" && raw.thinking.trim()
+				? raw.thinking.trim()
+				: undefined,
+	};
+}
+
+function normalizeAgentEntry(raw) {
+	if (!raw || typeof raw !== "object") return {};
+	const toolsAdd = Array.isArray(raw.tools_add)
+		? raw.tools_add.map(String)
+		: Array.isArray(raw.tools)
+			? raw.tools.map(String)
+			: [];
+	return {
+		kind: typeof raw.kind === "string" ? raw.kind.trim() : undefined,
+		toolsAdd,
+		toolsDeny: Array.isArray(raw.tools_deny)
+			? raw.tools_deny.map(String)
+			: [],
+		submitTool:
+			typeof raw.submit_tool === "string" ? raw.submit_tool.trim() : undefined,
+		extensions:
+			raw.extensions === false
+				? false
+				: raw.extensions === true
+					? true
+					: undefined,
+		maxTurns:
+			typeof raw.max_turns === "number" && raw.max_turns > 0
+				? raw.max_turns
+				: undefined,
+		thinking:
+			typeof raw.thinking === "string" && raw.thinking.trim()
+				? raw.thinking.trim()
+				: undefined,
+	};
+}
+
+export function loadAgentsPolicyMerged(packageRoot, projectRoot) {
+	const key = `${packageRoot}\0${projectRoot}`;
+	if (cache.has(key)) return cache.get(key);
+
+	const pkgDoc = readYamlFile(packageAgentsPolicyPath(packageRoot)) ?? {};
+	const projDoc = readYamlFile(projectAgentsPolicyPath(projectRoot)) ?? {};
+
+	const kinds = new Map();
+	for (const [name, raw] of Object.entries(pkgDoc.kinds ?? {})) {
+		const k = normalizeKindEntry(raw);
+		if (k) kinds.set(name, k);
+	}
+	for (const [name, raw] of Object.entries(projDoc.kinds ?? {})) {
+		const k = normalizeKindEntry(raw);
+		if (k) kinds.set(name, k);
+	}
+
+	const agents = new Map();
+	for (const [id, raw] of Object.entries(pkgDoc.agents ?? {})) {
+		agents.set(id, normalizeAgentEntry(raw));
+	}
+	for (const [id, raw] of Object.entries(projDoc.agents ?? {})) {
+		const prev = agents.get(id) ?? {};
+		const next = normalizeAgentEntry(raw);
+		agents.set(id, {
+			...prev,
+			...next,
+			toolsAdd: [...new Set([...(prev.toolsAdd ?? []), ...(next.toolsAdd ?? [])])],
+			toolsDeny: [...new Set([...(prev.toolsDeny ?? []), ...(next.toolsDeny ?? [])])],
+		});
+	}
+
+	const merged = {
+		schemaVersion: String(pkgDoc.apiVersion ?? projDoc.apiVersion ?? "harness.toolkit/v1"),
+		kinds,
+		agents,
+		defaults: normalizeAgentEntry(projDoc.defaults ?? pkgDoc.defaults ?? {}),
+	};
+	cache.set(key, merged);
+	return merged;
+}
+
+export function resolveEffectiveTools(agentId, merged) {
+	const entry = merged.agents.get(agentId) ?? merged.defaults;
+	const kindName = entry.kind ?? "other";
+	const kind = merged.kinds.get(kindName) ?? merged.kinds.get("other") ?? {
+		tools: ["read", "grep", "find", "ls"],
+		extensions: false,
+		readOnly: true,
+	};
+
+	const base = new Set(kind.tools);
+	for (const t of entry.toolsAdd ?? []) base.add(t);
+	for (const t of entry.toolsDeny ?? []) base.delete(t);
+	for (const t of BUILTIN_DENY_TOOLS) base.delete(t);
+
+	return {
+		kind: kindName,
+		effectiveTools: [...base],
+		extensionsOff: entry.extensions === true ? false : entry.extensions === false ? true : !kind.extensions,
+		readOnly: kind.readOnly,
+		maxTurns: entry.maxTurns ?? kind.maxTurns,
+		thinking: entry.thinking ?? kind.thinking,
+		submitTool: entry.submitTool,
+	};
+}
+
+export function getAgentPolicySpec(packageRoot, projectRoot, agentId) {
+	const merged = loadAgentsPolicyMerged(packageRoot, projectRoot);
+	if (!merged.agents.has(agentId) && !merged.defaults?.kind) {
+		return null;
+	}
+	return resolveEffectiveTools(agentId, merged);
+}
+
+export function getAgentKind(packageRoot, projectRoot, agentId) {
+	const spec = getAgentPolicySpec(packageRoot, projectRoot, agentId);
+	if (spec) return spec.kind;
+	if (agentId.startsWith("harness/planning/")) return "planner";
+	if (agentId === "harness/running/executor") return "executor";
+	if (agentId === "harness/reviewing/evaluator") return "evaluator";
+	if (agentId === "harness/reviewing/adversary") return "adversary";
+	if (agentId === "harness/reviewing/tie-breaker") return "tie_breaker";
+	if (agentId === "harness/meta-optimizer") return "meta";
+	if (agentId === "harness/trace-librarian") return "trace";
+	if (agentId === "harness/incident-recorder") return "incident";
+	return "other";
+}
+
+export function isHarnessPlanningAgent(agentId) {
+	return agentId.startsWith("harness/planning/");
+}
+
+export function harnessSubagentPhaseHint(packageRoot, projectRoot, agentId) {
+	if (isHarnessPlanningAgent(agentId)) return "plan";
+	const kind = getAgentKind(packageRoot, projectRoot, agentId);
+	switch (kind) {
+		case "planner":
+			return "plan";
+		case "executor":
+			return "execute";
+		case "evaluator":
+			return "evaluate";
+		case "adversary":
+			return "adversary";
+		default:
+			return null;
+	}
+}
+
+function isMutatingBash(command) {
+	if (!command) return false;
+	return /\b(rm\s+-rf|git\s+(push|commit|reset|checkout|merge|rebase)|npm\s+run|make\b|docker\s+)/i.test(
+		command,
+	);
+}
+
+/**
+ * Manifest allowlist + subprocess constraints (replaces harness-subagent-policy.ts).
+ */
+export function allowsAgentTool(input) {
+	const {
+		packageRoot,
+		projectRoot,
+		agentId,
+		toolName,
+		toolInput = {},
+		isSubprocess = false,
+		isParentOrchestrator = false,
+	} = input;
+
+	if (isParentOrchestrator) {
+		if (toolName.startsWith("submit_")) return false;
+		return true;
+	}
+
+	const spec = getAgentPolicySpec(packageRoot, projectRoot, agentId);
+	if (!spec) return false;
+
+	if (!spec.effectiveTools.includes(toolName)) return false;
+
+	if (toolName.startsWith("submit_")) {
+		if (!isSubprocess) return false;
+		if (toolName === "submit_human_required" && agentId === "harness/running/executor") {
+			return false;
+		}
+	}
+
+	if (MUTATING_TOOLS.has(toolName) && spec.readOnly) return false;
+
+	if (toolName === "ctx_batch_execute" && spec.readOnly) {
+		const commands = toolInput.commands;
+		if (Array.isArray(commands)) {
+			for (const c of commands) {
+				const cmd =
+					typeof c === "string"
+						? c
+						: String(c?.command ?? c?.code ?? "");
+				if (cmd && isMutatingBash(cmd)) return false;
+			}
+		}
+	}
+
+	if (toolName === "ctx_execute" && spec.readOnly) {
+		const code = String(toolInput.code ?? toolInput.command ?? "");
+		if (code && isMutatingBash(code)) return false;
+	}
+
+	if (toolName === "bash" && spec.readOnly) {
+		const command = String(toolInput.command ?? "");
+		if (command && isMutatingBash(command)) return false;
+		if (
+			isHarnessPlanningAgent(agentId) &&
+			command &&
+			PLANNING_ARTIFACT_JSON_WRITE.test(command)
+		) {
+			return false;
+		}
+		if (
+			isHarnessPlanningAgent(agentId) &&
+			command &&
+			PLANNING_BASH_DENY_PATTERNS.some((p) => p.test(command))
+		) {
+			return false;
+		}
+	}
+
+	return true;
+}
+
+export function applyAgentPolicyToConfig(agent, packageRoot, projectRoot) {
+	const spec = getAgentPolicySpec(packageRoot, projectRoot, agent.name);
+	if (!spec) return agent;
+	return {
+		...agent,
+		tools: spec.effectiveTools.length > 0 ? spec.effectiveTools : undefined,
+		extensionsOff: spec.extensionsOff,
+		maxTurns: spec.maxTurns ?? agent.maxTurns,
+		thinking: spec.thinking ?? agent.thinking,
+	};
+}
+
+export function findProjectRootFromAgentsDir(projectAgentsDir) {
+	if (!projectAgentsDir) return process.cwd();
+	const piDir = dirname(projectAgentsDir);
+	if (piDir.endsWith("/.pi") || piDir.endsWith("\\.pi")) {
+		return dirname(piDir);
+	}
+	return process.cwd();
+}
+
+export function isAgtGovernanceActive(projectRoot) {
+	if (existsSync(projectAgentsPolicyPath(projectRoot))) return true;
+	const polDir = projectPoliciesDir(projectRoot);
+	if (!existsSync(polDir)) return false;
+	try {
+		return readdirSync(polDir).some((f) => f.endsWith(".yaml") || f.endsWith(".yml"));
+	} catch {
+		return false;
+	}
+}

package/.pi/lib/agents-policy.ts

@@ -0,0 +1,19 @@
+/**
+ * agents.policy.yaml — TypeScript surface (implementation in agents-policy.mjs).
+ */
+
+export {
+	allowsAgentTool,
+	applyAgentPolicyToConfig,
+	findProjectRootFromAgentsDir,
+	getAgentKind,
+	getAgentPolicySpec,
+	harnessSubagentPhaseHint,
+	isAgtGovernanceActive,
+	isHarnessPlanningAgent,
+	loadAgentsPolicyMerged,
+	packageAgentsPolicyPath,
+	projectAgentsPolicyPath,
+	projectPoliciesDir,
+	resolveEffectiveTools,
+} from "./agents-policy.mjs";

package/.pi/lib/agt/audit-run-sink.ts

@@ -0,0 +1,52 @@
+import { appendFileSync, mkdirSync } from "node:fs";
+import { join } from "node:path";
+import { AuditLogger } from "@microsoft/agent-governance-sdk";
+
+const loggers = new Map<string, AuditLogger>();
+
+export function getAuditLoggerForRun(runDir: string): AuditLogger {
+	const key = runDir;
+	let logger = loggers.get(key);
+	if (!logger) {
+		logger = new AuditLogger();
+		loggers.set(key, logger);
+	}
+	return logger;
+}
+
+export function appendPolicyAuditEvent(input: {
+	runDir: string;
+	runId: string;
+	toolName: string;
+	allowed: boolean;
+	reason: string;
+	agentDid: string;
+	phase: string;
+}): void {
+	const logger = getAuditLoggerForRun(input.runDir);
+	logger.log({
+		action: `tool.${input.toolName}:${input.phase}:${input.reason}`,
+		agentId: input.agentDid,
+		decision: input.allowed ? "allow" : "deny",
+	});
+	const auditPath = join(input.runDir, "agt-audit.jsonl");
+	mkdirSync(input.runDir, { recursive: true });
+	appendFileSync(
+		auditPath,
+		`${JSON.stringify({
+			ts: new Date().toISOString(),
+			run_id: input.runId,
+			tool: input.toolName,
+			allowed: input.allowed,
+			reason: input.reason,
+			agent_did: input.agentDid,
+			phase: input.phase,
+		})}\n`,
+	);
+}
+
+export function verifyRunAuditChain(runDir: string): boolean {
+	const logger = loggers.get(runDir);
+	if (!logger) return true;
+	return logger.verify();
+}

package/.pi/lib/agt/build-evaluation-context.ts

@@ -0,0 +1,285 @@
+import {
+	allowsAgentTool,
+	getAgentKind,
+	isHarnessPlanningAgent,
+} from "../agents-policy.mjs";
+import {
+	evaluateContextModeMutation,
+	isMutatingBash,
+} from "../harness-context-mode-policy.js";
+import {
+	extractWritePathFromToolInput,
+	getLatestRunContext,
+	type HarnessPhase,
+	type HarnessRunContext,
+	isHarnessAutoSession,
+	isPlanPhaseAllowedMutation,
+} from "../harness-run-context.js";
+import { evaluateSubagentToolCall } from "../harness-spawn-policy.js";
+
+export interface BuildEvaluationContextInput {
+	toolName: string;
+	toolInput: Record<string, unknown>;
+	packageRoot: string;
+	projectRoot: string;
+	sessionId: string;
+	entries: unknown[];
+	policyState: {
+		phase: HarnessPhase;
+		approvedPlan: boolean;
+		planId: string | null;
+		aborted: boolean;
+		budgetBypass: boolean;
+	};
+	agentDid?: string;
+}
+
+export type HarnessAgtContext = Record<string, unknown>;
+
+const PLANNING_BASH_DENY_PATTERNS = [
+	/\bgraphify\s+update\b/i,
+	/\bgraphify\s+extract\b/i,
+	/\bgraphify\s+install\b/i,
+	/\bccc\s+(index|init|reset|daemon)\b/i,
+	/\bccc\s+search\b.*--refresh/i,
+	/\bpip\s+install\b/i,
+	/\buv\s+tool\s+install\b/i,
+	/\bnpm\s+install\b/i,
+	/\bnpm\s+install\b.*cocoindex/i,
+	/\buv\s+tool\s+install\b.*cocoindex/i,
+];
+
+const PLANNING_ARTIFACT_JSON_WRITE = /artifacts\/[^\s'"`;]+\.json\b/i;
+
+const WEB_BLOCK_PATTERNS: Array<{ re: RegExp }> = [
+	{ re: /\bfirecrawl\b/i },
+	{ re: /\b(?:curl|wget)\b[^\n|;&]*\s+https?:\/\//i },
+	{ re: /\bscrapling\s+(?:fetch|extract)\b/i },
+];
+
+const WEB_ALLOW_PATTERNS = [
+	/harness-web\.py\b/i,
+	/harness-cli-verify\.sh\b/i,
+	/\bgraphify\b/i,
+	/\bctx7\b/i,
+	/\bcontext7\b/i,
+	/\bgit\b/i,
+	/harness-searxng-bootstrap/i,
+];
+
+function resolveAgentId(): string {
+	if (process.env.PI_HARNESS_SUBPROCESS === "1") {
+		return process.env.HARNESS_AGENT_ID?.trim() || "harness/unknown";
+	}
+	return "parent-orchestrator";
+}
+
+export function bashWebBlocked(command: string): boolean {
+	if (!command) return false;
+	if (WEB_ALLOW_PATTERNS.some((re) => re.test(command))) return false;
+	return WEB_BLOCK_PATTERNS.some(({ re }) => re.test(command));
+}
+
+/** Shared session-scoped deny reasons for legacy parity and AGT context flags. */
+export function harnessSessionToolDenyReason(input: {
+	toolName: string;
+	toolInput: Record<string, unknown>;
+	phase: HarnessPhase;
+	agentId: string;
+	entries: unknown[];
+	aborted: boolean;
+}): string | null {
+	if (!isHarnessAutoSession(input.entries)) return null;
+	const bashCommand =
+		input.toolName === "bash" ? String(input.toolInput.command ?? "") : "";
+	if (
+		input.aborted &&
+		((bashCommand && isMutatingBash(bashCommand)) ||
+			input.toolName === "write" ||
+			input.toolName === "edit")
+	) {
+		return "harness-abort lock";
+	}
+	if (
+		bashCommand &&
+		isMutatingBash(bashCommand) &&
+		!input.aborted &&
+		input.phase !== "execute" &&
+		input.phase !== "merge"
+	) {
+		return "mutating bash blocked outside execute/merge";
+	}
+	if (bashCommand && bashWebBlocked(bashCommand)) {
+		return "web/bash curl blocked (use harness web_search / web_fetch)";
+	}
+	return null;
+}
+
+function bashPlanningDenied(command: string, agentType: string): boolean {
+	if (!command || !isHarnessPlanningAgent(agentType)) return false;
+	return PLANNING_BASH_DENY_PATTERNS.some((p) => p.test(command));
+}
+
+function bashPlanningJsonDenied(command: string, agentType: string): boolean {
+	if (!command || !isHarnessPlanningAgent(agentType)) return false;
+	return PLANNING_ARTIFACT_JSON_WRITE.test(command);
+}
+
+function harnessSessionActive(entries: unknown[]): boolean {
+	return isHarnessAutoSession(entries);
+}
+
+export async function buildHarnessAgtEvaluationContext(
+	input: BuildEvaluationContextInput,
+): Promise<HarnessAgtContext> {
+	const agentId = resolveAgentId();
+	const isSubprocess = process.env.PI_HARNESS_SUBPROCESS === "1";
+	const isParentOrchestrator = agentId === "parent-orchestrator";
+	const agentKind = getAgentKind(input.packageRoot, input.projectRoot, agentId);
+	const runCtx = getLatestRunContext(input.entries);
+	const phase = input.policyState.phase;
+	const bashCommand =
+		input.toolName === "bash" ? String(input.toolInput.command ?? "") : "";
+	const sessionActive = harnessSessionActive(input.entries);
+
+	const MUTATING_FILE_TOOLS = new Set(["write", "edit"]);
+	const planMutation =
+		sessionActive && MUTATING_FILE_TOOLS.has(input.toolName)
+			? await isPlanPhaseAllowedMutation(
+					input.toolName,
+					input.toolInput,
+					phase,
+					runCtx,
+					input.projectRoot,
+					{
+						aborted: input.policyState.aborted,
+						entries: input.entries,
+						ownerSessionId: runCtx?.owner_pi_session_id,
+						currentSessionId: input.sessionId,
+					},
+				)
+			: { allowed: true };
+
+	const ctxMode = sessionActive
+		? evaluateContextModeMutation(input.toolName, input.toolInput, phase, {
+				aborted: input.policyState.aborted,
+				budgetBypass: input.policyState.budgetBypass,
+				readOnlyAgent:
+					agentKind === "planner" ||
+					agentKind === "evaluator" ||
+					agentKind === "adversary" ||
+					agentKind === "tie_breaker",
+			})
+		: { blocked: false, reason: "" };
+
+	const spawnDecision = evaluateSubagentToolCall(input.toolName, agentId);
+
+	const toolAllowed = allowsAgentTool({
+		packageRoot: input.packageRoot,
+		projectRoot: input.projectRoot,
+		agentId,
+		toolName: input.toolName,
+		toolInput: input.toolInput,
+		isSubprocess,
+		isParentOrchestrator,
+	});
+
+	let evalPlanPacketBlock = false;
+	if (
+		sessionActive &&
+		runCtx?.plan_packet_path &&
+		(phase === "evaluate" || phase === "adversary") &&
+		(input.toolName === "write" || input.toolName === "edit")
+	) {
+		const target = String(
+			input.toolInput.path ?? input.toolInput.filePath ?? "",
+		);
+		if (target.includes("plan-packet.yaml")) {
+			evalPlanPacketBlock = true;
+		}
+	}
+
+	const writePath =
+		input.toolName === "write" || input.toolName === "edit"
+			? extractWritePathFromToolInput(input.toolInput)
+			: null;
+
+	const mutatingBashPhaseBlock =
+		sessionActive &&
+		Boolean(bashCommand && isMutatingBash(bashCommand)) &&
+		!input.policyState.aborted &&
+		phase !== "execute" &&
+		phase !== "merge";
+
+	const abortMutatingBlock =
+		sessionActive &&
+		input.policyState.aborted &&
+		((bashCommand && isMutatingBash(bashCommand)) ||
+			input.toolName === "write" ||
+			input.toolName === "edit");
+
+	return {
+		tool_name: input.toolName,
+		harness_phase: phase,
+		harness_agent_id: agentId,
+		harness_agent_kind: agentKind,
+		is_subprocess: isSubprocess,
+		is_parent_orchestrator: isParentOrchestrator,
+		harness_session_active: sessionActive,
+		is_harness_agent: agentId.startsWith("harness/"),
+		approved_plan: input.policyState.approvedPlan,
+		plan_ready: Boolean(runCtx?.plan_ready),
+		aborted: input.policyState.aborted,
+		budget_bypass: input.policyState.budgetBypass,
+		run_id: runCtx?.run_id ?? process.env.HARNESS_RUN_ID ?? "",
+		plan_id: input.policyState.planId ?? runCtx?.plan_id ?? "",
+		plan_mutation_allowed: planMutation.allowed,
+		plan_mutation_block: sessionActive && !planMutation.allowed,
+		context_mode_block: ctxMode.blocked,
+		tool_allowed: toolAllowed,
+		spawn_policy_block: spawnDecision.action === "block",
+		is_mutating_bash: bashCommand ? isMutatingBash(bashCommand) : false,
+		is_mutating_write_tool:
+			input.toolName === "write" || input.toolName === "edit",
+		bash_web_block: sessionActive && bashWebBlocked(bashCommand),
+		bash_planning_deny:
+			sessionActive && bashPlanningDenied(bashCommand, agentId),
+		bash_planning_json_block:
+			sessionActive && bashPlanningJsonDenied(bashCommand, agentId),
+		eval_plan_packet_write_block: evalPlanPacketBlock,
+		is_submit_tool: input.toolName.startsWith("submit_"),
+		is_planning_agent: isHarnessPlanningAgent(agentId),
+		is_read_only_kind:
+			agentKind === "planner" ||
+			agentKind === "evaluator" ||
+			agentKind === "adversary" ||
+			agentKind === "tie_breaker" ||
+			agentKind === "trace" ||
+			agentKind === "incident" ||
+			agentKind === "meta",
+		is_executor_kind: agentKind === "executor",
+		trust_score: Number(process.env.HARNESS_TRUST_SCORE ?? "1"),
+		delegation_ceiling: Number(process.env.HARNESS_DELEGATION_CEILING ?? "1"),
+		agent_did: input.agentDid ?? process.env.HARNESS_AGENT_DID ?? agentId,
+		write_path: writePath ?? "",
+		mutating_bash_phase_block: mutatingBashPhaseBlock,
+		abort_mutating_block: abortMutatingBlock,
+	};
+}
+
+export async function buildHarnessAgtEvaluationContextFromRun(
+	input: Omit<BuildEvaluationContextInput, "policyState"> & {
+		policyState?: BuildEvaluationContextInput["policyState"];
+	},
+): Promise<HarnessAgtContext> {
+	const policyState = input.policyState ?? {
+		phase: (process.env.HARNESS_SUBAGENT_PHASE_HINT as HarnessPhase) ?? "plan",
+		approvedPlan: true,
+		planId: null,
+		aborted: false,
+		budgetBypass: false,
+	};
+	return buildHarnessAgtEvaluationContext({ ...input, policyState });
+}
+
+export type { HarnessRunContext };

package/.pi/lib/agt/config.ts

@@ -0,0 +1,28 @@
+/** AGT feature flags and package-root resolution for harness policies. */
+
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+
+export function isHarnessAgtPolicyEnabled(): boolean {
+	const raw = process.env.HARNESS_AGT_POLICY?.trim().toLowerCase();
+	if (raw === "0" || raw === "false" || raw === "off") return false;
+	return true;
+}
+
+export function resolveHarnessPoliciesDir(packageRoot: string): string {
+	const fromEnv = process.env.HARNESS_AGT_POLICIES_DIR?.trim();
+	if (fromEnv && existsSync(fromEnv)) return fromEnv;
+	return join(packageRoot, ".pi", "harness", "policies");
+}
+
+export function resolveProjectPoliciesDir(projectRoot: string): string {
+	return join(projectRoot, ".pi", "policies");
+}
+
+export function resolveHarnessPackageRootFromEnv(): string {
+	return (
+		process.env.HARNESS_PKG_ROOT?.trim() ||
+		process.env.UP_PKG?.trim() ||
+		process.cwd()
+	);
+}