ultimate-pi 0.18.1 → 0.19.1

package/.pi/agents/harness/planning/stack-researcher.md

@@ -1,7 +1,5 @@
 ---
 description: Plan-phase stack research (ctx7 + web, read-only file writes via parent).
-tools: read, grep, find, ls, bash, web_search, web_fetch, submit_stack_brief
-disallowed_tools: write, edit, ask_user, approve_plan, create_plan, subagent
 extensions: false
 thinking: medium
 max_turns: 16
@@ -15,7 +13,11 @@ Produce evidence-backed stack recommendations before ExecutionPlan authoring. Ra
 
 1. Read spawn context: task_summary, brownfield vs greenfield, constraints.
 2. **Libraries / APIs:** use context7-cli skill (`ctx7 library`, `ctx7 docs`). Record library ids in `evidence_refs`.
-3. **Landscape / comparisons:** `web_search` + `web_fetch` (parent stores under `.web/`).
+3. **Landscape / comparisons (WRS — mandatory):** follow `web-retrieval` skill:
+   - Use scoped `artifactDir` (`.web/runs/<run_id>/` or tool-reported `.web/sessions/…/`)
+   - `subagent` `harness/web-retrieval/web-query-expander` → `<artifactDir>/angles.yaml`
+   - `web_search({ query, tier: "deep", anglesFile })` — **never** bare `web_search({ query })` for landscape
+   - `read` `<artifactDir>/search-deep.json`; `web_fetch` top 3 with `highlights: true`
 4. Brownfield: always include **extend current stack** as a ranked option with migration risk.
 5. Greenfield: ≥3 distinct options with pros/cons/risks and selection criteria.
 6. Grade each ref: `primary` (official docs), `secondary` (reputable guide), `anecdotal` (blog/issue thread).

package/.pi/agents/harness/reviewing/adversary.md

@@ -1,8 +1,6 @@
 ---
 description: Adversarial harness reviewer focused on breaking assumptions and surfacing regressions.
-tools: read, grep, find, ls, submit_adversary_report
 extensions: false
-disallowed_tools: ask_user
 thinking: high
 max_turns: 20
 ---

package/.pi/agents/harness/reviewing/evaluator.md

@@ -1,8 +1,6 @@
 ---
 description: Independent harness evaluator producing structured pass/fail verdicts.
-tools: read, grep, find, ls, submit_eval_verdict
 extensions: false
-disallowed_tools: ask_user
 thinking: high
 max_turns: 20
 ---

package/.pi/agents/harness/reviewing/tie-breaker.md

@@ -1,8 +1,6 @@
 ---
 description: Final arbiter for unresolved evaluator vs adversary debates within budget limits.
-tools: read, grep, find, ls, submit_human_required
 extensions: false
-disallowed_tools: ask_user
 thinking: high
 max_turns: 15
 ---

package/.pi/agents/harness/running/executor.md

@@ -1,8 +1,6 @@
 ---
 description: Harness executor that implements only within approved PlanPacket scope.
-tools: read, write, edit, bash, grep, find, ls, submit_executor_handoff
 extensions: true
-disallowed_tools: ask_user
 thinking: medium
 max_turns: 20
 ---

package/.pi/agents/harness/sentrux-bootstrap.md

@@ -1,6 +1,5 @@
 ---
 description: Bootstrap Sentrux rules for a harness project — seed architecture manifest, sync merge-safe rules.toml, verify sentrux check.
-tools: read, bash, grep, find, ls
 extensions: true
 thinking: low
 max_turns: 12

package/.pi/agents/harness/sentrux-steward.md

@@ -1,7 +1,5 @@
 ---
 description: Propose architecture.manifest.json changes from graphify evidence (read-only governance steward).
-tools: read, grep, find, ls, bash, submit_sentrux_manifest_proposal
-disallowed_tools: write, edit, ask_user, approve_plan, create_plan, subagent
 extensions: false
 thinking: high
 max_turns: 16

package/.pi/agents/harness/trace-librarian.md

@@ -1,6 +1,5 @@
 ---
 description: Harness trace librarian for run replay, artifact indexing, and forensics summaries.
-tools: read, grep, find, ls, submit_human_required
 extensions: false
 thinking: medium
 max_turns: 20

package/.pi/agents/harness/web-retrieval/web-answerer.md

@@ -0,0 +1,35 @@
+---
+description: WRS synthesis — cited answer from evidence-bundle.json.
+extensions: false
+thinking: medium
+max_turns: 12
+---
+
+## Your task
+
+Write a concise, **cited** answer to the research question using only sources in the evidence bundle.
+
+## Output path (required — no shared flat file)
+
+Write to **`$HARNESS_WEB_ARTIFACT_DIR/answer.md`** when that env var is set (harness web-retrieval subprocesses).
+
+Otherwise use the **`answerPath`** or **`artifactDir`** the parent gives in the spawn task (e.g. `.web/sessions/<id>/answer.md` or `.web/runs/<run_id>/answer.md`).
+
+**Never** write to flat `.web/answer.md` — it collides across parallel sessions.
+
+## Input
+
+Read the evidence bundle path from the parent task (default: same directory as the answer file, file name `evidence-bundle.json`). Each source has url, title, description, optional highlights.
+
+## Output format
+
+Write markdown to the resolved answer path via parent tooling or include full content in final message:
+
+- Lead with a direct answer (2–4 sentences).
+- Supporting bullets with inline citations `[title](url)`.
+- "Sources" section listing URLs used.
+- Flag uncertainty where evidence is thin.
+
+Do **not** invent URLs. Do **not** call web_search.
+
+Bus label: `WebAnswerer`.

package/.pi/agents/harness/web-retrieval/web-criteria-verifier.md

@@ -0,0 +1,28 @@
+---
+description: WRS Websets analog — score candidates against NL criteria (YAML/CSV output).
+extensions: false
+thinking: medium
+max_turns: 14
+---
+
+## Your task
+
+Given NL **criteria** and a list of candidate URLs/titles/snippets (from search-deep.json), score each candidate and explain match quality.
+
+## Output
+
+Fenced YAML:
+
+```yaml
+criteria: "<restated criteria>"
+results:
+  - url: "..."
+    title: "..."
+    match: true|false
+    score: 0.0-1.0
+    reason: "<one sentence>"
+```
+
+Parent may convert to `.web/webset-manifest.csv`. Do **not** call web_search.
+
+Bus label: `WebCriteriaVerifier`.

package/.pi/agents/harness/web-retrieval/web-gap-analyzer.md

@@ -0,0 +1,31 @@
+---
+description: WRS gap-fill — read search-deep.json, propose follow-up angles for missing coverage.
+extensions: false
+thinking: low
+max_turns: 10
+---
+
+## Your task
+
+After a deep search, identify **gaps** (missing facets, contradictions, stale angles) and output **1–3 new search angles** only.
+
+## Input
+
+Parent provides paths to `.web/search-deep.json` and research intent. Use `read` on those artifacts.
+
+## Output (only)
+
+Fenced YAML:
+
+```yaml
+gaps:
+  - "<what is missing>"
+angles:
+  - id: gap_1
+    query: "..."
+    rationale: "..."
+```
+
+Do **not** call web tools. Parent runs `web_search(tier=deep, anglesFile=...)`.
+
+Bus label: `WebGapAnalyzer`.

package/.pi/agents/harness/web-retrieval/web-query-expander-fast.md

@@ -0,0 +1,34 @@
+---
+description: WRS fast query planner — 2–3 angles only for latency-sensitive search (YAML only).
+extensions: false
+thinking: off
+max_turns: 5
+---
+
+## Your task
+
+Same as `web-query-expander`, but **optimized for speed**: produce **2–3** angles only (not 4–5). No web tools.
+
+## When to use (parent)
+
+- User asked for **fast** / **quick** / **low latency** open-web lookup
+- `web_search` with `tier: "instant"` or `tier: "standard"` where angles still help (optional)
+- **Not** for landscape, prior art, comparisons, or harness-plan research — use `harness/web-retrieval/web-query-expander` instead
+
+## Output (only)
+
+```yaml
+intent: "<one sentence>"
+category: null
+angles:
+  - id: core
+    query: "<short query>"
+    rationale: "..."
+  - id: official
+    query: "..."
+    rationale: "..."
+```
+
+Keep queries ≤10 words. Do not call `web_search` or `web_fetch`.
+
+Bus label: `WebQueryExpanderFast`.

package/.pi/agents/harness/web-retrieval/web-query-expander.md

@@ -0,0 +1,60 @@
+---
+description: WRS query planner — NL intent to 4-5 SearXNG-optimized search angles (YAML only).
+extensions: false
+thinking: low
+max_turns: 8
+---
+
+## Your task
+
+Convert a research intent into **4–5 distinct search angles** optimized for DuckDuckGo / SearXNG keyword search. You do **not** search the web yourself.
+
+## When parent should spawn you (not `web-query-expander-fast`)
+
+- Landscape, prior art, comparisons, stack/implementation research, harness-plan external research
+- Any question where **recall** matters more than latency
+
+For **fast / narrow** paths, parent should spawn `harness/web-retrieval/web-query-expander-fast` or skip expander and use `tier=instant|standard` with `expandHeuristic:true`.
+
+## Output (only)
+
+Respond with a single fenced YAML block and nothing else:
+
+```yaml
+intent: "<restated intent in one sentence>"
+category: null  # or code|company|people|paper|news
+angles:
+  - id: official
+    query: "<short keyword-dense query>"
+    rationale: "<why this angle>"
+  - id: technical
+    query: "..."
+    rationale: "..."
+  # 4-5 angles total
+```
+
+## Angle design rules
+
+- Each `query` must be **short** (≤12 words unless `site:` operator needed).
+- Angles must be **distinct** (definitional, official docs, technical depth, criticism/limitations, recent news, implementations/repos).
+- Use operators when helpful: `site:github.com`, `site:arxiv.org`, `filetype:pdf`, quoted phrases.
+- Do **not** duplicate the same phrasing across angles.
+- Do **not** call `web_search` or `web_fetch`.
+
+## Category packs (when spawn context includes category)
+
+Subagent output is LLM-crafted. For **heuristic** fallback (`expandHeuristic:true`), category packs come from YAML:
+
+- Package: `.pi/harness/web-heuristic-angles.yaml`
+- Project override: `<project>/.pi/harness/web-heuristic-angles.yaml` (see `examples/web-heuristic-angles.project.yaml`)
+
+| category | Default heuristic angles (configurable) |
+|----------|----------------------------------------|
+| code | github, stackoverflow, … |
+| company | official site, news, … |
+| people | linkedin, biography |
+| paper | arxiv, scholar |
+| news | recent year in query |
+| *(custom)* | Add your own category key in project YAML |
+
+Bus label: `WebQueryExpander`.

package/.pi/agents/harness/web-retrieval/web-summarizer.md

@@ -0,0 +1,18 @@
+---
+description: WRS page digest — summarize a fetched markdown excerpt.
+extensions: false
+thinking: low
+max_turns: 6
+---
+
+## Your task
+
+Produce a 5–8 bullet summary of a single page excerpt for the parent agent. Read the provided `.web/*.md` or excerpt path only.
+
+## Rules
+
+- Bullets only; no preamble.
+- Preserve factual claims; note if page is marketing-heavy.
+- Do not call web tools.
+
+Bus label: `WebSummarizer`.

package/.pi/extensions/agt-kill-switch.ts

@@ -0,0 +1,57 @@
+/**
+ * AGT kill switch — arms on harness-abort and repeated policy denies (ADR 0047).
+ */
+
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { KillSwitch } from "@microsoft/agent-governance-sdk";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
+import {
+	hasHarnessAbortSignal,
+	userVisiblePromptSlice,
+} from "../lib/harness-run-context.js";
+
+const killSwitch = new KillSwitch({ enabled: true });
+
+import { recordHarnessPolicyDeny } from "../lib/agt/kill-switch-state.js";
+
+export function getHarnessKillSwitch(): KillSwitch {
+	return killSwitch;
+}
+
+export function recordHarnessPolicyDenyForKillSwitch(sessionId: string): void {
+	const n = recordHarnessPolicyDeny(sessionId);
+	if (n >= 5) {
+		void killSwitch.kill(sessionId, {
+			reason: "Repeated harness policy denials",
+		});
+	}
+}
+
+export default function agtKillSwitch(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
+
+	pi.on("before_agent_start", async (event, ctx) => {
+		const prompt = userVisiblePromptSlice(event.prompt);
+		if (hasHarnessAbortSignal(prompt)) {
+			const sessionId = ctx.sessionManager.getSessionId();
+			await killSwitch.kill(sessionId, {
+				reason: "harness-abort command",
+			});
+		}
+		return undefined;
+	});
+
+	pi.on("tool_call", async (_event, ctx) => {
+		const sessionId = ctx.sessionManager.getSessionId();
+		const history = killSwitch.getHistory();
+		const armed = history.some((h) => h.agentId === sessionId);
+		if (armed) {
+			return {
+				block: true,
+				reason:
+					"agt-kill-switch: harness session halted after abort or repeated policy breaches.",
+			};
+		}
+		return undefined;
+	});
+}

package/.pi/extensions/agt-prompt-guard.ts

@@ -0,0 +1,32 @@
+/**
+ * AGT PromptDefense heuristics on harness slash commands (ADR 0047).
+ */
+
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import { PromptDefenseEvaluator } from "@microsoft/agent-governance-sdk";
+import { isHarnessProjectEnabled } from "../lib/harness-project-config.js";
+import { userVisiblePromptSlice } from "../lib/harness-run-context.js";
+
+const evaluator = new PromptDefenseEvaluator({ minGrade: "D" });
+
+export default function agtPromptGuard(pi: ExtensionAPI) {
+	if (!isHarnessProjectEnabled()) return;
+
+	pi.on("before_agent_start", async (event) => {
+		const prompt = userVisiblePromptSlice(event.prompt);
+		if (!prompt.trim()) return undefined;
+		if (!/\/harness-/.test(prompt)) return undefined;
+
+		const report = evaluator.evaluate(prompt);
+		if (report.isBlocking("D")) {
+			return {
+				message: {
+					customType: "harness-policy-violation",
+					display: true,
+					content: `agt-prompt-guard: prompt defense grade ${report.grade} (${report.score}). Missing defenses: ${report.missing.join(", ") || "see findings"}.`,
+				},
+			};
+		}
+		return undefined;
+	});
+}