ultimate-pi 0.2.4 → 0.2.5

package/.pi/prompts/harness-setup.md

@@ -49,15 +49,14 @@ Run from the **project root** (the external repo root, not ultimate-pi unless th
 mkdir -p ./raw .pi/harness/specs .pi/harness/runs .pi/harness/incidents .pi/harness/debates
 
 # Bundled with ultimate-pi harness; copy path if bootstrap runs from a linked harness checkout
-bash scripts/harness-graphify-bootstrap.sh
+bash "$(node -p "require('path').join(require('path').dirname(require.resolve('ultimate-pi/package.json')),'.pi/scripts/harness-graphify-bootstrap.sh')")"
 # In ultimate-pi checkout: npm run harness:graphify-bootstrap
-# Or, if scripts/ is not present in the target repo, copy/run ultimate-pi/scripts/harness-graphify-bootstrap.sh
 
 # Pass --force when $ARGUMENTS contains --force to rebuild an existing graph:
-# bash scripts/harness-graphify-bootstrap.sh --force
+# npm run harness:graphify-bootstrap -- --force
 ```
 
-If `scripts/harness-graphify-bootstrap.sh` is missing in the target repo, run it from the ultimate-pi harness package path, or execute equivalent steps manually:
+If the bootstrap script is missing, run it from the installed ultimate-pi package (`.pi/scripts/` inside the npm package), or execute equivalent steps manually:
 
 1. Install `graphifyy` (`uv tool install` preferred; else `pip`/`pip3 install --user`)
 2. `graphify install --platform pi` (and `graphify cursor install` if `.cursor/` exists)
@@ -212,9 +211,9 @@ If user chose **cloud**, skip all 1.5.x steps. Just note:
 Run the bundled verifier from the **project root**. It installs missing npm globals, fixes common **Linux system dependencies** (Chrome libs for `agent-browser`), runs smoke tests, and exits non-zero if a required tool fails.
 
 ```bash
-bash scripts/harness-cli-verify.sh
+npm run harness:cli-verify
 # ultimate-pi checkout: npm run harness:cli-verify
-# Reinstall everything: bash scripts/harness-cli-verify.sh --force
+# Reinstall everything: npm run harness:cli-verify -- --force
 ```
 
 **Required (script must exit 0):** firecrawl-cli, ctx7, biome, ast-grep (`sg`), sentrux (when harness manifest present).
@@ -229,14 +228,14 @@ sudo apt-get install -y libnss3 libnspr4 libgbm1 libatk1.0-0 libatk-bridge2.0-0
   libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 \
   libasound2 libpango-1.0-0 libcairo2 libx11-6 libxcb1 libxext6 fonts-liberation
 agent-browser install --with-deps
-bash scripts/harness-cli-verify.sh
+npm run harness:cli-verify
 ```
 
 **Do not continue** past Step 2 if `harness-cli-verify.sh` exits non-zero.
 
 ### Manual reference (if script missing in target repo)
 
-Copy `scripts/harness-cli-verify.sh` from ultimate-pi, or install tools individually:
+Use `npm run harness:cli-verify` from the installed ultimate-pi package, or install tools individually:
 
 ### 2.1 — firecrawl-cli (Web Search + Scrape + Crawl + Interact + Download + Parse)
 
@@ -415,7 +414,7 @@ Generate architectural rules from the harness manifest (creates/updates `.sentru
 # From ultimate-pi checkout:
 npm run harness:sentrux-sync
 # From an external project (after pi install npm:ultimate-pi):
-node "$(node -p "require('path').join(require('path').dirname(require.resolve('ultimate-pi/package.json')),'scripts/sentrux-rules-sync.mjs')")" --force
+npm run harness:sentrux-sync
 # Or in pi: /harness-sentrux-sync
 ```
 
@@ -668,7 +667,7 @@ Created: $(date +%Y-%m-%d)
 Re-run CLI verification (must pass unless `--skip-tools`):
 
 ```bash
-bash scripts/harness-cli-verify.sh
+npm run harness:cli-verify
 ```
 
 Then run the remaining checks:
@@ -764,7 +763,7 @@ Output summary table:
 
 Next steps:
 1. If tools missing: re-run with `--force` or install individually
-2. If graph not built: run `bash scripts/harness-graphify-bootstrap.sh` (or `graphify update .` from project root)
+2. If graph not built: run `npm run harness:graphify-bootstrap` (or `graphify update .` from project root)
 3. If hooks not installed: run `graphify hook install`
 4. If gh not authenticated: `gh auth login`
 5. If self-hosted Firecrawl unhealthy: `docker compose -f firecrawl/docker-compose.yaml logs`
@@ -774,9 +773,9 @@ Next steps:
 ## Guard Rails
 
 - **Internet required**: Several tools need npm registry access. Block if offline.
-- **CLI verify script**: Step 2 and Step 5 use `scripts/harness-cli-verify.sh` — installs npm globals, Linux Chrome system libs for `agent-browser`, and smoke-tests each tool. Block on non-zero exit.
+- **CLI verify script**: Step 2 and Step 5 use `npm run harness:cli-verify` (`.pi/scripts/harness-cli-verify.sh`) — installs npm globals, Linux Chrome system libs for `agent-browser`, and smoke-tests each tool. Block on non-zero exit.
 - **Graphify requires Python 3.10+**: Check `python3 --version`. Block if too old.
-- **Graphify bootstrap is mandatory** (unless `--skip-graphify`): Run `scripts/harness-graphify-bootstrap.sh`. Never use `graphify . --wiki`. Initial setup must run `graphify update .` and verify `graphify-out/graph.json` has nodes.
+- **Graphify bootstrap is mandatory** (unless `--skip-graphify`): Run `npm run harness:graphify-bootstrap`. Never use `graphify . --wiki`. Initial setup must run `graphify update .` and verify `graphify-out/graph.json` has nodes.
 - **Python packages (Graphify)**: Before install, detect via PATH, `pip`/`pip3 show graphifyy`, `uv`, or apt. Prefer `uv tool install graphifyy`.
 - **Node.js >= 18 required**: Some pi packages use modern Node APIs.
 - **Docker required for self-hosted**: Step 1.5 needs Docker Engine + Compose. Block if install fails.
@@ -799,7 +798,7 @@ Next steps:
 | Graphify install fails | Show installer output. Retry `uv tool install graphifyy` or `pip3 install --user graphifyy`. Ensure `~/.local/bin` is on PATH. |
 | `graphify update .` fails | Block setup. Corpus may have no code files, or graphify not on PATH. Show stderr. |
 | Invalid `graphify .` usage | Replace with `graphify update .` — the `.` subcommand does not exist. |
-| graphify-out empty / 0 nodes | Re-run `bash scripts/harness-graphify-bootstrap.sh --force` from project root. |
+| graphify-out empty / 0 nodes | Re-run `npm run harness:graphify-bootstrap -- --force` from project root. |
 | graphify hook install fails | Hooks need `.git/` directory. Verify inside git repo. Manual: `git config core.hooksPath .pi/git-hooks` |
 | firecrawl auth failed | Show manual login instructions. Continue with other tools. |
 | gh not installed | Show GitHub CLI install link. Skip label creation. |

package/.pi/prompts/release.md

@@ -0,0 +1,225 @@
+---
+description: Release a new version — bump version, generate changelog, tag, and push to trigger GitHub Actions CI/CD publish.
+argument-hint: "[patch|minor|major] [--dry-run]"
+---
+
+# release — Version Bump + Changelog + Tag + Push
+
+Releases a new version by bumping `package.json`, generating a `CHANGELOG.md` entry from commits since the last tag, committing, tagging, and pushing the tag. The push triggers `.github/workflows/publish-github-packages.yml` and `.github/workflows/publish-npm.yml`.
+
+## Step 0 — Parse arguments
+
+Read `$ARGUMENTS`. First positional arg is the bump type:
+
+| Arg | Semver | When |
+|-----|--------|------|
+| `patch` | 0.1.X → 0.1.(X+1) | Bug fixes, small changes, chores |
+| `minor` | 0.X.0 → 0.(X+1).0 | New features, dep additions |
+| `major` | X.0.0 → (X+1).0.0 | Breaking changes |
+
+If no bump type given: scan commits since last tag for conventional commit prefixes to infer:
+
+```bash
+git log $(git describe --tags --abbrev=0 2>/dev/null || echo "")..HEAD --format="%s" 2>/dev/null
+```
+
+Inference rules:
+- Any `feat!:` or `BREAKING CHANGE` → **major**
+- Any `feat:` → **minor**
+- Everything else (`fix:`, `chore:`, `docs:`, `refactor:`, etc.) → **patch**
+
+If no commits since last tag, warn: "No commits since last tag. Nothing to release." and stop.
+
+Present the inferred bump type to user. If they passed one explicitly, use that. If `--dry-run`, show what would happen without making changes.
+
+## Step 1 — Read current version
+
+```bash
+node -e "console.log(require('./package.json').version)"
+```
+
+Store as `$CURRENT_VERSION`.
+
+Compute `$NEW_VERSION`:
+
+```bash
+# Pseudo-code — use node for precision
+NEW_VERSION=$(node -e "
+const [maj,min,pat] = '$CURRENT_VERSION'.split('.').map(Number);
+const bump = '$BUMP_TYPE';
+if (bump === 'major') console.log((maj+1)+'.0.0');
+else if (bump === 'minor') console.log(maj+'.'+(min+1)+'.0');
+else console.log(maj+'.'+min+'.'+(pat+1));
+")
+```
+
+## Step 2 — Pre-flight checks
+
+```bash
+# Must be in a git repo
+git rev-parse --is-inside-work-tree || { echo "Not a git repo. Abort."; exit 1; }
+
+# Must have a remote
+git remote -v | grep -q origin || { echo "No origin remote. Abort."; exit 1; }
+
+# Must be on a clean working tree
+git diff --quiet && git diff --cached --quiet || { echo "Working tree is dirty. Commit or stash changes first."; exit 1; }
+
+# Must be on a branch that can push (not detached HEAD)
+git symbolic-ref -q HEAD || { echo "Detached HEAD. Switch to a branch first."; exit 1; }
+```
+
+## Step 3 — Generate changelog
+
+Gather commits since last tag:
+
+```bash
+LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+if [ -z "$LAST_TAG" ]; then
+  COMMITS=$(git log --oneline --no-merges HEAD)
+else
+  COMMITS=$(git log --oneline --no-merges ${LAST_TAG}..HEAD)
+fi
+```
+
+Parse conventional commit prefixes to group:
+
+| Prefix | Changelog Section |
+|--------|-------------------|
+| `feat!:` | ⚠️ Breaking Changes |
+| `feat:` | ✨ Features |
+| `fix:` | 🐛 Fixes |
+| `perf:` | ⚡ Performance |
+| `refactor:` | ♻️ Refactoring |
+| `docs:` | 📖 Documentation |
+| `style:` | 🎨 Style |
+| `test:` | ✅ Tests |
+| `chore:` | 🔧 Chores |
+| `ci:` | 🔄 CI/CD |
+| `build:` | 📦 Build |
+| everything else | 🔧 Chores |
+
+Generate the changelog entry:
+
+```markdown
+## [v$NEW_VERSION] — $(date +%Y-%m-%d)
+
+### $SECTION_NAME
+
+- $commit_message (no prefix, just the description)
+
+...
+```
+
+If `CHANGELOG.md` exists, prepend the new entry after the `# Changelog` heading. If not, create it:
+
+```markdown
+# Changelog
+
+All notable changes to this project are documented in this file.
+
+## [v$NEW_VERSION] — $(date +%Y-%m-%d)
+
+### $SECTION
+
+- $entry
+
+...
+```
+
+## Step 4 — Bump version in package.json
+
+```bash
+npm pkg set version="$NEW_VERSION"
+```
+
+Verify:
+```bash
+node -e "const v = require('./package.json').version; console.log(v === '$NEW_VERSION' ? '✓ version bumped to $NEW_VERSION' : '✗ version mismatch')"
+```
+
+## Step 5 — Dry run check
+
+If `--dry-run` flag: print summary and stop. Do NOT commit, tag, or push.
+
+```
+DRY RUN — no changes made.
+  Version: $CURRENT_VERSION → $NEW_VERSION
+  Bump: $BUMP_TYPE
+  Commits since $LAST_TAG: $COMMIT_COUNT
+  Files that would change:
+    - package.json (version)
+    - CHANGELOG.md (new entry)
+  Tag that would be created: v$NEW_VERSION
+```
+
+## Step 6 — Commit version bump + changelog
+
+```bash
+git add package.json CHANGELOG.md
+
+git commit -m "chore(release): bump to v$NEW_VERSION" -m "- Bump version in package.json
+- Add changelog entry for v$NEW_VERSION
+
+Commits included:
+$(echo "$COMMITS" | sed 's/^/- /')" -m "Co-authored-by: pi-mono <261679550+pi-mono@users.noreply.github.com>"
+```
+
+Use the co-author from `.pi/auto-commit.json` if available, otherwise use the default pi-mono co-author.
+
+## Step 7 — Create and push tag
+
+```bash
+git tag -a "v$NEW_VERSION" -m "Release v$NEW_VERSION — $BUMP_TYPE bump
+
+$(echo "$COMMITS" | sed 's/^/- /')"
+
+git push origin "v$NEW_VERSION"
+```
+
+**Important**: Push only the tag, not the branch. The workflows trigger on `v*` tag push.
+- `publish-github-packages.yml` → publishes `@aryaniyaps/ultimate-pi` to GitHub Packages
+- `publish-npm.yml` → publishes `ultimate-pi` to npm registry
+
+Optionally also push the commit if user wants the branch updated:
+```bash
+git push origin $(git branch --show-current)
+```
+
+Ask user: "Push the version-bump commit to the current branch too? [Y/n]"
+
+## Step 8 — Report
+
+```
+✓ Released v$NEW_VERSION ($BUMP_TYPE)
+  Tag: v$NEW_VERSION — pushed to origin
+  Workflows triggered:
+    - .github/workflows/publish-github-packages.yml
+    - .github/workflows/publish-npm.yml
+  Commit: $(git rev-parse --short HEAD)
+  Changelog: CHANGELOG.md updated
+  Monitor: https://github.com/aryaniyaps/ultimate-pi/actions
+```
+
+## Guard Rails
+
+- **Clean tree required**: Block if uncommitted changes exist.
+- **No duplicate tags**: Block if `v$NEW_VERSION` tag already exists locally or on remote.
+- **No empty releases**: Block if no commits since last tag.
+- **Valid semver only**: Block if current version doesn't parse as `X.Y.Z`.
+- **Dry run safe**: `--dry-run` prints planned changes without modifying anything.
+- **Manual workflow dispatch**: If workflows support `workflow_dispatch`, user can re-trigger manually from GitHub Actions UI if push fails.
+- **Co-author idempotent**: Falls back to default pi-mono if `.pi/auto-commit.json` is missing.
+
+## Error Handling
+
+| Error | Action |
+|-------|--------|
+| No commits since last tag | Report, suggest making changes first. Stop. |
+| Dirty working tree | Report dirty files. Suggest `git stash` or commit. Stop. |
+| Tag already exists | Report conflict. User must delete old tag or bump differently. Stop. |
+| No origin remote | Report. Suggest `git remote add origin <url>`. Stop. |
+| Detached HEAD | Report. Suggest `git checkout main`. Stop. |
+| Invalid semver | Report current version string. Stop. |
+| npm pkg set fails | Check Node.js and npm version. Report error. Stop. |
+| git push fails | Check auth. Report error. Suggest manual push. |

package/.pi/scripts/README.md

@@ -0,0 +1,17 @@
+# Harness CLI scripts
+
+These scripts ship inside the `ultimate-pi` npm package under `.pi/scripts/`.
+
+Pi's package manifest (`package.json` → `pi`) only loads **extensions**, **skills**, **prompts**, and **themes** — there is no `scripts` field. Harness scripts are invoked via:
+
+- `npm run harness:*` (see root `package.json`)
+- Extensions resolving paths with `resolveHarnessScript()` in `.pi/extensions/lib/harness-paths.ts`
+
+| Script | npm script |
+|--------|------------|
+| `harness-graphify-bootstrap.sh` | `harness:graphify-bootstrap` |
+| `harness-cli-verify.sh` | `harness:cli-verify` |
+| `harness-verify.mjs` | `harness:verify` |
+| `sentrux-rules-sync.mjs` | `harness:sentrux-sync` |
+
+Repo-root `scripts/` (e.g. `regen_graphify_html.py`) is dev-only and excluded from the npm tarball via `.npmignore`.

package/{scripts → .pi/scripts}/harness-verify.mjs

@@ -9,7 +9,7 @@ import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 import { spawn } from "node:child_process";
 
-const ROOT = join(dirname(fileURLToPath(import.meta.url)), "..");
+const ROOT = join(dirname(fileURLToPath(import.meta.url)), "..", "..");
 const SPECS = join(ROOT, ".pi", "harness", "specs");
 const SMOKE = join(ROOT, ".pi", "harness", "evals", "smoke");
 const ADRS = join(ROOT, ".pi", "harness", "docs", "adrs");
@@ -117,7 +117,7 @@ async function checkSentruxRules() {
 	}
 	ok("sentrux architecture.manifest.json");
 
-	const syncScript = join(ROOT, "scripts", "sentrux-rules-sync.mjs");
+	const syncScript = join(ROOT, ".pi", "scripts", "sentrux-rules-sync.mjs");
 	const { code: checkCode, out: checkOut } = await runNodeScript(syncScript, [
 		"--check",
 	]);
@@ -148,7 +148,7 @@ async function checkSentruxGate() {
 	ok("Sentrux stub present");
 
 	const { code, out } = await runNodeScript(
-		join(ROOT, "scripts", "sentrux-rules-sync.mjs"),
+		join(ROOT, ".pi", "scripts", "sentrux-rules-sync.mjs"),
 		["--force", "--strict"],
 	);
 	if (code === 127 || (out && out.includes("not installed"))) {

package/{scripts → .pi/scripts}/sentrux-rules-sync.mjs

@@ -3,7 +3,7 @@
  * Sync .sentrux/rules.toml from .pi/harness/sentrux/architecture.manifest.json.
  * Preserves user content outside the harness managed block.
  *
- * Usage: node scripts/sentrux-rules-sync.mjs [--check] [--force]
+ * Usage: node .pi/scripts/sentrux-rules-sync.mjs [--check] [--force]
  */
 
 import { readFile, writeFile, mkdir, access } from "node:fs/promises";
@@ -13,7 +13,7 @@ import { fileURLToPath } from "node:url";
 import { createHash } from "node:crypto";
 import { spawn } from "node:child_process";
 
-const ROOT = join(dirname(fileURLToPath(import.meta.url)), "..");
+const ROOT = join(dirname(fileURLToPath(import.meta.url)), "..", "..");
 const MANIFEST = join(
 	ROOT,
 	".pi",

package/.sentrux/.harness-rules-meta.json

@@ -1,5 +1,5 @@
 {
-  "manifest_hash": "f386fef6c6281e47",
-  "synced_at": "2026-05-15T11:30:59.026Z",
+  "manifest_hash": "9a3ee466588190f3",
+  "synced_at": "2026-05-15T14:49:38.156Z",
   "manifest_path": ".pi/harness/sentrux/architecture.manifest.json"
 }

package/.sentrux/rules.toml

@@ -41,9 +41,9 @@ order = 3
 
 [[layers]]
 name = "tooling"
-paths = ["scripts/*", "test/*"]
+paths = [".pi/scripts/*", "test/*"]
 order = 4
-# Deterministic scripts and tests
+# Harness CLI scripts and tests
 
 [[boundaries]]
 from = ".agents/skills/*"
@@ -66,7 +66,7 @@ to = ".pi/extensions/*"
 reason = "Contracts are data-only JSON schemas; extensions implement behavior"
 
 [[boundaries]]
-from = "scripts/*"
+from = ".pi/scripts/*"
 to = ".agents/skills/*"
 reason = "CLI scripts stay independent of skill markdown"
 

package/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes to this project are documented in this file.
 
+## [v0.2.5] — 2026-05-15
+
+### 🔧 Chores
+
+- Move harness CLI scripts to `.pi/scripts/` (aligned with pi package layout; no `pi.scripts` manifest field)
+- Point `npm run harness:*` and sentrux manifest at `.pi/scripts/`
+- Exclude repo-root `scripts/` from npm publish (dev-only graphify helpers stay in checkout)
+
 ## [v0.2.4] — 2026-05-15
 
 ### 🐛 Fixes

package/firecrawl/.env

@@ -0,0 +1,53 @@
+# ===== Required ENVS ======
+PORT=3002
+HOST=0.0.0.0
+USE_DB_AUTHENTICATION=false
+
+# ===== Optional ENVS ======
+# No OpenAI key - skipping AI features for now
+# OPENAI_API_KEY=
+
+# Experimental: Use Ollama
+# OLLAMA_BASE_URL=http://localhost:11434/api
+# MODEL_NAME=deepseek-r1:7b
+# MODEL_EMBEDDING_NAME=nomic-embed-text
+
+# Experimental: Use any OpenAI-compatible API
+# OPENAI_BASE_URL=https://example.com/v1
+# OPENAI_API_KEY=
+
+
+## === Proxy ===
+# PROXY_SERVER can be a full URL (e.g. http://0.1.2.3:1234) or just an IP and port combo (e.g. 0.1.2.3:1234)
+# Do not uncomment PROXY_USERNAME and PROXY_PASSWORD if your proxy is unauthenticated
+# PROXY_SERVER=
+# PROXY_USERNAME=
+# PROXY_PASSWORD=
+
+## === /search API ===
+# SearXNG instance running alongside Firecrawl in docker-compose
+SEARXNG_ENDPOINT=http://searxng:8080
+# You can also customize the engines and categories parameters, but the defaults should also work just fine.
+# SEARXNG_ENGINES=
+# SEARXNG_CATEGORIES=
+
+# Supabase not configured (self-hosted doesn't support it yet)
+# SUPABASE_ANON_TOKEN=
+# SUPABASE_URL=
+# SUPABASE_SERVICE_TOKEN=
+
+# Set if you'd like to send posthog events like job logs
+POSTHOG_API_KEY="phc_O0BBrJ4z9O9h0aoydmZSS1oOPY5ARKKcILbybCL9DWs"
+POSTHOG_HOST="https://us.i.posthog.com"
+
+# Change this for security in production
+BULL_AUTH_KEY=CHANGEME
+
+# PostgreSQL
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=postgres
+
+# Auto-configured by docker-compose
+# REDIS_URL=redis://redis:6379
+# PLAYWRIGHT_MICROSERVICE_URL=http://playwright-service:3000/scrape

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "ultimate-pi",
-	"version": "0.2.4",
+	"version": "0.2.5",
 	"description": "Ultimate AI coding harness for pi.dev — extensible skills, Obsidian wiki knowledge layer, compressed context, deterministic output",
 	"keywords": [
 		"pi-package",
@@ -34,12 +34,22 @@
 			"./.pi/prompts"
 		]
 	},
+	"files": [
+		".agents",
+		".pi",
+		".sentrux",
+		"firecrawl",
+		"AGENTS.md",
+		"biome.json",
+		"CHANGELOG.md",
+		"README.md"
+	],
 	"scripts": {
 		"check:ts": "tsc --noEmit --target ES2022 --moduleResolution nodenext --module nodenext --skipLibCheck .pi/extensions/dotenv-loader.ts .pi/extensions/lib/posthog-node.d.ts .pi/extensions/lib/harness-posthog.ts .pi/extensions/lib/harness-paths.ts .pi/extensions/model-router-bootstrap.ts .pi/extensions/harness-telemetry.ts .pi/extensions/trace-recorder.ts .pi/extensions/observation-bus.ts .pi/extensions/drift-monitor.ts .pi/extensions/sentrux-rules-sync.ts .pi/extensions/custom-header.ts",
-		"harness:graphify-bootstrap": "bash scripts/harness-graphify-bootstrap.sh",
-		"harness:cli-verify": "bash scripts/harness-cli-verify.sh",
-		"harness:verify": "node scripts/harness-verify.mjs",
-		"harness:sentrux-sync": "node scripts/sentrux-rules-sync.mjs --force",
+		"harness:graphify-bootstrap": "bash .pi/scripts/harness-graphify-bootstrap.sh",
+		"harness:cli-verify": "bash .pi/scripts/harness-cli-verify.sh",
+		"harness:verify": "node .pi/scripts/harness-verify.mjs",
+		"harness:sentrux-sync": "node .pi/scripts/sentrux-rules-sync.mjs --force",
 		"harness:meta-optimizer": "node .pi/harness/evolution/meta-optimizer.mjs",
 		"lint": "biome check",
 		"lint:fix": "biome check --fix",

package/.ckignore

@@ -1,41 +0,0 @@
-# .ckignore
-
-# Build artifacts (not useful for understanding code)
-target/
-dist/
-build/
-*.o
-*.so
-*.dylib
-
-# Dependencies (too large, low signal)
-node_modules/
-vendor/
-venv/
-.venv/
-
-# Media files (not code)
-*.png
-*.jpg
-*.gif
-*.mp4
-*.pdf
-
-<!-- # Large data files
-*.csv
-*.json
-*.xml
-*.log -->
-
-# Test fixtures (unless you search them)
-fixtures/
-__snapshots__/
-*.snap
-
-<!-- # Generated code (if not relevant)
-*_pb2.py
-*.generated.*
-
-# Documentation (include if you want AI to reference docs)
-# docs/
-# *.md -->

package/.codex/hooks.json

@@ -1,15 +0,0 @@
-{
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Bash",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "/home/aryaniyaps/.local/bin/graphify hook-check"
-          }
-        ]
-      }
-    ]
-  }
-}

package/.env.example

@@ -1,21 +0,0 @@
-POSTHOG_PERSONAL_API_KEY="phx_your_personal_api_key"
-POSTHOG_API_KEY="phc_your_project_key"
-# narrow the tool surface
-POSTHOG_MCP_FEATURES="llm_analytics"
-POSTHOG_PROJECT_NAME="ultimate-pi"
-POSTHOG_PRIVACY_MODE="false"
-# Harness domain events (harness-telemetry.ts); set false to disable harness_* only
-HARNESS_TELEMETRY_ENABLED="true"
-# Optional: require Sentrux stub for npm run harness:verify
-# HARNESS_SENTRUX_REQUIRED="true"
-FIRECRAWL_API_KEY="fc_your_firecrawl_api_key"
-FIRECRAWL_API_URL="http://localhost:3002"
-# FIRECRAWL_NO_TELEMETRY=0
-VAULT_WIKI_PATH="vault/wiki"
-CURSOR_API_KEY=""
-PI_VCC_CONFIG_PATH=".pi/pi-vcc-config.json"
-# VCC config: points to project-level pi-vcc config (overrideDefaultCompaction, debug)
-
-# graphify headless extract
-OPENAI_API_KEY="sk-your_openai_api_key"
-OPENAI_API_BASE="https://opencode.ai/zen/go/v1"

package/.gitattributes

@@ -1 +0,0 @@
-data/books/**/*.pdf filter=lfs diff=lfs merge=lfs -text

package/.github/workflows/lint.yml

@@ -1,33 +0,0 @@
-name: Lint and Format
-
-on:
-  push:
-    branches:
-      - main
-      - master
-  pull_request:
-    branches:
-      - main
-      - master
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: "npm"
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run Biome check (Lint & Format)
-        run: npm run lint
-
-      - name: Run TypeScript check
-        run: npm run check:ts

package/.github/workflows/publish-github-packages.yml

@@ -1,35 +0,0 @@
-name: Publish to GitHub Packages
-run-name: Publish GitHub package from ${{ github.ref_name }}
-
-on:
-  push:
-    tags:
-      - 'v*'
-  workflow_dispatch:
-
-jobs:
-  publish-github-packages:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js for GitHub Packages
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22.14.0'
-          registry-url: 'https://npm.pkg.github.com'
-          scope: '@aryaniyaps'
-
-      - name: Prepare scoped package manifest for GitHub Packages
-        run: |
-          npm pkg set name='@aryaniyaps/ultimate-pi'
-          npm pkg set publishConfig.registry='https://npm.pkg.github.com'
-
-      - name: Publish package to GitHub Packages
-        run: npm publish --ignore-scripts
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}