ultimate-pi 0.2.4 → 0.2.6

package/.github/workflows/publish-github-packages.yml

@@ -1,35 +0,0 @@
-name: Publish to GitHub Packages
-run-name: Publish GitHub package from ${{ github.ref_name }}
-
-on:
-  push:
-    tags:
-      - 'v*'
-  workflow_dispatch:
-
-jobs:
-  publish-github-packages:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js for GitHub Packages
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22.14.0'
-          registry-url: 'https://npm.pkg.github.com'
-          scope: '@aryaniyaps'
-
-      - name: Prepare scoped package manifest for GitHub Packages
-        run: |
-          npm pkg set name='@aryaniyaps/ultimate-pi'
-          npm pkg set publishConfig.registry='https://npm.pkg.github.com'
-
-      - name: Publish package to GitHub Packages
-        run: npm publish --ignore-scripts
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/.github/workflows/publish-npm.yml

@@ -1,32 +0,0 @@
-name: Publish to npm
-run-name: Publish npm from ${{ github.ref_name }}
-
-on:
-  push:
-    tags:
-      - 'v*'
-  workflow_dispatch:
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22.14.0'
-
-      - name: Ensure npm trusted publishing minimum version
-        run: |
-          npm i -g npm@^11.5.1
-          node -v
-          npm -v
-
-      - name: Publish package
-        run: npm publish --provenance --access public --ignore-scripts

package/.pi/harness/browser.json

@@ -1 +0,0 @@
-{"headless": true, "timeout": 30000, "viewport": {"width": 1280, "height": 720}}

package/.pi/harness/router/README.md

@@ -1,35 +0,0 @@
-# Router Tuning Flow
-
-Router tuning is intentionally split into two steps:
-
-1. **Propose** (`propose-router-tuning.mjs`)
-2. **Approve + apply** (`apply-router-proposal.mjs`)
-
-Blind writes to `.pi/model-router.json` are prohibited by design.
-
-## Proposal
-
-```bash
-node .pi/harness/router/propose-router-tuning.mjs \
-  --evidence /path/to/evidence.json \
-  --candidate /path/to/candidate-router.json \
-  --proposal-out .pi/harness/router/proposals/proposal-001.json
-```
-
-## Apply (requires explicit human approval + justification)
-
-```bash
-node .pi/harness/router/apply-router-proposal.mjs \
-  --proposal .pi/harness/router/proposals/proposal-001.json \
-  --approve-by "human.name" \
-  --justification "why this is safe" \
-  --write
-```
-
-## Safety checks
-
-- Evidence threshold must pass (`sample_count >= min_sample_count`)
-- Regression guard must pass
-- Base router hash in proposal must match current `.pi/model-router.json`
-- Apply requires explicit approver and justification
-- Current router file is backed up before write

package/.pi/harness/router/apply-router-proposal.mjs

@@ -1,153 +0,0 @@
-#!/usr/bin/env node
-
-import crypto from "node:crypto";
-import fs from "node:fs";
-import path from "node:path";
-
-const ROUTER_PATH = ".pi/model-router.json";
-const BACKUP_DIR = ".pi/harness/router/backups";
-
-function fail(message) {
-	process.stderr.write(`Error: ${message}\n`);
-	process.exit(1);
-}
-
-function parseArgs(argv) {
-	const args = {};
-	for (let i = 0; i < argv.length; i++) {
-		const token = argv[i];
-		if (!token.startsWith("--")) continue;
-		const key = token.slice(2);
-		const value = argv[i + 1];
-		if (!value || value.startsWith("--")) {
-			args[key] = true;
-			continue;
-		}
-		args[key] = value;
-		i++;
-	}
-	return args;
-}
-
-function readJson(filePath, label) {
-	if (!fs.existsSync(filePath)) fail(`${label} not found: ${filePath}`);
-	try {
-		return JSON.parse(fs.readFileSync(filePath, "utf8"));
-	} catch (error) {
-		fail(`${label} is not valid JSON (${filePath}): ${error.message}`);
-	}
-}
-
-function sha256FromJson(value) {
-	const canonical = `${JSON.stringify(value, null, 2)}\n`;
-	return crypto.createHash("sha256").update(canonical).digest("hex");
-}
-
-function validateProposal(proposal) {
-	if (proposal.status !== "proposed") {
-		fail(`proposal status must be 'proposed', got '${proposal.status}'`);
-	}
-	if (proposal.router_path !== ROUTER_PATH) {
-		fail(`proposal router_path must be '${ROUTER_PATH}'`);
-	}
-	const evidence = proposal.evidence ?? {};
-	if (
-		!Number.isInteger(evidence.sample_count) ||
-		!Number.isInteger(evidence.min_sample_count)
-	) {
-		fail("proposal evidence sample counts are invalid");
-	}
-	if (evidence.sample_count < evidence.min_sample_count) {
-		fail("proposal evidence does not meet minimum sample threshold");
-	}
-	if (evidence.regression_guard_passed !== true) {
-		fail("proposal regression guard is not passing");
-	}
-	if (!proposal.candidate_router || typeof proposal.candidate_router !== "object") {
-		fail("proposal missing candidate_router object");
-	}
-}
-
-const args = parseArgs(process.argv.slice(2));
-
-if (args.help || args.h) {
-	process.stdout.write(
-		[
-			"Usage:",
-			"  node .pi/harness/router/apply-router-proposal.mjs \\",
-			"    --proposal <proposal.json> \\",
-			"    --approve-by <human> \\",
-			"    --justification <reason> \\",
-			"    --write",
-			"",
-			"Behavior:",
-			"  - validates proposal status and evidence",
-			"  - verifies base router hash matches current router file",
-			"  - creates backup before atomic write",
-			"  - refuses write unless explicit --write is provided",
-		].join("\n"),
-	);
-	process.exit(0);
-}
-
-if (!args.proposal) fail("missing --proposal");
-if (!args["approve-by"]) fail("missing --approve-by");
-if (!args.justification) fail("missing --justification");
-if (!args.write) {
-	fail("missing --write (blind writes and implicit applies are disallowed)");
-}
-
-const proposalPath = path.resolve(args.proposal);
-const proposal = readJson(proposalPath, "proposal");
-const currentRouter = readJson(ROUTER_PATH, "current router");
-
-validateProposal(proposal);
-
-const currentHash = sha256FromJson(currentRouter);
-if (currentHash !== proposal.base_router_sha256) {
-	fail(
-		[
-			"base router hash mismatch; refusing apply.",
-			`current:  ${currentHash}`,
-			`proposal: ${proposal.base_router_sha256}`,
-		].join("\n"),
-	);
-}
-
-const candidateHash = sha256FromJson(proposal.candidate_router);
-if (candidateHash !== proposal.candidate_router_sha256) {
-	fail("proposal candidate_router hash mismatch; artifact may be tampered");
-}
-
-const now = new Date().toISOString();
-fs.mkdirSync(BACKUP_DIR, { recursive: true });
-const backupPath = path.join(
-	BACKUP_DIR,
-	`model-router.${now.replace(/[:.]/g, "-")}.json`,
-);
-fs.copyFileSync(ROUTER_PATH, backupPath);
-
-const routerTemp = `${ROUTER_PATH}.tmp`;
-fs.writeFileSync(routerTemp, `${JSON.stringify(proposal.candidate_router, null, 2)}\n`);
-fs.renameSync(routerTemp, ROUTER_PATH);
-
-proposal.status = "approved_applied";
-proposal.approval = {
-	required: true,
-	approved_by: args["approve-by"],
-	approved_at: now,
-	justification: args.justification,
-};
-proposal.applied_router_sha256 = candidateHash;
-proposal.backup_router_path = backupPath;
-proposal.applied_at = now;
-fs.writeFileSync(proposalPath, `${JSON.stringify(proposal, null, 2)}\n`);
-
-process.stdout.write(
-	[
-		"Router proposal applied safely.",
-		`proposal: ${proposalPath}`,
-		`backup: ${backupPath}`,
-		`router: ${ROUTER_PATH}`,
-	].join("\n") + "\n",
-);

package/.pi/harness/router/propose-router-tuning.mjs

@@ -1,149 +0,0 @@
-#!/usr/bin/env node
-
-import crypto from "node:crypto";
-import fs from "node:fs";
-import path from "node:path";
-
-const ROUTER_PATH = ".pi/model-router.json";
-
-function fail(message) {
-	process.stderr.write(`Error: ${message}\n`);
-	process.exit(1);
-}
-
-function parseArgs(argv) {
-	const args = {};
-	for (let i = 0; i < argv.length; i++) {
-		const token = argv[i];
-		if (!token.startsWith("--")) continue;
-		const key = token.slice(2);
-		const value = argv[i + 1];
-		if (!value || value.startsWith("--")) {
-			args[key] = true;
-			continue;
-		}
-		args[key] = value;
-		i++;
-	}
-	return args;
-}
-
-function readJson(filePath, label) {
-	if (!fs.existsSync(filePath)) {
-		fail(`${label} not found: ${filePath}`);
-	}
-	try {
-		return JSON.parse(fs.readFileSync(filePath, "utf8"));
-	} catch (error) {
-		fail(`${label} is not valid JSON (${filePath}): ${error.message}`);
-	}
-}
-
-function sha256FromJson(value) {
-	const canonical = `${JSON.stringify(value, null, 2)}\n`;
-	return crypto.createHash("sha256").update(canonical).digest("hex");
-}
-
-function ensureEvidence(evidence) {
-	const required = [
-		"sample_count",
-		"min_sample_count",
-		"success_rate_delta",
-		"cost_per_task_delta",
-		"regression_guard_passed",
-		"trace_refs",
-	];
-	for (const field of required) {
-		if (!(field in evidence)) fail(`evidence missing required field: ${field}`);
-	}
-	if (!Number.isInteger(evidence.sample_count) || evidence.sample_count < 1) {
-		fail("evidence.sample_count must be an integer >= 1");
-	}
-	if (
-		!Number.isInteger(evidence.min_sample_count) ||
-		evidence.min_sample_count < 1
-	) {
-		fail("evidence.min_sample_count must be an integer >= 1");
-	}
-	if (evidence.sample_count < evidence.min_sample_count) {
-		fail(
-			`insufficient sample_count (${evidence.sample_count} < ${evidence.min_sample_count})`,
-		);
-	}
-	if (typeof evidence.success_rate_delta !== "number") {
-		fail("evidence.success_rate_delta must be numeric");
-	}
-	if (typeof evidence.cost_per_task_delta !== "number") {
-		fail("evidence.cost_per_task_delta must be numeric");
-	}
-	if (evidence.regression_guard_passed !== true) {
-		fail("evidence.regression_guard_passed must be true");
-	}
-	if (!Array.isArray(evidence.trace_refs) || evidence.trace_refs.length === 0) {
-		fail("evidence.trace_refs must be a non-empty array");
-	}
-}
-
-const args = parseArgs(process.argv.slice(2));
-
-if (args.help || args.h) {
-	process.stdout.write(
-		[
-			"Usage:",
-			"  node .pi/harness/router/propose-router-tuning.mjs \\",
-			"    --evidence <evidence.json> \\",
-			"    --candidate <candidate-router.json> \\",
-			"    --proposal-out <proposal.json>",
-			"",
-			"Behavior:",
-			"  - validates evidence thresholds",
-			"  - captures base/candidate router hashes",
-			"  - emits proposal artifact without changing .pi/model-router.json",
-		].join("\n"),
-	);
-	process.exit(0);
-}
-
-if (!args.evidence) fail("missing --evidence");
-if (!args.candidate) fail("missing --candidate");
-if (!args["proposal-out"]) fail("missing --proposal-out");
-
-const baseRouter = readJson(ROUTER_PATH, "base router");
-const candidateRouter = readJson(args.candidate, "candidate router");
-const evidence = readJson(args.evidence, "evidence");
-
-ensureEvidence(evidence);
-
-const now = new Date().toISOString();
-const proposalId = `router-tune-${now.replace(/[:.]/g, "-")}`;
-
-const proposal = {
-	schema_version: "1.0.0",
-	proposal_id: proposalId,
-	created_at: now,
-	router_path: ROUTER_PATH,
-	base_router_sha256: sha256FromJson(baseRouter),
-	candidate_router_sha256: sha256FromJson(candidateRouter),
-	evidence,
-	status: "proposed",
-	approval: {
-		required: true,
-		approved_by: null,
-		approved_at: null,
-		justification: null,
-	},
-	candidate_router: candidateRouter,
-};
-
-const outputPath = path.resolve(args["proposal-out"]);
-fs.mkdirSync(path.dirname(outputPath), { recursive: true });
-fs.writeFileSync(outputPath, `${JSON.stringify(proposal, null, 2)}\n`);
-
-process.stdout.write(
-	[
-		"Router tuning proposal created.",
-		`proposal_id: ${proposal.proposal_id}`,
-		`output: ${outputPath}`,
-		"status: proposed (no router write performed)",
-	].join("\n") + "\n",
-);

package/.pi/npm/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

package/CONTRIBUTING.md

@@ -1,166 +0,0 @@
-# Contributing to ultimate-pi
-
-## Local development setup
-
-1. Clone and install dependencies:
-
-   ```bash
-   git clone https://github.com/aryaniyaps/ultimate-pi.git
-   cd ultimate-pi
-   npm install
-   ```
-
-   `npm install` automatically sets up pre-commit hooks via [Lefthook](https://github.com/evilmartians/lefthook).
-
-2. Install the package locally into PI:
-
-   ```bash
-   pi install . -l
-   ```
-
-   Then restart PI or run `/reload`.
-
-## Linting & formatting
-
-Uses [Biome](https://biomejs.dev) for linting, formatting, and import sorting.
-
-```bash
-npm run lint            # check lint + format errors
-npm run lint:fix        # auto-fix lint + format errors
-npm run format          # format all files
-npm run format:check    # check formatting without writing
-npm run check:ts        # typecheck extensions
-```
-
-Pre-commit hooks run `biome check` and `tsc` on staged files automatically.
-
-## Sentrux (architectural quality gate)
-
-[Sentrux](https://github.com/sentrux/sentrux) provides real-time structural quality metrics for AI-agent-written code. It acts as a feedback loop sensor — scanning codebase architecture, detecting degradation, and enforcing rules via MCP.
-
-### Quick start
-
-```bash
-# Install (macOS / Linux / Windows)
-curl -fsSL https://raw.githubusercontent.com/sentrux/sentrux/main/install.sh | sh
-
-# Install all 52 language plugins
-sentrux plugin add-standard
-
-# Run a quality scan
-sentrux check .
-
-# Save baseline before agent session
-sentrux gate --save .
-
-# Compare after — catches degradation
-sentrux gate .
-```
-
-### MCP Integration
-
-The sentrux MCP server is configured in `.pi/mcp.json`. Agents can use tools like `scan`, `session_start`, `session_end`, `check_rules`, `health`, and `evolution` to monitor code quality during development.
-
-### Rules Engine
-
-Create `.sentrux/rules.toml` to define architectural constraints:
-
-```toml
-[constraints]
-max_cycles = 0
-max_coupling = "B"
-max_cc = 25
-no_god_files = true
-```
-
-## Firecrawl (self-hosted web scraping)
-
-The Firecrawl skill depends on a Firecrawl instance. This repo includes a self-hosted setup powered by Docker.
-
-### Quick start
-
-```bash
-cd firecrawl
-cp .env.template .env   # first time only — edit if needed
-docker compose up -d     # pulls pre-built GHCR images automatically
-```
-
-Firecrawl API is now at `http://localhost:3002`. Admin UI at `http://localhost:3002/admin/<BULL_AUTH_KEY>/queues`.
-
-### Services
-
-| Service | Image | Port |
-|---------|-------|------|
-| `api` | `ghcr.io/firecrawl/firecrawl` | 3002 |
-| `playwright-service` | `ghcr.io/firecrawl/playwright-service:latest` | 3000 (internal) |
-| `nuq-postgres` | `ghcr.io/firecrawl/nuq-postgres:latest` | 5432 (internal) |
-| `redis` | `redis:alpine` | 6379 (internal) |
-| `rabbitmq` | `rabbitmq:3-management` | 5672 (internal) |
-| `searxng` | `searxng/searxng:latest` | 8080 |
-
-### Configuration
-
-All options live in `firecrawl/.env`. See `firecrawl/.env.template` for the full reference. Key env vars:
-
-- `PORT` — API port (default: `3002`)
-- `SEARXNG_ENDPOINT` — enables `/search` API (default: `http://searxng:8080`)
-- `OPENAI_API_KEY` — enables AI features (JSON formatting, `/extract` API)
-- `BULL_AUTH_KEY` — admin UI access key (default: `CHANGEME` — change in production)
-
-See `firecrawl/README.md` for detailed docs and SDK usage examples.
-
-## Extensions
-
-### Dotenv loader
-
-`.pi/extensions/dotenv-loader.ts` — loads `.env` files into `process.env` on session start.
-
-Configurable via env vars (set before launching pi):
-
-| Variable | Default | Description |
-|---|---|---|
-| `ENV_LOADER_FILES` | `.env` | Comma-separated list of `.env` file paths (relative to cwd). |
-| `ENV_LOADER_OVERRIDE` | `false` | Set to `true` to overwrite existing env vars. |
-| `ENV_LOADER_SILENT` | `false` | Set to `true` to suppress startup logs. |
-| `ENV_LOADER_ENCODING` | `utf-8` | File encoding for `.env` files. |
-
-- Supports variable expansion (`$VAR` and `${VAR}`).
-- Reloads on `/reload`.
-- Status command: `/env-loader-status`
-
-### Harness governance extensions
-
-These Pi extensions are loaded from `.pi/extensions/` via the root `package.json`
-`pi.extensions` manifest (no extra registration needed):
-
-- `.pi/extensions/policy-gate.ts` — plan-before-mutate + phase enforcement
-- `.pi/extensions/budget-guard.ts` — budget hard-stop and `budget_exhausted` events
-- `.pi/extensions/trace-recorder.ts` — run trace artifacts in `.pi/harness/runs/`
-- `.pi/extensions/review-integrity.ts` — evaluator/adversary session isolation checks
-- `.pi/extensions/test-diff-integrity.ts` — suspicious test diff detection/escalation
-- `.pi/extensions/debate-orchestrator.ts` — headless debate bus + consensus packets
-
-### PostHog analytics
-
-`@posthog/pi` — wraps the upstream [posthog-pi](https://github.com/PostHog/posthog-pi) extension to capture AI generation spans, tool spans, and traces in [PostHog](https://posthog.com). Install via `pi install @posthog/pi`. See the upstream repo for configuration and env vars.
-
-## Skill sources
-
-| Skill | Upstream |
-|---|---|
-| caveman | [juliusbrussee/caveman](https://github.com/juliusbrussee/caveman) |
-| context7-cli | [upstash/context7](https://github.com/upstash/context7) |
-| find-skills | bundled (context7-compatible discovery) |
-| firecrawl (13 skills) | [firecrawl](https://firecrawl.dev) |
-| obsidian/wiki skills (11 skills) | [AgriciDaniel/claude-obsidian](https://github.com/AgriciDaniel/claude-obsidian) |
-| posthog-analyst | bundled (PostHog MCP integration) |
-
-### Firecrawl sub-skills
-
-`firecrawl-search`, `firecrawl-scrape`, `firecrawl-crawl`, `firecrawl-map`, `firecrawl-download`, `firecrawl-parse`, `firecrawl-interact`, `firecrawl-agent`, `firecrawl-build-scrape`, `firecrawl-build-search`, `firecrawl-build-onboarding`, `firecrawl-build-interact`
-
-### Wiki sub-skills
-
-`wiki`, `wiki-save`, `wiki-query`, `wiki-ingest`, `wiki-lint`, `wiki-fold`, `autoresearch`, `canvas`, `obsidian-markdown`, `obsidian-bases`
-
-> `context-mode` is installed as a separate pi package (`npm:context-mode`) — not bundled as a skill.

package/lefthook.yml

@@ -1,9 +0,0 @@
-pre-commit:
-  commands:
-    lint:
-      glob: "*.{ts,js,json}"
-      exclude: "graphify-out/**/*"
-      run: npx @biomejs/biome check --no-errors-on-unmatched --write {staged_files}
-    typecheck:
-      glob: "*.ts"
-      run: npm run check:ts