ultimate-pi 0.2.5 → 0.2.6

package/.pi/PACKAGING.md

@@ -0,0 +1,35 @@
+# Pi package packaging (ultimate-pi)
+
+Aligned with [pi packages](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/docs/packages.md).
+
+## Pi manifest (`package.json` → `pi`)
+
+| Key | Paths | Notes |
+|-----|-------|--------|
+| `extensions` | `.pi/extensions` | TypeScript extensions (loaded by pi) |
+| `skills` | `.agents/skills`, `.pi/skills` | Agent Skills + pi-local skills |
+| `prompts` | `.pi/prompts` | Slash-command prompt templates |
+
+Pi does **not** define `scripts`, `agents`, or `providers` in the manifest.
+
+- **Harness scripts** → `.pi/scripts/` (npm `harness:*` scripts; see `.pi/scripts/README.md`)
+- **Subagent agents** → `.pi/agents/**/*.md` (loaded by `@tintinweb/pi-subagents` from the **project** `.pi/agents/`; `/harness-setup` seeds them from the installed package)
+- **Providers** → install via `bundledDependencies` + user settings, not a separate manifest directory
+
+## npm `files` allowlist
+
+We use an explicit allowlist (not the whole `.pi/` tree) so dev-only artifacts never ship:
+
+- No `.pi/harness/runs/`, local `model-router.json`, or `firecrawl/.env`
+- Ship `.pi/settings.example.json`, not `.pi/settings.json` (dev checkout uses `".."` local package)
+
+## Settings
+
+| File | Shipped | Purpose |
+|------|---------|---------|
+| `.pi/settings.json` | No | Repo dev only (`"packages": ["..", …]`) |
+| `.pi/settings.example.json` | Yes | Merge into project `.pi/settings.json` during setup |
+
+## Dependencies
+
+Runtime pi extensions are in `dependencies` + `bundledDependencies`. `@mariozechner/pi-coding-agent` is a `peerDependency` (provided by the pi CLI).

package/.pi/prompts/harness-setup.md

@@ -30,7 +30,16 @@ which git && git --version
 
 Block if node < 18, npm < 9, or git missing. Report versions and continue.
 
-Read `.pi/auto-commit.json` for co-author + branch config. Read `.pi/settings.json` for extension packages list.
+Read `.pi/auto-commit.json` for co-author + branch config.
+
+Resolve the installed **ultimate-pi** package root (works in this repo and after `pi install npm:ultimate-pi`):
+
+```bash
+UP_PKG="$(node -p "require('path').dirname(require.resolve('ultimate-pi/package.json'))")"
+echo "ultimate-pi package: $UP_PKG"
+```
+
+For extension package names, read **`$UP_PKG/.pi/settings.example.json`** (shipped template). Merge its `packages` array into the **project** `.pi/settings.json` if missing — do not copy the repo-dev `.pi/settings.json` from the package (it may contain `".."` and is not published).
 
 ## Step 0.5 — Graphify (skip if `--skip-graphify`)
 
@@ -432,13 +441,20 @@ sentrux gate --save . 2>/dev/null || echo "Baseline will be saved on first gate
 
 ## Step 3 — Pi Extension Packages
 
-Install pi extension packages from `.pi/settings.json`:
+Bundled extensions load from the installed `ultimate-pi` package. Optionally install the companion lockfile used in development:
 
 ```bash
-cd .pi/npm
-npm install
+UP_PKG="$(node -p "require('path').dirname(require.resolve('ultimate-pi/package.json'))")"
+if [ -f "$UP_PKG/.pi/npm/package.json" ]; then
+  (cd "$UP_PKG/.pi/npm" && npm install)
+  echo "✓ ultimate-pi .pi/npm dependencies"
+else
+  echo "✓ skip .pi/npm (not in package)"
+fi
 ```
 
+Merge extension entries from `$UP_PKG/.pi/settings.example.json` into this project's `.pi/settings.json` `packages` array (add any missing `npm:…` entries; keep existing user packages).
+
 Verify each package:
 
 | Package | Purpose | Phase |
@@ -460,9 +476,10 @@ The script below:
 
 ```bash
 # Verify package installed first
-ls .pi/npm/node_modules/@yeliu84/pi-model-router/package.json 2>/dev/null \
+ls "$UP_PKG/node_modules/@yeliu84/pi-model-router/package.json" 2>/dev/null \
+  || ls "$UP_PKG/.pi/npm/node_modules/@yeliu84/pi-model-router/package.json" 2>/dev/null \
   && echo "✓ model-router package" \
-  || echo "✗ model-router package — run: cd .pi/npm && npm install"
+  || echo "✗ model-router package — reinstall ultimate-pi or run npm install in $UP_PKG/.pi/npm"
 
 # Generate config from detected providers (only if missing)
 if [ -f .pi/model-router.json ]; then
@@ -578,7 +595,25 @@ Do NOT block. If generation fails, warn in report and continue.
 
 > `/router profile auto`
 
-The pi TUI will intercept this and activate the `auto` profile. Then continue to Step 4.
+The pi TUI will intercept this and activate the `auto` profile. Then continue to Step 3.6.
+
+## Step 3.6 — Seed `.pi/agents` (pi-subagents)
+
+`@tintinweb/pi-subagents` reads agent definitions from **this project's** `.pi/agents/`, not from the installed npm tree. Copy packaged agents when missing (preserves user edits):
+
+```bash
+UP_PKG="$(node -p "require('path').dirname(require.resolve('ultimate-pi/package.json'))")"
+mkdir -p .pi/agents/harness .pi/agents/pi-pi
+for dir in harness pi-pi; do
+  [ -d "$UP_PKG/.pi/agents/$dir" ] || continue
+  for f in "$UP_PKG/.pi/agents/$dir"/*.md; do
+    [ -f "$f" ] || continue
+    base="$(basename "$f")"
+    [ -f ".pi/agents/$dir/$base" ] || cp "$f" ".pi/agents/$dir/$base"
+  done
+done
+echo "✓ .pi/agents (harness + pi-pi) seeded from package"
+```
 
 ## Step 4 — Configuration Files
 
@@ -643,7 +678,7 @@ Created: $(date +%Y-%m-%d)
 - .pi/harness/specs/ → Harness contracts and schema docs
 - .pi/harness/incidents/ → Incident and override records
 - `.agents/skills/` (npm package) → Harness skills (no copy into `.pi/skills/` needed)
-- .pi/agents/ → Specialized agents
+- `.pi/agents/` → Specialized agents (seed from package — see Step 3.6)
 
 ## Graphify-First Workflow
 
@@ -674,7 +709,8 @@ Then run the remaining checks:
 
 ```bash
 # pi extensions
-cd .pi/npm && npm ls 2>/dev/null && echo "✓ pi extensions" || echo "✗ pi extensions"
+UP_PKG="$(node -p "require('path').dirname(require.resolve('ultimate-pi/package.json'))")"
+npm ls --prefix "$UP_PKG" 2>/dev/null | head -5 && echo "✓ ultimate-pi bundled extensions" || echo "✗ check ultimate-pi install"
 
 # graphify knowledge graph (pip/pip3, uv, apt, or PATH)
 PIP_CMD=""
@@ -706,7 +742,9 @@ print(f'✓ knowledge graph built ({n} nodes)' if n else '✗ graph.json has 0 n
 graphify hook status 2>/dev/null && echo "✓ graphify git hooks installed" || echo "✗ graphify git hooks not installed"
 
 # model router
-ls .pi/npm/node_modules/@yeliu84/pi-model-router/package.json 2>/dev/null && echo "✓ model-router package" || echo "✗ model-router package"
+ls "$UP_PKG/node_modules/@yeliu84/pi-model-router/package.json" 2>/dev/null \
+  || ls "$UP_PKG/.pi/npm/node_modules/@yeliu84/pi-model-router/package.json" 2>/dev/null \
+  && echo "✓ model-router package" || echo "✗ model-router package"
 ls .pi/model-router.json 2>/dev/null && echo "✓ model-router config" || echo "✗ model-router config"
 
 # raw folder for graphify sources

package/.pi/{settings.json → settings.example.json}

@@ -4,7 +4,7 @@
 		"maxRetries": 3
 	},
 	"packages": [
-		"..",
+		"npm:ultimate-pi",
 		"npm:@posthog/pi",
 		"npm:context-mode",
 		"npm:@tintinweb/pi-subagents",

package/CHANGELOG.md

@@ -2,6 +2,15 @@
 
 All notable changes to this project are documented in this file.
 
+## [v0.2.6] — 2026-05-15
+
+### 🔧 Chores
+
+- Align npm publish with pi package docs: explicit `files` allowlist (no dev runs, secrets, or local router config)
+- Fix `pi` manifest: drop missing `.pi/providers`, add `.pi/skills`
+- Ship `.pi/settings.example.json` instead of dev `.pi/settings.json` (removes `".."` local package from installs)
+- Document layout in `.pi/PACKAGING.md`; harness-setup seeds `.pi/agents` and resolves package root for npm installs
+
 ## [v0.2.5] — 2026-05-15
 
 ### 🔧 Chores

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "ultimate-pi",
-	"version": "0.2.5",
+	"version": "0.2.6",
 	"description": "Ultimate AI coding harness for pi.dev — extensible skills, Obsidian wiki knowledge layer, compressed context, deterministic output",
 	"keywords": [
 		"pi-package",
@@ -24,11 +24,11 @@
 	},
 	"pi": {
 		"extensions": [
-			"./.pi/extensions",
-			"./.pi/providers"
+			"./.pi/extensions"
 		],
 		"skills": [
-			"./.agents/skills"
+			"./.agents/skills",
+			"./.pi/skills"
 		],
 		"prompts": [
 			"./.pi/prompts"
@@ -36,14 +36,43 @@
 	},
 	"files": [
 		".agents",
-		".pi",
 		".sentrux",
-		"firecrawl",
+		".pi/extensions",
+		".pi/prompts",
+		"!.pi/prompts/release.md",
+		".pi/skills",
+		".pi/agents",
+		".pi/scripts",
+		".pi/lib",
+		".pi/sounds",
+		".pi/harness/specs",
+		".pi/harness/docs",
+		".pi/harness/sentrux",
+		".pi/harness/evals",
+		".pi/harness/evolution",
+		".pi/harness/corpus",
+		".pi/harness/README.md",
+		".pi/npm/package.json",
+		".pi/npm/.gitignore",
+		".pi/model-router.example.json",
+		".pi/settings.example.json",
+		".pi/auto-commit.json",
+		".pi/mcp.json",
+		".pi/pi-vcc-config.json",
+		".pi/SYSTEM.md",
+		".pi/PACKAGING.md",
+		"firecrawl/docker-compose.yaml",
+		"firecrawl/.env.template",
+		"firecrawl/README.md",
+		"firecrawl/searxng",
 		"AGENTS.md",
 		"biome.json",
 		"CHANGELOG.md",
 		"README.md"
 	],
+	"peerDependencies": {
+		"@mariozechner/pi-coding-agent": "*"
+	},
 	"scripts": {
 		"check:ts": "tsc --noEmit --target ES2022 --moduleResolution nodenext --module nodenext --skipLibCheck .pi/extensions/dotenv-loader.ts .pi/extensions/lib/posthog-node.d.ts .pi/extensions/lib/harness-posthog.ts .pi/extensions/lib/harness-paths.ts .pi/extensions/model-router-bootstrap.ts .pi/extensions/harness-telemetry.ts .pi/extensions/trace-recorder.ts .pi/extensions/observation-bus.ts .pi/extensions/drift-monitor.ts .pi/extensions/sentrux-rules-sync.ts .pi/extensions/custom-header.ts",
 		"harness:graphify-bootstrap": "bash .pi/scripts/harness-graphify-bootstrap.sh",

package/.pi/harness/browser.json

@@ -1,5 +0,0 @@
-{
-	"headless": true,
-	"timeout": 30000,
-	"viewport": { "width": 1280, "height": 720 }
-}

package/.pi/harness/debates/README.md

@@ -1,9 +0,0 @@
-# Harness Debates
-
-Store debate artifacts (`RoundResult`, `ConsensusPacket`, budget events) here.
-
-Locked defaults for aggressive budget profile:
-
-- `max_rounds=6`
-- `round_token_cap=2500`
-- `debate_global_cap=35000`

package/.pi/harness/incidents/README.md

@@ -1,6 +0,0 @@
-# Harness Incidents
-
-Store `IncidentRecord` artifacts and any policy override justifications here.
-
-- Override policy: one human approver only.
-- Justification is mandatory for every override record.

package/.pi/harness/release-readiness-report.md

@@ -1,128 +0,0 @@
-# Release Readiness Report
-
-Date: 2026-05-14
-Repo root used: `/home/aryaniyaps/ai-projects/ultimate-pi` (active workspace root, treated as canonical)
-
-## Requested remaining work
-
-- `run-adversarial-canary-and-release`
-- `final-prompt-expert-feature-sweep`
-
-Plan file was not modified.
-
-## Final integration checks
-
-### 1) TypeScript compile check
-
-- Command: `npm run check:ts`
-- Result: PASS
-
-### 2) Full lint/format/test gate
-
-- Command: `npm run check:ts && npm run lint && npm run format:check && npm test`
-- Result: FAIL (expected in current tree state)
-- Notes:
-  - `biome check` reports existing lint/format issues (including `.pi/extensions/custom-footer.ts` and multiple `.pi/harness/specs/*.json` files).
-  - `npm test` fails before test execution due Node runtime flag incompatibility:
-    - `node: bad option: --experimental-strip-types`
-
-### 3) Release preflight checks
-
-- Command: `git rev-parse --is-inside-work-tree && git remote -v && git symbolic-ref -q HEAD && (git diff --quiet && git diff --cached --quiet && echo CLEAN || echo DIRTY)`
-- Result:
-  - inside git repo: yes
-  - branch: `refs/heads/main`
-  - remote `origin`: configured
-  - tree cleanliness: `DIRTY` (release/tag push should stay blocked until clean)
-
-## Targeted canary validations
-
-### 1) Prompt and policy canary assertions
-
-- Static canary suite executed against:
-  - harness prompt templates
-  - `policy-gate`
-  - `test-diff-integrity`
-  - `debate-orchestrator`
-- Result: PASS after prompt sweep updates
-  - locked clauses in `harness-auto` preserved
-  - prompt argument parsing + usage surfaces present across harness prompts
-  - completion behavior sections present for operator-facing harness prompts
-  - policy/test/debate lock signals present in extension code
-
-### 2) Router tuning canary (proposal-only)
-
-- Created synthetic canary evidence:
-  - `.pi/harness/runs/canary-evidence.json`
-- Candidate router for dry proposal:
-  - `.pi/harness/runs/canary-candidate-router.json`
-- Command:
-  - `node .pi/harness/router/propose-router-tuning.mjs --evidence ... --candidate ... --proposal-out .pi/harness/router/proposals/canary-proposal.json`
-- Result: PASS (proposal created, no live router write)
-
-### 3) Harness schema parse check
-
-- Command: Node JSON parse validation across `.pi/harness/specs/*.json`
-- Result: PASS (all 9 schema files parse successfully)
-
-## Lightweight adversarial drills
-
-### 1) Negative apply drill (guardrail validation)
-
-- Command:
-  - `node .pi/harness/router/apply-router-proposal.mjs --proposal ... --approve-by ... --justification ...`
-  - intentionally omitted `--write`
-- Result: PASS (guard correctly blocked apply)
-- Expected error:
-  - `missing --write (blind writes and implicit applies are disallowed)`
-
-### 2) Adversarial lock retention
-
-- Verified locked governance semantics remain stated in `harness-auto`:
-  - adversarial review always required
-  - severity-policy-engine remains merge-block authority
-  - strict pre-PR gates mandatory
-  - never auto-merge
-
-## Prompt expert feature sweep
-
-Using guidance from `.pi/agents/pi-pi/prompt-expert.md`, harness prompt templates were refined for:
-
-1. Argument handling:
-   - explicit `$ARGUMENTS` parse sections
-   - required/optional argument normalization
-   - deterministic usage fallback lines
-2. Completion behavior:
-   - explicit terminal output contracts for predictable downstream handoff
-3. UX consistency:
-   - harmonized command usage patterns and closure blocks across harness prompts
-4. Policy integrity:
-   - locked policy constraints intentionally kept intact
-
-## Files updated in this sweep
-
-- `.pi/prompts/harness-auto.md`
-- `.pi/prompts/harness-plan.md`
-- `.pi/prompts/harness-run.md`
-- `.pi/prompts/harness-review.md`
-- `.pi/prompts/harness-critic.md`
-- `.pi/prompts/harness-eval.md`
-- `.pi/prompts/harness-trace.md`
-- `.pi/prompts/harness-incident.md`
-- `.pi/prompts/harness-router-tune.md`
-- `.pi/prompts/harness-setup.md`
-- `.pi/harness/release-readiness-report.md` (this report)
-
-## New canary artifacts
-
-- `.pi/harness/runs/canary-evidence.json`
-- `.pi/harness/runs/canary-candidate-router.json`
-- `.pi/harness/router/proposals/canary-proposal.json`
-
-## Residual risks
-
-1. Full repo lint/format gate currently fails due pre-existing issues unrelated to this sweep.
-2. `npm test` is currently not runnable in this environment because the configured Node flag is unsupported.
-3. Release flow should remain blocked until working tree is clean and CI-equivalent checks pass.
-4. Router apply path was intentionally not executed with `--write` during this run (safety-preserving drill).
-

package/.pi/harness/router/README.md

@@ -1,35 +0,0 @@
-# Router Tuning Flow
-
-Router tuning is intentionally split into two steps:
-
-1. **Propose** (`propose-router-tuning.mjs`)
-2. **Approve + apply** (`apply-router-proposal.mjs`)
-
-Blind writes to `.pi/model-router.json` are prohibited by design.
-
-## Proposal
-
-```bash
-node .pi/harness/router/propose-router-tuning.mjs \
-  --evidence /path/to/evidence.json \
-  --candidate /path/to/candidate-router.json \
-  --proposal-out .pi/harness/router/proposals/proposal-001.json
-```
-
-## Apply (requires explicit human approval + justification)
-
-```bash
-node .pi/harness/router/apply-router-proposal.mjs \
-  --proposal .pi/harness/router/proposals/proposal-001.json \
-  --approve-by "human.name" \
-  --justification "why this is safe" \
-  --write
-```
-
-## Safety checks
-
-- Evidence threshold must pass (`sample_count >= min_sample_count`)
-- Regression guard must pass
-- Base router hash in proposal must match current `.pi/model-router.json`
-- Apply requires explicit approver and justification
-- Current router file is backed up before write

package/.pi/harness/router/apply-router-proposal.mjs

@@ -1,153 +0,0 @@
-#!/usr/bin/env node
-
-import crypto from "node:crypto";
-import fs from "node:fs";
-import path from "node:path";
-
-const ROUTER_PATH = ".pi/model-router.json";
-const BACKUP_DIR = ".pi/harness/router/backups";
-
-function fail(message) {
-	process.stderr.write(`Error: ${message}\n`);
-	process.exit(1);
-}
-
-function parseArgs(argv) {
-	const args = {};
-	for (let i = 0; i < argv.length; i++) {
-		const token = argv[i];
-		if (!token.startsWith("--")) continue;
-		const key = token.slice(2);
-		const value = argv[i + 1];
-		if (!value || value.startsWith("--")) {
-			args[key] = true;
-			continue;
-		}
-		args[key] = value;
-		i++;
-	}
-	return args;
-}
-
-function readJson(filePath, label) {
-	if (!fs.existsSync(filePath)) fail(`${label} not found: ${filePath}`);
-	try {
-		return JSON.parse(fs.readFileSync(filePath, "utf8"));
-	} catch (error) {
-		fail(`${label} is not valid JSON (${filePath}): ${error.message}`);
-	}
-}
-
-function sha256FromJson(value) {
-	const canonical = `${JSON.stringify(value, null, 2)}\n`;
-	return crypto.createHash("sha256").update(canonical).digest("hex");
-}
-
-function validateProposal(proposal) {
-	if (proposal.status !== "proposed") {
-		fail(`proposal status must be 'proposed', got '${proposal.status}'`);
-	}
-	if (proposal.router_path !== ROUTER_PATH) {
-		fail(`proposal router_path must be '${ROUTER_PATH}'`);
-	}
-	const evidence = proposal.evidence ?? {};
-	if (
-		!Number.isInteger(evidence.sample_count) ||
-		!Number.isInteger(evidence.min_sample_count)
-	) {
-		fail("proposal evidence sample counts are invalid");
-	}
-	if (evidence.sample_count < evidence.min_sample_count) {
-		fail("proposal evidence does not meet minimum sample threshold");
-	}
-	if (evidence.regression_guard_passed !== true) {
-		fail("proposal regression guard is not passing");
-	}
-	if (!proposal.candidate_router || typeof proposal.candidate_router !== "object") {
-		fail("proposal missing candidate_router object");
-	}
-}
-
-const args = parseArgs(process.argv.slice(2));
-
-if (args.help || args.h) {
-	process.stdout.write(
-		[
-			"Usage:",
-			"  node .pi/harness/router/apply-router-proposal.mjs \\",
-			"    --proposal <proposal.json> \\",
-			"    --approve-by <human> \\",
-			"    --justification <reason> \\",
-			"    --write",
-			"",
-			"Behavior:",
-			"  - validates proposal status and evidence",
-			"  - verifies base router hash matches current router file",
-			"  - creates backup before atomic write",
-			"  - refuses write unless explicit --write is provided",
-		].join("\n"),
-	);
-	process.exit(0);
-}
-
-if (!args.proposal) fail("missing --proposal");
-if (!args["approve-by"]) fail("missing --approve-by");
-if (!args.justification) fail("missing --justification");
-if (!args.write) {
-	fail("missing --write (blind writes and implicit applies are disallowed)");
-}
-
-const proposalPath = path.resolve(args.proposal);
-const proposal = readJson(proposalPath, "proposal");
-const currentRouter = readJson(ROUTER_PATH, "current router");
-
-validateProposal(proposal);
-
-const currentHash = sha256FromJson(currentRouter);
-if (currentHash !== proposal.base_router_sha256) {
-	fail(
-		[
-			"base router hash mismatch; refusing apply.",
-			`current:  ${currentHash}`,
-			`proposal: ${proposal.base_router_sha256}`,
-		].join("\n"),
-	);
-}
-
-const candidateHash = sha256FromJson(proposal.candidate_router);
-if (candidateHash !== proposal.candidate_router_sha256) {
-	fail("proposal candidate_router hash mismatch; artifact may be tampered");
-}
-
-const now = new Date().toISOString();
-fs.mkdirSync(BACKUP_DIR, { recursive: true });
-const backupPath = path.join(
-	BACKUP_DIR,
-	`model-router.${now.replace(/[:.]/g, "-")}.json`,
-);
-fs.copyFileSync(ROUTER_PATH, backupPath);
-
-const routerTemp = `${ROUTER_PATH}.tmp`;
-fs.writeFileSync(routerTemp, `${JSON.stringify(proposal.candidate_router, null, 2)}\n`);
-fs.renameSync(routerTemp, ROUTER_PATH);
-
-proposal.status = "approved_applied";
-proposal.approval = {
-	required: true,
-	approved_by: args["approve-by"],
-	approved_at: now,
-	justification: args.justification,
-};
-proposal.applied_router_sha256 = candidateHash;
-proposal.backup_router_path = backupPath;
-proposal.applied_at = now;
-fs.writeFileSync(proposalPath, `${JSON.stringify(proposal, null, 2)}\n`);
-
-process.stdout.write(
-	[
-		"Router proposal applied safely.",
-		`proposal: ${proposalPath}`,
-		`backup: ${backupPath}`,
-		`router: ${ROUTER_PATH}`,
-	].join("\n") + "\n",
-);

package/.pi/harness/router/proposals/canary-proposal.json

@@ -1,96 +0,0 @@
-{
-	"schema_version": "1.0.0",
-	"proposal_id": "router-tune-2026-05-14T15-44-44-399Z",
-	"created_at": "2026-05-14T15:44:44.399Z",
-	"router_path": ".pi/model-router.json",
-	"base_router_sha256": "2a96fba517cc5b5147f37428d7ed62961b1968c0e83c0e69f02524265449856b",
-	"candidate_router_sha256": "2a96fba517cc5b5147f37428d7ed62961b1968c0e83c0e69f02524265449856b",
-	"evidence": {
-		"sample_count": 24,
-		"min_sample_count": 12,
-		"success_rate_delta": 0.08,
-		"cost_per_task_delta": -0.04,
-		"regression_guard_passed": true,
-		"trace_refs": ["run-canary-001", "run-canary-002"],
-		"notes": "canary validation synthetic evidence"
-	},
-	"status": "proposed",
-	"approval": {
-		"required": true,
-		"approved_by": null,
-		"approved_at": null,
-		"justification": null
-	},
-	"candidate_router": {
-		"defaultProfile": "auto",
-		"debug": false,
-		"classifierModel": "opencode-go/qwen3.6-plus",
-		"phaseBias": 0.5,
-		"maxSessionBudget": 1,
-		"largeContextThreshold": 100000,
-		"rules": [
-			{
-				"matches": ["deploy", "production", "release"],
-				"tier": "high",
-				"reason": "Safety check for production tasks"
-			},
-			{
-				"matches": "changelog",
-				"tier": "low"
-			}
-		],
-		"profiles": {
-			"auto": {
-				"high": {
-					"model": "opencode-go/deepseek-v4-pro",
-					"thinking": "high",
-					"fallbacks": ["opencode-go/qwen3.6-plus", "opencode-go/kimi-k2.6"]
-				},
-				"medium": {
-					"model": "opencode-go/qwen3.6-plus",
-					"thinking": "medium",
-					"fallbacks": ["opencode-go/deepseek-v4-pro"]
-				},
-				"low": {
-					"model": "opencode-go/deepseek-v4-flash",
-					"thinking": "low",
-					"fallbacks": ["opencode-go/qwen3.5-plus"]
-				}
-			},
-			"cheap": {
-				"high": {
-					"model": "opencode-go/qwen3.6-plus",
-					"thinking": "low",
-					"fallbacks": ["opencode-go/qwen3.5-plus"]
-				},
-				"medium": {
-					"model": "opencode-go/qwen3.5-plus",
-					"thinking": "off",
-					"fallbacks": ["opencode-go/deepseek-v4-flash"]
-				},
-				"low": {
-					"model": "opencode-go/deepseek-v4-flash",
-					"thinking": "off",
-					"fallbacks": ["opencode-go/qwen3.5-plus"]
-				}
-			},
-			"deep": {
-				"high": {
-					"model": "opencode-go/deepseek-v4-pro",
-					"thinking": "xhigh",
-					"fallbacks": ["opencode-go/kimi-k2.6"]
-				},
-				"medium": {
-					"model": "opencode-go/kimi-k2.6",
-					"thinking": "medium",
-					"fallbacks": ["opencode-go/deepseek-v4-pro"]
-				},
-				"low": {
-					"model": "opencode-go/qwen3.6-plus",
-					"thinking": "low",
-					"fallbacks": ["opencode-go/deepseek-v4-flash"]
-				}
-			}
-		}
-	}
-}