ultimate-pi 0.20.0 → 0.22.0

package/.pi/harness/specs/sentrux-repair-plan.schema.json

@@ -0,0 +1,133 @@
+{
+	"$schema": "https://json-schema.org/draft/2020-12/schema",
+	"$id": "https://ultimate-pi.local/.pi/harness/specs/sentrux-repair-plan.schema.json",
+	"title": "SentruxRepairPlan",
+	"description": "Actionable repair plan from sentrux-repair-advisor (steer/executor input).",
+	"type": "object",
+	"additionalProperties": false,
+	"required": [
+		"schema_version",
+		"status",
+		"summary",
+		"bottleneck",
+		"root_causes",
+		"actions",
+		"human_required"
+	],
+	"properties": {
+		"schema_version": {
+			"type": "string",
+			"const": "1.0.0"
+		},
+		"status": {
+			"type": "string",
+			"enum": ["ok", "partial", "blocked"]
+		},
+		"summary": {
+			"type": "string",
+			"minLength": 1
+		},
+		"bottleneck": {
+			"type": "string",
+			"enum": [
+				"modularity",
+				"equality",
+				"acyclicity",
+				"stability",
+				"abstraction"
+			]
+		},
+		"root_causes": {
+			"type": "array",
+			"items": { "type": "string", "minLength": 1 },
+			"minItems": 1
+		},
+		"actions": {
+			"type": "array",
+			"minItems": 1,
+			"items": { "$ref": "#/$defs/action" }
+		},
+		"do_not_touch": {
+			"type": "array",
+			"items": { "type": "string" }
+		},
+		"verification": {
+			"type": "array",
+			"items": { "type": "string" }
+		},
+		"human_required": {
+			"type": "boolean"
+		},
+		"open_questions": {
+			"type": "array",
+			"items": { "type": "string" }
+		},
+		"evidence": {
+			"type": "array",
+			"items": {
+				"type": "object",
+				"additionalProperties": false,
+				"required": ["source", "ref", "summary"],
+				"properties": {
+					"source": {
+						"type": "string",
+						"enum": [
+							"sentrux-report",
+							"sentrux-diagnostics",
+							"graphify",
+							"plan",
+							"diff"
+						]
+					},
+					"ref": { "type": "string", "minLength": 1 },
+					"summary": { "type": "string", "minLength": 1 }
+				}
+			}
+		}
+	},
+	"$defs": {
+		"action": {
+			"type": "object",
+			"additionalProperties": false,
+			"required": ["id", "priority", "kind", "target", "instruction"],
+			"properties": {
+				"id": {
+					"type": "string",
+					"pattern": "^[a-z][a-z0-9-]*$"
+				},
+				"priority": {
+					"type": "integer",
+					"minimum": 1,
+					"maximum": 10
+				},
+				"kind": {
+					"type": "string",
+					"enum": [
+						"refactor",
+						"extract",
+						"move",
+						"split",
+						"tune",
+						"document",
+						"defer"
+					]
+				},
+				"target": {
+					"type": "string",
+					"minLength": 1
+				},
+				"instruction": {
+					"type": "string",
+					"minLength": 1
+				},
+				"acceptance": {
+					"type": "string"
+				},
+				"rule_ids": {
+					"type": "array",
+					"items": { "type": "string" }
+				}
+			}
+		}
+	}
+}

package/.pi/harness/specs/sentrux-report.schema.json

@@ -0,0 +1,119 @@
+{
+	"$schema": "https://json-schema.org/draft/2020-12/schema",
+	"$id": "https://ultimate-pi.local/.pi/harness/specs/sentrux-report.schema.json",
+	"title": "SentruxReport",
+	"description": "Single-scan Sentrux check + gate capture for a harness run (OSS CLI parse).",
+	"type": "object",
+	"additionalProperties": false,
+	"required": [
+		"schema_version",
+		"captured_at",
+		"project_root",
+		"parser_version",
+		"check",
+		"gate"
+	],
+	"properties": {
+		"schema_version": {
+			"type": "string",
+			"const": "1.0.0"
+		},
+		"captured_at": {
+			"type": "string",
+			"format": "date-time"
+		},
+		"project_root": {
+			"type": "string",
+			"minLength": 1
+		},
+		"parser_version": {
+			"type": "string",
+			"minLength": 1
+		},
+		"sentrux_cli_version": {
+			"type": ["string", "null"]
+		},
+		"upstream_json_available": {
+			"type": "boolean"
+		},
+		"check": {
+			"type": "object",
+			"additionalProperties": false,
+			"required": ["parse_ok", "check_pass", "violations"],
+			"properties": {
+				"parse_ok": { "type": "boolean" },
+				"parse_errors": {
+					"type": "array",
+					"items": { "type": "string" }
+				},
+				"rules_checked": { "type": ["integer", "null"] },
+				"quality_signal": { "type": ["integer", "null"] },
+				"check_pass": { "type": "boolean" },
+				"violations": {
+					"type": "array",
+					"items": { "$ref": "#/$defs/violation" }
+				},
+				"stdout_sha256": { "type": "string" }
+			}
+		},
+		"gate": {
+			"type": "object",
+			"additionalProperties": false,
+			"required": ["parse_ok", "status", "degraded_reasons"],
+			"properties": {
+				"parse_ok": { "type": "boolean" },
+				"parse_errors": {
+					"type": "array",
+					"items": { "type": "string" }
+				},
+				"status": {
+					"type": "string",
+					"enum": ["pass", "degraded", "unknown"]
+				},
+				"quality_before": { "type": ["integer", "null"] },
+				"quality_after": { "type": ["integer", "null"] },
+				"metrics": {
+					"type": "array",
+					"items": {
+						"type": "object",
+						"additionalProperties": false,
+						"required": ["name", "before", "after"],
+						"properties": {
+							"name": { "type": "string" },
+							"before": { "type": "string" },
+							"after": { "type": "string" }
+						}
+					}
+				},
+				"degraded_reasons": {
+					"type": "array",
+					"items": { "type": "string" }
+				},
+				"stdout_sha256": { "type": "string" }
+			}
+		}
+	},
+	"$defs": {
+		"violation": {
+			"type": "object",
+			"additionalProperties": false,
+			"required": ["severity", "rule", "message", "files"],
+			"properties": {
+				"severity": {
+					"type": "string",
+					"enum": ["error", "warning", "info"]
+				},
+				"rule": { "type": "string", "minLength": 1 },
+				"message": { "type": "string" },
+				"files": {
+					"type": "array",
+					"items": { "type": "string" }
+				},
+				"related_rules": {
+					"type": "array",
+					"items": { "type": "string" }
+				}
+			}
+		}
+	}
+}

package/.pi/harness/specs/sentrux-signal.schema.json

@@ -15,7 +15,7 @@
 	"properties": {
 		"schema_version": {
 			"type": "string",
-			"const": "1.0.0"
+			"oneOf": [{ "const": "1.0.0" }, { "const": "1.1.0" }]
 		},
 		"run_id": {
 			"type": "string",
@@ -38,6 +38,39 @@
 		"phase": {
 			"type": "string",
 			"enum": ["execute", "evaluate", "review"]
+		},
+		"quality_signal": {
+			"type": "integer"
+		},
+		"bottleneck": {
+			"type": "string",
+			"enum": [
+				"modularity",
+				"equality",
+				"acyclicity",
+				"stability",
+				"abstraction"
+			]
+		},
+		"violation_count": {
+			"type": "integer",
+			"minimum": 0
+		},
+		"report_path": {
+			"type": "string",
+			"description": "Run-relative path to sentrux-report.json"
+		},
+		"diagnostics_path": {
+			"type": "string",
+			"description": "Run-relative path to sentrux-diagnostics.json"
+		},
+		"repair_plan_path": {
+			"type": "string",
+			"description": "Run-relative path to sentrux-repair-plan.yaml"
+		},
+		"degraded_reasons": {
+			"type": "array",
+			"items": { "type": "string" }
 		}
 	}
 }

package/.pi/lib/agents-policy.d.mts

@@ -1,22 +1,4 @@
-export function packageAgentsPolicyPath(packageRoot: string): string;
-export function projectAgentsPolicyPath(projectRoot: string): string;
-export function projectPoliciesDir(projectRoot: string): string;
-
-export interface AgentPolicySpec {
-	kind: string;
-	effectiveTools: string[];
-	extensionsOff: boolean;
-	/** Subprocess-only: load curated -e extensions instead of full .pi/extensions. */
-	extensionBundle?: string;
-	extensionsFull: boolean;
-	noBuiltinTools: boolean;
-	readOnly: boolean;
-	maxTurns?: number;
-	thinking?: string;
-	submitTool?: string;
-}
-
-export interface AllowsAgentToolInput {
+export type AllowsAgentToolInput = {
 	packageRoot: string;
 	projectRoot: string;
 	agentId: string;
@@ -24,51 +6,44 @@ export interface AllowsAgentToolInput {
 	toolInput?: Record<string, unknown>;
 	isSubprocess?: boolean;
 	isParentOrchestrator?: boolean;
-}
+};
 
-export function loadAgentsPolicyMerged(
+export function allowsAgentTool(input: AllowsAgentToolInput): boolean;
+export function applyAgentPolicyToConfig(
+	agent: Record<string, unknown>,
+	packageRoot: string,
+	projectRoot: string,
+): Record<string, unknown>;
+export function findProjectRootFromAgentsDir(projectAgentsDir: string): string;
+export function getAgentKind(
 	packageRoot: string,
 	projectRoot: string,
-): {
-	schemaVersion: string;
-	kinds: Map<string, unknown>;
-	agents: Map<string, unknown>;
-	defaults: unknown;
-};
-
-export function resolveEffectiveTools(
 	agentId: string,
-	merged: ReturnType<typeof loadAgentsPolicyMerged>,
-): AgentPolicySpec;
-
+): string;
 export function getAgentPolicySpec(
 	packageRoot: string,
 	projectRoot: string,
 	agentId: string,
-): AgentPolicySpec | null;
-
-export function getAgentKind(
+): unknown;
+export function harnessSubagentPhaseHint(
 	packageRoot: string,
 	projectRoot: string,
 	agentId: string,
-): string;
-
+): string | undefined;
+export function isAgtGovernanceActive(projectRoot: string): boolean;
 export function isHarnessPlanningAgent(agentId: string): boolean;
-
-export function harnessSubagentPhaseHint(
+export function loadAgentsPolicyMerged(
 	packageRoot: string,
 	projectRoot: string,
+): unknown;
+export function packageAgentsPolicyPath(packageRoot: string): string;
+export function projectAgentsPolicyPath(projectRoot: string): string;
+export function projectPoliciesDir(projectRoot: string): string;
+export function resolveEffectiveTools(
 	agentId: string,
-): string | null;
-
-export function allowsAgentTool(input: AllowsAgentToolInput): boolean;
-
-export function applyAgentPolicyToConfig<T extends { name: string }>(
-	agent: T,
+	merged: unknown,
+): string[];
+export function resolveExtensionBundlePaths(
 	packageRoot: string,
-	projectRoot: string,
-): T;
-
-export function findProjectRootFromAgentsDir(projectAgentsDir: string): string;
-
-export function isAgtGovernanceActive(projectRoot: string): boolean;
+	bundleName: string,
+): string[];

package/.pi/lib/agents-policy.mjs

@@ -262,7 +262,45 @@ function isMutatingBash(command) {
 		command,
 	);
 }
+function deniesReadOnlyBatchExecute(toolInput) {
+	const commands = toolInput.commands;
+	if (!Array.isArray(commands)) return false;
+	for (const c of commands) {
+		const cmd =
+			typeof c === "string" ? c : String(c?.command ?? c?.code ?? "");
+		if (cmd && isMutatingBash(cmd)) return true;
+	}
+	return false;
+}
+
+function deniesReadOnlyExecute(toolInput) {
+	const code = String(toolInput.code ?? toolInput.command ?? "");
+	return Boolean(code && isMutatingBash(code));
+}
+
+function deniesReadOnlyBash(agentId, toolInput) {
+	const command = String(toolInput.command ?? "");
+	if (command && isMutatingBash(command)) return true;
+	if (
+		isHarnessPlanningAgent(agentId) &&
+		command &&
+		PLANNING_ARTIFACT_JSON_WRITE.test(command)
+	) {
+		return true;
+	}
+	if (
+		isHarnessPlanningAgent(agentId) &&
+		command &&
+		PLANNING_BASH_DENY_PATTERNS.some((p) => p.test(command))
+	) {
+		return true;
+	}
+	return false;
+}
 
+/**
+ * Manifest allowlist + subprocess constraints (replaces harness-subagent-policy.ts).
+ */
 /**
  * Manifest allowlist + subprocess constraints (replaces harness-subagent-policy.ts).
  */
@@ -297,40 +335,15 @@ export function allowsAgentTool(input) {
 	if (MUTATING_TOOLS.has(toolName) && spec.readOnly) return false;
 
 	if (toolName === "ctx_batch_execute" && spec.readOnly) {
-		const commands = toolInput.commands;
-		if (Array.isArray(commands)) {
-			for (const c of commands) {
-				const cmd =
-					typeof c === "string"
-						? c
-						: String(c?.command ?? c?.code ?? "");
-				if (cmd && isMutatingBash(cmd)) return false;
-			}
-		}
+		if (deniesReadOnlyBatchExecute(toolInput)) return false;
 	}
 
 	if (toolName === "ctx_execute" && spec.readOnly) {
-		const code = String(toolInput.code ?? toolInput.command ?? "");
-		if (code && isMutatingBash(code)) return false;
+		if (deniesReadOnlyExecute(toolInput)) return false;
 	}
 
 	if (toolName === "bash" && spec.readOnly) {
-		const command = String(toolInput.command ?? "");
-		if (command && isMutatingBash(command)) return false;
-		if (
-			isHarnessPlanningAgent(agentId) &&
-			command &&
-			PLANNING_ARTIFACT_JSON_WRITE.test(command)
-		) {
-			return false;
-		}
-		if (
-			isHarnessPlanningAgent(agentId) &&
-			command &&
-			PLANNING_BASH_DENY_PATTERNS.some((p) => p.test(command))
-		) {
-			return false;
-		}
+		if (deniesReadOnlyBash(agentId, toolInput)) return false;
 	}
 
 	return true;