ultimate-pi 0.7.0 → 0.8.0

package/.pi/lib/harness-agent-output.ts

@@ -0,0 +1,41 @@
+/**
+ * Parse structured JSON blocks from harness subagent assistant output.
+ */
+
+const JSON_FENCE_RE = /```(?:json)?\s*([\s\S]*?)```/i;
+
+export function extractJsonBlock(text: string): string | null {
+	const trimmed = text.trim();
+	if (trimmed.startsWith("{")) {
+		return trimmed;
+	}
+	const match = JSON_FENCE_RE.exec(text);
+	if (match?.[1]) {
+		return match[1].trim();
+	}
+	const lastBrace = trimmed.lastIndexOf("{");
+	const lastClose = trimmed.lastIndexOf("}");
+	if (lastBrace >= 0 && lastClose > lastBrace) {
+		return trimmed.slice(lastBrace, lastClose + 1);
+	}
+	return null;
+}
+
+export function parseHarnessAgentJson<T extends Record<string, unknown>>(
+	text: string,
+): { ok: true; value: T } | { ok: false; error: string } {
+	const block = extractJsonBlock(text);
+	if (!block) {
+		return { ok: false, error: "no JSON block found in subagent output" };
+	}
+	try {
+		const value = JSON.parse(block) as T;
+		if (!value || typeof value !== "object") {
+			return { ok: false, error: "parsed value is not an object" };
+		}
+		return { ok: true, value };
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		return { ok: false, error: message };
+	}
+}

package/.pi/lib/harness-run-context.ts

@@ -6,7 +6,7 @@
  * - `.pi/harness/active-run.json` (cross-session pointer)
  */
 
-import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { mkdir, readFile, realpath, writeFile } from "node:fs/promises";
 import { isAbsolute, join, relative, resolve } from "node:path";
 
 export type HarnessPhase =
@@ -114,6 +114,353 @@ export function canonicalPlanPath(runId: string, projectRoot: string): string {
 	return join(harnessRunsRoot(projectRoot), runId, "plan-packet.json");
 }
 
+const PLAN_PACKET_BASENAME = "plan-packet.json";
+
+const MUTATING_FILE_TOOLS = new Set(["write", "edit"]);
+
+const PLAN_APPROVE_OPTION =
+	/^(approve(d)?(\s+plan)?|yes,?\s+proceed|looks\s+good)$/i;
+const PLAN_CANCEL_OPTION =
+	/^(cancel(led)?|revise|request\s+changes|needs?\s+clarification)$/i;
+
+export interface PlanUserApproval {
+	plan_id: string | null;
+	approved_at: string;
+	source: "ask_user" | "harness-plan-approval" | "noninteractive";
+}
+
+export interface PlanPhaseMutationDecision {
+	allowed: boolean;
+	reason?: string;
+	isScopedPlanWrite?: boolean;
+}
+
+/** Resolve path relative to project root when not absolute. */
+export function normalizeHarnessPath(
+	path: string,
+	projectRoot: string,
+): string {
+	const trimmed = path.trim();
+	if (!trimmed) return resolve(projectRoot);
+	if (isAbsolute(trimmed)) return resolve(trimmed);
+	return resolve(projectRoot, trimmed);
+}
+
+export function isCanonicalPlanPacketPath(
+	absPath: string,
+	projectRoot: string,
+	runId: string,
+): boolean {
+	const expected = resolve(canonicalPlanPath(runId, projectRoot));
+	return resolve(absPath) === expected;
+}
+
+export function extractWritePathFromToolInput(
+	input: Record<string, unknown>,
+): string {
+	const raw =
+		(typeof input.path === "string" && input.path) ||
+		(typeof input.filePath === "string" && input.filePath) ||
+		"";
+	return raw.trim();
+}
+
+/** True when absPath is the canonical plan-packet.json for the active run. */
+export async function isPlanPhaseScopedWrite(
+	absPath: string,
+	runCtx: HarnessRunContext | null,
+	projectRoot: string,
+): Promise<boolean> {
+	if (!runCtx?.run_id) return false;
+	let resolved: string;
+	try {
+		resolved = await realpath(normalizeHarnessPath(absPath, projectRoot));
+	} catch {
+		resolved = normalizeHarnessPath(absPath, projectRoot);
+	}
+	const runsRoot = resolve(harnessRunsRoot(projectRoot));
+	let runsReal: string;
+	try {
+		runsReal = await realpath(runsRoot);
+	} catch {
+		runsReal = runsRoot;
+	}
+	const rel = relative(runsReal, resolved);
+	if (rel.startsWith("..") || isAbsolute(rel)) return false;
+	const parts = rel.split(/[/\\]/);
+	if (parts.length !== 2 || parts[1] !== PLAN_PACKET_BASENAME) return false;
+	if (parts[0] !== runCtx.run_id) return false;
+	return isCanonicalPlanPacketPath(resolved, projectRoot, runCtx.run_id);
+}
+
+export function indexOfLastPlanCommand(entries: unknown[]): number {
+	for (let i = entries.length - 1; i >= 0; i--) {
+		const entry = entries[i] as SessionEntryLike & {
+			message?: { role?: string; content?: string | unknown[] };
+		};
+		if (
+			entry.type === "custom" &&
+			entry.customType === "harness-plan-attempt"
+		) {
+			return i;
+		}
+		if (entry.type !== "message" || entry.message?.role !== "user") continue;
+		const content = entry.message.content;
+		const text =
+			typeof content === "string"
+				? content
+				: Array.isArray(content)
+					? content
+							.filter(
+								(c): c is { type: string; text?: string } =>
+									typeof c === "object" &&
+									c !== null &&
+									(c as { type?: string }).type === "text",
+							)
+							.map((c) => c.text ?? "")
+							.join("\n")
+					: "";
+		const visible = userVisiblePromptSlice(text);
+		const parsed = parseHarnessSlashCommand(visible);
+		if (
+			parsed?.command === "harness-plan" ||
+			parsed?.command === "harness-auto"
+		) {
+			return i;
+		}
+	}
+	return -1;
+}
+
+export function parseAskUserApprovalFromMessage(msg: {
+	toolName?: string;
+	details?: unknown;
+	content?: { type?: string; text?: string }[];
+}): PlanUserApproval | null {
+	if (msg.toolName !== "ask_user") return null;
+	const details = msg.details as
+		| {
+				cancelled?: boolean;
+				response?: {
+					kind?: string;
+					text?: string;
+					selections?: string[];
+				};
+		  }
+		| undefined;
+	if (details?.cancelled) return null;
+	const response = details?.response;
+	if (!response) return null;
+	if (response.kind === "freeform") {
+		const text = (response.text ?? "").trim();
+		if (/^approve(d)?\b/i.test(text)) {
+			return {
+				plan_id: null,
+				approved_at: nowIso(),
+				source: "ask_user",
+			};
+		}
+		return null;
+	}
+	const selection = (response.selections?.[0] ?? "").trim();
+	if (!selection || PLAN_CANCEL_OPTION.test(selection)) return null;
+	if (PLAN_APPROVE_OPTION.test(selection)) {
+		return {
+			plan_id: null,
+			approved_at: nowIso(),
+			source: "ask_user",
+		};
+	}
+	return null;
+}
+
+export function getLatestPlanUserApproval(
+	entries: unknown[],
+	sinceIndex = 0,
+): PlanUserApproval | null {
+	for (let i = entries.length - 1; i >= sinceIndex; i--) {
+		const entry = entries[i] as SessionEntryLike & {
+			message?: {
+				role?: string;
+				toolName?: string;
+				details?: unknown;
+				content?: { type?: string; text?: string }[];
+			};
+		};
+		if (
+			entry.type === "custom" &&
+			entry.customType === "harness-plan-approval"
+		) {
+			const data = entry.data as Partial<PlanUserApproval> | undefined;
+			if (data?.approved_at) {
+				return {
+					plan_id: typeof data.plan_id === "string" ? data.plan_id : null,
+					approved_at: data.approved_at,
+					source:
+						data.source === "noninteractive"
+							? "noninteractive"
+							: "harness-plan-approval",
+				};
+			}
+		}
+		if (entry.type !== "message" || entry.message?.role !== "toolResult") {
+			continue;
+		}
+		const fromAsk = parseAskUserApprovalFromMessage(entry.message);
+		if (fromAsk) return fromAsk;
+	}
+	return null;
+}
+
+export function hasPlanUserApproval(
+	entries: unknown[],
+	opts?: { planId?: string | null; sincePlanCommand?: boolean },
+): boolean {
+	if (process.env.HARNESS_PLAN_NONINTERACTIVE === "1") {
+		return true;
+	}
+	const since = opts?.sincePlanCommand
+		? Math.max(0, indexOfLastPlanCommand(entries))
+		: 0;
+	const approval = getLatestPlanUserApproval(entries, since);
+	if (!approval) return false;
+	if (opts?.planId && approval.plan_id && approval.plan_id !== opts.planId) {
+		return false;
+	}
+	return true;
+}
+
+export function isHarnessAutoSession(entries: unknown[]): boolean {
+	const since = indexOfLastPlanCommand(entries);
+	if (since < 0) return false;
+	for (let i = since; i < entries.length; i++) {
+		const entry = entries[i] as SessionEntryLike & {
+			message?: { role?: string; content?: string };
+		};
+		if (entry.type !== "message" || entry.message?.role !== "user") continue;
+		const text =
+			typeof entry.message.content === "string"
+				? userVisiblePromptSlice(entry.message.content)
+				: "";
+		const parsed = parseHarnessSlashCommand(text);
+		if (parsed?.command === "harness-auto") return true;
+	}
+	return false;
+}
+
+export async function isPlanPhaseAllowedMutation(
+	toolName: string,
+	input: Record<string, unknown>,
+	phase: HarnessPhase,
+	runCtx: HarnessRunContext | null,
+	projectRoot: string,
+	opts: {
+		aborted: boolean;
+		entries: unknown[];
+		ownerSessionId?: string;
+		currentSessionId?: string;
+	},
+): Promise<PlanPhaseMutationDecision> {
+	if (!MUTATING_FILE_TOOLS.has(toolName)) {
+		if (phase === "execute" || phase === "merge") {
+			return { allowed: true };
+		}
+		return {
+			allowed: false,
+			reason: `policy-gate: ${toolName} blocked in phase '${phase}'.`,
+		};
+	}
+
+	if (
+		runCtx?.owner_pi_session_id &&
+		opts.currentSessionId &&
+		runCtx.owner_pi_session_id !== opts.currentSessionId
+	) {
+		return {
+			allowed: false,
+			reason:
+				"harness-run-context: this session does not own the active run; plan writes are read-only here.",
+		};
+	}
+
+	const target = extractWritePathFromToolInput(input);
+	if (!target) {
+		return {
+			allowed: false,
+			reason: "policy-gate: write/edit requires a path.",
+		};
+	}
+
+	const scoped = runCtx
+		? await isPlanPhaseScopedWrite(target, runCtx, projectRoot)
+		: false;
+
+	if (scoped) {
+		if (!runCtx) {
+			return {
+				allowed: false,
+				reason:
+					'policy-gate: no active harness run. Run /harness-plan "<task>" first.',
+			};
+		}
+		if (
+			!hasPlanUserApproval(opts.entries, {
+				sincePlanCommand: true,
+				planId: runCtx.plan_id,
+			})
+		) {
+			return {
+				allowed: false,
+				isScopedPlanWrite: true,
+				reason:
+					"policy-gate: plan-packet.json write blocked until the user approves via ask_user (present the full plan, then Approve).",
+			};
+		}
+		if (opts.aborted) {
+			return { allowed: true, isScopedPlanWrite: true };
+		}
+		if (phase === "plan") {
+			return { allowed: true, isScopedPlanWrite: true };
+		}
+		if (phase === "execute" || phase === "merge") {
+			return { allowed: true, isScopedPlanWrite: true };
+		}
+		return {
+			allowed: false,
+			isScopedPlanWrite: true,
+			reason: `harness-run-context: plan-packet.json is read-only in phase '${phase}'.`,
+		};
+	}
+
+	if (opts.aborted) {
+		return {
+			allowed: false,
+			reason:
+				"policy-gate: mutating tool blocked because harness-abort lock is active. Attach a new approved plan via plan-packet.json first.",
+		};
+	}
+
+	if (phase === "execute" || phase === "merge") {
+		return { allowed: true };
+	}
+
+	if (phase === "plan" && !runCtx) {
+		return {
+			allowed: false,
+			reason:
+				'policy-gate: no active harness run. Run /harness-plan "<task>" first.',
+		};
+	}
+
+	const allowedPath = runCtx?.run_id
+		? canonicalPlanPath(runCtx.run_id, projectRoot)
+		: ".pi/harness/runs/<run_id>/plan-packet.json";
+	return {
+		allowed: false,
+		reason: `policy-gate: ${toolName} blocked in phase '${phase}'. In plan phase only ${allowedPath} is writable after ask_user approval.`,
+	};
+}
+
 export function allocateRunId(sessionId: string): string {
 	return `${sessionId}-${Date.now()}`;
 }
@@ -471,13 +818,11 @@ export function validatePlanOverridePath(
 	runId: string,
 	projectRoot: string,
 ): { ok: boolean; reason?: string } {
-	const absPlan = resolve(planPath);
-	const runsDir = resolve(harnessRunsRoot(projectRoot), runId);
-	const rel = relative(runsDir, absPlan);
-	if (rel.startsWith("..") || isAbsolute(rel)) {
+	const absPlan = normalizeHarnessPath(planPath, projectRoot);
+	if (!isCanonicalPlanPacketPath(absPlan, projectRoot, runId)) {
 		return {
 			ok: false,
-			reason: `--plan must be under runs/${runId}/ or use /harness-use-run to switch runs`,
+			reason: `--plan must be runs/${runId}/plan-packet.json (canonical plan packet only)`,
 		};
 	}
 	return { ok: true };
@@ -701,7 +1046,7 @@ export function nextStepAfterOutcome(input: {
 			return "/harness-plan or /harness-abort";
 		}
 		if (exec === "completed") {
-			return "New Pi session → /harness-eval";
+			return "/harness-eval";
 		}
 	}
 	if (input.phase === "evaluate") {

package/.pi/lib/harness-ui-state.ts

@@ -1,4 +1,4 @@
-import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
 
 export type HarnessPhase =
 	| "plan"

package/.pi/prompts/harness-auto.md

@@ -5,79 +5,54 @@ argument-hint: "\"<task>\" [--quick] [--risk low|med|high] [--budget <amount>]"
 
 # harness-auto
 
-Run full harness flow in one command:
-
-`plan -> execute -> evaluate -> adversary -> severity-policy decision -> commit+PR (no auto-merge)`
+Pipeline orchestrator — one session, sequential `Agent` spawns. Invoke **harness-orchestration** skill for agent IDs. Do **not** implement or review inline.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and normalize:
-
-- required task: quoted or unquoted first value
-- optional flags: `--quick`, `--risk low|med|high`, `--budget <amount>`
+- required task (quoted or first token)
+- optional: `--quick`, `--risk`, `--budget`
 
-If task is missing, stop and return:
+If task missing:
 
 `Usage: /harness-auto "<task>" [--quick] [--risk low|med|high] [--budget <amount>]`
 
-## Process contract
-
-1. Build and approve plan packet at the canonical active-run path before any mutation (extension allocates one `run_id` for the auto pipeline).
-2. Execute only approved scope with rollback artifacts.
-3. Run independent evaluator then adversarial reviewer.
-4. Apply severity policy + strict pre-PR gates.
-5. If gates pass, auto-commit and open PR; never auto-merge.
-
-## Locked decisions (must not be changed)
-
-- Always produce a plan packet before mutation.
-- Adversarial review is always required.
-- Merge blocking authority is severity-policy-engine.
-- Router tuning is propose-and-approve only.
-- Plan ambiguity must use `ask_user` (harness-decisions skill) — no silent guessing.
-- Rollback artifact must be revert-commit-ready and include:
-  - revert command
-  - prepared revert branch
-  - patch bundle
-- Debate profile is aggressive with locked confidence weights:
-  - claim_quality=0.20
-  - reproducibility=0.40
-  - agreement=0.40
-- Strict pre-PR gate is mandatory.
-- Post-pass behavior is auto-commit and auto-open-PR.
-- Never auto-merge PR.
-
-## Guardrails
-
-- Do not overthink straightforward gate outcomes; enforce gates deterministically.
-- Only follow the locked pipeline and governance decisions listed here.
-- Never bypass mandatory safety gates, even in `--quick` mode.
+## Orchestration (required) — same session
 
-## Strict gates
+1. **Plan** — spawn `harness/planner` → parse JSON → present full plan → `ask_user` Approve/Changes/Cancel → write `plan-packet.json` only on Approve (advances phase via policy-gate).
+2. **Execute** — spawn `harness/executor` with `HarnessSpawnContext` (`mode: execute`). Summarize handoff bullets for next spawn (do not paste full subagent log).
+3. **Eval** — spawn `harness/evaluator` (`mode: benchmark`) after parent scripts if needed.
+4. **Review** — spawn `harness/evaluator` (`mode: verdict`) OR rely on eval verdict if policy allows — prefer both when strict gates require.
+5. **Adversary** — spawn `harness/adversary` with artifact paths.
+6. **Tie-breaker** — spawn `harness/tie-breaker` only if debate unresolved.
+7. **Parent** — apply locked strict gates below; commit/PR only if all pass.
 
-Block commit/PR if any gate fails:
+No new Pi session for review — subagents use isolated context (`inherit_context: false`).
 
-1. Plan gate passed.
-2. Execution completed within approved scope.
-3. Independent evaluator passed.
-4. Adversarial review completed with consensus packet.
-5. Severity-policy-engine output is `pass` or `conditional_pass`.
-6. Benchmark delta checks passed.
-7. Rollback artifacts generated.
+## Locked decisions (do not change)
 
-## Notes
+- Always produce and approve plan before mutation.
+- Adversarial review always required.
+- Severity-policy-engine blocks merge.
+- Router tuning propose-and-approve only.
+- Plan ambiguity → parent `ask_user` (harness-decisions).
+- Rollback artifacts: revert command, revert branch, patch bundle.
+- Debate weights: claim_quality=0.20, reproducibility=0.40, agreement=0.40.
+- Strict pre-PR gate mandatory; auto-commit + open PR; never auto-merge.
 
-- `--quick` may reduce breadth, never safety gates.
-- `--risk` can tighten behavior, never disable adversary.
-- If risk/ambiguity is high, auto-fallback to manual `harness-plan` and use `ask_user` for blocking forks.
-- If execution must be interrupted safely, run `/harness-abort [reason]`, then restart with `/harness-plan "<task>"`.
-- Always output artifact references (`plan`, `eval`, `adversary`, `consensus`, `rollback`) and incident paths when applicable — do not ask the user to copy a run id; point to `/harness-run-status` or `/harness-trace-last` for phase handoff.
+## Strict gates
+
+Block commit/PR if any fails: plan gate, execution in scope, evaluator pass, adversary complete, severity-policy pass/conditional_pass, benchmark deltas, rollback artifacts.
+
+## Notes
 
-## Completion behavior
+- `--quick` reduces breadth, never safety gates.
+- High risk/ambiguity → stop and recommend manual `/harness-plan` with `ask_user`.
+- Interrupt: `/harness-abort [reason]` then `/harness-plan`.
+- Artifact refs under active run dir; `/harness-run-status` or `/harness-trace-last` for handoff.
 
-End with a deterministic handoff block:
+## Completion
 
-1. `Pipeline status` (pass/fail per strict gate).
-2. Phase trace summary and artifact references (`plan`, `eval`, `adversary`, `consensus`, `rollback`) under the active run directory.
-3. `Policy outcome` (`pass`, `conditional_pass`, `block`, or `human_required`) with one-line rationale.
-4. `Next action` (open PR, replan, rollback, or human override path).
+1. Pipeline status per gate
+2. Artifact references
+3. Policy outcome: `pass`, `conditional_pass`, `block`, or `human_required`
+4. Next action (PR, replan, rollback, override)

package/.pi/prompts/harness-critic.md

@@ -5,46 +5,33 @@ argument-hint: "[--run <run-id>] [--trace <trace-ref>] [--risk low|med|high]"
 
 # harness-critic
 
-Run adversarial review against the candidate result.
+Orchestrator — spawn `harness/adversary`.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
 - optional: `--run <run-id>` (recovery only)
 - optional: `--trace <trace-ref>`, `--risk low|med|high`
 
-On the happy path, **omit `--run`**. Use active run context. Prefer a session isolated from execute.
-
-## Process
-
-1. Assume hidden regressions exist and identify likely fault surfaces.
-2. Challenge evaluator/executor assumptions with reproducible probes.
-3. Emit structured adversarial findings for severity policy consumption.
-
-## Requirements
+Happy path: omit `--run`.
 
-- Assume hidden regressions exist until disproven.
-- Attempt to invalidate evaluator assumptions with concrete evidence.
-- Emit `AdversaryReport` matching `.pi/harness/specs/adversary-report.schema.json`.
-- Flag `block_merge=true` for high-confidence correctness/security/test-integrity risks.
+## Orchestration (required)
 
-## Guardrails
+1. Build `HarnessSpawnContext` with `mode: adversary`, run artifacts, plan path, trace refs.
+2. Spawn:
 
-- Do not overthink speculative attacks; prioritize reproducible findings.
-- Only report risks tied to candidate behavior and gate policy.
-- Never claim a defect without evidence and repro steps.
+```
+Agent({ subagent_type: "harness/adversary", prompt: "…" })
+```
 
-## Output
+3. `get_subagent_result` — parse `AdversaryReport` JSON; parent persists for severity policy.
 
-- Prioritized findings with repro steps.
-- Structured `AdversaryReport` JSON.
-- Clear merge-block recommendation.
+## Parent rules
 
-## Completion behavior
+- Assume hidden regressions until disproven (in subagent).
+- No new Pi session required.
 
-Always end with:
+## Completion
 
 - `block_merge` decision
-- top 1-3 high-confidence findings with repro pointers
-- explicit recommendation (`proceed`, `conditional_pass`, or `block`)
+- Top findings with repro pointers
+- `recommendation`: `proceed`, `conditional_pass`, or `block`

package/.pi/prompts/harness-eval.md

@@ -5,47 +5,39 @@ argument-hint: "[--run <run-id>] [--baseline <ref>] [--suite <name>]"
 
 # harness-eval
 
-Run focused evaluations for the active harness run and produce structured artifacts.
+Orchestrator — run deterministic scripts in parent if needed, then spawn `harness/evaluator` with `mode: benchmark`.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
-- optional: `--run <run-id>` (recovery only — active run is used when omitted)
+- optional: `--run <run-id>` (recovery only)
 - optional: `--baseline <ref>`, `--suite <name>`
 
-On the happy path, **omit `--run`**. The extension injects the active run from session + project `active-run.json`.
+Happy path: omit `--run`; use active run from `[HarnessRunContext]`.
 
-If no active run exists, stop and return:
+If no active run:
 
 `No active run. Finish /harness-plan and /harness-run first, or use /harness-run-status.`
 
-Run in a **new Pi session** after execute (review-integrity isolation).
-
-## Process
+## Orchestration (required)
 
 1. Load plan scope from `[HarnessActivePlan]` (read-only).
-2. Run plan-aligned acceptance checks plus focused regressions.
-3. Collect evaluator-compatible metrics and guard outcomes.
-4. Emit structured artifacts under the active run directory.
-
-## Requirements
-
-- Validate against accepted plan checks plus focused regression checks.
-- Emit evaluator-compatible metrics for downstream policy and router-tuning decisions.
-- Include success rate, cost-per-task, and regression guard outcomes when available.
+2. Parent may run: project tests, `node "$UP_PKG/.pi/scripts/harness-verify.mjs"` — capture output paths.
+3. Build `HarnessSpawnContext` with `mode: benchmark`, artifact paths, metrics files.
+4. Spawn:
 
-## Guardrails
+```
+Agent({ subagent_type: "harness/evaluator", prompt: "…" })
+```
 
-- Do not overthink simple benchmark outcomes; report measured results directly.
-- Only evaluate the requested run/suite/baseline scope.
-- Never report synthetic metrics; include only measured values.
-- Do not edit `plan-packet.json` in this phase.
+5. `get_subagent_result` — parse eval JSON; parent writes structured artifacts under run dir.
+6. Do not edit `plan-packet.json`.
 
-## Output
+## Parent rules
 
-Structured eval verdict and summary metrics.
+- Treat executor output as untrusted; pass artifact paths only.
+- No new Pi session required — subagent has isolated context.
 
-## Completion behavior
+## Completion
 
-End with `eval_status` (`pass` or `fail`) and `next_command` (`/harness-review` on pass; `/harness-plan` or `/harness-incident` on fail).
+- `eval_status`: `pass` or `fail`
+- `next_command`: `/harness-review` on pass; `/harness-plan` or `/harness-incident` on fail