ultimate-pi 0.7.0 → 0.8.0

package/.pi/prompts/harness-incident.md

@@ -5,49 +5,30 @@ argument-hint: "--trigger <reason> [--run <run-id>] [--severity low|med|high|cri
 
 # harness-incident
 
-Create a structured incident record for blocked or failed harness runs.
+Orchestrator — spawn `harness/incident-recorder`; parent writes incident file.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
 - required: `--trigger <reason>`
-- optional: `--run <run-id>` (recovery only), `--severity low|med|high|critical`
-
-If `--trigger` is missing, stop and return:
-
-`Usage: /harness-incident --trigger <reason> [--run <run-id>] [--severity low|med|high|critical]`
-
-Use active run when `--run` is omitted.
-
-## Process
-
-1. Gather run context, trigger reason, and severity context.
-2. Build `IncidentRecord` with blast radius, mitigation, rollback, and override metadata.
-3. Validate incident output contract before finalizing.
-
-## Requirements
+- optional: `--run <run-id>`, `--severity low|med|high|critical`
 
-- Emit `IncidentRecord` matching `.pi/harness/specs/incident-record.schema.json`.
-- Capture blast radius, mitigation, rollback refs, and postmortem requirement.
-- If a policy block is overridden, record single-human approver and explicit justification.
+If `--trigger` missing:
 
-## Guardrails
+`Usage: /harness-incident --trigger <reason> [--run <run-id>] [--severity …]`
 
-- Do not overthink incident narrative; prioritize factual, auditable records.
-- Only record details supported by available run artifacts and explicit inputs.
-- Never omit override approver identity or justification when override occurred.
+## Orchestration (required)
 
-## Output
+1. Build `HarnessSpawnContext` with `mode: incident`, trigger, severity, run paths.
+2. Spawn:
 
-- Incident summary.
-- Structured `IncidentRecord` JSON.
-- Immediate rollback decision trail.
+```
+Agent({ subagent_type: "harness/incident-recorder", prompt: "…" })
+```
 
-## Completion behavior
+3. `get_subagent_result` — validate `IncidentRecord` draft; parent writes under `.pi/harness/incidents/`.
 
-Finish with:
+## Completion
 
-- `incident_status` (`recorded` or `needs_input`)
-- rollback action (`execute_now` or `standby`)
-- postmortem requirement (`true`/`false`)
+- `incident_status`: `recorded` or `needs_input`
+- `rollback_action`: `execute_now` or `standby`
+- `postmortem_required`: true/false

package/.pi/prompts/harness-plan.md

@@ -5,75 +5,56 @@ argument-hint: "\"<task>\" [--risk low|med|high] [--budget <amount>] [--quick]"
 
 # harness-plan
 
-Create a machine-readable plan packet before execution.
+Orchestrator only — spawn `harness/planner`, present draft, run `ask_user`, write plan after Approve. Do **not** plan inline in this session.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
+Read `$ARGUMENTS`:
 
 - task statement (required)
-- optional flags: `--risk low|med|high`, `--budget <amount>`, `--quick`
+- optional: `--risk low|med|high`, `--budget <amount>`, `--quick`
 
-If task is missing, stop and return:
+If task is missing:
 
 `Usage: /harness-plan "<task>" [--risk low|med|high] [--budget <amount>] [--quick]`
 
-Do **not** require or accept `--plan` on this command.
+`--quick` narrows planning breadth only — it does **not** skip user approval.
 
 ## Active plan context
 
-If `[HarnessActivePlan]` is present in context:
+If `[HarnessActivePlan]` is present:
 
-- Read the current PlanPacket from the injected `plan_packet_path` first.
-- Treat the user task as **revise/amend** of that packet (not a greenfield plan), unless `/harness-new-run` was used.
-- After drift replan or post-abort, update the same canonical file.
+- Read current packet from `plan_packet_path` first.
+- Treat task as **revise/amend** unless `/harness-new-run` was used.
+- Pass `mode: revise` in spawn context.
 
-If no prior plan file exists, create PlanPacket at the canonical path from `[HarnessRunContext]`.
+Otherwise use canonical path from `[HarnessRunContext]` for greenfield `mode: create`.
 
-## Process
+## Orchestration (required)
 
-1. Parse the requested task and extract concrete scope and constraints.
-2. If ambiguity blocks safe execution planning, call `ask_user` (harness-decisions skill). Stop with `needs_clarification` if the user cancels.
-3. Build a `PlanPacket` that is valid against `.pi/harness/specs/plan-packet.schema.json`.
-4. **Write** the PlanPacket JSON to the canonical `plan_packet_path` before completing.
-5. Include rollback artifacts in all required forms.
+1. Build `HarnessSpawnContext` JSON (`.pi/harness/specs/harness-spawn-context.schema.json`) from injected run/plan context: `run_id`, `plan_packet_path`, `task_summary`, `risk_level`, `quick`, `mode`.
+2. Spawn with **`inherit_context: false`**:
 
-## Hard requirements
+```
+Agent({ subagent_type: "harness/planner", prompt: "<task + HarnessSpawnContext JSON + output schema>" })
+```
 
-- Do not run mutating tools in this command.
-- If task scope is ambiguous, call `ask_user` — do not guess or use prose-only clarification.
-- Produce a `PlanPacket` matching `.pi/harness/specs/plan-packet.schema.json`.
-- Include rollback artifacts in all three forms:
-  - revert command
-  - prepared revert branch name
-  - patch bundle path
-- Set risk level to `high` if uncertainty, broad blast radius, or policy-sensitive surfaces are involved.
-- Do **not** embed `plan_id=` in the user prompt for policy sync — the extension sets `approvedPlan` from the written file.
+3. `get_subagent_result` — parse final JSON (`status`, `plan_packet`, `human_summary`, `clarification`) via fenced `json` block.
+4. If `needs_clarification`, call `ask_user` (harness-decisions) with planner `clarification.options`, then re-spawn with answers.
+5. Present **full** human-readable plan in chat (scope, assumptions, acceptance_checks, rollback_plan, risk_level).
+6. Call `ask_user`: **Approve** / **Request changes** / **Cancel** (harness-decisions). **Do not write** until Approve.
+7. On **Request changes**, re-spawn planner with `mode: revise` and user feedback — do not write file.
+8. **Only after Approve** — write `PlanPacket` JSON to canonical `plan_packet_path`.
 
-## Guardrails
+## Parent rules
 
-- Do not overthink straightforward planning requests.
-- Only plan the requested scope; do not execute or widen implementation.
-- Never speculate about code or configuration that was not read.
+- Do not mutate project source files — only `plan-packet.json` after approval.
+- Validate draft against `.pi/harness/specs/plan-packet.schema.json` before `ask_user` Approve.
+- Do not embed `plan_id=` in prompts for policy sync.
 
-## Output contract
+## Completion
 
-Return:
-
-1. Human-readable plan summary:
-   - scope
-   - assumptions
-   - acceptance checks
-   - rollback plan
-2. Confirmation that PlanPacket was written to the canonical path.
-
-Do not proceed to execution from this command.
-
-## Completion behavior
-
-Always end with:
-
-- one-line `plan_status` (`ready` or `needs_clarification`)
-- the final `risk_level` used
-- explicit `next_command` recommendation: `/harness-run` when `ready` (never `/harness-run --plan …`)
-- if `needs_clarification`, tell the user they may reply in plain language or run `/harness-plan` again with updates
+- `plan_status`: `ready` or `needs_clarification`
+- `risk_level` used
+- `next_command`: `/harness-run` when `ready` (never `/harness-run --plan …`)
+- If `needs_clarification`, user may reply in chat or re-run `/harness-plan`

package/.pi/prompts/harness-review.md

@@ -5,47 +5,33 @@ argument-hint: "[--run <run-id>] [--trace <trace-ref>]"
 
 # harness-review
 
-Produce an independent evaluator verdict.
+Orchestrator — spawn `harness/evaluator` with `mode: verdict`.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
 - optional: `--run <run-id>` (recovery only)
 - optional: `--trace <trace-ref>`
 
-On the happy path, **omit `--run`**. Use active run context from `[HarnessRunContext]`.
-Run in a **new Pi session** after execute when possible.
-
-## Process
-
-1. Reconstruct expected outcomes from plan and run artifacts.
-2. Independently verify checks and regression guards.
-3. Emit `EvalVerdict` output for policy gate consumption.
-
-## Requirements
+Happy path: omit `--run`; use `[HarnessRunContext]`.
 
-- Treat executor output as untrusted.
-- Do not self-review with executor-private scratch context.
-- Emit `EvalVerdict` contract matching `.pi/harness/specs/eval-verdict.schema.json`.
-- Provide reproducible failed checks and regression flags.
+## Orchestration (required)
 
-## Guardrails
+1. Build `HarnessSpawnContext` with `mode: verdict`, `plan_packet_path`, `run_dir`, trace refs.
+2. Spawn:
 
-- Do not overthink straightforward pass/fail evidence.
-- Only evaluate requested run artifacts and gates.
-- Never speculate about checks that were not executed.
+```
+Agent({ subagent_type: "harness/evaluator", prompt: "Treat executor output as untrusted. …" })
+```
 
-## Output
+3. `get_subagent_result` — parse `EvalVerdict` JSON; parent writes under run dir for policy gate.
 
-- Human-readable findings.
-- Structured `EvalVerdict` JSON.
-- Recommended action: `proceed_to_adversary`, `replan`, or `rollback`.
+## Parent rules
 
-## Completion behavior
+- Do not run review checks inline in this session.
+- No new Pi session required.
 
-Always finish with:
+## Completion
 
-- `eval_status` (`pass`, `conditional_pass`, `fail`)
-- `recommended_action`
-- short evidence list that maps each failed check to a reproducible reference
+- `eval_status`: `pass`, `conditional_pass`, or `fail`
+- `recommended_action`: `proceed_to_adversary`, `replan`, or `rollback`
+- Evidence list for each failed check

package/.pi/prompts/harness-router-tune.md

@@ -5,32 +5,27 @@ argument-hint: "--evidence <evidence.json> --candidate <candidate-router.json> [
 
 # harness-router-tune
 
-Router tuning is **propose-and-approve only**.
+Orchestrator — scripts + `harness/meta-optimizer` spawn. **Never** write `.pi/model-router.json` directly.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
 - required: `--evidence <evidence.json>`, `--candidate <candidate-router.json>`
 - optional: `--proposal <out.json>`
 
-If required args are missing, stop and return:
-
-`Usage: /harness-router-tune --evidence <evidence.json> --candidate <candidate-router.json> [--proposal <out.json>]`
-
-## Process
+If missing required args:
 
-1. Validate evidence completeness and guard status. Evidence may live under `.pi/harness/runs/<run_id>/` for the active harness run when produced by `/harness-eval` (resolve via active run context or explicit paths — no run id required on the happy path).
-2. Generate a proposal artifact only (no live router mutation).
-3. Require explicit human approval metadata before any apply step.
+`Usage: /harness-router-tune --evidence <path> --candidate <path> [--proposal <out.json>]`
 
-## Never-do rule
+## Orchestration (required)
 
-- Never write `.pi/model-router.json` directly from this command.
+1. Parent validates evidence paths exist.
+2. Optionally spawn:
 
-## Proposal flow
+```
+Agent({ subagent_type: "harness/meta-optimizer", prompt: "mode: tune, evidence paths…" })
+```
 
-1. Build proposal:
+3. Parent runs proposal script:
 
 ```bash
 node .pi/harness/router/propose-router-tuning.mjs \
@@ -39,8 +34,8 @@ node .pi/harness/router/propose-router-tuning.mjs \
   --proposal-out .pi/harness/router/proposals/<id>.json
 ```
 
-2. Call `ask_user` to approve / reject / request edits before apply (harness-decisions skill).
-3. Apply only after approval, with explicit approver + justification:
+4. `ask_user` approve / reject / edit (harness-decisions).
+5. Apply only after approval:
 
 ```bash
 node .pi/harness/router/apply-router-proposal.mjs \
@@ -50,25 +45,8 @@ node .pi/harness/router/apply-router-proposal.mjs \
   --write
 ```
 
-## Evidence requirements
-
-- Minimum sample count threshold met.
-- Pre/post success-rate delta included.
-- Cost-per-task delta included.
-- Regression guard status present and passing.
-
-If any requirement is missing, stop with `human_required`.
-
-## Guardrails
-
-- Do not overthink weak evidence; reject incomplete proposals quickly.
-- Only produce proposal/apply instructions within this contract.
-- Never apply tuning without explicit human approver identity and justification.
-
-## Completion behavior
-
-End with:
+## Completion
 
-- `tuning_status` (`proposed`, `human_required`, or `rejected`)
-- evidence gate summary (sample count, success delta, cost delta, regression guard)
-- explicit non-mutation confirmation for `.pi/model-router.json`
+- `tuning_status`: `proposed`, `human_required`, or `rejected`
+- Evidence gate summary
+- Confirm `.pi/model-router.json` was not mutated without apply script

package/.pi/prompts/harness-run.md

@@ -5,56 +5,39 @@ argument-hint: "[--budget <amount>]"
 
 # harness-run
 
-Execute implementation only after an approved plan exists in active run context.
+Orchestrator only — spawn `harness/executor`. Do **not** implement inline.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
 - optional: `--budget <amount>`
+- Do **not** use `--plan` on happy path — load from `[HarnessActivePlan]` / `plan_packet_path`.
 
-Do **not** parse `--plan` on the happy path. Load the PlanPacket from `[HarnessActivePlan]` / injected `plan_packet_path` only.
-
-If the extension reports plan not ready, stop and return:
+If plan not ready:
 
 `Run /harness-plan first — no approved plan in active run context.`
 
-Advanced recovery only: `--plan <path>` must live under the active run directory (extension validates).
-
-## Process
-
-1. Load PlanPacket from the injected canonical path and confirm it is valid.
-2. Execute only within approved scope.
-3. Run focused validations mapped to approved acceptance checks.
-4. Produce rollback artifacts and handoff references for downstream gates.
-
-## Gate behavior
-
-- Refuse execution if active plan is not ready (extension blocks before the agent runs).
-- Keep edits strictly within approved scope.
-- If scope drift appears, stop and return to `harness-plan`.
-- For **implementation forks** inside approved scope, call `ask_user` with 2–4 options. For plan-level ambiguity, stop and return to `harness-plan`.
-- Record evaluator/adversary prerequisites for downstream gates.
-- Always prepare rollback artifacts as part of execution output.
+## Orchestration (required)
 
-## Guardrails
+1. Confirm `[HarnessActivePlan]` / extension reports plan ready.
+2. Build `HarnessSpawnContext` with `mode: execute`, `plan_packet_path`, `run_dir`, `acceptance_checks` from plan file.
+3. Spawn:
 
-- Do not overthink straightforward approved changes; execute the approved scope directly.
-- Only modify files and behaviors covered by the approved `PlanPacket`.
-- Never speculate about successful validation without runnable evidence.
+```
+Agent({ subagent_type: "harness/executor", prompt: "<HarnessSpawnContext + handoff>" })
+```
 
-## Output
+4. `get_subagent_result` — parse executor JSON (`execution_status`, validations, rollback refs).
+5. Parent persists trace/handoff artifacts under run dir if needed; do not self-review.
 
-- Implementation summary scoped to approved plan.
-- Files changed and why.
-- Targeted validations run.
-- Trace pointers and rollback references.
+## Parent rules
 
-## Completion behavior
+- Refuse if plan not approved.
+- On `scope_drift`, stop and recommend `/harness-plan`.
+- Do not call `ask_user` for plan-level ambiguity — return to plan command.
 
-End with:
+## Completion
 
-1. `execution_status` (`completed`, `blocked`, or `scope_drift`).
-2. `validation_summary` (pass/fail with command evidence).
-3. `handoff_ready` booleans for evaluator/adversary prerequisites.
-4. `next_command`: **New Pi session → `/harness-eval`** when execution completed successfully.
+- `execution_status`: `completed`, `blocked`, or `scope_drift`
+- `validation_summary` with command evidence
+- `handoff_ready` for evaluator/adversary
+- `next_command`: `/harness-eval` (same session — spawn isolated review agents; no new Pi session)

package/.pi/prompts/harness-setup.md

@@ -385,6 +385,8 @@ Manual override: **`/router profile auto`** anytime after reload if they changed
 
 `harness-subagents` loads agents from the installed **`ultimate-pi`** package (`$UP_PKG/.pi/agents/**`) with namespaced ids (`harness/planner`, `pi-pi/agent-expert`). **Do not copy** agents into the project unless you want a deliberate override.
 
+**Slash commands are orchestrators:** `/harness-plan`, `/harness-run`, etc. spawn `harness/*` agents via the `Agent` tool — bootstrap stays **script-first**; only optionally spawn `harness/sentrux-bootstrap` for Sentrux (see Step 4.2).
+
 Optional per-repo overrides: place `.md` files at the **same relative path** (e.g. `.pi/agents/harness/planner.md` overrides the package planner).
 
 Verify manifest drift after `pi update ultimate-pi`:

package/.pi/prompts/harness-trace.md

@@ -5,45 +5,28 @@ argument-hint: "[--run <run-id>] [--phase plan|execute|evaluate|adversary|merge]
 
 # harness-trace
 
-Retrieve and summarize trace artifacts for a run.
+Orchestrator — spawn `harness/trace-librarian`.
 
 ## Step 0 — Parse arguments
 
-Read `$ARGUMENTS` and parse:
-
 - optional: `--run <run-id>` (recovery only)
 - optional: `--phase plan|execute|evaluate|adversary|merge`
 
-On the happy path, **omit `--run`**. Phase traces live at `trace-<phase>.json` under the active run directory.
-
-## Process
-
-1. Collect run artifacts from canonical harness locations and provided trace refs.
-2. Build phase timeline with policy and gate decision points.
-3. Report completeness gaps against strict gate artifact requirements.
-
-## Requirements
-
-- Use `.pi/harness/runs/` and external trace references as source of truth pointers.
-- Include phase timeline, artifact refs, and policy decisions.
-- Highlight missing artifacts that violate strict gate requirements.
-
-## Guardrails
+Happy path: omit `--run`.
 
-- Do not overthink simple trace lookups; prioritize completeness and stable references.
-- Only report artifacts for the requested run and optional phase filter.
-- Never infer artifact existence without verifying source pointers.
+## Orchestration (required)
 
-## Output
+1. Build `HarnessSpawnContext` with `mode: trace`, `run_dir`, optional phase filter.
+2. Spawn:
 
-- Replay-ready timeline summary.
-- Artifact index (`plan`, `run`, `eval`, `adversary`, `consensus`, `incident`, `rollback`).
-- Any integrity or completeness gaps.
+```
+Agent({ subagent_type: "harness/trace-librarian", prompt: "…" })
+```
 
-## Completion behavior
+3. `get_subagent_result` — present timeline and artifact index to user.
 
-Always end with:
+## Completion
 
-- `trace_completeness` (`complete` or `incomplete`)
-- missing artifact checklist (if any)
-- most likely next command (`/harness-incident`, `/harness-review`, or `/harness-critic`)
+- `trace_completeness`: `complete` or `incomplete`
+- Missing artifact checklist
+- `next_command` hint (`/harness-incident`, `/harness-review`, or `/harness-critic`)

package/.pi/scripts/harness-generate-model-router.mjs

@@ -3,13 +3,13 @@
  * Generate `.pi/model-router.json` from Pi's authenticated providers (auth.json + env),
  * not from raw env-var heuristics alone.
  *
- * Uses @mariozechner/pi-coding-agent ModelRegistry.getAvailable() — same source as /login.
+ * Uses @earendil-works/pi-coding-agent ModelRegistry.getAvailable() — same source as /login.
  *
  * Usage: node harness-generate-model-router.mjs [--force] [--dry-run]
  *   --force    overwrite existing .pi/model-router.json
  *   --dry-run  print JSON to stdout, do not write
  *
- * Requires @mariozechner/pi-coding-agent (peer of ultimate-pi; bundled with pi).
+ * Requires @earendil-works/pi-coding-agent (peer of ultimate-pi; bundled with pi).
  */
 
 import { existsSync, mkdirSync, writeFileSync } from "node:fs";
@@ -66,26 +66,29 @@ function fail(msg) {
 }
 
 async function loadPiCodingAgent() {
-	const agentRoots = [
-		join(UP_PKG, "node_modules", "@mariozechner", "pi-coding-agent"),
-		join(UP_PKG, ".pi", "npm", "node_modules", "@mariozechner", "pi-coding-agent"),
-	];
+	const scopes = ["@earendil-works", "@mariozechner"];
+	const agentRoots = scopes.flatMap((scope) => [
+		join(UP_PKG, "node_modules", scope, "pi-coding-agent"),
+		join(UP_PKG, ".pi", "npm", "node_modules", scope, "pi-coding-agent"),
+	]);
 	for (const root of agentRoots) {
 		const entry = join(root, "dist", "index.js");
 		if (existsSync(entry)) {
 			return import(pathToFileURL(entry).href);
 		}
 	}
-	for (const base of [UP_PKG, process.cwd()]) {
-		try {
-			const req = createRequire(join(base, "package.json"));
-			return req("@mariozechner/pi-coding-agent");
-		} catch {
-			/* try next */
+	for (const spec of ["@earendil-works/pi-coding-agent", "@mariozechner/pi-coding-agent"]) {
+		for (const base of [UP_PKG, process.cwd()]) {
+			try {
+				const req = createRequire(join(base, "package.json"));
+				return req(spec);
+			} catch {
+				/* try next */
+			}
 		}
 	}
 	fail(
-		"@mariozechner/pi-coding-agent not found (install pi or npm i in ultimate-pi). Peer: @mariozechner/pi-coding-agent",
+		"@earendil-works/pi-coding-agent not found (install pi or npm i in ultimate-pi). Peer: @earendil-works/pi-coding-agent",
 	);
 }
 

package/.pi/scripts/harness-verify.mjs

@@ -21,6 +21,7 @@ const REQUIRED_SCHEMAS = [
 	"observation.schema.json",
 	"run-trace.schema.json",
 	"eval-verdict.schema.json",
+	"harness-spawn-context.schema.json",
 ];
 
 const REQUIRED_ADRS = [
@@ -34,6 +35,7 @@ const REQUIRED_ADRS = [
 	"0008-harness-posthog-telemetry.md",
 	"0009-sentrux-rules-lifecycle.md",
 	"0031-harness-run-context.md",
+	"0032-harness-command-orchestration.md",
 ];
 
 const REQUIRED_EXTENSIONS = [
@@ -199,6 +201,20 @@ async function main() {
 	if (!(await fileExists(runCtxLib))) fail("missing lib/harness-run-context.ts");
 	ok("lib/harness-run-context.ts");
 
+	const policyGateSrc = await readFile(
+		join(ROOT, ".pi", "extensions", "policy-gate.ts"),
+		"utf-8",
+	);
+	if (!policyGateSrc.includes("isPlanPhaseAllowedMutation")) {
+		fail(
+			"policy-gate.ts must use isPlanPhaseAllowedMutation (plan-phase scoped writes)",
+		);
+	}
+	if (!policyGateSrc.includes('pi.on("tool_call", async (event, ctx)')) {
+		fail("policy-gate tool_call must receive ctx for run context");
+	}
+	ok("policy-gate plan-phase writes");
+
 	const runCtxFixture = join(SMOKE, "run-context.fixture.json");
 	if (!(await fileExists(runCtxFixture))) {
 		fail("missing run-context.fixture.json");

package/.pi/scripts/vendor-sync-pi-model-router.sh

@@ -11,19 +11,19 @@ rm -rf "$VEND/.git"
 
 for f in "$VEND"/extensions/*.ts; do
 	sed -i \
-		-e "s|'@earendil-works/pi-agent-core'|'@mariozechner/pi-agent-core'|g" \
-		-e "s|'@earendil-works/pi-ai'|'@mariozechner/pi-ai'|g" \
-		-e "s|'@earendil-works/pi-coding-agent'|'@mariozechner/pi-coding-agent'|g" \
-		-e "s|'@earendil-works/pi-tui'|'@mariozechner/pi-tui'|g" \
+		-e "s|'@earendil-works/pi-agent-core'|'@earendil-works/pi-agent-core'|g" \
+		-e "s|'@earendil-works/pi-ai'|'@earendil-works/pi-ai'|g" \
+		-e "s|'@earendil-works/pi-coding-agent'|'@earendil-works/pi-coding-agent'|g" \
+		-e "s|'@earendil-works/pi-tui'|'@earendil-works/pi-tui'|g" \
 		"$f"
 done
 
-# Align package.json peers with @mariozechner (upstream lists @earendil-works)
+# Align package.json peers with @earendil-works (upstream lists @earendil-works)
 sed -i \
-	-e 's|"@earendil-works/pi-agent-core"|"@mariozechner/pi-agent-core"|g' \
-	-e 's|"@earendil-works/pi-ai"|"@mariozechner/pi-ai"|g' \
-	-e 's|"@earendil-works/pi-coding-agent"|"@mariozechner/pi-coding-agent"|g' \
-	-e 's|"@earendil-works/pi-tui"|"@mariozechner/pi-tui"|g' \
+	-e 's|"@earendil-works/pi-agent-core"|"@earendil-works/pi-agent-core"|g' \
+	-e 's|"@earendil-works/pi-ai"|"@earendil-works/pi-ai"|g' \
+	-e 's|"@earendil-works/pi-coding-agent"|"@earendil-works/pi-coding-agent"|g' \
+	-e 's|"@earendil-works/pi-tui"|"@earendil-works/pi-tui"|g' \
 	"$VEND/package.json"
 
 python3 -c "
@@ -40,7 +40,7 @@ cat >"$VEND/UPSTREAM_PIN.md" <<EOF
 - **Repository:** https://github.com/yeliu84/pi-model-router
 - **License:** MIT (\`LICENSE\` in this tree)
 - **Pinned upstream commit:** \`$COMMIT\`
-- **Local changes:** \`extensions/*.ts\` imports use \`@mariozechner/*\` and relative paths end in \`.js\` for TypeScript nodenext.
+- **Local changes:** \`extensions/*.ts\` imports use \`@earendil-works/*\` and relative paths end in \`.js\` for TypeScript nodenext.
 EOF
 
 rm -f "$VEND/package-lock.json"

package/CHANGELOG.md

@@ -4,6 +4,24 @@ All notable changes to this project are documented in this file.
 
 ## [Unreleased]
 
+## [v0.8.0] — 2026-05-17
+
+### ✨ Features
+
+- **Harness command orchestration:** slash prompts spawn `harness/*` agents with required `HarnessSpawnContext`; subagent tool policy; L4 review via isolated subagents (not session fork); ADR 0032.
+
+### 🐛 Fixes
+
+- **Policy gate / harness-plan:** allow scoped writes to `plan-packet.json` in plan phase after `ask_user` approval; block project source edits until execute; promote `/harness-auto` to execute phase mid-turn after approved plan write.
+
+### 📖 Documentation
+
+- **Harness plan workflow:** present full plan → Approve via `ask_user` → persist packet; `--quick` does not skip approval (ADR 0031).
+
+### 🔧 Chores
+
+- **pi-coding-agent:** migrate peer/dev deps to `@earendil-works/pi-coding-agent` 0.74.1.
+
 ## [v0.7.0] — 2026-05-17
 
 ### ✨ Features
@@ -110,7 +128,7 @@ All notable changes to this project are documented in this file.
 
 - Remove `npm:@yeliu84/pi-model-router` from package dependencies; add `THIRD_PARTY_NOTICES.md`
 - `harness-sync-model-router.mjs` adjusts Pi defaults only (no package toggling)
-- `check:ts` uses ES2023; devDependency on `@mariozechner/pi-ai`, `pi-tui`, `pi-agent-core` for vendored typecheck
+- `check:ts` uses ES2023; devDependency on `@earendil-works/pi-ai`, `pi-tui`, `pi-agent-core` for vendored typecheck
 
 ### 🐛 Fixes