zob-harness 0.1.0

package/.pi/chains/explore-plan-oracle.json

@@ -0,0 +1,78 @@
+{
+  "name": "explore-plan-oracle",
+  "version": "1.0.0",
+  "description": "Read-only contract-first chain: explore the requested scope, plan the smallest implementation slice, then oracle-review the plan.",
+  "readOnly": true,
+  "defaultExecution": "plan_only",
+  "steps": [
+    {
+      "id": "explore",
+      "agent": "explore",
+      "task": "Explore the repository context for goal: {goal}. Identify relevant files, current behavior, gaps, and evidence only; do not edit or run write-capable commands.",
+      "expectedOutcome": "Evidence-backed exploration summary for {goal}",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "explore.v1",
+      "mustDo": [
+        "Stay read-only",
+        "Cite exact files and observed evidence",
+        "Identify gaps and next bounded step",
+        "Do not execute child agents"
+      ],
+      "mustNotDo": [
+        "No edits",
+        "No writes",
+        "No bash",
+        "No secrets or .env reads",
+        "No commits",
+        "No daemon or network execution"
+      ],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "plan",
+      "agent": "planner",
+      "task": "Plan the smallest safe implementation slice for goal: {goal}, using prior chain evidence from steps: {previous_step_ids}. Produce a TDD/verification sequence and stop conditions only.",
+      "expectedOutcome": "Bounded implementation plan with validation ladder and risks",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "plan.v1",
+      "mustDo": [
+        "Stay plan-only and read-only",
+        "Consume prior exploration evidence before re-reading",
+        "Keep the slice bounded",
+        "Name exact files likely to change and validation commands"
+      ],
+      "mustNotDo": [
+        "No edits",
+        "No writes",
+        "No bash",
+        "No secrets or .env reads",
+        "No commits",
+        "No live child execution"
+      ],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "oracle",
+      "agent": "oracle",
+      "task": "Review the chain plan for goal: {goal}. Verify whether the proposed scope, safety constraints, evidence, and validation are sufficient. Return PASS/FAIL/WARN without editing.",
+      "expectedOutcome": "Oracle verdict on whether the read-only plan is sufficient to implement safely",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "oracle.v1",
+      "mustDo": [
+        "Stay read-only",
+        "Check acceptance criteria against evidence",
+        "Flag missing validation or unsafe scope",
+        "Return a clear PASS/FAIL/WARN verdict"
+      ],
+      "mustNotDo": [
+        "No edits",
+        "No writes",
+        "No bash",
+        "No secrets or .env reads",
+        "No commits",
+        "No live child execution"
+      ],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    }
+  ]
+}

package/.pi/chains/explore-spec-clarify-plan-oracle.json

@@ -0,0 +1,64 @@
+{
+  "name": "explore-spec-clarify-plan-oracle",
+  "version": "1.0.0",
+  "description": "Read-only premium workflow with repo exploration and a clarification gate before planning.",
+  "readOnly": true,
+  "defaultExecution": "plan_only",
+  "steps": [
+    {
+      "id": "explore",
+      "agent": "explore",
+      "task": "Explore repository context for goal: {goal}. Identify relevant files, current behavior, gaps, and evidence only.",
+      "expectedOutcome": "Evidence-backed exploration summary for {goal}",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "explore.v1",
+      "mustDo": ["Stay read-only", "Cite exact files and evidence", "Identify gaps for the spec", "Do not execute child agents"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "spec",
+      "agent": "specifier",
+      "task": "Convert the goal into a testable spec using prior exploration evidence from: {previous_step_ids}. Goal: {goal}.",
+      "expectedOutcome": "spec.v1 grounded in repo evidence",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "spec.v1",
+      "mustDo": ["Stay read-only", "Use prior exploration evidence", "Make acceptance criteria observable", "State assumptions and open questions"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "clarify",
+      "agent": "clarifier",
+      "task": "Review the repo-grounded spec for goal: {goal}. Score clarity and decide if planning is allowed. If clarity_score < 70 or BLOCKED, return allow_plan=no.",
+      "expectedOutcome": "clarification.v1 with clarity gate decision",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "clarification.v1",
+      "mustDo": ["Stay read-only", "Score clarity 0-100", "Ask guided questions", "Block planning when acceptance criteria are not testable"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "plan",
+      "agent": "planner",
+      "task": "Plan only if clarification allows planning for goal: {goal}. Use prior evidence from: {previous_step_ids}. State assumptions and stop if allow_plan=no.",
+      "expectedOutcome": "Bounded plan or explicit stop decision if clarification blocks planning",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "plan.v1",
+      "mustDo": ["Stay plan-only and read-only", "Consume prior exploration/spec/clarification", "Respect allow_plan gate", "Name validation commands"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "oracle",
+      "agent": "oracle",
+      "task": "Review the clarified repo-grounded plan for goal: {goal}. Return PASS/FAIL/WARN and no_ship without editing.",
+      "expectedOutcome": "Oracle verdict on whether the clarified plan is safe",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "oracle.v1",
+      "mustDo": ["Stay read-only", "Check plan against spec and clarification", "Flag missing validation or unsafe scope", "Return clear PASS/FAIL/WARN"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    }
+  ]
+}

package/.pi/chains/explore-spec-plan-oracle.json

@@ -0,0 +1,53 @@
+{
+  "name": "explore-spec-plan-oracle",
+  "version": "1.0.0",
+  "description": "Read-only premium workflow: explore repo evidence, write a spec, plan, then oracle-review.",
+  "readOnly": true,
+  "defaultExecution": "plan_only",
+  "steps": [
+    {
+      "id": "explore",
+      "agent": "explore",
+      "task": "Explore repository context for goal: {goal}. Identify relevant files, current behavior, gaps, and evidence only.",
+      "expectedOutcome": "Evidence-backed exploration summary for {goal}",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "explore.v1",
+      "mustDo": ["Stay read-only", "Cite exact files and evidence", "Identify gaps for the spec", "Do not execute child agents"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "spec",
+      "agent": "specifier",
+      "task": "Convert the goal into a testable spec using prior exploration evidence from: {previous_step_ids}. Goal: {goal}.",
+      "expectedOutcome": "spec.v1 grounded in repo evidence",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "spec.v1",
+      "mustDo": ["Stay read-only", "Use prior exploration evidence", "Make acceptance criteria observable", "State assumptions and open questions"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "plan",
+      "agent": "planner",
+      "task": "Plan the smallest safe implementation slice for goal: {goal}, using prior exploration and spec evidence from: {previous_step_ids}.",
+      "expectedOutcome": "Bounded implementation plan with validation ladder and risks",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "plan.v1",
+      "mustDo": ["Stay plan-only and read-only", "Consume prior evidence", "Keep the slice bounded", "Name validation commands"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "oracle",
+      "agent": "oracle",
+      "task": "Review the evidence-backed spec/plan for goal: {goal}. Return PASS/FAIL/WARN and no_ship without editing.",
+      "expectedOutcome": "Oracle verdict on whether the plan is sufficiently grounded and safe",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "oracle.v1",
+      "mustDo": ["Stay read-only", "Check acceptance criteria against evidence", "Flag missing validation or unsafe scope", "Return clear PASS/FAIL/WARN"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    }
+  ]
+}

package/.pi/chains/spec-clarify-plan-oracle.json

@@ -0,0 +1,53 @@
+{
+  "name": "spec-clarify-plan-oracle",
+  "version": "1.0.0",
+  "description": "Read-only product workflow with a clarification gate before planning.",
+  "readOnly": true,
+  "defaultExecution": "plan_only",
+  "steps": [
+    {
+      "id": "spec",
+      "agent": "specifier",
+      "task": "Convert goal into a testable spec for: {goal}. Preserve original ask: {original_user_ask}.",
+      "expectedOutcome": "spec.v1 with acceptance criteria and open questions",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "spec.v1",
+      "mustDo": ["Stay read-only", "Make acceptance criteria observable", "State assumptions and open questions", "Cite evidence consulted"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "clarify",
+      "agent": "clarifier",
+      "task": "Review the prior spec for goal: {goal}. Score clarity and decide if planning is allowed. If clarity_score < 70 or BLOCKED, return allow_plan=no.",
+      "expectedOutcome": "clarification.v1 with clarity_score, verdict, allow_plan, questions, assumptions, and minimum_to_plan",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "clarification.v1",
+      "mustDo": ["Stay read-only", "Score clarity 0-100", "Ask guided questions", "Block planning when acceptance criteria are not testable"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "plan",
+      "agent": "planner",
+      "task": "Plan only if clarification allows planning for goal: {goal}. Use prior spec/clarification evidence from: {previous_step_ids}. State assumptions and stop if allow_plan=no.",
+      "expectedOutcome": "Bounded plan or explicit stop decision if clarification blocks planning",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "plan.v1",
+      "mustDo": ["Stay plan-only and read-only", "Consume prior spec and clarification", "Respect allow_plan gate", "Name validation commands"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "oracle",
+      "agent": "oracle",
+      "task": "Review the clarification-gated plan for goal: {goal}. Return PASS/FAIL/WARN and no_ship without editing.",
+      "expectedOutcome": "Oracle verdict on whether the clarified plan is safe",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "oracle.v1",
+      "mustDo": ["Stay read-only", "Check plan against spec and clarification", "Flag missing validation or unsafe scope", "Return clear PASS/FAIL/WARN"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    }
+  ]
+}

package/.pi/chains/spec-factory-oracle.json

@@ -0,0 +1,42 @@
+{
+  "name": "spec-factory-oracle",
+  "version": "1.0.0",
+  "description": "Read-only factory-first planning chain: spec, factory design, then oracle review. Does not run factory_run.",
+  "readOnly": true,
+  "defaultExecution": "plan_only",
+  "steps": [
+    {
+      "id": "spec",
+      "agent": "specifier",
+      "task": "Convert goal into a factory-ready spec for repeated work: {goal}. Preserve original ask: {original_user_ask}.",
+      "expectedOutcome": "spec.v1 with factory-oriented acceptance criteria",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "spec.v1",
+      "mustDo": ["Stay read-only", "Identify repeated workflow", "Make acceptance criteria observable", "State assumptions and open questions"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "factory-design",
+      "agent": "factory",
+      "task": "Design a reusable software factory for goal: {goal}, using the prior spec from: {previous_step_ids}. Do not execute factory_run; produce factory.v1 design only.",
+      "expectedOutcome": "factory.v1 with manifest, schema, validators, smoke/pilot, sentinel, and resume/checkpoint strategy",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "factory.v1",
+      "mustDo": ["Stay read-only", "Separate deterministic scaffolding from LLM enrichment", "Define validators and sentinels", "Start with smoke before pilot/batch"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No factory_run", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "oracle",
+      "agent": "oracle",
+      "task": "Review the factory design for goal: {goal}. Verify validators, sentinels, checkpoint/resume, oracle gates, and safety. Return PASS/FAIL/WARN without editing.",
+      "expectedOutcome": "Oracle verdict on whether the factory design is safe to implement",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "oracle.v1",
+      "mustDo": ["Stay read-only", "Check validators and sentinels", "Flag missing oracle/pilot gates", "Return clear PASS/FAIL/WARN"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No factory_run", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    }
+  ]
+}

package/.pi/chains/spec-plan-oracle.json

@@ -0,0 +1,42 @@
+{
+  "name": "spec-plan-oracle",
+  "version": "1.0.0",
+  "description": "Read-only product workflow: write a testable spec, plan the smallest safe implementation slice, then oracle-review the plan.",
+  "readOnly": true,
+  "defaultExecution": "plan_only",
+  "steps": [
+    {
+      "id": "spec",
+      "agent": "specifier",
+      "task": "Convert goal into a testable spec for: {goal}. Preserve original ask: {original_user_ask}. Do not plan implementation beyond handoff criteria.",
+      "expectedOutcome": "spec.v1 with acceptance criteria and planner handoff",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "spec.v1",
+      "mustDo": ["Stay read-only", "Make acceptance criteria observable", "State assumptions and open questions", "Cite evidence consulted"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "plan",
+      "agent": "planner",
+      "task": "Plan the smallest safe implementation slice for goal: {goal}, using the spec from previous steps: {previous_step_ids}. Produce validation ladder and stop conditions only.",
+      "expectedOutcome": "Bounded implementation plan with validation ladder and risks",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "plan.v1",
+      "mustDo": ["Stay plan-only and read-only", "Consume prior spec evidence", "Keep scope bounded", "Name validation commands"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    },
+    {
+      "id": "oracle",
+      "agent": "oracle",
+      "task": "Review the spec-derived plan for goal: {goal}. Return PASS/FAIL/WARN and no_ship without editing.",
+      "expectedOutcome": "Oracle verdict on whether the plan is safe and sufficiently specified",
+      "requiredTools": ["read", "grep", "find", "ls"],
+      "outputContract": "oracle.v1",
+      "mustDo": ["Stay read-only", "Check plan against spec acceptance criteria", "Flag missing validation or unsafe scope", "Return clear PASS/FAIL/WARN"],
+      "mustNotDo": ["No edits", "No writes", "No bash", "No secrets or .env reads", "No commits", "No live child execution"],
+      "context": "Chain {chain}, step {step_id}; original ask: {original_user_ask}; previous steps: {previous_step_ids}"
+    }
+  ]
+}

package/.pi/compute-profiles/defaults.json

@@ -0,0 +1,19 @@
+{
+  "schema": "zob.compute-profile-defaults.v1",
+  "profiles": {
+    "low": { "maxAgents": 1, "maxDelegationDepth": 0, "maxParallel": 1, "maxIterations": 1, "maxDurationMs": 120000, "maxCostUsd": 0.25, "maxContextTokens": 3000, "strictBudgetRequired": false, "oracleRequired": false },
+    "medium": { "maxAgents": 4, "maxDelegationDepth": 1, "maxParallel": 2, "maxIterations": 2, "maxDurationMs": 300000, "maxCostUsd": 1, "maxContextTokens": 6000, "strictBudgetRequired": false, "oracleRequired": false },
+    "high": { "maxAgents": 10, "maxDelegationDepth": 2, "maxParallel": 4, "maxIterations": 3, "maxDurationMs": 600000, "maxCostUsd": 5, "maxContextTokens": 12000, "strictBudgetRequired": true, "oracleRequired": true },
+    "xhigh": { "maxAgents": 20, "maxDelegationDepth": 3, "maxParallel": 6, "maxIterations": 4, "maxDurationMs": 1200000, "maxCostUsd": 15, "maxContextTokens": 20000, "strictBudgetRequired": true, "oracleRequired": true },
+    "max": { "maxAgents": 30, "maxDelegationDepth": 4, "maxParallel": 8, "maxIterations": 5, "maxDurationMs": 3600000, "maxCostUsd": 50, "maxContextTokens": 32000, "strictBudgetRequired": true, "oracleRequired": true, "humanApprovalRequired": true }
+  },
+  "hardCaps": {
+    "maxAgents": 30,
+    "maxDelegationDepth": 4,
+    "maxParallel": 8,
+    "maxIterations": 5
+  },
+  "parentOwnedDispatch": true,
+  "childDirectDispatch": false,
+  "bodyStored": false
+}

package/.pi/compute-profiles/overrides.json

@@ -0,0 +1,13 @@
+{
+  "schema": "zob.compute-profile-overrides.v1",
+  "overridesEnabled": false,
+  "allowedOverrideCeilings": {
+    "maxAgents": 30,
+    "maxDelegationDepth": 4,
+    "maxParallel": 8,
+    "maxIterations": 5
+  },
+  "maxRequiresHumanApproval": true,
+  "xhighRequiresStrictBudget": true,
+  "bodyStored": false
+}

package/.pi/compute-profiles/risk-rules.json

@@ -0,0 +1,16 @@
+{
+  "schema": "zob.compute-profile-risk-rules.v1",
+  "secretPatterns": [".env", ".env.*", "*.pem", "*.key", "id_rsa", "id_ed25519", "credentials", "secrets"],
+  "generatedVendorPatterns": ["node_modules", "dist", "build", "coverage", ".next", ".nuxt", "out", "vendor", "generated"],
+  "networkRiskHints": ["network", "browser", "cloud"],
+  "writeRiskHints": ["write", "apply", "mutation", "durable", "promotion"],
+  "riskOverrides": {
+    "secretsTouched": "no_ship",
+    "maxWithoutHumanApproval": "no_ship",
+    "strictBudgetMissingForXhighOrMax": "no_ship",
+    "oracleMissingForHighOrAbove": "no_ship"
+  },
+  "parentOwnedDispatch": true,
+  "childDirectDispatch": false,
+  "bodyStored": false
+}

package/.pi/daemon-policy.json

@@ -0,0 +1,80 @@
+{
+  "schema": "zob.daemon-policy.v1",
+  "version": 1,
+  "description": "Policy registry for future local daemon review. This policy allows only manual one-shot read-only queue ticks today and never starts an always-on daemon by itself.",
+  "mode": "manual_one_shot_readonly",
+  "daemonEnabled": false,
+  "alwaysOnDaemonEnabled": false,
+  "autoStartDaemon": false,
+  "continuousLoop": false,
+  "cronEnabled": false,
+  "maxWorkersDefault": 1,
+  "maxWorkersMax": 1,
+  "claimAtMostOneJobPerTick": true,
+  "allowedJobTypes": [
+    "docs_watch",
+    "repo_audit_readonly",
+    "todo_risk_report",
+    "session_analysis"
+  ],
+  "disallowedAdapters": [
+    "write",
+    "edit",
+    "github",
+    "browser",
+    "cloud",
+    "web",
+    "deploy",
+    "publish"
+  ],
+  "allowedStopConditions": [
+    "none",
+    "failed_preflight",
+    "incomplete_no_assistant_turn",
+    "incomplete_no_evidence",
+    "failed_validation",
+    "timeout",
+    "blocked",
+    "scope_violation",
+    "agentic_failed",
+    "oracle_fail",
+    "no_ship",
+    "fail_loop"
+  ],
+  "requiredStopConditions": [
+    "failed_preflight",
+    "incomplete_no_assistant_turn",
+    "incomplete_no_evidence",
+    "failed_validation",
+    "scope_violation",
+    "timeout",
+    "blocked",
+    "agentic_failed",
+    "oracle_fail",
+    "no_ship",
+    "fail_loop"
+  ],
+  "budgetEnforced": false,
+  "strictEnabled": false,
+  "wouldBlockDispatch": false,
+  "modelRouterUsed": false,
+  "routingApplied": false,
+  "childDispatchAllowed": false,
+  "liveChildExecution": false,
+  "networkAccessed": false,
+  "writeAdaptersEnabled": false,
+  "productionWritesPerformed": false,
+  "autoApply": false,
+  "noExecution": true,
+  "bodyStored": false,
+  "promptBodiesStored": false,
+  "outputBodiesStored": false,
+  "futureAlwaysOnPrerequisites": [
+    "strict budget enforcement integrated with dispatch blocking",
+    "live model routing integrated behind budget gates",
+    "arbitrary registered factory proof matrix completed with oracle review",
+    "sandbox production apply and rollback gates proven",
+    "stop-condition escalation policy proven",
+    "operator approval for daemon autostart and scheduling"
+  ]
+}

package/.pi/damage-control-rules.json

@@ -0,0 +1,45 @@
+{
+  "zeroAccessPaths": [
+    ".env",
+    ".env.*",
+    "~/.ssh",
+    "~/.aws",
+    "~/.gnupg",
+    "*.pem",
+    "*.key"
+  ],
+  "readOnlyPaths": [
+    ".git/",
+    "node_modules/",
+    "package-lock.json",
+    "pnpm-lock.yaml",
+    "bun.lock",
+    "dist/",
+    "build/"
+  ],
+  "noDeletePaths": [
+    ".git/",
+    "AGENTS.md",
+    "README.md",
+    ".pi/agents/",
+    ".pi/prompts/",
+    ".pi/extensions/"
+  ],
+  "bashToolPatterns": [
+    { "pattern": "\\brm\\s+(-rf?|--recursive)", "reason": "recursive deletion" },
+    { "pattern": "\\bgit\\s+reset\\s+--hard\\b", "reason": "destructive git reset" },
+    { "pattern": "\\bgit\\s+clean\\s+-", "reason": "destructive git clean" },
+    { "pattern": "\\bgit\\s+checkout\\s+\\.", "reason": "workspace-wide checkout" },
+    { "pattern": "\\bgit\\s+add\\s+(-A|\\.)", "reason": "bulk staging hides unrelated agent work" },
+    { "pattern": "\\bgit\\s+commit\\b", "reason": "direct git commit is blocked; use governed /zcommit commit only when authorized" },
+    { "pattern": "\\bgit\\s+push\\b.*\\s(--force|-f|--force-with-lease)\\b", "reason": "force push is blocked by ZOB git policy" },
+    { "pattern": "\\bgit\\s+push\\b", "reason": "direct git push is blocked; use governed /zcommit push only when authorized" },
+    { "pattern": "\\bgit\\s+tag\\b", "reason": "direct git tag is blocked by ZOB git policy" },
+    { "pattern": "\\bsudo\\b", "reason": "privileged command", "ask": true },
+    { "pattern": "\\b(chmod|chown)\\b.*777", "reason": "unsafe permissions" },
+    { "pattern": "DROP\\s+DATABASE|TRUNCATE\\s+TABLE", "reason": "destructive database operation" },
+    { "pattern": "docker\\s+system\\s+prune", "reason": "destructive docker cleanup", "ask": true },
+    { "pattern": "aws\\s+s3\\s+rm\\b.*--recursive", "reason": "recursive cloud deletion" },
+    { "pattern": "\\bkillall\\b|\\bpkill\\b", "reason": "broad process kill", "ask": true }
+  ]
+}