npm - zob-harness - Versions diffs - 0.1.0 - Mend

zob-harness 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (356) hide show

package/.pi/adapters/registry.json +103 -0
package/.pi/agents/architecture-cartographer.md +53 -0
package/.pi/agents/chief-vision.md +39 -0
package/.pi/agents/clarifier.md +58 -0
package/.pi/agents/context-steward.md +52 -0
package/.pi/agents/doc-steward.md +34 -0
package/.pi/agents/explore.md +49 -0
package/.pi/agents/factory.md +41 -0
package/.pi/agents/implementer.md +44 -0
package/.pi/agents/librarian.md +32 -0
package/.pi/agents/oracle-merge.md +50 -0
package/.pi/agents/oracle.md +55 -0
package/.pi/agents/pattern-miner.md +53 -0
package/.pi/agents/planner.md +39 -0
package/.pi/agents/project-dna-golden-evaluator.md +32 -0
package/.pi/agents/project-dna-ontology-steward.md +30 -0
package/.pi/agents/project-dna-oracle.md +56 -0
package/.pi/agents/project-dna-orchestrator.md +60 -0
package/.pi/agents/project-dna-query-steward.md +38 -0
package/.pi/agents/project-dna-safety-preflight.md +54 -0
package/.pi/agents/project-dna-test-linker.md +27 -0
package/.pi/agents/qa.md +38 -0
package/.pi/agents/refactor-cartographer.md +28 -0
package/.pi/agents/refactor-mover.md +31 -0
package/.pi/agents/refactor-oracle.md +49 -0
package/.pi/agents/repo-scout.md +60 -0
package/.pi/agents/sample-architect.md +48 -0
package/.pi/agents/specifier.md +57 -0
package/.pi/agents/symbol-range-curator.md +41 -0
package/.pi/agents/synthesis.md +52 -0
package/.pi/agents/temp-agent-creator.md +35 -0
package/.pi/autonomy-policy.json +67 -0
package/.pi/budget-policy.json +54 -0
package/.pi/capabilities/zob-public-runtime-capabilities.json +1700 -0
package/.pi/chains/explore-plan-oracle.json +78 -0
package/.pi/chains/explore-spec-clarify-plan-oracle.json +64 -0
package/.pi/chains/explore-spec-plan-oracle.json +53 -0
package/.pi/chains/spec-clarify-plan-oracle.json +53 -0
package/.pi/chains/spec-factory-oracle.json +42 -0
package/.pi/chains/spec-plan-oracle.json +42 -0
package/.pi/compute-profiles/defaults.json +19 -0
package/.pi/compute-profiles/overrides.json +13 -0
package/.pi/compute-profiles/risk-rules.json +16 -0
package/.pi/daemon-policy.json +80 -0
package/.pi/damage-control-rules.json +45 -0
package/.pi/extensions/zob-child-safety/index.ts +212 -0
package/.pi/extensions/zob-harness/AGENTS.md +28 -0
package/.pi/extensions/zob-harness/index.ts +391 -0
package/.pi/extensions/zob-harness/src/AGENTS.md +25 -0
package/.pi/extensions/zob-harness/src/agents.ts +82 -0
package/.pi/extensions/zob-harness/src/autonomous-runtime.ts +2912 -0
package/.pi/extensions/zob-harness/src/autonomy-readiness.ts +778 -0
package/.pi/extensions/zob-harness/src/budget-policy.ts +308 -0
package/.pi/extensions/zob-harness/src/capabilities.ts +249 -0
package/.pi/extensions/zob-harness/src/child-runner.ts +249 -0
package/.pi/extensions/zob-harness/src/chronicle.ts +262 -0
package/.pi/extensions/zob-harness/src/compute-profile.ts +602 -0
package/.pi/extensions/zob-harness/src/compute-workflow-shape.ts +168 -0
package/.pi/extensions/zob-harness/src/coms-v2/AGENTS.md +16 -0
package/.pi/extensions/zob-harness/src/coms-v2/envelope.ts +121 -0
package/.pi/extensions/zob-harness/src/coms-v2/identity.ts +53 -0
package/.pi/extensions/zob-harness/src/coms-v2/ledger-bridge.ts +67 -0
package/.pi/extensions/zob-harness/src/coms-v2/local-transport.ts +147 -0
package/.pi/extensions/zob-harness/src/coms-v2/pending-replies.ts +80 -0
package/.pi/extensions/zob-harness/src/coms-v2/policy.ts +125 -0
package/.pi/extensions/zob-harness/src/coms-v2/presence.ts +55 -0
package/.pi/extensions/zob-harness/src/coms-v2/registry.ts +113 -0
package/.pi/extensions/zob-harness/src/coms-v2/response-capture.ts +50 -0
package/.pi/extensions/zob-harness/src/coms-v2/transcript-capture.ts +164 -0
package/.pi/extensions/zob-harness/src/coms-v2/types.ts +149 -0
package/.pi/extensions/zob-harness/src/coms-v2/zpeer-profile.ts +140 -0
package/.pi/extensions/zob-harness/src/coms-v2/zpeer.ts +452 -0
package/.pi/extensions/zob-harness/src/constants.ts +108 -0
package/.pi/extensions/zob-harness/src/context-gbrain.ts +465 -0
package/.pi/extensions/zob-harness/src/daemon-policy.ts +223 -0
package/.pi/extensions/zob-harness/src/daemon-readiness.ts +134 -0
package/.pi/extensions/zob-harness/src/daemon-runtime.ts +393 -0
package/.pi/extensions/zob-harness/src/factory/AGENTS.md +24 -0
package/.pi/extensions/zob-harness/src/factory/agentic-plan.ts +65 -0
package/.pi/extensions/zob-harness/src/factory/quarantine.ts +319 -0
package/.pi/extensions/zob-harness/src/factory/run.ts +520 -0
package/.pi/extensions/zob-harness/src/factory/validation.ts +454 -0
package/.pi/extensions/zob-harness/src/factory-selector.ts +318 -0
package/.pi/extensions/zob-harness/src/full-autonomy-test.ts +226 -0
package/.pi/extensions/zob-harness/src/git-ops.ts +868 -0
package/.pi/extensions/zob-harness/src/goal-room.ts +178 -0
package/.pi/extensions/zob-harness/src/goal-runtime.ts +1569 -0
package/.pi/extensions/zob-harness/src/goal-todo-imports.ts +111 -0
package/.pi/extensions/zob-harness/src/goal-todo-types.ts +231 -0
package/.pi/extensions/zob-harness/src/goal-todos.ts +1410 -0
package/.pi/extensions/zob-harness/src/goal.ts +152 -0
package/.pi/extensions/zob-harness/src/governed-requests.ts +436 -0
package/.pi/extensions/zob-harness/src/interactive-autonomy.ts +595 -0
package/.pi/extensions/zob-harness/src/launch-apply.ts +313 -0
package/.pi/extensions/zob-harness/src/merge-queue.ts +290 -0
package/.pi/extensions/zob-harness/src/mission-control.ts +573 -0
package/.pi/extensions/zob-harness/src/model-availability.ts +52 -0
package/.pi/extensions/zob-harness/src/model-routing.ts +429 -0
package/.pi/extensions/zob-harness/src/orchestration/AGENTS.md +23 -0
package/.pi/extensions/zob-harness/src/orchestration/adaptive-delegation.ts +547 -0
package/.pi/extensions/zob-harness/src/orchestration/adaptive-workflow.ts +585 -0
package/.pi/extensions/zob-harness/src/orchestration/lead-plan.ts +192 -0
package/.pi/extensions/zob-harness/src/orchestration/plan.ts +168 -0
package/.pi/extensions/zob-harness/src/orchestration/room.ts +346 -0
package/.pi/extensions/zob-harness/src/orchestration/run.ts +134 -0
package/.pi/extensions/zob-harness/src/orchestration/supervised-readonly.ts +1147 -0
package/.pi/extensions/zob-harness/src/orchestration/widget-readers.ts +132 -0
package/.pi/extensions/zob-harness/src/output-contracts.ts +656 -0
package/.pi/extensions/zob-harness/src/project-dna.ts +533 -0
package/.pi/extensions/zob-harness/src/promotion/AGENTS.md +24 -0
package/.pi/extensions/zob-harness/src/promotion/candidate.ts +336 -0
package/.pi/extensions/zob-harness/src/promotion/coms.ts +127 -0
package/.pi/extensions/zob-harness/src/promotion/documentation.ts +142 -0
package/.pi/extensions/zob-harness/src/promotion/factory.ts +107 -0
package/.pi/extensions/zob-harness/src/promotion/ledger.ts +2 -0
package/.pi/extensions/zob-harness/src/promotion/temp-agent.ts +151 -0
package/.pi/extensions/zob-harness/src/promotion/types.ts +149 -0
package/.pi/extensions/zob-harness/src/promotion/validate.ts +6 -0
package/.pi/extensions/zob-harness/src/promotion/write-lane.ts +162 -0
package/.pi/extensions/zob-harness/src/prompt-packs.ts +239 -0
package/.pi/extensions/zob-harness/src/queue.ts +386 -0
package/.pi/extensions/zob-harness/src/rules.ts +225 -0
package/.pi/extensions/zob-harness/src/runtime/AGENTS.md +26 -0
package/.pi/extensions/zob-harness/src/runtime/adaptive-zmode.ts +116 -0
package/.pi/extensions/zob-harness/src/runtime/auto-compaction.ts +715 -0
package/.pi/extensions/zob-harness/src/runtime/commands.ts +1315 -0
package/.pi/extensions/zob-harness/src/runtime/compaction-policy.ts +516 -0
package/.pi/extensions/zob-harness/src/runtime/delegation-click-markers.ts +141 -0
package/.pi/extensions/zob-harness/src/runtime/delegation-feed.ts +415 -0
package/.pi/extensions/zob-harness/src/runtime/delegation-markdown.ts +97 -0
package/.pi/extensions/zob-harness/src/runtime/delegation-monitor.ts +553 -0
package/.pi/extensions/zob-harness/src/runtime/delegation-mouse.ts +205 -0
package/.pi/extensions/zob-harness/src/runtime/delegation-overlay.ts +434 -0
package/.pi/extensions/zob-harness/src/runtime/events.ts +736 -0
package/.pi/extensions/zob-harness/src/runtime/goal-todo-overlay.ts +214 -0
package/.pi/extensions/zob-harness/src/runtime/mode-intent.ts +144 -0
package/.pi/extensions/zob-harness/src/runtime/plan-capture.ts +270 -0
package/.pi/extensions/zob-harness/src/runtime/state.ts +403 -0
package/.pi/extensions/zob-harness/src/runtime/tools-autonomous.ts +117 -0
package/.pi/extensions/zob-harness/src/runtime/tools-compute.ts +136 -0
package/.pi/extensions/zob-harness/src/runtime/tools-coms.ts +365 -0
package/.pi/extensions/zob-harness/src/runtime/tools-context.ts +70 -0
package/.pi/extensions/zob-harness/src/runtime/tools-delegation.ts +1854 -0
package/.pi/extensions/zob-harness/src/runtime/tools-factory.ts +810 -0
package/.pi/extensions/zob-harness/src/runtime/tools-goal-room.ts +46 -0
package/.pi/extensions/zob-harness/src/runtime/tools-governed-requests.ts +38 -0
package/.pi/extensions/zob-harness/src/runtime/tools-merge-queue.ts +61 -0
package/.pi/extensions/zob-harness/src/runtime/tools-mission-control.ts +77 -0
package/.pi/extensions/zob-harness/src/runtime/tools-orchestration.ts +106 -0
package/.pi/extensions/zob-harness/src/runtime/tools-project-dna.ts +123 -0
package/.pi/extensions/zob-harness/src/runtime/tools-worker-pool.ts +93 -0
package/.pi/extensions/zob-harness/src/runtime/tools-workspace-claims.ts +62 -0
package/.pi/extensions/zob-harness/src/runtime/tools-zcommit.ts +147 -0
package/.pi/extensions/zob-harness/src/runtime/widget.ts +353 -0
package/.pi/extensions/zob-harness/src/runtime/zobHarness.ts +60 -0
package/.pi/extensions/zob-harness/src/safety.ts +338 -0
package/.pi/extensions/zob-harness/src/sandbox.ts +1508 -0
package/.pi/extensions/zob-harness/src/schemas-project-dna.ts +47 -0
package/.pi/extensions/zob-harness/src/schemas.ts +695 -0
package/.pi/extensions/zob-harness/src/telemetry.ts +373 -0
package/.pi/extensions/zob-harness/src/topology/AGENTS.md +22 -0
package/.pi/extensions/zob-harness/src/topology/chains.ts +236 -0
package/.pi/extensions/zob-harness/src/topology/coms.ts +211 -0
package/.pi/extensions/zob-harness/src/topology/orchestration-profiles.ts +204 -0
package/.pi/extensions/zob-harness/src/topology/teams.ts +113 -0
package/.pi/extensions/zob-harness/src/types/core.ts +47 -0
package/.pi/extensions/zob-harness/src/types.ts +939 -0
package/.pi/extensions/zob-harness/src/utils/AGENTS.md +22 -0
package/.pi/extensions/zob-harness/src/utils/formatting.ts +34 -0
package/.pi/extensions/zob-harness/src/utils/hashing.ts +11 -0
package/.pi/extensions/zob-harness/src/utils/json.ts +28 -0
package/.pi/extensions/zob-harness/src/utils/paths.ts +54 -0
package/.pi/extensions/zob-harness/src/utils/records.ts +25 -0
package/.pi/extensions/zob-harness/src/utils/resources.ts +38 -0
package/.pi/extensions/zob-harness/src/worker-pool.ts +672 -0
package/.pi/extensions/zob-harness/src/workspace-claims.ts +297 -0
package/.pi/extensions/zob-switch/index.ts +180 -0
package/.pi/factories/budget-preflight-dry-run/batch-manifest.json +59 -0
package/.pi/factories/budget-preflight-dry-run/factory.json +94 -0
package/.pi/factories/budget-preflight-dry-run/pilot-manifest.json +50 -0
package/.pi/factories/budget-preflight-dry-run/smoke-manifest.json +43 -0
package/.pi/factories/code-review-matrix/batch-manifest.json +61 -0
package/.pi/factories/code-review-matrix/factory.json +163 -0
package/.pi/factories/code-review-matrix/pilot-manifest.json +41 -0
package/.pi/factories/code-review-matrix/smoke-manifest.json +35 -0
package/.pi/factories/factory-forge/batch-manifest.json +56 -0
package/.pi/factories/factory-forge/factory.json +84 -0
package/.pi/factories/factory-forge/pilot-manifest.json +32 -0
package/.pi/factories/factory-forge/smoke-manifest.json +19 -0
package/.pi/factories/opencode-pattern-canonizer/batch-manifest.json +54 -0
package/.pi/factories/opencode-pattern-canonizer/factory.json +86 -0
package/.pi/factories/opencode-pattern-canonizer/pilot-manifest.json +39 -0
package/.pi/factories/opencode-pattern-canonizer/smoke-manifest.json +26 -0
package/.pi/factories/project-dna/README.md +182 -0
package/.pi/factories/project-dna/batch-manifest.json +37 -0
package/.pi/factories/project-dna/example-project-dna-manifest-v2.json +80 -0
package/.pi/factories/project-dna/example-project-dna-manifest.json +58 -0
package/.pi/factories/project-dna/factory.json +131 -0
package/.pi/factories/project-dna/golden-cases-smoke.json +62 -0
package/.pi/factories/project-dna/pi-agentic-ontology.json +88 -0
package/.pi/factories/project-dna/pilot-manifest.json +32 -0
package/.pi/factories/project-dna/schemas/benchmark-suite.schema.json +27 -0
package/.pi/factories/project-dna/schemas/code-knowledge-graph.schema.json +97 -0
package/.pi/factories/project-dna/schemas/context-pack.schema.json +43 -0
package/.pi/factories/project-dna/schemas/golden-case.schema.json +36 -0
package/.pi/factories/project-dna/schemas/manifest-v2.schema.json +128 -0
package/.pi/factories/project-dna/schemas/manifest.schema.json +77 -0
package/.pi/factories/project-dna/schemas/ontology.schema.json +45 -0
package/.pi/factories/project-dna/schemas/project-fingerprint.schema.json +28 -0
package/.pi/factories/project-dna/schemas/query-steward-report.schema.json +52 -0
package/.pi/factories/project-dna/smoke-manifest.json +27 -0
package/.pi/factories/roadmap-smoke-lots/batch-manifest.json +49 -0
package/.pi/factories/roadmap-smoke-lots/factory.json +89 -0
package/.pi/factories/roadmap-smoke-lots/pilot-manifest.json +50 -0
package/.pi/factories/roadmap-smoke-lots/smoke-manifest.json +35 -0
package/.pi/git-policy.json +120 -0
package/.pi/mission-control/zob_coms_transport.json +64 -0
package/.pi/model-catalog.example.json +345 -0
package/.pi/model-economy.example.json +196 -0
package/.pi/model-routing.json +86 -0
package/.pi/orchestrations/adaptive-chief-vision.json +193 -0
package/.pi/orchestrations/ceo-feature-build.json +182 -0
package/.pi/orchestrations/readonly-dynamic-smoke.json +75 -0
package/.pi/output-contracts/agent-event.v1.json +19 -0
package/.pi/output-contracts/base.v1.json +24 -0
package/.pi/output-contracts/brain-lookup.v1.json +21 -0
package/.pi/output-contracts/clarification.v1.json +21 -0
package/.pi/output-contracts/context-pack.v1.json +20 -0
package/.pi/output-contracts/context-request.v1.json +21 -0
package/.pi/output-contracts/context-steward.v1.json +19 -0
package/.pi/output-contracts/context-writeback-proposal.v1.json +18 -0
package/.pi/output-contracts/delegation-request.v1.json +21 -0
package/.pi/output-contracts/explore.v1.json +52 -0
package/.pi/output-contracts/factory.v1.json +48 -0
package/.pi/output-contracts/guidance-steward.v1.json +18 -0
package/.pi/output-contracts/implement.v1.json +40 -0
package/.pi/output-contracts/launch-authorization.v1.json +21 -0
package/.pi/output-contracts/lead-plan.v1.json +22 -0
package/.pi/output-contracts/mission-readiness.v1.json +20 -0
package/.pi/output-contracts/oracle-merge.v1.json +44 -0
package/.pi/output-contracts/oracle-request.v1.json +20 -0
package/.pi/output-contracts/oracle.v1.json +44 -0
package/.pi/output-contracts/orchestration-profile.v1.json +22 -0
package/.pi/output-contracts/plan.v1.json +48 -0
package/.pi/output-contracts/prompt-pack.v1.json +20 -0
package/.pi/output-contracts/qa.v1.json +40 -0
package/.pi/output-contracts/research.v1.json +36 -0
package/.pi/output-contracts/spec.v1.json +22 -0
package/.pi/output-contracts/synthesis.v1.json +44 -0
package/.pi/output-contracts/temp-agent-card.v1.json +23 -0
package/.pi/output-contracts/todo-child-result.v1.json +20 -0
package/.pi/output-contracts/todo-child-result.v2.json +22 -0
package/.pi/output-contracts/todo-claim-validation.v1.json +22 -0
package/.pi/output-contracts/todo-split-request.v1.json +20 -0
package/.pi/prompts/adaptive-workflow.md +63 -0
package/.pi/prompts/autonomous-runtime.md +15 -0
package/.pi/prompts/benchmark-contender.md +15 -0
package/.pi/prompts/benchmark-judge.md +19 -0
package/.pi/prompts/clarify-spec.md +20 -0
package/.pi/prompts/compute-plan.md +36 -0
package/.pi/prompts/compute-preview.md +42 -0
package/.pi/prompts/contract.md +29 -0
package/.pi/prompts/explore.md +13 -0
package/.pi/prompts/factory-run.md +36 -0
package/.pi/prompts/factory.md +20 -0
package/.pi/prompts/implement.md +27 -0
package/.pi/prompts/model-catalog.md +68 -0
package/.pi/prompts/model-economy.md +64 -0
package/.pi/prompts/oracle-merge.md +18 -0
package/.pi/prompts/oracle.md +13 -0
package/.pi/prompts/orchestrator.md +48 -0
package/.pi/prompts/parallel-review.md +21 -0
package/.pi/prompts/plan.md +21 -0
package/.pi/prompts/project-dna.md +90 -0
package/.pi/prompts/refactor-oracle.md +23 -0
package/.pi/prompts/refactor-slice.md +24 -0
package/.pi/prompts/research.md +20 -0
package/.pi/prompts/spec.md +19 -0
package/.pi/prompts/synthesis.md +18 -0
package/.pi/rules/always.md +38 -0
package/.pi/rules/docs.md +32 -0
package/.pi/rules/factory.md +44 -0
package/.pi/rules/oracle.md +34 -0
package/.pi/rules/orchestration.md +44 -0
package/.pi/rules/project.md +34 -0
package/.pi/rules/prompts.md +43 -0
package/.pi/rules/runtime.md +43 -0
package/.pi/rules/sandbox.md +43 -0
package/.pi/settings.json +28 -0
package/.pi/skills/zob-agentic-access/SKILL.md +20 -0
package/.pi/skills/zob-autonomous-runtime/SKILL.md +41 -0
package/.pi/skills/zob-commit/SKILL.md +79 -0
package/.pi/skills/zob-compaction-policy/SKILL.md +92 -0
package/.pi/skills/zob-compute-profile/SKILL.md +108 -0
package/.pi/skills/zob-coms-safety/SKILL.md +54 -0
package/.pi/skills/zob-coms-v2-live/SKILL.md +47 -0
package/.pi/skills/zob-delegation-routing/SKILL.md +82 -0
package/.pi/skills/zob-factory/SKILL.md +28 -0
package/.pi/skills/zob-goal-todo-tree/SKILL.md +279 -0
package/.pi/skills/zob-harness/SKILL.md +68 -0
package/.pi/skills/zob-mission-control-coms/SKILL.md +39 -0
package/.pi/skills/zob-oracle/SKILL.md +21 -0
package/.pi/skills/zob-owner-pool-drill-writer/SKILL.md +244 -0
package/.pi/skills/zob-owner-pool-launcher/SKILL.md +261 -0
package/.pi/skills/zob-project-dna/SKILL.md +275 -0
package/.pi/skills/zob-sandbox/SKILL.md +29 -0
package/.pi/skills/zob-spec/SKILL.md +25 -0
package/.pi/skills/zob-split-refactor/SKILL.md +39 -0
package/.pi/skills/zob-tool-router/SKILL.md +104 -0
package/.pi/teams/zob-core.json +122 -0
package/AGENTS.md +89 -0
package/CONTRIBUTING.md +56 -0
package/LICENSE +21 -0
package/README.md +360 -0
package/SECURITY.md +35 -0
package/SOURCE_INDEX.md +46 -0
package/package.json +135 -0
package/scripts/README.md +57 -0
package/scripts/autonomy/mission-readiness-secret-smoke.mjs +90 -0
package/scripts/compute-profile/plan-workflow.mjs +85 -0
package/scripts/compute-profile/preview.mjs +242 -0
package/scripts/compute-profile/regression-smoke.mjs +38 -0
package/scripts/compute-profile/summarize.mjs +72 -0
package/scripts/compute-profile/validate-policy.mjs +50 -0
package/scripts/compute-profile/validate-preview.mjs +95 -0
package/scripts/compute-profile/validate-workflow.mjs +58 -0
package/scripts/git-ops/commit-policy-smoke.mjs +221 -0
package/scripts/goal-todo/child-goal-ref-smoke.mjs +252 -0
package/scripts/harness-switch/static-smoke.mjs +43 -0
package/scripts/model-catalog/validate-economy.mjs +223 -0
package/scripts/model-catalog/validate.mjs +199 -0
package/scripts/package-surface/validate-script-refs.mjs +190 -0
package/scripts/path-policy/validate-smoke.mjs +103 -0
package/scripts/project-dna/bench-smoke.mjs +217 -0
package/scripts/project-dna/build-capsules.mjs +207 -0
package/scripts/project-dna/build-sample-spec.mjs +140 -0
package/scripts/project-dna/emit-golden-cases.mjs +75 -0
package/scripts/project-dna/emit-ontology.mjs +75 -0
package/scripts/project-dna/generate-sample.mjs +302 -0
package/scripts/project-dna/oracle-review-smoke.mjs +157 -0
package/scripts/project-dna/plan-workflow.mjs +289 -0
package/scripts/project-dna/query-context.mjs +276 -0
package/scripts/project-dna/query-steward.mjs +149 -0
package/scripts/project-dna/scan.mjs +553 -0
package/scripts/project-dna/validate-5of5.mjs +159 -0
package/scripts/project-dna/validate-golden-cases.mjs +78 -0
package/scripts/project-dna/validate-ontology.mjs +97 -0
package/scripts/project-dna/validate-sample-project.mjs +105 -0
package/scripts/project-dna/validate-scaffold.mjs +383 -0
package/scripts/project-dna/validate-scan-artifacts.mjs +187 -0
package/scripts/project-dna/validate-workflow.mjs +166 -0
package/scripts/start-pi.sh +4 -0
package/scripts/worker-pool/static-smoke.mjs +54 -0
package/scripts/zpeer-local-e2e-smoke.mjs +395 -0
package/scripts/zpeer-static-smoke.mjs +129 -0
package/tsconfig.json +12 -0

package/.pi/extensions/zob-harness/src/safety.ts ADDED Viewed

@@ -0,0 +1,338 @@
+import { existsSync, readFileSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { getAgentDir } from "@earendil-works/pi-coding-agent";
+import { DEFAULT_RULES } from "./constants.js";
+import type { BudgetSidecar, DamageRules, HarnessAgent } from "./types.js";
+import { expandHome, pathMatches } from "./utils/paths.js";
+function loadDamageRules(cwd: string): DamageRules {
+  const candidates = [join(cwd, ".pi", "damage-control-rules.json"), join(getAgentDir(), "damage-control-rules.json")];
+  for (const candidate of candidates) {
+    if (!existsSync(candidate)) continue;
+    try {
+      const loaded = JSON.parse(readFileSync(candidate, "utf8")) as Partial<DamageRules>;
+      return {
+        bashToolPatterns: loaded.bashToolPatterns ?? DEFAULT_RULES.bashToolPatterns,
+        zeroAccessPaths: loaded.zeroAccessPaths ?? DEFAULT_RULES.zeroAccessPaths,
+        readOnlyPaths: loaded.readOnlyPaths ?? DEFAULT_RULES.readOnlyPaths,
+        noDeletePaths: loaded.noDeletePaths ?? DEFAULT_RULES.noDeletePaths,
+      };
+    } catch {
+      return DEFAULT_RULES;
+    }
+  }
+  return DEFAULT_RULES;
+}
+function formatContractTemplate(task = "[atomic goal]"): string {
+  return `1. TASK: ${task}
+2. EXPECTED OUTCOME: [observable artifact, verdict, or changed file set]
+3. REQUIRED TOOLS: [allowed tools / APIs only]
+4. MUST DO:
+   - Restate constraints before tool use.
+   - Verify existing state before changing anything.
+   - Produce concrete evidence before claiming done.
+5. MUST NOT DO:
+   - No secret reads or writes.
+   - No broad destructive commands.
+   - No commits unless explicitly requested.
+6. CONTEXT:
+   - Paths:
+   - Prior evidence:
+   - Downstream use:
+FINAL FORMAT:
+- Verdict / result
+- Evidence (files, commands, outputs)
+- Risks / blockers
+- Compliance line
+- deliverable_delivered: yes/no`;
+}
+const CONTRACT_PARTS: Array<{ label: string; pattern: RegExp }> = [
+  { label: "TASK", pattern: /(?:^|\n)\s*(?:\d+\.\s*)?TASK\s*:/i },
+  { label: "EXPECTED OUTCOME", pattern: /(?:^|\n)\s*(?:\d+\.\s*)?EXPECTED\s+OUTCOME\s*:/i },
+  { label: "REQUIRED TOOLS", pattern: /(?:^|\n)\s*(?:\d+\.\s*)?(?:REQUIRED\s+TOOLS|TOOLS)\s*:/i },
+  { label: "MUST DO", pattern: /(?:^|\n)\s*(?:\d+\.\s*)?MUST\s+DO\s*:/i },
+  { label: "MUST NOT DO", pattern: /(?:^|\n)\s*(?:\d+\.\s*)?MUST\s+NOT(?:\s+DO)?\s*:/i },
+  { label: "CONTEXT", pattern: /(?:^|\n)\s*(?:\d+\.\s*)?CONTEXT\s*:/i },
+];
+export function validateSixPartContract(task: string): string[] {
+  const errors: string[] = [];
+  const matches = CONTRACT_PARTS.map((part) => {
+    const match = part.pattern.exec(task);
+    return { ...part, index: match?.index ?? -1, end: match ? match.index + match[0].length : -1 };
+  });
+  for (const match of matches) {
+    if (match.index === -1) errors.push(`Missing contract section: ${match.label}`);
+  }
+  if (errors.length > 0) return errors;
+  for (let index = 1; index < matches.length; index += 1) {
+    if (matches[index].index < matches[index - 1].index) {
+      errors.push(`Contract section out of order: ${matches[index].label}`);
+    }
+  }
+  const ordered = [...matches].sort((left, right) => left.index - right.index);
+  for (const [index, match] of ordered.entries()) {
+    const next = ordered[index + 1];
+    const body = task.slice(match.end, next?.index ?? task.length).trim();
+    if (!body || /^\[.*\]$/.test(body)) errors.push(`Empty contract section: ${match.label}`);
+  }
+  return errors;
+}
+export function parseToolList(input: string | undefined): string[] | undefined {
+  if (!input) return undefined;
+  return input
+    .split(",")
+    .map((tool) => tool.trim())
+    .filter(Boolean);
+}
+export function validateToolList(agent: HarnessAgent, requestedTools: string[] | undefined): string[] {
+  const errors: string[] = [];
+  const allowed = new Set(agent.tools ?? []);
+  if (!requestedTools || requestedTools.length === 0) return errors;
+  if (allowed.size === 0) return [`Agent '${agent.name}' has no declared tool allowlist; refusing tool override.`];
+  for (const tool of requestedTools) {
+    if (!/^[a-zA-Z0-9_-]+$/.test(tool)) errors.push(`Invalid tool name '${tool}'`);
+    if (!allowed.has(tool)) errors.push(`Tool '${tool}' is not allowed for agent '${agent.name}'. Allowed: ${[...allowed].join(", ")}`);
+  }
+  return errors;
+}
+export function resolveChildCwd(repoRoot: string, requestedCwd: string | undefined): { cwd: string; errors: string[] } {
+  const root = resolve(repoRoot);
+  const cwd = requestedCwd ? resolve(root, expandHome(requestedCwd)) : root;
+  if (cwd !== root && !cwd.startsWith(`${root}/`)) {
+    return { cwd, errors: [`Child cwd must stay inside repo root. Requested: ${requestedCwd}`] };
+  }
+  return { cwd, errors: [] };
+}
+function staysInsideRepo(path: string, repoRoot: string): boolean {
+  const root = resolve(repoRoot);
+  const resolved = resolve(root, expandHome(path));
+  return resolved === root || resolved.startsWith(`${root}/`);
+}
+function normalizePolicyPattern(path: string): string {
+  return path.trim().replace(/\\+/g, "/").replace(/\/+/g, "/");
+}
+function isBroadDenyPattern(path: string): boolean {
+  const normalized = normalizePolicyPattern(path);
+  return normalized === "" || normalized === "." || normalized === "./" || normalized === "/" || normalized === "/*" || normalized === "*" || normalized === "**" || normalized === "~" || normalized === "~/";
+}
+function isRepoRelativePattern(path: string): boolean {
+  const normalized = normalizePolicyPattern(path);
+  return !normalized.startsWith("/") && !normalized.startsWith("~/") && normalized !== "~";
+}
+function isWindowsAbsolutePattern(path: string): boolean {
+  return /^[a-zA-Z]:\//.test(normalizePolicyPattern(path));
+}
+function hasTraversalSegment(path: string): boolean {
+  return normalizePolicyPattern(path).split("/").some((segment) => segment === "..");
+}
+function allowedPathGuidance(label: string, path: string, reason: string): string {
+  return `${label} path must be repo-relative only (${reason}) and stay inside repo root: ${path}. If the child needs external context, write or cite a repo-local snapshot/context_ref under reports/... and pass that repo-relative ref instead.`;
+}
+export function validateAllowedPathPolicy(paths: string[] | undefined, label: string, repoRoot: string): string[] {
+  const errors: string[] = [];
+  for (const path of paths ?? []) {
+    const normalized = normalizePolicyPattern(path);
+    if (path.includes("\0")) {
+      errors.push(allowedPathGuidance(label, path, "NUL bytes are not allowed"));
+      continue;
+    }
+    if (normalized === "" || normalized === "." || normalized === "./") {
+      errors.push(allowedPathGuidance(label, path, "broad repo roots are not allowed"));
+      continue;
+    }
+    if (normalized.startsWith("/") || normalized === "~" || normalized.startsWith("~/") || isWindowsAbsolutePattern(normalized)) {
+      errors.push(allowedPathGuidance(label, path, "absolute and home paths are not allowed"));
+      continue;
+    }
+    if (hasTraversalSegment(normalized)) {
+      errors.push(allowedPathGuidance(label, path, "path traversal segments are not allowed anywhere in allowed_paths"));
+      continue;
+    }
+    if (!staysInsideRepo(path, repoRoot)) errors.push(allowedPathGuidance(label, path, "path must not escape the repo"));
+  }
+  return errors;
+}
+export function validateForbiddenPathPolicy(paths: string[] | undefined, label: string, repoRoot: string): string[] {
+  const errors: string[] = [];
+  for (const path of paths ?? []) {
+    if (path.includes("\0")) {
+      errors.push(`${label} path contains a NUL byte: ${path}`);
+      continue;
+    }
+    if (isBroadDenyPattern(path)) {
+      errors.push(`${label} path is too broad for a deny-only pattern: ${path}`);
+      continue;
+    }
+    if (isRepoRelativePattern(path) && !staysInsideRepo(path, repoRoot)) {
+      errors.push(`${label} repo-relative deny pattern must stay inside repo root: ${path}`);
+    }
+  }
+  return errors;
+}
+export function validatePathPolicy(paths: string[] | undefined, label: string, repoRoot: string): string[] {
+  return validateAllowedPathPolicy(paths, label, repoRoot);
+}
+export function parsePathListEnv(value: string | undefined): string[] {
+  if (!value) return [];
+  return value
+    .split(/[,:\n]/)
+    .map((item) => item.trim())
+    .filter(Boolean);
+}
+export function validateRuntimeWritePolicy(input: {
+  targetPath: string;
+  cwd: string;
+  policyRoot?: string;
+  allowedPaths?: string[];
+  forbiddenPaths?: string[];
+  zeroAccessPaths?: string[];
+  readOnlyPaths?: string[];
+  sandboxRoot?: string;
+}): { allowed: boolean; violations: string[] } {
+  const policyRoot = input.policyRoot ?? input.cwd;
+  const violations: string[] = [];
+  for (const protectedPattern of input.zeroAccessPaths ?? []) {
+    if (pathMatches(input.targetPath, protectedPattern, input.cwd, policyRoot)) violations.push(`zero-access path: ${protectedPattern}`);
+  }
+  for (const forbiddenPattern of input.forbiddenPaths ?? []) {
+    if (pathMatches(input.targetPath, forbiddenPattern, input.cwd, policyRoot)) violations.push(`forbidden path: ${forbiddenPattern}`);
+  }
+  for (const readOnlyPattern of input.readOnlyPaths ?? []) {
+    if (pathMatches(input.targetPath, readOnlyPattern, input.cwd, policyRoot)) violations.push(`read-only path: ${readOnlyPattern}`);
+  }
+  const allowedPaths = input.allowedPaths ?? [];
+  if (allowedPaths.length > 0 && !allowedPaths.some((allowedPath) => pathMatches(input.targetPath, allowedPath, input.cwd, policyRoot))) {
+    violations.push(`outside allowed_paths: ${allowedPaths.join(", ")}`);
+  }
+  if (input.sandboxRoot) {
+    const sandboxRoot = resolve(policyRoot, expandHome(input.sandboxRoot));
+    const target = resolve(input.cwd, expandHome(input.targetPath));
+    if (target !== sandboxRoot && !target.startsWith(`${sandboxRoot}/`)) violations.push(`outside sandbox root: ${input.sandboxRoot}`);
+  }
+  return { allowed: violations.length === 0, violations };
+}
+export function validateDelegationWriteScope(source: string, requiredTools: string[], allowedPaths: string[] | undefined): string[] {
+  const wantsWrite = requiredTools.some((tool) => tool === "write" || tool === "edit");
+  if (wantsWrite && (allowedPaths?.length ?? 0) === 0) return [`${source} with write/edit tools requires non-empty allowed_paths`];
+  return [];
+}
+export function validateDelegateTaskWriteScope(requiredTools: string[], allowedPaths: string[] | undefined): string[] {
+  return validateDelegationWriteScope("delegate_task", requiredTools, allowedPaths);
+}
+export function createSandboxMetadata(input: { runId: string; repoRoot: string; sandboxRoot: string; allowedPaths?: string[]; forbiddenPaths?: string[]; budget?: BudgetSidecar }): Record<string, unknown> {
+  return {
+    schema: "zob.sandbox-metadata.v1",
+    runId: input.runId,
+    repoRoot: resolve(input.repoRoot),
+    sandboxRoot: resolve(input.repoRoot, input.sandboxRoot),
+    allowedPaths: input.allowedPaths ?? [],
+    forbiddenPaths: input.forbiddenPaths ?? [],
+    tempCopy: true,
+    autoApply: false,
+    budgetEnforced: false,
+    budget: input.budget ?? { mode: "advisory", advisory: true, budgetEnforced: false, strictRequested: false, strictEnabled: false },
+    promptBodiesStored: false,
+    outputBodiesStored: false,
+    createdAt: new Date().toISOString(),
+  };
+}
+export function createDiffGateResult(input: { runId: string; diffHash?: string; changedPaths?: string[]; allowed: boolean; violations?: string[] }): Record<string, unknown> {
+  return {
+    schema: "zob.diff-gate-result.v1",
+    runId: input.runId,
+    diffHash: input.diffHash,
+    changedPaths: input.changedPaths ?? [],
+    allowed: input.allowed,
+    violations: input.violations ?? [],
+    applyRequired: true,
+    autoApply: false,
+    budgetEnforced: false,
+    bodyStored: false,
+    promptBodiesStored: false,
+    outputBodiesStored: false,
+    evaluatedAt: new Date().toISOString(),
+  };
+}
+export function createRollbackMetadata(input: { runId: string; baseRef?: string; snapshotPath?: string; changedPaths?: string[] }): Record<string, unknown> {
+  return {
+    schema: "zob.rollback-metadata.v1",
+    runId: input.runId,
+    baseRef: input.baseRef,
+    snapshotPath: input.snapshotPath,
+    changedPaths: input.changedPaths ?? [],
+    rollbackPrepared: true,
+    rollbackApplied: false,
+    autoApply: false,
+    budgetEnforced: false,
+    bodyStored: false,
+    promptBodiesStored: false,
+    outputBodiesStored: false,
+    createdAt: new Date().toISOString(),
+  };
+}
+export function buildChildEnv(repoRoot: string, pathPolicy?: { allowedPaths?: string[]; forbiddenPaths?: string[]; sandboxRoot?: string }): NodeJS.ProcessEnv {
+  const keepExact = new Set([
+    "PATH",
+    "HOME",
+    "PWD",
+    "SHELL",
+    "TMPDIR",
+    "TMP",
+    "TEMP",
+    "NODE_PATH",
+    "NVM_DIR",
+    "LANG",
+    "LC_ALL",
+    "TERM",
+    "USER",
+    "LOGNAME",
+    "PI_OFFLINE",
+    "OPENAI_API_KEY",
+    "ANTHROPIC_API_KEY",
+    "GOOGLE_API_KEY",
+    "GEMINI_API_KEY",
+    "OPENROUTER_API_KEY",
+    "ZAI_API_KEY",
+  ]);
+  const env: NodeJS.ProcessEnv = {};
+  for (const [key, value] of Object.entries(process.env)) {
+    if (value === undefined) continue;
+    if (keepExact.has(key)) env[key] = value;
+  }
+  env.ZOB_HARNESS_ROOT = repoRoot;
+  if (pathPolicy?.allowedPaths && pathPolicy.allowedPaths.length > 0) env.ZOB_ALLOWED_PATHS = pathPolicy.allowedPaths.join(",");
+  if (pathPolicy?.forbiddenPaths && pathPolicy.forbiddenPaths.length > 0) env.ZOB_FORBIDDEN_PATHS = pathPolicy.forbiddenPaths.join(",");
+  if (pathPolicy?.sandboxRoot) env.ZOB_SANDBOX_ROOT = pathPolicy.sandboxRoot;
+  return env;
+}
+export { formatContractTemplate, loadDamageRules };