zob-harness 0.2.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.pi/capabilities/zob-public-runtime-capabilities.json +4 -4
- package/.pi/extensions/zob-child-safety/AGENTS.md +12 -0
- package/.pi/extensions/zob-child-safety/index.ts +4 -105
- package/.pi/extensions/zob-child-safety/src/AGENTS.md +10 -0
- package/.pi/extensions/zob-child-safety/src/policy.ts +106 -0
- package/.pi/extensions/zob-harness/AGENTS.md +2 -0
- package/.pi/extensions/zob-harness/index.ts +94 -94
- package/.pi/extensions/zob-harness/src/AGENTS.md +4 -0
- package/.pi/extensions/zob-harness/src/core/AGENTS.md +24 -0
- package/.pi/extensions/zob-harness/src/{constants.ts → core/constants.ts} +10 -1
- package/.pi/extensions/zob-harness/src/core/utils/AGENTS.md +23 -0
- package/.pi/extensions/zob-harness/src/{utils → core/utils}/formatting.ts +1 -1
- package/.pi/extensions/zob-harness/src/{utils → core/utils}/records.ts +1 -1
- package/.pi/extensions/zob-harness/src/{utils → core/utils}/resources.ts +1 -1
- package/.pi/extensions/zob-harness/src/domains/AGENTS.md +23 -0
- package/.pi/extensions/zob-harness/src/domains/autonomy/AGENTS.md +21 -0
- package/.pi/extensions/zob-harness/src/{autonomous-runtime.ts → domains/autonomy/autonomous-runtime.ts} +22 -22
- package/.pi/extensions/zob-harness/src/{autonomy-readiness.ts → domains/autonomy/autonomy-readiness.ts} +18 -18
- package/.pi/extensions/zob-harness/src/{daemon-policy.ts → domains/autonomy/daemon-policy.ts} +6 -6
- package/.pi/extensions/zob-harness/src/{daemon-readiness.ts → domains/autonomy/daemon-readiness.ts} +7 -7
- package/.pi/extensions/zob-harness/src/{daemon-runtime.ts → domains/autonomy/daemon-runtime.ts} +2 -2
- package/.pi/extensions/zob-harness/src/{full-autonomy-test.ts → domains/autonomy/full-autonomy-test.ts} +4 -4
- package/.pi/extensions/zob-harness/src/{interactive-autonomy.ts → domains/autonomy/interactive-autonomy.ts} +2 -2
- package/.pi/extensions/zob-harness/src/{compute-profile.ts → domains/compute/compute-profile.ts} +3 -3
- package/.pi/extensions/zob-harness/src/{compute-workflow-shape.ts → domains/compute/compute-workflow-shape.ts} +3 -3
- package/.pi/extensions/zob-harness/src/domains/coms/AGENTS.md +21 -0
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/envelope.ts +2 -2
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/identity.ts +3 -3
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/ledger-bridge.ts +2 -2
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/local-transport.ts +1 -1
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/policy.ts +3 -3
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/presence.ts +1 -1
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/registry.ts +47 -4
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/response-capture.ts +1 -1
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/transcript-capture.ts +2 -2
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/zpeer-profile.ts +3 -3
- package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/zpeer.ts +35 -7
- package/.pi/extensions/zob-harness/src/{mission-control.ts → domains/coms/mission-control.ts} +12 -9
- package/.pi/extensions/zob-harness/src/{zagents.ts → domains/coms/zagents.ts} +86 -4
- package/.pi/extensions/zob-harness/src/domains/context/AGENTS.md +20 -0
- package/.pi/extensions/zob-harness/src/{context-gbrain.ts → domains/context/context-gbrain.ts} +4 -4
- package/.pi/extensions/zob-harness/src/domains/delegation/AGENTS.md +21 -0
- package/.pi/extensions/zob-harness/src/{agents.ts → domains/delegation/agents.ts} +2 -2
- package/.pi/extensions/zob-harness/src/{capabilities.ts → domains/delegation/capabilities.ts} +6 -6
- package/.pi/extensions/zob-harness/src/{child-runner.ts → domains/delegation/child-runner.ts} +8 -8
- package/.pi/extensions/zob-harness/src/{output-contracts.ts → domains/delegation/output-contracts.ts} +1 -1
- package/.pi/extensions/zob-harness/src/{prompt-packs.ts → domains/delegation/prompt-packs.ts} +4 -4
- package/.pi/extensions/zob-harness/src/domains/factory/AGENTS.md +21 -0
- package/.pi/extensions/zob-harness/src/{factory → domains/factory}/agentic-plan.ts +1 -1
- package/.pi/extensions/zob-harness/src/{factory-selector.ts → domains/factory/factory-selector.ts} +4 -4
- package/.pi/extensions/zob-harness/src/{factory → domains/factory}/quarantine.ts +5 -5
- package/.pi/extensions/zob-harness/src/{factory → domains/factory}/run.ts +5 -5
- package/.pi/extensions/zob-harness/src/{factory → domains/factory}/validation.ts +10 -10
- package/.pi/extensions/zob-harness/src/domains/git/AGENTS.md +20 -0
- package/.pi/extensions/zob-harness/src/{git-ops.ts → domains/git/git-ops.ts} +3 -3
- package/.pi/extensions/zob-harness/src/domains/goal/AGENTS.md +22 -0
- package/.pi/extensions/zob-harness/src/{goal-room.ts → domains/goal/goal-room.ts} +7 -7
- package/.pi/extensions/zob-harness/src/{goal-todo-imports.ts → domains/goal/goal-todo-imports.ts} +1 -1
- package/.pi/extensions/zob-harness/src/{goal-todo-types.ts → domains/goal/goal-todo-types.ts} +1 -1
- package/.pi/extensions/zob-harness/src/{goal-todos.ts → domains/goal/goal-todos.ts} +4 -4
- package/.pi/extensions/zob-harness/src/{goal.ts → domains/goal/goal.ts} +1 -1
- package/.pi/extensions/zob-harness/src/domains/governance/AGENTS.md +21 -0
- package/.pi/extensions/zob-harness/src/{budget-policy.ts → domains/governance/budget-policy.ts} +6 -6
- package/.pi/extensions/zob-harness/src/{governed-requests.ts → domains/governance/governed-requests.ts} +7 -7
- package/.pi/extensions/zob-harness/src/{launch-apply.ts → domains/governance/launch-apply.ts} +4 -4
- package/.pi/extensions/zob-harness/src/{merge-queue.ts → domains/governance/merge-queue.ts} +6 -6
- package/.pi/extensions/zob-harness/src/{rules.ts → domains/governance/rules.ts} +7 -7
- package/.pi/extensions/zob-harness/src/{safety.ts → domains/governance/safety.ts} +3 -3
- package/.pi/extensions/zob-harness/src/{sandbox.ts → domains/governance/sandbox.ts} +5 -5
- package/.pi/extensions/zob-harness/src/{worker-pool.ts → domains/governance/worker-pool.ts} +7 -7
- package/.pi/extensions/zob-harness/src/{workspace-claims.ts → domains/governance/workspace-claims.ts} +6 -6
- package/.pi/extensions/zob-harness/src/domains/models/AGENTS.md +20 -0
- package/.pi/extensions/zob-harness/src/{model-availability.ts → domains/models/model-availability.ts} +1 -1
- package/.pi/extensions/zob-harness/src/{model-routing.ts → domains/models/model-routing.ts} +6 -6
- package/.pi/extensions/zob-harness/src/domains/orchestration/AGENTS.md +21 -0
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/adaptive-delegation.ts +8 -8
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/adaptive-workflow.ts +4 -4
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/lead-plan.ts +5 -5
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/plan.ts +5 -5
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/room.ts +4 -4
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/run.ts +6 -6
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/supervised-readonly.ts +6 -6
- package/.pi/extensions/zob-harness/src/{orchestration → domains/orchestration}/widget-readers.ts +2 -2
- package/.pi/extensions/zob-harness/src/domains/project-dna/AGENTS.md +19 -0
- package/.pi/extensions/zob-harness/src/{project-dna.ts → domains/project-dna/project-dna.ts} +4 -4
- package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/candidate.ts +5 -5
- package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/coms.ts +3 -3
- package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/documentation.ts +4 -4
- package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/factory.ts +2 -2
- package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/temp-agent.ts +4 -4
- package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/write-lane.ts +3 -3
- package/.pi/extensions/zob-harness/src/domains/telemetry/AGENTS.md +19 -0
- package/.pi/extensions/zob-harness/src/{chronicle.ts → domains/telemetry/chronicle.ts} +3 -3
- package/.pi/extensions/zob-harness/src/{queue.ts → domains/telemetry/queue.ts} +7 -7
- package/.pi/extensions/zob-harness/src/{telemetry.ts → domains/telemetry/telemetry.ts} +4 -4
- package/.pi/extensions/zob-harness/src/{topology → domains/topology}/chains.ts +10 -10
- package/.pi/extensions/zob-harness/src/{topology → domains/topology}/coms.ts +3 -3
- package/.pi/extensions/zob-harness/src/{topology → domains/topology}/orchestration-profiles.ts +8 -8
- package/.pi/extensions/zob-harness/src/{topology → domains/topology}/teams.ts +8 -8
- package/.pi/extensions/zob-harness/src/runtime/adaptive-zmode.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/auto-compaction.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/commands.ts +51 -29
- package/.pi/extensions/zob-harness/src/runtime/compaction-policy.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/delegation-feed.ts +1 -1
- package/.pi/extensions/zob-harness/src/runtime/delegation-monitor.ts +1 -1
- package/.pi/extensions/zob-harness/src/runtime/events.ts +53 -37
- package/.pi/extensions/zob-harness/src/{goal-runtime.ts → runtime/goal-runtime.ts} +9 -9
- package/.pi/extensions/zob-harness/src/runtime/goal-todo-overlay.ts +1 -1
- package/.pi/extensions/zob-harness/src/runtime/plan-capture.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/state.ts +15 -13
- package/.pi/extensions/zob-harness/src/runtime/tools-autonomous.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/tools-compute.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-coms.ts +15 -12
- package/.pi/extensions/zob-harness/src/runtime/tools-context.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/tools-delegation.ts +13 -13
- package/.pi/extensions/zob-harness/src/runtime/tools-factory.ts +19 -19
- package/.pi/extensions/zob-harness/src/runtime/tools-goal-room.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-governed-requests.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-merge-queue.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-mission-control.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-orchestration.ts +9 -9
- package/.pi/extensions/zob-harness/src/runtime/tools-project-dna.ts +2 -2
- package/.pi/extensions/zob-harness/src/runtime/tools-worker-pool.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-workspace-claims.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/tools-zcommit.ts +3 -3
- package/.pi/extensions/zob-harness/src/runtime/widget.ts +27 -10
- package/.pi/extensions/zob-harness/src/runtime/zobHarness.ts +1 -1
- package/.pi/extensions/zob-harness/src/types.ts +2 -2
- package/.pi/extensions/zob-switch/AGENTS.md +9 -0
- package/.pi/extensions/zob-switch/index.ts +9 -121
- package/.pi/extensions/zob-switch/src/AGENTS.md +8 -0
- package/.pi/extensions/zob-switch/src/autocomplete.ts +12 -0
- package/.pi/extensions/zob-switch/src/paths.ts +8 -0
- package/.pi/extensions/zob-switch/src/settings.ts +25 -0
- package/.pi/extensions/zob-switch/src/snapshot.ts +34 -0
- package/.pi/extensions/zob-switch/src/state.ts +57 -0
- package/.pi/factories/agentic-spec-team/README.md +35 -0
- package/.pi/factories/agentic-spec-team/batch-manifest.json +11 -0
- package/.pi/factories/agentic-spec-team/example-agentic-spec-manifest.json +19 -0
- package/.pi/factories/agentic-spec-team/factory.json +98 -0
- package/.pi/factories/agentic-spec-team/pilot-manifest.json +11 -0
- package/.pi/factories/agentic-spec-team/schemas/final-report.schema.json +15 -0
- package/.pi/factories/agentic-spec-team/schemas/manifest.schema.json +14 -0
- package/.pi/factories/agentic-spec-team/schemas/question.schema.json +18 -0
- package/.pi/factories/agentic-spec-team/schemas/source-register.schema.json +11 -0
- package/.pi/factories/agentic-spec-team/schemas/traceability.schema.json +11 -0
- package/.pi/factories/agentic-spec-team/smoke-manifest.json +11 -0
- package/.pi/skills/zob-agentic-spec-team/SKILL.md +148 -0
- package/.pi/skills/zob-coms-safety/SKILL.md +13 -0
- package/.pi/skills/zob-coms-v2-live/SKILL.md +11 -0
- package/.pi/skills/zob-factory/SKILL.md +21 -0
- package/.pi/skills/zob-harness/SKILL.md +14 -0
- package/.pi/skills/zob-split-refactor/SKILL.md +1 -1
- package/.pi/skills/zob-zagent-creator/SKILL.md +266 -12
- package/.pi/zagents/agent-factory-pacman-chief.json +22 -0
- package/.pi/zagents/agent-factory-pacman-engine-builder.json +21 -0
- package/.pi/zagents/agent-factory-pacman-frontend-builder.json +21 -0
- package/.pi/zagents/agent-factory-pacman-game-architect.json +21 -0
- package/.pi/zagents/agent-factory-pacman-game-designer.json +21 -0
- package/.pi/zagents/agent-factory-pacman-qa-oracle.json +21 -0
- package/.pi/zagents/bdd-writer.json +20 -0
- package/.pi/zagents/data-profile-analyst.json +20 -0
- package/.pi/zagents/domain-modeler.json +20 -0
- package/.pi/zagents/planner-handoff-writer.json +20 -0
- package/.pi/zagents/prompts/agent-factory-pacman-chief.md +53 -0
- package/.pi/zagents/prompts/agent-factory-pacman-engine-builder.md +41 -0
- package/.pi/zagents/prompts/agent-factory-pacman-frontend-builder.md +40 -0
- package/.pi/zagents/prompts/agent-factory-pacman-game-architect.md +41 -0
- package/.pi/zagents/prompts/agent-factory-pacman-game-designer.md +43 -0
- package/.pi/zagents/prompts/agent-factory-pacman-qa-oracle.md +51 -0
- package/.pi/zagents/prompts/agentic-spec-run-role.md +30 -0
- package/.pi/zagents/source-intake-steward.json +20 -0
- package/.pi/zagents/spec-chief.json +21 -0
- package/.pi/zagents/spec-oracle.json +20 -0
- package/.pi/zagents/spec-writer.json +20 -0
- package/.pi/zagents/ux-flow-analyst.json +20 -0
- package/.pi/zteams/agent-factory-pacman-multiplayer-runtime.mjs +384 -0
- package/.pi/zteams/agent-factory-pacman-multiplayer.json +42 -0
- package/.pi/zteams/agent-factory-pacman-multiplayer.tmux.sh +256 -0
- package/.pi/zteams/agentic-spec-run.json +42 -0
- package/.pi/zteams/agentic-spec-run.tmux.sh +134 -0
- package/.pi/zteams/templates/agent-factory-pacman-chief-kickoff.template.md +71 -0
- package/.pi/zteams/templates/agent-factory-pacman-worker-kickoff.template.md +59 -0
- package/README.md +183 -110
- package/SOURCE_INDEX.md +5 -1
- package/examples/agent-factory-mission-control/AGENTS.md +10 -0
- package/examples/agent-factory-mission-control/README.md +17 -0
- package/examples/agent-factory-mission-control/apps/api/AGENTS.md +3 -0
- package/examples/agent-factory-mission-control/apps/dashboard/AGENTS.md +3 -0
- package/examples/agent-factory-mission-control/mission.md +3 -0
- package/examples/agent-factory-mission-control/output-contract.md +3 -0
- package/examples/agent-factory-mission-control/packages/domain/AGENTS.md +3 -0
- package/examples/agent-factory-mission-control/packages/snapshot-reader/AGENTS.md +3 -0
- package/examples/agent-factory-pacman-multiplayer/AGENTS.md +27 -0
- package/examples/agent-factory-pacman-multiplayer/README.md +84 -0
- package/examples/agent-factory-pacman-multiplayer/mission.md +43 -0
- package/examples/agent-factory-pacman-multiplayer/output-contract.md +58 -0
- package/examples/agent-factory-tmux-comms/README.md +146 -0
- package/examples/agent-factory-tmux-comms/chief-kickoff.template.md +54 -0
- package/examples/agent-factory-tmux-comms/simple-agent-factory.team.json +92 -0
- package/examples/agent-factory-tmux-comms/simple-agent-factory.tmux.sh +248 -0
- package/examples/agent-factory-tmux-comms/worker-kickoff.template.md +43 -0
- package/package.json +17 -3
- package/scripts/README.md +1 -1
- package/scripts/agentic-spec-team/validate-bdd.mjs +13 -0
- package/scripts/agentic-spec-team/validate-final-report.mjs +14 -0
- package/scripts/agentic-spec-team/validate-manifest.mjs +14 -0
- package/scripts/agentic-spec-team/validate-oracle-ready.mjs +13 -0
- package/scripts/agentic-spec-team/validate-question-loop.mjs +15 -0
- package/scripts/agentic-spec-team/validate-run.mjs +11 -0
- package/scripts/agentic-spec-team/validate-source-register.mjs +17 -0
- package/scripts/agentic-spec-team/validate-traceability.mjs +20 -0
- package/scripts/agentic-spec-team/validate-workgraph.mjs +13 -0
- package/scripts/autonomy/mission-readiness-secret-smoke.mjs +5 -5
- package/scripts/git-ops/commit-policy-smoke.mjs +5 -4
- package/scripts/goal-todo/child-goal-ref-smoke.mjs +2 -2
- package/scripts/path-policy/validate-smoke.mjs +3 -3
- package/scripts/project-dna/AGENTS.md +39 -0
- package/scripts/project-dna/{validate-scaffold.mjs → validation/validate-scaffold.mjs} +7 -7
- package/scripts/spec-run.mjs +365 -0
- package/scripts/worker-pool/static-smoke.mjs +5 -5
- package/scripts/zagent-static-smoke.mjs +35 -6
- package/scripts/zpeer-local-e2e-smoke.mjs +12 -5
- package/scripts/zpeer-static-smoke.mjs +17 -17
- /package/.pi/extensions/zob-harness/src/{types → core/types}/core.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{utils → core/utils}/hashing.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{utils → core/utils}/json.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{utils → core/utils}/paths.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/AGENTS.md +0 -0
- /package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/pending-replies.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{coms-v2 → domains/coms/coms-v2}/types.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/ledger.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/types.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{promotion → domains/promotion}/validate.ts +0 -0
- /package/.pi/extensions/zob-harness/src/{schemas-project-dna.ts → runtime/schemas-project-dna.ts} +0 -0
- /package/.pi/extensions/zob-harness/src/{schemas.ts → runtime/schemas.ts} +0 -0
- /package/scripts/project-dna/{bench-smoke.mjs → benchmark/bench-smoke.mjs} +0 -0
- /package/scripts/project-dna/{build-capsules.mjs → capsules/build-capsules.mjs} +0 -0
- /package/scripts/project-dna/{emit-golden-cases.mjs → emit/emit-golden-cases.mjs} +0 -0
- /package/scripts/project-dna/{emit-ontology.mjs → emit/emit-ontology.mjs} +0 -0
- /package/scripts/project-dna/{oracle-review-smoke.mjs → oracle/oracle-review-smoke.mjs} +0 -0
- /package/scripts/project-dna/{query-context.mjs → query/query-context.mjs} +0 -0
- /package/scripts/project-dna/{query-steward.mjs → query/query-steward.mjs} +0 -0
- /package/scripts/project-dna/{build-sample-spec.mjs → sample/build-sample-spec.mjs} +0 -0
- /package/scripts/project-dna/{generate-sample.mjs → sample/generate-sample.mjs} +0 -0
- /package/scripts/project-dna/{validate-sample-project.mjs → sample/validate-sample-project.mjs} +0 -0
- /package/scripts/project-dna/{scan.mjs → scan/scan.mjs} +0 -0
- /package/scripts/project-dna/{validate-scan-artifacts.mjs → scan/validate-scan-artifacts.mjs} +0 -0
- /package/scripts/project-dna/{validate-5of5.mjs → validation/validate-5of5.mjs} +0 -0
- /package/scripts/project-dna/{validate-golden-cases.mjs → validation/validate-golden-cases.mjs} +0 -0
- /package/scripts/project-dna/{validate-ontology.mjs → validation/validate-ontology.mjs} +0 -0
- /package/scripts/project-dna/{plan-workflow.mjs → workflow/plan-workflow.mjs} +0 -0
- /package/scripts/project-dna/{validate-workflow.mjs → workflow/validate-workflow.mjs} +0 -0
|
@@ -1374,7 +1374,7 @@
|
|
|
1374
1374
|
],
|
|
1375
1375
|
"docRefs": [
|
|
1376
1376
|
".pi/git-policy.json",
|
|
1377
|
-
".pi/extensions/zob-harness/src/git-ops.ts",
|
|
1377
|
+
".pi/extensions/zob-harness/src/domains/git/git-ops.ts",
|
|
1378
1378
|
".pi/extensions/zob-harness/src/runtime/tools-zcommit.ts"
|
|
1379
1379
|
],
|
|
1380
1380
|
"noShipNotes": "Agent-executable governed zcommit tool for plan|commit|push|commit_and_push. Use when the user explicitly asks the agent to commit/push so the agent does not ask the user to paste /zcommit commands. It reuses the /zcommit engine, supports session_modified/pathspecs/all_safe_dirty scopes, stores body-free ledgers, stages only selected paths via git add --, excludes runtime/secrets/vendor/build paths, and never uses direct git commit/push/tag or git add ./-A/--all."
|
|
@@ -1424,7 +1424,7 @@
|
|
|
1424
1424
|
"docRefs": [
|
|
1425
1425
|
"AGENTS.md",
|
|
1426
1426
|
".pi/extensions/zob-harness/src/runtime/commands.ts",
|
|
1427
|
-
".pi/extensions/zob-harness/src/goal-runtime.ts"
|
|
1427
|
+
".pi/extensions/zob-harness/src/runtime/goal-runtime.ts"
|
|
1428
1428
|
],
|
|
1429
1429
|
"noShipNotes": "Session-local stop command only: aborts foreground work through ctx.abort when busy, aborts active background delegate_task controllers, stops supervised daemon loop, pauses runtime-goal auto-continuation, and appends body-free/hash-only telemetry. It must not shutdown Pi, kill arbitrary processes, or count append-only refs as delivery success."
|
|
1430
1430
|
},
|
|
@@ -1499,7 +1499,7 @@
|
|
|
1499
1499
|
],
|
|
1500
1500
|
"docRefs": [
|
|
1501
1501
|
".pi/git-policy.json",
|
|
1502
|
-
".pi/extensions/zob-harness/src/git-ops.ts",
|
|
1502
|
+
".pi/extensions/zob-harness/src/domains/git/git-ops.ts",
|
|
1503
1503
|
".pi/extensions/zob-harness/src/runtime/commands.ts"
|
|
1504
1504
|
],
|
|
1505
1505
|
"noShipNotes": "Easy governed explicit-only /zcommit status [paths/globs...]|plan [paths/globs...]|adopt <paths...>|commit [paths/globs...]|push|autocommit on|off|autopush on|off. No aliases. Normal mode selects safe dirty workspace files after forbidden-path filtering, or an explicit safe subset by repo-relative file/directory/glob pathspecs. Adopt remains metadata-only for legacy/strict ownership hints and never stages. Commit uses explicit git add -- selected paths only, never git add . or -A; forbidden staged paths block, forbidden unstaged paths are excluded, advisory validation is recorded in the Conventional Commit body, and push is limited to last /zcommit-created HEAD via allowed remote/branch without force/tags/push-all."
|
|
@@ -1711,7 +1711,7 @@
|
|
|
1711
1711
|
"docRefs": [
|
|
1712
1712
|
"AGENTS.md",
|
|
1713
1713
|
".pi/autonomy-policy.json",
|
|
1714
|
-
".pi/extensions/zob-harness/src/daemon-runtime.ts",
|
|
1714
|
+
".pi/extensions/zob-harness/src/domains/autonomy/daemon-runtime.ts",
|
|
1715
1715
|
".pi/extensions/zob-harness/src/runtime/commands.ts"
|
|
1716
1716
|
],
|
|
1717
1717
|
"noShipNotes": "Sets interactive autonomy policy only: open/controlled/adaptive/status/stop plus daemon status|plan-tick|tick|start|stop. Daemon subcommands are scoped to the active goal, session-local, plan-only, bounded when started, no autostart/no cron/no global loop, and no global autonomy or production readiness claim; launch authorization remains in-scope and safety-gated with no secrets, destructive commands, or production apply."
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# zob-child-safety extension guardrails
|
|
2
|
+
|
|
3
|
+
This folder is safety-critical. Changes here must be split-only unless the owner explicitly approves behavior changes.
|
|
4
|
+
|
|
5
|
+
- Preserve the Pi entrypoint in `index.ts` and keep the default export stable.
|
|
6
|
+
- Do not change event names, registration order, safety messages, default rules, path policy, env parsing, or sync/async behavior.
|
|
7
|
+
- Preserve public exports from `index.ts`.
|
|
8
|
+
- Use NodeNext relative imports with `.js` suffix.
|
|
9
|
+
- Prefer `import type` for type-only imports.
|
|
10
|
+
- Do not import from `index.ts` inside `src/**`.
|
|
11
|
+
- Do not read or write secrets, generated output, logs, sessions, or temp ledgers.
|
|
12
|
+
- Validate with `npm run check -- --pretty false`, `npm run smoke:path-policy`, and `npm run smoke:harness` after edits.
|
|
@@ -1,99 +1,11 @@
|
|
|
1
1
|
import { existsSync, readFileSync } from "node:fs";
|
|
2
|
-
import {
|
|
3
|
-
import { join, resolve } from "node:path";
|
|
2
|
+
import { join } from "node:path";
|
|
4
3
|
import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
|
|
5
4
|
import { isToolCallEventType } from "@earendil-works/pi-coding-agent";
|
|
5
|
+
import { DEFAULT_RULES, blockedFeedback, parsePathListEnv, pathMatches, validateRuntimeWritePolicy } from "./src/policy.js";
|
|
6
|
+
import type { DamageRules } from "./src/policy.js";
|
|
6
7
|
|
|
7
|
-
|
|
8
|
-
pattern: string;
|
|
9
|
-
reason: string;
|
|
10
|
-
ask?: boolean;
|
|
11
|
-
}
|
|
12
|
-
|
|
13
|
-
interface DamageRules {
|
|
14
|
-
bashToolPatterns: DamageRule[];
|
|
15
|
-
zeroAccessPaths: string[];
|
|
16
|
-
readOnlyPaths: string[];
|
|
17
|
-
noDeletePaths: string[];
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
const DEFAULT_RULES: DamageRules = {
|
|
21
|
-
bashToolPatterns: [
|
|
22
|
-
{ pattern: "\\brm\\s+(-rf?|--recursive)", reason: "recursive deletion" },
|
|
23
|
-
{ pattern: "\\bgit\\s+reset\\s+--hard\\b", reason: "destructive git reset" },
|
|
24
|
-
{ pattern: "\\bgit\\s+clean\\s+-", reason: "destructive git clean" },
|
|
25
|
-
{ pattern: "\\bgit\\s+add\\s+(-A|\\.)", reason: "bulk git staging" },
|
|
26
|
-
{ pattern: "\\bsudo\\b", reason: "privileged command" },
|
|
27
|
-
],
|
|
28
|
-
zeroAccessPaths: [".env", ".env.*", "~/.ssh", "~/.aws", "*.pem", "*.key"],
|
|
29
|
-
readOnlyPaths: [".git/", "node_modules/", "dist/", "build/", "package-lock.json", "pnpm-lock.yaml", "bun.lock"],
|
|
30
|
-
noDeletePaths: [".git/", "AGENTS.md", "README.md", ".pi/"],
|
|
31
|
-
};
|
|
32
|
-
|
|
33
|
-
function expandHome(input: string): string {
|
|
34
|
-
if (input === "~") return homedir();
|
|
35
|
-
if (input.startsWith("~/")) return join(homedir(), input.slice(2));
|
|
36
|
-
return input;
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
function wildcardToRegex(pattern: string): RegExp {
|
|
40
|
-
const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
|
|
41
|
-
return new RegExp(`(^|/)${escaped}($|/)`);
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
export function pathMatches(targetPath: string, pattern: string, cwd: string, policyRoot = cwd): boolean {
|
|
45
|
-
const expanded = expandHome(pattern);
|
|
46
|
-
const root = resolve(policyRoot);
|
|
47
|
-
const normalizedTarget = resolve(cwd, expandHome(targetPath));
|
|
48
|
-
const relativeTarget = normalizedTarget.startsWith(root) ? normalizedTarget.slice(root.length + 1) : normalizedTarget;
|
|
49
|
-
if (expanded.endsWith("/")) {
|
|
50
|
-
const prefix = resolve(root, expanded.slice(0, -1));
|
|
51
|
-
return normalizedTarget === prefix || normalizedTarget.startsWith(`${prefix}/`) || relativeTarget.startsWith(expanded);
|
|
52
|
-
}
|
|
53
|
-
const regex = wildcardToRegex(expanded);
|
|
54
|
-
return regex.test(normalizedTarget) || regex.test(relativeTarget) || relativeTarget.includes(expanded);
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
export function parsePathListEnv(value: string | undefined): string[] {
|
|
58
|
-
if (!value) return [];
|
|
59
|
-
return value
|
|
60
|
-
.split(/[,:\n]/)
|
|
61
|
-
.map((item) => item.trim())
|
|
62
|
-
.filter(Boolean);
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
export function validateRuntimeWritePolicy(input: {
|
|
66
|
-
targetPath: string;
|
|
67
|
-
cwd: string;
|
|
68
|
-
policyRoot?: string;
|
|
69
|
-
allowedPaths?: string[];
|
|
70
|
-
forbiddenPaths?: string[];
|
|
71
|
-
zeroAccessPaths?: string[];
|
|
72
|
-
readOnlyPaths?: string[];
|
|
73
|
-
sandboxRoot?: string;
|
|
74
|
-
}): { allowed: boolean; violations: string[] } {
|
|
75
|
-
const policyRoot = input.policyRoot ?? input.cwd;
|
|
76
|
-
const violations: string[] = [];
|
|
77
|
-
for (const protectedPattern of input.zeroAccessPaths ?? []) {
|
|
78
|
-
if (pathMatches(input.targetPath, protectedPattern, input.cwd, policyRoot)) violations.push(`zero-access path: ${protectedPattern}`);
|
|
79
|
-
}
|
|
80
|
-
for (const forbiddenPattern of input.forbiddenPaths ?? []) {
|
|
81
|
-
if (pathMatches(input.targetPath, forbiddenPattern, input.cwd, policyRoot)) violations.push(`forbidden path: ${forbiddenPattern}`);
|
|
82
|
-
}
|
|
83
|
-
for (const readOnlyPattern of input.readOnlyPaths ?? []) {
|
|
84
|
-
if (pathMatches(input.targetPath, readOnlyPattern, input.cwd, policyRoot)) violations.push(`read-only path: ${readOnlyPattern}`);
|
|
85
|
-
}
|
|
86
|
-
const allowedPaths = input.allowedPaths ?? [];
|
|
87
|
-
if (allowedPaths.length > 0 && !allowedPaths.some((allowedPath) => pathMatches(input.targetPath, allowedPath, input.cwd, policyRoot))) {
|
|
88
|
-
violations.push(`outside allowed_paths: ${allowedPaths.join(", ")}`);
|
|
89
|
-
}
|
|
90
|
-
if (input.sandboxRoot) {
|
|
91
|
-
const sandboxRoot = resolve(policyRoot, expandHome(input.sandboxRoot));
|
|
92
|
-
const target = resolve(input.cwd, expandHome(input.targetPath));
|
|
93
|
-
if (target !== sandboxRoot && !target.startsWith(`${sandboxRoot}/`)) violations.push(`outside sandbox root: ${input.sandboxRoot}`);
|
|
94
|
-
}
|
|
95
|
-
return { allowed: violations.length === 0, violations };
|
|
96
|
-
}
|
|
8
|
+
export { pathMatches, parsePathListEnv, validateRuntimeWritePolicy } from "./src/policy.js";
|
|
97
9
|
|
|
98
10
|
function loadDamageRules(cwd: string): DamageRules {
|
|
99
11
|
const root = process.env.ZOB_HARNESS_ROOT || cwd;
|
|
@@ -112,19 +24,6 @@ function loadDamageRules(cwd: string): DamageRules {
|
|
|
112
24
|
}
|
|
113
25
|
}
|
|
114
26
|
|
|
115
|
-
function blockedFeedback(toolName: string, reason: string, attempted: string): string {
|
|
116
|
-
return [
|
|
117
|
-
`ZOB child safety blocked ${toolName}: ${reason}`,
|
|
118
|
-
"",
|
|
119
|
-
`Attempted: ${attempted}`,
|
|
120
|
-
"",
|
|
121
|
-
"Continue safely:",
|
|
122
|
-
"- Do not retry the same blocked call.",
|
|
123
|
-
"- If a secret or destructive operation is required, stop and ask the parent/user for explicit approval.",
|
|
124
|
-
"- Produce a safe partial result with evidence and blockers instead.",
|
|
125
|
-
].join("\n");
|
|
126
|
-
}
|
|
127
|
-
|
|
128
27
|
export default function zobChildSafety(pi: ExtensionAPI): void {
|
|
129
28
|
let rules: DamageRules = DEFAULT_RULES;
|
|
130
29
|
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# zob-child-safety src guardrails
|
|
2
|
+
|
|
3
|
+
Modules in this folder are split-only support modules for the safety-critical child safety extension.
|
|
4
|
+
|
|
5
|
+
- Move helpers/types/policy/path code only; do not rewrite logic or optimize behavior.
|
|
6
|
+
- Never import from `../index.ts` or `../index.js`.
|
|
7
|
+
- Keep imports NodeNext-compatible with `.js` suffix for relative runtime imports.
|
|
8
|
+
- Prefer `import type` for type-only imports.
|
|
9
|
+
- Do not change blocked messages, default rules, path matching, env parsing, validation ordering, or return shapes.
|
|
10
|
+
- Keep safety helpers deterministic and side-effect-free unless an existing side effect is explicitly being moved unchanged.
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
import { homedir } from "node:os";
|
|
2
|
+
import { join, resolve } from "node:path";
|
|
3
|
+
|
|
4
|
+
export interface DamageRule {
|
|
5
|
+
pattern: string;
|
|
6
|
+
reason: string;
|
|
7
|
+
ask?: boolean;
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
export interface DamageRules {
|
|
11
|
+
bashToolPatterns: DamageRule[];
|
|
12
|
+
zeroAccessPaths: string[];
|
|
13
|
+
readOnlyPaths: string[];
|
|
14
|
+
noDeletePaths: string[];
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
export const DEFAULT_RULES: DamageRules = {
|
|
18
|
+
bashToolPatterns: [
|
|
19
|
+
{ pattern: "\\brm\\s+(-rf?|--recursive)", reason: "recursive deletion" },
|
|
20
|
+
{ pattern: "\\bgit\\s+reset\\s+--hard\\b", reason: "destructive git reset" },
|
|
21
|
+
{ pattern: "\\bgit\\s+clean\\s+-", reason: "destructive git clean" },
|
|
22
|
+
{ pattern: "\\bgit\\s+add\\s+(-A|\\.)", reason: "bulk git staging" },
|
|
23
|
+
{ pattern: "\\bsudo\\b", reason: "privileged command" },
|
|
24
|
+
],
|
|
25
|
+
zeroAccessPaths: [".env", ".env.*", "~/.ssh", "~/.aws", "*.pem", "*.key"],
|
|
26
|
+
readOnlyPaths: [".git/", "node_modules/", "dist/", "build/", "package-lock.json", "pnpm-lock.yaml", "bun.lock"],
|
|
27
|
+
noDeletePaths: [".git/", "AGENTS.md", "README.md", ".pi/"],
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
function expandHome(input: string): string {
|
|
31
|
+
if (input === "~") return homedir();
|
|
32
|
+
if (input.startsWith("~/")) return join(homedir(), input.slice(2));
|
|
33
|
+
return input;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
function wildcardToRegex(pattern: string): RegExp {
|
|
37
|
+
const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
|
|
38
|
+
return new RegExp(`(^|/)${escaped}($|/)`);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
export function pathMatches(targetPath: string, pattern: string, cwd: string, policyRoot = cwd): boolean {
|
|
42
|
+
const expanded = expandHome(pattern);
|
|
43
|
+
const root = resolve(policyRoot);
|
|
44
|
+
const normalizedTarget = resolve(cwd, expandHome(targetPath));
|
|
45
|
+
const relativeTarget = normalizedTarget.startsWith(root) ? normalizedTarget.slice(root.length + 1) : normalizedTarget;
|
|
46
|
+
if (expanded.endsWith("/")) {
|
|
47
|
+
const prefix = resolve(root, expanded.slice(0, -1));
|
|
48
|
+
return normalizedTarget === prefix || normalizedTarget.startsWith(`${prefix}/`) || relativeTarget.startsWith(expanded);
|
|
49
|
+
}
|
|
50
|
+
const regex = wildcardToRegex(expanded);
|
|
51
|
+
return regex.test(normalizedTarget) || regex.test(relativeTarget) || relativeTarget.includes(expanded);
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
export function parsePathListEnv(value: string | undefined): string[] {
|
|
55
|
+
if (!value) return [];
|
|
56
|
+
return value
|
|
57
|
+
.split(/[,:\n]/)
|
|
58
|
+
.map((item) => item.trim())
|
|
59
|
+
.filter(Boolean);
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
export function validateRuntimeWritePolicy(input: {
|
|
63
|
+
targetPath: string;
|
|
64
|
+
cwd: string;
|
|
65
|
+
policyRoot?: string;
|
|
66
|
+
allowedPaths?: string[];
|
|
67
|
+
forbiddenPaths?: string[];
|
|
68
|
+
zeroAccessPaths?: string[];
|
|
69
|
+
readOnlyPaths?: string[];
|
|
70
|
+
sandboxRoot?: string;
|
|
71
|
+
}): { allowed: boolean; violations: string[] } {
|
|
72
|
+
const policyRoot = input.policyRoot ?? input.cwd;
|
|
73
|
+
const violations: string[] = [];
|
|
74
|
+
for (const protectedPattern of input.zeroAccessPaths ?? []) {
|
|
75
|
+
if (pathMatches(input.targetPath, protectedPattern, input.cwd, policyRoot)) violations.push(`zero-access path: ${protectedPattern}`);
|
|
76
|
+
}
|
|
77
|
+
for (const forbiddenPattern of input.forbiddenPaths ?? []) {
|
|
78
|
+
if (pathMatches(input.targetPath, forbiddenPattern, input.cwd, policyRoot)) violations.push(`forbidden path: ${forbiddenPattern}`);
|
|
79
|
+
}
|
|
80
|
+
for (const readOnlyPattern of input.readOnlyPaths ?? []) {
|
|
81
|
+
if (pathMatches(input.targetPath, readOnlyPattern, input.cwd, policyRoot)) violations.push(`read-only path: ${readOnlyPattern}`);
|
|
82
|
+
}
|
|
83
|
+
const allowedPaths = input.allowedPaths ?? [];
|
|
84
|
+
if (allowedPaths.length > 0 && !allowedPaths.some((allowedPath) => pathMatches(input.targetPath, allowedPath, input.cwd, policyRoot))) {
|
|
85
|
+
violations.push(`outside allowed_paths: ${allowedPaths.join(", ")}`);
|
|
86
|
+
}
|
|
87
|
+
if (input.sandboxRoot) {
|
|
88
|
+
const sandboxRoot = resolve(policyRoot, expandHome(input.sandboxRoot));
|
|
89
|
+
const target = resolve(input.cwd, expandHome(input.targetPath));
|
|
90
|
+
if (target !== sandboxRoot && !target.startsWith(`${sandboxRoot}/`)) violations.push(`outside sandbox root: ${input.sandboxRoot}`);
|
|
91
|
+
}
|
|
92
|
+
return { allowed: violations.length === 0, violations };
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
export function blockedFeedback(toolName: string, reason: string, attempted: string): string {
|
|
96
|
+
return [
|
|
97
|
+
`ZOB child safety blocked ${toolName}: ${reason}`,
|
|
98
|
+
"",
|
|
99
|
+
`Attempted: ${attempted}`,
|
|
100
|
+
"",
|
|
101
|
+
"Continue safely:",
|
|
102
|
+
"- Do not retry the same blocked call.",
|
|
103
|
+
"- If a secret or destructive operation is required, stop and ask the parent/user for explicit approval.",
|
|
104
|
+
"- Produce a safe partial result with evidence and blockers instead.",
|
|
105
|
+
].join("\n");
|
|
106
|
+
}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
- Ce dossier contient l'extension Pi `zob-harness`, son entrypoint `index.ts` et les modules sidecar du refactor split-only.
|
|
4
4
|
- `index.ts` reste l'entrypoint Pi déclaré dans `package.json` jusqu'à approval explicite d'une bascule finale.
|
|
5
5
|
- Les sous-dossiers `src/**` contiennent uniquement de la logique extraite ou du contexte local; ils ne remplacent pas l'entrypoint sans review.
|
|
6
|
+
- L'architecture cible et les consignes de refactor sont documentées dans `docs/ZOB_HARNESS_ARCHITECTURE.md` et les `AGENTS.md` locaux.
|
|
6
7
|
|
|
7
8
|
# Invariants
|
|
8
9
|
|
|
@@ -19,6 +20,7 @@
|
|
|
19
20
|
- `index.ts` peut rester hybride pendant la migration.
|
|
20
21
|
- Aucun fichier `src/**` ne doit importer depuis `index.ts`.
|
|
21
22
|
- Préférer `import type` pour les types.
|
|
23
|
+
- Direction cible des dépendances: `runtime -> domains -> core`; jamais `core -> domains/runtime`.
|
|
22
24
|
|
|
23
25
|
# Validation locale
|
|
24
26
|
|