Release v0.1.9

.github/PULL_REQUEST_TEMPLATE.md

@@ -19,7 +19,7 @@
 
 The boundary checker enforces these. Confirm none are violated:
 
-- [ ] **Engine boundary.** Only `src/engine/**` value-imports `@mariozechner/pi-*`.
+- [ ] **Engine boundary.** Only `src/engine/**` value-imports `@earendil-works/pi-*`.
 - [ ] **Worker isolation.** `src/worker/**` does not import `src/domains/**` except `src/domains/providers`.
 - [ ] **Domain independence.** No `src/domains/<x>/**` imports another domain's `extension.ts`. Cross-domain traffic flows through `SafeEventBus`.
 

.github/workflows/ci.yml

@@ -26,9 +26,9 @@ jobs:
         with:
           node-version: 24
           cache: npm
-      - name: Install fd-find
+      - name: Install fd-find and ripgrep
         run: |
           sudo apt-get update -qq
-          sudo apt-get install -y --no-install-recommends fd-find
+          sudo apt-get install -y --no-install-recommends fd-find ripgrep
       - run: npm ci --prefer-offline --no-audit --no-fund
       - run: npm run ci

.gitignore

@@ -18,7 +18,6 @@ scripts/orch/
 NEXT-SESSION.md
 CODEX.md
 CLAUDE.md
-CLIO-dev.md
 
 # Dev-time scratch area: planning files, debugging notes, sprint plans, reports. Never shipped.
 docs/.superpowers/

CHANGELOG.md

@@ -3,7 +3,92 @@
 All notable changes to Clio Coder are tracked here. Format loosely follows
 Keep a Changelog.
 
-## Unreleased
+## 0.1.9 - 2026-05-17
+
+Clio Coder 0.1.9 is a broad hardening release on top of the v0.1.6
+non-interactive CLI baseline and the v0.1.7/v0.1.8 safety and approval work.
+It makes fleet dispatch a first-class agent primitive, removes the retired
+internal dev harness, tightens local OpenAI-compatible model handling,
+adds frontend validation without shell access, and hardens the interactive TUI
+around active-run follow-ups and cancellation.
+
+### Added
+
+- Added `dispatch` as a first-class tool for bounded fleet-agent handoffs. The
+  orchestrator prompt now includes the Agent Fleet catalog, unnamed dispatches
+  default to `implementer`, and duplicate dispatch requests are guarded before
+  they can loop.
+- Added `validate_frontend`, a typed execution tool for frontend artifacts. It
+  validates `.html`, `.htm`, `.css`, `.js`, `.mjs`, and `.cjs` files under the
+  workspace root; checks HTML tag structure, local script/style references,
+  JavaScript syntax, CSS balance, and optional headless browser loading.
+- Added a local model runtime-capabilities resolver that classifies real mini
+  model families, thinking mechanisms, supported levels, effective coercion,
+  request payload fields, and response parsers from one shared source.
+- Added GPT-OSS/Harmony response parsing for raw llama.cpp chat-template frames
+  and request synthesis for Harmony `reasoning_effort`.
+- Added finish-contract evidence for successful typed validation tools,
+  including `run_tests`, `run_lint`, `run_build`, standard `package_script`
+  validation scripts, `validate_frontend`, dispatch receipts, and protected
+  artifact records.
+- Added active-run TUI coverage for plain follow-up queuing and `Esc`
+  cancellation.
+- Added tests for local model capability resolution, UI thinking surfaces,
+  footer/dashboard effective thinking display, Harmony payload construction,
+  streamed reasoning accounting, constrained Harmony JSON responses, dispatch
+  tool behavior, frontend validation, finish-contract evidence, and active-run
+  TUI control.
+
+### Changed
+
+- `/thinking`, `/settings`, the welcome dashboard, footer, hot model switching,
+  prompt runtime block, and fleet-agent selection now display/use the
+  effective thinking level after model-specific coercion instead of raw
+  configured settings.
+- Local OpenAI-compatible targets now preserve server-owned sampler defaults;
+  Clio records and passes only the model-family fields it owns.
+- Fleet dispatch now requires explicit allowed tool profiles and carries the
+  resolved effective thinking state through the internal worker spec.
+- Built-in implementer-style agents are prompted to inspect changed frontend
+  artifacts and run `validate_frontend` before claiming HTML/CSS/JS work is
+  complete.
+- `clio run`, `clio targets`, prompt text, receipts, and README-facing copy now
+  use fleet/agent terminology. The legacy `workers` settings key remains for
+  compatibility with existing config files.
+- Print mode now preserves the last valid assistant answer when a later
+  diagnostic assistant message is emitted, instead of replacing the answer with
+  advisory text.
+- Eval harness metrics now count validation evidence only for successful,
+  non-timed-out verifier commands.
+- Public component inventory now includes the frontend validator as a
+  hot-reloadable enforcing tool implementation.
+
+### Fixed
+
+- Fixed GPT-OSS/Harmony constrained JSON frames such as
+  `<|channel|>final <|constrain|>json<|message|>{...}` being routed as hidden
+  thinking or surfaced as parser errors instead of visible assistant text.
+- Fixed stale GPT-OSS/Harmony marker leakage from local OpenAI-compatible
+  streamed output.
+- Fixed prior assistant thinking blocks being replayed upstream on later
+  OpenAI-compatible turns.
+- Fixed OpenAI Codex file-tool schema aliases so file/path arguments serialize
+  through the expected schema shape.
+- Fixed active-run TUI behavior where follow-up text and cancellation could
+  leave the operator without a clear queued-turn or cancelled-run signal.
+- Fixed frontend completion claims being able to pass the advisory finish
+  contract without a meaningful artifact validation path.
+- Fixed duplicate local-model capability and thinking coercion paths that could
+  make UI display, prompt runtime text, and payload construction disagree.
+
+### Removed
+
+- Removed the retired internal dev harness and associated prompt fragments,
+  tests, and diagnostic scaffolding.
+- Removed user-facing `--dev` mode and internal dev prompt surfaces from
+  the CLI/TUI runtime.
+- Removed stale local-model helper paths that duplicated provider capability
+  resolution.
 
 ## 0.1.8 - 2026-05-11
 
@@ -376,9 +461,8 @@ receipts, and audit JSONL written by v0.1.3 remain readable.
 
 ### Added — middleware
 
-- A pure middleware domain ships with declarative built-in rule
-  metadata and a deterministic no-op hook runner for future policy
-  wiring. Eleven hooks (`before_model`, `after_model`, `before_tool`,
+- A pure middleware domain ships with a deterministic hook runner for
+  future policy wiring. Eleven hooks (`before_model`, `after_model`, `before_tool`,
   `after_tool`, `before_finish`, `after_finish`, `on_blocked_tool`,
   `on_retry`, `on_compaction`, `on_dispatch_start`,
   `on_dispatch_end`) and six effect kinds (`inject_reminder`,
@@ -450,15 +534,8 @@ receipts, and audit JSONL written by v0.1.3 remain readable.
 ### Added — scientific-validation
 
 - A scientific-validation pack ships as a docs/spec at
-  `docs/specs/scientific-validation.md` plus three declarative
-  middleware rules in `src/domains/middleware/rules.ts`:
-  `science.no-existence-only-validation` reminds agents that file
-  existence does not validate scientific artifacts;
-  `science.preserve-checkpoints` marks validated checkpoint and
-  restart artifacts as protected against destructive cleanup; and
-  `science.unit-vs-scheduler-validation` distinguishes local unit
-  validation from scheduler-backed validation (`sbatch`, `srun`,
-  `qsub`, `flux run`).
+  `docs/specs/scientific-validation.md` plus the
+  `scientific-validator` agent recipe.
 - The spec covers the YAML validation contract format, supported
   artifact families (HDF5, NetCDF, Zarr, FITS, CSV, Parquet, VTK,
   ParaView output, Slurm output, MPI rank-sensitive tests, checkpoint
@@ -559,8 +636,8 @@ receipts, and audit JSONL written by v0.1.3 remain readable.
 - Tool registry middleware hooks enforce generic tool-surface
   effects: `block_tool` stops an admitted call before execution, and
   `annotate_tool_result` appends deterministic middleware
-  annotations to tool results. Built-in middleware remains no-op
-  until future policy domains produce effects.
+  annotations to tool results. The built-in middleware registry is
+  empty until rules have enforced behavior and tests.
 - Tool registry middleware hooks honor `protect_path` effects in
   in-memory protected-artifact state, pass validation command
   metadata to middleware, and block protected artifact writes or
@@ -602,7 +679,7 @@ receipts, and audit JSONL written by v0.1.3 remain readable.
 
 ### Notes
 
-- Pi SDK pin remains at `0.70.x` (current lock: `0.70.2`). Engine
+- Pi SDK pin remained on the previous package line. Engine
   boundary, worker isolation, and domain independence invariants
   unchanged.
 - Default safety mode remains `default`; `advise` and `super` modes
@@ -626,8 +703,8 @@ Polish release on top of v0.1.2. Four user-visible TUI improvements
 (live tool output, bash echo, Ctrl+T thinking, footer git branch),
 local-runtime hardening for LM Studio and Ollama, CLIO.md as the
 canonical project instruction file, identity alignment with IOWarp's
-CLIO ecosystem of agentic science, self-development mode hardening,
-two CI substrate fixes, and a clean-clone smoke job to catch
+CLIO ecosystem of agentic science, two CI substrate fixes, and a
+clean-clone smoke job to catch
 dev-env-only test passes before the next tag. No breaking changes.
 No settings migration required. Sessions, receipts, and audit JSONL
 written by v0.1.2 remain readable.
@@ -681,20 +758,6 @@ written by v0.1.2 remain readable.
   detected local targets, replacing the prior generic openai-compat
   path.
 
-### Added — self-development mode
-
-- `clio --dev` requires a project-level `CLIO-dev.md` rule pack to
-  activate. Resolution checks `<repoRoot>/CLIO-dev.md` first, then
-  `<clioConfigDir>/CLIO-dev.md` (the XDG fallback respects
-  `CLIO_HOME` and `CLIO_CONFIG_DIR` for dev sandboxing). Missing
-  files fail boot with an explanatory stderr message naming the
-  expected paths.
-- On activation against a protected branch (`main`, `master`,
-  `trunk`, or detached HEAD), `clio --dev` prompts for a slug and
-  runs `git switch -c selfdev/YYYY-MM-DD-<slug>` before any engine
-  write. Cancellation or git failure surfaces as exit 1 instead of
-  silently editing the protected branch.
-
 ### Changed — local runtimes
 
 - `lmstudio-native` evicts non-target loaded models before each
@@ -733,11 +796,9 @@ written by v0.1.2 remain readable.
 ### Changed — safety rule packs
 
 - `damage-control-rules.yaml` is restructured under schema v2 as a
-  named `packs[]` list (`base`, `dev`, `super`). Historic kill-
-  switches stay under `base` (always-on); the dev pack carries every
-  regex previously inlined in the bash guard. The bash guard reads
-  the dev pack only when self-dev mode is active, so the base pack
-  is the sole source of truth in normal operation.
+  named `packs[]` list. Historic kill-switches stay under `base`
+  and elevated rules stay under `super`, keeping normal operation on
+  the base pack alone.
 
 ### Changed — CI
 
@@ -753,10 +814,6 @@ written by v0.1.2 remain readable.
   from PATH instead of hardcoding `fd`. Fixes the autocomplete on CI
   and on Debian/Ubuntu users who installed the `fd-find` apt
   package.
-- `clio --dev` accepts `CLIO_DEV_ALLOW_PROTECTED_BRANCH=1` as a
-  boot-time opt-out for the protected-branch guard. Mirrors the
-  existing `CLIO_DEV_ALLOW_ENGINE_WRITES=1` pattern; the per-write
-  guard remains in force.
 - `clio doctor --json` returns `{ok, fix, findings}`; `clio targets
   --json` returns `{targets: [...]}`. Both are now stable JSON
   envelopes with room for forward-compatible top-level fields.
@@ -768,7 +825,7 @@ written by v0.1.2 remain readable.
 
 ### Notes
 
-- Pi SDK pin remains at `0.70.x` (current lock: `0.70.2`). Engine
+- Pi SDK pin remained on the previous package line. Engine
   boundary, worker isolation, and domain independence invariants
   unchanged.
 - Default safety mode remains `default`; `advise` and `super` modes
@@ -826,8 +883,8 @@ written by v0.1.2 remain readable.
 - Slash-command help and autocomplete present only canonical commands:
   `/model`, `/quit`, and `/receipts [verify <runId>]` replace duplicate
   spellings such as `/models`, `/exit`, and `/receipt verify <runId>`.
-- Provider catalog and cloud defaults realign with `pi-ai` 0.70.2; the
-  `@mariozechner/pi-*` line is pinned to 0.70.x with a current lock at 0.70.2.
+- Provider catalog and cloud defaults realign with the then-current `pi-ai`
+  package line.
 - Worker tool-call path validates once and threads telemetry hooks so the
   agent loop, dispatch board, and receipts share one source of truth.
 - Mode fragments must now enumerate the matrix tool set; a new regression
@@ -935,9 +992,6 @@ you need a stable target.
 - **Dispatch and workers.** `clio run` spawns OS-isolated worker
   subprocesses with NDJSON IPC and heartbeats. Named worker profiles
   let the interactive session fan out across multiple runtimes.
-- **Self-development mode.** Hot-reload and restart-required signals for
-  developers editing Clio from inside Clio, with shell environment isolation
-  and tool guards.
 - **Receipts and audit.** Every run writes a receipt under
   `<dataDir>/receipts/<runId>.json` with token counts and USD cost.
 - **Safety model.** Three modes (`default`, `advise`, `super`) gate tool
@@ -949,8 +1003,6 @@ you need a stable target.
 ### Known limits
 
 - Windows is best-effort until a later release.
-- The self-dev harness is a developer convenience, not a polished public
-  surface.
 - Some runtime slots (remote fan-out, broader MCP) are scaffolded but not
   admitted by dispatch yet.
 

CLIO.md

@@ -13,16 +13,16 @@ Clio Coder is IOWarp's orchestrator coding agent. The pi SDK is a vendored engin
 
 ## Hard invariants
 
-1. Engine boundary. Only `src/engine/**` may value-import `@mariozechner/pi-*`.
+1. Engine boundary. Only `src/engine/**` may value-import `@earendil-works/pi-*`.
 2. Worker isolation. `src/worker/**` never imports `src/domains/**` except `src/domains/providers`.
 3. Domain independence. `src/domains/<x>/**` never imports `src/domains/<y>/extension.ts` for `y != x`.
 
 <!-- clio:fingerprint v1
 {
-  "initAt": "2026-05-04T01:57:19.822Z",
+  "initAt": "2026-05-17T02:27:46.835Z",
   "model": "local-bootstrap",
-  "gitHead": "57ef01b1a6d8b4bc829154ce19c862d555e92b52",
-  "treeHash": "29828ed99631e3334bf9f3c4e4947faa294a9ce6e45f5513c758d73b3d9557f2",
-  "loc": 83717
+  "gitHead": "c65ef60821cd24eb0c00804e8f933b1b1f8d36f7",
+  "treeHash": "8526cd22906b29678a31aad2a3fcd445c3d0fa0cb2fccbb61782b732e6d89c75",
+  "loc": 95310
 }
 -->

CONTRIBUTING.md

@@ -52,7 +52,7 @@ npm run hooks:install
 
 The boundary checker enforces these:
 
-- Engine boundary: only `src/engine/**` value-imports pi SDK packages (`@mariozechner/pi-*`, currently pinned to the 0.70.x package line).
+- Engine boundary: only `src/engine/**` value-imports pi SDK packages (`@earendil-works/pi-*`, currently pinned to 0.74.0).
 - Worker isolation: `src/worker/**` value-imports only the worker-safe
   provider runtime rehydration modules under `src/domains/providers/**`;
   all other worker domain imports must be type-only.