feat(harness): registry-grounded system prompt with coder routing and SDK-doc gate

[andersonleal]

Summary

Extends the turn-orchestrator identity prompt (all four provider variants: anthropic, gpt, kimi, default) from engine-only discovery to the full capability ladder: registered function → install from the public registry → author a worker. Hardened by a 5-dimension adversarially-verified review of the draft; all confirmed findings are fixed in this PR.

Prompt changes (byte-equivalent semantics across all 4 variants)

• Public registry flow — when nothing registered fits: directory::registry::workers::list/info → announce → worker::add { source: { kind: "registry", name } } → re-verify via engine::functions::list { prefix }. Bootstraps a missing directory worker (iii-directory) and degrades gracefully when the registry is unreachable. Both catalogue calls are documented in-prompt and exempt from the fetch-contract-first rule (resolving a contradiction with RULE 2).
• Worked example grounded in the live registry — uses the published email worker (email::send); the previous draft modeled resend, which GET /w?search=resend returns empty for today. The example now also models fetching the worker::add contract and announcing the install as a plain assistant line.
• Coder routing — create/edit/move/delete code files go through coder::*, including coder::move for renames (never delete-then-recreate). The function list reads as non-exhaustive with the prefix list as the inventory, there is a post-install re-check, and the shell::fs boundary is drawn for non-code browsing.
• SDK-doc gate — fetch the per-language iii.dev SDK reference before the first line of worker code (registerTrigger-from-memory trap observed live), scoped to new workers/new registrations, with engine-sdk as the any-other-language fallback, llms.txt recovery on fetch failure, graceful degradation when docs are unreachable, and the never-fetch-docs-for-an-ordinary-call guard.
• web::fetch localhost mandate — testing a just-bound HTTP trigger uses web::fetch (no curl exception), with an explicit success criterion: read the envelope (ok, status, body matches the handler).

Tests (142 → 146)

• directory::* allowlist invariant replaces the substring bans: every directory:: id in the prompt must start with directory::registry::workers:: (also blocks the legacy directory::engine::* doc proxies).
• New pins: coder::move, non-exhaustive inventory + no delete-then-recreate, ordinary-call guard, degradation, .md trick, engine-sdk fallback, llms.txt recovery, capability-ladder ordering (registry → coder → authoring), and the email example (mutation-tested: deleting the block fails the suite).

Permissions + docs

• iii-permissions.yaml: allow the read-only ids the prompt now mandates — registry catalogue reads, read-only coder::* surface, and web::fetch (size/timeout caps + server-side SSRF protection; load-bearing for the SDK gate and trigger verification). worker::add and mutating coder::* ops stay approval-gated.
• harness/docs/architecture.md allow-rule enumeration updated to match; stale "engine-only / discovers everything from the live engine" framing replaced with "engine-grounded" in turn-orchestrator.md and the system-prompt.ts JSDoc.

Test plan

• pnpm vitest run tests — 1371/1371 pass (122 files), including the policy suite against the edited yaml
• npx tsc --noEmit clean; biome check clean on touched files
• Example parity: <example> block byte-identical across all 4 variants
• Registry ground truth: email worker verified published with email::send; resend confirmed absent
• Mutation test: removing the example from one variant fails the suite (pin is load-bearing)
• Independent verifier pass over all 12 fix claims (PASS on each)
• Live smoke: run a hello-world session per variant and confirm the agent uses web::fetch (not curl) for trigger verification and fetches the SDK reference before authoring

Summary by CodeRabbit

Release Notes

• Documentation

  • Updated architecture and worker system documentation to reflect new engine-grounded capability discovery approach.

• New Features

  • Enhanced system prompts to guide worker discovery and installation from public registry when no registered match exists.
  • Improved SDK reference lookups before code authoring and better HTTP request handling.

• Tests

  • Expanded test coverage for system prompt output validation and operational invariants.

• Chores

  • Updated permissions configuration to support expanded capability requirements.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
harness	Error		Jun 11, 2026 5:58pm
workers	Ready	Preview, Comment	Jun 11, 2026 5:58pm

[github-actions]

skill-check — worker

0 verified, 15 skipped (no docs/).

Layer	Result
structure	✓
vale	✓
ai	✓
render	✓

Four for four. Nicely done.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f6ff3aaf-dd1a-4c56-b76b-cc287718b275

📥 Commits

Reviewing files that changed from the base of the PR and between 45e03e1 and e0671c6.

📒 Files selected for processing (9)

• harness/docs/architecture.md
• harness/docs/workers/turn-orchestrator.md
• harness/src/turn-orchestrator/prompt/anthropic.ts
• harness/src/turn-orchestrator/prompt/default.ts
• harness/src/turn-orchestrator/prompt/gpt.ts
• harness/src/turn-orchestrator/prompt/kimi.ts
• harness/src/turn-orchestrator/system-prompt.ts
• harness/tests/turn-orchestrator/system-prompt.test.ts
• iii-permissions.yaml

---

📝 Walkthrough

Walkthrough

This PR shifts the iii agent turn-orchestrator from a self-contained to an "engine-grounded" system: agents discover capabilities from the live engine and public registry, route code operations through a specialized coder::* worker, require SDK reference lookups before authoring workers, and enforce web::fetch for all HTTP requests including localhost verification. Documentation, all prompt templates, permissions, and tests are updated cohesively to support this architecture.

Changes

Engine-grounded agent system with registry discovery and specialized worker routing

Layer / File(s)	Summary
Architectural documentation of engine-grounded paradigm shift harness/docs/architecture.md, harness/docs/workers/turn-orchestrator.md, harness/src/turn-orchestrator/system-prompt.ts	Documentation is updated to define "engine-grounded" as discovering capabilities from the live engine and public registry, installing registry workers when no match fits, routing code-file work through coder::*, and fetching the iii.dev SDK reference before authoring workers.
Registry discovery and worker installation guidance across all prompts harness/src/turn-orchestrator/prompt/anthropic.ts, harness/src/turn-orchestrator/prompt/default.ts, harness/src/turn-orchestrator/prompt/gpt.ts, harness/src/turn-orchestrator/prompt/kimi.ts	All four model-specific prompts are expanded with procedural guidance: when no registered function matches, search the public directory registry via directory::registry::workers::list/info, inspect worker details before installing via worker::add, and verify newly-available function IDs and fetch contracts via engine::functions::info before calling. Each variant includes pre-install evaluation and post-install confirmation steps.
Coder worker routing and SDK reference requirements harness/src/turn-orchestrator/prompt/anthropic.ts, harness/src/turn-orchestrator/prompt/default.ts, harness/src/turn-orchestrator/prompt/gpt.ts, harness/src/turn-orchestrator/prompt/kimi.ts	Prompt templates enforce routing any code-file creation/editing/deletion through the coder::* worker with contract verification and installer fallback. Additionally, all prompts now require agents to fetch appropriate SDK documentation (via web::fetch in markdown format, selected by worker language) before writing any worker code, including behavior for unreachable documentation and verification requirements.
HTTP request enforcement and web::fetch guidance refinement harness/src/turn-orchestrator/prompt/anthropic.ts, harness/src/turn-orchestrator/prompt/default.ts	HTTP(S) guidance is refined to clarify that localhost and newly-bound HTTP endpoints require web::fetch for verification with response-envelope reading, curl/wget are prohibited in favor of web::fetch, and agents must fetch web::fetch's own contract via engine::functions::info before the first call. Guidance includes HTTP trigger verification and markdown conversion for documentation fetches.
Permission allowlist extension for registry, coder, and web operations iii-permissions.yaml	Default agent allowlist is extended to permit read-only directory registry operations (directory::registry::workers::list/info), read-only coder introspection (coder::info, coder::read-file, coder::search, coder::list-folder, coder::tree), and web::fetch for SDK reference and HTTP verification, while keeping worker::add approval-gated.
Comprehensive test coverage for engine-grounded behavior and invariants harness/tests/turn-orchestrator/system-prompt.test.ts	Test suite is significantly expanded to validate worker registry search → install → verify flow, graceful degradation when the directory worker is absent, coder worker routing for code file operations, SDK reference requirement before the first line of worker code, web::fetch mandate for localhost and just-bound endpoints, per-language SDK documentation URLs with markdown gating, and enforcement that only directory::registry::workers::* directory identifiers appear in the produced prompt. Parameterized invariant tests cover cross-variant consistency, capability-ladder ordering, and preserved worked examples.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• iii-hq/workers#227: Both PRs directly modify the turn-orchestrator system-prompt/prompt-template contract and the associated permission allowlists in iii-permissions.yaml, with the main PR extending prompt guidance for registry discovery and coder routing.

Suggested reviewers

• sergiofilhowz

Poem

🐰 A rabbit hops through registries wide,
Coder workers guide the path with pride,
SDK docs must come before the code,
Web::fetch speaks on every load,
Engine-grounded, the agent now sees clear!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main changes: introducing a registry-grounded system prompt with coder routing and SDK documentation gating.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/registry-grounded-system-prompt

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}