@aihq/harness 0.2.0-rc.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/NOTICE +41 -0
- package/README.md +23 -2
- package/dist/{chunk-S7XFTZJW.js → chunk-2P5QRFQK.js} +8 -6
- package/dist/{chunk-S7XFTZJW.js.map → chunk-2P5QRFQK.js.map} +1 -1
- package/dist/cli.js +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/package.json +3 -2
package/NOTICE
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
AI Harness (aih)
|
|
2
|
+
Copyright 2026 The AI Harness (aih) authors
|
|
3
|
+
|
|
4
|
+
This product is licensed under the Apache License, Version 2.0 (see LICENSE).
|
|
5
|
+
|
|
6
|
+
## Third-party notices
|
|
7
|
+
|
|
8
|
+
Some parts of aih re-express only the *shape* or *vocabulary* of concepts from
|
|
9
|
+
other open-source projects — no source was copied. These are attributed inline:
|
|
10
|
+
src/internals/cli-registry.ts (@canonical/harnesses registry shape; RevealUI
|
|
11
|
+
degradation vocabulary) and src/internals/sarif.ts (@razroo/isolint SARIF
|
|
12
|
+
envelope shape).
|
|
13
|
+
|
|
14
|
+
aih also ports policy DATA verbatim from LeanHarness
|
|
15
|
+
(https://github.com/fernandonetom/lean-harness), which is MIT-licensed. The
|
|
16
|
+
command-classification and risk-gate lexicons in src/guardrails/command-policy.ts
|
|
17
|
+
and src/guardrails/risk-gates.ts reproduce its `.lh/policies/commands.yml` and
|
|
18
|
+
`.lh/policies/risk-gates.yml` (patterns, reasons, and category names). Per the
|
|
19
|
+
MIT license, its copyright and permission notice follow:
|
|
20
|
+
|
|
21
|
+
MIT License
|
|
22
|
+
|
|
23
|
+
Copyright (c) 2026 LeanHarness contributors
|
|
24
|
+
|
|
25
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
26
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
27
|
+
in the Software without restriction, including without limitation the rights
|
|
28
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
29
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
30
|
+
furnished to do so, subject to the following conditions:
|
|
31
|
+
|
|
32
|
+
The above copyright notice and this permission notice shall be included in
|
|
33
|
+
all copies or substantial portions of the Software.
|
|
34
|
+
|
|
35
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
36
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
37
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
38
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
39
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
40
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
41
|
+
SOFTWARE.
|
package/README.md
CHANGED
|
@@ -39,11 +39,32 @@ architecture — all from one command surface.
|
|
|
39
39
|
|
|
40
40
|
## Install
|
|
41
41
|
|
|
42
|
+
```bash
|
|
43
|
+
npm install -g @aihq/harness # then run: aih --help
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Verify the install's origin — every release is published with build provenance:
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
npm audit signatures
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
<details><summary>From source (contributors)</summary>
|
|
53
|
+
|
|
42
54
|
```bash
|
|
43
55
|
npm install # deps
|
|
44
56
|
npm run build # → dist/cli.js (bin: aih)
|
|
45
57
|
node dist/cli.js --help
|
|
46
58
|
```
|
|
59
|
+
</details>
|
|
60
|
+
|
|
61
|
+
## Quickstart
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
aih doctor # read-only: is the workstation ready for AI coding?
|
|
65
|
+
aih init . # preview the full repo bootstrap (dry-run — nothing is written)
|
|
66
|
+
aih init . --apply # apply it
|
|
67
|
+
```
|
|
47
68
|
|
|
48
69
|
## Command surface
|
|
49
70
|
|
|
@@ -59,6 +80,7 @@ node dist/cli.js --help
|
|
|
59
80
|
| `aih scaffold` | Create the canonical context dir (`--context-dir`, default `ai-coding`) — INDEX/SKILL skeleton, an agent **`SETUP-TASKS.md`** playbook (fill context + guardrails from the code), a write-once `project-guardrails.md`, a secret deny-list, and a pre-commit hook. (Bootloaders are `bootstrap-ai`'s job.) |
|
|
60
81
|
| `aih guardrails` | Generate `.gitleaks.toml`, `.pre-commit-config.yaml`, and a CI license gate that blocks AGPL/strong-copyleft. |
|
|
61
82
|
| `aih secrets` | Scan for plaintext `.env*`/`secrets/` and write agent deny rules + vault-injection guidance. `--verify` is the **secret-scan CI gate** (exit 1 when plaintext secrets exist); `--sarif <file>` emits one error-level result per path for GitHub code-scanning. |
|
|
83
|
+
| `aih trust` | Vet, pin, and gate external GitHub repos and skills before an agent acquires them. `scan <target>` grades danger (auto-exec hooks, dependency-confusion, typosquat, incoming-MCP, secrets) and emits SARIF; `allow`/`pin` record reviewed sources + pinned SHAs in org policy; `list`/`verify` audit the committed policy and trust-lock evidence. |
|
|
62
84
|
| `aih mcp` | Generate the MCP server config **for the targeted CLIs** (`--cli`/`--all-tools`, default claude): Claude/Cursor/Kiro/Kimi get their correct project file written (`.mcp.json`, `.cursor/mcp.json`, …); Codex (TOML), Copilot, OpenCode, Zed, and global-config tools get exact per-tool guidance instead of a file aih would get wrong. Scopes: local/project/remote. For locked-down orgs, `--mode offline` (vendored local-command servers) or `--mode none` (no MCP + a CLI-tool fallback) plus a `managed-mcp.json` admin template. |
|
|
63
85
|
| `aih sandbox` | Generate a devcontainer + managed sandbox settings (egress allowlist, `failIfUnavailable`). |
|
|
64
86
|
| `aih telemetry` | Inject OpenTelemetry env, a redacting Bindplane collector, and an analytics fetcher (usage + skills endpoints → `{ usage_report, skills }`). |
|
|
@@ -294,8 +316,7 @@ npm run build # tsup → dist/
|
|
|
294
316
|
```
|
|
295
317
|
|
|
296
318
|
Stack: TypeScript (ESM) · commander · zod · vitest · biome · tsup. See
|
|
297
|
-
[
|
|
298
|
-
contributor/agent workflow, and delegatable tasks.
|
|
319
|
+
[CONTRIBUTING.md](CONTRIBUTING.md) for the contributor workflow.
|
|
299
320
|
|
|
300
321
|
## License
|
|
301
322
|
|
|
@@ -14602,7 +14602,7 @@ var TOOL_HINTS = {
|
|
|
14602
14602
|
comby: "comby \u2014 brew install comby \xB7 bash <(curl -sL get.comby.dev)",
|
|
14603
14603
|
jq: "jq \u2014 brew install jq \xB7 apt install jq \xB7 scoop install jq",
|
|
14604
14604
|
gh: "GitHub CLI \u2014 brew install gh \xB7 winget install GitHub.cli \xB7 cli.github.com",
|
|
14605
|
-
"code-review-graph": "pip install code-review-graph (or uvx code-review-graph serve)",
|
|
14605
|
+
"code-review-graph": "pip install code-review-graph==2.3.6 (or uvx code-review-graph@2.3.6 serve)",
|
|
14606
14606
|
claude: "Claude Code \u2014 npm i -g @anthropic-ai/claude-code",
|
|
14607
14607
|
codex: "Codex CLI \u2014 npm i -g @openai/codex",
|
|
14608
14608
|
cursor: "Cursor editor \u2014 cursor.com",
|
|
@@ -22322,11 +22322,13 @@ var TOOLS = [
|
|
|
22322
22322
|
tool: "code-review-graph",
|
|
22323
22323
|
bin: "code-review-graph",
|
|
22324
22324
|
tier: "optional",
|
|
22325
|
+
// Pinned to match the uvx MCP runners (src/mcp/servers.ts + src/workspace/templates.ts);
|
|
22326
|
+
// bump in lockstep. PEP 508 `==` form — pip/uv reject the uvx `@2.3.6` shorthand.
|
|
22325
22327
|
options: [
|
|
22326
|
-
{ pm: "uv", argv: ["uv", "tool", "install", "code-review-graph"] },
|
|
22327
|
-
{ pm: "pip", argv: ["pip", "install", "code-review-graph"] }
|
|
22328
|
+
{ pm: "uv", argv: ["uv", "tool", "install", "code-review-graph==2.3.6"] },
|
|
22329
|
+
{ pm: "pip", argv: ["pip", "install", "code-review-graph==2.3.6"] }
|
|
22328
22330
|
],
|
|
22329
|
-
manual: "pip install code-review-graph"
|
|
22331
|
+
manual: "pip install code-review-graph==2.3.6"
|
|
22330
22332
|
}
|
|
22331
22333
|
];
|
|
22332
22334
|
var PM_BINARIES = [
|
|
@@ -25291,7 +25293,7 @@ import { isAbsolute as isAbsolute9 } from "path";
|
|
|
25291
25293
|
|
|
25292
25294
|
// src/program.ts
|
|
25293
25295
|
import { Command } from "commander";
|
|
25294
|
-
var VERSION = "0.
|
|
25296
|
+
var VERSION = "0.2.0";
|
|
25295
25297
|
function buildProgram() {
|
|
25296
25298
|
const program = new Command();
|
|
25297
25299
|
program.name("aih").description("Enterprise AI Bootstrapping Harness \u2014 governed, proxy-safe AI coding setup").version(VERSION).showHelpAfterError("(add --help for usage)");
|
|
@@ -25873,4 +25875,4 @@ export {
|
|
|
25873
25875
|
VERSION,
|
|
25874
25876
|
buildProgram
|
|
25875
25877
|
};
|
|
25876
|
-
//# sourceMappingURL=chunk-
|
|
25878
|
+
//# sourceMappingURL=chunk-2P5QRFQK.js.map
|