@aihq/harness 0.2.0-rc.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/NOTICE ADDED
@@ -0,0 +1,41 @@
1
+ AI Harness (aih)
2
+ Copyright 2026 The AI Harness (aih) authors
3
+
4
+ This product is licensed under the Apache License, Version 2.0 (see LICENSE).
5
+
6
+ ## Third-party notices
7
+
8
+ Some parts of aih re-express only the *shape* or *vocabulary* of concepts from
9
+ other open-source projects — no source was copied. These are attributed inline:
10
+ src/internals/cli-registry.ts (@canonical/harnesses registry shape; RevealUI
11
+ degradation vocabulary) and src/internals/sarif.ts (@razroo/isolint SARIF
12
+ envelope shape).
13
+
14
+ aih also ports policy DATA verbatim from LeanHarness
15
+ (https://github.com/fernandonetom/lean-harness), which is MIT-licensed. The
16
+ command-classification and risk-gate lexicons in src/guardrails/command-policy.ts
17
+ and src/guardrails/risk-gates.ts reproduce its `.lh/policies/commands.yml` and
18
+ `.lh/policies/risk-gates.yml` (patterns, reasons, and category names). Per the
19
+ MIT license, its copyright and permission notice follow:
20
+
21
+ MIT License
22
+
23
+ Copyright (c) 2026 LeanHarness contributors
24
+
25
+ Permission is hereby granted, free of charge, to any person obtaining a copy
26
+ of this software and associated documentation files (the "Software"), to deal
27
+ in the Software without restriction, including without limitation the rights
28
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
29
+ copies of the Software, and to permit persons to whom the Software is
30
+ furnished to do so, subject to the following conditions:
31
+
32
+ The above copyright notice and this permission notice shall be included in
33
+ all copies or substantial portions of the Software.
34
+
35
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
36
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
37
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
38
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
39
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
40
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
41
+ SOFTWARE.
package/README.md CHANGED
@@ -7,18 +7,22 @@
7
7
  [![Node ≥20](https://img.shields.io/badge/node-%E2%89%A520-339933.svg)](package.json)
8
8
 
9
9
  <p align="center">
10
- <img src="docs/assets/aih-overview.svg" alt="aih — extract corporate trust, self-heal the runtime, tune the workstation, bootstrap a governed repo, and run AI coding safely behind any proxy" width="100%">
10
+ <img src="docs/assets/aih-overview.svg" alt="aih — extract corporate trust, self-heal the runtime, tune the workstation, bootstrap a governed repo, and run AI-assisted coding behind a proxy" width="100%">
11
11
  </p>
12
12
 
13
- A cross-platform CLI that prepares developer workstations and repositories for
14
- **safe, governed AI-assisted coding behind a corporate proxy**. It extracts
15
- corporate trust, tunes local inference, hardens repos with guardrails, wires up
13
+ A cross-platform CLI that helps prepare developer workstations and repositories for
14
+ **reviewable, governed AI-assisted coding behind a corporate proxy**. It extracts
15
+ corporate trust, tunes local inference, adds repo guardrails, wires up
16
16
  MCP / observability / sandboxing, and lays down a tool-agnostic context
17
17
  architecture — all from one command surface.
18
18
 
19
- > Turns the architectural blueprint *"Enterprise DevSecOps AI Bootstrapping:
19
+ > Implements the architectural blueprint *"Enterprise DevSecOps AI Bootstrapping:
20
20
  > Cryptographic Trust, Local Performance Optimization, and Unified Observability"*
21
- > into a real, tested product.
21
+ > as a tested CLI.
22
+
23
+ > **Provided as open-source software under Apache-2.0 on an "AS IS" basis.** No warranty,
24
+ > support obligation, SLA, indemnity, consulting, or professional advice is provided. `aih`
25
+ > is dry-run by default — review the plan before running `--apply`. See [DISCLAIMER.md](DISCLAIMER.md).
22
26
 
23
27
  ## Design posture
24
28
 
@@ -39,11 +43,32 @@ architecture — all from one command surface.
39
43
 
40
44
  ## Install
41
45
 
46
+ ```bash
47
+ npm install -g @aihq/harness # then run: aih --help
48
+ ```
49
+
50
+ Verify the install's origin — every release is published with build provenance:
51
+
52
+ ```bash
53
+ npm audit signatures
54
+ ```
55
+
56
+ <details><summary>From source (contributors)</summary>
57
+
42
58
  ```bash
43
59
  npm install # deps
44
60
  npm run build # → dist/cli.js (bin: aih)
45
61
  node dist/cli.js --help
46
62
  ```
63
+ </details>
64
+
65
+ ## Quickstart
66
+
67
+ ```bash
68
+ aih doctor # read-only: is the workstation ready for AI coding?
69
+ aih init . # preview the full repo bootstrap (dry-run — nothing is written)
70
+ aih init . --apply # apply it
71
+ ```
47
72
 
48
73
  ## Command surface
49
74
 
@@ -59,6 +84,7 @@ node dist/cli.js --help
59
84
  | `aih scaffold` | Create the canonical context dir (`--context-dir`, default `ai-coding`) — INDEX/SKILL skeleton, an agent **`SETUP-TASKS.md`** playbook (fill context + guardrails from the code), a write-once `project-guardrails.md`, a secret deny-list, and a pre-commit hook. (Bootloaders are `bootstrap-ai`'s job.) |
60
85
  | `aih guardrails` | Generate `.gitleaks.toml`, `.pre-commit-config.yaml`, and a CI license gate that blocks AGPL/strong-copyleft. |
61
86
  | `aih secrets` | Scan for plaintext `.env*`/`secrets/` and write agent deny rules + vault-injection guidance. `--verify` is the **secret-scan CI gate** (exit 1 when plaintext secrets exist); `--sarif <file>` emits one error-level result per path for GitHub code-scanning. |
87
+ | `aih trust` | Vet, pin, and gate external GitHub repos and skills before an agent acquires them. `scan <target>` grades danger (auto-exec hooks, dependency-confusion, typosquat, incoming-MCP, secrets) and emits SARIF; `allow`/`pin` record reviewed sources + pinned SHAs in org policy; `list`/`verify` audit the committed policy and trust-lock evidence. |
62
88
  | `aih mcp` | Generate the MCP server config **for the targeted CLIs** (`--cli`/`--all-tools`, default claude): Claude/Cursor/Kiro/Kimi get their correct project file written (`.mcp.json`, `.cursor/mcp.json`, …); Codex (TOML), Copilot, OpenCode, Zed, and global-config tools get exact per-tool guidance instead of a file aih would get wrong. Scopes: local/project/remote. For locked-down orgs, `--mode offline` (vendored local-command servers) or `--mode none` (no MCP + a CLI-tool fallback) plus a `managed-mcp.json` admin template. |
63
89
  | `aih sandbox` | Generate a devcontainer + managed sandbox settings (egress allowlist, `failIfUnavailable`). |
64
90
  | `aih telemetry` | Inject OpenTelemetry env, a redacting Bindplane collector, and an analytics fetcher (usage + skills endpoints → `{ usage_report, skills }`). |
@@ -294,8 +320,7 @@ npm run build # tsup → dist/
294
320
  ```
295
321
 
296
322
  Stack: TypeScript (ESM) · commander · zod · vitest · biome · tsup. See
297
- [`.github/AGENT_TASKS.md`](.github/AGENT_TASKS.md) for architecture, the
298
- contributor/agent workflow, and delegatable tasks.
323
+ [CONTRIBUTING.md](CONTRIBUTING.md) for the contributor workflow.
299
324
 
300
325
  ## License
301
326