@aihq/harness 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -1,12 +1,3 @@
1
1
  #!/usr/bin/env node
2
- import {
3
- buildProgram
4
- } from "./chunk-7GVBGS5N.js";
5
-
6
- // src/cli.ts
7
- buildProgram().parseAsync(process.argv).catch((err) => {
8
- process.stderr.write(`fatal: ${err instanceof Error ? err.message : String(err)}
9
- `);
10
- process.exitCode = 1;
11
- });
12
- //# sourceMappingURL=cli.js.map
2
+ import{ja as s}from"./chunk-EAFL7TH3.js";s().parseAsync(process.argv).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
3
+ `),process.exitCode=1});
package/dist/index.d.ts CHANGED
@@ -186,7 +186,7 @@ type Verdict = "pass" | "fail" | "skip";
186
186
  * sealed: a new failure mode means a new member here PLUS the `code` set at the
187
187
  * emitter; never derive a code by matching `detail`.
188
188
  */
189
- type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source";
189
+ type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing";
190
190
  interface Check {
191
191
  name: string;
192
192
  verdict: Verdict;
@@ -356,15 +356,19 @@ interface DigestAction {
356
356
  * aih-owned (a per-CLI adapter note, a kiro steering/hook extra) once the CLI is
357
357
  * dropped. The executor fails closed: mandatory {@link assertContained} on the raw
358
358
  * path (no `external` field exists, so a global `~/home` file is structurally
359
- * unreachable), a symlink guard, and a backup before unlink. It MOVES the file to
360
- * gitignored `.aih/legacy/<path>` (reversible) the move itself is the backup, so a
361
- * dropped CLI's artifacts can always be restored by moving them back.
359
+ * unreachable), a symlink guard, and a backup before unlink. By default it MOVES the
360
+ * file to gitignored `.aih/legacy/<path>` (reversible; occupied destinations are never
361
+ * overwritten). Under `hardDelete` it instead renames to the sibling `<path>.aih.bak`
362
+ * — the same single-slot, latest-wins backup every aih write gets — for users who
363
+ * explicitly opt out of the archive.
362
364
  */
363
365
  interface RemoveAction {
364
366
  kind: "remove";
365
367
  /** Repo-relative path of the file to remove. */
366
368
  path: string;
367
369
  describe: string;
370
+ /** Opt-in: single-slot `<path>.aih.bak` rename instead of the `.aih/legacy/` archive. */
371
+ hardDelete?: boolean;
368
372
  }
369
373
  type Action = WriteAction | DocAction | ProbeAction | ExecAction | EnvBlockAction | DigestAction | RemoveAction;
370
374
  interface Plan {
@@ -471,7 +475,9 @@ declare function exec(describe: string, argv: string[], opts?: {
471
475
  blockProbesOnFailure?: boolean;
472
476
  }): ExecAction;
473
477
  declare function envBlock(path: string, scope: string, shell: EnvShell, vars: EnvVar[], describe: string): EnvBlockAction;
474
- declare function remove(path: string, describe: string): RemoveAction;
478
+ declare function remove(path: string, describe: string, opts?: {
479
+ hardDelete?: boolean;
480
+ }): RemoveAction;
475
481
  declare function plan(capability: string, ...actions: Action[]): Plan;
476
482
 
477
483
  /** Capability commands (repo/workstation mutators), dry-run by default. */
@@ -558,9 +564,10 @@ interface WriteSummary {
558
564
  interface RemoveSummary {
559
565
  path: string;
560
566
  describe: string;
561
- /** `remove` = present, will move to `.aih/legacy/`; `absent` = nothing on disk. */
562
- effect: "remove" | "absent";
563
- /** Repo-relative `.aih/legacy/` destination, when effect is `remove`. */
567
+ /** `remove` = move to `.aih/legacy/`; `delete` = hard-delete (single-slot `.aih.bak`
568
+ * backup); `absent` = nothing on disk. */
569
+ effect: "remove" | "delete" | "absent";
570
+ /** Repo-relative destination (`.aih/legacy/…` or `<path>.aih.bak`), when present. */
564
571
  to?: string;
565
572
  }
566
573
  interface PlanResult {
@@ -672,8 +679,13 @@ declare class FsTransaction {
672
679
  * `.aih/legacy/`). The move IS the backup: rollback (and the user) restore by
673
680
  * moving it back. Symlinks are refused at commit (moving a link then restoring it
674
681
  * would recreate a regular file). No-op if the source is already gone.
682
+ * `backupSibling` marks a hard-delete destination (`<path>.aih.bak`): still
683
+ * never-overwrite, but a taken slot falls back to `<path>.N.aih.bak` (matches the
684
+ * gitignored `*.aih.bak` glob) instead of the archive's `<path>.N`.
675
685
  */
676
- stageRemoval(path: string, legacyPath: string): void;
686
+ stageRemoval(path: string, legacyPath: string, opts?: {
687
+ backupSibling?: boolean;
688
+ }): void;
677
689
  preview(): ReadonlyArray<StagedWrite>;
678
690
  commit(): FsTxnResult;
679
691
  }
@@ -758,7 +770,7 @@ declare function parseCertLines(stdout: string): CertEntry[];
758
770
  */
759
771
  declare function parsePemBlocks(stdout: string, subject?: string): CertEntry[];
760
772
 
761
- declare const VERSION = "0.3.0";
773
+ declare const VERSION = "0.3.1";
762
774
  /** Build the configured commander program. Imported by both the CLI entry and tests. */
763
775
  declare function buildProgram(): Command;
764
776
 
package/dist/index.js CHANGED
@@ -1,133 +1 @@
1
- import {
2
- ALL_COMMANDS,
3
- AihError,
4
- CAPABILITIES,
5
- ContextDir,
6
- DirtyWorktreeError,
7
- FsTransaction,
8
- FsTxnError,
9
- MergeError,
10
- NotImplementedError,
11
- PathContainmentError,
12
- PlatformError,
13
- READONLY,
14
- SettingsError,
15
- VERSION,
16
- VerificationError,
17
- VerificationReport,
18
- beginMarker,
19
- buildProgram,
20
- deepMerge,
21
- defaultRunner,
22
- derBase64ToPem,
23
- digest,
24
- doc,
25
- dynamicDigest,
26
- endMarker,
27
- ensureTrailingNewline,
28
- envBlock,
29
- exec,
30
- executePlan,
31
- fakeRunner,
32
- formatExport,
33
- frontmatter,
34
- indent,
35
- isPlainObject,
36
- jsonFile,
37
- lines,
38
- loadSettings,
39
- makeHostAdapter,
40
- managedBlock,
41
- missingToolRunner,
42
- parseCertLines,
43
- parseFirstInt,
44
- parseJsoncText,
45
- parseNvidiaSmi,
46
- parsePemBlocks,
47
- plan,
48
- probe,
49
- probeMany,
50
- readIfExists,
51
- registerCommands,
52
- remove,
53
- removeManagedBlock,
54
- resolveContents,
55
- resolvePlatform,
56
- retryTransient,
57
- safeCaPattern,
58
- stripTrailingNewlines,
59
- summarizeResult,
60
- upsertManagedBlock,
61
- upsertTextBlock,
62
- vdiFromEnv,
63
- writeArtifact,
64
- writeJson,
65
- writeText
66
- } from "./chunk-7GVBGS5N.js";
67
- export {
68
- ALL_COMMANDS,
69
- AihError,
70
- CAPABILITIES,
71
- ContextDir,
72
- DirtyWorktreeError,
73
- FsTransaction,
74
- FsTxnError,
75
- MergeError,
76
- NotImplementedError,
77
- PathContainmentError,
78
- PlatformError,
79
- READONLY,
80
- SettingsError,
81
- VERSION,
82
- VerificationError,
83
- VerificationReport,
84
- beginMarker,
85
- buildProgram,
86
- deepMerge,
87
- defaultRunner,
88
- derBase64ToPem,
89
- digest,
90
- doc,
91
- dynamicDigest,
92
- endMarker,
93
- ensureTrailingNewline,
94
- envBlock,
95
- exec,
96
- executePlan,
97
- fakeRunner,
98
- formatExport,
99
- frontmatter,
100
- indent,
101
- isPlainObject,
102
- jsonFile,
103
- lines,
104
- loadSettings,
105
- makeHostAdapter,
106
- managedBlock,
107
- missingToolRunner,
108
- parseCertLines,
109
- parseFirstInt,
110
- parseJsoncText,
111
- parseNvidiaSmi,
112
- parsePemBlocks,
113
- plan,
114
- probe,
115
- probeMany,
116
- readIfExists,
117
- registerCommands,
118
- remove,
119
- removeManagedBlock,
120
- resolveContents,
121
- resolvePlatform,
122
- retryTransient,
123
- safeCaPattern,
124
- stripTrailingNewlines,
125
- summarizeResult,
126
- upsertManagedBlock,
127
- upsertTextBlock,
128
- vdiFromEnv,
129
- writeArtifact,
130
- writeJson,
131
- writeText
132
- };
133
- //# sourceMappingURL=index.js.map
1
+ import{$ as fr,A as Y,B as _,C as c,D as h,E as j,F as k,G as q,H as v,I as w,J as y,K as z,L as F,M as G,N as H,O as J,P as K,Q,R as U,S as W,T as X,U as Z,V as $,W as rr,X as or,Y as mr,Z as er,_ as tr,a as p,aa as pr,b as x,ba as xr,c as A,ca as Ar,d as I,da as Ir,e as L,ea as r,f as C,fa as o,g as E,ga as m,h as N,ha as e,i as O,ia as t,j as S,ja as f,k as a,l as d,m as g,n as i,o as s,p as D,q as M,r as P,s as R,t as b,u as l,v as n,w as u,x as B,y as T,z as V}from"./chunk-EAFL7TH3.js";export{m as ALL_COMMANDS,p as AihError,r as CAPABILITIES,g as ContextDir,O as DirtyWorktreeError,a as FsTransaction,I as FsTxnError,E as MergeError,C as NotImplementedError,N as PathContainmentError,A as PlatformError,o as READONLY,x as SettingsError,t as VERSION,L as VerificationError,K as VerificationReport,k as beginMarker,f as buildProgram,J as deepMerge,Z as defaultRunner,or as derBase64ToPem,P as digest,M as doc,R as dynamicDigest,q as endMarker,j as ensureTrailingNewline,u as envBlock,n as exec,W as executePlan,$ as fakeRunner,w as formatExport,c as frontmatter,_ as indent,H as isPlainObject,h as jsonFile,Y as lines,i as loadSettings,Ir as makeHostAdapter,v as managedBlock,rr as missingToolRunner,pr as parseCertLines,tr as parseFirstInt,G as parseJsoncText,fr as parseNvidiaSmi,xr as parsePemBlocks,T as plan,b as probe,l as probeMany,d as readIfExists,e as registerCommands,B as remove,F as removeManagedBlock,U as resolveContents,Ar as resolvePlatform,S as retryTransient,mr as safeCaPattern,V as stripTrailingNewlines,X as summarizeResult,y as upsertManagedBlock,z as upsertTextBlock,er as vdiFromEnv,Q as writeArtifact,D as writeJson,s as writeText};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aihq/harness",
3
- "version": "0.3.0",
3
+ "version": "0.3.1",
4
4
  "description": "Enterprise AI Bootstrapping Harness — bootstraps governed, proxy-safe AI coding into workstations and repos",
5
5
  "repository": {
6
6
  "type": "git",