@aihq/harness 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/chunk-EAFL7TH3.js +3002 -0
- package/dist/cli.js +2 -11
- package/dist/index.d.ts +22 -10
- package/dist/index.js +1 -133
- package/package.json +1 -1
- package/dist/chunk-7GVBGS5N.js +0 -26662
- package/dist/chunk-7GVBGS5N.js.map +0 -1
- package/dist/cli.js.map +0 -1
- package/dist/index.js.map +0 -1
package/dist/cli.js
CHANGED
|
@@ -1,12 +1,3 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import {
|
|
3
|
-
|
|
4
|
-
} from "./chunk-7GVBGS5N.js";
|
|
5
|
-
|
|
6
|
-
// src/cli.ts
|
|
7
|
-
buildProgram().parseAsync(process.argv).catch((err) => {
|
|
8
|
-
process.stderr.write(`fatal: ${err instanceof Error ? err.message : String(err)}
|
|
9
|
-
`);
|
|
10
|
-
process.exitCode = 1;
|
|
11
|
-
});
|
|
12
|
-
//# sourceMappingURL=cli.js.map
|
|
2
|
+
import{ja as s}from"./chunk-EAFL7TH3.js";s().parseAsync(process.argv).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
|
|
3
|
+
`),process.exitCode=1});
|
package/dist/index.d.ts
CHANGED
|
@@ -186,7 +186,7 @@ type Verdict = "pass" | "fail" | "skip";
|
|
|
186
186
|
* sealed: a new failure mode means a new member here PLUS the `code` set at the
|
|
187
187
|
* emitter; never derive a code by matching `detail`.
|
|
188
188
|
*/
|
|
189
|
-
type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source";
|
|
189
|
+
type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing";
|
|
190
190
|
interface Check {
|
|
191
191
|
name: string;
|
|
192
192
|
verdict: Verdict;
|
|
@@ -356,15 +356,19 @@ interface DigestAction {
|
|
|
356
356
|
* aih-owned (a per-CLI adapter note, a kiro steering/hook extra) once the CLI is
|
|
357
357
|
* dropped. The executor fails closed: mandatory {@link assertContained} on the raw
|
|
358
358
|
* path (no `external` field exists, so a global `~/home` file is structurally
|
|
359
|
-
* unreachable), a symlink guard, and a backup before unlink.
|
|
360
|
-
* gitignored `.aih/legacy/<path>` (reversible
|
|
361
|
-
*
|
|
359
|
+
* unreachable), a symlink guard, and a backup before unlink. By default it MOVES the
|
|
360
|
+
* file to gitignored `.aih/legacy/<path>` (reversible; occupied destinations are never
|
|
361
|
+
* overwritten). Under `hardDelete` it instead renames to the sibling `<path>.aih.bak`
|
|
362
|
+
* — the same single-slot, latest-wins backup every aih write gets — for users who
|
|
363
|
+
* explicitly opt out of the archive.
|
|
362
364
|
*/
|
|
363
365
|
interface RemoveAction {
|
|
364
366
|
kind: "remove";
|
|
365
367
|
/** Repo-relative path of the file to remove. */
|
|
366
368
|
path: string;
|
|
367
369
|
describe: string;
|
|
370
|
+
/** Opt-in: single-slot `<path>.aih.bak` rename instead of the `.aih/legacy/` archive. */
|
|
371
|
+
hardDelete?: boolean;
|
|
368
372
|
}
|
|
369
373
|
type Action = WriteAction | DocAction | ProbeAction | ExecAction | EnvBlockAction | DigestAction | RemoveAction;
|
|
370
374
|
interface Plan {
|
|
@@ -471,7 +475,9 @@ declare function exec(describe: string, argv: string[], opts?: {
|
|
|
471
475
|
blockProbesOnFailure?: boolean;
|
|
472
476
|
}): ExecAction;
|
|
473
477
|
declare function envBlock(path: string, scope: string, shell: EnvShell, vars: EnvVar[], describe: string): EnvBlockAction;
|
|
474
|
-
declare function remove(path: string, describe: string
|
|
478
|
+
declare function remove(path: string, describe: string, opts?: {
|
|
479
|
+
hardDelete?: boolean;
|
|
480
|
+
}): RemoveAction;
|
|
475
481
|
declare function plan(capability: string, ...actions: Action[]): Plan;
|
|
476
482
|
|
|
477
483
|
/** Capability commands (repo/workstation mutators), dry-run by default. */
|
|
@@ -558,9 +564,10 @@ interface WriteSummary {
|
|
|
558
564
|
interface RemoveSummary {
|
|
559
565
|
path: string;
|
|
560
566
|
describe: string;
|
|
561
|
-
/** `remove` =
|
|
562
|
-
|
|
563
|
-
|
|
567
|
+
/** `remove` = move to `.aih/legacy/`; `delete` = hard-delete (single-slot `.aih.bak`
|
|
568
|
+
* backup); `absent` = nothing on disk. */
|
|
569
|
+
effect: "remove" | "delete" | "absent";
|
|
570
|
+
/** Repo-relative destination (`.aih/legacy/…` or `<path>.aih.bak`), when present. */
|
|
564
571
|
to?: string;
|
|
565
572
|
}
|
|
566
573
|
interface PlanResult {
|
|
@@ -672,8 +679,13 @@ declare class FsTransaction {
|
|
|
672
679
|
* `.aih/legacy/`). The move IS the backup: rollback (and the user) restore by
|
|
673
680
|
* moving it back. Symlinks are refused at commit (moving a link then restoring it
|
|
674
681
|
* would recreate a regular file). No-op if the source is already gone.
|
|
682
|
+
* `backupSibling` marks a hard-delete destination (`<path>.aih.bak`): still
|
|
683
|
+
* never-overwrite, but a taken slot falls back to `<path>.N.aih.bak` (matches the
|
|
684
|
+
* gitignored `*.aih.bak` glob) instead of the archive's `<path>.N`.
|
|
675
685
|
*/
|
|
676
|
-
stageRemoval(path: string, legacyPath: string
|
|
686
|
+
stageRemoval(path: string, legacyPath: string, opts?: {
|
|
687
|
+
backupSibling?: boolean;
|
|
688
|
+
}): void;
|
|
677
689
|
preview(): ReadonlyArray<StagedWrite>;
|
|
678
690
|
commit(): FsTxnResult;
|
|
679
691
|
}
|
|
@@ -758,7 +770,7 @@ declare function parseCertLines(stdout: string): CertEntry[];
|
|
|
758
770
|
*/
|
|
759
771
|
declare function parsePemBlocks(stdout: string, subject?: string): CertEntry[];
|
|
760
772
|
|
|
761
|
-
declare const VERSION = "0.3.
|
|
773
|
+
declare const VERSION = "0.3.1";
|
|
762
774
|
/** Build the configured commander program. Imported by both the CLI entry and tests. */
|
|
763
775
|
declare function buildProgram(): Command;
|
|
764
776
|
|
package/dist/index.js
CHANGED
|
@@ -1,133 +1 @@
|
|
|
1
|
-
import {
|
|
2
|
-
ALL_COMMANDS,
|
|
3
|
-
AihError,
|
|
4
|
-
CAPABILITIES,
|
|
5
|
-
ContextDir,
|
|
6
|
-
DirtyWorktreeError,
|
|
7
|
-
FsTransaction,
|
|
8
|
-
FsTxnError,
|
|
9
|
-
MergeError,
|
|
10
|
-
NotImplementedError,
|
|
11
|
-
PathContainmentError,
|
|
12
|
-
PlatformError,
|
|
13
|
-
READONLY,
|
|
14
|
-
SettingsError,
|
|
15
|
-
VERSION,
|
|
16
|
-
VerificationError,
|
|
17
|
-
VerificationReport,
|
|
18
|
-
beginMarker,
|
|
19
|
-
buildProgram,
|
|
20
|
-
deepMerge,
|
|
21
|
-
defaultRunner,
|
|
22
|
-
derBase64ToPem,
|
|
23
|
-
digest,
|
|
24
|
-
doc,
|
|
25
|
-
dynamicDigest,
|
|
26
|
-
endMarker,
|
|
27
|
-
ensureTrailingNewline,
|
|
28
|
-
envBlock,
|
|
29
|
-
exec,
|
|
30
|
-
executePlan,
|
|
31
|
-
fakeRunner,
|
|
32
|
-
formatExport,
|
|
33
|
-
frontmatter,
|
|
34
|
-
indent,
|
|
35
|
-
isPlainObject,
|
|
36
|
-
jsonFile,
|
|
37
|
-
lines,
|
|
38
|
-
loadSettings,
|
|
39
|
-
makeHostAdapter,
|
|
40
|
-
managedBlock,
|
|
41
|
-
missingToolRunner,
|
|
42
|
-
parseCertLines,
|
|
43
|
-
parseFirstInt,
|
|
44
|
-
parseJsoncText,
|
|
45
|
-
parseNvidiaSmi,
|
|
46
|
-
parsePemBlocks,
|
|
47
|
-
plan,
|
|
48
|
-
probe,
|
|
49
|
-
probeMany,
|
|
50
|
-
readIfExists,
|
|
51
|
-
registerCommands,
|
|
52
|
-
remove,
|
|
53
|
-
removeManagedBlock,
|
|
54
|
-
resolveContents,
|
|
55
|
-
resolvePlatform,
|
|
56
|
-
retryTransient,
|
|
57
|
-
safeCaPattern,
|
|
58
|
-
stripTrailingNewlines,
|
|
59
|
-
summarizeResult,
|
|
60
|
-
upsertManagedBlock,
|
|
61
|
-
upsertTextBlock,
|
|
62
|
-
vdiFromEnv,
|
|
63
|
-
writeArtifact,
|
|
64
|
-
writeJson,
|
|
65
|
-
writeText
|
|
66
|
-
} from "./chunk-7GVBGS5N.js";
|
|
67
|
-
export {
|
|
68
|
-
ALL_COMMANDS,
|
|
69
|
-
AihError,
|
|
70
|
-
CAPABILITIES,
|
|
71
|
-
ContextDir,
|
|
72
|
-
DirtyWorktreeError,
|
|
73
|
-
FsTransaction,
|
|
74
|
-
FsTxnError,
|
|
75
|
-
MergeError,
|
|
76
|
-
NotImplementedError,
|
|
77
|
-
PathContainmentError,
|
|
78
|
-
PlatformError,
|
|
79
|
-
READONLY,
|
|
80
|
-
SettingsError,
|
|
81
|
-
VERSION,
|
|
82
|
-
VerificationError,
|
|
83
|
-
VerificationReport,
|
|
84
|
-
beginMarker,
|
|
85
|
-
buildProgram,
|
|
86
|
-
deepMerge,
|
|
87
|
-
defaultRunner,
|
|
88
|
-
derBase64ToPem,
|
|
89
|
-
digest,
|
|
90
|
-
doc,
|
|
91
|
-
dynamicDigest,
|
|
92
|
-
endMarker,
|
|
93
|
-
ensureTrailingNewline,
|
|
94
|
-
envBlock,
|
|
95
|
-
exec,
|
|
96
|
-
executePlan,
|
|
97
|
-
fakeRunner,
|
|
98
|
-
formatExport,
|
|
99
|
-
frontmatter,
|
|
100
|
-
indent,
|
|
101
|
-
isPlainObject,
|
|
102
|
-
jsonFile,
|
|
103
|
-
lines,
|
|
104
|
-
loadSettings,
|
|
105
|
-
makeHostAdapter,
|
|
106
|
-
managedBlock,
|
|
107
|
-
missingToolRunner,
|
|
108
|
-
parseCertLines,
|
|
109
|
-
parseFirstInt,
|
|
110
|
-
parseJsoncText,
|
|
111
|
-
parseNvidiaSmi,
|
|
112
|
-
parsePemBlocks,
|
|
113
|
-
plan,
|
|
114
|
-
probe,
|
|
115
|
-
probeMany,
|
|
116
|
-
readIfExists,
|
|
117
|
-
registerCommands,
|
|
118
|
-
remove,
|
|
119
|
-
removeManagedBlock,
|
|
120
|
-
resolveContents,
|
|
121
|
-
resolvePlatform,
|
|
122
|
-
retryTransient,
|
|
123
|
-
safeCaPattern,
|
|
124
|
-
stripTrailingNewlines,
|
|
125
|
-
summarizeResult,
|
|
126
|
-
upsertManagedBlock,
|
|
127
|
-
upsertTextBlock,
|
|
128
|
-
vdiFromEnv,
|
|
129
|
-
writeArtifact,
|
|
130
|
-
writeJson,
|
|
131
|
-
writeText
|
|
132
|
-
};
|
|
133
|
-
//# sourceMappingURL=index.js.map
|
|
1
|
+
import{$ as fr,A as Y,B as _,C as c,D as h,E as j,F as k,G as q,H as v,I as w,J as y,K as z,L as F,M as G,N as H,O as J,P as K,Q,R as U,S as W,T as X,U as Z,V as $,W as rr,X as or,Y as mr,Z as er,_ as tr,a as p,aa as pr,b as x,ba as xr,c as A,ca as Ar,d as I,da as Ir,e as L,ea as r,f as C,fa as o,g as E,ga as m,h as N,ha as e,i as O,ia as t,j as S,ja as f,k as a,l as d,m as g,n as i,o as s,p as D,q as M,r as P,s as R,t as b,u as l,v as n,w as u,x as B,y as T,z as V}from"./chunk-EAFL7TH3.js";export{m as ALL_COMMANDS,p as AihError,r as CAPABILITIES,g as ContextDir,O as DirtyWorktreeError,a as FsTransaction,I as FsTxnError,E as MergeError,C as NotImplementedError,N as PathContainmentError,A as PlatformError,o as READONLY,x as SettingsError,t as VERSION,L as VerificationError,K as VerificationReport,k as beginMarker,f as buildProgram,J as deepMerge,Z as defaultRunner,or as derBase64ToPem,P as digest,M as doc,R as dynamicDigest,q as endMarker,j as ensureTrailingNewline,u as envBlock,n as exec,W as executePlan,$ as fakeRunner,w as formatExport,c as frontmatter,_ as indent,H as isPlainObject,h as jsonFile,Y as lines,i as loadSettings,Ir as makeHostAdapter,v as managedBlock,rr as missingToolRunner,pr as parseCertLines,tr as parseFirstInt,G as parseJsoncText,fr as parseNvidiaSmi,xr as parsePemBlocks,T as plan,b as probe,l as probeMany,d as readIfExists,e as registerCommands,B as remove,F as removeManagedBlock,U as resolveContents,Ar as resolvePlatform,S as retryTransient,mr as safeCaPattern,V as stripTrailingNewlines,X as summarizeResult,y as upsertManagedBlock,z as upsertTextBlock,er as vdiFromEnv,Q as writeArtifact,D as writeJson,s as writeText};
|