@aihq/harness 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -1,12 +1,3 @@
1
1
  #!/usr/bin/env node
2
- import {
3
- buildProgram
4
- } from "./chunk-7GVBGS5N.js";
5
-
6
- // src/cli.ts
7
- buildProgram().parseAsync(process.argv).catch((err) => {
8
- process.stderr.write(`fatal: ${err instanceof Error ? err.message : String(err)}
9
- `);
10
- process.exitCode = 1;
11
- });
12
- //# sourceMappingURL=cli.js.map
2
+ import{ja as s}from"./chunk-2N5U3KQN.js";s().parseAsync(process.argv).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
3
+ `),process.exitCode=1});
package/dist/index.d.ts CHANGED
@@ -186,7 +186,7 @@ type Verdict = "pass" | "fail" | "skip";
186
186
  * sealed: a new failure mode means a new member here PLUS the `code` set at the
187
187
  * emitter; never derive a code by matching `detail`.
188
188
  */
189
- type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source";
189
+ type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing";
190
190
  interface Check {
191
191
  name: string;
192
192
  verdict: Verdict;
@@ -351,20 +351,25 @@ interface DigestAction {
351
351
  };
352
352
  }
353
353
  /**
354
- * Remove a repo-LOCAL file that aih exclusively owns — aih's only destructive
355
- * action. Emitted solely by `aih prune` for artifacts its detection proved
356
- * aih-owned (a per-CLI adapter note, a kiro steering/hook extra) once the CLI is
357
- * dropped. The executor fails closed: mandatory {@link assertContained} on the raw
354
+ * Remove a repo-LOCAL file or directory that aih exclusively owns — aih's only
355
+ * destructive action. Two emitters: `aih prune` (artifacts its detection proved
356
+ * aih-owned a per-CLI adapter note, a kiro steering/hook extra once the CLI is
357
+ * dropped) and `aih skill remove` (a user-directed removal of an installed skill's
358
+ * directory + committed card). The executor fails closed: mandatory {@link assertContained} on the raw
358
359
  * path (no `external` field exists, so a global `~/home` file is structurally
359
- * unreachable), a symlink guard, and a backup before unlink. It MOVES the file to
360
- * gitignored `.aih/legacy/<path>` (reversible) the move itself is the backup, so a
361
- * dropped CLI's artifacts can always be restored by moving them back.
360
+ * unreachable), a symlink guard, and a backup before unlink. By default it MOVES the
361
+ * file to gitignored `.aih/legacy/<path>` (reversible; occupied destinations are never
362
+ * overwritten). Under `hardDelete` it instead renames to the sibling `<path>.aih.bak`
363
+ * — the same single-slot, latest-wins backup every aih write gets — for users who
364
+ * explicitly opt out of the archive.
362
365
  */
363
366
  interface RemoveAction {
364
367
  kind: "remove";
365
368
  /** Repo-relative path of the file to remove. */
366
369
  path: string;
367
370
  describe: string;
371
+ /** Opt-in: single-slot `<path>.aih.bak` rename instead of the `.aih/legacy/` archive. */
372
+ hardDelete?: boolean;
368
373
  }
369
374
  type Action = WriteAction | DocAction | ProbeAction | ExecAction | EnvBlockAction | DigestAction | RemoveAction;
370
375
  interface Plan {
@@ -471,7 +476,9 @@ declare function exec(describe: string, argv: string[], opts?: {
471
476
  blockProbesOnFailure?: boolean;
472
477
  }): ExecAction;
473
478
  declare function envBlock(path: string, scope: string, shell: EnvShell, vars: EnvVar[], describe: string): EnvBlockAction;
474
- declare function remove(path: string, describe: string): RemoveAction;
479
+ declare function remove(path: string, describe: string, opts?: {
480
+ hardDelete?: boolean;
481
+ }): RemoveAction;
475
482
  declare function plan(capability: string, ...actions: Action[]): Plan;
476
483
 
477
484
  /** Capability commands (repo/workstation mutators), dry-run by default. */
@@ -558,9 +565,10 @@ interface WriteSummary {
558
565
  interface RemoveSummary {
559
566
  path: string;
560
567
  describe: string;
561
- /** `remove` = present, will move to `.aih/legacy/`; `absent` = nothing on disk. */
562
- effect: "remove" | "absent";
563
- /** Repo-relative `.aih/legacy/` destination, when effect is `remove`. */
568
+ /** `remove` = move to `.aih/legacy/`; `delete` = hard-delete (single-slot `.aih.bak`
569
+ * backup); `absent` = nothing on disk. */
570
+ effect: "remove" | "delete" | "absent";
571
+ /** Repo-relative destination (`.aih/legacy/…` or `<path>.aih.bak`), when present. */
564
572
  to?: string;
565
573
  }
566
574
  interface PlanResult {
@@ -672,8 +680,13 @@ declare class FsTransaction {
672
680
  * `.aih/legacy/`). The move IS the backup: rollback (and the user) restore by
673
681
  * moving it back. Symlinks are refused at commit (moving a link then restoring it
674
682
  * would recreate a regular file). No-op if the source is already gone.
683
+ * `backupSibling` marks a hard-delete destination (`<path>.aih.bak`): still
684
+ * never-overwrite, but a taken slot falls back to `<path>.N.aih.bak` (matches the
685
+ * gitignored `*.aih.bak` glob) instead of the archive's `<path>.N`.
675
686
  */
676
- stageRemoval(path: string, legacyPath: string): void;
687
+ stageRemoval(path: string, legacyPath: string, opts?: {
688
+ backupSibling?: boolean;
689
+ }): void;
677
690
  preview(): ReadonlyArray<StagedWrite>;
678
691
  commit(): FsTxnResult;
679
692
  }
@@ -758,7 +771,7 @@ declare function parseCertLines(stdout: string): CertEntry[];
758
771
  */
759
772
  declare function parsePemBlocks(stdout: string, subject?: string): CertEntry[];
760
773
 
761
- declare const VERSION = "0.3.0";
774
+ declare const VERSION = "0.4.0";
762
775
  /** Build the configured commander program. Imported by both the CLI entry and tests. */
763
776
  declare function buildProgram(): Command;
764
777
 
package/dist/index.js CHANGED
@@ -1,133 +1 @@
1
- import {
2
- ALL_COMMANDS,
3
- AihError,
4
- CAPABILITIES,
5
- ContextDir,
6
- DirtyWorktreeError,
7
- FsTransaction,
8
- FsTxnError,
9
- MergeError,
10
- NotImplementedError,
11
- PathContainmentError,
12
- PlatformError,
13
- READONLY,
14
- SettingsError,
15
- VERSION,
16
- VerificationError,
17
- VerificationReport,
18
- beginMarker,
19
- buildProgram,
20
- deepMerge,
21
- defaultRunner,
22
- derBase64ToPem,
23
- digest,
24
- doc,
25
- dynamicDigest,
26
- endMarker,
27
- ensureTrailingNewline,
28
- envBlock,
29
- exec,
30
- executePlan,
31
- fakeRunner,
32
- formatExport,
33
- frontmatter,
34
- indent,
35
- isPlainObject,
36
- jsonFile,
37
- lines,
38
- loadSettings,
39
- makeHostAdapter,
40
- managedBlock,
41
- missingToolRunner,
42
- parseCertLines,
43
- parseFirstInt,
44
- parseJsoncText,
45
- parseNvidiaSmi,
46
- parsePemBlocks,
47
- plan,
48
- probe,
49
- probeMany,
50
- readIfExists,
51
- registerCommands,
52
- remove,
53
- removeManagedBlock,
54
- resolveContents,
55
- resolvePlatform,
56
- retryTransient,
57
- safeCaPattern,
58
- stripTrailingNewlines,
59
- summarizeResult,
60
- upsertManagedBlock,
61
- upsertTextBlock,
62
- vdiFromEnv,
63
- writeArtifact,
64
- writeJson,
65
- writeText
66
- } from "./chunk-7GVBGS5N.js";
67
- export {
68
- ALL_COMMANDS,
69
- AihError,
70
- CAPABILITIES,
71
- ContextDir,
72
- DirtyWorktreeError,
73
- FsTransaction,
74
- FsTxnError,
75
- MergeError,
76
- NotImplementedError,
77
- PathContainmentError,
78
- PlatformError,
79
- READONLY,
80
- SettingsError,
81
- VERSION,
82
- VerificationError,
83
- VerificationReport,
84
- beginMarker,
85
- buildProgram,
86
- deepMerge,
87
- defaultRunner,
88
- derBase64ToPem,
89
- digest,
90
- doc,
91
- dynamicDigest,
92
- endMarker,
93
- ensureTrailingNewline,
94
- envBlock,
95
- exec,
96
- executePlan,
97
- fakeRunner,
98
- formatExport,
99
- frontmatter,
100
- indent,
101
- isPlainObject,
102
- jsonFile,
103
- lines,
104
- loadSettings,
105
- makeHostAdapter,
106
- managedBlock,
107
- missingToolRunner,
108
- parseCertLines,
109
- parseFirstInt,
110
- parseJsoncText,
111
- parseNvidiaSmi,
112
- parsePemBlocks,
113
- plan,
114
- probe,
115
- probeMany,
116
- readIfExists,
117
- registerCommands,
118
- remove,
119
- removeManagedBlock,
120
- resolveContents,
121
- resolvePlatform,
122
- retryTransient,
123
- safeCaPattern,
124
- stripTrailingNewlines,
125
- summarizeResult,
126
- upsertManagedBlock,
127
- upsertTextBlock,
128
- vdiFromEnv,
129
- writeArtifact,
130
- writeJson,
131
- writeText
132
- };
133
- //# sourceMappingURL=index.js.map
1
+ import{$ as fr,A as Y,B as _,C as c,D as h,E as j,F as k,G as q,H as v,I as w,J as y,K as z,L as F,M as G,N as H,O as J,P as K,Q,R as U,S as W,T as X,U as Z,V as $,W as rr,X as or,Y as mr,Z as er,_ as tr,a as p,aa as pr,b as x,ba as xr,c as A,ca as Ar,d as I,da as Ir,e as L,ea as r,f as C,fa as o,g as E,ga as m,h as N,ha as e,i as O,ia as t,j as S,ja as f,k as a,l as d,m as g,n as i,o as s,p as D,q as M,r as P,s as R,t as b,u as l,v as n,w as u,x as B,y as T,z as V}from"./chunk-2N5U3KQN.js";export{m as ALL_COMMANDS,p as AihError,r as CAPABILITIES,g as ContextDir,O as DirtyWorktreeError,a as FsTransaction,I as FsTxnError,E as MergeError,C as NotImplementedError,N as PathContainmentError,A as PlatformError,o as READONLY,x as SettingsError,t as VERSION,L as VerificationError,K as VerificationReport,k as beginMarker,f as buildProgram,J as deepMerge,Z as defaultRunner,or as derBase64ToPem,P as digest,M as doc,R as dynamicDigest,q as endMarker,j as ensureTrailingNewline,u as envBlock,n as exec,W as executePlan,$ as fakeRunner,w as formatExport,c as frontmatter,_ as indent,H as isPlainObject,h as jsonFile,Y as lines,i as loadSettings,Ir as makeHostAdapter,v as managedBlock,rr as missingToolRunner,pr as parseCertLines,tr as parseFirstInt,G as parseJsoncText,fr as parseNvidiaSmi,xr as parsePemBlocks,T as plan,b as probe,l as probeMany,d as readIfExists,e as registerCommands,B as remove,F as removeManagedBlock,U as resolveContents,Ar as resolvePlatform,S as retryTransient,mr as safeCaPattern,V as stripTrailingNewlines,X as summarizeResult,y as upsertManagedBlock,z as upsertTextBlock,er as vdiFromEnv,Q as writeArtifact,D as writeJson,s as writeText};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aihq/harness",
3
- "version": "0.3.0",
3
+ "version": "0.4.0",
4
4
  "description": "Enterprise AI Bootstrapping Harness — bootstraps governed, proxy-safe AI coding into workstations and repos",
5
5
  "repository": {
6
6
  "type": "git",