@aihq/harness 0.3.1 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -1,3 +1,3 @@
1
1
  #!/usr/bin/env node
2
- import{ja as s}from"./chunk-EAFL7TH3.js";s().parseAsync(process.argv).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
2
+ import{ja as s}from"./chunk-Z2VMMIMJ.js";s().parseAsync(process.argv).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
3
3
  `),process.exitCode=1});
package/dist/index.d.ts CHANGED
@@ -186,7 +186,7 @@ type Verdict = "pass" | "fail" | "skip";
186
186
  * sealed: a new failure mode means a new member here PLUS the `code` set at the
187
187
  * emitter; never derive a code by matching `detail`.
188
188
  */
189
- type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing";
189
+ type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill";
190
190
  interface Check {
191
191
  name: string;
192
192
  verdict: Verdict;
@@ -351,14 +351,19 @@ interface DigestAction {
351
351
  };
352
352
  }
353
353
  /**
354
- * Remove a repo-LOCAL file that aih exclusively owns — aih's only destructive
355
- * action. Emitted solely by `aih prune` for artifacts its detection proved
356
- * aih-owned (a per-CLI adapter note, a kiro steering/hook extra) once the CLI is
357
- * dropped. The executor fails closed: mandatory {@link assertContained} on the raw
354
+ * Remove a repo-LOCAL file or directory that aih exclusively owns — aih's only
355
+ * destructive action. Three emitters: `aih prune` (artifacts its detection proved
356
+ * aih-owned a per-CLI adapter note, a kiro steering/hook extra once the CLI is
357
+ * dropped), `aih skill remove` (a user-directed removal of an installed skill's
358
+ * directory + committed card), and `aih skill quarantine` (the same reversible move,
359
+ * but into `.aih/quarantine/` with the skill's approval kept). The executor fails
360
+ * closed: mandatory {@link assertContained} on the raw
358
361
  * path (no `external` field exists, so a global `~/home` file is structurally
359
362
  * unreachable), a symlink guard, and a backup before unlink. By default it MOVES the
360
363
  * file to gitignored `.aih/legacy/<path>` (reversible; occupied destinations are never
361
- * overwritten). Under `hardDelete` it instead renames to the sibling `<path>.aih.bak`
364
+ * overwritten); `archiveRoot` picks `.aih/quarantine/` instead, with the identical
365
+ * containment/symlink/never-overwrite machinery. Under `hardDelete` it instead renames
366
+ * to the sibling `<path>.aih.bak`
362
367
  * — the same single-slot, latest-wins backup every aih write gets — for users who
363
368
  * explicitly opt out of the archive.
364
369
  */
@@ -369,6 +374,8 @@ interface RemoveAction {
369
374
  describe: string;
370
375
  /** Opt-in: single-slot `<path>.aih.bak` rename instead of the `.aih/legacy/` archive. */
371
376
  hardDelete?: boolean;
377
+ /** Archive root for the reversible move. Closed union — never an arbitrary path. */
378
+ archiveRoot?: ".aih/legacy" | ".aih/quarantine";
372
379
  }
373
380
  type Action = WriteAction | DocAction | ProbeAction | ExecAction | EnvBlockAction | DigestAction | RemoveAction;
374
381
  interface Plan {
@@ -477,6 +484,7 @@ declare function exec(describe: string, argv: string[], opts?: {
477
484
  declare function envBlock(path: string, scope: string, shell: EnvShell, vars: EnvVar[], describe: string): EnvBlockAction;
478
485
  declare function remove(path: string, describe: string, opts?: {
479
486
  hardDelete?: boolean;
487
+ archiveRoot?: RemoveAction["archiveRoot"];
480
488
  }): RemoveAction;
481
489
  declare function plan(capability: string, ...actions: Action[]): Plan;
482
490
 
@@ -770,7 +778,7 @@ declare function parseCertLines(stdout: string): CertEntry[];
770
778
  */
771
779
  declare function parsePemBlocks(stdout: string, subject?: string): CertEntry[];
772
780
 
773
- declare const VERSION = "0.3.1";
781
+ declare const VERSION = "0.4.1";
774
782
  /** Build the configured commander program. Imported by both the CLI entry and tests. */
775
783
  declare function buildProgram(): Command;
776
784
 
package/dist/index.js CHANGED
@@ -1 +1 @@
1
- import{$ as fr,A as Y,B as _,C as c,D as h,E as j,F as k,G as q,H as v,I as w,J as y,K as z,L as F,M as G,N as H,O as J,P as K,Q,R as U,S as W,T as X,U as Z,V as $,W as rr,X as or,Y as mr,Z as er,_ as tr,a as p,aa as pr,b as x,ba as xr,c as A,ca as Ar,d as I,da as Ir,e as L,ea as r,f as C,fa as o,g as E,ga as m,h as N,ha as e,i as O,ia as t,j as S,ja as f,k as a,l as d,m as g,n as i,o as s,p as D,q as M,r as P,s as R,t as b,u as l,v as n,w as u,x as B,y as T,z as V}from"./chunk-EAFL7TH3.js";export{m as ALL_COMMANDS,p as AihError,r as CAPABILITIES,g as ContextDir,O as DirtyWorktreeError,a as FsTransaction,I as FsTxnError,E as MergeError,C as NotImplementedError,N as PathContainmentError,A as PlatformError,o as READONLY,x as SettingsError,t as VERSION,L as VerificationError,K as VerificationReport,k as beginMarker,f as buildProgram,J as deepMerge,Z as defaultRunner,or as derBase64ToPem,P as digest,M as doc,R as dynamicDigest,q as endMarker,j as ensureTrailingNewline,u as envBlock,n as exec,W as executePlan,$ as fakeRunner,w as formatExport,c as frontmatter,_ as indent,H as isPlainObject,h as jsonFile,Y as lines,i as loadSettings,Ir as makeHostAdapter,v as managedBlock,rr as missingToolRunner,pr as parseCertLines,tr as parseFirstInt,G as parseJsoncText,fr as parseNvidiaSmi,xr as parsePemBlocks,T as plan,b as probe,l as probeMany,d as readIfExists,e as registerCommands,B as remove,F as removeManagedBlock,U as resolveContents,Ar as resolvePlatform,S as retryTransient,mr as safeCaPattern,V as stripTrailingNewlines,X as summarizeResult,y as upsertManagedBlock,z as upsertTextBlock,er as vdiFromEnv,Q as writeArtifact,D as writeJson,s as writeText};
1
+ import{$ as fr,A as Y,B as _,C as c,D as h,E as j,F as k,G as q,H as v,I as w,J as y,K as z,L as F,M as G,N as H,O as J,P as K,Q,R as U,S as W,T as X,U as Z,V as $,W as rr,X as or,Y as mr,Z as er,_ as tr,a as p,aa as pr,b as x,ba as xr,c as A,ca as Ar,d as I,da as Ir,e as L,ea as r,f as C,fa as o,g as E,ga as m,h as N,ha as e,i as O,ia as t,j as S,ja as f,k as a,l as d,m as g,n as i,o as s,p as D,q as M,r as P,s as R,t as b,u as l,v as n,w as u,x as B,y as T,z as V}from"./chunk-Z2VMMIMJ.js";export{m as ALL_COMMANDS,p as AihError,r as CAPABILITIES,g as ContextDir,O as DirtyWorktreeError,a as FsTransaction,I as FsTxnError,E as MergeError,C as NotImplementedError,N as PathContainmentError,A as PlatformError,o as READONLY,x as SettingsError,t as VERSION,L as VerificationError,K as VerificationReport,k as beginMarker,f as buildProgram,J as deepMerge,Z as defaultRunner,or as derBase64ToPem,P as digest,M as doc,R as dynamicDigest,q as endMarker,j as ensureTrailingNewline,u as envBlock,n as exec,W as executePlan,$ as fakeRunner,w as formatExport,c as frontmatter,_ as indent,H as isPlainObject,h as jsonFile,Y as lines,i as loadSettings,Ir as makeHostAdapter,v as managedBlock,rr as missingToolRunner,pr as parseCertLines,tr as parseFirstInt,G as parseJsoncText,fr as parseNvidiaSmi,xr as parsePemBlocks,T as plan,b as probe,l as probeMany,d as readIfExists,e as registerCommands,B as remove,F as removeManagedBlock,U as resolveContents,Ar as resolvePlatform,S as retryTransient,mr as safeCaPattern,V as stripTrailingNewlines,X as summarizeResult,y as upsertManagedBlock,z as upsertTextBlock,er as vdiFromEnv,Q as writeArtifact,D as writeJson,s as writeText};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aihq/harness",
3
- "version": "0.3.1",
3
+ "version": "0.4.1",
4
4
  "description": "Enterprise AI Bootstrapping Harness — bootstraps governed, proxy-safe AI coding into workstations and repos",
5
5
  "repository": {
6
6
  "type": "git",