@aihq/harness 0.5.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -1,3 +1,4 @@
1
1
  #!/usr/bin/env node
2
- import{ja as s}from"./chunk-75FWB266.js";s().parseAsync(process.argv).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
2
+ import{qa as s,ra as e,sa as n}from"./chunk-HPWF2YPV.js";e(process.argv)?s().parse(process.argv):n().then(({program:r,warnings:o})=>{for(let i of o)process.stderr.write(`aih: plugin: ${i}
3
+ `);return r.parseAsync(process.argv)}).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
3
4
  `),process.exitCode=1});
package/dist/index.d.ts CHANGED
@@ -186,7 +186,7 @@ type Verdict = "pass" | "fail" | "skip";
186
186
  * sealed: a new failure mode means a new member here PLUS the `code` set at the
187
187
  * emitter; never derive a code by matching `detail`.
188
188
  */
189
- type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill" | "pack.duplicate-name" | "pack.pin-mismatch" | "pack.missing-approval" | "pack.unknown-manifest";
189
+ type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "org-policy.invalid" | "org-policy.bundle-invalid" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill" | "pack.duplicate-name" | "pack.pin-mismatch" | "pack.missing-approval" | "pack.unknown-manifest" | "marketplace.manifest-parse" | "marketplace.path-traversal" | "marketplace.missing-file" | "marketplace.checksum-mismatch" | "marketplace.sums-coverage" | "marketplace.unapproved-verdict" | "marketplace.signature";
190
190
  interface Check {
191
191
  name: string;
192
192
  verdict: Verdict;
@@ -311,6 +311,16 @@ interface ExecAction {
311
311
  blockProbesOnFailure?: boolean;
312
312
  /** Continue the plan even if the command exits non-zero. */
313
313
  allowFailure?: boolean;
314
+ /**
315
+ * Apply-time content pin: refuse to run (abort the apply) unless the file's
316
+ * bytes still hash to `sha256` — pins an apply-time exec to the plan-time
317
+ * preflighted content, so nothing swapped in between plan and apply can ever
318
+ * be consumed by the command (the validate-then-use TOCTOU).
319
+ */
320
+ expect?: {
321
+ path: string;
322
+ sha256: string;
323
+ };
314
324
  }
315
325
  /**
316
326
  * Upsert an aih-managed env block (one `scope`) into a shell profile. Unlike a
@@ -433,6 +443,23 @@ interface CommandOption {
433
443
  interface CommandSpec {
434
444
  name: string;
435
445
  summary: string;
446
+ /**
447
+ * Old command NAMES this command still answers to after a rename — the
448
+ * alias-before-removal deprecation machinery (STABILITY.md). Each entry
449
+ * registers as a commander alias of this command on the shared registerSpec
450
+ * path (src/commands/index.ts): the old name dispatches the SAME action with
451
+ * the same flags, after ONE stderr line naming the replacement. An alias
452
+ * lives for at least one minor release and is removed only by the next
453
+ * major (VERSIONING.md), staying reserved in {@link builtinCommandNames}
454
+ * for its whole grace window. Core-only: the plugin registry strips this
455
+ * field from plugin specs — a plugin ships new commands, it never renames
456
+ * (or shadows) core ones. TOP-LEVEL commands only: specs registered through
457
+ * the manual parent-group paths (trust/skill/pack/marketplace/policy/
458
+ * evidence subcommands) never pass through registerSpec, so the field is
459
+ * silently ignored there — wire alias support into that path before the
460
+ * first nested rename.
461
+ */
462
+ deprecatedAliases?: string[];
436
463
  options?: CommandOption[];
437
464
  plan: PlanFn;
438
465
  /** Read-only commands (doctor/status) skip the apply path entirely. */
@@ -480,6 +507,7 @@ declare function exec(describe: string, argv: string[], opts?: {
480
507
  timeoutMs?: number;
481
508
  failureCheck?: ExecAction["failureCheck"];
482
509
  blockProbesOnFailure?: boolean;
510
+ expect?: ExecAction["expect"];
483
511
  }): ExecAction;
484
512
  declare function envBlock(path: string, scope: string, shell: EnvShell, vars: EnvVar[], describe: string): EnvBlockAction;
485
513
  declare function remove(path: string, describe: string, opts?: {
@@ -493,7 +521,34 @@ declare const CAPABILITIES: CommandSpec[];
493
521
  /** Read-only commands (always safe). */
494
522
  declare const READONLY: CommandSpec[];
495
523
  declare const ALL_COMMANDS: CommandSpec[];
496
- declare function registerCommands(program: Command): void;
524
+ /**
525
+ * Every top-level name the core CLI claims: ALL_COMMANDS' names AND their
526
+ * deprecated aliases (an old name stays reserved for its whole grace window —
527
+ * see CommandSpec.deprecatedAliases), plus the parent group names
528
+ * (`workspace` is both a CommandSpec and a group — the Set folds it) plus
529
+ * commander's own reserved `help`/`version`. The plugin registry refuses any
530
+ * external spec colliding with one of these, so a plugin can never shadow
531
+ * `doctor`, capture the `marketplace` group, impersonate `help`, or squat on
532
+ * a deprecated old name mid-migration. `specs` is a test seam (defaults to
533
+ * ALL_COMMANDS) so the alias reservation is provable while zero built-ins
534
+ * carry one.
535
+ */
536
+ declare function builtinCommandNames(specs?: readonly CommandSpec[]): ReadonlySet<string>;
537
+ /**
538
+ * Register every command on the program. `extra` carries EXTERNAL plugin specs
539
+ * (see src/plugins/registry.ts, already gated + collision-free): they flow
540
+ * through the IDENTICAL registerSpec path as the built-ins — same shared
541
+ * flags, same optional `[root]` positional, same runCapability action (posture
542
+ * resolution, dirty-worktree gate, run ledger). TOP-LEVEL specs only: a plugin
543
+ * cannot contribute subcommands to a parent group (trust/skill/pack/…) in v1.
544
+ *
545
+ * Containment: built-ins register OUTSIDE any try/catch — a throw there is a
546
+ * core bug that must crash loudly. Each plugin spec registers inside its own
547
+ * try/catch: a Commander throw (e.g. a flag conflict the structural gate
548
+ * cannot predict) drops THAT spec with a warning pushed to the `warnings`
549
+ * sink, and every other command stays live.
550
+ */
551
+ declare function registerCommands(program: Command, extra?: CommandSpec[], warnings?: string[]): void;
497
552
 
498
553
  /** Resolved runtime settings (env defaults overlaid with CLI flags). */
499
554
  interface Settings {
@@ -699,6 +754,20 @@ declare class FsTransaction {
699
754
  }
700
755
  /** Read a file's text, or `undefined` if it does not exist. */
701
756
  declare function readIfExists(path: string): string | undefined;
757
+ /**
758
+ * Open-then-read on ONE file descriptor: the regular-file check (`fstat` on the
759
+ * open fd, never a second path lookup) and the read cannot be raced apart, and
760
+ * a symlink swapped in after directory enumeration is refused at open where
761
+ * `O_NOFOLLOW` exists rather than silently followed. Returns undefined for
762
+ * anything that is not a readable regular file.
763
+ *
764
+ * Use this — not {@link readIfExists} — for any path DISCOVERED by a directory
765
+ * scan: a plain exists-then-read pair on a scanned path is a swap window where
766
+ * a symlink planted between enumeration and read gets silently followed and its
767
+ * target's bytes laundered into an artifact (marketplace build, evidence
768
+ * bundle, fleet bundle all package what they read).
769
+ */
770
+ declare function readRegularFile(abs: string): Buffer | undefined;
702
771
 
703
772
  /**
704
773
  * Parse JSON or JSONC text (tolerant of comments + trailing commas). Returns
@@ -778,8 +847,147 @@ declare function parseCertLines(stdout: string): CertEntry[];
778
847
  */
779
848
  declare function parsePemBlocks(stdout: string, subject?: string): CertEntry[];
780
849
 
781
- declare const VERSION = "0.5.0";
782
- /** Build the configured commander program. Imported by both the CLI entry and tests. */
783
- declare function buildProgram(): Command;
850
+ /**
851
+ * The pluggable command registry aih's ONE extension seam (OPA/Semgrep-style
852
+ * open core). The public harness is complete and fully local on its own; on
853
+ * startup the CLI probes for a single optional peer package,
854
+ * {@link PLUGIN_PACKAGE}, and when it is installed and valid, the `aihCommands`
855
+ * CommandSpecs it exports merge into the registry and appear as NATIVE
856
+ * subcommands — flowing through the identical registration path as the
857
+ * built-ins (shared flags, posture resolution, dirty-worktree gate, run
858
+ * ledger), so the private package bolts on without forking the core. An
859
+ * unenrolled machine sees zero output and zero behavior change.
860
+ *
861
+ * Rules the seam is built on:
862
+ * - LITERAL package name only. The probe always imports {@link PLUGIN_PACKAGE}
863
+ * verbatim — never an env var, flag, or config value — so nothing
864
+ * user-controlled can point the import at other code. (The `importer` and
865
+ * `resolver` options are purely test seams; production uses the platform
866
+ * dynamic import and `import.meta.resolve`.)
867
+ * - SAME INSTALL TREE only. Before importing, the probe resolves where the
868
+ * import WOULD load from and refuses anything outside the harness's own
869
+ * install tree, so a global or `npx`-run aih pointed at a hostile repo can
870
+ * never import that repo's planted `node_modules/@aihq/enterprise`. Honesty
871
+ * note (also in the README): when aih itself is installed INSIDE the target
872
+ * repo, the repo already controls the binary — the check draws the boundary
873
+ * at "the tree aih runs from", nothing stronger.
874
+ * - STARTUP BUDGET. The import races a timeout (default
875
+ * {@link DEFAULT_IMPORT_TIMEOUT_MS} ms); a slow or wedged plugin degrades to
876
+ * local-only with a warning instead of stalling every invocation. (`aih
877
+ * --version` skips the probe entirely — see src/cli.ts.)
878
+ * - Kill switch: `AIH_NO_PLUGINS=1` (read from the injectable `env`) skips the
879
+ * probe without touching the importer at all.
880
+ * - Fail open to LOCAL. A missing package is the normal unenrolled case
881
+ * (silent — zero noise); anything else (the package present but failing to
882
+ * resolve or load, a malformed export, an invalid or colliding spec)
883
+ * degrades to local-only behavior with a one-line warning. A broken plugin
884
+ * must never break the CLI.
885
+ * - Built-ins always win: a plugin spec whose name collides with a built-in
886
+ * command, a parent group, or commander's own `help`/`version` is refused
887
+ * ("refusing to shadow").
888
+ * - Shared + reserved flags are off-limits: a plugin option may not claim any
889
+ * token from {@link SHARED_FLAG_TOKENS} (the addSharedFlags surface) or
890
+ * commander's reserved `--help`/`-h`/`--version`/`-V`.
891
+ * - `skipWorktreeGate` is never honored for plugin commands — the field is
892
+ * stripped from the registered copy (see {@link stripWorktreeGateField}).
893
+ * - `deprecatedAliases` is never honored for plugin commands — aliases are
894
+ * the CORE rename machinery (STABILITY.md), and an alias is an extra
895
+ * dispatch name the collision rules above do not walk. The field is
896
+ * stripped from the registered copy with a warning (see
897
+ * {@link stripDeprecatedAliasesField}); built-in aliases stay reserved
898
+ * against plugin NAMES via builtinCommandNames.
899
+ * - Warnings render hostile input: every plugin-influenced string that lands
900
+ * in a warning routes through {@link sanitizeLabel} first.
901
+ *
902
+ * Trust boundary note: the boundary is package INSTALLATION — by the time this
903
+ * module inspects the export, `import()` has already run the plugin's module
904
+ * code, exactly like any other installed dependency. The structural gate below
905
+ * is about REGISTRY INTEGRITY (only well-formed, non-colliding specs register),
906
+ * not sandboxing: a gated spec may use any {@link CommandSpec} field, including
907
+ * `readOnly` (`skipWorktreeGate` being the one carve-out).
908
+ */
909
+ /** The one probed plugin package. Literal by design — see the module jsdoc. */
910
+ declare const PLUGIN_PACKAGE = "@aihq/enterprise";
911
+ interface PluginLoadResult {
912
+ commands: CommandSpec[];
913
+ warnings: string[];
914
+ }
915
+ /** Import seam so tests can simulate any module shape without installing anything. */
916
+ type PluginImporter = (specifier: string) => Promise<unknown>;
917
+ /**
918
+ * Resolver seam for the install-tree boundary: maps the package specifier to
919
+ * the FILE PATH the import would load from. Production uses
920
+ * `import.meta.resolve`; tests inject paths inside/outside the allowed roots.
921
+ */
922
+ type PluginResolver = (specifier: string) => string;
923
+ interface PluginLoadOptions {
924
+ /** Test seam replacing the platform dynamic import. */
925
+ importer?: PluginImporter;
926
+ /** Test seam replacing `import.meta.resolve` for the install-tree check. */
927
+ resolver?: PluginResolver;
928
+ /** Environment for the kill switch — matches runCapability's deps.env convention. */
929
+ env?: NodeJS.ProcessEnv;
930
+ /** Import budget in milliseconds (default {@link DEFAULT_IMPORT_TIMEOUT_MS}). */
931
+ timeoutMs?: number;
932
+ }
933
+ /**
934
+ * Long flag tokens `addSharedFlags` (src/commands/index.ts) puts on every
935
+ * capability subcommand. Mirrored as a constant because the registry must stay
936
+ * a leaf module — importing the command tree from here would create an import
937
+ * cycle (commands/index.ts imports {@link sanitizeLabel} back from this file).
938
+ * The mirror is pinned against the real addSharedFlags registration by
939
+ * tests/plugins/registry.test.ts, so any drift fails CI.
940
+ */
941
+ declare const SHARED_FLAG_TOKENS: ReadonlySet<string>;
942
+ /**
943
+ * Make a plugin-influenced string safe to echo in a one-line warning: collapse
944
+ * newlines to spaces, strip C0/C1 control characters (including ESC, so
945
+ * ANSI/OSC sequences lose their teeth) plus DEL, and truncate to `max` with an
946
+ * ellipsis. Exported so the plugin-registration containment in
947
+ * src/commands/index.ts routes through the SAME sanitizer — one
948
+ * implementation, no drift.
949
+ */
950
+ declare function sanitizeLabel(value: string, max?: number): string;
951
+ /**
952
+ * Every root the plugin is allowed to resolve under: each `node_modules`
953
+ * directory on the ancestor chain of THIS module's own file (after bundling,
954
+ * that file IS the CLI binary in `dist/`), plus `<package root>/node_modules`
955
+ * where the package root is the first ancestor directory carrying a
956
+ * package.json — that second clause covers running from the dev tree, where no
957
+ * ancestor is itself a node_modules. Everything is realpath'd; candidates that
958
+ * do not exist are dropped (a missing directory cannot contain the plugin).
959
+ * Exported as a test seam so tests can build paths inside a real root.
960
+ */
961
+ declare function allowedPluginRoots(): string[];
962
+ /**
963
+ * Probe for {@link PLUGIN_PACKAGE} and return its registrable CommandSpecs.
964
+ * Never throws: every failure mode degrades to `{ commands: [] }` plus at most
965
+ * one-line warnings, so the CLI stays fully local no matter how broken the
966
+ * plugin is. `AIH_NO_PLUGINS=1` (from `opts.env ?? process.env`) skips the
967
+ * probe entirely. See {@link PluginLoadOptions} for the test seams.
968
+ */
969
+ declare function loadExternalCommands(builtinNames: ReadonlySet<string>, opts?: PluginLoadOptions): Promise<PluginLoadResult>;
970
+
971
+ declare const VERSION = "1.0.0";
972
+ /**
973
+ * Build the configured commander program. Imported by both the CLI entry and
974
+ * tests. Stays SYNC: `extra` lets callers merge pre-loaded plugin specs — the
975
+ * async plugin probe lives in {@link buildProgramWithPlugins}. `warnings` is an
976
+ * optional sink for per-spec registration containment: a plugin spec Commander
977
+ * refuses at registration time is dropped with a warning instead of taking the
978
+ * CLI down (see registerCommands in src/commands/index.ts).
979
+ */
980
+ declare function buildProgram(extra?: CommandSpec[], warnings?: string[]): Command;
981
+ /**
982
+ * The CLI entry's builder: probe for the optional `@aihq/enterprise` peer
983
+ * (fail-open to local — see src/plugins/registry.ts) and build with whatever
984
+ * validly loaded. `warnings` (probe + registration containment, in that order)
985
+ * is printed to stderr by the entry BEFORE parse; an unenrolled machine gets
986
+ * zero warnings and the exact buildProgram surface.
987
+ */
988
+ declare function buildProgramWithPlugins(): Promise<{
989
+ program: Command;
990
+ warnings: string[];
991
+ }>;
784
992
 
785
- export { ALL_COMMANDS, type AccelBackend, type Action, type ActionKind, type AdapterFactory, AihError, CAPABILITIES, type CertEntry, type Check, type CheckCode, type CommandOption, type CommandSpec, ContextDir, type DigestAction, DirtyWorktreeError, type DocAction, type EnvBlockAction, type EnvShell, type EnvVar, type ExecAction, FsTransaction, FsTxnError, type FsTxnResult, type GpuInfo, type GpuVendor, type HostAdapter, type HostAdapterOptions, MergeError, NotImplementedError, PathContainmentError, type Plan, type PlanContext, type PlanFn, type PlanResult, type Platform, PlatformError, type ProbeAction, READONLY, type RemoveAction, type RemoveSummary, type RunOptions, type RunResult, type Runner, type Settings, SettingsError, VERSION, type VdiInfo, type Verdict, VerificationError, VerificationReport, type WriteAction, type WriteSummary, beginMarker, buildProgram, deepMerge, defaultRunner, derBase64ToPem, digest, doc, dynamicDigest, endMarker, ensureTrailingNewline, envBlock, exec, executePlan, fakeRunner, formatExport, frontmatter, indent, isPlainObject, jsonFile, lines, loadSettings, makeHostAdapter, managedBlock, missingToolRunner, parseCertLines, parseFirstInt, parseJsoncText, parseNvidiaSmi, parsePemBlocks, plan, probe, probeMany, readIfExists, registerCommands, remove, removeManagedBlock, resolveContents, resolvePlatform, retryTransient, safeCaPattern, stripTrailingNewlines, summarizeResult, upsertManagedBlock, upsertTextBlock, vdiFromEnv, writeArtifact, writeJson, writeText };
993
+ export { ALL_COMMANDS, type AccelBackend, type Action, type ActionKind, type AdapterFactory, AihError, CAPABILITIES, type CertEntry, type Check, type CheckCode, type CommandOption, type CommandSpec, ContextDir, type DigestAction, DirtyWorktreeError, type DocAction, type EnvBlockAction, type EnvShell, type EnvVar, type ExecAction, FsTransaction, FsTxnError, type FsTxnResult, type GpuInfo, type GpuVendor, type HostAdapter, type HostAdapterOptions, MergeError, NotImplementedError, PLUGIN_PACKAGE, PathContainmentError, type Plan, type PlanContext, type PlanFn, type PlanResult, type Platform, PlatformError, type PluginImporter, type PluginLoadOptions, type PluginLoadResult, type PluginResolver, type ProbeAction, READONLY, type RemoveAction, type RemoveSummary, type RunOptions, type RunResult, type Runner, SHARED_FLAG_TOKENS, type Settings, SettingsError, VERSION, type VdiInfo, type Verdict, VerificationError, VerificationReport, type WriteAction, type WriteSummary, allowedPluginRoots, beginMarker, buildProgram, buildProgramWithPlugins, builtinCommandNames, deepMerge, defaultRunner, derBase64ToPem, digest, doc, dynamicDigest, endMarker, ensureTrailingNewline, envBlock, exec, executePlan, fakeRunner, formatExport, frontmatter, indent, isPlainObject, jsonFile, lines, loadExternalCommands, loadSettings, makeHostAdapter, managedBlock, missingToolRunner, parseCertLines, parseFirstInt, parseJsoncText, parseNvidiaSmi, parsePemBlocks, plan, probe, probeMany, readIfExists, readRegularFile, registerCommands, remove, removeManagedBlock, resolveContents, resolvePlatform, retryTransient, safeCaPattern, sanitizeLabel, stripTrailingNewlines, summarizeResult, upsertManagedBlock, upsertTextBlock, vdiFromEnv, writeArtifact, writeJson, writeText };
package/dist/index.js CHANGED
@@ -1 +1 @@
1
- import{$ as fr,A as Y,B as _,C as c,D as h,E as j,F as k,G as q,H as v,I as w,J as y,K as z,L as F,M as G,N as H,O as J,P as K,Q,R as U,S as W,T as X,U as Z,V as $,W as rr,X as or,Y as mr,Z as er,_ as tr,a as p,aa as pr,b as x,ba as xr,c as A,ca as Ar,d as I,da as Ir,e as L,ea as r,f as C,fa as o,g as E,ga as m,h as N,ha as e,i as O,ia as t,j as S,ja as f,k as a,l as d,m as g,n as i,o as s,p as D,q as M,r as P,s as R,t as b,u as l,v as n,w as u,x as B,y as T,z as V}from"./chunk-75FWB266.js";export{m as ALL_COMMANDS,p as AihError,r as CAPABILITIES,g as ContextDir,O as DirtyWorktreeError,a as FsTransaction,I as FsTxnError,E as MergeError,C as NotImplementedError,N as PathContainmentError,A as PlatformError,o as READONLY,x as SettingsError,t as VERSION,L as VerificationError,K as VerificationReport,k as beginMarker,f as buildProgram,J as deepMerge,Z as defaultRunner,or as derBase64ToPem,P as digest,M as doc,R as dynamicDigest,q as endMarker,j as ensureTrailingNewline,u as envBlock,n as exec,W as executePlan,$ as fakeRunner,w as formatExport,c as frontmatter,_ as indent,H as isPlainObject,h as jsonFile,Y as lines,i as loadSettings,Ir as makeHostAdapter,v as managedBlock,rr as missingToolRunner,pr as parseCertLines,tr as parseFirstInt,G as parseJsoncText,fr as parseNvidiaSmi,xr as parsePemBlocks,T as plan,b as probe,l as probeMany,d as readIfExists,e as registerCommands,B as remove,F as removeManagedBlock,U as resolveContents,Ar as resolvePlatform,S as retryTransient,mr as safeCaPattern,V as stripTrailingNewlines,X as summarizeResult,y as upsertManagedBlock,z as upsertTextBlock,er as vdiFromEnv,Q as writeArtifact,D as writeJson,s as writeText};
1
+ import{$ as xr,A as Y,B as _,C as c,D as j,E as k,F as q,G as v,H as w,I as y,J as z,K as F,L as G,M as H,N as J,O as K,P as Q,Q as U,R as X,S as Z,T as $,U as rr,V as or,W as mr,X as er,Y as tr,Z as fr,_ as pr,a as i,aa as ir,b as a,ba as ar,c as A,ca as Ar,d,da as dr,e as g,ea as gr,f as l,fa as lr,g as n,ga as nr,h as s,ha as sr,i as u,ia as ur,j as C,ja as Cr,k as I,ka as r,l as L,la as o,m as N,ma as m,n as P,na as e,o as b,oa as t,p as E,pa as f,q as O,qa as p,r as S,s as D,sa as x,t as M,u as R,v as h,w as B,x as T,y as V,z as W}from"./chunk-HPWF2YPV.js";export{m as ALL_COMMANDS,i as AihError,r as CAPABILITIES,P as ContextDir,u as DirtyWorktreeError,I as FsTransaction,d as FsTxnError,n as MergeError,l as NotImplementedError,lr as PLUGIN_PACKAGE,s as PathContainmentError,A as PlatformError,o as READONLY,nr as SHARED_FLAG_TOKENS,a as SettingsError,f as VERSION,g as VerificationError,U as VerificationReport,ur as allowedPluginRoots,v as beginMarker,p as buildProgram,x as buildProgramWithPlugins,e as builtinCommandNames,Q as deepMerge,or as defaultRunner,tr as derBase64ToPem,D as digest,S as doc,M as dynamicDigest,w as endMarker,q as ensureTrailingNewline,T as envBlock,B as exec,$ as executePlan,mr as fakeRunner,z as formatExport,j as frontmatter,c as indent,K as isPlainObject,k as jsonFile,_ as lines,Cr as loadExternalCommands,b as loadSettings,gr as makeHostAdapter,y as managedBlock,er as missingToolRunner,ar as parseCertLines,xr as parseFirstInt,J as parseJsoncText,ir as parseNvidiaSmi,Ar as parsePemBlocks,W as plan,R as probe,h as probeMany,L as readIfExists,N as readRegularFile,t as registerCommands,V as remove,H as removeManagedBlock,Z as resolveContents,dr as resolvePlatform,C as retryTransient,fr as safeCaPattern,sr as sanitizeLabel,Y as stripTrailingNewlines,rr as summarizeResult,F as upsertManagedBlock,G as upsertTextBlock,pr as vdiFromEnv,X as writeArtifact,O as writeJson,E as writeText};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aihq/harness",
3
- "version": "0.5.0",
3
+ "version": "1.0.0",
4
4
  "description": "Enterprise AI Bootstrapping Harness — bootstraps governed, proxy-safe AI coding into workstations and repos",
5
5
  "repository": {
6
6
  "type": "git",