@aihq/harness 1.0.1 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -1,4 +1,4 @@
1
1
  #!/usr/bin/env node
2
- import{qa as s,ra as e,sa as n}from"./chunk-WZTIDZFM.js";e(process.argv)?s().parse(process.argv):n().then(({program:r,warnings:o})=>{for(let i of o)process.stderr.write(`aih: plugin: ${i}
2
+ import{qa as s,ra as e,sa as n}from"./chunk-ZMIHFGKR.js";e(process.argv)?s().parse(process.argv):n().then(({program:r,warnings:o})=>{for(let i of o)process.stderr.write(`aih: plugin: ${i}
3
3
  `);return r.parseAsync(process.argv)}).catch(r=>{process.stderr.write(`fatal: ${r instanceof Error?r.message:String(r)}
4
4
  `),process.exitCode=1});
package/dist/index.d.ts CHANGED
@@ -89,9 +89,11 @@ interface HostAdapter {
89
89
  * argv that persists a user-level env var SESSION-INDEPENDENTLY — i.e. where
90
90
  * GUI-launched apps (Kiro, Claude Desktop, an IDE) inherit it, not just new
91
91
  * shells. On Windows that is the per-user registry environment
92
- * (`[Environment]::SetEnvironmentVariable(k,v,'User')`); on POSIX the durable
93
- * seam is already the shell-profile `envblock`, so this returns `[]` (the
94
- * caller emits no exec). A local mutation only — never contacts a remote.
92
+ * (`HKCU\Environment`), written with `setx` — which ships on every supported
93
+ * image and works under Constrained Language Mode, unlike a pwsh-only
94
+ * `[Environment]::SetEnvironmentVariable`. On POSIX the durable seam is already
95
+ * the shell-profile `envblock`, so this returns `[]` (the caller emits no exec).
96
+ * A local mutation only — never contacts a remote.
95
97
  */
96
98
  persistentEnvArgv(key: string, value: string): string[];
97
99
  /**
@@ -186,7 +188,7 @@ type Verdict = "pass" | "fail" | "skip";
186
188
  * sealed: a new failure mode means a new member here PLUS the `code` set at the
187
189
  * emitter; never derive a code by matching `detail`.
188
190
  */
189
- type CheckCode = "env.node-runtime" | "env.git-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "org-policy.invalid" | "org-policy.bundle-invalid" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill" | "pack.duplicate-name" | "pack.pin-mismatch" | "pack.missing-approval" | "pack.unknown-manifest" | "marketplace.manifest-parse" | "marketplace.path-traversal" | "marketplace.missing-file" | "marketplace.checksum-mismatch" | "marketplace.sums-coverage" | "marketplace.unapproved-verdict" | "marketplace.signature";
191
+ type CheckCode = "env.node-runtime" | "env.git-missing" | "env.git-bash-missing" | "env.dev-tool-missing" | "env.tool-install-blocked" | "cert.ca-missing" | "tls.verify-failed" | "npm.runtime-broken" | "path.missing" | "mcp.blocked" | "mcp.uv-missing" | "mcp.config-missing" | "mcp.unvendored-offline" | "mcp.policy-denied" | "mcp.hardcoded-secret" | "mcp.allowlist-drift" | "cli.not-detected" | "cli.config-only" | "cli.bootloader-missing" | "cli.bootloader-drift" | "cli.wont-load" | "canon.router-missing" | "canon.context-dir-missing" | "canon.lint-failed" | "canon.adoptable" | "canon.cli-native-unmigrated" | "secrets.plaintext-detected" | "guardrails.gitleaks-missing" | "usage.no-data" | "usage.recorder-missing" | "usage.metrics-tool-missing" | "scale.code-review-graph-missing" | "contract.path-unportable" | "contract.stale" | "org-policy.drift" | "org-policy.invalid" | "org-policy.bundle-invalid" | "bundle.signature" | "report.context-over-budget" | "report.low-adoption" | "report.contract-untrue" | "ready.blocked" | "trust.fetch-blocked" | "trust.detector-unavailable" | "trust.cisco-finding" | "trust.hidden-unicode" | "trust.prompt-injection" | "trust.source-changed" | "trust.auto-exec-hook" | "trust.dependency-confusion" | "trust.typosquat" | "trust.malicious-code" | "trust.source-drift" | "trust.unpinned-dependency" | "trust.untrusted-publisher" | "trust.unsigned-source" | "trust.license-missing" | "trust.unapproved-skill" | "pack.duplicate-name" | "pack.pin-mismatch" | "pack.missing-approval" | "pack.unknown-manifest" | "marketplace.manifest-parse" | "marketplace.path-traversal" | "marketplace.missing-file" | "marketplace.checksum-mismatch" | "marketplace.sums-coverage" | "marketplace.unapproved-verdict" | "marketplace.signature";
190
192
  interface Check {
191
193
  name: string;
192
194
  verdict: Verdict;
@@ -440,6 +442,13 @@ interface CommandOption {
440
442
  description: string;
441
443
  default?: string | boolean;
442
444
  }
445
+ interface CommandPositional {
446
+ name: string;
447
+ description?: string;
448
+ required?: boolean;
449
+ /** When set, the positional value is passed through ctx.options[optionName]. */
450
+ optionName?: string;
451
+ }
443
452
  interface CommandSpec {
444
453
  name: string;
445
454
  summary: string;
@@ -460,6 +469,7 @@ interface CommandSpec {
460
469
  * first nested rename.
461
470
  */
462
471
  deprecatedAliases?: string[];
472
+ positional?: CommandPositional;
463
473
  options?: CommandOption[];
464
474
  plan: PlanFn;
465
475
  /** Read-only commands (doctor/status) skip the apply path entirely. */
@@ -968,7 +978,8 @@ declare function allowedPluginRoots(): string[];
968
978
  */
969
979
  declare function loadExternalCommands(builtinNames: ReadonlySet<string>, opts?: PluginLoadOptions): Promise<PluginLoadResult>;
970
980
 
971
- declare const VERSION = "1.0.1";
981
+ declare const VERSION = "1.3.0";
982
+
972
983
  /**
973
984
  * Build the configured commander program. Imported by both the CLI entry and
974
985
  * tests. Stays SYNC: `extra` lets callers merge pre-loaded plugin specs — the
@@ -990,4 +1001,4 @@ declare function buildProgramWithPlugins(): Promise<{
990
1001
  warnings: string[];
991
1002
  }>;
992
1003
 
993
- export { ALL_COMMANDS, type AccelBackend, type Action, type ActionKind, type AdapterFactory, AihError, CAPABILITIES, type CertEntry, type Check, type CheckCode, type CommandOption, type CommandSpec, ContextDir, type DigestAction, DirtyWorktreeError, type DocAction, type EnvBlockAction, type EnvShell, type EnvVar, type ExecAction, FsTransaction, FsTxnError, type FsTxnResult, type GpuInfo, type GpuVendor, type HostAdapter, type HostAdapterOptions, MergeError, NotImplementedError, PLUGIN_PACKAGE, PathContainmentError, type Plan, type PlanContext, type PlanFn, type PlanResult, type Platform, PlatformError, type PluginImporter, type PluginLoadOptions, type PluginLoadResult, type PluginResolver, type ProbeAction, READONLY, type RemoveAction, type RemoveSummary, type RunOptions, type RunResult, type Runner, SHARED_FLAG_TOKENS, type Settings, SettingsError, VERSION, type VdiInfo, type Verdict, VerificationError, VerificationReport, type WriteAction, type WriteSummary, allowedPluginRoots, beginMarker, buildProgram, buildProgramWithPlugins, builtinCommandNames, deepMerge, defaultRunner, derBase64ToPem, digest, doc, dynamicDigest, endMarker, ensureTrailingNewline, envBlock, exec, executePlan, fakeRunner, formatExport, frontmatter, indent, isPlainObject, jsonFile, lines, loadExternalCommands, loadSettings, makeHostAdapter, managedBlock, missingToolRunner, parseCertLines, parseFirstInt, parseJsoncText, parseNvidiaSmi, parsePemBlocks, plan, probe, probeMany, readIfExists, readRegularFile, registerCommands, remove, removeManagedBlock, resolveContents, resolvePlatform, retryTransient, safeCaPattern, sanitizeLabel, stripTrailingNewlines, summarizeResult, upsertManagedBlock, upsertTextBlock, vdiFromEnv, writeArtifact, writeJson, writeText };
1004
+ export { ALL_COMMANDS, type AccelBackend, type Action, type ActionKind, type AdapterFactory, AihError, CAPABILITIES, type CertEntry, type Check, type CheckCode, type CommandOption, type CommandPositional, type CommandSpec, ContextDir, type DigestAction, DirtyWorktreeError, type DocAction, type EnvBlockAction, type EnvShell, type EnvVar, type ExecAction, FsTransaction, FsTxnError, type FsTxnResult, type GpuInfo, type GpuVendor, type HostAdapter, type HostAdapterOptions, MergeError, NotImplementedError, PLUGIN_PACKAGE, PathContainmentError, type Plan, type PlanContext, type PlanFn, type PlanResult, type Platform, PlatformError, type PluginImporter, type PluginLoadOptions, type PluginLoadResult, type PluginResolver, type ProbeAction, READONLY, type RemoveAction, type RemoveSummary, type RunOptions, type RunResult, type Runner, SHARED_FLAG_TOKENS, type Settings, SettingsError, VERSION, type VdiInfo, type Verdict, VerificationError, VerificationReport, type WriteAction, type WriteSummary, allowedPluginRoots, beginMarker, buildProgram, buildProgramWithPlugins, builtinCommandNames, deepMerge, defaultRunner, derBase64ToPem, digest, doc, dynamicDigest, endMarker, ensureTrailingNewline, envBlock, exec, executePlan, fakeRunner, formatExport, frontmatter, indent, isPlainObject, jsonFile, lines, loadExternalCommands, loadSettings, makeHostAdapter, managedBlock, missingToolRunner, parseCertLines, parseFirstInt, parseJsoncText, parseNvidiaSmi, parsePemBlocks, plan, probe, probeMany, readIfExists, readRegularFile, registerCommands, remove, removeManagedBlock, resolveContents, resolvePlatform, retryTransient, safeCaPattern, sanitizeLabel, stripTrailingNewlines, summarizeResult, upsertManagedBlock, upsertTextBlock, vdiFromEnv, writeArtifact, writeJson, writeText };
package/dist/index.js CHANGED
@@ -1 +1 @@
1
- import{$ as xr,A as Y,B as _,C as c,D as j,E as k,F as q,G as v,H as w,I as y,J as z,K as F,L as G,M as H,N as J,O as K,P as Q,Q as U,R as X,S as Z,T as $,U as rr,V as or,W as mr,X as er,Y as tr,Z as fr,_ as pr,a as i,aa as ir,b as a,ba as ar,c as A,ca as Ar,d,da as dr,e as g,ea as gr,f as l,fa as lr,g as n,ga as nr,h as s,ha as sr,i as u,ia as ur,j as C,ja as Cr,k as I,ka as r,l as L,la as o,m as N,ma as m,n as P,na as e,o as b,oa as t,p as E,pa as f,q as O,qa as p,r as S,s as D,sa as x,t as M,u as R,v as h,w as B,x as T,y as V,z as W}from"./chunk-WZTIDZFM.js";export{m as ALL_COMMANDS,i as AihError,r as CAPABILITIES,P as ContextDir,u as DirtyWorktreeError,I as FsTransaction,d as FsTxnError,n as MergeError,l as NotImplementedError,lr as PLUGIN_PACKAGE,s as PathContainmentError,A as PlatformError,o as READONLY,nr as SHARED_FLAG_TOKENS,a as SettingsError,f as VERSION,g as VerificationError,U as VerificationReport,ur as allowedPluginRoots,v as beginMarker,p as buildProgram,x as buildProgramWithPlugins,e as builtinCommandNames,Q as deepMerge,or as defaultRunner,tr as derBase64ToPem,D as digest,S as doc,M as dynamicDigest,w as endMarker,q as ensureTrailingNewline,T as envBlock,B as exec,$ as executePlan,mr as fakeRunner,z as formatExport,j as frontmatter,c as indent,K as isPlainObject,k as jsonFile,_ as lines,Cr as loadExternalCommands,b as loadSettings,gr as makeHostAdapter,y as managedBlock,er as missingToolRunner,ar as parseCertLines,xr as parseFirstInt,J as parseJsoncText,ir as parseNvidiaSmi,Ar as parsePemBlocks,W as plan,R as probe,h as probeMany,L as readIfExists,N as readRegularFile,t as registerCommands,V as remove,H as removeManagedBlock,Z as resolveContents,dr as resolvePlatform,C as retryTransient,fr as safeCaPattern,sr as sanitizeLabel,Y as stripTrailingNewlines,rr as summarizeResult,F as upsertManagedBlock,G as upsertTextBlock,pr as vdiFromEnv,X as writeArtifact,O as writeJson,E as writeText};
1
+ import{$ as xr,A as Y,B as _,C as c,D as j,E as k,F as q,G as v,H as w,I as y,J as z,K as F,L as G,M as H,N as J,O as K,P as Q,Q as U,R as X,S as Z,T as $,U as rr,V as or,W as mr,X as er,Y as tr,Z as fr,_ as pr,a as i,aa as ir,b as a,ba as ar,c as A,ca as Ar,d,da as dr,e as g,ea as gr,f as l,fa as r,g as n,ga as lr,h as s,ha as nr,i as u,ia as sr,j as C,ja as ur,k as I,ka as Cr,l as L,la as o,m as N,ma as m,n as P,na as e,o as b,oa as t,p as E,pa as f,q as O,qa as p,r as S,s as D,sa as x,t as M,u as R,v as h,w as B,x as T,y as V,z as W}from"./chunk-ZMIHFGKR.js";export{e as ALL_COMMANDS,i as AihError,o as CAPABILITIES,P as ContextDir,u as DirtyWorktreeError,I as FsTransaction,d as FsTxnError,n as MergeError,l as NotImplementedError,lr as PLUGIN_PACKAGE,s as PathContainmentError,A as PlatformError,m as READONLY,nr as SHARED_FLAG_TOKENS,a as SettingsError,r as VERSION,g as VerificationError,U as VerificationReport,ur as allowedPluginRoots,v as beginMarker,p as buildProgram,x as buildProgramWithPlugins,t as builtinCommandNames,Q as deepMerge,or as defaultRunner,tr as derBase64ToPem,D as digest,S as doc,M as dynamicDigest,w as endMarker,q as ensureTrailingNewline,T as envBlock,B as exec,$ as executePlan,mr as fakeRunner,z as formatExport,j as frontmatter,c as indent,K as isPlainObject,k as jsonFile,_ as lines,Cr as loadExternalCommands,b as loadSettings,gr as makeHostAdapter,y as managedBlock,er as missingToolRunner,ar as parseCertLines,xr as parseFirstInt,J as parseJsoncText,ir as parseNvidiaSmi,Ar as parsePemBlocks,W as plan,R as probe,h as probeMany,L as readIfExists,N as readRegularFile,f as registerCommands,V as remove,H as removeManagedBlock,Z as resolveContents,dr as resolvePlatform,C as retryTransient,fr as safeCaPattern,sr as sanitizeLabel,Y as stripTrailingNewlines,rr as summarizeResult,F as upsertManagedBlock,G as upsertTextBlock,pr as vdiFromEnv,X as writeArtifact,O as writeJson,E as writeText};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aihq/harness",
3
- "version": "1.0.1",
3
+ "version": "1.3.0",
4
4
  "description": "Enterprise AI Bootstrapping Harness — governed AI-assisted coding for enterprise workstations and repos: TLS trust, repo canon, skill supply chain, evidence",
5
5
  "repository": {
6
6
  "type": "git",
@@ -28,12 +28,13 @@
28
28
  "test": "vitest run",
29
29
  "test:watch": "vitest",
30
30
  "test:cov": "vitest run --coverage",
31
+ "check:artifacts": "tsx src/internals/check-tracked-artifacts.ts",
31
32
  "lint": "biome check src tests",
32
33
  "lint:fix": "biome check --write src tests",
33
34
  "lint:ci": "biome ci src tests",
34
35
  "format": "biome format --write src tests",
35
36
  "typecheck": "tsc --noEmit",
36
- "verify": "npm run typecheck && npm run lint:ci && npm run test:cov && npm run build"
37
+ "verify": "npm run check:artifacts && npm run typecheck && npm run lint:ci && npm run test:cov && npm run build"
37
38
  },
38
39
  "keywords": [
39
40
  "ai",