@aihq/harness 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -4
- package/dist/{chunk-GU5HPSI6.js → chunk-ZMIHFGKR.js} +201 -200
- package/dist/cli.js +1 -1
- package/dist/index.d.ts +3 -2
- package/dist/index.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -21,7 +21,8 @@ agent skills — vet → approve → pack → marketplace → evidence — ancho
|
|
|
21
21
|
committed approval lock (`aih-skills.lock.json`).
|
|
22
22
|
|
|
23
23
|
See [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) for the shipped architecture and
|
|
24
|
-
current trust boundaries.
|
|
24
|
+
current trust boundaries, and [docs/CONTROL_MATRIX.md](docs/CONTROL_MATRIX.md) for
|
|
25
|
+
the claim -> implementation -> test proof map.
|
|
25
26
|
|
|
26
27
|
> **Provided as open-source software under Apache-2.0 on an "AS IS" basis.** No warranty,
|
|
27
28
|
> support obligation, SLA, indemnity, consulting, or professional advice is provided. `aih`
|
|
@@ -135,9 +136,9 @@ One honest line per command — the long-form behavior detail for every command
|
|
|
135
136
|
| [`aih skill`](docs/commands.md#aih-skill) | Govern the skill lifecycle — vet → approve → inventory → quarantine → remove — anchored in `aih-skills.lock.json`. |
|
|
136
137
|
| [`aih pack`](docs/commands.md#aih-pack) | Curate committed sets of approved skills (`aih-packs.json`); every ref is cross-checked against the lock, fail-closed. |
|
|
137
138
|
| [`aih marketplace`](docs/commands.md#aih-marketplace) | Build, validate, and publish a reproducible, verifiable distribution artifact from the approval lock — never a registry. |
|
|
138
|
-
| [`aih policy`](docs/commands.md#aih-policy) | Validate the committed org policy
|
|
139
|
-
| [`aih evidence`](docs/commands.md#aih-evidence) | Package the audit trail aih already emits
|
|
140
|
-
| [`aih bundle`](docs/commands.md#aih-bundle) | Build a deterministic fleet bundle
|
|
139
|
+
| [`aih policy`](docs/commands.md#aih-policy) | Validate the committed org policy or verify the active policy against a pinned hash/bundle. |
|
|
140
|
+
| [`aih evidence`](docs/commands.md#aih-evidence) | Package the audit trail aih already emits into one deterministic evidence bundle with a harness provenance block. |
|
|
141
|
+
| [`aih bundle`](docs/commands.md#aih-bundle) | Build a deterministic fleet bundle with checksums; `aih verify-bundle --require-signature` turns missing/unverifiable signatures into failures. |
|
|
141
142
|
| [`aih verify-release`](docs/commands.md#aih-verify-release) | Verify a published aih release: npm signatures, GitHub release cosign bundle, and tarball hash. |
|
|
142
143
|
| [`aih secrets`](docs/commands.md#aih-secrets) | Scan for plaintext `.env*`/`secrets/` and write agent deny rules; `--verify` is the secret-scan CI gate. |
|
|
143
144
|
| [`aih guardrails`](docs/commands.md#aih-guardrails) | Generate `.gitleaks.toml`, `.pre-commit-config.yaml`, and a CI license gate that blocks AGPL/strong-copyleft. |
|