@bluecopa/harness 1.0.0 → 2.0.0

package/package.json

@@ -1,24 +1,48 @@
 {
   "name": "@bluecopa/harness",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Provider-agnostic TypeScript agent framework",
   "license": "UNLICENSED",
+  "type": "module",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "exports": {
+    "./arc": {
+      "types": "./dist/arc/index.d.ts",
+      "import": "./dist/arc/index.js"
+    },
+    "./skills": {
+      "types": "./dist/skills/index.d.ts",
+      "import": "./dist/skills/index.js"
+    },
+    "./observability": {
+      "types": "./dist/observability/otel.d.ts",
+      "import": "./dist/observability/otel.js"
+    },
+    "./package.json": "./package.json"
+  },
   "scripts": {
+    "build": "tsup",
+    "prepack": "pnpm run build",
     "test": "vitest run",
     "test:watch": "vitest"
   },
   "dependencies": {
     "@ai-sdk/anthropic": "^3.0.48",
     "ai": "^6.0.101",
+    "rxdb": "^15.39.0",
     "zod": "^4.1.11"
   },
   "devDependencies": {
     "@types/node": "^24.3.0",
+    "tsup": "^8.5.1",
     "typescript": "^5.9.2",
     "vitest": "^3.2.4"
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
-    "access": "restricted"
+    "access": "public"
   }
 }

package/AGENTS.md

@@ -1,18 +0,0 @@
-# AGENTS.md
-
-Guidance for agents working in `harness/`.
-Reference: https://agents.md/
-
-## Scope
-`harness/` contains the TypeScript agent framework core.
-
-## Rules
-- Keep API changes explicit and typed.
-- Maintain deterministic behavior in agent loop, compaction, and tool execution.
-- Preserve compatibility of extracted tool schemas unless intentionally versioned.
-
-## Commands
-```bash
-pnpm install
-pnpm test
-```

package/docs/guides/observability.md

@@ -1,32 +0,0 @@
-# Observability Guide
-
-Harness emits OpenTelemetry-style traces and metrics through `HarnessTelemetry`.
-
-## Spans
-- `agent.run`
-- `agent.step`
-- `tool.call`
-- `context.compaction`
-- `skill.exec`
-- `subagent.run`
-
-## Metrics
-- `agent_steps_total`
-- `tool_calls_total`
-- `tool_call_duration_ms`
-- `compactions_total`
-- `agent_errors_total`
-
-## Correlation Fields
-Attach these fields to logs where available:
-- `trace_id`
-- `span_id`
-- `run_id`
-- `session_id`
-
-## Disable Mode
-Create telemetry with disabled mode for zero-impact execution:
-
-```ts
-const telemetry = new HarnessTelemetry(false);
-```

package/docs/guides/providers.md

@@ -1,51 +0,0 @@
-# Providers Guide
-
-## ToolProvider
-Implement the `ToolProvider` interface to expose agent tools (`Bash`, `Read`, `Write`, `Edit`, `Glob`, `Grep`).
-
-Included foundations:
-- `LocalToolProvider`
-- `CompositeToolProvider`
-- `E2BToolProvider` (executor-backed adapter)
-
-## SandboxProvider
-Use `SandboxProvider` for infrastructure actions (skill execution, setup/install tasks). Keep it separate from `ToolProvider`.
-
-Current sandbox file contract is binary-first:
-
-```ts
-type SandboxFileBlob = {
-  data: Uint8Array;
-  mimeType?: string;
-  filename?: string;
-};
-
-interface SandboxProvider {
-  exec(command: string, options?: SandboxExecOptions): Promise<SandboxExecResult>;
-  readSandboxFile(path: string): Promise<SandboxFileBlob>;
-  writeSandboxFile(path: string, content: SandboxFileBlob): Promise<void>;
-}
-```
-
-Use `mimeType`/`filename` for transport metadata (for example raw download endpoints). Keep file contents in `data` as bytes.
-
-## Capability Routing
-`CompositeToolProvider` routes calls to the first provider that advertises each capability.
-
-## Default Skill Sandbox
-`SkillManager` now defaults to the harness-provided `SkillSandboxProvider`:
-
-```ts
-const skillManager = new SkillManager();
-```
-
-Default provider env vars:
-- `SAMYX_BASE_URL` or `SANDBOX_BASE_URL`
-- `SAMYX_API_KEY` or `SANDBOX_API_KEY`
-- optional `SANDBOX_TEMPLATE` (default: `ubuntu-22.04`)
-
-You can still override with a custom provider:
-
-```ts
-const skillManager = new SkillManager(customSandboxProvider);
-```

package/docs/guides/skills.md

@@ -1,25 +0,0 @@
-# Skills Guide
-
-## Progressive Disclosure
-`SkillManager` stores only summary metadata for prompt injection and loads full `SKILL.md` instructions on invocation.
-
-## Skill Routing
-`createAgent` uses a `SkillRouter` before invocation:
-- direct skill-name match (word boundary)
-- alias match (for example `excel -> xlsx`, `word -> docx`, `powerpoint -> pptx`)
-- Haiku model fallback for semantic matching
-
-Environment knobs:
-- `HARNESS_SKILL_ROUTER_MODEL` (default: `claude-3-5-haiku-latest`)
-- `HARNESS_SKILL_ROUTER_THRESHOLD` (default: `0.55`)
-
-## Install Lifecycle
-Dependency install state transitions:
-- `installing`
-- `ready`
-- `degraded`
-
-If install fails, state becomes `degraded` and the error is surfaced.
-
-## Security Baseline
-See `docs/security/skill-sandbox-threat-model.md` for path traversal and sandbox boundary rules.

package/docs/security/skill-sandbox-threat-model.md

@@ -1,20 +0,0 @@
-# Skill Sandbox Threat Model
-
-## Scope
-This document defines the baseline security assumptions for skill execution in harness.
-
-## Trust Boundaries
-- Skill scripts are untrusted input.
-- Sandbox runtime is the security boundary.
-- Host filesystem and host network are outside trust boundary.
-
-## Controls
-- Deny host mounts by default.
-- Deny outbound network by default unless explicitly allowed.
-- Use tenant-scoped credentials and ephemeral filesystems.
-- Disallow path traversal (`..`) in skill paths.
-
-## Required Tests
-- Sandbox escape attempt should fail.
-- Cross-tenant path access should fail.
-- Dependency install failures should degrade skill state and block execution until retry.