npm - @botbotgo/agent-harness - Versions diffs - 0.0.188 → 0.0.189 - Mend

@botbotgo/agent-harness 0.0.188 → 0.0.189

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +19 -0
package/README.zh.md +19 -0
package/dist/cli.js +64 -6
package/dist/config/runtime/workspace.yaml +6 -0
package/dist/package-version.d.ts +1 -1
package/dist/package-version.js +1 -1
package/dist/runtime/harness/system/policy-engine.js +53 -4
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -217,6 +217,25 @@ Real products need a runtime that can answer harder questions:
 - It lets YAML own assembly and operating policy while code keeps a small, stable surface
 - It goes deep on runtime concerns that upstream libraries do not fully productize
+## What To Sell First
+The product story should stay scenario-shaped instead of drifting back to a generic "multi-agent runtime" pitch.
+- Enterprise internal agent runtime: approvals, restart-safe recovery, operator evidence, and policy-owned MCP access.
+- Code modernization runtime: long-running coding flows, approval checkpoints, resumable runs, and exported evidence packages.
+- Protocol bridge runtime: ACP, A2A, AG-UI, and runtime MCP on one stable control plane instead of bespoke per-surface glue.
+Typical runtime governance defaults now look like:
+```yaml
+governance:
+  remoteMcp:
+    denyTrustTiers: ["untrusted"]
+    denyTenantScopes: ["cross-tenant"]
+    denyPromptInjectionRisks: ["high"]
+    requireApprovalTransports: ["websocket"]
+```
 ## When To Use It
 Use `agent-harness` when:

package/README.zh.md CHANGED Viewed

@@ -214,6 +214,25 @@ AI 让 agent 逻辑、工具调用和工作流代码更容易生成，真正更
 - 复杂装配与运行策略交给 YAML，代码面保持小而稳
 - 在上游库未充分产品化的运行时问题上做深做透
+## 先卖哪三类场景
+产品叙事应该保持场景化，不要再漂回“通用 multi-agent runtime”。
+- 企业内部 agent 运行时：审批、重启恢复、operator 证据链，以及由策略持有的 MCP 访问控制。
+- 代码现代化运行时：长链路 coding flow、审批检查点、可恢复 runs，以及可导出的运行证据包。
+- 协议桥接运行时：ACP、A2A、AG-UI 与 runtime MCP 共用一套稳定控制面，而不是每个对外接面各写一层胶水。
+现在推荐的 runtime 治理默认值大致是：
+```yaml
+governance:
+  remoteMcp:
+    denyTrustTiers: ["untrusted"]
+    denyTenantScopes: ["cross-tenant"]
+    denyPromptInjectionRisks: ["high"]
+    requireApprovalTransports: ["websocket"]
+```
 ## 什么时候该用
 下面这些场景适合用 `agent-harness`：

package/dist/cli.js CHANGED Viewed

@@ -212,6 +212,55 @@ function parseRuntimeInspectOptions(args) {
 function renderJson(value) {
     return `${JSON.stringify(value, null, 2)}\n`;
 }
+function isObject(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function formatTimestamp(value) {
+    return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function renderHealthSnapshot(snapshot, workspacePath) {
+    const lines = [];
+    const status = typeof snapshot.status === "string" ? snapshot.status : "unknown";
+    lines.push(`Runtime health ${workspacePath}: ${status}`);
+    const checks = isObject(snapshot.checks) ? snapshot.checks : {};
+    const checkEntries = Object.entries(checks)
+        .filter(([, value]) => isObject(value))
+        .map(([name, value]) => {
+        const check = value;
+        const reason = typeof check.reason === "string" && check.reason.trim().length > 0 ? ` (${check.reason})` : "";
+        return `  - ${name}: ${typeof check.status === "string" ? check.status : "unknown"}${reason}`;
+    });
+    if (checkEntries.length > 0) {
+        lines.push("Checks:");
+        lines.push(...checkEntries);
+    }
+    const stats = isObject(snapshot.stats) ? snapshot.stats : {};
+    const statEntries = [
+        ["activeRunSlots", stats.activeRunSlots],
+        ["pendingRunSlots", stats.pendingRunSlots],
+        ["pendingApprovals", stats.pendingApprovals],
+        ["stuckRuns", stats.stuckRuns],
+        ["llmSuccessRate1m", stats.llmSuccessRate1m],
+        ["llmP95LatencyMs1m", stats.llmP95LatencyMs1m],
+    ]
+        .filter(([, value]) => typeof value === "number")
+        .map(([name, value]) => `  - ${name}: ${value}`);
+    if (statEntries.length > 0) {
+        lines.push("Stats:");
+        lines.push(...statEntries);
+    }
+    const symptoms = Array.isArray(snapshot.symptoms) ? snapshot.symptoms.filter(isObject) : [];
+    if (symptoms.length > 0) {
+        lines.push("Symptoms:");
+        lines.push(...symptoms.map((symptom) => {
+            const code = typeof symptom.code === "string" ? symptom.code : "unknown";
+            const severity = typeof symptom.severity === "string" ? symptom.severity : "unknown";
+            const message = typeof symptom.message === "string" ? symptom.message : "";
+            return `  - ${code}: ${severity}${message ? ` (${message})` : ""}`;
+        }));
+    }
+    return `${lines.join("\n")}\n`;
+}
 async function sleep(ms) {
     await new Promise((resolve) => {
         setTimeout(resolve, ms);
@@ -225,8 +274,14 @@ function renderApprovalList(approvals) {
         const status = typeof approval.status === "string" ? approval.status : "unknown";
         const toolName = typeof approval.toolName === "string" ? approval.toolName : "unknown_tool";
         const approvalId = typeof approval.approvalId === "string" ? approval.approvalId : "unknown";
+        const threadId = typeof approval.threadId === "string" ? ` thread=${approval.threadId}` : "";
+        const runId = typeof approval.runId === "string" ? ` run=${approval.runId}` : "";
         const reason = typeof approval.approvalReason === "string" ? ` reason=${approval.approvalReason}` : "";
-        return `${approvalId} status=${status} tool=${toolName}${reason}`;
+        const requestedAt = formatTimestamp(approval.requestedAt);
+        const resolvedAt = formatTimestamp(approval.resolvedAt);
+        const requested = requestedAt ? ` requested=${requestedAt}` : "";
+        const resolved = resolvedAt ? ` resolved=${resolvedAt}` : "";
+        return `${approvalId} status=${status} tool=${toolName}${threadId}${runId}${reason}${requested}${resolved}`;
     }).join("\n") + "\n";
 }
 function renderRunList(runs) {
@@ -238,7 +293,13 @@ function renderRunList(runs) {
         const threadId = typeof run.threadId === "string" ? run.threadId : "unknown";
         const agentId = typeof run.agentId === "string" ? run.agentId : "unknown";
         const state = typeof run.state === "string" ? run.state : "unknown";
-        return `${runId} thread=${threadId} agent=${agentId} state=${state}`;
+        const currentAgent = typeof run.currentAgentId === "string" ? ` current=${run.currentAgentId}` : "";
+        const resumable = typeof run.resumable === "boolean" ? ` resumable=${run.resumable}` : "";
+        const updatedAt = formatTimestamp(run.updatedAt);
+        const lastActivityAt = formatTimestamp(run.lastActivityAt);
+        const updated = updatedAt ? ` updated=${updatedAt}` : "";
+        const lastActivity = lastActivityAt ? ` activity=${lastActivityAt}` : "";
+        return `${runId} thread=${threadId} agent=${agentId}${currentAgent} state=${state}${resumable}${updated}${lastActivity}`;
     }).join("\n") + "\n";
 }
 export async function runCli(argv, io = {}, deps = {}) {
@@ -431,10 +492,7 @@ export async function runCli(argv, io = {}, deps = {}) {
             const workspacePath = path.resolve(cwd, parsed.workspaceRoot ?? ".");
             if (subcommand === "health") {
                 const snapshot = await runtime.getHealth();
-                stdout(parsed.json ? renderJson(snapshot) : `Runtime health ${workspacePath}: ${snapshot.status}\n`);
-                if (!parsed.json) {
-                    stdout(renderJson(snapshot));
-                }
+                stdout(parsed.json ? renderJson(snapshot) : renderHealthSnapshot(snapshot, workspacePath));
                 await runtime.stop();
                 return 0;
             }

package/dist/config/runtime/workspace.yaml CHANGED Viewed

@@ -155,6 +155,12 @@ spec:
   # Keep transport-specific and trust-specific policy here rather than scattering it across app code.
   governance:
     remoteMcp:
+      denyTrustTiers:
+        - untrusted
+      denyTenantScopes:
+        - cross-tenant
+      denyPromptInjectionRisks:
+        - high
       requireApprovalTransports:
         - websocket
       riskByTransport:

package/dist/package-version.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const AGENT_HARNESS_VERSION = "0.0.~~187~~";
1	+ export declare const AGENT_HARNESS_VERSION = "0.0.188";

package/dist/package-version.js CHANGED Viewed

	@@ -1 +1 @@
1	- export const AGENT_HARNESS_VERSION = "0.0.~~187~~";
1	+ export const AGENT_HARNESS_VERSION = "0.0.188";

package/dist/runtime/harness/system/policy-engine.js CHANGED Viewed

@@ -49,6 +49,17 @@ export class PolicyEngine {
                 const trimmed = value.trim();
                 return trimmed.startsWith("mcp/") ? trimmed : `mcp/${trimmed}`;
             };
+            const readStringSet = (value) => new Set(Array.isArray(value)
+                ? value.filter((item) => typeof item === "string" && item.trim().length > 0).map((item) => item.trim())
+                : []);
+            const riskRank = {
+                low: 0,
+                medium: 1,
+                high: 2,
+            };
+            const maxPromptInjectionRisk = remoteMcp.maxPromptInjectionRisk === "low" || remoteMcp.maxPromptInjectionRisk === "medium" || remoteMcp.maxPromptInjectionRisk === "high"
+                ? remoteMcp.maxPromptInjectionRisk
+                : undefined;
             const allowServerRefs = new Set(Array.isArray(remoteMcp.allowServerRefs)
                 ? remoteMcp.allowServerRefs
                     .map((item) => normalizeServerRef(item))
@@ -59,9 +70,14 @@ export class PolicyEngine {
                     .map((item) => normalizeServerRef(item))
                     .filter((item) => Boolean(item))
                 : []);
-            const denyTransports = new Set(Array.isArray(remoteMcp.denyTransports)
-                ? remoteMcp.denyTransports.filter((item) => typeof item === "string" && item.trim().length > 0).map((item) => item.trim())
-                : []);
+            const denyTransports = readStringSet(remoteMcp.denyTransports);
+            const allowTrustTiers = readStringSet(remoteMcp.allowTrustTiers);
+            const denyTrustTiers = readStringSet(remoteMcp.denyTrustTiers);
+            const allowTenantScopes = readStringSet(remoteMcp.allowTenantScopes);
+            const denyTenantScopes = readStringSet(remoteMcp.denyTenantScopes);
+            const denyPromptInjectionRisks = readStringSet(remoteMcp.denyPromptInjectionRisks);
+            const allowOauthScopes = readStringSet(remoteMcp.allowOauthScopes);
+            const denyOauthScopes = readStringSet(remoteMcp.denyOauthScopes);
             const tools = binding.execution?.params?.tools ?? binding.langchainAgentParams?.tools ?? binding.deepAgentParams?.tools ?? [];
             const deniedRemoteTools = tools.flatMap((tool) => {
                 if (tool.type !== "mcp") {
@@ -80,13 +96,43 @@ export class PolicyEngine {
                 const transport = typeof inlineMcpServer?.transport === "string" && inlineMcpServer.transport.trim().length > 0
                     ? inlineMcpServer.transport.trim()
                     : undefined;
+                const trustTier = inlineMcpServer?.trustTier === "trusted" || inlineMcpServer?.trustTier === "reviewed" || inlineMcpServer?.trustTier === "untrusted"
+                    ? inlineMcpServer.trustTier
+                    : undefined;
+                const tenantScope = inlineMcpServer?.tenantScope === "workspace" ||
+                    inlineMcpServer?.tenantScope === "project" ||
+                    inlineMcpServer?.tenantScope === "tenant" ||
+                    inlineMcpServer?.tenantScope === "cross-tenant"
+                    ? inlineMcpServer.tenantScope
+                    : undefined;
+                const promptInjectionRisk = inlineMcpServer?.promptInjectionRisk === "low" ||
+                    inlineMcpServer?.promptInjectionRisk === "medium" ||
+                    inlineMcpServer?.promptInjectionRisk === "high"
+                    ? inlineMcpServer.promptInjectionRisk
+                    : undefined;
+                const oauth = typeof inlineMcpServer?.oauth === "object" && inlineMcpServer.oauth && !Array.isArray(inlineMcpServer.oauth)
+                    ? inlineMcpServer.oauth
+                    : undefined;
+                const oauthScopes = Array.isArray(oauth?.scopes)
+                    ? oauth.scopes.filter((item) => typeof item === "string" && item.trim().length > 0).map((item) => item.trim())
+                    : [];
                 const serverDenied = serverRef ? denyServerRefs.has(serverRef) || (allowServerRefs.size > 0 && !allowServerRefs.has(serverRef)) : false;
                 const transportDenied = transport ? denyTransports.has(transport) : false;
-                return serverDenied || transportDenied
+                const trustDenied = trustTier ? denyTrustTiers.has(trustTier) || (allowTrustTiers.size > 0 && !allowTrustTiers.has(trustTier)) : false;
+                const tenantDenied = tenantScope ? denyTenantScopes.has(tenantScope) || (allowTenantScopes.size > 0 && !allowTenantScopes.has(tenantScope)) : false;
+                const promptRiskDenied = (promptInjectionRisk ? denyPromptInjectionRisks.has(promptInjectionRisk) : false)
+                    || (promptInjectionRisk && maxPromptInjectionRisk ? riskRank[promptInjectionRisk] > riskRank[maxPromptInjectionRisk] : false);
+                const oauthDenied = oauthScopes.some((scope) => denyOauthScopes.has(scope))
+                    || (allowOauthScopes.size > 0 && oauthScopes.some((scope) => !allowOauthScopes.has(scope)));
+                return serverDenied || transportDenied || trustDenied || tenantDenied || promptRiskDenied || oauthDenied
                     ? [{
                             toolName: tool.name,
                             ...(serverRef ? { serverRef } : {}),
                             ...(transport ? { transport } : {}),
+                            ...(trustTier ? { trustTier } : {}),
+                            ...(tenantScope ? { tenantScope } : {}),
+                            ...(promptInjectionRisk ? { promptInjectionRisk } : {}),
+                            ...(oauthScopes.length > 0 ? { oauthScopes } : {}),
                         }]
                     : [];
             });
@@ -102,6 +148,9 @@ export class PolicyEngine {
                     if (tool.transport) {
                         return `${tool.toolName} (${tool.transport})`;
                     }
+                    if (tool.trustTier) {
+                        return `${tool.toolName} (${tool.trustTier})`;
+                    }
                     return tool.toolName;
                 });
                 reasons.push(`runtime governance denied remote MCP access: ${details.join(", ")}`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@botbotgo/agent-harness",
-  "version": "0.0.188",
+  "version": "0.0.189",
   "description": "Workspace runtime for multi-agent applications",
   "type": "module",
   "packageManager": "npm@10.9.2",