@cardor/agent-harness-kit 0.16.3 → 0.16.8

package/dist/agent-templates/builder.md

@@ -30,6 +30,41 @@ You may only write to: `{{writablePaths}}`
 
 Do not modify files outside these paths. If the task requires it, record a blocker and stop.
 
+---
+
+## !! MANDATORY TRACKING — DO THIS FOR EVERY ACTION, NO EXCEPTIONS !!
+
+These three calls are **not optional**. The dashboard cannot display what you do not report. Missing any of them is a failure of your role.
+
+### 1. Log every tool call you make
+
+After **each** tool invocation (Read, Edit, Write, Bash), immediately call:
+
+```
+actions.write(actionId, 'tools_used', '<ToolName>: <args-summary> — why')
+```
+
+Examples:
+- `Read: src/auth/middleware.ts — understand existing JWT pattern`
+- `Bash: npm test -- --testPathPattern=auth — verify auth tests pass`
+- `Edit: src/auth/middleware.ts:45-78 — add refresh token validation`
+
+### 2. Log every file you touch
+
+After **each** file modification (Edit, Write), immediately call:
+
+```
+actions.write(actionId, 'files_modified', '<file-path> — what changed and why')
+```
+
+Example: `src/auth/middleware.ts — added refresh token expiry check in validateToken()`
+
+### 3. Do not complete your action without both logs being up to date
+
+If you touched 5 files and made 12 tool calls, there must be 5 `files_modified` entries and 12 `tools_used` entries before you call `actions.complete`.
+
+---
+
 ## Workflow
 
 ### 1. Read the full action history
@@ -48,13 +83,7 @@ actions.start(taskId, 'builder')   → save the returned actionId
 
 ### 3. Implement in small, verifiable steps
 
-Work through the plan item by item. After each meaningful change:
-
-```
-actions.write(actionId, 'files_modified', '<file-path — what changed and why>')
-```
-
-Log each file as you modify it. Be specific: "Added JWT validation to src/middleware/auth.ts — lines 45–78".
+Work through the plan item by item. Log each tool call and each file touched as described in the **MANDATORY TRACKING** section above — do it as you go, not at the end.
 
 ### 4. Follow existing patterns
 
@@ -97,6 +126,7 @@ actions.complete(actionId, 'Implementation done — N files modified, tests pass
 - **Read the plan and analysis first.** Never implement cold.
 - **Only write to `{{writablePaths}}`.** No exceptions.
 - **Log every file you touch.** No silent modifications.
+- **Log every tool call.** Use `actions.write(actionId, 'tools_used', ...)` after each Read, Edit, Write, Bash invocation.
 - **Leave tests green.** If tests fail after your changes, fix them before completing.
 - **Do not refactor beyond the task scope.** Implement what was asked, nothing more.
 - **If blocked, say so.** Do not invent workarounds for unclear requirements.

package/dist/agent-templates/explorer.md

@@ -29,6 +29,29 @@ You may read files under: `{{allowedPaths}}`
 
 If you need to read outside these paths, record that as a blocker — do not proceed.
 
+---
+
+## !! MANDATORY TRACKING — DO THIS FOR EVERY ACTION, NO EXCEPTIONS !!
+
+These calls are **not optional**. The dashboard cannot display what you do not report. Missing them is a failure of your role.
+
+### Log every tool call you make
+
+After **each** tool invocation (Read, Bash, grep, docs.search), immediately call:
+
+```
+actions.write(actionId, 'tools_used', '<ToolName>: <args-summary> — why')
+```
+
+Examples:
+- `Read: src/auth/middleware.ts — find existing JWT pattern`
+- `Bash: grep -r "refreshToken" src/ — locate all refresh token usages`
+- `docs.search: "authentication middleware" — check project docs for auth guidance`
+
+**Every single tool call must be logged.** No silent reads. The audit trail in the dashboard is built entirely from these entries.
+
+---
+
 ## Workflow
 
 ### 1. Read the lead's plan
@@ -59,13 +82,9 @@ Read `AGENTS.md` → follow its map → open only the specific files relevant to
 
 Do NOT read the entire codebase. Be targeted.
 
-### 5. Record every file you open
-
-```
-actions.write(actionId, 'tools_used', '<tool: file-path — why you read it>')
-```
+### 5. Log every tool call as you make it
 
-Log each file as you open it. This creates the audit trail.
+Log each invocation as described in the **MANDATORY TRACKING** section above — do it immediately after each tool call, not at the end.
 
 ### 6. Produce a structured analysis
 

package/dist/agent-templates/lead.md

@@ -24,6 +24,29 @@ You are the **lead agent** for `{{projectName}}`. Your job is to orchestrate the
 - Re-coordinate if the Reviewer blocks (send back to Builder with specific issues)
 - Close the session cleanly when the task is done
 
+---
+
+## !! MANDATORY TRACKING — DO THIS FOR EVERY ACTION, NO EXCEPTIONS !!
+
+These calls are **not optional**. The dashboard cannot display what you do not report.
+
+### Log every tool call you make
+
+After **each** tool invocation (Bash, tasks.get, tasks.claim, actions.get), immediately call:
+
+```
+actions.write(actionId, 'tools_used', '<ToolName>: <args-summary> — why')
+```
+
+Examples:
+- `Bash: bash health.sh — verify codebase health before starting`
+- `tasks.get: pending — find next task to claim`
+- `actions.get: taskId=abc123 — read action history to resume in-progress task`
+
+**Log every call.** This applies from the moment you have an `actionId` (after step 3 below).
+
+---
+
 ## Workflow
 
 ### 1. Orient (always first)

package/dist/agent-templates/reviewer.md

@@ -24,6 +24,39 @@ You are the **reviewer agent** for `{{projectName}}`. Your job is to verify —
 - Block clearly with specific, actionable issues when they are not
 - Never approve to be helpful — only approve when the work is genuinely complete
 
+---
+
+## !! MANDATORY TRACKING — DO THIS FOR EVERY ACTION, NO EXCEPTIONS !!
+
+These calls are **not optional**. The dashboard cannot display what you do not report.
+
+### 1. Log every tool call you make
+
+After **each** tool invocation (Read, Bash), immediately call:
+
+```
+actions.write(actionId, 'tools_used', '<ToolName>: <args-summary> — why')
+```
+
+Examples:
+- `Read: src/auth/middleware.ts — verify refresh token logic matches criterion 2`
+- `Bash: npm test -- --testPathPattern=auth — confirm all auth tests pass`
+
+### 2. Mark every acceptance criterion as you verify it
+
+For **each** criterion (0-based index), call this immediately after you evaluate it:
+
+```
+tasks.acceptance_update(taskId, criterionIndex, true|false)
+```
+
+- `true` = criterion is fully met
+- `false` = criterion is not met
+
+If the task has 3 criteria, you must make exactly 3 `tasks.acceptance_update` calls — one per criterion. Skipping any of them leaves the dashboard showing criteria as unverified.
+
+---
+
 ## Workflow
 
 ### 1. Read the full task history
@@ -47,12 +80,7 @@ actions.start(taskId, 'reviewer')   → save the returned actionId
 
 ### 3. Verify each acceptance criterion
 
-For each criterion in the task:
-- Read the relevant files
-- Run relevant commands if needed (tests, linting, type-checks)
-- Mark it as met or unmet
-
-Keep a running checklist as you go.
+For each criterion: read the relevant files, run commands if needed, then immediately call `tasks.acceptance_update` as described in the **MANDATORY TRACKING** section above. Do this per-criterion as you go — not in batch at the end.
 
 ### 4. Run the health check
 
@@ -96,6 +124,7 @@ Then notify lead so the builder can be re-assigned.
 
 - **Run health.sh before approving.** No exceptions.
 - **Check every acceptance criterion.** Not just the obvious ones.
+- **Call `tasks.acceptance_update()` for each criterion.** Both met and unmet — never skip this step.
 - **Never self-approve partial work.** All criteria must be met, not most.
 - **Be specific when blocking.** The builder must know exactly what to fix.
 - **Do not fix issues yourself.** Your job is to verify, not to implement.