@codemcp/ade-harnesses 0.0.2 → 0.1.1

package/src/writers/cursor.spec.ts

@@ -2,9 +2,57 @@ import { describe, it, expect, beforeEach, afterEach } from "vitest";
 import { mkdtemp, rm, readFile } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  PermissionPolicy
+} from "@codemcp/ade-core";
 import { cursorWriter } from "./cursor.js";
 
+function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
+  switch (profile) {
+    case "rigid":
+      return {
+        profile,
+        capabilities: {
+          read: "ask",
+          edit_write: "ask",
+          search_list: "ask",
+          bash_safe: "ask",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "ask"
+        }
+      };
+    case "sensible-defaults":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+    case "max-autonomy":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "allow",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+  }
+}
+
 describe("cursorWriter", () => {
   let dir: string;
 
@@ -71,6 +119,61 @@ describe("cursorWriter", () => {
     expect(content).toContain("Use conventional commits.");
   });
 
+  it("documents autonomy limits in Cursor rules without inventing built-in permission config", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {},
+          allowedTools: ["whats_next"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: [],
+      permission_policy: autonomyPolicy("sensible-defaults")
+    };
+
+    await cursorWriter.install(config, dir);
+
+    const content = await readFile(
+      join(dir, ".cursor", "rules", "ade.mdc"),
+      "utf-8"
+    );
+    expect(content).toContain(
+      "Cursor autonomy note (documented, not enforced): sensible-defaults."
+    );
+    expect(content).toContain(
+      "Cursor has no verified committed project-local built-in ask/allow/deny config surface"
+    );
+    expect(content).toContain(
+      "Prefer handling these built-in capabilities without extra approval when Cursor permits it: read project files, edit and write project files, search and list project contents, run safe local shell commands, delegate or decompose work into agent tasks."
+    );
+    expect(content).toContain(
+      "Request approval before these capabilities: run high-impact shell commands, use web or network access."
+    );
+    expect(content).toContain(
+      "Web and network access must remain approval-gated."
+    );
+    expect(content).toContain(
+      "MCP server registration stays in .cursor/mcp.json; MCP tool approvals remain owned by provisioning"
+    );
+
+    const raw = await readFile(join(dir, ".cursor", "mcp.json"), "utf-8");
+    const parsed = JSON.parse(raw);
+    expect(parsed).not.toHaveProperty("permissions");
+    expect(parsed.mcpServers["workflows"]).toEqual({
+      command: "npx",
+      args: ["-y", "@codemcp/workflows"]
+    });
+    expect(parsed.mcpServers["workflows"]).not.toHaveProperty("allowedTools");
+  });
+
   it("includes agentskills server from mcp_servers", async () => {
     const config: LogicalConfig = {
       mcp_servers: [

package/src/writers/cursor.ts

@@ -1,8 +1,33 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type { AutonomyCapability, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import { writeMcpServers, writeGitHooks } from "../util.js";
+import {
+  getAutonomyProfile,
+  getCapabilityDecision,
+  hasPermissionPolicy
+} from "../permission-policy.js";
+
+const CURSOR_CAPABILITY_ORDER: AutonomyCapability[] = [
+  "read",
+  "edit_write",
+  "search_list",
+  "bash_safe",
+  "bash_unsafe",
+  "web",
+  "task_agent"
+];
+
+const CURSOR_CAPABILITY_LABELS: Record<AutonomyCapability, string> = {
+  read: "read project files",
+  edit_write: "edit and write project files",
+  search_list: "search and list project contents",
+  bash_safe: "run safe local shell commands",
+  bash_unsafe: "run high-impact shell commands",
+  web: "use web or network access",
+  task_agent: "delegate or decompose work into agent tasks"
+};
 
 export const cursorWriter: HarnessWriter = {
   id: "cursor",
@@ -13,7 +38,9 @@ export const cursorWriter: HarnessWriter = {
       path: join(projectRoot, ".cursor", "mcp.json")
     });
 
-    if (config.instructions.length > 0) {
+    const rulesBody = getCursorRulesBody(config);
+
+    if (rulesBody.length > 0) {
       const rulesDir = join(projectRoot, ".cursor", "rules");
       await mkdir(rulesDir, { recursive: true });
 
@@ -23,7 +50,7 @@ export const cursorWriter: HarnessWriter = {
         "globs: *",
         "---",
         "",
-        ...config.instructions.flatMap((i) => [i, ""])
+        ...rulesBody.flatMap((line) => [line, ""])
       ].join("\n");
 
       await writeFile(join(rulesDir, "ade.mdc"), content, "utf-8");
@@ -31,3 +58,38 @@ export const cursorWriter: HarnessWriter = {
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
+
+function getCursorRulesBody(config: LogicalConfig): string[] {
+  return [...config.instructions, ...getCursorAutonomyNotes(config)];
+}
+
+function getCursorAutonomyNotes(config: LogicalConfig): string[] {
+  if (!hasPermissionPolicy(config)) {
+    return [];
+  }
+
+  const allowedCapabilities = CURSOR_CAPABILITY_ORDER.filter(
+    (capability) => getCapabilityDecision(config, capability) === "allow"
+  ).map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+
+  const approvalGatedCapabilities = CURSOR_CAPABILITY_ORDER.filter(
+    (capability) => getCapabilityDecision(config, capability) === "ask"
+  ).map((capability) => CURSOR_CAPABILITY_LABELS[capability]);
+
+  return [
+    `Cursor autonomy note (documented, not enforced): ${getAutonomyProfile(config) ?? "custom"}.`,
+    "Cursor has no verified committed project-local built-in ask/allow/deny config surface, so ADE documents autonomy intent here instead of writing unsupported permission config.",
+    ...(allowedCapabilities.length > 0
+      ? [
+          `Prefer handling these built-in capabilities without extra approval when Cursor permits it: ${allowedCapabilities.join(", ")}.`
+        ]
+      : []),
+    ...(approvalGatedCapabilities.length > 0
+      ? [
+          `Request approval before these capabilities: ${approvalGatedCapabilities.join(", ")}.`
+        ]
+      : []),
+    "Web and network access must remain approval-gated.",
+    "MCP server registration stays in .cursor/mcp.json; MCP tool approvals remain owned by provisioning and are not enforced or re-modeled in this rules file."
+  ];
+}

package/src/writers/kiro.spec.ts

@@ -0,0 +1,228 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm, readFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  PermissionPolicy
+} from "@codemcp/ade-core";
+import { kiroWriter } from "./kiro.js";
+
+function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
+  switch (profile) {
+    case "rigid":
+      return {
+        profile,
+        capabilities: {
+          read: "ask",
+          edit_write: "ask",
+          search_list: "ask",
+          bash_safe: "ask",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "ask"
+        }
+      };
+    case "sensible-defaults":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+    case "max-autonomy":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "allow",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+  }
+}
+
+describe("kiroWriter", () => {
+  let dir: string;
+
+  beforeEach(async () => {
+    dir = await mkdtemp(join(tmpdir(), "ade-harness-kiro-"));
+  });
+
+  afterEach(async () => {
+    await rm(dir, { recursive: true, force: true });
+  });
+
+  it("has correct metadata", () => {
+    expect(kiroWriter.id).toBe("kiro");
+    expect(kiroWriter.label).toBe("Kiro");
+    expect(kiroWriter.description).toContain(".kiro/agents/ade.json");
+  });
+
+  it("writes a JSON Kiro agent with documented built-in tool selectors", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {}
+        }
+      ],
+      instructions: ["Use project workflows."],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await kiroWriter.install(config, dir);
+
+    const raw = await readFile(
+      join(dir, ".kiro", "agents", "ade.json"),
+      "utf-8"
+    );
+    const content = JSON.parse(raw);
+
+    expect(content.name).toBe("ade");
+    expect(content.mcpServers.workflows).toEqual({
+      command: "npx",
+      args: ["-y", "@codemcp/workflows"],
+      autoApprove: ["*"]
+    });
+    expect(content.tools).toEqual([
+      "read",
+      "write",
+      "shell",
+      "spec",
+      "@workflows/*"
+    ]);
+    expect(content.allowedTools).toEqual([
+      "read",
+      "write",
+      "shell",
+      "spec",
+      "@workflows/*"
+    ]);
+    expect(content.useLegacyMcpJson).toBe(true);
+    expect(content.tools).not.toContain("@workflows");
+    expect(content.prompt).toContain("Use project workflows.");
+  });
+
+  it("writes Kiro MCP settings and forwards provisioning trust via autoApprove", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: { NODE_ENV: "test" },
+          allowedTools: ["use_skill", "whats_next"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await kiroWriter.install(config, dir);
+
+    const raw = await readFile(
+      join(dir, ".kiro", "settings", "mcp.json"),
+      "utf-8"
+    );
+    const parsed = JSON.parse(raw);
+
+    expect(parsed.mcpServers.workflows).toEqual({
+      command: "npx",
+      args: ["-y", "@codemcp/workflows"],
+      env: { NODE_ENV: "test" },
+      autoApprove: ["use_skill", "whats_next"]
+    });
+  });
+
+  it("maps autonomy only to built-in selectors and keeps web approval-gated", async () => {
+    const rigidRoot = join(dir, "rigid");
+    const maxRoot = join(dir, "max");
+
+    const baseConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {},
+          allowedTools: ["*"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    } satisfies LogicalConfig;
+
+    const rigidConfig: LogicalConfig = {
+      ...baseConfig,
+      permission_policy: autonomyPolicy("rigid")
+    };
+
+    const maxConfig: LogicalConfig = {
+      ...baseConfig,
+      permission_policy: autonomyPolicy("max-autonomy")
+    };
+
+    await kiroWriter.install(rigidConfig, rigidRoot);
+    await kiroWriter.install(maxConfig, maxRoot);
+
+    const rigidAgent = JSON.parse(
+      await readFile(join(rigidRoot, ".kiro", "agents", "ade.json"), "utf-8")
+    );
+    const maxAgent = JSON.parse(
+      await readFile(join(maxRoot, ".kiro", "agents", "ade.json"), "utf-8")
+    );
+    const rigidMcp = JSON.parse(
+      await readFile(join(rigidRoot, ".kiro", "settings", "mcp.json"), "utf-8")
+    );
+    const maxMcp = JSON.parse(
+      await readFile(join(maxRoot, ".kiro", "settings", "mcp.json"), "utf-8")
+    );
+
+    expect(rigidAgent.tools).toContain("read");
+    expect(rigidAgent.tools).toContain("spec");
+    expect(rigidAgent.tools).toContain("@workflows/*");
+    expect(rigidAgent.allowedTools).toContain("@workflows/*");
+    expect(rigidAgent.mcpServers.workflows.autoApprove).toEqual(["*"]);
+    expect(rigidAgent.tools).not.toContain("write");
+    expect(rigidAgent.tools).not.toContain("shell");
+    expect(rigidAgent.tools).not.toContain("web");
+
+    expect(maxAgent.tools).toContain("read");
+    expect(maxAgent.tools).toContain("write");
+    expect(maxAgent.tools).toContain("shell");
+    expect(maxAgent.tools).toContain("spec");
+    expect(maxAgent.tools).toContain("@workflows/*");
+    expect(maxAgent.allowedTools).toContain("@workflows/*");
+    expect(maxAgent.mcpServers.workflows.autoApprove).toEqual(["*"]);
+    expect(maxAgent.tools).not.toContain("web");
+
+    expect(rigidMcp.mcpServers.workflows.autoApprove).toEqual(["*"]);
+    expect(maxMcp.mcpServers.workflows.autoApprove).toEqual(["*"]);
+  });
+});

package/src/writers/kiro.ts

@@ -1,52 +1,89 @@
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type { LogicalConfig, McpServerEntry } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
-import { standardEntry, writeJson, writeGitHooks } from "../util.js";
+import {
+  standardEntry,
+  writeGitHooks,
+  writeJson,
+  writeMcpServers
+} from "../util.js";
+import {
+  allowsCapability,
+  getCapabilityDecision,
+  hasPermissionPolicy
+} from "../permission-policy.js";
 
 export const kiroWriter: HarnessWriter = {
   id: "kiro",
   label: "Kiro",
-  description: "AWS AI IDE — .kiro/agents/ade.json",
+  description: "AWS AI IDE — .kiro/agents/ade.json + .kiro/settings/mcp.json",
   async install(config: LogicalConfig, projectRoot: string) {
-    const servers = config.mcp_servers;
-    if (servers.length > 0 || config.instructions.length > 0) {
-      const mcpServers: Record<string, unknown> = {};
-      for (const s of servers) {
-        mcpServers[s.ref] = standardEntry(s);
-      }
+    await writeMcpServers(config.mcp_servers, {
+      path: join(projectRoot, ".kiro", "settings", "mcp.json"),
+      transform: (server) => ({
+        ...standardEntry(server),
+        autoApprove: server.allowedTools ?? ["*"]
+      })
+    });
 
-      const tools: string[] = [
-        "execute_bash",
-        "fs_read",
-        "fs_write",
-        "knowledge",
-        "thinking",
-        ...Object.keys(mcpServers).map((n) => `@${n}`)
-      ];
-
-      const allowedTools: string[] = [];
-      for (const s of servers) {
-        const explicit = s.allowedTools;
-        if (explicit && !explicit.includes("*")) {
-          for (const tool of explicit) {
-            allowedTools.push(`@${s.ref}/${tool}`);
-          }
-        } else {
-          allowedTools.push(`@${s.ref}/*`);
-        }
-      }
+    await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
+      name: "ade",
+      description:
+        "ADE — Agentic Development Environment agent with project conventions and tools.",
+      prompt:
+        config.instructions.join("\n\n") ||
+        "ADE — Agentic Development Environment agent.",
+      mcpServers: getKiroAgentMcpServers(config.mcp_servers),
+      tools: getKiroTools(config),
+      allowedTools: getKiroAllowedTools(config),
+      useLegacyMcpJson: true
+    });
 
-      await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
-        name: "ade",
-        prompt:
-          config.instructions.length > 0
-            ? config.instructions.join("\n\n")
-            : "ADE — Agentic Development Environment agent",
-        mcpServers,
-        tools,
-        allowedTools
-      });
-    }
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
+
+function getKiroTools(config: LogicalConfig): string[] {
+  const mcpTools = getKiroForwardedMcpTools(config.mcp_servers);
+
+  if (!hasPermissionPolicy(config)) {
+    return ["read", "write", "shell", "spec", ...mcpTools];
+  }
+
+  return [
+    ...(getCapabilityDecision(config, "read") !== "deny" ? ["read"] : []),
+    ...(allowsCapability(config, "edit_write") ? ["write"] : []),
+    ...(allowsCapability(config, "bash_unsafe") ? ["shell"] : []),
+    "spec",
+    ...mcpTools
+  ];
+}
+
+function getKiroAllowedTools(config: LogicalConfig): string[] {
+  return getKiroTools(config);
+}
+
+function getKiroForwardedMcpTools(servers: McpServerEntry[]): string[] {
+  return servers.flatMap((server) => {
+    const allowedTools = server.allowedTools ?? ["*"];
+    if (allowedTools.includes("*")) {
+      return [`@${server.ref}/*`];
+    }
+
+    return allowedTools.map((tool) => `@${server.ref}/${tool}`);
+  });
+}
+
+function getKiroAgentMcpServers(
+  servers: McpServerEntry[]
+): Record<string, Record<string, unknown>> {
+  return Object.fromEntries(
+    servers.map((server) => [
+      server.ref,
+      {
+        ...standardEntry(server),
+        autoApprove: server.allowedTools ?? ["*"]
+      }
+    ])
+  );
+}