@codyswann/lisa 2.159.9 → 2.160.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/harper-fabric/create-only/.github/workflows/deploy.yml +82 -0
- package/harper-fabric/create-only/.github/workflows/zap-baseline.yml +56 -0
- package/harper-fabric/create-only/.zap/baseline.conf +21 -0
- package/harper-fabric/create-only/scripts/zap-baseline.sh +107 -0
- package/package.json +1 -1
- package/plugins/lisa/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-agy/plugin.json +1 -1
- package/plugins/lisa-cdk/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk-agy/plugin.json +1 -1
- package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-expo-agy/plugin.json +1 -1
- package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric/skills/harper-build-and-deploy/SKILL.md +24 -4
- package/plugins/lisa-harper-fabric-agy/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-agy/skills/harper-build-and-deploy/SKILL.md +24 -4
- package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-copilot/skills/harper-build-and-deploy/SKILL.md +24 -4
- package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-cursor/skills/harper-build-and-deploy/SKILL.md +24 -4
- package/plugins/lisa-nestjs/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs-agy/plugin.json +1 -1
- package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw-agy/plugin.json +1 -1
- package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-rails-agy/plugin.json +1 -1
- package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript-agy/plugin.json +1 -1
- package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki-agy/plugin.json +1 -1
- package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/src/harper-fabric/skills/harper-build-and-deploy/SKILL.md +24 -4
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
# This file is create-only from Lisa.
|
|
2
|
+
# Customize it for your Harper Fabric target; Lisa will not overwrite it.
|
|
3
|
+
|
|
4
|
+
name: Deploy Harper Fabric
|
|
5
|
+
|
|
6
|
+
on:
|
|
7
|
+
push:
|
|
8
|
+
branches:
|
|
9
|
+
- main
|
|
10
|
+
workflow_dispatch:
|
|
11
|
+
|
|
12
|
+
concurrency:
|
|
13
|
+
group: harper-fabric-deploy-${{ github.ref }}
|
|
14
|
+
cancel-in-progress: true
|
|
15
|
+
|
|
16
|
+
jobs:
|
|
17
|
+
deploy:
|
|
18
|
+
name: Build, deploy, and verify
|
|
19
|
+
runs-on: ubuntu-latest
|
|
20
|
+
timeout-minutes: 30
|
|
21
|
+
env:
|
|
22
|
+
HARPER_PROJECT: ${{ vars.HARPER_PROJECT || github.event.repository.name }}
|
|
23
|
+
HARPER_PACKAGE: ${{ vars.HARPER_PACKAGE || 'harper-app' }}
|
|
24
|
+
CLI_TARGET: ${{ secrets.CLI_TARGET || secrets.HARPER_FABRIC_TARGET }}
|
|
25
|
+
CLI_TARGET_USERNAME: ${{ secrets.CLI_TARGET_USERNAME }}
|
|
26
|
+
CLI_TARGET_PASSWORD: ${{ secrets.CLI_TARGET_PASSWORD }}
|
|
27
|
+
steps:
|
|
28
|
+
- name: Checkout
|
|
29
|
+
uses: actions/checkout@v6
|
|
30
|
+
|
|
31
|
+
- name: Setup Node.js
|
|
32
|
+
uses: actions/setup-node@v6
|
|
33
|
+
with:
|
|
34
|
+
node-version: '22.21.1'
|
|
35
|
+
package-manager-cache: false
|
|
36
|
+
|
|
37
|
+
- name: Setup Bun
|
|
38
|
+
uses: oven-sh/setup-bun@v2
|
|
39
|
+
with:
|
|
40
|
+
bun-version: '1.3.8'
|
|
41
|
+
|
|
42
|
+
- name: Install dependencies
|
|
43
|
+
run: bun install --frozen-lockfile
|
|
44
|
+
|
|
45
|
+
- name: Build Harper component
|
|
46
|
+
run: bun run build
|
|
47
|
+
|
|
48
|
+
- name: Verify Fabric secrets
|
|
49
|
+
run: |
|
|
50
|
+
test -n "${CLI_TARGET}" || { echo "Missing CLI_TARGET or HARPER_FABRIC_TARGET secret"; exit 1; }
|
|
51
|
+
test -n "${CLI_TARGET_USERNAME}" || { echo "Missing CLI_TARGET_USERNAME secret"; exit 1; }
|
|
52
|
+
test -n "${CLI_TARGET_PASSWORD}" || { echo "Missing CLI_TARGET_PASSWORD secret"; exit 1; }
|
|
53
|
+
|
|
54
|
+
- name: Deploy component to Harper Fabric
|
|
55
|
+
run: |
|
|
56
|
+
if command -v harper >/dev/null 2>&1; then
|
|
57
|
+
HARPER_BIN="harper"
|
|
58
|
+
elif [ -x node_modules/.bin/harper ]; then
|
|
59
|
+
HARPER_BIN="node_modules/.bin/harper"
|
|
60
|
+
elif [ -x node_modules/.bin/harperdb ]; then
|
|
61
|
+
HARPER_BIN="node_modules/.bin/harperdb"
|
|
62
|
+
else
|
|
63
|
+
echo "Missing Harper CLI. Add harper/harperdb to devDependencies or install it before deploy."
|
|
64
|
+
exit 1
|
|
65
|
+
fi
|
|
66
|
+
|
|
67
|
+
"$HARPER_BIN" deploy_component \
|
|
68
|
+
project="${HARPER_PROJECT}" \
|
|
69
|
+
package="${HARPER_PACKAGE}" \
|
|
70
|
+
target="${CLI_TARGET}" \
|
|
71
|
+
username="${CLI_TARGET_USERNAME}" \
|
|
72
|
+
password="${CLI_TARGET_PASSWORD}" \
|
|
73
|
+
restart=true \
|
|
74
|
+
replicated=true
|
|
75
|
+
|
|
76
|
+
- name: Smoke verify deployed component
|
|
77
|
+
run: |
|
|
78
|
+
if bun run | grep -qE '^[[:space:]]*verify[[:space:]]'; then
|
|
79
|
+
bun run verify
|
|
80
|
+
else
|
|
81
|
+
echo "No verify script defined; add one to smoke-test the deployed Harper endpoint."
|
|
82
|
+
fi
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
# This file is create-only from Lisa.
|
|
2
|
+
# Customize the target URL and rules for your Harper Fabric app.
|
|
3
|
+
|
|
4
|
+
name: ZAP Baseline
|
|
5
|
+
|
|
6
|
+
on:
|
|
7
|
+
pull_request:
|
|
8
|
+
workflow_dispatch:
|
|
9
|
+
inputs:
|
|
10
|
+
target_url:
|
|
11
|
+
description: URL to scan. Defaults to ZAP_TARGET_URL variable or http://host.docker.internal:9926.
|
|
12
|
+
required: false
|
|
13
|
+
type: string
|
|
14
|
+
|
|
15
|
+
concurrency:
|
|
16
|
+
group: harper-fabric-zap-${{ github.event.pull_request.number || github.ref }}
|
|
17
|
+
cancel-in-progress: true
|
|
18
|
+
|
|
19
|
+
jobs:
|
|
20
|
+
zap:
|
|
21
|
+
name: ZAP baseline scan
|
|
22
|
+
runs-on: ubuntu-latest
|
|
23
|
+
timeout-minutes: 30
|
|
24
|
+
env:
|
|
25
|
+
ZAP_TARGET_URL: ${{ inputs.target_url || vars.ZAP_TARGET_URL || 'http://host.docker.internal:9926' }}
|
|
26
|
+
steps:
|
|
27
|
+
- name: Checkout
|
|
28
|
+
uses: actions/checkout@v6
|
|
29
|
+
|
|
30
|
+
- name: Setup Node.js
|
|
31
|
+
uses: actions/setup-node@v6
|
|
32
|
+
with:
|
|
33
|
+
node-version: '22.21.1'
|
|
34
|
+
package-manager-cache: false
|
|
35
|
+
|
|
36
|
+
- name: Setup Bun
|
|
37
|
+
uses: oven-sh/setup-bun@v2
|
|
38
|
+
with:
|
|
39
|
+
bun-version: '1.3.8'
|
|
40
|
+
|
|
41
|
+
- name: Install dependencies
|
|
42
|
+
run: bun install --frozen-lockfile
|
|
43
|
+
|
|
44
|
+
- name: Run ZAP baseline
|
|
45
|
+
run: bash scripts/zap-baseline.sh
|
|
46
|
+
|
|
47
|
+
- name: Upload ZAP reports
|
|
48
|
+
if: always()
|
|
49
|
+
uses: actions/upload-artifact@v4
|
|
50
|
+
with:
|
|
51
|
+
name: zap-baseline-report
|
|
52
|
+
path: |
|
|
53
|
+
zap-report.html
|
|
54
|
+
zap-report.json
|
|
55
|
+
zap-report.md
|
|
56
|
+
if-no-files-found: ignore
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# OWASP ZAP Baseline Scan Configuration - Harper Fabric apps
|
|
2
|
+
# Format: <rule_id> <action> <description>
|
|
3
|
+
# Actions: IGNORE (skip rule), WARN (report but do not fail), FAIL (fail on finding)
|
|
4
|
+
|
|
5
|
+
# Harper apps often sit behind Fabric/proxy infrastructure that owns transport headers.
|
|
6
|
+
10035 WARN (Strict-Transport-Security Header Not Set)
|
|
7
|
+
10021 WARN (X-Content-Type-Options Header Missing)
|
|
8
|
+
10038 WARN (Content Security Policy (CSP) Header Not Set)
|
|
9
|
+
|
|
10
|
+
# Static/browser surfaces should not disclose implementation details.
|
|
11
|
+
10036 WARN (Server Leaks Version Information via "Server" HTTP Response Header Field)
|
|
12
|
+
10023 FAIL (Information Disclosure - Debug Error Messages)
|
|
13
|
+
|
|
14
|
+
# Session cookies, when present, must carry browser-safe flags.
|
|
15
|
+
10010 FAIL (Cookie No HttpOnly Flag)
|
|
16
|
+
10011 FAIL (Cookie Without Secure Flag)
|
|
17
|
+
10054 WARN (Cookie without SameSite Attribute)
|
|
18
|
+
|
|
19
|
+
# Harper REST/GraphQL endpoints may legitimately expose API-oriented responses.
|
|
20
|
+
10020 WARN (X-Frame-Options Header Not Set)
|
|
21
|
+
10063 WARN (Permissions Policy Header Not Set)
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
# OWASP ZAP Baseline Scan - Harper Fabric app
|
|
3
|
+
# Builds the Harper app, starts it locally when no deployed target is supplied,
|
|
4
|
+
# and runs a ZAP baseline scan via Docker.
|
|
5
|
+
set -euo pipefail
|
|
6
|
+
|
|
7
|
+
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
8
|
+
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
9
|
+
TARGET_URL="${ZAP_TARGET_URL:-http://host.docker.internal:9926}"
|
|
10
|
+
LOCAL_TARGETS=("http://localhost:9926" "http://host.docker.internal:9926")
|
|
11
|
+
SCAN_TARGET_URL="$TARGET_URL"
|
|
12
|
+
ZAP_RULES_FILE="${ZAP_RULES_FILE:-.zap/baseline.conf}"
|
|
13
|
+
REPORT_FILE="zap-report.html"
|
|
14
|
+
SERVER_PID=""
|
|
15
|
+
|
|
16
|
+
cd "$PROJECT_ROOT"
|
|
17
|
+
|
|
18
|
+
if ! command -v docker >/dev/null 2>&1; then
|
|
19
|
+
echo "Error: Docker is required but not installed."
|
|
20
|
+
exit 1
|
|
21
|
+
fi
|
|
22
|
+
|
|
23
|
+
if ! docker info >/dev/null 2>&1; then
|
|
24
|
+
echo "Error: Docker daemon is not running."
|
|
25
|
+
exit 1
|
|
26
|
+
fi
|
|
27
|
+
|
|
28
|
+
echo "==> Building Harper Fabric project..."
|
|
29
|
+
bun run build
|
|
30
|
+
|
|
31
|
+
should_start_local=false
|
|
32
|
+
for local_target in "${LOCAL_TARGETS[@]}"; do
|
|
33
|
+
if [ "$TARGET_URL" = "$local_target" ]; then
|
|
34
|
+
should_start_local=true
|
|
35
|
+
SCAN_TARGET_URL="http://host.docker.internal:9926"
|
|
36
|
+
fi
|
|
37
|
+
done
|
|
38
|
+
|
|
39
|
+
cleanup() {
|
|
40
|
+
if [ -n "${SERVER_PID:-}" ]; then
|
|
41
|
+
echo "==> Stopping Harper app..."
|
|
42
|
+
kill "$SERVER_PID" 2>/dev/null || true
|
|
43
|
+
fi
|
|
44
|
+
}
|
|
45
|
+
trap cleanup EXIT
|
|
46
|
+
|
|
47
|
+
if [ "$should_start_local" = true ]; then
|
|
48
|
+
if command -v harper >/dev/null 2>&1; then
|
|
49
|
+
HARPER_BIN="harper"
|
|
50
|
+
elif [ -x node_modules/.bin/harper ]; then
|
|
51
|
+
HARPER_BIN="node_modules/.bin/harper"
|
|
52
|
+
elif [ -x node_modules/.bin/harperdb ]; then
|
|
53
|
+
HARPER_BIN="node_modules/.bin/harperdb"
|
|
54
|
+
else
|
|
55
|
+
echo "Error: missing Harper CLI. Set ZAP_TARGET_URL to a deployed app or install the Harper CLI."
|
|
56
|
+
exit 1
|
|
57
|
+
fi
|
|
58
|
+
|
|
59
|
+
echo "==> Starting Harper app locally..."
|
|
60
|
+
"$HARPER_BIN" run harper-app &
|
|
61
|
+
SERVER_PID=$!
|
|
62
|
+
|
|
63
|
+
echo "==> Waiting for Harper app..."
|
|
64
|
+
retries=30
|
|
65
|
+
until curl -sf http://localhost:9926 >/dev/null 2>&1 || [ "$retries" -eq 0 ]; do
|
|
66
|
+
retries=$((retries - 1))
|
|
67
|
+
sleep 2
|
|
68
|
+
done
|
|
69
|
+
|
|
70
|
+
if [ "$retries" -eq 0 ]; then
|
|
71
|
+
echo "Error: Harper app did not become reachable at http://localhost:9926"
|
|
72
|
+
exit 1
|
|
73
|
+
fi
|
|
74
|
+
fi
|
|
75
|
+
|
|
76
|
+
echo "==> Running OWASP ZAP baseline scan against $SCAN_TARGET_URL..."
|
|
77
|
+
zap_args="-t $SCAN_TARGET_URL"
|
|
78
|
+
|
|
79
|
+
if [ -f "$ZAP_RULES_FILE" ]; then
|
|
80
|
+
echo " Using rules file: $ZAP_RULES_FILE"
|
|
81
|
+
zap_args="$zap_args -c /zap/wrk/$(basename "$ZAP_RULES_FILE")"
|
|
82
|
+
mount_rules="-v $(dirname "$(realpath "$ZAP_RULES_FILE")"):/zap/wrk:ro"
|
|
83
|
+
else
|
|
84
|
+
mount_rules=""
|
|
85
|
+
fi
|
|
86
|
+
|
|
87
|
+
docker run --rm \
|
|
88
|
+
--add-host=host.docker.internal:host-gateway \
|
|
89
|
+
-v "$(pwd)":/zap/wrk/:rw \
|
|
90
|
+
$mount_rules \
|
|
91
|
+
ghcr.io/zaproxy/zaproxy:stable \
|
|
92
|
+
zap-baseline.py $zap_args \
|
|
93
|
+
-r "$REPORT_FILE" \
|
|
94
|
+
-J zap-report.json \
|
|
95
|
+
-w zap-report.md \
|
|
96
|
+
-l WARN || zap_exit=$?
|
|
97
|
+
|
|
98
|
+
if [ -f "$REPORT_FILE" ]; then
|
|
99
|
+
echo "ZAP report saved to: $REPORT_FILE"
|
|
100
|
+
fi
|
|
101
|
+
|
|
102
|
+
if [ "${zap_exit:-0}" -ne 0 ]; then
|
|
103
|
+
echo "ZAP found medium+ severity findings (exit code: $zap_exit)."
|
|
104
|
+
exit "$zap_exit"
|
|
105
|
+
fi
|
|
106
|
+
|
|
107
|
+
echo "ZAP baseline scan passed."
|
package/package.json
CHANGED
|
@@ -84,7 +84,7 @@
|
|
|
84
84
|
"lodash": ">=4.18.1"
|
|
85
85
|
},
|
|
86
86
|
"name": "@codyswann/lisa",
|
|
87
|
-
"version": "2.
|
|
87
|
+
"version": "2.160.0",
|
|
88
88
|
"description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
|
|
89
89
|
"main": "dist/index.js",
|
|
90
90
|
"exports": {
|
|
@@ -53,8 +53,25 @@ relevant deployed or smoke path agree.
|
|
|
53
53
|
|
|
54
54
|
## Deploying to Fabric
|
|
55
55
|
|
|
56
|
-
Fabric is Harper's distributed deploy network.
|
|
57
|
-
|
|
56
|
+
Fabric is Harper's distributed deploy network. Lisa ships a create-only GitHub
|
|
57
|
+
Actions workflow at `.github/workflows/deploy.yml` for Harper/Fabric projects. Use
|
|
58
|
+
that workflow as the canonical deployment path for repositories that have adopted
|
|
59
|
+
the template: it builds the project, runs `harper deploy_component` against the
|
|
60
|
+
configured Fabric target, and then runs the project's smoke verification script.
|
|
61
|
+
|
|
62
|
+
Required GitHub secrets:
|
|
63
|
+
|
|
64
|
+
- `CLI_TARGET` or `HARPER_FABRIC_TARGET` — Fabric target URL.
|
|
65
|
+
- `CLI_TARGET_USERNAME` — deploy username.
|
|
66
|
+
- `CLI_TARGET_PASSWORD` — deploy password.
|
|
67
|
+
|
|
68
|
+
Optional GitHub variables:
|
|
69
|
+
|
|
70
|
+
- `HARPER_PROJECT` — Fabric project name; defaults to the repository name.
|
|
71
|
+
- `HARPER_PACKAGE` — package path; defaults to `harper-app`.
|
|
72
|
+
|
|
73
|
+
For local debugging or one-off deploys, the equivalent CLI command packages the
|
|
74
|
+
component and sends it to a target instance:
|
|
58
75
|
|
|
59
76
|
```bash
|
|
60
77
|
harper deploy_component \
|
|
@@ -85,8 +102,11 @@ env var, which store) without recording their values.
|
|
|
85
102
|
1. `bun run build` — produces fresh `resources.js` / `web/**`.
|
|
86
103
|
2. `bun run typecheck`.
|
|
87
104
|
3. The smallest relevant test command.
|
|
88
|
-
4. For deploy-affecting changes, the
|
|
89
|
-
|
|
105
|
+
4. For deploy-affecting changes, run the create-only GitHub deploy workflow when
|
|
106
|
+
available, or manually run `harper deploy_component` plus the project **smoke
|
|
107
|
+
command** against the local or deployed Harper endpoint.
|
|
108
|
+
5. For public HTTP surfaces, run the create-only ZAP baseline workflow or
|
|
109
|
+
`bash scripts/zap-baseline.sh` with `ZAP_TARGET_URL` set to the deployed app.
|
|
90
110
|
|
|
91
111
|
If a verification command cannot run, report the exact command and the blocker —
|
|
92
112
|
do not claim completion. When you hit a Harper/Fabric limitation or workaround,
|
|
@@ -53,8 +53,25 @@ relevant deployed or smoke path agree.
|
|
|
53
53
|
|
|
54
54
|
## Deploying to Fabric
|
|
55
55
|
|
|
56
|
-
Fabric is Harper's distributed deploy network.
|
|
57
|
-
|
|
56
|
+
Fabric is Harper's distributed deploy network. Lisa ships a create-only GitHub
|
|
57
|
+
Actions workflow at `.github/workflows/deploy.yml` for Harper/Fabric projects. Use
|
|
58
|
+
that workflow as the canonical deployment path for repositories that have adopted
|
|
59
|
+
the template: it builds the project, runs `harper deploy_component` against the
|
|
60
|
+
configured Fabric target, and then runs the project's smoke verification script.
|
|
61
|
+
|
|
62
|
+
Required GitHub secrets:
|
|
63
|
+
|
|
64
|
+
- `CLI_TARGET` or `HARPER_FABRIC_TARGET` — Fabric target URL.
|
|
65
|
+
- `CLI_TARGET_USERNAME` — deploy username.
|
|
66
|
+
- `CLI_TARGET_PASSWORD` — deploy password.
|
|
67
|
+
|
|
68
|
+
Optional GitHub variables:
|
|
69
|
+
|
|
70
|
+
- `HARPER_PROJECT` — Fabric project name; defaults to the repository name.
|
|
71
|
+
- `HARPER_PACKAGE` — package path; defaults to `harper-app`.
|
|
72
|
+
|
|
73
|
+
For local debugging or one-off deploys, the equivalent CLI command packages the
|
|
74
|
+
component and sends it to a target instance:
|
|
58
75
|
|
|
59
76
|
```bash
|
|
60
77
|
harper deploy_component \
|
|
@@ -85,8 +102,11 @@ env var, which store) without recording their values.
|
|
|
85
102
|
1. `bun run build` — produces fresh `resources.js` / `web/**`.
|
|
86
103
|
2. `bun run typecheck`.
|
|
87
104
|
3. The smallest relevant test command.
|
|
88
|
-
4. For deploy-affecting changes, the
|
|
89
|
-
|
|
105
|
+
4. For deploy-affecting changes, run the create-only GitHub deploy workflow when
|
|
106
|
+
available, or manually run `harper deploy_component` plus the project **smoke
|
|
107
|
+
command** against the local or deployed Harper endpoint.
|
|
108
|
+
5. For public HTTP surfaces, run the create-only ZAP baseline workflow or
|
|
109
|
+
`bash scripts/zap-baseline.sh` with `ZAP_TARGET_URL` set to the deployed app.
|
|
90
110
|
|
|
91
111
|
If a verification command cannot run, report the exact command and the blocker —
|
|
92
112
|
do not claim completion. When you hit a Harper/Fabric limitation or workaround,
|
|
@@ -53,8 +53,25 @@ relevant deployed or smoke path agree.
|
|
|
53
53
|
|
|
54
54
|
## Deploying to Fabric
|
|
55
55
|
|
|
56
|
-
Fabric is Harper's distributed deploy network.
|
|
57
|
-
|
|
56
|
+
Fabric is Harper's distributed deploy network. Lisa ships a create-only GitHub
|
|
57
|
+
Actions workflow at `.github/workflows/deploy.yml` for Harper/Fabric projects. Use
|
|
58
|
+
that workflow as the canonical deployment path for repositories that have adopted
|
|
59
|
+
the template: it builds the project, runs `harper deploy_component` against the
|
|
60
|
+
configured Fabric target, and then runs the project's smoke verification script.
|
|
61
|
+
|
|
62
|
+
Required GitHub secrets:
|
|
63
|
+
|
|
64
|
+
- `CLI_TARGET` or `HARPER_FABRIC_TARGET` — Fabric target URL.
|
|
65
|
+
- `CLI_TARGET_USERNAME` — deploy username.
|
|
66
|
+
- `CLI_TARGET_PASSWORD` — deploy password.
|
|
67
|
+
|
|
68
|
+
Optional GitHub variables:
|
|
69
|
+
|
|
70
|
+
- `HARPER_PROJECT` — Fabric project name; defaults to the repository name.
|
|
71
|
+
- `HARPER_PACKAGE` — package path; defaults to `harper-app`.
|
|
72
|
+
|
|
73
|
+
For local debugging or one-off deploys, the equivalent CLI command packages the
|
|
74
|
+
component and sends it to a target instance:
|
|
58
75
|
|
|
59
76
|
```bash
|
|
60
77
|
harper deploy_component \
|
|
@@ -85,8 +102,11 @@ env var, which store) without recording their values.
|
|
|
85
102
|
1. `bun run build` — produces fresh `resources.js` / `web/**`.
|
|
86
103
|
2. `bun run typecheck`.
|
|
87
104
|
3. The smallest relevant test command.
|
|
88
|
-
4. For deploy-affecting changes, the
|
|
89
|
-
|
|
105
|
+
4. For deploy-affecting changes, run the create-only GitHub deploy workflow when
|
|
106
|
+
available, or manually run `harper deploy_component` plus the project **smoke
|
|
107
|
+
command** against the local or deployed Harper endpoint.
|
|
108
|
+
5. For public HTTP surfaces, run the create-only ZAP baseline workflow or
|
|
109
|
+
`bash scripts/zap-baseline.sh` with `ZAP_TARGET_URL` set to the deployed app.
|
|
90
110
|
|
|
91
111
|
If a verification command cannot run, report the exact command and the blocker —
|
|
92
112
|
do not claim completion. When you hit a Harper/Fabric limitation or workaround,
|
|
@@ -53,8 +53,25 @@ relevant deployed or smoke path agree.
|
|
|
53
53
|
|
|
54
54
|
## Deploying to Fabric
|
|
55
55
|
|
|
56
|
-
Fabric is Harper's distributed deploy network.
|
|
57
|
-
|
|
56
|
+
Fabric is Harper's distributed deploy network. Lisa ships a create-only GitHub
|
|
57
|
+
Actions workflow at `.github/workflows/deploy.yml` for Harper/Fabric projects. Use
|
|
58
|
+
that workflow as the canonical deployment path for repositories that have adopted
|
|
59
|
+
the template: it builds the project, runs `harper deploy_component` against the
|
|
60
|
+
configured Fabric target, and then runs the project's smoke verification script.
|
|
61
|
+
|
|
62
|
+
Required GitHub secrets:
|
|
63
|
+
|
|
64
|
+
- `CLI_TARGET` or `HARPER_FABRIC_TARGET` — Fabric target URL.
|
|
65
|
+
- `CLI_TARGET_USERNAME` — deploy username.
|
|
66
|
+
- `CLI_TARGET_PASSWORD` — deploy password.
|
|
67
|
+
|
|
68
|
+
Optional GitHub variables:
|
|
69
|
+
|
|
70
|
+
- `HARPER_PROJECT` — Fabric project name; defaults to the repository name.
|
|
71
|
+
- `HARPER_PACKAGE` — package path; defaults to `harper-app`.
|
|
72
|
+
|
|
73
|
+
For local debugging or one-off deploys, the equivalent CLI command packages the
|
|
74
|
+
component and sends it to a target instance:
|
|
58
75
|
|
|
59
76
|
```bash
|
|
60
77
|
harper deploy_component \
|
|
@@ -85,8 +102,11 @@ env var, which store) without recording their values.
|
|
|
85
102
|
1. `bun run build` — produces fresh `resources.js` / `web/**`.
|
|
86
103
|
2. `bun run typecheck`.
|
|
87
104
|
3. The smallest relevant test command.
|
|
88
|
-
4. For deploy-affecting changes, the
|
|
89
|
-
|
|
105
|
+
4. For deploy-affecting changes, run the create-only GitHub deploy workflow when
|
|
106
|
+
available, or manually run `harper deploy_component` plus the project **smoke
|
|
107
|
+
command** against the local or deployed Harper endpoint.
|
|
108
|
+
5. For public HTTP surfaces, run the create-only ZAP baseline workflow or
|
|
109
|
+
`bash scripts/zap-baseline.sh` with `ZAP_TARGET_URL` set to the deployed app.
|
|
90
110
|
|
|
91
111
|
If a verification command cannot run, report the exact command and the blocker —
|
|
92
112
|
do not claim completion. When you hit a Harper/Fabric limitation or workaround,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lisa-openclaw",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.160.0",
|
|
4
4
|
"description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Cody Swann"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lisa-openclaw",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.160.0",
|
|
4
4
|
"description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, across Claude and Codex.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Cody Swann"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lisa-openclaw",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.160.0",
|
|
4
4
|
"description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Cody Swann"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lisa-openclaw",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.160.0",
|
|
4
4
|
"description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Cody Swann"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lisa-openclaw",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.160.0",
|
|
4
4
|
"description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Cody Swann"
|
|
@@ -53,8 +53,25 @@ relevant deployed or smoke path agree.
|
|
|
53
53
|
|
|
54
54
|
## Deploying to Fabric
|
|
55
55
|
|
|
56
|
-
Fabric is Harper's distributed deploy network.
|
|
57
|
-
|
|
56
|
+
Fabric is Harper's distributed deploy network. Lisa ships a create-only GitHub
|
|
57
|
+
Actions workflow at `.github/workflows/deploy.yml` for Harper/Fabric projects. Use
|
|
58
|
+
that workflow as the canonical deployment path for repositories that have adopted
|
|
59
|
+
the template: it builds the project, runs `harper deploy_component` against the
|
|
60
|
+
configured Fabric target, and then runs the project's smoke verification script.
|
|
61
|
+
|
|
62
|
+
Required GitHub secrets:
|
|
63
|
+
|
|
64
|
+
- `CLI_TARGET` or `HARPER_FABRIC_TARGET` — Fabric target URL.
|
|
65
|
+
- `CLI_TARGET_USERNAME` — deploy username.
|
|
66
|
+
- `CLI_TARGET_PASSWORD` — deploy password.
|
|
67
|
+
|
|
68
|
+
Optional GitHub variables:
|
|
69
|
+
|
|
70
|
+
- `HARPER_PROJECT` — Fabric project name; defaults to the repository name.
|
|
71
|
+
- `HARPER_PACKAGE` — package path; defaults to `harper-app`.
|
|
72
|
+
|
|
73
|
+
For local debugging or one-off deploys, the equivalent CLI command packages the
|
|
74
|
+
component and sends it to a target instance:
|
|
58
75
|
|
|
59
76
|
```bash
|
|
60
77
|
harper deploy_component \
|
|
@@ -85,8 +102,11 @@ env var, which store) without recording their values.
|
|
|
85
102
|
1. `bun run build` — produces fresh `resources.js` / `web/**`.
|
|
86
103
|
2. `bun run typecheck`.
|
|
87
104
|
3. The smallest relevant test command.
|
|
88
|
-
4. For deploy-affecting changes, the
|
|
89
|
-
|
|
105
|
+
4. For deploy-affecting changes, run the create-only GitHub deploy workflow when
|
|
106
|
+
available, or manually run `harper deploy_component` plus the project **smoke
|
|
107
|
+
command** against the local or deployed Harper endpoint.
|
|
108
|
+
5. For public HTTP surfaces, run the create-only ZAP baseline workflow or
|
|
109
|
+
`bash scripts/zap-baseline.sh` with `ZAP_TARGET_URL` set to the deployed app.
|
|
90
110
|
|
|
91
111
|
If a verification command cannot run, report the exact command and the blocker —
|
|
92
112
|
do not claim completion. When you hit a Harper/Fabric limitation or workaround,
|