@fusionkit/ensemble 0.1.0

package/dist/agent.d.ts

@@ -0,0 +1,21 @@
+import type { HarnessAdapter } from "./harness.js";
+export type AgentHarnessOptions = {
+    id?: string;
+    /** Per-candidate OpenAI-compatible base URL keyed by `EnsembleModel.id`. */
+    modelEndpoints: Record<string, string>;
+    /** Used when a model has no per-model endpoint. */
+    fallbackBaseUrl?: string;
+    apiKey?: string;
+    maxSteps?: number;
+    /** Per-`run` shell-command timeout (ms). */
+    timeoutMs?: number;
+    /** Overall wall-clock budget for one model's agent run (ms). */
+    modelTimeoutMs?: number;
+    /** Observability correlation id; when set, each candidate is traced. */
+    traceId?: string;
+    /** Session root span; candidate spans parent under it for a correct tree. */
+    parentSpanId?: string;
+    /** User-turn index this panel run belongs to (stamped on candidate events). */
+    turn?: number;
+};
+export declare function createAgentHarness(options: AgentHarnessOptions): HarnessAdapter;

package/dist/agent.js

@@ -0,0 +1,186 @@
+import { runWorktreeAgent } from "@fusionkit/adapter-ai-sdk";
+import { artifactHash, emitTrace, newSpanId } from "@fusionkit/protocol";
+/**
+ * The uniform panel agent for trajectory-level fusion. Each panel model drives
+ * a real AI SDK tool loop (read/list/grep/write/run) over its own git worktree
+ * and produces a normalized trajectory. The same agent runs for every model, so
+ * trajectories are directly comparable and only the model varies.
+ */
+/** Wall-clock budget for a single panel model's agent run (model + tools). */
+const DEFAULT_MODEL_TIMEOUT_MS = 10 * 60 * 1000;
+/**
+ * Verification is a signal, not a gate: if the agent ran a command (e.g. tests)
+ * the last observed exit code becomes the trajectory's verification status.
+ */
+function deriveVerification(steps) {
+    let lastExitCode;
+    for (const step of steps) {
+        // The `run` tool always prefixes its observation with `exit_code=<n>`; anchor
+        // to the start so unrelated tool output that happens to contain the substring
+        // cannot be mistaken for a command result.
+        if (step.type === "observation" && typeof step.text === "string") {
+            const match = step.text.match(/^exit_code=(-?\d+)/);
+            if (match)
+                lastExitCode = Number(match[1]);
+        }
+    }
+    if (lastExitCode === undefined)
+        return undefined;
+    return {
+        status: lastExitCode === 0 ? "succeeded" : "failed",
+        evidence: [`exit_code=${lastExitCode}`],
+        exitCode: lastExitCode
+    };
+}
+export function createAgentHarness(options) {
+    const id = options.id ?? "agent";
+    return {
+        id,
+        harnessKind: "generic",
+        prepare: () => ({ id, timeoutMs: options.timeoutMs }),
+        capabilities: () => ({
+            shell_command: "supported",
+            artifact_capture: "supported",
+            verification: "supported",
+            tool_call_loop: "supported"
+        }),
+        verificationProfile: () => ({
+            id: `${id}-verification`,
+            requiredEvidence: ["agent trajectory", "final output"]
+        }),
+        run: async ({ descriptor, model, ordinal, worktree }) => {
+            const baseUrl = options.modelEndpoints[model.id] ?? options.fallbackBaseUrl;
+            if (baseUrl === undefined) {
+                throw new Error(`no model endpoint configured for panel model "${model.id}"`);
+            }
+            const root = worktree?.path ?? process.cwd();
+            const candidateId = `${descriptor.id}_${model.id}_${ordinal}`;
+            const executionId = `exec_${candidateId}`;
+            const planId = `plan_${candidateId}`;
+            const traceId = options.traceId;
+            const candidateSpan = newSpanId();
+            if (traceId !== undefined) {
+                emitTrace({
+                    component: "panel-model",
+                    event_type: "harness.candidate.started",
+                    traceId,
+                    spanId: candidateSpan,
+                    ...(options.parentSpanId !== undefined ? { parentSpanId: options.parentSpanId } : {}),
+                    candidateId,
+                    modelId: model.id,
+                    payload: {
+                        model: model.model,
+                        ...(options.turn !== undefined ? { turn: options.turn } : {}),
+                        ...(worktree ? { branch_name: worktree.branchName, worktree_path: worktree.path } : {})
+                    }
+                });
+            }
+            // Bound the whole agent run so a hung model HTTP call cannot wedge a
+            // candidate forever (the per-command timeout only bounds `run`).
+            const modelTimeoutMs = options.modelTimeoutMs ?? DEFAULT_MODEL_TIMEOUT_MS;
+            const result = await runWorktreeAgent({
+                worktree: root,
+                prompt: descriptor.prompt,
+                baseUrl,
+                model: model.model,
+                abortSignal: AbortSignal.timeout(modelTimeoutMs),
+                ...(options.turn !== undefined ? { turn: options.turn } : {}),
+                ...(options.apiKey !== undefined ? { apiKey: options.apiKey } : {}),
+                ...(options.maxSteps !== undefined ? { maxSteps: options.maxSteps } : {}),
+                ...(options.timeoutMs !== undefined ? { commandTimeoutMs: options.timeoutMs } : {}),
+                ...(traceId !== undefined ? { traceId, candidateId, parentSpanId: candidateSpan } : {})
+            });
+            const steps = result.steps;
+            const status = result.status === "failed" ? "failed" : "succeeded";
+            const verification = deriveVerification(steps);
+            const trajectory = {
+                trajectoryId: candidateId,
+                modelId: model.id,
+                model: model.model,
+                candidateId,
+                harnessKind: "generic",
+                status,
+                steps,
+                finalOutput: result.finalOutput,
+                ...(verification !== undefined ? { verification } : {})
+            };
+            const transcript = JSON.stringify(steps, null, 2);
+            const outputHash = artifactHash(transcript);
+            if (traceId !== undefined) {
+                emitTrace({
+                    component: "panel-model",
+                    event_type: "harness.candidate.finished",
+                    traceId,
+                    spanId: candidateSpan,
+                    candidateId,
+                    modelId: model.id,
+                    payload: {
+                        status,
+                        ...(options.turn !== undefined ? { turn: options.turn } : {}),
+                        tool_call_count: result.toolCallCount,
+                        finish_reason: result.finishReason,
+                        step_count: steps.length,
+                        final_output_preview: result.finalOutput.slice(0, 400),
+                        ...(verification !== undefined ? { verification_status: verification.status } : {})
+                    }
+                });
+                emitTrace({
+                    component: "panel-model",
+                    event_type: "tool.execution",
+                    traceId,
+                    spanId: candidateSpan,
+                    candidateId,
+                    modelId: model.id,
+                    payload: {
+                        execution_id: executionId,
+                        plan_id: planId,
+                        status,
+                        ...(options.turn !== undefined ? { turn: options.turn } : {}),
+                        output_hash: outputHash,
+                        tool_call_count: result.toolCallCount
+                    }
+                });
+            }
+            return {
+                candidateId,
+                model,
+                status,
+                ...(worktree ? { branchName: worktree.branchName, worktreePath: worktree.path } : {}),
+                transcript,
+                trajectory,
+                diff: "",
+                summary: result.finalOutput.slice(0, 280),
+                artifacts: [
+                    {
+                        artifact_id: `artifact_${descriptor.id}_${model.id}_agent_trajectory`,
+                        kind: "transcript",
+                        hash: outputHash,
+                        redaction_status: "synthetic"
+                    }
+                ],
+                toolRecords: [
+                    {
+                        execution_id: executionId,
+                        plan_id: planId,
+                        status,
+                        output_hash: outputHash
+                    }
+                ],
+                verification: verification !== undefined
+                    ? {
+                        status: verification.status,
+                        evidence: verification.evidence,
+                        ...(verification.exitCode !== undefined ? { exitCode: verification.exitCode } : {})
+                    }
+                    : { status, evidence: [`final_output_chars=${result.finalOutput.length}`, outputHash] },
+                metadata: {
+                    adapter: "agent",
+                    model_id: model.id,
+                    tool_call_count: result.toolCallCount,
+                    finish_reason: result.finishReason
+                }
+            };
+        },
+        collectArtifacts: () => []
+    };
+}

package/dist/artifacts.d.ts

@@ -0,0 +1,21 @@
+import type { ModelFusionArtifactKind } from "@fusionkit/protocol";
+import type { HarnessArtifact } from "./harness.js";
+export type ArtifactStore = {
+    root: string;
+    writeText(input: {
+        artifactId: string;
+        kind: ModelFusionArtifactKind;
+        content: string;
+        suffix?: string;
+    }): HarnessArtifact & {
+        path: string;
+    };
+    writeJson(input: {
+        artifactId: string;
+        kind: ModelFusionArtifactKind;
+        value: unknown;
+    }): HarnessArtifact & {
+        path: string;
+    };
+};
+export declare function createArtifactStore(root: string): ArtifactStore;

package/dist/artifacts.js

@@ -0,0 +1,36 @@
+import { mkdirSync, writeFileSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { pathToFileURL } from "node:url";
+import { artifactHash } from "@fusionkit/protocol";
+function safeFileName(value) {
+    return value.replace(/[^A-Za-z0-9_.:-]/g, "_");
+}
+export function createArtifactStore(root) {
+    const resolvedRoot = resolve(root);
+    mkdirSync(resolvedRoot, { recursive: true });
+    return {
+        root: resolvedRoot,
+        writeText(input) {
+            const hash = artifactHash(input.content);
+            const hashPart = hash.replace("sha256:", "");
+            const path = join(resolvedRoot, `${safeFileName(input.artifactId)}-${hashPart}${input.suffix ?? ".txt"}`);
+            writeFileSync(path, input.content);
+            return {
+                artifact_id: input.artifactId,
+                kind: input.kind,
+                hash,
+                uri: pathToFileURL(path).toString(),
+                redaction_status: "synthetic",
+                path
+            };
+        },
+        writeJson(input) {
+            return this.writeText({
+                artifactId: input.artifactId,
+                kind: input.kind,
+                content: JSON.stringify(input.value, null, 2) + "\n",
+                suffix: ".json"
+            });
+        }
+    };
+}

package/dist/claude-code.d.ts

@@ -0,0 +1,25 @@
+import type { NetworkPolicy } from "@fusionkit/protocol";
+import type { SessionBackend } from "@fusionkit/runner";
+import type { ClaudeCodeBindingOptions } from "@fusionkit/session-harness";
+import type { HarnessAdapter } from "./harness.js";
+export type ClaudeCodeHarnessEnv = Record<string, string | undefined>;
+export type ClaudeCodeHarnessOptions = ClaudeCodeBindingOptions & {
+    id?: string;
+    /** Defaults to `process.env`; tests can pass `{}` for deterministic skips. */
+    env?: ClaudeCodeHarnessEnv;
+    /** Already-released secret values forwarded through the session backend seam. */
+    secrets?: {
+        name: string;
+        value: string;
+    }[];
+    /** Test/extension seam. Defaults to `aiSdkHarnessBackend(...)`. */
+    backend?: SessionBackend;
+    pool?: string;
+    network?: NetworkPolicy;
+    timeoutMs?: number;
+    logMaxBytes?: number;
+    skipWhenUnavailable?: boolean;
+};
+export declare function claudeCodeHarnessCredentialSkipReason(env?: ClaudeCodeHarnessEnv, options?: ClaudeCodeHarnessOptions): string | undefined;
+export declare function createClaudeCodeHarness(options?: ClaudeCodeHarnessOptions): HarnessAdapter;
+export declare function claudeCodeHarness(options?: ClaudeCodeHarnessOptions): HarnessAdapter;

package/dist/claude-code.js

@@ -0,0 +1,398 @@
+import { artifactHash } from "@fusionkit/protocol";
+import { CapabilityMismatchError, prepareExecution } from "@fusionkit/runner";
+import { aiSdkHarnessBackend } from "@fusionkit/session-harness";
+const ZERO_HASH = "0".repeat(64);
+const ZERO_GIT_SHA = "0".repeat(40);
+const DEFAULT_POOL = "ensemble";
+const DEFAULT_RUNTIME = "node24";
+const DEFAULT_TIMEOUT_MS = 10 * 60 * 1000;
+const DEFAULT_LOG_MAX_BYTES = 256 * 1024;
+const DEFAULT_CLAUDE_NETWORK = {
+    defaultDeny: true,
+    allowHosts: ["registry.npmjs.org", "api.anthropic.com", "ai-gateway.vercel.sh"]
+};
+const AUTH_ENV_NAMES = [
+    "AI_GATEWAY_API_KEY",
+    "AI_GATEWAY_BASE_URL",
+    "ANTHROPIC_API_KEY",
+    "ANTHROPIC_AUTH_TOKEN",
+    "ANTHROPIC_BASE_URL"
+];
+function candidateId(input) {
+    return `${input.descriptor.id}_${input.model.id}_${input.ordinal}`;
+}
+function envValue(env, name) {
+    const value = env[name];
+    return value && value.length > 0 ? value : undefined;
+}
+function authEnvFrom(env) {
+    const authEnv = {};
+    for (const name of AUTH_ENV_NAMES) {
+        const value = envValue(env, name);
+        if (value !== undefined)
+            authEnv[name] = value;
+    }
+    return authEnv;
+}
+function credentialGate(env, options) {
+    const missing = [];
+    const hasProviderCredential = envValue(env, "AI_GATEWAY_API_KEY") ??
+        envValue(env, "ANTHROPIC_API_KEY") ??
+        envValue(env, "ANTHROPIC_AUTH_TOKEN");
+    const hasSandboxCredential = options.backend !== undefined ||
+        options.createSandboxProvider !== undefined ||
+        options.token !== undefined ||
+        envValue(env, "VERCEL_TOKEN") !== undefined;
+    if (!hasSandboxCredential)
+        missing.push("VERCEL_TOKEN");
+    if (!hasProviderCredential) {
+        missing.push("ANTHROPIC_API_KEY|ANTHROPIC_AUTH_TOKEN|AI_GATEWAY_API_KEY");
+    }
+    if (missing.length > 0) {
+        return {
+            available: false,
+            missing,
+            reason: "Claude Code harness skipped: missing Claude Code credential/env; set VERCEL_TOKEN and one of " +
+                "ANTHROPIC_API_KEY, ANTHROPIC_AUTH_TOKEN, or AI_GATEWAY_API_KEY."
+        };
+    }
+    return { available: true, authEnv: authEnvFrom(env) };
+}
+export function claudeCodeHarnessCredentialSkipReason(env = process.env, options = {}) {
+    const gate = credentialGate(env, options);
+    return gate.available ? undefined : gate.reason;
+}
+function backendFor(options, env) {
+    return (options.backend ??
+        aiSdkHarnessBackend({
+            ...(options.runtime !== undefined ? { runtime: options.runtime } : {}),
+            ...(options.bridgePort !== undefined ? { bridgePort: options.bridgePort } : {}),
+            token: options.token ?? envValue(env, "VERCEL_TOKEN"),
+            teamId: options.teamId ?? envValue(env, "VERCEL_TEAM_ID"),
+            projectId: options.projectId ?? envValue(env, "VERCEL_PROJECT_ID"),
+            ...(options.model !== undefined ? { model: options.model } : {}),
+            ...(options.maxTurns !== undefined ? { maxTurns: options.maxTurns } : {}),
+            ...(options.thinking !== undefined ? { thinking: options.thinking } : {}),
+            ...(options.startupTimeoutMs !== undefined
+                ? { startupTimeoutMs: options.startupTimeoutMs }
+                : {}),
+            ...(options.createHarness !== undefined ? { createHarness: options.createHarness } : {}),
+            ...(options.createSandboxProvider !== undefined
+                ? { createSandboxProvider: options.createSandboxProvider }
+                : {})
+        }));
+}
+function contractFor(input) {
+    const timeoutMs = input.options.timeoutMs ?? input.descriptor.policy.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    return {
+        version: "warrant.contract.v1",
+        runId: `ensemble_${input.candidateId}`,
+        issuedAt: new Date().toISOString(),
+        issuer: { keyId: "ensemble-claude-code", role: "plane" },
+        requestedBy: { kind: "service", id: "handoffkit-ensemble" },
+        agent: { kind: "claude-code" },
+        task: { prompt: input.descriptor.prompt },
+        runner: {
+            pool: input.options.pool ??
+                input.descriptor.runtime.environmentId ??
+                input.descriptor.runtime.id ??
+                DEFAULT_POOL
+        },
+        workspace: {
+            version: "warrant.manifest.v1",
+            baseRef: (input.repoBaseSha ?? input.descriptor.baseGitSha) || ZERO_GIT_SHA,
+            bundleHash: ZERO_HASH,
+            untrackedFiles: [],
+            deniedPatterns: [],
+            deniedPaths: []
+        },
+        policyHash: ZERO_HASH,
+        secrets: input.options.secrets?.map((secret) => ({ name: secret.name, scope: "ensemble" })) ?? [],
+        network: input.options.network ??
+            (input.descriptor.runtime.isolation?.networkPolicy
+                ? {
+                    defaultDeny: input.descriptor.runtime.isolation.networkPolicy.defaultDeny,
+                    allowHosts: [...input.descriptor.runtime.isolation.networkPolicy.allowHosts]
+                }
+                : DEFAULT_CLAUDE_NETWORK),
+        budget: {
+            ...(input.descriptor.policy.budgetUsd !== undefined
+                ? { maxSpendUsd: input.descriptor.policy.budgetUsd }
+                : {}),
+            maxDurationMin: Math.ceil(timeoutMs / 60_000)
+        },
+        disclosure: "minimal-context",
+        isolation: "vercel-sandbox",
+        execution: {
+            kind: "agent",
+            agent: { kind: "claude-code" },
+            prompt: input.descriptor.prompt,
+            timeoutMs,
+            env: { vars: input.gate.authEnv, egressProxy: false },
+            log: {
+                stdout: "capture",
+                stderr: "merge",
+                maxBytes: input.options.logMaxBytes ?? DEFAULT_LOG_MAX_BYTES
+            }
+        },
+        expiresAt: new Date(Date.now() + timeoutMs).toISOString(),
+        signatures: []
+    };
+}
+function hardeningFor(input) {
+    const networkPolicy = input.options.network ??
+        input.descriptor.runtime.isolation?.networkPolicy ??
+        DEFAULT_CLAUDE_NETWORK;
+    const mountPolicy = input.descriptor.runtime.isolation?.mountPolicy;
+    const secretPolicy = input.descriptor.runtime.isolation?.secretPolicy;
+    return {
+        requested_isolation: "microvm",
+        actual_isolation: input.finished ? "vercel-sandbox" : "process",
+        runtime: {
+            provider: "vercel-sandbox",
+            runtime: input.options.runtime ??
+                (input.descriptor.runtime.isolation?.kind === "microvm"
+                    ? input.descriptor.runtime.isolation.runtime
+                    : undefined) ??
+                DEFAULT_RUNTIME,
+            workdir: mountPolicy?.workdir ?? input.repoDir
+        },
+        mount_policy: {
+            worktree_writable: mountPolicy?.worktreeWritable ?? true,
+            read_only_caches: [...(mountPolicy?.readOnlyCachePaths ?? [])],
+            ignored_dirs: [...(mountPolicy?.ignoredDirs ?? [".git", "node_modules", ".warrant"])]
+        },
+        network_policy: {
+            default_deny: networkPolicy.defaultDeny,
+            allow_hosts: [...networkPolicy.allowHosts],
+            enforced: input.finished
+        },
+        cleanup: input.finished
+            ? { attempted: true, succeeded: true, status: "succeeded" }
+            : { attempted: false, succeeded: true, status: "not_required" },
+        secret_absence: {
+            secret_names: [
+                ...(secretPolicy?.secretNames ?? input.options.secrets?.map((secret) => secret.name) ?? [])
+            ],
+            secret_value_hashes: [...(secretPolicy?.secretValueHashes ?? [])],
+            injected_env_names: [...(secretPolicy?.injectedEnvNames ?? input.authEnvNames)],
+            scanned: false,
+            leaks_found: false,
+            scan_scope: [],
+            leak_count: 0
+        }
+    };
+}
+function skippedOutput(input) {
+    const evidenceHash = artifactHash(input.reason);
+    const repoDir = input.runInput.worktree?.path ?? input.runInput.descriptor.sourceRepo;
+    return {
+        candidateId: candidateId(input.runInput),
+        model: input.runInput.model,
+        status: "skipped",
+        ...(input.runInput.worktree
+            ? {
+                branchName: input.runInput.worktree.branchName,
+                worktreePath: input.runInput.worktree.path
+            }
+            : {}),
+        transcript: input.reason,
+        summary: input.reason,
+        error: {
+            kind: "capability_missing",
+            message: input.reason,
+            retryable: false
+        },
+        verification: {
+            status: "skipped",
+            evidence: [input.reason, evidenceHash],
+            exitCode: 0
+        },
+        metadata: {
+            adapter: "claude-code",
+            credential_gate: "skipped",
+            missing_credentials: [...input.missing],
+            hardening: hardeningFor({
+                descriptor: input.runInput.descriptor,
+                options: input.options,
+                repoDir,
+                authEnvNames: [],
+                finished: false
+            })
+        }
+    };
+}
+function failureOutput(input) {
+    const message = input.error instanceof Error ? input.error.message : String(input.error);
+    const errorHash = artifactHash(message);
+    const repoDir = input.runInput.worktree?.path ?? input.runInput.descriptor.sourceRepo;
+    return {
+        candidateId: candidateId(input.runInput),
+        model: input.runInput.model,
+        status: "failed",
+        ...(input.runInput.worktree
+            ? {
+                branchName: input.runInput.worktree.branchName,
+                worktreePath: input.runInput.worktree.path
+            }
+            : {}),
+        transcript: `Claude Code harness failed: ${message}`,
+        error: {
+            kind: "provider_error",
+            message,
+            retryable: true
+        },
+        verification: {
+            status: "failed",
+            evidence: [errorHash],
+            exitCode: 1
+        },
+        metadata: {
+            adapter: "claude-code",
+            credential_gate: "available",
+            event_count: 0,
+            auth_env_names: [...input.authEnvNames],
+            hardening: hardeningFor({
+                descriptor: input.runInput.descriptor,
+                options: input.options,
+                repoDir,
+                authEnvNames: input.authEnvNames,
+                finished: false
+            })
+        }
+    };
+}
+export function createClaudeCodeHarness(options = {}) {
+    const id = options.id ?? "claude-code";
+    const env = options.env ?? process.env;
+    const skipWhenUnavailable = options.skipWhenUnavailable ?? true;
+    return {
+        id,
+        harnessKind: "claude_code",
+        prepare: () => {
+            const gate = credentialGate(env, options);
+            if (!gate.available) {
+                if (skipWhenUnavailable)
+                    return { gate };
+                throw new CapabilityMismatchError(gate.reason);
+            }
+            return { gate, backend: backendFor(options, env) };
+        },
+        capabilities: () => {
+            const gate = credentialGate(env, options);
+            return {
+                workspace_read: gate.available ? "supported" : "degraded",
+                workspace_write: gate.available ? "supported" : "degraded",
+                apply_patch: gate.available ? "supported" : "degraded",
+                tool_records: "supported",
+                verification: gate.available ? "supported" : "degraded",
+                microvm_isolation: gate.available ? "supported" : "degraded",
+                credential_gate: gate.available ? "supported" : "degraded"
+            };
+        },
+        verificationProfile: () => ({
+            id: `${id}-verification`,
+            requiredEvidence: ["structured transcript", "exit code", "worktree diff or skip reason"]
+        }),
+        run: async (runInput) => {
+            const state = runInput.prepared;
+            if (!state.gate.available) {
+                return skippedOutput({
+                    runInput,
+                    reason: state.gate.reason,
+                    missing: state.gate.missing,
+                    options
+                });
+            }
+            const id = candidateId(runInput);
+            const repoDir = runInput.worktree?.path ?? runInput.descriptor.workspace ?? runInput.descriptor.sourceRepo;
+            const backend = state.backend ?? backendFor(options, env);
+            const contract = contractFor({
+                descriptor: runInput.descriptor,
+                candidateId: id,
+                options,
+                gate: state.gate,
+                ...(runInput.worktree ? { repoBaseSha: runInput.worktree.baseGitSha } : {})
+            });
+            const events = [];
+            const authEnvNames = Object.keys(state.gate.authEnv);
+            try {
+                const result = await backend.execute({
+                    contract,
+                    repoDir,
+                    secrets: options.secrets ?? [],
+                    execution: prepareExecution({ contract, mockScriptPath: "/tmp/mock-agent.js" }),
+                    emit: (event) => {
+                        events.push(event);
+                    }
+                });
+                const transcript = result.log.toString("utf8");
+                const outputHash = artifactHash(transcript);
+                const status = result.exitCode === 0 ? "succeeded" : "failed";
+                return {
+                    candidateId: id,
+                    model: runInput.model,
+                    status,
+                    ...(runInput.worktree
+                        ? {
+                            branchName: runInput.worktree.branchName,
+                            worktreePath: runInput.worktree.path
+                        }
+                        : {}),
+                    transcript,
+                    toolRecords: [
+                        {
+                            execution_id: `exec_${id}`,
+                            plan_id: `plan_${id}`,
+                            status,
+                            output_hash: outputHash
+                        }
+                    ],
+                    verification: {
+                        status,
+                        evidence: [`exit_code=${result.exitCode}`, outputHash],
+                        exitCode: result.exitCode
+                    },
+                    ...(status === "failed"
+                        ? {
+                            error: {
+                                kind: "provider_error",
+                                message: "Claude Code harness exited non-zero",
+                                retryable: true
+                            }
+                        }
+                        : {}),
+                    metadata: {
+                        adapter: "claude-code",
+                        backend_isolation: backend.isolation,
+                        credential_gate: "available",
+                        event_count: events.length,
+                        auth_env_names: authEnvNames,
+                        hardening: hardeningFor({
+                            descriptor: runInput.descriptor,
+                            options,
+                            repoDir,
+                            authEnvNames,
+                            finished: true
+                        })
+                    }
+                };
+            }
+            catch (error) {
+                if (skipWhenUnavailable && error instanceof CapabilityMismatchError) {
+                    return skippedOutput({
+                        runInput,
+                        reason: error.message,
+                        missing: ["capability_mismatch"],
+                        options
+                    });
+                }
+                return failureOutput({ runInput, error, options, authEnvNames });
+            }
+        },
+        collectArtifacts: () => []
+    };
+}
+export function claudeCodeHarness(options = {}) {
+    return createClaudeCodeHarness(options);
+}