@harness-engineering/cli 1.13.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/skills/claude-code/add-harness-component/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/align-documentation/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/check-mechanical-constraints/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/cleanup-dead-code/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/detect-doc-drift/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/enforce-architecture/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-accessibility/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-api-design/SKILL.md +304 -0
- package/dist/agents/skills/claude-code/harness-api-design/skill.yaml +74 -0
- package/dist/agents/skills/claude-code/harness-architecture-advisor/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-auth/SKILL.md +279 -0
- package/dist/agents/skills/claude-code/harness-auth/skill.yaml +81 -0
- package/dist/agents/skills/claude-code/harness-autopilot/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +39 -0
- package/dist/agents/skills/claude-code/harness-brainstorming/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-caching/SKILL.md +309 -0
- package/dist/agents/skills/claude-code/harness-caching/skill.yaml +73 -0
- package/dist/agents/skills/claude-code/harness-chaos/SKILL.md +295 -0
- package/dist/agents/skills/claude-code/harness-chaos/skill.yaml +72 -0
- package/dist/agents/skills/claude-code/harness-code-review/SKILL.md +44 -0
- package/dist/agents/skills/claude-code/harness-code-review/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-codebase-cleanup/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-compliance/SKILL.md +303 -0
- package/dist/agents/skills/claude-code/harness-compliance/skill.yaml +78 -0
- package/dist/agents/skills/claude-code/harness-containerization/SKILL.md +284 -0
- package/dist/agents/skills/claude-code/harness-containerization/skill.yaml +80 -0
- package/dist/agents/skills/claude-code/harness-data-pipeline/SKILL.md +274 -0
- package/dist/agents/skills/claude-code/harness-data-pipeline/skill.yaml +81 -0
- package/dist/agents/skills/claude-code/harness-data-validation/SKILL.md +343 -0
- package/dist/agents/skills/claude-code/harness-data-validation/skill.yaml +75 -0
- package/dist/agents/skills/claude-code/harness-database/SKILL.md +258 -0
- package/dist/agents/skills/claude-code/harness-database/skill.yaml +80 -0
- package/dist/agents/skills/claude-code/harness-debugging/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-dependency-health/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-deployment/SKILL.md +255 -0
- package/dist/agents/skills/claude-code/harness-deployment/skill.yaml +77 -0
- package/dist/agents/skills/claude-code/harness-design/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-design-mobile/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-design-system/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-design-web/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-diagnostics/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-docs-pipeline/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-dx/SKILL.md +276 -0
- package/dist/agents/skills/claude-code/harness-dx/skill.yaml +76 -0
- package/dist/agents/skills/claude-code/harness-e2e/SKILL.md +245 -0
- package/dist/agents/skills/claude-code/harness-e2e/skill.yaml +78 -0
- package/dist/agents/skills/claude-code/harness-event-driven/SKILL.md +280 -0
- package/dist/agents/skills/claude-code/harness-event-driven/skill.yaml +77 -0
- package/dist/agents/skills/claude-code/harness-execution/SKILL.md +44 -0
- package/dist/agents/skills/claude-code/harness-execution/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-feature-flags/SKILL.md +287 -0
- package/dist/agents/skills/claude-code/harness-feature-flags/skill.yaml +74 -0
- package/dist/agents/skills/claude-code/harness-git-workflow/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-hotspot-detector/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-i18n/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-i18n-process/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-i18n-workflow/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-impact-analysis/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-incident-response/SKILL.md +223 -0
- package/dist/agents/skills/claude-code/harness-incident-response/skill.yaml +78 -0
- package/dist/agents/skills/claude-code/harness-infrastructure-as-code/SKILL.md +279 -0
- package/dist/agents/skills/claude-code/harness-infrastructure-as-code/skill.yaml +80 -0
- package/dist/agents/skills/claude-code/harness-integration-test/SKILL.md +271 -0
- package/dist/agents/skills/claude-code/harness-integration-test/skill.yaml +73 -0
- package/dist/agents/skills/claude-code/harness-integrity/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-knowledge-mapper/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-load-testing/SKILL.md +274 -0
- package/dist/agents/skills/claude-code/harness-load-testing/skill.yaml +79 -0
- package/dist/agents/skills/claude-code/harness-ml-ops/SKILL.md +341 -0
- package/dist/agents/skills/claude-code/harness-ml-ops/skill.yaml +79 -0
- package/dist/agents/skills/claude-code/harness-mobile-patterns/SKILL.md +326 -0
- package/dist/agents/skills/claude-code/harness-mobile-patterns/skill.yaml +82 -0
- package/dist/agents/skills/claude-code/harness-mutation-test/SKILL.md +251 -0
- package/dist/agents/skills/claude-code/harness-mutation-test/skill.yaml +70 -0
- package/dist/agents/skills/claude-code/harness-observability/SKILL.md +283 -0
- package/dist/agents/skills/claude-code/harness-observability/skill.yaml +78 -0
- package/dist/agents/skills/claude-code/harness-onboarding/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-parallel-agents/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-perf/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-perf-tdd/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-planning/SKILL.md +39 -0
- package/dist/agents/skills/claude-code/harness-planning/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-pre-commit-review/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-product-spec/SKILL.md +285 -0
- package/dist/agents/skills/claude-code/harness-product-spec/skill.yaml +72 -0
- package/dist/agents/skills/claude-code/harness-property-test/SKILL.md +281 -0
- package/dist/agents/skills/claude-code/harness-property-test/skill.yaml +71 -0
- package/dist/agents/skills/claude-code/harness-refactoring/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-release-readiness/SKILL.md +3 -3
- package/dist/agents/skills/claude-code/harness-release-readiness/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-resilience/SKILL.md +255 -0
- package/dist/agents/skills/claude-code/harness-resilience/skill.yaml +76 -0
- package/dist/agents/skills/claude-code/harness-roadmap/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-secrets/SKILL.md +293 -0
- package/dist/agents/skills/claude-code/harness-secrets/skill.yaml +76 -0
- package/dist/agents/skills/claude-code/harness-security-review/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-security-scan/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-skill-authoring/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-soundness-review/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-sql-review/SKILL.md +315 -0
- package/dist/agents/skills/claude-code/harness-sql-review/skill.yaml +74 -0
- package/dist/agents/skills/claude-code/harness-state-management/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-tdd/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-test-advisor/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-test-data/SKILL.md +268 -0
- package/dist/agents/skills/claude-code/harness-test-data/skill.yaml +74 -0
- package/dist/agents/skills/claude-code/harness-ux-copy/SKILL.md +271 -0
- package/dist/agents/skills/claude-code/harness-ux-copy/skill.yaml +77 -0
- package/dist/agents/skills/claude-code/harness-verification/SKILL.md +35 -0
- package/dist/agents/skills/claude-code/harness-verification/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-verify/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/harness-visual-regression/SKILL.md +257 -0
- package/dist/agents/skills/claude-code/harness-visual-regression/skill.yaml +74 -0
- package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +11 -3
- package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/validate-context-engineering/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/add-harness-component/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/align-documentation/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/check-mechanical-constraints/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/cleanup-dead-code/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/detect-doc-drift/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/enforce-architecture/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-accessibility/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-api-design/SKILL.md +304 -0
- package/dist/agents/skills/gemini-cli/harness-api-design/skill.yaml +74 -0
- package/dist/agents/skills/gemini-cli/harness-architecture-advisor/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-auth/SKILL.md +279 -0
- package/dist/agents/skills/gemini-cli/harness-auth/skill.yaml +81 -0
- package/dist/agents/skills/gemini-cli/harness-autopilot/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +39 -0
- package/dist/agents/skills/gemini-cli/harness-brainstorming/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-caching/SKILL.md +309 -0
- package/dist/agents/skills/gemini-cli/harness-caching/skill.yaml +73 -0
- package/dist/agents/skills/gemini-cli/harness-chaos/SKILL.md +295 -0
- package/dist/agents/skills/gemini-cli/harness-chaos/skill.yaml +72 -0
- package/dist/agents/skills/gemini-cli/harness-code-review/SKILL.md +44 -0
- package/dist/agents/skills/gemini-cli/harness-code-review/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-codebase-cleanup/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-compliance/SKILL.md +303 -0
- package/dist/agents/skills/gemini-cli/harness-compliance/skill.yaml +78 -0
- package/dist/agents/skills/gemini-cli/harness-containerization/SKILL.md +284 -0
- package/dist/agents/skills/gemini-cli/harness-containerization/skill.yaml +80 -0
- package/dist/agents/skills/gemini-cli/harness-data-pipeline/SKILL.md +274 -0
- package/dist/agents/skills/gemini-cli/harness-data-pipeline/skill.yaml +81 -0
- package/dist/agents/skills/gemini-cli/harness-data-validation/SKILL.md +343 -0
- package/dist/agents/skills/gemini-cli/harness-data-validation/skill.yaml +75 -0
- package/dist/agents/skills/gemini-cli/harness-database/SKILL.md +258 -0
- package/dist/agents/skills/gemini-cli/harness-database/skill.yaml +80 -0
- package/dist/agents/skills/gemini-cli/harness-debugging/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-dependency-health/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-deployment/SKILL.md +255 -0
- package/dist/agents/skills/gemini-cli/harness-deployment/skill.yaml +77 -0
- package/dist/agents/skills/gemini-cli/harness-design/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-design-mobile/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-design-system/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-design-web/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-diagnostics/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-docs-pipeline/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-dx/SKILL.md +276 -0
- package/dist/agents/skills/gemini-cli/harness-dx/skill.yaml +76 -0
- package/dist/agents/skills/gemini-cli/harness-e2e/SKILL.md +245 -0
- package/dist/agents/skills/gemini-cli/harness-e2e/skill.yaml +78 -0
- package/dist/agents/skills/gemini-cli/harness-event-driven/SKILL.md +280 -0
- package/dist/agents/skills/gemini-cli/harness-event-driven/skill.yaml +77 -0
- package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +44 -0
- package/dist/agents/skills/gemini-cli/harness-execution/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-feature-flags/SKILL.md +287 -0
- package/dist/agents/skills/gemini-cli/harness-feature-flags/skill.yaml +74 -0
- package/dist/agents/skills/gemini-cli/harness-git-workflow/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-hotspot-detector/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-i18n/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-i18n-process/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-i18n-workflow/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-impact-analysis/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-incident-response/SKILL.md +223 -0
- package/dist/agents/skills/gemini-cli/harness-incident-response/skill.yaml +78 -0
- package/dist/agents/skills/gemini-cli/harness-infrastructure-as-code/SKILL.md +279 -0
- package/dist/agents/skills/gemini-cli/harness-infrastructure-as-code/skill.yaml +80 -0
- package/dist/agents/skills/gemini-cli/harness-integration-test/SKILL.md +271 -0
- package/dist/agents/skills/gemini-cli/harness-integration-test/skill.yaml +73 -0
- package/dist/agents/skills/gemini-cli/harness-integrity/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-knowledge-mapper/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-load-testing/SKILL.md +274 -0
- package/dist/agents/skills/gemini-cli/harness-load-testing/skill.yaml +79 -0
- package/dist/agents/skills/gemini-cli/harness-ml-ops/SKILL.md +341 -0
- package/dist/agents/skills/gemini-cli/harness-ml-ops/skill.yaml +79 -0
- package/dist/agents/skills/gemini-cli/harness-mobile-patterns/SKILL.md +326 -0
- package/dist/agents/skills/gemini-cli/harness-mobile-patterns/skill.yaml +82 -0
- package/dist/agents/skills/gemini-cli/harness-mutation-test/SKILL.md +251 -0
- package/dist/agents/skills/gemini-cli/harness-mutation-test/skill.yaml +70 -0
- package/dist/agents/skills/gemini-cli/harness-observability/SKILL.md +283 -0
- package/dist/agents/skills/gemini-cli/harness-observability/skill.yaml +78 -0
- package/dist/agents/skills/gemini-cli/harness-onboarding/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-parallel-agents/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-perf/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-perf-tdd/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +39 -0
- package/dist/agents/skills/gemini-cli/harness-planning/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-pre-commit-review/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-product-spec/SKILL.md +285 -0
- package/dist/agents/skills/gemini-cli/harness-product-spec/skill.yaml +72 -0
- package/dist/agents/skills/gemini-cli/harness-property-test/SKILL.md +281 -0
- package/dist/agents/skills/gemini-cli/harness-property-test/skill.yaml +71 -0
- package/dist/agents/skills/gemini-cli/harness-refactoring/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-release-readiness/SKILL.md +3 -3
- package/dist/agents/skills/gemini-cli/harness-release-readiness/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-resilience/SKILL.md +255 -0
- package/dist/agents/skills/gemini-cli/harness-resilience/skill.yaml +76 -0
- package/dist/agents/skills/gemini-cli/harness-roadmap/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-secrets/SKILL.md +293 -0
- package/dist/agents/skills/gemini-cli/harness-secrets/skill.yaml +76 -0
- package/dist/agents/skills/gemini-cli/harness-security-review/SKILL.md +240 -0
- package/dist/agents/skills/gemini-cli/harness-security-review/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-security-scan/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-skill-authoring/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-soundness-review/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-sql-review/SKILL.md +315 -0
- package/dist/agents/skills/gemini-cli/harness-sql-review/skill.yaml +74 -0
- package/dist/agents/skills/gemini-cli/harness-state-management/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-tdd/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-test-advisor/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-test-data/SKILL.md +268 -0
- package/dist/agents/skills/gemini-cli/harness-test-data/skill.yaml +74 -0
- package/dist/agents/skills/gemini-cli/harness-ux-copy/SKILL.md +271 -0
- package/dist/agents/skills/gemini-cli/harness-ux-copy/skill.yaml +77 -0
- package/dist/agents/skills/gemini-cli/harness-verification/SKILL.md +35 -0
- package/dist/agents/skills/gemini-cli/harness-verification/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-verify/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/harness-visual-regression/SKILL.md +257 -0
- package/dist/agents/skills/gemini-cli/harness-visual-regression/skill.yaml +74 -0
- package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +11 -3
- package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/validate-context-engineering/skill.yaml +1 -0
- package/dist/agents-md-YTYQDA3P.js +8 -0
- package/dist/{architecture-ESOOE26S.js → architecture-JQZYM4US.js} +4 -4
- package/dist/bin/harness-mcp.js +16 -15
- package/dist/bin/harness.js +31 -30
- package/dist/{check-phase-gate-S2MZKLFQ.js → check-phase-gate-L3RADYWO.js} +4 -3
- package/dist/{chunk-WPPDRIJL.js → chunk-3C2MLBPJ.js} +4 -4
- package/dist/chunk-6KTUUFRN.js +217 -0
- package/dist/{chunk-MI5XJQDY.js → chunk-7IP4JIFL.js} +24 -10
- package/dist/{chunk-C2ERUR3L.js → chunk-7MJAPE3Z.js} +165 -49
- package/dist/{chunk-KELT6K6M.js → chunk-ABQHQ6I5.js} +1861 -1418
- package/dist/{chunk-L2KLU56K.js → chunk-AOZRDOIP.js} +2 -2
- package/dist/{chunk-QPEH2QPG.js → chunk-DBSOCI3G.js} +53 -54
- package/dist/{chunk-MHBMTPW7.js → chunk-ERS5EVUZ.js} +9 -0
- package/dist/{chunk-JSTQ3AWB.js → chunk-FIAPHX37.js} +1 -1
- package/dist/{chunk-2YPZKGAG.js → chunk-FTMXDOR6.js} +1 -1
- package/dist/{chunk-72GHBOL2.js → chunk-GZKSBLQL.js} +1 -1
- package/dist/{chunk-K6XAPGML.js → chunk-H7Y5CKTM.js} +1 -1
- package/dist/{chunk-HD4IBGLA.js → chunk-N5G5QMS3.js} +24 -1
- package/dist/{chunk-LD3DKUK5.js → chunk-NLVUVUGD.js} +1 -1
- package/dist/{chunk-3KOLLWWE.js → chunk-O5OJVPL6.js} +26 -211
- package/dist/{chunk-NKDM3FMH.js → chunk-OD3S2NHN.js} +1 -1
- package/dist/{chunk-5VY23YK3.js → chunk-OSXBPAMK.js} +2 -2
- package/dist/{chunk-MACVXDZK.js → chunk-OXLLOSSR.js} +45 -47
- package/dist/{chunk-GNGELAXY.js → chunk-RCWZBSK5.js} +2 -2
- package/dist/{chunk-PSNN4LWX.js → chunk-S2FXOWOR.js} +3 -3
- package/dist/{chunk-VUCPTQ6G.js → chunk-SD3SQOZ2.js} +1 -1
- package/dist/{chunk-7PZWR4LI.js → chunk-TPOTOBR7.js} +9 -9
- package/dist/{chunk-RZSUJBZZ.js → chunk-XKECDXJS.js} +452 -353
- package/dist/{chunk-VRFZWGMS.js → chunk-XYLGHKG6.js} +5 -1
- package/dist/{chunk-6N4R6FVX.js → chunk-YBJ262QL.js} +1 -1
- package/dist/{chunk-2VU4MFM3.js → chunk-YPYGXRDR.js} +7 -7
- package/dist/{chunk-Q6AB7W5Z.js → chunk-YQ6KC6TE.js} +1 -1
- package/dist/{chunk-7KQSUZVG.js → chunk-YZD2MRNQ.js} +1528 -1010
- package/dist/ci-workflow-EQZFVX3P.js +8 -0
- package/dist/{create-skill-WPXHSLX2.js → create-skill-XSWHMSM5.js} +2 -2
- package/dist/{dist-M6BQODWC.js → dist-B26DFXMP.js} +573 -480
- package/dist/{dist-L7LAAQAS.js → dist-DZ63LLUD.js} +1 -1
- package/dist/{dist-WF4C7A4A.js → dist-HWXF2C3R.js} +18 -2
- package/dist/{dist-D4RYGUZE.js → dist-USY2C5JL.js} +3 -1
- package/dist/{docs-BPYCN2DR.js → docs-7ECGYMAV.js} +5 -3
- package/dist/engine-EG4EH4IX.js +8 -0
- package/dist/{entropy-4VDVV5CR.js → entropy-5USWKLVS.js} +3 -3
- package/dist/{feedback-63QB5RCA.js → feedback-UTBXZZHF.js} +1 -1
- package/dist/{generate-agent-definitions-QABOJG56.js → generate-agent-definitions-3PM5EU7V.js} +5 -5
- package/dist/{glob-helper-5OHBUQAI.js → glob-helper-R5FXNUPS.js} +1 -1
- package/dist/{graph-loader-KO4GJ5N2.js → graph-loader-2M2HXDQI.js} +1 -1
- package/dist/index.d.ts +183 -17
- package/dist/index.js +32 -30
- package/dist/loader-ZPALXIVR.js +10 -0
- package/dist/mcp-362EZHF4.js +35 -0
- package/dist/{performance-26BH47O4.js → performance-OQAFMJUD.js} +3 -3
- package/dist/{review-pipeline-GHR3WFBI.js → review-pipeline-C4GCFVGP.js} +1 -1
- package/dist/runtime-7YLVK453.js +9 -0
- package/dist/{security-UQFUZXEN.js → security-PZOX7AQS.js} +1 -1
- package/dist/skill-executor-XZLYZYAK.js +8 -0
- package/dist/templates/axum/Cargo.toml.hbs +8 -0
- package/dist/templates/axum/src/main.rs +12 -0
- package/dist/templates/axum/template.json +16 -0
- package/dist/templates/django/manage.py.hbs +19 -0
- package/dist/templates/django/requirements.txt.hbs +1 -0
- package/dist/templates/django/src/settings.py.hbs +44 -0
- package/dist/templates/django/src/urls.py +6 -0
- package/dist/templates/django/src/wsgi.py.hbs +9 -0
- package/dist/templates/django/template.json +21 -0
- package/dist/templates/express/package.json.hbs +15 -0
- package/dist/templates/express/src/app.ts +12 -0
- package/dist/templates/express/src/lib/.gitkeep +0 -0
- package/dist/templates/express/template.json +16 -0
- package/dist/templates/fastapi/requirements.txt.hbs +2 -0
- package/dist/templates/fastapi/src/main.py +8 -0
- package/dist/templates/fastapi/template.json +20 -0
- package/dist/templates/gin/go.mod.hbs +5 -0
- package/dist/templates/gin/main.go +15 -0
- package/dist/templates/gin/template.json +19 -0
- package/dist/templates/go-base/.golangci.yml +16 -0
- package/dist/templates/go-base/AGENTS.md.hbs +35 -0
- package/dist/templates/go-base/go.mod.hbs +3 -0
- package/dist/templates/go-base/harness.config.json.hbs +17 -0
- package/dist/templates/go-base/main.go +7 -0
- package/dist/templates/go-base/template.json +14 -0
- package/dist/templates/java-base/AGENTS.md.hbs +35 -0
- package/dist/templates/java-base/checkstyle.xml +20 -0
- package/dist/templates/java-base/harness.config.json.hbs +16 -0
- package/dist/templates/java-base/pom.xml.hbs +39 -0
- package/dist/templates/java-base/src/main/java/App.java.hbs +5 -0
- package/dist/templates/java-base/template.json +13 -0
- package/dist/templates/nestjs/nest-cli.json +5 -0
- package/dist/templates/nestjs/package.json.hbs +18 -0
- package/dist/templates/nestjs/src/app.module.ts +8 -0
- package/dist/templates/nestjs/src/lib/.gitkeep +0 -0
- package/dist/templates/nestjs/src/main.ts +11 -0
- package/dist/templates/nestjs/template.json +16 -0
- package/dist/templates/nextjs/template.json +15 -1
- package/dist/templates/python-base/.python-version +1 -0
- package/dist/templates/python-base/AGENTS.md.hbs +32 -0
- package/dist/templates/python-base/harness.config.json.hbs +16 -0
- package/dist/templates/python-base/pyproject.toml.hbs +18 -0
- package/dist/templates/python-base/ruff.toml +5 -0
- package/dist/templates/python-base/src/__init__.py +0 -0
- package/dist/templates/python-base/template.json +13 -0
- package/dist/templates/react-vite/index.html +12 -0
- package/dist/templates/react-vite/package.json.hbs +18 -0
- package/dist/templates/react-vite/src/App.tsx +7 -0
- package/dist/templates/react-vite/src/lib/.gitkeep +0 -0
- package/dist/templates/react-vite/src/main.tsx +9 -0
- package/dist/templates/react-vite/template.json +19 -0
- package/dist/templates/react-vite/vite.config.ts +6 -0
- package/dist/templates/rust-base/AGENTS.md.hbs +35 -0
- package/dist/templates/rust-base/Cargo.toml.hbs +6 -0
- package/dist/templates/rust-base/clippy.toml +2 -0
- package/dist/templates/rust-base/harness.config.json.hbs +17 -0
- package/dist/templates/rust-base/src/main.rs +3 -0
- package/dist/templates/rust-base/template.json +14 -0
- package/dist/templates/spring-boot/pom.xml.hbs +50 -0
- package/dist/templates/spring-boot/src/main/java/Application.java.hbs +19 -0
- package/dist/templates/spring-boot/template.json +15 -0
- package/dist/templates/vue/index.html +12 -0
- package/dist/templates/vue/package.json.hbs +16 -0
- package/dist/templates/vue/src/App.vue +7 -0
- package/dist/templates/vue/src/lib/.gitkeep +0 -0
- package/dist/templates/vue/src/main.ts +4 -0
- package/dist/templates/vue/template.json +19 -0
- package/dist/templates/vue/vite.config.ts +6 -0
- package/dist/{validate-N7QJOKFZ.js → validate-FD3Z6VJD.js} +4 -4
- package/dist/validate-cross-check-WNJM6H2D.js +8 -0
- package/package.json +6 -6
- package/dist/agents-md-P2RHSUV7.js +0 -8
- package/dist/ci-workflow-4NYBUG6R.js +0 -8
- package/dist/engine-LXLIWQQ3.js +0 -8
- package/dist/loader-Z2IT7QX3.js +0 -10
- package/dist/mcp-KQHEL5IF.js +0 -34
- package/dist/runtime-PDWD7UIK.js +0 -9
- package/dist/skill-executor-RG45LUO5.js +0 -8
- package/dist/validate-cross-check-EDQ5QGTM.js +0 -8
|
@@ -0,0 +1,343 @@
|
|
|
1
|
+
# Harness Data Validation
|
|
2
|
+
|
|
3
|
+
> Meticulous verifier for schema validation, data contracts, and pipeline data quality. Detects validation libraries, audits trust boundaries for unvalidated inputs, enforces runtime validation schemas, and verifies type-runtime alignment.
|
|
4
|
+
|
|
5
|
+
## When to Use
|
|
6
|
+
|
|
7
|
+
- When adding runtime validation to API inputs, form data, or configuration
|
|
8
|
+
- When reviewing a PR that modifies data schemas or validation logic
|
|
9
|
+
- When establishing data contracts between services or between frontend and backend
|
|
10
|
+
- When auditing an existing codebase for unvalidated trust boundary crossings
|
|
11
|
+
- When migrating between validation libraries (e.g., Joi to Zod, Yup to Valibot)
|
|
12
|
+
- When ensuring TypeScript types match runtime validation schemas
|
|
13
|
+
- NOT for database schema validation (use harness-database for DDL constraints and migration checks)
|
|
14
|
+
- NOT for API schema design (use harness-api-design for OpenAPI/GraphQL schema authoring)
|
|
15
|
+
- NOT for security input sanitization (use harness-security-review for injection and XSS analysis)
|
|
16
|
+
- NOT for test data generation (use harness-test-data for fixtures and factories)
|
|
17
|
+
|
|
18
|
+
## Process
|
|
19
|
+
|
|
20
|
+
### Phase 1: DETECT -- Identify Validation Libraries and Trust Boundaries
|
|
21
|
+
|
|
22
|
+
1. **Detect validation libraries.** Scan for imports: `zod` for Zod, `yup` for Yup, `joi` for Joi, `@sinclair/typebox` for TypeBox, `valibot` for Valibot, `ajv` for JSON Schema validation, `class-validator` for TypeORM/NestJS decorators, `io-ts` for functional validation. Record the library, version, and usage count.
|
|
23
|
+
|
|
24
|
+
2. **Map trust boundaries.** Identify every point where external data enters the application:
|
|
25
|
+
- **API inputs:** Request body, query parameters, path parameters, headers
|
|
26
|
+
- **File uploads:** Uploaded file content, metadata, MIME type
|
|
27
|
+
- **Environment variables:** Configuration loaded at startup
|
|
28
|
+
- **External API responses:** Data received from third-party services
|
|
29
|
+
- **Message queue payloads:** Events consumed from Kafka, RabbitMQ, SQS
|
|
30
|
+
- **User-generated content:** Form inputs, comments, rich text
|
|
31
|
+
|
|
32
|
+
3. **Map existing validation.** For each trust boundary, check whether validation exists. Scan for validation middleware (Express: `celebrate`, `zod-express-middleware`; NestJS: `ValidationPipe`; Fastify: `ajv` schema). Record which boundaries are validated and which are not.
|
|
33
|
+
|
|
34
|
+
4. **Detect type-runtime alignment.** WHERE TypeScript types are defined alongside Zod schemas, THEN check that `z.infer<typeof schema>` is used to derive the type. WHERE types and schemas are defined separately, THEN flag the potential drift: a type change without a schema change (or vice versa) creates a silent contract violation.
|
|
35
|
+
|
|
36
|
+
5. **Identify validation gaps.** Produce a gap report: list every trust boundary with its validation status (validated, partially validated, unvalidated). Prioritize gaps by risk: API inputs and message payloads are high risk, environment variables are medium risk, internal function parameters are low risk.
|
|
37
|
+
|
|
38
|
+
### Phase 2: AUDIT -- Find Unvalidated Inputs and Schema Mismatches
|
|
39
|
+
|
|
40
|
+
1. **Trace unvalidated API inputs.** For each API route handler, trace the request data from the handler parameter to its first usage. WHERE `req.body`, `req.query`, or `req.params` is accessed without prior validation (no middleware, no `.parse()`, no `.validate()`), THEN flag it with the file, line, and the specific property accessed.
|
|
41
|
+
|
|
42
|
+
2. **Check for partial validation.** WHERE a validation schema exists but does not cover all fields used by the handler, THEN flag the gap. Example: schema validates `{ name: string }` but the handler also accesses `req.body.email` which is not in the schema. This is worse than no validation because it creates false confidence.
|
|
43
|
+
|
|
44
|
+
3. **Detect type assertion abuse.** Scan for `as` casts on external data: `req.body as CreateUserInput`, `response.data as Product[]`, `JSON.parse(raw) as Config`. Each type assertion is a trust boundary violation -- it tells TypeScript "trust me" without runtime verification. Flag every instance with file and line.
|
|
45
|
+
|
|
46
|
+
4. **Audit environment variable access.** Scan for `process.env.` usage. WHERE environment variables are accessed without validation (no Zod `.parse()`, no `envalid`, no custom validation), THEN flag it. Missing environment variables at runtime cause cryptic errors. Recommend a validated config module that fails fast at startup.
|
|
47
|
+
|
|
48
|
+
5. **Check error message quality.** For each validation schema, verify that validation errors include: which field failed, what the expected type or format was, and what the actual value was (without leaking sensitive data). WHERE validation errors return generic messages like "Invalid input," THEN flag the poor developer experience.
|
|
49
|
+
|
|
50
|
+
### Phase 3: ENFORCE -- Generate or Fix Validation Schemas
|
|
51
|
+
|
|
52
|
+
1. **Generate schemas for unvalidated boundaries.** For each high-risk unvalidated trust boundary identified in phase 2, generate a validation schema in the project's chosen library. WHERE the project uses Zod, THEN generate Zod schemas. WHERE no library is established, THEN recommend Zod for TypeScript projects (best type inference) or Joi for JavaScript projects (most mature).
|
|
53
|
+
|
|
54
|
+
2. **Wire validation into the request pipeline.** Generate middleware or decorators that validate before the handler executes:
|
|
55
|
+
- **Express + Zod:** Create a `validate` middleware that calls `schema.parse(req.body)` and returns 400 with structured errors on failure.
|
|
56
|
+
- **NestJS + class-validator:** Add `@IsString()`, `@IsEmail()`, `@IsNotEmpty()` decorators to DTO classes and enable `ValidationPipe`.
|
|
57
|
+
- **Fastify + JSON Schema:** Add the schema to the route definition for automatic validation.
|
|
58
|
+
|
|
59
|
+
3. **Align types with schemas.** WHERE TypeScript types are defined separately from validation schemas, THEN refactor to derive types from schemas: `type CreateUserInput = z.infer<typeof createUserSchema>`. This guarantees types and runtime validation can never drift. Remove the standalone type definition.
|
|
60
|
+
|
|
61
|
+
4. **Add environment variable validation.** Generate a config validation module that runs at startup:
|
|
62
|
+
|
|
63
|
+
```typescript
|
|
64
|
+
// src/config.ts
|
|
65
|
+
import { z } from 'zod';
|
|
66
|
+
|
|
67
|
+
const envSchema = z.object({
|
|
68
|
+
DATABASE_URL: z.string().url(),
|
|
69
|
+
REDIS_URL: z.string().url(),
|
|
70
|
+
JWT_SECRET: z.string().min(32),
|
|
71
|
+
NODE_ENV: z.enum(['development', 'test', 'production']),
|
|
72
|
+
PORT: z.coerce.number().default(3000),
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
export const config = envSchema.parse(process.env);
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
5. **Add custom error formatting.** WHERE the project returns raw validation errors to clients, THEN wrap them in a structured error response that follows the project's error format (e.g., RFC 7807). Strip internal details (stack traces, internal field names) while preserving actionable information (which field, what constraint).
|
|
79
|
+
|
|
80
|
+
### Phase 4: VERIFY -- Confirm Boundary Coverage and Type Alignment
|
|
81
|
+
|
|
82
|
+
1. **Recount trust boundary coverage.** Re-run the gap analysis from phase 1. Confirm that every high-risk boundary now has validation. Produce a coverage summary: `N/M trust boundaries validated (X% coverage)`. The target is 100% for API inputs and message payloads, 90%+ for all boundaries.
|
|
83
|
+
|
|
84
|
+
2. **Verify type-runtime alignment.** For every validation schema, verify that the TypeScript type is derived from the schema (not defined separately). Run `tsc --noEmit` to confirm no type errors. WHERE a type is still defined independently of its schema, THEN flag it as a remaining drift risk.
|
|
85
|
+
|
|
86
|
+
3. **Test validation rejects bad input.** For each new schema, verify that it correctly rejects: missing required fields, wrong types (string where number expected), values outside constraints (negative numbers, empty strings, too-long strings), and unexpected extra fields (if strict mode is appropriate). This can be verified by reviewing test coverage or by running existing tests.
|
|
87
|
+
|
|
88
|
+
4. **Verify error responses.** Send a malformed request to each validated endpoint (or trace the code path). Verify: the response status is 400 (not 500), the error body identifies which field failed and why, no internal details are leaked (no stack trace, no database column names), and the error format matches the project's convention.
|
|
89
|
+
|
|
90
|
+
5. **Check for validation performance.** WHERE a schema validates large payloads (>100 fields or nested arrays), THEN check that validation does not become a bottleneck. Zod and Joi parse synchronously -- a complex schema on a large payload can block the event loop. WHERE performance is a concern, THEN recommend Valibot (smaller bundle) or precompiled AJV (fastest runtime).
|
|
91
|
+
|
|
92
|
+
## Harness Integration
|
|
93
|
+
|
|
94
|
+
- **`harness validate`** -- Run after adding validation schemas to confirm project health
|
|
95
|
+
- **`harness scan`** -- Refresh the knowledge graph after adding schema files
|
|
96
|
+
- **`query_graph`** -- Trace which routes use which validation schemas
|
|
97
|
+
- **`get_impact`** -- Understand blast radius when modifying a shared validation schema
|
|
98
|
+
|
|
99
|
+
## Success Criteria
|
|
100
|
+
|
|
101
|
+
- Validation library was correctly detected or recommended
|
|
102
|
+
- All trust boundaries were identified and classified by risk level
|
|
103
|
+
- Every high-risk boundary (API inputs, message payloads) has runtime validation
|
|
104
|
+
- TypeScript types are derived from validation schemas, not defined separately
|
|
105
|
+
- Environment variables are validated at startup with fail-fast behavior
|
|
106
|
+
- Type assertions (`as`) on external data are replaced with runtime validation
|
|
107
|
+
- Validation errors return structured 400 responses with field-level detail
|
|
108
|
+
- No sensitive data is leaked in validation error messages
|
|
109
|
+
- Coverage summary shows 100% for API inputs and 90%+ overall
|
|
110
|
+
|
|
111
|
+
## Examples
|
|
112
|
+
|
|
113
|
+
### Example: Zod Validation for Express API
|
|
114
|
+
|
|
115
|
+
**Input:** "Add request validation to our Express API routes."
|
|
116
|
+
|
|
117
|
+
**Phase 1 -- DETECT:**
|
|
118
|
+
|
|
119
|
+
```
|
|
120
|
+
Library: Zod 3.x (already in package.json, used in 2 of 14 routes)
|
|
121
|
+
Framework: Express 4.x with TypeScript
|
|
122
|
+
Trust boundaries:
|
|
123
|
+
- API inputs: 14 routes, 2 validated (14% coverage)
|
|
124
|
+
- External API: 3 calls to Stripe API, 0 validated
|
|
125
|
+
- Environment: 8 env vars accessed, 0 validated
|
|
126
|
+
- Message queue: N/A
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
**Phase 2 -- AUDIT:**
|
|
130
|
+
|
|
131
|
+
```
|
|
132
|
+
Unvalidated API inputs:
|
|
133
|
+
HIGH src/routes/users.ts:23 -- POST /users: req.body accessed without validation
|
|
134
|
+
HIGH src/routes/users.ts:45 -- PATCH /users/:id: req.body.email used without validation
|
|
135
|
+
HIGH src/routes/orders.ts:12 -- POST /orders: req.body.items array not validated
|
|
136
|
+
HIGH src/routes/orders.ts:56 -- POST /orders/:id/refund: req.body.amount not validated
|
|
137
|
+
|
|
138
|
+
Type assertions:
|
|
139
|
+
WARN src/services/stripe.ts:34 -- response.data as StripeCharge (no runtime check)
|
|
140
|
+
WARN src/routes/users.ts:24 -- req.body as CreateUserDTO (trust boundary violation)
|
|
141
|
+
|
|
142
|
+
Environment variables:
|
|
143
|
+
MEDIUM src/db.ts:3 -- process.env.DATABASE_URL used without validation
|
|
144
|
+
MEDIUM src/auth.ts:7 -- process.env.JWT_SECRET used without validation (could be undefined)
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
**Phase 3 -- ENFORCE:**
|
|
148
|
+
|
|
149
|
+
```typescript
|
|
150
|
+
// src/schemas/user.schema.ts
|
|
151
|
+
import { z } from 'zod';
|
|
152
|
+
|
|
153
|
+
export const createUserSchema = z.object({
|
|
154
|
+
name: z.string().min(1).max(100),
|
|
155
|
+
email: z.string().email(),
|
|
156
|
+
role: z.enum(['admin', 'member']).default('member'),
|
|
157
|
+
});
|
|
158
|
+
|
|
159
|
+
export type CreateUserInput = z.infer<typeof createUserSchema>;
|
|
160
|
+
|
|
161
|
+
export const updateUserSchema = createUserSchema.partial();
|
|
162
|
+
export type UpdateUserInput = z.infer<typeof updateUserSchema>;
|
|
163
|
+
|
|
164
|
+
// src/middleware/validate.ts
|
|
165
|
+
import { z, ZodSchema } from 'zod';
|
|
166
|
+
import { Request, Response, NextFunction } from 'express';
|
|
167
|
+
|
|
168
|
+
export function validate(schema: ZodSchema) {
|
|
169
|
+
return (req: Request, res: Response, next: NextFunction) => {
|
|
170
|
+
const result = schema.safeParse(req.body);
|
|
171
|
+
if (!result.success) {
|
|
172
|
+
return res.status(400).json({
|
|
173
|
+
type: 'https://api.example.com/errors/validation',
|
|
174
|
+
title: 'Validation Error',
|
|
175
|
+
status: 400,
|
|
176
|
+
detail: 'Request body failed validation',
|
|
177
|
+
errors: result.error.issues.map((issue) => ({
|
|
178
|
+
field: issue.path.join('.'),
|
|
179
|
+
message: issue.message,
|
|
180
|
+
code: issue.code,
|
|
181
|
+
})),
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
req.body = result.data; // replace with parsed (coerced, defaulted) data
|
|
185
|
+
next();
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
|
|
189
|
+
// src/routes/users.ts -- wired
|
|
190
|
+
app.post('/users', validate(createUserSchema), async (req, res) => {
|
|
191
|
+
const input: CreateUserInput = req.body; // type-safe, validated
|
|
192
|
+
// ...
|
|
193
|
+
});
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
**Phase 4 -- VERIFY:**
|
|
197
|
+
|
|
198
|
+
```
|
|
199
|
+
Trust boundary coverage: 14/14 API routes validated (100%)
|
|
200
|
+
Type alignment: PASS -- all types derived from schemas via z.infer
|
|
201
|
+
Error responses: PASS -- structured 400 with field-level errors
|
|
202
|
+
Environment: PASS -- config.ts validates all 8 env vars at startup
|
|
203
|
+
Remaining type assertions: 1 (Stripe response -- mitigated with response schema)
|
|
204
|
+
```
|
|
205
|
+
|
|
206
|
+
### Example: NestJS DTO Validation with class-validator
|
|
207
|
+
|
|
208
|
+
**Input:** "Audit our NestJS app for validation gaps."
|
|
209
|
+
|
|
210
|
+
**Phase 1 -- DETECT:**
|
|
211
|
+
|
|
212
|
+
```
|
|
213
|
+
Library: class-validator 0.14.x, class-transformer 0.5.x
|
|
214
|
+
Framework: NestJS 10.x with ValidationPipe (global)
|
|
215
|
+
Trust boundaries:
|
|
216
|
+
- API inputs: 22 routes, 18 validated via DTOs (82% coverage)
|
|
217
|
+
- WebSocket messages: 4 handlers, 0 validated
|
|
218
|
+
- External API: 2 calls to payment gateway, 0 validated
|
|
219
|
+
```
|
|
220
|
+
|
|
221
|
+
**Phase 2 -- AUDIT:**
|
|
222
|
+
|
|
223
|
+
```
|
|
224
|
+
Missing DTO validation:
|
|
225
|
+
HIGH src/modules/admin/admin.controller.ts:34 -- POST /admin/config: uses raw @Body()
|
|
226
|
+
HIGH src/modules/admin/admin.controller.ts:67 -- PUT /admin/users/:id/role: no DTO
|
|
227
|
+
HIGH src/modules/chat/chat.gateway.ts:23 -- @SubscribeMessage('sendMessage'): no validation
|
|
228
|
+
HIGH src/modules/chat/chat.gateway.ts:45 -- @SubscribeMessage('joinRoom'): no validation
|
|
229
|
+
|
|
230
|
+
Partial DTOs:
|
|
231
|
+
WARN src/modules/orders/dto/create-order.dto.ts -- items field is typed OrderItem[]
|
|
232
|
+
but OrderItem has no class-validator decorators. Nested validation missing.
|
|
233
|
+
Add @ValidateNested({ each: true }) and @Type(() => OrderItem)
|
|
234
|
+
```
|
|
235
|
+
|
|
236
|
+
**Phase 3 -- ENFORCE:**
|
|
237
|
+
|
|
238
|
+
```typescript
|
|
239
|
+
// src/modules/orders/dto/order-item.dto.ts
|
|
240
|
+
import { IsString, IsNumber, IsPositive, Min } from 'class-validator';
|
|
241
|
+
|
|
242
|
+
export class OrderItemDto {
|
|
243
|
+
@IsString()
|
|
244
|
+
productId: string;
|
|
245
|
+
|
|
246
|
+
@IsNumber()
|
|
247
|
+
@IsPositive()
|
|
248
|
+
@Min(1)
|
|
249
|
+
quantity: number;
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
// src/modules/orders/dto/create-order.dto.ts (fixed)
|
|
253
|
+
import { ValidateNested, IsArray, ArrayMinSize } from 'class-validator';
|
|
254
|
+
import { Type } from 'class-transformer';
|
|
255
|
+
import { OrderItemDto } from './order-item.dto';
|
|
256
|
+
|
|
257
|
+
export class CreateOrderDto {
|
|
258
|
+
@IsArray()
|
|
259
|
+
@ArrayMinSize(1)
|
|
260
|
+
@ValidateNested({ each: true })
|
|
261
|
+
@Type(() => OrderItemDto)
|
|
262
|
+
items: OrderItemDto[];
|
|
263
|
+
}
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
### Example: Data Contract Between Microservices
|
|
267
|
+
|
|
268
|
+
**Input:** "Establish data contracts between our order service and notification service."
|
|
269
|
+
|
|
270
|
+
**Phase 1 -- DETECT:**
|
|
271
|
+
|
|
272
|
+
```
|
|
273
|
+
Order service: TypeScript, Zod, publishes to Kafka
|
|
274
|
+
Notification service: TypeScript, Joi, consumes from Kafka
|
|
275
|
+
Shared schema: none (each service defines its own types independently)
|
|
276
|
+
```
|
|
277
|
+
|
|
278
|
+
**Phase 2 -- AUDIT:**
|
|
279
|
+
|
|
280
|
+
```
|
|
281
|
+
CRITICAL: No shared contract between services.
|
|
282
|
+
|
|
283
|
+
Order service publishes OrderPlaced with shape:
|
|
284
|
+
{ orderId: string, userId: string, items: Array<{ id: string, qty: number }>, total: number }
|
|
285
|
+
|
|
286
|
+
Notification service expects:
|
|
287
|
+
{ orderId: string, customerId: string, lineItems: Array<{ productId: string, quantity: number }>, totalAmount: number }
|
|
288
|
+
|
|
289
|
+
Field mismatches:
|
|
290
|
+
- userId (producer) vs customerId (consumer) -- different name, same data
|
|
291
|
+
- items.id (producer) vs lineItems.productId (consumer) -- different name
|
|
292
|
+
- items.qty (producer) vs lineItems.quantity (consumer) -- different name
|
|
293
|
+
- total (producer) vs totalAmount (consumer) -- different name
|
|
294
|
+
|
|
295
|
+
These mismatches will cause runtime failures or silent data loss.
|
|
296
|
+
```
|
|
297
|
+
|
|
298
|
+
**Phase 3 -- ENFORCE:**
|
|
299
|
+
|
|
300
|
+
```typescript
|
|
301
|
+
// packages/contracts/src/events/order-placed.ts (shared package)
|
|
302
|
+
import { z } from 'zod';
|
|
303
|
+
|
|
304
|
+
export const orderPlacedSchema = z.object({
|
|
305
|
+
orderId: z.string().uuid(),
|
|
306
|
+
userId: z.string().uuid(),
|
|
307
|
+
items: z
|
|
308
|
+
.array(
|
|
309
|
+
z.object({
|
|
310
|
+
productId: z.string().uuid(),
|
|
311
|
+
quantity: z.number().int().positive(),
|
|
312
|
+
})
|
|
313
|
+
)
|
|
314
|
+
.min(1),
|
|
315
|
+
totalAmount: z.number().positive(),
|
|
316
|
+
currency: z.string().length(3),
|
|
317
|
+
placedAt: z.string().datetime(),
|
|
318
|
+
});
|
|
319
|
+
|
|
320
|
+
export type OrderPlacedEvent = z.infer<typeof orderPlacedSchema>;
|
|
321
|
+
export const ORDER_PLACED_VERSION = 1;
|
|
322
|
+
|
|
323
|
+
// Order service (producer): validate before publishing
|
|
324
|
+
const event = orderPlacedSchema.parse(payload);
|
|
325
|
+
await producer.send({ topic: 'order-events', messages: [{ value: JSON.stringify(event) }] });
|
|
326
|
+
|
|
327
|
+
// Notification service (consumer): validate after consuming
|
|
328
|
+
const event = orderPlacedSchema.parse(JSON.parse(message.value));
|
|
329
|
+
```
|
|
330
|
+
|
|
331
|
+
## Gates
|
|
332
|
+
|
|
333
|
+
- **No type assertions on external data.** WHERE `as` is used to cast data from an API response, message payload, request body, or `JSON.parse` result, THEN the skill must flag it as a trust boundary violation. Type assertions bypass runtime validation entirely. The only acceptable pattern is runtime validation followed by type inference.
|
|
334
|
+
- **Validation errors must not leak internal details.** WHERE a validation error response includes stack traces, database column names, internal field names, or ORM error messages, THEN the skill must halt and require error sanitization. Validation errors are returned to untrusted clients.
|
|
335
|
+
- **Shared data contracts must use a single source of truth.** WHERE two services exchange data (via API or message queue) and define the schema independently, THEN the skill must flag the drift risk. Shared contracts must be defined once in a shared package and imported by both producer and consumer.
|
|
336
|
+
- **Environment variables must be validated at startup.** WHERE `process.env.*` is accessed directly in application code (outside a validated config module), THEN the skill must flag it. An undefined environment variable discovered at request time causes a runtime crash. Validation at startup fails fast with a clear error.
|
|
337
|
+
|
|
338
|
+
## Escalation
|
|
339
|
+
|
|
340
|
+
- **Multiple validation libraries in the same project:** When the project uses both Zod and Joi (or other combinations), report: "Two validation libraries detected: Zod (12 schemas) and Joi (5 schemas). Maintaining two libraries increases bundle size and cognitive load. Recommend migrating all Joi schemas to Zod for consistency. Migration can be incremental -- start with new schemas in Zod, migrate existing Joi schemas during related feature work."
|
|
341
|
+
- **Validation causes performance regression:** When adding validation to a high-throughput endpoint causes measurable latency increase, report: "Zod schema validation on POST /events adds 8ms per request (payload: 500 fields). For this endpoint's volume (10K req/s), consider: (1) precompiled AJV for 10x faster validation, (2) validate only unknown clients and skip for trusted internal callers, or (3) validate asynchronously after accepting the request."
|
|
342
|
+
- **Breaking schema change required:** When a shared data contract must change in a backward-incompatible way, report: "Removing the `legacyField` from the `OrderPlaced` schema will break notification-service consumers running the old version. Recommend: (1) add the new field alongside the old one, (2) deploy consumers that read from the new field, (3) stop populating the old field, (4) remove the old field in a subsequent release."
|
|
343
|
+
- **Validation coverage too low for safe remediation:** When less than 20% of trust boundaries have validation and the codebase has no validation middleware pattern, report: "Validation coverage is 12%. Adding schemas to individual routes is high effort. Recommend: (1) add global validation middleware, (2) start with the highest-risk routes (auth, payments, user creation), (3) add a lint rule that requires a schema for every new route, (4) backfill remaining routes over 2-3 sprints."
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
name: harness-data-validation
|
|
2
|
+
version: "1.0.0"
|
|
3
|
+
description: Schema validation, data contracts, and pipeline data quality
|
|
4
|
+
cognitive_mode: meticulous-verifier
|
|
5
|
+
triggers:
|
|
6
|
+
- manual
|
|
7
|
+
- on_pr
|
|
8
|
+
platforms:
|
|
9
|
+
- claude-code
|
|
10
|
+
- gemini-cli
|
|
11
|
+
tools:
|
|
12
|
+
- Bash
|
|
13
|
+
- Read
|
|
14
|
+
- Write
|
|
15
|
+
- Edit
|
|
16
|
+
- Glob
|
|
17
|
+
- Grep
|
|
18
|
+
cli:
|
|
19
|
+
command: harness skill run harness-data-validation
|
|
20
|
+
args:
|
|
21
|
+
- name: path
|
|
22
|
+
description: Project root path
|
|
23
|
+
required: false
|
|
24
|
+
- name: library
|
|
25
|
+
description: "Validation library: zod, yup, joi, valibot, json-schema. Auto-detected when omitted."
|
|
26
|
+
required: false
|
|
27
|
+
- name: strict
|
|
28
|
+
description: Fail on any unvalidated boundary crossing
|
|
29
|
+
required: false
|
|
30
|
+
mcp:
|
|
31
|
+
tool: run_skill
|
|
32
|
+
input:
|
|
33
|
+
skill: harness-data-validation
|
|
34
|
+
path: string
|
|
35
|
+
type: rigid
|
|
36
|
+
tier: 3
|
|
37
|
+
internal: false
|
|
38
|
+
keywords:
|
|
39
|
+
- validation
|
|
40
|
+
- schema
|
|
41
|
+
- Zod
|
|
42
|
+
- JSON Schema
|
|
43
|
+
- Protobuf
|
|
44
|
+
- Avro
|
|
45
|
+
- data contract
|
|
46
|
+
- data quality
|
|
47
|
+
- type safety
|
|
48
|
+
- runtime validation
|
|
49
|
+
- Valibot
|
|
50
|
+
- Yup
|
|
51
|
+
- Joi
|
|
52
|
+
stack_signals:
|
|
53
|
+
- "src/**/schemas/**"
|
|
54
|
+
- "src/**/validators/**"
|
|
55
|
+
- "*.schema.json"
|
|
56
|
+
- "*.proto"
|
|
57
|
+
- "*.avsc"
|
|
58
|
+
- "src/**/*.zod.*"
|
|
59
|
+
phases:
|
|
60
|
+
- name: detect
|
|
61
|
+
description: Identify validation libraries, schema definitions, and trust boundaries
|
|
62
|
+
required: true
|
|
63
|
+
- name: audit
|
|
64
|
+
description: Find unvalidated inputs, missing schemas, and type-runtime mismatches
|
|
65
|
+
required: true
|
|
66
|
+
- name: enforce
|
|
67
|
+
description: Generate or fix validation schemas at every trust boundary
|
|
68
|
+
required: true
|
|
69
|
+
- name: verify
|
|
70
|
+
description: Confirm all boundaries are covered and schemas match runtime types
|
|
71
|
+
required: true
|
|
72
|
+
state:
|
|
73
|
+
persistent: false
|
|
74
|
+
files: []
|
|
75
|
+
depends_on: []
|