@harness-engineering/cli 1.13.0 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (367) hide show
  1. package/dist/agents/skills/claude-code/add-harness-component/skill.yaml +1 -0
  2. package/dist/agents/skills/claude-code/align-documentation/skill.yaml +1 -0
  3. package/dist/agents/skills/claude-code/check-mechanical-constraints/skill.yaml +1 -0
  4. package/dist/agents/skills/claude-code/cleanup-dead-code/skill.yaml +1 -0
  5. package/dist/agents/skills/claude-code/detect-doc-drift/skill.yaml +1 -0
  6. package/dist/agents/skills/claude-code/enforce-architecture/skill.yaml +1 -0
  7. package/dist/agents/skills/claude-code/harness-accessibility/skill.yaml +1 -0
  8. package/dist/agents/skills/claude-code/harness-api-design/SKILL.md +304 -0
  9. package/dist/agents/skills/claude-code/harness-api-design/skill.yaml +74 -0
  10. package/dist/agents/skills/claude-code/harness-architecture-advisor/skill.yaml +1 -0
  11. package/dist/agents/skills/claude-code/harness-auth/SKILL.md +279 -0
  12. package/dist/agents/skills/claude-code/harness-auth/skill.yaml +81 -0
  13. package/dist/agents/skills/claude-code/harness-autopilot/skill.yaml +1 -0
  14. package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +39 -0
  15. package/dist/agents/skills/claude-code/harness-brainstorming/skill.yaml +1 -0
  16. package/dist/agents/skills/claude-code/harness-caching/SKILL.md +309 -0
  17. package/dist/agents/skills/claude-code/harness-caching/skill.yaml +73 -0
  18. package/dist/agents/skills/claude-code/harness-chaos/SKILL.md +295 -0
  19. package/dist/agents/skills/claude-code/harness-chaos/skill.yaml +72 -0
  20. package/dist/agents/skills/claude-code/harness-code-review/SKILL.md +44 -0
  21. package/dist/agents/skills/claude-code/harness-code-review/skill.yaml +1 -0
  22. package/dist/agents/skills/claude-code/harness-codebase-cleanup/skill.yaml +1 -0
  23. package/dist/agents/skills/claude-code/harness-compliance/SKILL.md +303 -0
  24. package/dist/agents/skills/claude-code/harness-compliance/skill.yaml +78 -0
  25. package/dist/agents/skills/claude-code/harness-containerization/SKILL.md +284 -0
  26. package/dist/agents/skills/claude-code/harness-containerization/skill.yaml +80 -0
  27. package/dist/agents/skills/claude-code/harness-data-pipeline/SKILL.md +274 -0
  28. package/dist/agents/skills/claude-code/harness-data-pipeline/skill.yaml +81 -0
  29. package/dist/agents/skills/claude-code/harness-data-validation/SKILL.md +343 -0
  30. package/dist/agents/skills/claude-code/harness-data-validation/skill.yaml +75 -0
  31. package/dist/agents/skills/claude-code/harness-database/SKILL.md +258 -0
  32. package/dist/agents/skills/claude-code/harness-database/skill.yaml +80 -0
  33. package/dist/agents/skills/claude-code/harness-debugging/skill.yaml +1 -0
  34. package/dist/agents/skills/claude-code/harness-dependency-health/skill.yaml +1 -0
  35. package/dist/agents/skills/claude-code/harness-deployment/SKILL.md +255 -0
  36. package/dist/agents/skills/claude-code/harness-deployment/skill.yaml +77 -0
  37. package/dist/agents/skills/claude-code/harness-design/skill.yaml +1 -0
  38. package/dist/agents/skills/claude-code/harness-design-mobile/skill.yaml +1 -0
  39. package/dist/agents/skills/claude-code/harness-design-system/skill.yaml +1 -0
  40. package/dist/agents/skills/claude-code/harness-design-web/skill.yaml +1 -0
  41. package/dist/agents/skills/claude-code/harness-diagnostics/skill.yaml +1 -0
  42. package/dist/agents/skills/claude-code/harness-docs-pipeline/skill.yaml +1 -0
  43. package/dist/agents/skills/claude-code/harness-dx/SKILL.md +276 -0
  44. package/dist/agents/skills/claude-code/harness-dx/skill.yaml +76 -0
  45. package/dist/agents/skills/claude-code/harness-e2e/SKILL.md +245 -0
  46. package/dist/agents/skills/claude-code/harness-e2e/skill.yaml +78 -0
  47. package/dist/agents/skills/claude-code/harness-event-driven/SKILL.md +280 -0
  48. package/dist/agents/skills/claude-code/harness-event-driven/skill.yaml +77 -0
  49. package/dist/agents/skills/claude-code/harness-execution/SKILL.md +44 -0
  50. package/dist/agents/skills/claude-code/harness-execution/skill.yaml +1 -0
  51. package/dist/agents/skills/claude-code/harness-feature-flags/SKILL.md +287 -0
  52. package/dist/agents/skills/claude-code/harness-feature-flags/skill.yaml +74 -0
  53. package/dist/agents/skills/claude-code/harness-git-workflow/skill.yaml +1 -0
  54. package/dist/agents/skills/claude-code/harness-hotspot-detector/skill.yaml +1 -0
  55. package/dist/agents/skills/claude-code/harness-i18n/skill.yaml +1 -0
  56. package/dist/agents/skills/claude-code/harness-i18n-process/skill.yaml +1 -0
  57. package/dist/agents/skills/claude-code/harness-i18n-workflow/skill.yaml +1 -0
  58. package/dist/agents/skills/claude-code/harness-impact-analysis/skill.yaml +1 -0
  59. package/dist/agents/skills/claude-code/harness-incident-response/SKILL.md +223 -0
  60. package/dist/agents/skills/claude-code/harness-incident-response/skill.yaml +78 -0
  61. package/dist/agents/skills/claude-code/harness-infrastructure-as-code/SKILL.md +279 -0
  62. package/dist/agents/skills/claude-code/harness-infrastructure-as-code/skill.yaml +80 -0
  63. package/dist/agents/skills/claude-code/harness-integration-test/SKILL.md +271 -0
  64. package/dist/agents/skills/claude-code/harness-integration-test/skill.yaml +73 -0
  65. package/dist/agents/skills/claude-code/harness-integrity/skill.yaml +1 -0
  66. package/dist/agents/skills/claude-code/harness-knowledge-mapper/skill.yaml +1 -0
  67. package/dist/agents/skills/claude-code/harness-load-testing/SKILL.md +274 -0
  68. package/dist/agents/skills/claude-code/harness-load-testing/skill.yaml +79 -0
  69. package/dist/agents/skills/claude-code/harness-ml-ops/SKILL.md +341 -0
  70. package/dist/agents/skills/claude-code/harness-ml-ops/skill.yaml +79 -0
  71. package/dist/agents/skills/claude-code/harness-mobile-patterns/SKILL.md +326 -0
  72. package/dist/agents/skills/claude-code/harness-mobile-patterns/skill.yaml +82 -0
  73. package/dist/agents/skills/claude-code/harness-mutation-test/SKILL.md +251 -0
  74. package/dist/agents/skills/claude-code/harness-mutation-test/skill.yaml +70 -0
  75. package/dist/agents/skills/claude-code/harness-observability/SKILL.md +283 -0
  76. package/dist/agents/skills/claude-code/harness-observability/skill.yaml +78 -0
  77. package/dist/agents/skills/claude-code/harness-onboarding/skill.yaml +1 -0
  78. package/dist/agents/skills/claude-code/harness-parallel-agents/skill.yaml +1 -0
  79. package/dist/agents/skills/claude-code/harness-perf/skill.yaml +1 -0
  80. package/dist/agents/skills/claude-code/harness-perf-tdd/skill.yaml +1 -0
  81. package/dist/agents/skills/claude-code/harness-planning/SKILL.md +39 -0
  82. package/dist/agents/skills/claude-code/harness-planning/skill.yaml +1 -0
  83. package/dist/agents/skills/claude-code/harness-pre-commit-review/skill.yaml +1 -0
  84. package/dist/agents/skills/claude-code/harness-product-spec/SKILL.md +285 -0
  85. package/dist/agents/skills/claude-code/harness-product-spec/skill.yaml +72 -0
  86. package/dist/agents/skills/claude-code/harness-property-test/SKILL.md +281 -0
  87. package/dist/agents/skills/claude-code/harness-property-test/skill.yaml +71 -0
  88. package/dist/agents/skills/claude-code/harness-refactoring/skill.yaml +1 -0
  89. package/dist/agents/skills/claude-code/harness-release-readiness/SKILL.md +3 -3
  90. package/dist/agents/skills/claude-code/harness-release-readiness/skill.yaml +1 -0
  91. package/dist/agents/skills/claude-code/harness-resilience/SKILL.md +255 -0
  92. package/dist/agents/skills/claude-code/harness-resilience/skill.yaml +76 -0
  93. package/dist/agents/skills/claude-code/harness-roadmap/skill.yaml +1 -0
  94. package/dist/agents/skills/claude-code/harness-secrets/SKILL.md +293 -0
  95. package/dist/agents/skills/claude-code/harness-secrets/skill.yaml +76 -0
  96. package/dist/agents/skills/claude-code/harness-security-review/skill.yaml +1 -0
  97. package/dist/agents/skills/claude-code/harness-security-scan/skill.yaml +1 -0
  98. package/dist/agents/skills/claude-code/harness-skill-authoring/skill.yaml +1 -0
  99. package/dist/agents/skills/claude-code/harness-soundness-review/skill.yaml +1 -0
  100. package/dist/agents/skills/claude-code/harness-sql-review/SKILL.md +315 -0
  101. package/dist/agents/skills/claude-code/harness-sql-review/skill.yaml +74 -0
  102. package/dist/agents/skills/claude-code/harness-state-management/skill.yaml +1 -0
  103. package/dist/agents/skills/claude-code/harness-tdd/skill.yaml +1 -0
  104. package/dist/agents/skills/claude-code/harness-test-advisor/skill.yaml +1 -0
  105. package/dist/agents/skills/claude-code/harness-test-data/SKILL.md +268 -0
  106. package/dist/agents/skills/claude-code/harness-test-data/skill.yaml +74 -0
  107. package/dist/agents/skills/claude-code/harness-ux-copy/SKILL.md +271 -0
  108. package/dist/agents/skills/claude-code/harness-ux-copy/skill.yaml +77 -0
  109. package/dist/agents/skills/claude-code/harness-verification/SKILL.md +35 -0
  110. package/dist/agents/skills/claude-code/harness-verification/skill.yaml +1 -0
  111. package/dist/agents/skills/claude-code/harness-verify/skill.yaml +1 -0
  112. package/dist/agents/skills/claude-code/harness-visual-regression/SKILL.md +257 -0
  113. package/dist/agents/skills/claude-code/harness-visual-regression/skill.yaml +74 -0
  114. package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +11 -3
  115. package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +1 -0
  116. package/dist/agents/skills/claude-code/validate-context-engineering/skill.yaml +1 -0
  117. package/dist/agents/skills/gemini-cli/add-harness-component/skill.yaml +1 -0
  118. package/dist/agents/skills/gemini-cli/align-documentation/skill.yaml +1 -0
  119. package/dist/agents/skills/gemini-cli/check-mechanical-constraints/skill.yaml +1 -0
  120. package/dist/agents/skills/gemini-cli/cleanup-dead-code/skill.yaml +1 -0
  121. package/dist/agents/skills/gemini-cli/detect-doc-drift/skill.yaml +1 -0
  122. package/dist/agents/skills/gemini-cli/enforce-architecture/skill.yaml +1 -0
  123. package/dist/agents/skills/gemini-cli/harness-accessibility/skill.yaml +1 -0
  124. package/dist/agents/skills/gemini-cli/harness-api-design/SKILL.md +304 -0
  125. package/dist/agents/skills/gemini-cli/harness-api-design/skill.yaml +74 -0
  126. package/dist/agents/skills/gemini-cli/harness-architecture-advisor/skill.yaml +1 -0
  127. package/dist/agents/skills/gemini-cli/harness-auth/SKILL.md +279 -0
  128. package/dist/agents/skills/gemini-cli/harness-auth/skill.yaml +81 -0
  129. package/dist/agents/skills/gemini-cli/harness-autopilot/skill.yaml +1 -0
  130. package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +39 -0
  131. package/dist/agents/skills/gemini-cli/harness-brainstorming/skill.yaml +1 -0
  132. package/dist/agents/skills/gemini-cli/harness-caching/SKILL.md +309 -0
  133. package/dist/agents/skills/gemini-cli/harness-caching/skill.yaml +73 -0
  134. package/dist/agents/skills/gemini-cli/harness-chaos/SKILL.md +295 -0
  135. package/dist/agents/skills/gemini-cli/harness-chaos/skill.yaml +72 -0
  136. package/dist/agents/skills/gemini-cli/harness-code-review/SKILL.md +44 -0
  137. package/dist/agents/skills/gemini-cli/harness-code-review/skill.yaml +1 -0
  138. package/dist/agents/skills/gemini-cli/harness-codebase-cleanup/skill.yaml +1 -0
  139. package/dist/agents/skills/gemini-cli/harness-compliance/SKILL.md +303 -0
  140. package/dist/agents/skills/gemini-cli/harness-compliance/skill.yaml +78 -0
  141. package/dist/agents/skills/gemini-cli/harness-containerization/SKILL.md +284 -0
  142. package/dist/agents/skills/gemini-cli/harness-containerization/skill.yaml +80 -0
  143. package/dist/agents/skills/gemini-cli/harness-data-pipeline/SKILL.md +274 -0
  144. package/dist/agents/skills/gemini-cli/harness-data-pipeline/skill.yaml +81 -0
  145. package/dist/agents/skills/gemini-cli/harness-data-validation/SKILL.md +343 -0
  146. package/dist/agents/skills/gemini-cli/harness-data-validation/skill.yaml +75 -0
  147. package/dist/agents/skills/gemini-cli/harness-database/SKILL.md +258 -0
  148. package/dist/agents/skills/gemini-cli/harness-database/skill.yaml +80 -0
  149. package/dist/agents/skills/gemini-cli/harness-debugging/skill.yaml +1 -0
  150. package/dist/agents/skills/gemini-cli/harness-dependency-health/skill.yaml +1 -0
  151. package/dist/agents/skills/gemini-cli/harness-deployment/SKILL.md +255 -0
  152. package/dist/agents/skills/gemini-cli/harness-deployment/skill.yaml +77 -0
  153. package/dist/agents/skills/gemini-cli/harness-design/skill.yaml +1 -0
  154. package/dist/agents/skills/gemini-cli/harness-design-mobile/skill.yaml +1 -0
  155. package/dist/agents/skills/gemini-cli/harness-design-system/skill.yaml +1 -0
  156. package/dist/agents/skills/gemini-cli/harness-design-web/skill.yaml +1 -0
  157. package/dist/agents/skills/gemini-cli/harness-diagnostics/skill.yaml +1 -0
  158. package/dist/agents/skills/gemini-cli/harness-docs-pipeline/skill.yaml +1 -0
  159. package/dist/agents/skills/gemini-cli/harness-dx/SKILL.md +276 -0
  160. package/dist/agents/skills/gemini-cli/harness-dx/skill.yaml +76 -0
  161. package/dist/agents/skills/gemini-cli/harness-e2e/SKILL.md +245 -0
  162. package/dist/agents/skills/gemini-cli/harness-e2e/skill.yaml +78 -0
  163. package/dist/agents/skills/gemini-cli/harness-event-driven/SKILL.md +280 -0
  164. package/dist/agents/skills/gemini-cli/harness-event-driven/skill.yaml +77 -0
  165. package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +44 -0
  166. package/dist/agents/skills/gemini-cli/harness-execution/skill.yaml +1 -0
  167. package/dist/agents/skills/gemini-cli/harness-feature-flags/SKILL.md +287 -0
  168. package/dist/agents/skills/gemini-cli/harness-feature-flags/skill.yaml +74 -0
  169. package/dist/agents/skills/gemini-cli/harness-git-workflow/skill.yaml +1 -0
  170. package/dist/agents/skills/gemini-cli/harness-hotspot-detector/skill.yaml +1 -0
  171. package/dist/agents/skills/gemini-cli/harness-i18n/skill.yaml +1 -0
  172. package/dist/agents/skills/gemini-cli/harness-i18n-process/skill.yaml +1 -0
  173. package/dist/agents/skills/gemini-cli/harness-i18n-workflow/skill.yaml +1 -0
  174. package/dist/agents/skills/gemini-cli/harness-impact-analysis/skill.yaml +1 -0
  175. package/dist/agents/skills/gemini-cli/harness-incident-response/SKILL.md +223 -0
  176. package/dist/agents/skills/gemini-cli/harness-incident-response/skill.yaml +78 -0
  177. package/dist/agents/skills/gemini-cli/harness-infrastructure-as-code/SKILL.md +279 -0
  178. package/dist/agents/skills/gemini-cli/harness-infrastructure-as-code/skill.yaml +80 -0
  179. package/dist/agents/skills/gemini-cli/harness-integration-test/SKILL.md +271 -0
  180. package/dist/agents/skills/gemini-cli/harness-integration-test/skill.yaml +73 -0
  181. package/dist/agents/skills/gemini-cli/harness-integrity/skill.yaml +1 -0
  182. package/dist/agents/skills/gemini-cli/harness-knowledge-mapper/skill.yaml +1 -0
  183. package/dist/agents/skills/gemini-cli/harness-load-testing/SKILL.md +274 -0
  184. package/dist/agents/skills/gemini-cli/harness-load-testing/skill.yaml +79 -0
  185. package/dist/agents/skills/gemini-cli/harness-ml-ops/SKILL.md +341 -0
  186. package/dist/agents/skills/gemini-cli/harness-ml-ops/skill.yaml +79 -0
  187. package/dist/agents/skills/gemini-cli/harness-mobile-patterns/SKILL.md +326 -0
  188. package/dist/agents/skills/gemini-cli/harness-mobile-patterns/skill.yaml +82 -0
  189. package/dist/agents/skills/gemini-cli/harness-mutation-test/SKILL.md +251 -0
  190. package/dist/agents/skills/gemini-cli/harness-mutation-test/skill.yaml +70 -0
  191. package/dist/agents/skills/gemini-cli/harness-observability/SKILL.md +283 -0
  192. package/dist/agents/skills/gemini-cli/harness-observability/skill.yaml +78 -0
  193. package/dist/agents/skills/gemini-cli/harness-onboarding/skill.yaml +1 -0
  194. package/dist/agents/skills/gemini-cli/harness-parallel-agents/skill.yaml +1 -0
  195. package/dist/agents/skills/gemini-cli/harness-perf/skill.yaml +1 -0
  196. package/dist/agents/skills/gemini-cli/harness-perf-tdd/skill.yaml +1 -0
  197. package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +39 -0
  198. package/dist/agents/skills/gemini-cli/harness-planning/skill.yaml +1 -0
  199. package/dist/agents/skills/gemini-cli/harness-pre-commit-review/skill.yaml +1 -0
  200. package/dist/agents/skills/gemini-cli/harness-product-spec/SKILL.md +285 -0
  201. package/dist/agents/skills/gemini-cli/harness-product-spec/skill.yaml +72 -0
  202. package/dist/agents/skills/gemini-cli/harness-property-test/SKILL.md +281 -0
  203. package/dist/agents/skills/gemini-cli/harness-property-test/skill.yaml +71 -0
  204. package/dist/agents/skills/gemini-cli/harness-refactoring/skill.yaml +1 -0
  205. package/dist/agents/skills/gemini-cli/harness-release-readiness/SKILL.md +3 -3
  206. package/dist/agents/skills/gemini-cli/harness-release-readiness/skill.yaml +1 -0
  207. package/dist/agents/skills/gemini-cli/harness-resilience/SKILL.md +255 -0
  208. package/dist/agents/skills/gemini-cli/harness-resilience/skill.yaml +76 -0
  209. package/dist/agents/skills/gemini-cli/harness-roadmap/skill.yaml +1 -0
  210. package/dist/agents/skills/gemini-cli/harness-secrets/SKILL.md +293 -0
  211. package/dist/agents/skills/gemini-cli/harness-secrets/skill.yaml +76 -0
  212. package/dist/agents/skills/gemini-cli/harness-security-review/SKILL.md +240 -0
  213. package/dist/agents/skills/gemini-cli/harness-security-review/skill.yaml +1 -0
  214. package/dist/agents/skills/gemini-cli/harness-security-scan/skill.yaml +1 -0
  215. package/dist/agents/skills/gemini-cli/harness-skill-authoring/skill.yaml +1 -0
  216. package/dist/agents/skills/gemini-cli/harness-soundness-review/skill.yaml +1 -0
  217. package/dist/agents/skills/gemini-cli/harness-sql-review/SKILL.md +315 -0
  218. package/dist/agents/skills/gemini-cli/harness-sql-review/skill.yaml +74 -0
  219. package/dist/agents/skills/gemini-cli/harness-state-management/skill.yaml +1 -0
  220. package/dist/agents/skills/gemini-cli/harness-tdd/skill.yaml +1 -0
  221. package/dist/agents/skills/gemini-cli/harness-test-advisor/skill.yaml +1 -0
  222. package/dist/agents/skills/gemini-cli/harness-test-data/SKILL.md +268 -0
  223. package/dist/agents/skills/gemini-cli/harness-test-data/skill.yaml +74 -0
  224. package/dist/agents/skills/gemini-cli/harness-ux-copy/SKILL.md +271 -0
  225. package/dist/agents/skills/gemini-cli/harness-ux-copy/skill.yaml +77 -0
  226. package/dist/agents/skills/gemini-cli/harness-verification/SKILL.md +35 -0
  227. package/dist/agents/skills/gemini-cli/harness-verification/skill.yaml +1 -0
  228. package/dist/agents/skills/gemini-cli/harness-verify/skill.yaml +1 -0
  229. package/dist/agents/skills/gemini-cli/harness-visual-regression/SKILL.md +257 -0
  230. package/dist/agents/skills/gemini-cli/harness-visual-regression/skill.yaml +74 -0
  231. package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +11 -3
  232. package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +1 -0
  233. package/dist/agents/skills/gemini-cli/validate-context-engineering/skill.yaml +1 -0
  234. package/dist/agents-md-YTYQDA3P.js +8 -0
  235. package/dist/{architecture-ESOOE26S.js → architecture-JQZYM4US.js} +4 -4
  236. package/dist/bin/harness-mcp.js +16 -15
  237. package/dist/bin/harness.js +31 -30
  238. package/dist/{check-phase-gate-S2MZKLFQ.js → check-phase-gate-L3RADYWO.js} +4 -3
  239. package/dist/{chunk-WPPDRIJL.js → chunk-3C2MLBPJ.js} +4 -4
  240. package/dist/chunk-6KTUUFRN.js +217 -0
  241. package/dist/{chunk-MI5XJQDY.js → chunk-7IP4JIFL.js} +24 -10
  242. package/dist/{chunk-C2ERUR3L.js → chunk-7MJAPE3Z.js} +165 -49
  243. package/dist/{chunk-KELT6K6M.js → chunk-ABQHQ6I5.js} +1861 -1418
  244. package/dist/{chunk-L2KLU56K.js → chunk-AOZRDOIP.js} +2 -2
  245. package/dist/{chunk-QPEH2QPG.js → chunk-DBSOCI3G.js} +53 -54
  246. package/dist/{chunk-MHBMTPW7.js → chunk-ERS5EVUZ.js} +9 -0
  247. package/dist/{chunk-JSTQ3AWB.js → chunk-FIAPHX37.js} +1 -1
  248. package/dist/{chunk-2YPZKGAG.js → chunk-FTMXDOR6.js} +1 -1
  249. package/dist/{chunk-72GHBOL2.js → chunk-GZKSBLQL.js} +1 -1
  250. package/dist/{chunk-K6XAPGML.js → chunk-H7Y5CKTM.js} +1 -1
  251. package/dist/{chunk-HD4IBGLA.js → chunk-N5G5QMS3.js} +24 -1
  252. package/dist/{chunk-LD3DKUK5.js → chunk-NLVUVUGD.js} +1 -1
  253. package/dist/{chunk-3KOLLWWE.js → chunk-O5OJVPL6.js} +26 -211
  254. package/dist/{chunk-NKDM3FMH.js → chunk-OD3S2NHN.js} +1 -1
  255. package/dist/{chunk-5VY23YK3.js → chunk-OSXBPAMK.js} +2 -2
  256. package/dist/{chunk-MACVXDZK.js → chunk-OXLLOSSR.js} +45 -47
  257. package/dist/{chunk-GNGELAXY.js → chunk-RCWZBSK5.js} +2 -2
  258. package/dist/{chunk-PSNN4LWX.js → chunk-S2FXOWOR.js} +3 -3
  259. package/dist/{chunk-VUCPTQ6G.js → chunk-SD3SQOZ2.js} +1 -1
  260. package/dist/{chunk-7PZWR4LI.js → chunk-TPOTOBR7.js} +9 -9
  261. package/dist/{chunk-RZSUJBZZ.js → chunk-XKECDXJS.js} +452 -353
  262. package/dist/{chunk-VRFZWGMS.js → chunk-XYLGHKG6.js} +5 -1
  263. package/dist/{chunk-6N4R6FVX.js → chunk-YBJ262QL.js} +1 -1
  264. package/dist/{chunk-2VU4MFM3.js → chunk-YPYGXRDR.js} +7 -7
  265. package/dist/{chunk-Q6AB7W5Z.js → chunk-YQ6KC6TE.js} +1 -1
  266. package/dist/{chunk-7KQSUZVG.js → chunk-YZD2MRNQ.js} +1528 -1010
  267. package/dist/ci-workflow-EQZFVX3P.js +8 -0
  268. package/dist/{create-skill-WPXHSLX2.js → create-skill-XSWHMSM5.js} +2 -2
  269. package/dist/{dist-M6BQODWC.js → dist-B26DFXMP.js} +573 -480
  270. package/dist/{dist-L7LAAQAS.js → dist-DZ63LLUD.js} +1 -1
  271. package/dist/{dist-WF4C7A4A.js → dist-HWXF2C3R.js} +18 -2
  272. package/dist/{dist-D4RYGUZE.js → dist-USY2C5JL.js} +3 -1
  273. package/dist/{docs-BPYCN2DR.js → docs-7ECGYMAV.js} +5 -3
  274. package/dist/engine-EG4EH4IX.js +8 -0
  275. package/dist/{entropy-4VDVV5CR.js → entropy-5USWKLVS.js} +3 -3
  276. package/dist/{feedback-63QB5RCA.js → feedback-UTBXZZHF.js} +1 -1
  277. package/dist/{generate-agent-definitions-QABOJG56.js → generate-agent-definitions-3PM5EU7V.js} +5 -5
  278. package/dist/{glob-helper-5OHBUQAI.js → glob-helper-R5FXNUPS.js} +1 -1
  279. package/dist/{graph-loader-KO4GJ5N2.js → graph-loader-2M2HXDQI.js} +1 -1
  280. package/dist/index.d.ts +183 -17
  281. package/dist/index.js +32 -30
  282. package/dist/loader-ZPALXIVR.js +10 -0
  283. package/dist/mcp-362EZHF4.js +35 -0
  284. package/dist/{performance-26BH47O4.js → performance-OQAFMJUD.js} +3 -3
  285. package/dist/{review-pipeline-GHR3WFBI.js → review-pipeline-C4GCFVGP.js} +1 -1
  286. package/dist/runtime-7YLVK453.js +9 -0
  287. package/dist/{security-UQFUZXEN.js → security-PZOX7AQS.js} +1 -1
  288. package/dist/skill-executor-XZLYZYAK.js +8 -0
  289. package/dist/templates/axum/Cargo.toml.hbs +8 -0
  290. package/dist/templates/axum/src/main.rs +12 -0
  291. package/dist/templates/axum/template.json +16 -0
  292. package/dist/templates/django/manage.py.hbs +19 -0
  293. package/dist/templates/django/requirements.txt.hbs +1 -0
  294. package/dist/templates/django/src/settings.py.hbs +44 -0
  295. package/dist/templates/django/src/urls.py +6 -0
  296. package/dist/templates/django/src/wsgi.py.hbs +9 -0
  297. package/dist/templates/django/template.json +21 -0
  298. package/dist/templates/express/package.json.hbs +15 -0
  299. package/dist/templates/express/src/app.ts +12 -0
  300. package/dist/templates/express/src/lib/.gitkeep +0 -0
  301. package/dist/templates/express/template.json +16 -0
  302. package/dist/templates/fastapi/requirements.txt.hbs +2 -0
  303. package/dist/templates/fastapi/src/main.py +8 -0
  304. package/dist/templates/fastapi/template.json +20 -0
  305. package/dist/templates/gin/go.mod.hbs +5 -0
  306. package/dist/templates/gin/main.go +15 -0
  307. package/dist/templates/gin/template.json +19 -0
  308. package/dist/templates/go-base/.golangci.yml +16 -0
  309. package/dist/templates/go-base/AGENTS.md.hbs +35 -0
  310. package/dist/templates/go-base/go.mod.hbs +3 -0
  311. package/dist/templates/go-base/harness.config.json.hbs +17 -0
  312. package/dist/templates/go-base/main.go +7 -0
  313. package/dist/templates/go-base/template.json +14 -0
  314. package/dist/templates/java-base/AGENTS.md.hbs +35 -0
  315. package/dist/templates/java-base/checkstyle.xml +20 -0
  316. package/dist/templates/java-base/harness.config.json.hbs +16 -0
  317. package/dist/templates/java-base/pom.xml.hbs +39 -0
  318. package/dist/templates/java-base/src/main/java/App.java.hbs +5 -0
  319. package/dist/templates/java-base/template.json +13 -0
  320. package/dist/templates/nestjs/nest-cli.json +5 -0
  321. package/dist/templates/nestjs/package.json.hbs +18 -0
  322. package/dist/templates/nestjs/src/app.module.ts +8 -0
  323. package/dist/templates/nestjs/src/lib/.gitkeep +0 -0
  324. package/dist/templates/nestjs/src/main.ts +11 -0
  325. package/dist/templates/nestjs/template.json +16 -0
  326. package/dist/templates/nextjs/template.json +15 -1
  327. package/dist/templates/python-base/.python-version +1 -0
  328. package/dist/templates/python-base/AGENTS.md.hbs +32 -0
  329. package/dist/templates/python-base/harness.config.json.hbs +16 -0
  330. package/dist/templates/python-base/pyproject.toml.hbs +18 -0
  331. package/dist/templates/python-base/ruff.toml +5 -0
  332. package/dist/templates/python-base/src/__init__.py +0 -0
  333. package/dist/templates/python-base/template.json +13 -0
  334. package/dist/templates/react-vite/index.html +12 -0
  335. package/dist/templates/react-vite/package.json.hbs +18 -0
  336. package/dist/templates/react-vite/src/App.tsx +7 -0
  337. package/dist/templates/react-vite/src/lib/.gitkeep +0 -0
  338. package/dist/templates/react-vite/src/main.tsx +9 -0
  339. package/dist/templates/react-vite/template.json +19 -0
  340. package/dist/templates/react-vite/vite.config.ts +6 -0
  341. package/dist/templates/rust-base/AGENTS.md.hbs +35 -0
  342. package/dist/templates/rust-base/Cargo.toml.hbs +6 -0
  343. package/dist/templates/rust-base/clippy.toml +2 -0
  344. package/dist/templates/rust-base/harness.config.json.hbs +17 -0
  345. package/dist/templates/rust-base/src/main.rs +3 -0
  346. package/dist/templates/rust-base/template.json +14 -0
  347. package/dist/templates/spring-boot/pom.xml.hbs +50 -0
  348. package/dist/templates/spring-boot/src/main/java/Application.java.hbs +19 -0
  349. package/dist/templates/spring-boot/template.json +15 -0
  350. package/dist/templates/vue/index.html +12 -0
  351. package/dist/templates/vue/package.json.hbs +16 -0
  352. package/dist/templates/vue/src/App.vue +7 -0
  353. package/dist/templates/vue/src/lib/.gitkeep +0 -0
  354. package/dist/templates/vue/src/main.ts +4 -0
  355. package/dist/templates/vue/template.json +19 -0
  356. package/dist/templates/vue/vite.config.ts +6 -0
  357. package/dist/{validate-N7QJOKFZ.js → validate-FD3Z6VJD.js} +4 -4
  358. package/dist/validate-cross-check-WNJM6H2D.js +8 -0
  359. package/package.json +6 -6
  360. package/dist/agents-md-P2RHSUV7.js +0 -8
  361. package/dist/ci-workflow-4NYBUG6R.js +0 -8
  362. package/dist/engine-LXLIWQQ3.js +0 -8
  363. package/dist/loader-Z2IT7QX3.js +0 -10
  364. package/dist/mcp-KQHEL5IF.js +0 -34
  365. package/dist/runtime-PDWD7UIK.js +0 -9
  366. package/dist/skill-executor-RG45LUO5.js +0 -8
  367. package/dist/validate-cross-check-EDQ5QGTM.js +0 -8
package/dist/agents/skills/claude-code/harness-data-pipeline/skill.yaml ADDED
@@ -0,0 +1,81 @@
1
+ name: harness-data-pipeline
2
+ version: "1.0.0"
3
+ description: ETL/ELT patterns, data quality checks, pipeline testing, and data workflow management
4
+ cognitive_mode: meticulous-verifier
5
+ triggers:
6
+ - manual
7
+ - on_pr
8
+ - on_commit
9
+ platforms:
10
+ - claude-code
11
+ - gemini-cli
12
+ tools:
13
+ - Bash
14
+ - Read
15
+ - Write
16
+ - Edit
17
+ - Glob
18
+ - Grep
19
+ - emit_interaction
20
+ cli:
21
+ command: harness skill run harness-data-pipeline
22
+ args:
23
+ - name: path
24
+ description: Project root path
25
+ required: false
26
+ - name: framework
27
+ description: "Pipeline framework: dbt, airflow, dagster, prefect. Auto-detected when omitted."
28
+ required: false
29
+ - name: check-quality
30
+ description: Run data quality validation rules against pipeline definitions
31
+ required: false
32
+ mcp:
33
+ tool: run_skill
34
+ input:
35
+ skill: harness-data-pipeline
36
+ path: string
37
+ type: rigid
38
+ tier: 3
39
+ internal: false
40
+ keywords:
41
+ - data pipeline
42
+ - ETL
43
+ - ELT
44
+ - data quality
45
+ - pipeline testing
46
+ - Airflow
47
+ - dbt
48
+ - Dagster
49
+ - Prefect
50
+ - data transformation
51
+ - data ingestion
52
+ - data warehouse
53
+ - BigQuery
54
+ - Snowflake
55
+ stack_signals:
56
+ - "dbt/"
57
+ - "dbt_project.yml"
58
+ - "airflow/"
59
+ - "dags/"
60
+ - "dagster/"
61
+ - "pipelines/"
62
+ - "etl/"
63
+ - "src/**/transforms/**"
64
+ - "models/"
65
+ phases:
66
+ - name: detect
67
+ description: Identify pipeline framework, DAG structure, data sources, and sink targets
68
+ required: true
69
+ - name: analyze
70
+ description: Evaluate pipeline patterns, dependency graphs, idempotency, and error handling
71
+ required: true
72
+ - name: validate
73
+ description: Check data quality rules, schema contracts, freshness SLAs, and test coverage
74
+ required: true
75
+ - name: document
76
+ description: Generate pipeline documentation, lineage diagrams, and quality check reports
77
+ required: true
78
+ state:
79
+ persistent: false
80
+ files: []
81
+ depends_on: []
package/dist/agents/skills/claude-code/harness-data-validation/SKILL.md ADDED
@@ -0,0 +1,343 @@
1
+ # Harness Data Validation
2
+
3
+ > Meticulous verifier for schema validation, data contracts, and pipeline data quality. Detects validation libraries, audits trust boundaries for unvalidated inputs, enforces runtime validation schemas, and verifies type-runtime alignment.
4
+
5
+ ## When to Use
6
+
7
+ - When adding runtime validation to API inputs, form data, or configuration
8
+ - When reviewing a PR that modifies data schemas or validation logic
9
+ - When establishing data contracts between services or between frontend and backend
10
+ - When auditing an existing codebase for unvalidated trust boundary crossings
11
+ - When migrating between validation libraries (e.g., Joi to Zod, Yup to Valibot)
12
+ - When ensuring TypeScript types match runtime validation schemas
13
+ - NOT for database schema validation (use harness-database for DDL constraints and migration checks)
14
+ - NOT for API schema design (use harness-api-design for OpenAPI/GraphQL schema authoring)
15
+ - NOT for security input sanitization (use harness-security-review for injection and XSS analysis)
16
+ - NOT for test data generation (use harness-test-data for fixtures and factories)
17
+
18
+ ## Process
19
+
20
+ ### Phase 1: DETECT -- Identify Validation Libraries and Trust Boundaries
21
+
22
+ 1. **Detect validation libraries.** Scan for imports: `zod` for Zod, `yup` for Yup, `joi` for Joi, `@sinclair/typebox` for TypeBox, `valibot` for Valibot, `ajv` for JSON Schema validation, `class-validator` for TypeORM/NestJS decorators, `io-ts` for functional validation. Record the library, version, and usage count.
23
+
24
+ 2. **Map trust boundaries.** Identify every point where external data enters the application:
25
+ - **API inputs:** Request body, query parameters, path parameters, headers
26
+ - **File uploads:** Uploaded file content, metadata, MIME type
27
+ - **Environment variables:** Configuration loaded at startup
28
+ - **External API responses:** Data received from third-party services
29
+ - **Message queue payloads:** Events consumed from Kafka, RabbitMQ, SQS
30
+ - **User-generated content:** Form inputs, comments, rich text
31
+
32
+ 3. **Map existing validation.** For each trust boundary, check whether validation exists. Scan for validation middleware (Express: `celebrate`, `zod-express-middleware`; NestJS: `ValidationPipe`; Fastify: `ajv` schema). Record which boundaries are validated and which are not.
33
+
34
+ 4. **Detect type-runtime alignment.** WHERE TypeScript types are defined alongside Zod schemas, THEN check that `z.infer<typeof schema>` is used to derive the type. WHERE types and schemas are defined separately, THEN flag the potential drift: a type change without a schema change (or vice versa) creates a silent contract violation.
35
+
36
+ 5. **Identify validation gaps.** Produce a gap report: list every trust boundary with its validation status (validated, partially validated, unvalidated). Prioritize gaps by risk: API inputs and message payloads are high risk, environment variables are medium risk, internal function parameters are low risk.
37
+
38
+ ### Phase 2: AUDIT -- Find Unvalidated Inputs and Schema Mismatches
39
+
40
+ 1. **Trace unvalidated API inputs.** For each API route handler, trace the request data from the handler parameter to its first usage. WHERE `req.body`, `req.query`, or `req.params` is accessed without prior validation (no middleware, no `.parse()`, no `.validate()`), THEN flag it with the file, line, and the specific property accessed.
41
+
42
+ 2. **Check for partial validation.** WHERE a validation schema exists but does not cover all fields used by the handler, THEN flag the gap. Example: schema validates `{ name: string }` but the handler also accesses `req.body.email` which is not in the schema. This is worse than no validation because it creates false confidence.
43
+
44
+ 3. **Detect type assertion abuse.** Scan for `as` casts on external data: `req.body as CreateUserInput`, `response.data as Product[]`, `JSON.parse(raw) as Config`. Each type assertion is a trust boundary violation -- it tells TypeScript "trust me" without runtime verification. Flag every instance with file and line.
45
+
46
+ 4. **Audit environment variable access.** Scan for `process.env.` usage. WHERE environment variables are accessed without validation (no Zod `.parse()`, no `envalid`, no custom validation), THEN flag it. Missing environment variables at runtime cause cryptic errors. Recommend a validated config module that fails fast at startup.
47
+
48
+ 5. **Check error message quality.** For each validation schema, verify that validation errors include: which field failed, what the expected type or format was, and what the actual value was (without leaking sensitive data). WHERE validation errors return generic messages like "Invalid input," THEN flag the poor developer experience.
49
+
50
+ ### Phase 3: ENFORCE -- Generate or Fix Validation Schemas
51
+
52
+ 1. **Generate schemas for unvalidated boundaries.** For each high-risk unvalidated trust boundary identified in phase 2, generate a validation schema in the project's chosen library. WHERE the project uses Zod, THEN generate Zod schemas. WHERE no library is established, THEN recommend Zod for TypeScript projects (best type inference) or Joi for JavaScript projects (most mature).
53
+
54
+ 2. **Wire validation into the request pipeline.** Generate middleware or decorators that validate before the handler executes:
55
+ - **Express + Zod:** Create a `validate` middleware that calls `schema.parse(req.body)` and returns 400 with structured errors on failure.
56
+ - **NestJS + class-validator:** Add `@IsString()`, `@IsEmail()`, `@IsNotEmpty()` decorators to DTO classes and enable `ValidationPipe`.
57
+ - **Fastify + JSON Schema:** Add the schema to the route definition for automatic validation.
58
+
59
+ 3. **Align types with schemas.** WHERE TypeScript types are defined separately from validation schemas, THEN refactor to derive types from schemas: `type CreateUserInput = z.infer<typeof createUserSchema>`. This guarantees types and runtime validation can never drift. Remove the standalone type definition.
60
+
61
+ 4. **Add environment variable validation.** Generate a config validation module that runs at startup:
62
+
63
+ ```typescript
64
+ // src/config.ts
65
+ import { z } from 'zod';
66
+
67
+ const envSchema = z.object({
68
+ DATABASE_URL: z.string().url(),
69
+ REDIS_URL: z.string().url(),
70
+ JWT_SECRET: z.string().min(32),
71
+ NODE_ENV: z.enum(['development', 'test', 'production']),
72
+ PORT: z.coerce.number().default(3000),
73
+ });
74
+
75
+ export const config = envSchema.parse(process.env);
76
+ ```
77
+
78
+ 5. **Add custom error formatting.** WHERE the project returns raw validation errors to clients, THEN wrap them in a structured error response that follows the project's error format (e.g., RFC 7807). Strip internal details (stack traces, internal field names) while preserving actionable information (which field, what constraint).
79
+
80
+ ### Phase 4: VERIFY -- Confirm Boundary Coverage and Type Alignment
81
+
82
+ 1. **Recount trust boundary coverage.** Re-run the gap analysis from phase 1. Confirm that every high-risk boundary now has validation. Produce a coverage summary: `N/M trust boundaries validated (X% coverage)`. The target is 100% for API inputs and message payloads, 90%+ for all boundaries.
83
+
84
+ 2. **Verify type-runtime alignment.** For every validation schema, verify that the TypeScript type is derived from the schema (not defined separately). Run `tsc --noEmit` to confirm no type errors. WHERE a type is still defined independently of its schema, THEN flag it as a remaining drift risk.
85
+
86
+ 3. **Test validation rejects bad input.** For each new schema, verify that it correctly rejects: missing required fields, wrong types (string where number expected), values outside constraints (negative numbers, empty strings, too-long strings), and unexpected extra fields (if strict mode is appropriate). This can be verified by reviewing test coverage or by running existing tests.
87
+
88
+ 4. **Verify error responses.** Send a malformed request to each validated endpoint (or trace the code path). Verify: the response status is 400 (not 500), the error body identifies which field failed and why, no internal details are leaked (no stack trace, no database column names), and the error format matches the project's convention.
89
+
90
+ 5. **Check for validation performance.** WHERE a schema validates large payloads (>100 fields or nested arrays), THEN check that validation does not become a bottleneck. Zod and Joi parse synchronously -- a complex schema on a large payload can block the event loop. WHERE performance is a concern, THEN recommend Valibot (smaller bundle) or precompiled AJV (fastest runtime).
91
+
92
+ ## Harness Integration
93
+
94
+ - **`harness validate`** -- Run after adding validation schemas to confirm project health
95
+ - **`harness scan`** -- Refresh the knowledge graph after adding schema files
96
+ - **`query_graph`** -- Trace which routes use which validation schemas
97
+ - **`get_impact`** -- Understand blast radius when modifying a shared validation schema
98
+
99
+ ## Success Criteria
100
+
101
+ - Validation library was correctly detected or recommended
102
+ - All trust boundaries were identified and classified by risk level
103
+ - Every high-risk boundary (API inputs, message payloads) has runtime validation
104
+ - TypeScript types are derived from validation schemas, not defined separately
105
+ - Environment variables are validated at startup with fail-fast behavior
106
+ - Type assertions (`as`) on external data are replaced with runtime validation
107
+ - Validation errors return structured 400 responses with field-level detail
108
+ - No sensitive data is leaked in validation error messages
109
+ - Coverage summary shows 100% for API inputs and 90%+ overall
110
+
111
+ ## Examples
112
+
113
+ ### Example: Zod Validation for Express API
114
+
115
+ **Input:** "Add request validation to our Express API routes."
116
+
117
+ **Phase 1 -- DETECT:**
118
+
119
+ ```
120
+ Library: Zod 3.x (already in package.json, used in 2 of 14 routes)
121
+ Framework: Express 4.x with TypeScript
122
+ Trust boundaries:
123
+ - API inputs: 14 routes, 2 validated (14% coverage)
124
+ - External API: 3 calls to Stripe API, 0 validated
125
+ - Environment: 8 env vars accessed, 0 validated
126
+ - Message queue: N/A
127
+ ```
128
+
129
+ **Phase 2 -- AUDIT:**
130
+
131
+ ```
132
+ Unvalidated API inputs:
133
+ HIGH src/routes/users.ts:23 -- POST /users: req.body accessed without validation
134
+ HIGH src/routes/users.ts:45 -- PATCH /users/:id: req.body.email used without validation
135
+ HIGH src/routes/orders.ts:12 -- POST /orders: req.body.items array not validated
136
+ HIGH src/routes/orders.ts:56 -- POST /orders/:id/refund: req.body.amount not validated
137
+
138
+ Type assertions:
139
+ WARN src/services/stripe.ts:34 -- response.data as StripeCharge (no runtime check)
140
+ WARN src/routes/users.ts:24 -- req.body as CreateUserDTO (trust boundary violation)
141
+
142
+ Environment variables:
143
+ MEDIUM src/db.ts:3 -- process.env.DATABASE_URL used without validation
144
+ MEDIUM src/auth.ts:7 -- process.env.JWT_SECRET used without validation (could be undefined)
145
+ ```
146
+
147
+ **Phase 3 -- ENFORCE:**
148
+
149
+ ```typescript
150
+ // src/schemas/user.schema.ts
151
+ import { z } from 'zod';
152
+
153
+ export const createUserSchema = z.object({
154
+ name: z.string().min(1).max(100),
155
+ email: z.string().email(),
156
+ role: z.enum(['admin', 'member']).default('member'),
157
+ });
158
+
159
+ export type CreateUserInput = z.infer<typeof createUserSchema>;
160
+
161
+ export const updateUserSchema = createUserSchema.partial();
162
+ export type UpdateUserInput = z.infer<typeof updateUserSchema>;
163
+
164
+ // src/middleware/validate.ts
165
+ import { z, ZodSchema } from 'zod';
166
+ import { Request, Response, NextFunction } from 'express';
167
+
168
+ export function validate(schema: ZodSchema) {
169
+ return (req: Request, res: Response, next: NextFunction) => {
170
+ const result = schema.safeParse(req.body);
171
+ if (!result.success) {
172
+ return res.status(400).json({
173
+ type: 'https://api.example.com/errors/validation',
174
+ title: 'Validation Error',
175
+ status: 400,
176
+ detail: 'Request body failed validation',
177
+ errors: result.error.issues.map((issue) => ({
178
+ field: issue.path.join('.'),
179
+ message: issue.message,
180
+ code: issue.code,
181
+ })),
182
+ });
183
+ }
184
+ req.body = result.data; // replace with parsed (coerced, defaulted) data
185
+ next();
186
+ };
187
+ }
188
+
189
+ // src/routes/users.ts -- wired
190
+ app.post('/users', validate(createUserSchema), async (req, res) => {
191
+ const input: CreateUserInput = req.body; // type-safe, validated
192
+ // ...
193
+ });
194
+ ```
195
+
196
+ **Phase 4 -- VERIFY:**
197
+
198
+ ```
199
+ Trust boundary coverage: 14/14 API routes validated (100%)
200
+ Type alignment: PASS -- all types derived from schemas via z.infer
201
+ Error responses: PASS -- structured 400 with field-level errors
202
+ Environment: PASS -- config.ts validates all 8 env vars at startup
203
+ Remaining type assertions: 1 (Stripe response -- mitigated with response schema)
204
+ ```
205
+
206
+ ### Example: NestJS DTO Validation with class-validator
207
+
208
+ **Input:** "Audit our NestJS app for validation gaps."
209
+
210
+ **Phase 1 -- DETECT:**
211
+
212
+ ```
213
+ Library: class-validator 0.14.x, class-transformer 0.5.x
214
+ Framework: NestJS 10.x with ValidationPipe (global)
215
+ Trust boundaries:
216
+ - API inputs: 22 routes, 18 validated via DTOs (82% coverage)
217
+ - WebSocket messages: 4 handlers, 0 validated
218
+ - External API: 2 calls to payment gateway, 0 validated
219
+ ```
220
+
221
+ **Phase 2 -- AUDIT:**
222
+
223
+ ```
224
+ Missing DTO validation:
225
+ HIGH src/modules/admin/admin.controller.ts:34 -- POST /admin/config: uses raw @Body()
226
+ HIGH src/modules/admin/admin.controller.ts:67 -- PUT /admin/users/:id/role: no DTO
227
+ HIGH src/modules/chat/chat.gateway.ts:23 -- @SubscribeMessage('sendMessage'): no validation
228
+ HIGH src/modules/chat/chat.gateway.ts:45 -- @SubscribeMessage('joinRoom'): no validation
229
+
230
+ Partial DTOs:
231
+ WARN src/modules/orders/dto/create-order.dto.ts -- items field is typed OrderItem[]
232
+ but OrderItem has no class-validator decorators. Nested validation missing.
233
+ Add @ValidateNested({ each: true }) and @Type(() => OrderItem)
234
+ ```
235
+
236
+ **Phase 3 -- ENFORCE:**
237
+
238
+ ```typescript
239
+ // src/modules/orders/dto/order-item.dto.ts
240
+ import { IsString, IsNumber, IsPositive, Min } from 'class-validator';
241
+
242
+ export class OrderItemDto {
243
+ @IsString()
244
+ productId: string;
245
+
246
+ @IsNumber()
247
+ @IsPositive()
248
+ @Min(1)
249
+ quantity: number;
250
+ }
251
+
252
+ // src/modules/orders/dto/create-order.dto.ts (fixed)
253
+ import { ValidateNested, IsArray, ArrayMinSize } from 'class-validator';
254
+ import { Type } from 'class-transformer';
255
+ import { OrderItemDto } from './order-item.dto';
256
+
257
+ export class CreateOrderDto {
258
+ @IsArray()
259
+ @ArrayMinSize(1)
260
+ @ValidateNested({ each: true })
261
+ @Type(() => OrderItemDto)
262
+ items: OrderItemDto[];
263
+ }
264
+ ```
265
+
266
+ ### Example: Data Contract Between Microservices
267
+
268
+ **Input:** "Establish data contracts between our order service and notification service."
269
+
270
+ **Phase 1 -- DETECT:**
271
+
272
+ ```
273
+ Order service: TypeScript, Zod, publishes to Kafka
274
+ Notification service: TypeScript, Joi, consumes from Kafka
275
+ Shared schema: none (each service defines its own types independently)
276
+ ```
277
+
278
+ **Phase 2 -- AUDIT:**
279
+
280
+ ```
281
+ CRITICAL: No shared contract between services.
282
+
283
+ Order service publishes OrderPlaced with shape:
284
+ { orderId: string, userId: string, items: Array<{ id: string, qty: number }>, total: number }
285
+
286
+ Notification service expects:
287
+ { orderId: string, customerId: string, lineItems: Array<{ productId: string, quantity: number }>, totalAmount: number }
288
+
289
+ Field mismatches:
290
+ - userId (producer) vs customerId (consumer) -- different name, same data
291
+ - items.id (producer) vs lineItems.productId (consumer) -- different name
292
+ - items.qty (producer) vs lineItems.quantity (consumer) -- different name
293
+ - total (producer) vs totalAmount (consumer) -- different name
294
+
295
+ These mismatches will cause runtime failures or silent data loss.
296
+ ```
297
+
298
+ **Phase 3 -- ENFORCE:**
299
+
300
+ ```typescript
301
+ // packages/contracts/src/events/order-placed.ts (shared package)
302
+ import { z } from 'zod';
303
+
304
+ export const orderPlacedSchema = z.object({
305
+ orderId: z.string().uuid(),
306
+ userId: z.string().uuid(),
307
+ items: z
308
+ .array(
309
+ z.object({
310
+ productId: z.string().uuid(),
311
+ quantity: z.number().int().positive(),
312
+ })
313
+ )
314
+ .min(1),
315
+ totalAmount: z.number().positive(),
316
+ currency: z.string().length(3),
317
+ placedAt: z.string().datetime(),
318
+ });
319
+
320
+ export type OrderPlacedEvent = z.infer<typeof orderPlacedSchema>;
321
+ export const ORDER_PLACED_VERSION = 1;
322
+
323
+ // Order service (producer): validate before publishing
324
+ const event = orderPlacedSchema.parse(payload);
325
+ await producer.send({ topic: 'order-events', messages: [{ value: JSON.stringify(event) }] });
326
+
327
+ // Notification service (consumer): validate after consuming
328
+ const event = orderPlacedSchema.parse(JSON.parse(message.value));
329
+ ```
330
+
331
+ ## Gates
332
+
333
+ - **No type assertions on external data.** WHERE `as` is used to cast data from an API response, message payload, request body, or `JSON.parse` result, THEN the skill must flag it as a trust boundary violation. Type assertions bypass runtime validation entirely. The only acceptable pattern is runtime validation followed by type inference.
334
+ - **Validation errors must not leak internal details.** WHERE a validation error response includes stack traces, database column names, internal field names, or ORM error messages, THEN the skill must halt and require error sanitization. Validation errors are returned to untrusted clients.
335
+ - **Shared data contracts must use a single source of truth.** WHERE two services exchange data (via API or message queue) and define the schema independently, THEN the skill must flag the drift risk. Shared contracts must be defined once in a shared package and imported by both producer and consumer.
336
+ - **Environment variables must be validated at startup.** WHERE `process.env.*` is accessed directly in application code (outside a validated config module), THEN the skill must flag it. An undefined environment variable discovered at request time causes a runtime crash. Validation at startup fails fast with a clear error.
337
+
338
+ ## Escalation
339
+
340
+ - **Multiple validation libraries in the same project:** When the project uses both Zod and Joi (or other combinations), report: "Two validation libraries detected: Zod (12 schemas) and Joi (5 schemas). Maintaining two libraries increases bundle size and cognitive load. Recommend migrating all Joi schemas to Zod for consistency. Migration can be incremental -- start with new schemas in Zod, migrate existing Joi schemas during related feature work."
341
+ - **Validation causes performance regression:** When adding validation to a high-throughput endpoint causes measurable latency increase, report: "Zod schema validation on POST /events adds 8ms per request (payload: 500 fields). For this endpoint's volume (10K req/s), consider: (1) precompiled AJV for 10x faster validation, (2) validate only unknown clients and skip for trusted internal callers, or (3) validate asynchronously after accepting the request."
342
+ - **Breaking schema change required:** When a shared data contract must change in a backward-incompatible way, report: "Removing the `legacyField` from the `OrderPlaced` schema will break notification-service consumers running the old version. Recommend: (1) add the new field alongside the old one, (2) deploy consumers that read from the new field, (3) stop populating the old field, (4) remove the old field in a subsequent release."
343
+ - **Validation coverage too low for safe remediation:** When less than 20% of trust boundaries have validation and the codebase has no validation middleware pattern, report: "Validation coverage is 12%. Adding schemas to individual routes is high effort. Recommend: (1) add global validation middleware, (2) start with the highest-risk routes (auth, payments, user creation), (3) add a lint rule that requires a schema for every new route, (4) backfill remaining routes over 2-3 sprints."
package/dist/agents/skills/claude-code/harness-data-validation/skill.yaml ADDED
@@ -0,0 +1,75 @@
1
+ name: harness-data-validation
2
+ version: "1.0.0"
3
+ description: Schema validation, data contracts, and pipeline data quality
4
+ cognitive_mode: meticulous-verifier
5
+ triggers:
6
+ - manual
7
+ - on_pr
8
+ platforms:
9
+ - claude-code
10
+ - gemini-cli
11
+ tools:
12
+ - Bash
13
+ - Read
14
+ - Write
15
+ - Edit
16
+ - Glob
17
+ - Grep
18
+ cli:
19
+ command: harness skill run harness-data-validation
20
+ args:
21
+ - name: path
22
+ description: Project root path
23
+ required: false
24
+ - name: library
25
+ description: "Validation library: zod, yup, joi, valibot, json-schema. Auto-detected when omitted."
26
+ required: false
27
+ - name: strict
28
+ description: Fail on any unvalidated boundary crossing
29
+ required: false
30
+ mcp:
31
+ tool: run_skill
32
+ input:
33
+ skill: harness-data-validation
34
+ path: string
35
+ type: rigid
36
+ tier: 3
37
+ internal: false
38
+ keywords:
39
+ - validation
40
+ - schema
41
+ - Zod
42
+ - JSON Schema
43
+ - Protobuf
44
+ - Avro
45
+ - data contract
46
+ - data quality
47
+ - type safety
48
+ - runtime validation
49
+ - Valibot
50
+ - Yup
51
+ - Joi
52
+ stack_signals:
53
+ - "src/**/schemas/**"
54
+ - "src/**/validators/**"
55
+ - "*.schema.json"
56
+ - "*.proto"
57
+ - "*.avsc"
58
+ - "src/**/*.zod.*"
59
+ phases:
60
+ - name: detect
61
+ description: Identify validation libraries, schema definitions, and trust boundaries
62
+ required: true
63
+ - name: audit
64
+ description: Find unvalidated inputs, missing schemas, and type-runtime mismatches
65
+ required: true
66
+ - name: enforce
67
+ description: Generate or fix validation schemas at every trust boundary
68
+ required: true
69
+ - name: verify
70
+ description: Confirm all boundaries are covered and schemas match runtime types
71
+ required: true
72
+ state:
73
+ persistent: false
74
+ files: []
75
+ depends_on: []