npm - @harness-engineering/cli - Versions diffs - 1.15.0 → 1.16.0 - Mend

@harness-engineering/cli 1.15.0 → 1.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (495) hide show

package/dist/{chunk-Z2OOPXJO.js → chunk-ALFKNAZW.js} RENAMED Viewed

@@ -135,17 +135,17 @@ function resolveFileToLayer(file, layers) {
 }
 var accessAsync = promisify(access);
 var readFileAsync = promisify(readFile);
-async function fileExists(path23) {
+async function fileExists(path26) {
   try {
-    await accessAsync(path23, constants.F_OK);
+    await accessAsync(path26, constants.F_OK);
     return true;
   } catch {
     return false;
   }
 }
-async function readFileContent(path23) {
+async function readFileContent(path26) {
   try {
-    const content = await readFileAsync(path23, "utf-8");
+    const content = await readFileAsync(path26, "utf-8");
     return Ok(content);
   } catch (error) {
     return Err(error);
@@ -1854,6 +1854,8 @@ import { minimatch as minimatch4 } from "minimatch";
 import { z as z6 } from "zod";
 import * as fs17 from "fs";
 import * as path14 from "path";
+import { readFileSync as readFileSync142, writeFileSync as writeFileSync11, unlinkSync, mkdirSync as mkdirSync11, readdirSync as readdirSync3 } from "fs";
+import { join as join21, dirname as dirname8 } from "path";
 import * as path15 from "path";
 import * as path16 from "path";
 import * as path17 from "path";
@@ -1871,6 +1873,13 @@ import * as path22 from "path";
 import * as os from "os";
 import { spawn } from "child_process";
 import Parser from "web-tree-sitter";
+import * as fs23 from "fs/promises";
+import * as path23 from "path";
+import * as fs24 from "fs";
+import * as path24 from "path";
+import * as fs25 from "fs";
+import * as path25 from "path";
+import * as os2 from "os";
 async function validateFileStructure(projectPath, conventions) {
   const missing = [];
   const unexpected = [];
@@ -1906,15 +1915,15 @@ function validateConfig(data, schema) {
   let message = "Configuration validation failed";
   const suggestions = [];
   if (firstError) {
-    const path23 = firstError.path.join(".");
-    const pathDisplay = path23 ? ` at "${path23}"` : "";
+    const path26 = firstError.path.join(".");
+    const pathDisplay = path26 ? ` at "${path26}"` : "";
     if (firstError.code === "invalid_type") {
       const received = firstError.received;
       const expected = firstError.expected;
       if (received === "undefined") {
         code = "MISSING_FIELD";
         message = `Missing required field${pathDisplay}: ${firstError.message}`;
-        suggestions.push(`Field "${path23}" is required and must be of type "${expected}"`);
+        suggestions.push(`Field "${path26}" is required and must be of type "${expected}"`);
       } else {
         code = "INVALID_TYPE";
         message = `Invalid type${pathDisplay}: ${firstError.message}`;
@@ -2123,27 +2132,27 @@ function extractSections(content) {
   }
   return sections.map((section) => buildAgentMapSection(section, lines));
 }
-function isExternalLink(path23) {
-  return path23.startsWith("http://") || path23.startsWith("https://") || path23.startsWith("#") || path23.startsWith("mailto:");
+function isExternalLink(path26) {
+  return path26.startsWith("http://") || path26.startsWith("https://") || path26.startsWith("#") || path26.startsWith("mailto:");
 }
 function resolveLinkPath(linkPath, baseDir) {
   return linkPath.startsWith(".") ? join4(baseDir, linkPath) : linkPath;
 }
-async function validateAgentsMap(path23 = "./AGENTS.md") {
-  const contentResult = await readFileContent(path23);
+async function validateAgentsMap(path26 = "./AGENTS.md") {
+  const contentResult = await readFileContent(path26);
   if (!contentResult.ok) {
     return Err(
       createError(
         "PARSE_ERROR",
         `Failed to read AGENTS.md: ${contentResult.error.message}`,
-        { path: path23 },
+        { path: path26 },
         ["Ensure the file exists", "Check file permissions"]
       )
     );
   }
   const content = contentResult.value;
   const sections = extractSections(content);
-  const baseDir = dirname4(path23);
+  const baseDir = dirname4(path26);
   const sectionTitles = sections.map((s) => s.title);
   const missingSections = REQUIRED_SECTIONS.filter(
     (required) => !sectionTitles.some((title) => title.toLowerCase().includes(required.toLowerCase()))
@@ -2277,8 +2286,8 @@ async function checkDocCoverage(domain, options = {}) {
     );
   }
 }
-function suggestFix(path23, existingFiles) {
-  const targetName = basename2(path23).toLowerCase();
+function suggestFix(path26, existingFiles) {
+  const targetName = basename2(path26).toLowerCase();
   const similar = existingFiles.find((file) => {
     const fileName = basename2(file).toLowerCase();
     return fileName.includes(targetName) || targetName.includes(fileName);
@@ -2286,7 +2295,7 @@ function suggestFix(path23, existingFiles) {
   if (similar) {
     return `Did you mean "${similar}"?`;
   }
-  return `Create the file "${path23}" or remove the link`;
+  return `Create the file "${path26}" or remove the link`;
 }
 async function validateKnowledgeMap(rootDir = process.cwd()) {
   const agentsPath = join22(rootDir, "AGENTS.md");
@@ -2629,8 +2638,8 @@ function createBoundaryValidator(schema, name) {
         return Ok(result.data);
       }
       const suggestions = result.error.issues.map((issue) => {
-        const path23 = issue.path.join(".");
-        return path23 ? `${path23}: ${issue.message}` : issue.message;
+        const path26 = issue.path.join(".");
+        return path26 ? `${path26}: ${issue.message}` : issue.message;
       });
       return Err(
         createError(
@@ -3238,11 +3247,11 @@ function processExportListSpecifiers(exportDecl, exports) {
 var TypeScriptParser = class {
   name = "typescript";
   extensions = [".ts", ".tsx", ".mts", ".cts"];
-  async parseFile(path23) {
-    const contentResult = await readFileContent(path23);
+  async parseFile(path26) {
+    const contentResult = await readFileContent(path26);
     if (!contentResult.ok) {
       return Err(
-        createParseError("NOT_FOUND", `File not found: ${path23}`, { path: path23 }, [
+        createParseError("NOT_FOUND", `File not found: ${path26}`, { path: path26 }, [
           "Check that the file exists",
           "Verify the path is correct"
         ])
@@ -3252,7 +3261,7 @@ var TypeScriptParser = class {
       const ast = parse(contentResult.value, {
         loc: true,
         range: true,
-        jsx: path23.endsWith(".tsx"),
+        jsx: path26.endsWith(".tsx"),
         errorOnUnknownASTType: false
       });
       return Ok({
@@ -3263,7 +3272,7 @@ var TypeScriptParser = class {
     } catch (e) {
       const error = e;
       return Err(
-        createParseError("SYNTAX_ERROR", `Failed to parse ${path23}: ${error.message}`, { path: path23 }, [
+        createParseError("SYNTAX_ERROR", `Failed to parse ${path26}: ${error.message}`, { path: path26 }, [
           "Check for syntax errors in the file",
           "Ensure valid TypeScript syntax"
         ])
@@ -3444,22 +3453,22 @@ function extractInlineRefs(content) {
   }
   return refs;
 }
-async function parseDocumentationFile(path23) {
-  const contentResult = await readFileContent(path23);
+async function parseDocumentationFile(path26) {
+  const contentResult = await readFileContent(path26);
   if (!contentResult.ok) {
     return Err(
       createEntropyError(
         "PARSE_ERROR",
-        `Failed to read documentation file: ${path23}`,
-        { file: path23 },
+        `Failed to read documentation file: ${path26}`,
+        { file: path26 },
         ["Check that the file exists"]
       )
     );
   }
   const content = contentResult.value;
-  const type = path23.endsWith(".md") ? "markdown" : "text";
+  const type = path26.endsWith(".md") ? "markdown" : "text";
   return Ok({
-    path: path23,
+    path: path26,
     type,
     content,
     codeBlocks: extractCodeBlocks(content),
@@ -4717,7 +4726,7 @@ var EntropyAnalyzer = class {
 };
 var readFile32 = promisify2(fs3.readFile);
 var writeFile32 = promisify2(fs3.writeFile);
-var unlink2 = promisify2(fs3.unlink);
+var unlink22 = promisify2(fs3.unlink);
 var mkdir22 = promisify2(fs3.mkdir);
 var copyFile2 = promisify2(fs3.copyFile);
 var DEFAULT_FIX_CONFIG = {
@@ -4860,7 +4869,7 @@ async function applySingleFix(fix, config) {
             return Err({ fix, error: backupResult.error.message });
           }
         }
-        await unlink2(fix.file);
+        await unlink22(fix.file);
         break;
       case "delete-lines":
         if (fix.line !== void 0) {
@@ -8593,6 +8602,204 @@ var mcpRules = [
     references: ["CWE-319"]
   }
 ];
+var insecureDefaultsRules = [
+  {
+    id: "SEC-DEF-001",
+    name: "Security-Sensitive Fallback to Hardcoded Default",
+    category: "insecure-defaults",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [
+      /(?:SECRET|KEY|TOKEN|PASSWORD|SALT|PEPPER|SIGNING|ENCRYPTION|AUTH|JWT|SESSION).*(?:\|\||\?\?)\s*['"][^'"]+['"]/i
+    ],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "Security-sensitive variable falls back to a hardcoded default when env var is missing",
+    remediation: "Throw an error if the env var is missing instead of falling back to a default. Use a startup validation check.",
+    references: ["CWE-1188"]
+  },
+  {
+    id: "SEC-DEF-002",
+    name: "TLS/SSL Disabled by Default",
+    category: "insecure-defaults",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [
+      /(?:tls|ssl|https|secure)\s*(?:=|:)\s*(?:false|config\??\.\w+\s*(?:\?\?|&&|\|\|)\s*false)/i
+    ],
+    fileGlob: "**/*.{ts,js,mjs,cjs,go,py}",
+    message: "Security feature defaults to disabled; missing configuration degrades to insecure mode",
+    remediation: "Default security features to enabled (true). Require explicit opt-out, not opt-in.",
+    references: ["CWE-1188"]
+  },
+  {
+    id: "SEC-DEF-003",
+    name: "Swallowed Authentication/Authorization Error",
+    category: "insecure-defaults",
+    severity: "warning",
+    confidence: "low",
+    patterns: [
+      // Matches single-line empty catch: catch(e) { } or catch(e) { // ignore }
+      // Note: multi-line catch blocks are handled by AI review, not this rule
+      /catch\s*\([^)]*\)\s*\{\s*(?:\/\/\s*(?:ignore|skip|noop|todo)\b.*)?\s*\}/
+    ],
+    fileGlob: "**/*auth*.{ts,js,mjs,cjs},**/*session*.{ts,js,mjs,cjs},**/*token*.{ts,js,mjs,cjs}",
+    message: "Single-line empty catch block in authentication/authorization code may silently allow unauthorized access. Note: multi-line empty catch blocks are detected by AI review, not this mechanical rule.",
+    remediation: "Re-throw the error or return an explicit denial. Never silently swallow auth errors.",
+    references: ["CWE-754", "CWE-390"]
+  },
+  {
+    id: "SEC-DEF-004",
+    name: "Permissive CORS Fallback",
+    category: "insecure-defaults",
+    severity: "warning",
+    confidence: "medium",
+    patterns: [
+      /(?:origin|cors)\s*(?:=|:)\s*(?:config|options|env)\??\.\w+\s*(?:\?\?|\|\|)\s*['"]\*/
+    ],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "CORS origin falls back to wildcard (*) when configuration is missing",
+    remediation: "Default to a restrictive origin list. Require explicit configuration for permissive CORS.",
+    references: ["CWE-942"]
+  },
+  {
+    id: "SEC-DEF-005",
+    name: "Rate Limiting Disabled by Default",
+    category: "insecure-defaults",
+    severity: "info",
+    confidence: "low",
+    patterns: [
+      /(?:rateLimit|rateLimiting|throttle)\s*(?:=|:)\s*(?:config|options|env)\??\.\w+\s*(?:\?\?|\|\|)\s*(?:false|0|null|undefined)/i
+    ],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "Rate limiting defaults to disabled when configuration is missing",
+    remediation: "Default to a sensible rate limit. Require explicit opt-out for disabling.",
+    references: ["CWE-770"]
+  }
+];
+var sharpEdgesRules = [
+  // --- Deprecated Crypto APIs ---
+  {
+    id: "SEC-EDGE-001",
+    name: "Deprecated createCipher API",
+    category: "sharp-edges",
+    severity: "error",
+    confidence: "high",
+    patterns: [/crypto\.createCipher\s*\(/],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "crypto.createCipher is deprecated \u2014 uses weak key derivation (no IV)",
+    remediation: "Use crypto.createCipheriv with a random IV and proper key derivation (scrypt/pbkdf2)",
+    references: ["CWE-327"]
+  },
+  {
+    id: "SEC-EDGE-002",
+    name: "Deprecated createDecipher API",
+    category: "sharp-edges",
+    severity: "error",
+    confidence: "high",
+    patterns: [/crypto\.createDecipher\s*\(/],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "crypto.createDecipher is deprecated \u2014 uses weak key derivation (no IV)",
+    remediation: "Use crypto.createDecipheriv with the same IV used for encryption",
+    references: ["CWE-327"]
+  },
+  {
+    id: "SEC-EDGE-003",
+    name: "ECB Mode Selection",
+    category: "sharp-edges",
+    severity: "warning",
+    confidence: "high",
+    patterns: [/-ecb['"]/],
+    fileGlob: "**/*.{ts,js,mjs,cjs,go,py}",
+    message: "ECB mode does not provide semantic security \u2014 identical plaintext blocks produce identical ciphertext",
+    remediation: "Use CBC, CTR, or GCM mode instead of ECB",
+    references: ["CWE-327"]
+  },
+  // --- Unsafe Deserialization ---
+  {
+    id: "SEC-EDGE-004",
+    name: "yaml.load Without Safe Loader",
+    category: "sharp-edges",
+    severity: "error",
+    confidence: "high",
+    patterns: [
+      /yaml\.load\s*\(/
+      // Python: yaml.load() without SafeLoader
+    ],
+    fileGlob: "**/*.py",
+    message: "yaml.load() executes arbitrary Python objects \u2014 use yaml.safe_load() instead",
+    remediation: "Replace yaml.load() with yaml.safe_load() or yaml.load(data, Loader=SafeLoader). Note: this rule will flag yaml.load(data, Loader=SafeLoader) \u2014 suppress with # harness-ignore SEC-EDGE-004: safe usage with SafeLoader",
+    references: ["CWE-502"]
+  },
+  {
+    id: "SEC-EDGE-005",
+    name: "Pickle/Marshal Deserialization",
+    category: "sharp-edges",
+    severity: "error",
+    confidence: "high",
+    patterns: [/pickle\.loads?\s*\(/, /marshal\.loads?\s*\(/],
+    fileGlob: "**/*.py",
+    message: "pickle/marshal deserialization executes arbitrary code \u2014 never use on untrusted data",
+    remediation: "Use JSON, MessagePack, or Protocol Buffers for untrusted data serialization",
+    references: ["CWE-502"]
+  },
+  // --- TOCTOU (Time-of-Check to Time-of-Use) ---
+  {
+    id: "SEC-EDGE-006",
+    name: "Check-Then-Act File Operation",
+    category: "sharp-edges",
+    severity: "warning",
+    confidence: "medium",
+    // Patterns use .{0,N} since scanner matches single lines only (no multiline mode)
+    patterns: [
+      /(?:existsSync|accessSync|statSync)\s*\([^)]+\).{0,50}(?:readFileSync|writeFileSync|unlinkSync|mkdirSync)\s*\(/
+    ],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "Check-then-act pattern on filesystem is vulnerable to TOCTOU race conditions",
+    remediation: "Use the operation directly and handle ENOENT/EEXIST errors instead of checking first",
+    references: ["CWE-367"]
+  },
+  {
+    id: "SEC-EDGE-007",
+    name: "Check-Then-Act File Operation (Async)",
+    category: "sharp-edges",
+    severity: "warning",
+    confidence: "medium",
+    // Uses .{0,N} since scanner matches single lines only (no multiline mode)
+    patterns: [/(?:access|stat)\s*\([^)]+\).{0,80}(?:readFile|writeFile|unlink|mkdir)\s*\(/],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: "Async check-then-act pattern on filesystem is vulnerable to TOCTOU race conditions",
+    remediation: "Use the operation directly with try/catch instead of checking existence first",
+    references: ["CWE-367"]
+  },
+  // --- Stringly-Typed Security ---
+  {
+    id: "SEC-EDGE-008",
+    name: 'JWT Algorithm "none"',
+    category: "sharp-edges",
+    severity: "error",
+    confidence: "high",
+    patterns: [
+      /algorithm[s]?\s*[:=]\s*\[?\s*['"]none['"]/i,
+      /alg(?:orithm)?\s*[:=]\s*['"]none['"]/i
+    ],
+    fileGlob: "**/*.{ts,js,mjs,cjs}",
+    message: 'JWT "none" algorithm disables signature verification entirely',
+    remediation: 'Specify an explicit algorithm (e.g., "HS256", "RS256") and set algorithms allowlist in verify options',
+    references: ["CWE-345"]
+  },
+  {
+    id: "SEC-EDGE-009",
+    name: "DES/RC4 Algorithm Selection",
+    category: "sharp-edges",
+    severity: "error",
+    confidence: "high",
+    patterns: [/['"]\s*(?:des|des-ede|des-ede3|des3|rc4|rc2|blowfish)\s*['"]/i],
+    fileGlob: "**/*.{ts,js,mjs,cjs,go,py}",
+    message: "Weak/deprecated cipher algorithm selected \u2014 DES, RC4, RC2, and Blowfish are broken or deprecated",
+    remediation: "Use AES-256-GCM or ChaCha20-Poly1305",
+    references: ["CWE-327"]
+  }
+];
 var nodeRules = [
   {
     id: "SEC-NODE-001",
@@ -8697,6 +8904,14 @@ var goRules = [
     references: ["CWE-134"]
   }
 ];
+function parseHarnessIgnore(line, ruleId) {
+  if (!line.includes("harness-ignore")) return null;
+  if (!line.includes(ruleId)) return null;
+  const match = line.match(/(?:\/\/|#)\s*harness-ignore\s+(SEC-[A-Z]+-\d+)(?::\s*(.+))?/);
+  if (match?.[1] !== ruleId) return null;
+  const text = match[2]?.trim();
+  return { ruleId, justification: text || null };
+}
 var SecurityScanner = class {
   registry;
   config;
@@ -8713,7 +8928,9 @@ var SecurityScanner = class {
       ...networkRules,
       ...deserializationRules,
       ...agentConfigRules,
-      ...mcpRules
+      ...mcpRules,
+      ...insecureDefaultsRules,
+      ...sharpEdgesRules
     ]);
     this.registry.registerAll([...nodeRules, ...expressRules, ...reactRules, ...goRules]);
     this.activeRules = this.registry.getAll();
@@ -8730,42 +8947,8 @@ var SecurityScanner = class {
    */
   scanContent(content, filePath, startLine = 1) {
     if (!this.config.enabled) return [];
-    const findings = [];
     const lines = content.split("\n");
-    for (const rule of this.activeRules) {
-      const resolved = resolveRuleSeverity(
-        rule.id,
-        rule.severity,
-        this.config.rules ?? {},
-        this.config.strict
-      );
-      if (resolved === "off") continue;
-      for (let i = 0; i < lines.length; i++) {
-        const line = lines[i] ?? "";
-        if (line.includes("harness-ignore") && line.includes(rule.id)) continue;
-        for (const pattern of rule.patterns) {
-          pattern.lastIndex = 0;
-          if (pattern.test(line)) {
-            findings.push({
-              ruleId: rule.id,
-              ruleName: rule.name,
-              category: rule.category,
-              severity: resolved,
-              confidence: rule.confidence,
-              file: filePath,
-              line: startLine + i,
-              match: line.trim(),
-              context: line,
-              message: rule.message,
-              remediation: rule.remediation,
-              ...rule.references ? { references: rule.references } : {}
-            });
-            break;
-          }
-        }
-      }
-    }
-    return findings;
+    return this.scanLinesWithRules(lines, this.activeRules, filePath, startLine);
   }
   async scanFile(filePath) {
     if (!this.config.enabled) return [];
@@ -8774,14 +8957,22 @@ var SecurityScanner = class {
   }
   scanContentForFile(content, filePath, startLine = 1) {
     if (!this.config.enabled) return [];
-    const findings = [];
     const lines = content.split("\n");
     const applicableRules = this.activeRules.filter((rule) => {
       if (!rule.fileGlob) return true;
       const globs = rule.fileGlob.split(",").map((g) => g.trim());
       return globs.some((glob2) => minimatch4(filePath, glob2, { dot: true }));
     });
-    for (const rule of applicableRules) {
+    return this.scanLinesWithRules(lines, applicableRules, filePath, startLine);
+  }
+  /**
+   * Core scanning loop shared by scanContent and scanContentForFile.
+   * Evaluates each rule against each line, handling suppression (FP gate)
+   * and pattern matching uniformly.
+   */
+  scanLinesWithRules(lines, rules, filePath, startLine) {
+    const findings = [];
+    for (const rule of rules) {
       const resolved = resolveRuleSeverity(
         rule.id,
         rule.severity,
@@ -8791,7 +8982,25 @@ var SecurityScanner = class {
       if (resolved === "off") continue;
       for (let i = 0; i < lines.length; i++) {
         const line = lines[i] ?? "";
-        if (line.includes("harness-ignore") && line.includes(rule.id)) continue;
+        const suppressionMatch = parseHarnessIgnore(line, rule.id);
+        if (suppressionMatch) {
+          if (!suppressionMatch.justification) {
+            findings.push({
+              ruleId: rule.id,
+              ruleName: rule.name,
+              category: rule.category,
+              severity: this.config.strict ? "error" : "warning",
+              confidence: "high",
+              file: filePath,
+              line: startLine + i,
+              match: line.trim(),
+              context: line,
+              message: `Suppression of ${rule.id} requires justification: // harness-ignore ${rule.id}: <reason>`,
+              remediation: `Add justification after colon: // harness-ignore ${rule.id}: false positive because ...`
+            });
+          }
+          continue;
+        }
         for (const pattern of rule.patterns) {
           pattern.lastIndex = 0;
           if (pattern.test(line)) {
@@ -8836,6 +9045,406 @@ var SecurityScanner = class {
     };
   }
 };
+var hiddenUnicodePatterns = [
+  {
+    ruleId: "INJ-UNI-001",
+    severity: "high",
+    category: "hidden-unicode",
+    description: "Zero-width characters that can hide malicious instructions",
+    // eslint-disable-next-line no-misleading-character-class -- intentional: regex detects zero-width chars for security scanning
+    pattern: /[\u200B\u200C\u200D\uFEFF\u2060]/
+  },
+  {
+    ruleId: "INJ-UNI-002",
+    severity: "high",
+    category: "hidden-unicode",
+    description: "RTL/LTR override characters that can disguise text direction",
+    pattern: /[\u202A-\u202E\u2066-\u2069]/
+  }
+];
+var reRolingPatterns = [
+  {
+    ruleId: "INJ-REROL-001",
+    severity: "high",
+    category: "explicit-re-roling",
+    description: "Instruction to ignore/disregard/forget previous instructions",
+    pattern: /(?:ignore|disregard|forget)\s+(?:all\s+)?(?:previous|prior|above|earlier)\s+(?:instructions?|prompts?|context|rules?|guidelines?)/i
+  },
+  {
+    ruleId: "INJ-REROL-002",
+    severity: "high",
+    category: "explicit-re-roling",
+    description: "Attempt to reassign the AI role",
+    pattern: /you\s+are\s+now\s+(?:a\s+|an\s+)?(?:new\s+)?(?:helpful\s+)?(?:my\s+)?(?:\w+\s+)?(?:assistant|agent|AI|bot|chatbot|system|persona)\b/i
+  },
+  {
+    ruleId: "INJ-REROL-003",
+    severity: "high",
+    category: "explicit-re-roling",
+    description: "Direct instruction override attempt",
+    pattern: /(?:new\s+)?(?:system\s+)?(?:instruction|directive|role|persona)\s*[:=]\s*/i
+  }
+];
+var permissionEscalationPatterns = [
+  {
+    ruleId: "INJ-PERM-001",
+    severity: "high",
+    category: "permission-escalation",
+    description: "Attempt to enable all tools or grant unrestricted access",
+    pattern: /(?:allow|enable|grant)\s+all\s+(?:tools?|permissions?|access)/i
+  },
+  {
+    ruleId: "INJ-PERM-002",
+    severity: "high",
+    category: "permission-escalation",
+    description: "Attempt to disable safety or security features",
+    pattern: /(?:disable|turn\s+off|remove|bypass)\s+(?:all\s+)?(?:safety|security|restrictions?|guardrails?|protections?|checks?)/i
+  },
+  {
+    ruleId: "INJ-PERM-003",
+    severity: "high",
+    category: "permission-escalation",
+    description: "Auto-approve directive that bypasses human review",
+    pattern: /(?:auto[- ]?approve|--no-verify|--dangerously-skip-permissions)/i
+  }
+];
+var encodedPayloadPatterns = [
+  {
+    ruleId: "INJ-ENC-001",
+    severity: "high",
+    category: "encoded-payloads",
+    description: "Base64-encoded string long enough to contain instructions (>=28 chars)",
+    // Match base64 strings of 28+ chars (7+ groups of 4).
+    // Excludes JWT tokens (eyJ prefix) and Bearer-prefixed tokens.
+    pattern: /(?<!Bearer\s)(?<![:])(?<![A-Za-z0-9/])(?!eyJ)(?:[A-Za-z0-9+/]{4}){7,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?(?![A-Za-z0-9/])/
+  },
+  {
+    ruleId: "INJ-ENC-002",
+    severity: "high",
+    category: "encoded-payloads",
+    description: "Hex-encoded string long enough to contain directives (>=20 hex chars)",
+    // Excludes hash-prefixed hex (sha256:, sha512:, md5:, etc.) and hex preceded by 0x.
+    // Note: 40-char git SHA hashes (e.g. in `git log` output) may match — downstream
+    // callers should filter matches of exactly 40 hex chars if scanning git output.
+    pattern: /(?<![:x])(?<![A-Fa-f0-9])(?:[0-9a-fA-F]{2}){10,}(?![A-Fa-f0-9])/
+  }
+];
+var indirectInjectionPatterns = [
+  {
+    ruleId: "INJ-IND-001",
+    severity: "medium",
+    category: "indirect-injection",
+    description: "Instruction to influence future responses",
+    pattern: /(?:when\s+the\s+user\s+asks|if\s+(?:the\s+user|someone|anyone)\s+asks)\s*,?\s*(?:say|respond|reply|answer|tell)/i
+  },
+  {
+    ruleId: "INJ-IND-002",
+    severity: "medium",
+    category: "indirect-injection",
+    description: "Directive to include content in responses",
+    pattern: /(?:include|insert|add|embed|put)\s+(?:this|the\s+following)\s+(?:in|into|to)\s+(?:your|the)\s+(?:response|output|reply|answer)/i
+  },
+  {
+    ruleId: "INJ-IND-003",
+    severity: "medium",
+    category: "indirect-injection",
+    description: "Standing instruction to always respond a certain way",
+    pattern: /always\s+(?:respond|reply|answer|say|output)\s+(?:with|that|by)/i
+  }
+];
+var contextManipulationPatterns = [
+  {
+    ruleId: "INJ-CTX-001",
+    severity: "medium",
+    category: "context-manipulation",
+    description: "Claim about system prompt content",
+    pattern: /(?:the\s+)?(?:system\s+prompt|system\s+message|hidden\s+instructions?)\s+(?:says?|tells?|instructs?|contains?|is)/i
+  },
+  {
+    ruleId: "INJ-CTX-002",
+    severity: "medium",
+    category: "context-manipulation",
+    description: "Claim about AI instructions",
+    pattern: /your\s+(?:instructions?|directives?|guidelines?|rules?)\s+(?:are|say|tell|state)/i
+  },
+  {
+    ruleId: "INJ-CTX-003",
+    severity: "medium",
+    category: "context-manipulation",
+    description: "Fake XML/HTML system or instruction tags",
+    // Case-sensitive: only match lowercase tags to avoid false positives on
+    // React components like <User>, <Context>, <Role> etc.
+    pattern: /<\/?(?:system|instruction|prompt|role|context|tool_call|function_call|assistant|human|user)[^>]*>/
+  },
+  {
+    ruleId: "INJ-CTX-004",
+    severity: "medium",
+    category: "context-manipulation",
+    description: "Fake JSON role assignment mimicking chat format",
+    pattern: /[{,]\s*"role"\s*:\s*"(?:system|assistant|function)"/i
+  }
+];
+var socialEngineeringPatterns = [
+  {
+    ruleId: "INJ-SOC-001",
+    severity: "medium",
+    category: "social-engineering",
+    description: "Urgency pressure to bypass checks",
+    pattern: /(?:this\s+is\s+(?:very\s+)?urgent|this\s+is\s+(?:an?\s+)?emergency|do\s+(?:this|it)\s+(?:now|immediately))\b/i
+  },
+  {
+    ruleId: "INJ-SOC-002",
+    severity: "medium",
+    category: "social-engineering",
+    description: "False authority claim",
+    pattern: /(?:the\s+)?(?:admin|administrator|manager|CEO|CTO|owner|supervisor)\s+(?:authorized|approved|said|told|confirmed|requested)/i
+  },
+  {
+    ruleId: "INJ-SOC-003",
+    severity: "medium",
+    category: "social-engineering",
+    description: "Testing pretext to bypass safety",
+    pattern: /(?:for\s+testing\s+purposes?|this\s+is\s+(?:just\s+)?a\s+test|in\s+test\s+mode)\b/i
+  }
+];
+var suspiciousPatterns = [
+  {
+    ruleId: "INJ-SUS-001",
+    severity: "low",
+    category: "suspicious-patterns",
+    description: "Excessive consecutive whitespace (>10 chars) mid-line that may hide content",
+    // Only match whitespace runs not at the start of a line (indentation is normal)
+    pattern: /\S\s{11,}/
+  },
+  {
+    ruleId: "INJ-SUS-002",
+    severity: "low",
+    category: "suspicious-patterns",
+    description: "Repeated delimiters (>5) that may indicate obfuscation",
+    pattern: /([|;,=\-_~`])\1{5,}/
+  },
+  {
+    ruleId: "INJ-SUS-003",
+    severity: "low",
+    category: "suspicious-patterns",
+    description: "Mathematical alphanumeric symbols used as Latin character substitutes",
+    // Mathematical bold/italic/script Unicode ranges (U+1D400-U+1D7FF)
+    pattern: /[\uD835][\uDC00-\uDFFF]/
+  }
+];
+var ALL_PATTERNS = [
+  ...hiddenUnicodePatterns,
+  ...reRolingPatterns,
+  ...permissionEscalationPatterns,
+  ...encodedPayloadPatterns,
+  ...indirectInjectionPatterns,
+  ...contextManipulationPatterns,
+  ...socialEngineeringPatterns,
+  ...suspiciousPatterns
+];
+function scanForInjection(text) {
+  const findings = [];
+  const lines = text.split("\n");
+  for (let lineIdx = 0; lineIdx < lines.length; lineIdx++) {
+    const line = lines[lineIdx];
+    for (const rule of ALL_PATTERNS) {
+      if (rule.pattern.test(line)) {
+        findings.push({
+          severity: rule.severity,
+          ruleId: rule.ruleId,
+          match: line.trim(),
+          line: lineIdx + 1
+        });
+      }
+    }
+  }
+  const severityOrder = {
+    high: 0,
+    medium: 1,
+    low: 2
+  };
+  findings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+  return findings;
+}
+function getInjectionPatterns() {
+  return ALL_PATTERNS;
+}
+var DESTRUCTIVE_BASH = [
+  /\bgit\s+push\b/,
+  /\bgit\s+commit\b/,
+  /\brm\s+-rf?\b/,
+  /\brm\s+-r\b/
+];
+var TAINT_DURATION_MS = 30 * 60 * 1e3;
+var DEFAULT_SESSION_ID = "default";
+function getTaintFilePath(projectRoot, sessionId) {
+  const id = sessionId || DEFAULT_SESSION_ID;
+  return join21(projectRoot, ".harness", `session-taint-${id}.json`);
+}
+function readTaint(projectRoot, sessionId) {
+  const filePath = getTaintFilePath(projectRoot, sessionId);
+  let content;
+  try {
+    content = readFileSync142(filePath, "utf8");
+  } catch {
+    return null;
+  }
+  let state;
+  try {
+    state = JSON.parse(content);
+  } catch {
+    try {
+      unlinkSync(filePath);
+    } catch {
+    }
+    return null;
+  }
+  if (!state.sessionId || !state.taintedAt || !state.expiresAt || !state.findings) {
+    try {
+      unlinkSync(filePath);
+    } catch {
+    }
+    return null;
+  }
+  return state;
+}
+function checkTaint(projectRoot, sessionId) {
+  const state = readTaint(projectRoot, sessionId);
+  if (!state) {
+    return { tainted: false, expired: false, state: null };
+  }
+  const now = /* @__PURE__ */ new Date();
+  const expiresAt = new Date(state.expiresAt);
+  if (now >= expiresAt) {
+    const filePath = getTaintFilePath(projectRoot, sessionId);
+    try {
+      unlinkSync(filePath);
+    } catch {
+    }
+    return { tainted: false, expired: true, state };
+  }
+  return { tainted: true, expired: false, state };
+}
+function writeTaint(projectRoot, sessionId, reason, findings, source) {
+  const id = sessionId || DEFAULT_SESSION_ID;
+  const filePath = getTaintFilePath(projectRoot, id);
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const dir = dirname8(filePath);
+  mkdirSync11(dir, { recursive: true });
+  const existing = readTaint(projectRoot, id);
+  const maxSeverity = findings.some((f) => f.severity === "high") ? "high" : "medium";
+  const taintFindings = findings.map((f) => ({
+    ruleId: f.ruleId,
+    severity: f.severity,
+    match: f.match,
+    source,
+    detectedAt: now
+  }));
+  const state = {
+    sessionId: id,
+    taintedAt: existing?.taintedAt || now,
+    expiresAt: new Date(Date.now() + TAINT_DURATION_MS).toISOString(),
+    reason,
+    severity: existing?.severity === "high" || maxSeverity === "high" ? "high" : "medium",
+    findings: [...existing?.findings || [], ...taintFindings]
+  };
+  writeFileSync11(filePath, JSON.stringify(state, null, 2) + "\n");
+  return state;
+}
+function clearTaint(projectRoot, sessionId) {
+  if (sessionId) {
+    const filePath = getTaintFilePath(projectRoot, sessionId);
+    try {
+      unlinkSync(filePath);
+      return 1;
+    } catch {
+      return 0;
+    }
+  }
+  const harnessDir = join21(projectRoot, ".harness");
+  let count = 0;
+  try {
+    const files = readdirSync3(harnessDir);
+    for (const file of files) {
+      if (file.startsWith("session-taint-") && file.endsWith(".json")) {
+        try {
+          unlinkSync(join21(harnessDir, file));
+          count++;
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  return count;
+}
+function listTaintedSessions(projectRoot) {
+  const harnessDir = join21(projectRoot, ".harness");
+  const sessions = [];
+  try {
+    const files = readdirSync3(harnessDir);
+    for (const file of files) {
+      if (file.startsWith("session-taint-") && file.endsWith(".json")) {
+        const sessionId = file.replace("session-taint-", "").replace(".json", "");
+        const result = checkTaint(projectRoot, sessionId);
+        if (result.tainted) {
+          sessions.push(sessionId);
+        }
+      }
+    }
+  } catch {
+  }
+  return sessions;
+}
+function mapSecuritySeverity(severity) {
+  if (severity === "error") return "high";
+  if (severity === "warning") return "medium";
+  return "low";
+}
+function computeOverallSeverity(findings) {
+  if (findings.length === 0) return "clean";
+  if (findings.some((f) => f.severity === "high")) return "high";
+  if (findings.some((f) => f.severity === "medium")) return "medium";
+  return "low";
+}
+function computeScanExitCode(results) {
+  for (const r of results) {
+    if (r.overallSeverity === "high") return 2;
+  }
+  for (const r of results) {
+    if (r.overallSeverity === "medium") return 1;
+  }
+  return 0;
+}
+function mapInjectionFindings(injectionFindings) {
+  return injectionFindings.map((f) => ({
+    ruleId: f.ruleId,
+    severity: f.severity,
+    message: `Injection pattern detected: ${f.ruleId}`,
+    match: f.match,
+    ...f.line !== void 0 ? { line: f.line } : {}
+  }));
+}
+function isDuplicateFinding(existing, secFinding) {
+  return existing.some(
+    (e) => e.line === secFinding.line && e.match === secFinding.match.trim() && e.ruleId.split("-")[0] === secFinding.ruleId.split("-")[0]
+  );
+}
+function mapSecurityFindings(secFindings, existing) {
+  const result = [];
+  for (const f of secFindings) {
+    if (!isDuplicateFinding(existing, f)) {
+      result.push({
+        ruleId: f.ruleId,
+        severity: mapSecuritySeverity(f.severity),
+        message: f.message,
+        match: f.match,
+        ...f.line !== void 0 ? { line: f.line } : {}
+      });
+    }
+  }
+  return result;
+}
 var ALL_CHECKS = [
   "validate",
   "deps",
@@ -9017,7 +9626,7 @@ async function runPerfCheck(projectRoot, config) {
     if (perfReport.complexity) {
       for (const v of perfReport.complexity.violations) {
         issues.push({
-          severity: v.severity === "info" ? "warning" : v.severity,
+          severity: "warning",
           message: `[Tier ${v.tier}] ${v.metric}: ${v.function} in ${v.file} (${v.value} > ${v.threshold})`,
           file: v.file,
           line: v.line
@@ -11528,9 +12137,9 @@ async function resolveWasmPath(grammarName) {
   const { createRequire } = await import("module");
   const require2 = createRequire(import.meta.url ?? __filename);
   const pkgPath = require2.resolve("tree-sitter-wasms/package.json");
-  const path23 = await import("path");
-  const pkgDir = path23.dirname(pkgPath);
-  return path23.join(pkgDir, "out", `${grammarName}.wasm`);
+  const path26 = await import("path");
+  const pkgDir = path26.dirname(pkgPath);
+  return path26.join(pkgDir, "out", `${grammarName}.wasm`);
 }
 async function loadLanguage(lang) {
   const grammarName = GRAMMAR_MAP[lang];
@@ -11887,6 +12496,466 @@ async function unfoldRange(filePath, startLine, endLine) {
     fallback: false
   };
 }
+var TOKENS_PER_MILLION = 1e6;
+function parseLiteLLMData(raw) {
+  const dataset = /* @__PURE__ */ new Map();
+  for (const [modelName, entry] of Object.entries(raw)) {
+    if (modelName === "sample_spec") continue;
+    if (entry.mode && entry.mode !== "chat") continue;
+    const inputCost = entry.input_cost_per_token;
+    const outputCost = entry.output_cost_per_token;
+    if (inputCost == null || outputCost == null) continue;
+    const pricing = {
+      inputPer1M: inputCost * TOKENS_PER_MILLION,
+      outputPer1M: outputCost * TOKENS_PER_MILLION
+    };
+    if (entry.cache_read_input_token_cost != null) {
+      pricing.cacheReadPer1M = entry.cache_read_input_token_cost * TOKENS_PER_MILLION;
+    }
+    if (entry.cache_creation_input_token_cost != null) {
+      pricing.cacheWritePer1M = entry.cache_creation_input_token_cost * TOKENS_PER_MILLION;
+    }
+    dataset.set(modelName, pricing);
+  }
+  return dataset;
+}
+function getModelPrice(model, dataset) {
+  if (!model) {
+    console.warn("[harness pricing] No model specified \u2014 cannot look up pricing.");
+    return null;
+  }
+  const pricing = dataset.get(model);
+  if (!pricing) {
+    console.warn(
+      `[harness pricing] No pricing data for model "${model}". Consider updating pricing data.`
+    );
+    return null;
+  }
+  return pricing;
+}
+var fallback_default = {
+  _generatedAt: "2026-03-31",
+  _source: "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json",
+  models: {
+    "claude-opus-4-20250514": {
+      inputPer1M: 15,
+      outputPer1M: 75,
+      cacheReadPer1M: 1.5,
+      cacheWritePer1M: 18.75
+    },
+    "claude-sonnet-4-20250514": {
+      inputPer1M: 3,
+      outputPer1M: 15,
+      cacheReadPer1M: 0.3,
+      cacheWritePer1M: 3.75
+    },
+    "claude-3-5-haiku-20241022": {
+      inputPer1M: 0.8,
+      outputPer1M: 4,
+      cacheReadPer1M: 0.08,
+      cacheWritePer1M: 1
+    },
+    "gpt-4o": {
+      inputPer1M: 2.5,
+      outputPer1M: 10,
+      cacheReadPer1M: 1.25
+    },
+    "gpt-4o-mini": {
+      inputPer1M: 0.15,
+      outputPer1M: 0.6,
+      cacheReadPer1M: 0.075
+    },
+    "gemini-2.0-flash": {
+      inputPer1M: 0.1,
+      outputPer1M: 0.4,
+      cacheReadPer1M: 0.025
+    },
+    "gemini-2.5-pro": {
+      inputPer1M: 1.25,
+      outputPer1M: 10,
+      cacheReadPer1M: 0.3125
+    }
+  }
+};
+var LITELLM_PRICING_URL = "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json";
+var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
+var STALENESS_WARNING_DAYS = 7;
+function getCachePath(projectRoot) {
+  return path23.join(projectRoot, ".harness", "cache", "pricing.json");
+}
+function getStalenessMarkerPath(projectRoot) {
+  return path23.join(projectRoot, ".harness", "cache", "staleness-marker.json");
+}
+async function readDiskCache(projectRoot) {
+  try {
+    const raw = await fs23.readFile(getCachePath(projectRoot), "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+async function writeDiskCache(projectRoot, data) {
+  const cachePath = getCachePath(projectRoot);
+  await fs23.mkdir(path23.dirname(cachePath), { recursive: true });
+  await fs23.writeFile(cachePath, JSON.stringify(data, null, 2));
+}
+async function fetchFromNetwork() {
+  try {
+    const response = await fetch(LITELLM_PRICING_URL);
+    if (!response.ok) return null;
+    const data = await response.json();
+    if (typeof data !== "object" || data === null || Array.isArray(data)) return null;
+    return {
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      data
+    };
+  } catch {
+    return null;
+  }
+}
+function loadFallbackDataset() {
+  const fb = fallback_default;
+  const dataset = /* @__PURE__ */ new Map();
+  for (const [model, pricing] of Object.entries(fb.models)) {
+    dataset.set(model, pricing);
+  }
+  return dataset;
+}
+async function checkAndWarnStaleness(projectRoot) {
+  const markerPath = getStalenessMarkerPath(projectRoot);
+  try {
+    const raw = await fs23.readFile(markerPath, "utf-8");
+    const marker = JSON.parse(raw);
+    const firstUse = new Date(marker.firstFallbackUse).getTime();
+    const now = Date.now();
+    const daysSinceFirstUse = (now - firstUse) / (24 * 60 * 60 * 1e3);
+    if (daysSinceFirstUse > STALENESS_WARNING_DAYS) {
+      console.warn(
+        `[harness pricing] Pricing data is stale \u2014 using bundled fallback for ${Math.floor(daysSinceFirstUse)} days. Connect to the internet to refresh pricing data.`
+      );
+    }
+  } catch {
+    try {
+      await fs23.mkdir(path23.dirname(markerPath), { recursive: true });
+      await fs23.writeFile(
+        markerPath,
+        JSON.stringify({ firstFallbackUse: (/* @__PURE__ */ new Date()).toISOString() })
+      );
+    } catch {
+    }
+  }
+}
+async function clearStalenessMarker(projectRoot) {
+  try {
+    await fs23.unlink(getStalenessMarkerPath(projectRoot));
+  } catch {
+  }
+}
+async function loadPricingData(projectRoot) {
+  const cache = await readDiskCache(projectRoot);
+  if (cache) {
+    const cacheAge = Date.now() - new Date(cache.fetchedAt).getTime();
+    if (cacheAge < CACHE_TTL_MS) {
+      await clearStalenessMarker(projectRoot);
+      return parseLiteLLMData(cache.data);
+    }
+  }
+  const fetched = await fetchFromNetwork();
+  if (fetched) {
+    await writeDiskCache(projectRoot, fetched);
+    await clearStalenessMarker(projectRoot);
+    return parseLiteLLMData(fetched.data);
+  }
+  if (cache) {
+    return parseLiteLLMData(cache.data);
+  }
+  await checkAndWarnStaleness(projectRoot);
+  return loadFallbackDataset();
+}
+var MICRODOLLARS_PER_DOLLAR = 1e6;
+var TOKENS_PER_MILLION2 = 1e6;
+function calculateCost(record, dataset) {
+  if (!record.model) return null;
+  const pricing = getModelPrice(record.model, dataset);
+  if (!pricing) return null;
+  let costUSD = 0;
+  costUSD += record.tokens.inputTokens / TOKENS_PER_MILLION2 * pricing.inputPer1M;
+  costUSD += record.tokens.outputTokens / TOKENS_PER_MILLION2 * pricing.outputPer1M;
+  if (record.cacheReadTokens != null && pricing.cacheReadPer1M != null) {
+    costUSD += record.cacheReadTokens / TOKENS_PER_MILLION2 * pricing.cacheReadPer1M;
+  }
+  if (record.cacheCreationTokens != null && pricing.cacheWritePer1M != null) {
+    costUSD += record.cacheCreationTokens / TOKENS_PER_MILLION2 * pricing.cacheWritePer1M;
+  }
+  return Math.round(costUSD * MICRODOLLARS_PER_DOLLAR);
+}
+function aggregateBySession(records) {
+  if (records.length === 0) return [];
+  const sessionMap = /* @__PURE__ */ new Map();
+  for (const record of records) {
+    const tagged = record;
+    const id = record.sessionId;
+    if (!sessionMap.has(id)) {
+      sessionMap.set(id, { harnessRecords: [], ccRecords: [], allRecords: [] });
+    }
+    const bucket = sessionMap.get(id);
+    if (tagged._source === "claude-code") {
+      bucket.ccRecords.push(tagged);
+    } else {
+      bucket.harnessRecords.push(tagged);
+    }
+    bucket.allRecords.push(tagged);
+  }
+  const results = [];
+  for (const [sessionId, bucket] of sessionMap) {
+    const hasHarness = bucket.harnessRecords.length > 0;
+    const hasCC = bucket.ccRecords.length > 0;
+    const isMerged = hasHarness && hasCC;
+    const tokenSource = hasHarness ? bucket.harnessRecords : bucket.ccRecords;
+    const tokens = { inputTokens: 0, outputTokens: 0, totalTokens: 0 };
+    let cacheCreation;
+    let cacheRead;
+    let costMicroUSD = 0;
+    let model;
+    for (const r of tokenSource) {
+      tokens.inputTokens += r.tokens.inputTokens;
+      tokens.outputTokens += r.tokens.outputTokens;
+      tokens.totalTokens += r.tokens.totalTokens;
+      if (r.cacheCreationTokens != null) {
+        cacheCreation = (cacheCreation ?? 0) + r.cacheCreationTokens;
+      }
+      if (r.cacheReadTokens != null) {
+        cacheRead = (cacheRead ?? 0) + r.cacheReadTokens;
+      }
+      if (r.costMicroUSD != null && costMicroUSD != null) {
+        costMicroUSD += r.costMicroUSD;
+      } else if (r.costMicroUSD == null) {
+        costMicroUSD = null;
+      }
+      if (!model && r.model) {
+        model = r.model;
+      }
+    }
+    if (!model && hasCC) {
+      for (const r of bucket.ccRecords) {
+        if (r.model) {
+          model = r.model;
+          break;
+        }
+      }
+    }
+    const timestamps = bucket.allRecords.map((r) => r.timestamp).sort();
+    const source = isMerged ? "merged" : hasCC ? "claude-code" : "harness";
+    const session = {
+      sessionId,
+      firstTimestamp: timestamps[0] ?? "",
+      lastTimestamp: timestamps[timestamps.length - 1] ?? "",
+      tokens,
+      costMicroUSD,
+      source
+    };
+    if (model) session.model = model;
+    if (cacheCreation != null) session.cacheCreationTokens = cacheCreation;
+    if (cacheRead != null) session.cacheReadTokens = cacheRead;
+    results.push(session);
+  }
+  results.sort((a, b) => b.firstTimestamp.localeCompare(a.firstTimestamp));
+  return results;
+}
+function aggregateByDay(records) {
+  if (records.length === 0) return [];
+  const dayMap = /* @__PURE__ */ new Map();
+  for (const record of records) {
+    const date = record.timestamp.slice(0, 10);
+    if (!dayMap.has(date)) {
+      dayMap.set(date, {
+        sessions: /* @__PURE__ */ new Set(),
+        tokens: { inputTokens: 0, outputTokens: 0, totalTokens: 0 },
+        costMicroUSD: 0,
+        models: /* @__PURE__ */ new Set()
+      });
+    }
+    const day = dayMap.get(date);
+    day.sessions.add(record.sessionId);
+    day.tokens.inputTokens += record.tokens.inputTokens;
+    day.tokens.outputTokens += record.tokens.outputTokens;
+    day.tokens.totalTokens += record.tokens.totalTokens;
+    if (record.cacheCreationTokens != null) {
+      day.cacheCreation = (day.cacheCreation ?? 0) + record.cacheCreationTokens;
+    }
+    if (record.cacheReadTokens != null) {
+      day.cacheRead = (day.cacheRead ?? 0) + record.cacheReadTokens;
+    }
+    if (record.costMicroUSD != null && day.costMicroUSD != null) {
+      day.costMicroUSD += record.costMicroUSD;
+    } else if (record.costMicroUSD == null) {
+      day.costMicroUSD = null;
+    }
+    if (record.model) {
+      day.models.add(record.model);
+    }
+  }
+  const results = [];
+  for (const [date, day] of dayMap) {
+    const entry = {
+      date,
+      sessionCount: day.sessions.size,
+      tokens: day.tokens,
+      costMicroUSD: day.costMicroUSD,
+      models: Array.from(day.models).sort()
+    };
+    if (day.cacheCreation != null) entry.cacheCreationTokens = day.cacheCreation;
+    if (day.cacheRead != null) entry.cacheReadTokens = day.cacheRead;
+    results.push(entry);
+  }
+  results.sort((a, b) => b.date.localeCompare(a.date));
+  return results;
+}
+function parseLine(line, lineNumber) {
+  let entry;
+  try {
+    entry = JSON.parse(line);
+  } catch {
+    console.warn(`[harness usage] Skipping malformed JSONL line ${lineNumber}`);
+    return null;
+  }
+  const tokenUsage = entry.token_usage;
+  if (!tokenUsage || typeof tokenUsage !== "object") {
+    console.warn(
+      `[harness usage] Skipping malformed JSONL line ${lineNumber}: missing token_usage`
+    );
+    return null;
+  }
+  const inputTokens = tokenUsage.input_tokens ?? 0;
+  const outputTokens = tokenUsage.output_tokens ?? 0;
+  const record = {
+    sessionId: entry.session_id ?? "unknown",
+    timestamp: entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
+    tokens: {
+      inputTokens,
+      outputTokens,
+      totalTokens: inputTokens + outputTokens
+    }
+  };
+  if (entry.cache_creation_tokens != null) {
+    record.cacheCreationTokens = entry.cache_creation_tokens;
+  }
+  if (entry.cache_read_tokens != null) {
+    record.cacheReadTokens = entry.cache_read_tokens;
+  }
+  if (entry.model != null) {
+    record.model = entry.model;
+  }
+  return record;
+}
+function readCostRecords(projectRoot) {
+  const costsFile = path24.join(projectRoot, ".harness", "metrics", "costs.jsonl");
+  let raw;
+  try {
+    raw = fs24.readFileSync(costsFile, "utf-8");
+  } catch {
+    return [];
+  }
+  const records = [];
+  const lines = raw.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]?.trim();
+    if (!line) continue;
+    const record = parseLine(line, i + 1);
+    if (record) {
+      records.push(record);
+    }
+  }
+  return records;
+}
+function extractUsage(entry) {
+  if (entry.type !== "assistant") return null;
+  const message = entry.message;
+  if (!message || typeof message !== "object") return null;
+  const usage = message.usage;
+  return usage && typeof usage === "object" && !Array.isArray(usage) ? usage : null;
+}
+function buildRecord(entry, usage) {
+  const inputTokens = Number(usage.input_tokens) || 0;
+  const outputTokens = Number(usage.output_tokens) || 0;
+  const message = entry.message;
+  const record = {
+    sessionId: entry.sessionId ?? "unknown",
+    timestamp: entry.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
+    tokens: { inputTokens, outputTokens, totalTokens: inputTokens + outputTokens },
+    _source: "claude-code"
+  };
+  const model = message.model;
+  if (model) record.model = model;
+  const cacheCreate = usage.cache_creation_input_tokens;
+  const cacheRead = usage.cache_read_input_tokens;
+  if (typeof cacheCreate === "number" && cacheCreate > 0) record.cacheCreationTokens = cacheCreate;
+  if (typeof cacheRead === "number" && cacheRead > 0) record.cacheReadTokens = cacheRead;
+  return record;
+}
+function parseCCLine(line, filePath, lineNumber) {
+  let entry;
+  try {
+    entry = JSON.parse(line);
+  } catch {
+    console.warn(
+      `[harness usage] Skipping malformed CC JSONL line ${lineNumber} in ${path25.basename(filePath)}`
+    );
+    return null;
+  }
+  const usage = extractUsage(entry);
+  if (!usage) return null;
+  return {
+    record: buildRecord(entry, usage),
+    requestId: entry.requestId ?? null
+  };
+}
+function readCCFile(filePath) {
+  let raw;
+  try {
+    raw = fs25.readFileSync(filePath, "utf-8");
+  } catch {
+    return [];
+  }
+  const byRequestId = /* @__PURE__ */ new Map();
+  const noRequestId = [];
+  const lines = raw.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]?.trim();
+    if (!line) continue;
+    const parsed = parseCCLine(line, filePath, i + 1);
+    if (!parsed) continue;
+    if (parsed.requestId) {
+      byRequestId.set(parsed.requestId, parsed.record);
+    } else {
+      noRequestId.push(parsed.record);
+    }
+  }
+  return [...byRequestId.values(), ...noRequestId];
+}
+function parseCCRecords() {
+  const homeDir = process.env.HOME ?? os2.homedir();
+  const projectsDir = path25.join(homeDir, ".claude", "projects");
+  let projectDirs;
+  try {
+    projectDirs = fs25.readdirSync(projectsDir, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => path25.join(projectsDir, d.name));
+  } catch {
+    return [];
+  }
+  const records = [];
+  for (const dir of projectDirs) {
+    let files;
+    try {
+      files = fs25.readdirSync(dir).filter((f) => f.endsWith(".jsonl")).map((f) => path25.join(dir, f));
+    } catch {
+      continue;
+    }
+    for (const file of files) {
+      records.push(...readCCFile(file));
+    }
+  }
+  return records;
+}
 var VERSION = "0.15.0";
 export {
@@ -12080,11 +13149,29 @@ export {
   deserializationRules,
   agentConfigRules,
   mcpRules,
+  insecureDefaultsRules,
+  sharpEdgesRules,
   nodeRules,
   expressRules,
   reactRules,
   goRules,
+  parseHarnessIgnore,
   SecurityScanner,
+  scanForInjection,
+  getInjectionPatterns,
+  DESTRUCTIVE_BASH,
+  getTaintFilePath,
+  readTaint,
+  checkTaint,
+  writeTaint,
+  clearTaint,
+  listTaintedSessions,
+  mapSecuritySeverity,
+  computeOverallSeverity,
+  computeScanExitCode,
+  mapInjectionFindings,
+  isDuplicateFinding,
+  mapSecurityFindings,
   runCIChecks,
   runMechanicalChecks,
   ExclusionSet,
@@ -12143,5 +13230,16 @@ export {
   searchSymbols,
   unfoldSymbol,
   unfoldRange,
+  parseLiteLLMData,
+  getModelPrice,
+  LITELLM_PRICING_URL,
+  CACHE_TTL_MS,
+  STALENESS_WARNING_DAYS,
+  loadPricingData,
+  calculateCost,
+  aggregateBySession,
+  aggregateByDay,
+  readCostRecords,
+  parseCCRecords,
   VERSION
 };