@harness-engineering/cli 1.20.0 → 1.20.1

package/dist/bin/harness-mcp.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   startServer
-} from "../chunk-YL4UHE52.js";
+} from "../chunk-SQY4AAKP.js";
 import "../chunk-4U4V7A6U.js";
 import "../chunk-PDEEQJHH.js";
 import "../chunk-V73TEHIF.js";

package/dist/bin/harness.js

@@ -2,7 +2,7 @@
 import {
   createProgram,
   printFirstRunWelcome
-} from "../chunk-RJFWCL6M.js";
+} from "../chunk-HAJD5LTI.js";
 import "../chunk-SD3SQOZ2.js";
 import "../chunk-PDOSLTWP.js";
 import "../chunk-6KWBH4EO.js";
@@ -16,7 +16,7 @@ import "../chunk-DBSOCI3G.js";
 import "../chunk-FIAPHX37.js";
 import "../chunk-KET4QQZB.js";
 import "../chunk-OD3S2NHN.js";
-import "../chunk-YL4UHE52.js";
+import "../chunk-SQY4AAKP.js";
 import "../chunk-4U4V7A6U.js";
 import "../chunk-PDEEQJHH.js";
 import "../chunk-V73TEHIF.js";

package/dist/{chunk-RJFWCL6M.js → chunk-HAJD5LTI.js}

@@ -50,7 +50,7 @@ import {
   handleGetImpact,
   handleOrphanDeletion,
   persistToolingConfig
-} from "./chunk-YL4UHE52.js";
+} from "./chunk-SQY4AAKP.js";
 import {
   VALID_PLATFORMS
 } from "./chunk-CJDVBBPB.js";
@@ -5095,7 +5095,7 @@ function createGraphCommand() {
 import { Command as Command50 } from "commander";
 function createMcpCommand() {
   return new Command50("mcp").description("Start the MCP (Model Context Protocol) server on stdio").option("--tools <tools...>", "Only register the specified tools (used by Cursor integration)").action(async (opts) => {
-    const { startServer: startServer2 } = await import("./mcp-I7UP73GV.js");
+    const { startServer: startServer2 } = await import("./mcp-KEY575NJ.js");
     await startServer2(opts.tools);
   });
 }

package/dist/{chunk-YL4UHE52.js → chunk-SQY4AAKP.js}

@@ -150,6 +150,7 @@ function isDestructiveOperation(toolName, toolInput, workspaceRoot) {
 function wrapWithInjectionGuard(toolName, handler, options = {}) {
   const projectRoot = options.projectRoot ?? process.cwd();
   const sessionId = options.sessionId ?? "default";
+  const trustedOutput = options.trustedOutputTools?.has(toolName) ?? false;
   return async (input) => {
     try {
       const taintCheck = checkTaint(projectRoot, sessionId);
@@ -181,29 +182,31 @@ function wrapWithInjectionGuard(toolName, handler, options = {}) {
         }
       }
       const result = await handler(input);
-      const outputText = extractResultText(result);
-      if (outputText) {
-        const outputFindings = scanForInjection(outputText);
-        const actionableOutput = outputFindings.filter(
-          (f) => f.severity === "high" || f.severity === "medium"
-        );
-        if (actionableOutput.length > 0) {
-          writeTaint(
-            projectRoot,
-            sessionId,
-            `Injection pattern detected in MCP:${toolName} result`,
-            actionableOutput,
-            `MCP:${toolName}:output`
-          );
-          const warningLines = actionableOutput.map(
-            (f) => `Sentinel [${f.severity}] ${f.ruleId}: detected in ${toolName} output`
+      if (!trustedOutput) {
+        const outputText = extractResultText(result);
+        if (outputText) {
+          const outputFindings = scanForInjection(outputText);
+          const actionableOutput = outputFindings.filter(
+            (f) => f.severity === "high" || f.severity === "medium"
           );
-          result.content.push({
-            type: "text",
-            text: `
+          if (actionableOutput.length > 0) {
+            writeTaint(
+              projectRoot,
+              sessionId,
+              `Injection pattern detected in MCP:${toolName} result`,
+              actionableOutput,
+              `MCP:${toolName}:output`
+            );
+            const warningLines = actionableOutput.map(
+              (f) => `Sentinel [${f.severity}] ${f.ruleId}: detected in ${toolName} output`
+            );
+            result.content.push({
+              type: "text",
+              text: `
 ---
 Sentinel Warning: ${warningLines.join("; ")}`
-          });
+            });
+          }
         }
       }
       return result;
@@ -5325,7 +5328,7 @@ var TOOL_DEFINITIONS = [
   codeOutlineDefinition,
   codeSearchDefinition,
   codeUnfoldDefinition
-];
+].map((def) => ({ ...def, trustedOutput: true }));
 var TOOL_HANDLERS = {
   validate_project: handleValidateProject,
   check_dependencies: handleCheckDependencies,
@@ -5493,7 +5496,13 @@ function createHarnessServer(projectRoot, toolFilter) {
   server.setRequestHandler(ListToolsRequestSchema, async () => ({
     tools: filteredDefinitions
   }));
-  const guardedHandlers = applyInjectionGuard(filteredHandlers, { projectRoot: resolvedRoot });
+  const trustedOutputTools = new Set(
+    filteredDefinitions.filter((t) => t.trustedOutput === true).map((t) => t.name)
+  );
+  const guardedHandlers = applyInjectionGuard(filteredHandlers, {
+    projectRoot: resolvedRoot,
+    trustedOutputTools
+  });
   server.setRequestHandler(CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
     const handler = guardedHandlers[name];

package/dist/index.d.ts

@@ -713,15 +713,15 @@ declare const HarnessConfigSchema: z.ZodObject<{
         thresholds: z.ZodDefault<z.ZodRecord<z.ZodEnum<["circular-deps", "layer-violations", "complexity", "coupling", "forbidden-imports", "module-size", "dependency-depth"]>, z.ZodUnion<[z.ZodNumber, z.ZodRecord<z.ZodString, z.ZodNumber>]>>>;
         modules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodRecord<z.ZodEnum<["circular-deps", "layer-violations", "complexity", "coupling", "forbidden-imports", "module-size", "dependency-depth"]>, z.ZodUnion<[z.ZodNumber, z.ZodRecord<z.ZodString, z.ZodNumber>]>>>>;
     }, "strip", z.ZodTypeAny, {
+        thresholds: Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>;
+        modules: Record<string, Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>>;
         enabled: boolean;
         baselinePath: string;
-        thresholds: Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>;
-        modules: Record<string, Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>>;
     }, {
+        thresholds?: Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>> | undefined;
+        modules?: Record<string, Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>> | undefined;
         enabled?: boolean | undefined;
         baselinePath?: string | undefined;
-        thresholds?: Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>> | undefined;
-        modules?: Record<string, Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>> | undefined;
     }>>;
     /** Skill loading, suggestion, and tier override settings */
     skills: z.ZodOptional<z.ZodObject<{
@@ -900,10 +900,10 @@ declare const HarnessConfigSchema: z.ZodObject<{
         dismissed: string[];
     } | undefined;
     architecture?: {
+        thresholds: Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>;
+        modules: Record<string, Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>>;
         enabled: boolean;
         baselinePath: string;
-        thresholds: Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>;
-        modules: Record<string, Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>>;
     } | undefined;
     roadmap?: {
         tracker?: {
@@ -1029,10 +1029,10 @@ declare const HarnessConfigSchema: z.ZodObject<{
         dismissed?: string[] | undefined;
     } | undefined;
     architecture?: {
+        thresholds?: Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>> | undefined;
+        modules?: Record<string, Partial<Record<"complexity" | "coupling" | "circular-deps" | "layer-violations" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>> | undefined;
         enabled?: boolean | undefined;
         baselinePath?: string | undefined;
-        thresholds?: Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>> | undefined;
-        modules?: Record<string, Partial<Record<"circular-deps" | "layer-violations" | "complexity" | "coupling" | "forbidden-imports" | "module-size" | "dependency-depth", number | Record<string, number>>>> | undefined;
     } | undefined;
     roadmap?: {
         tracker?: {
@@ -1504,6 +1504,8 @@ type ToolDefinition = {
     name: string;
     description: string;
     inputSchema: Record<string, unknown>;
+    /** When true, output scanning is skipped for this tool (internal content, not external). */
+    trustedOutput?: boolean;
 };
 declare function getToolDefinitions(): ToolDefinition[];
 declare function createHarnessServer(projectRoot?: string, toolFilter?: string[]): Server;

package/dist/index.js

@@ -12,7 +12,7 @@ import {
   runScan,
   runUninstall,
   runUninstallConstraints
-} from "./chunk-RJFWCL6M.js";
+} from "./chunk-HAJD5LTI.js";
 import {
   generateCIWorkflow
 } from "./chunk-SD3SQOZ2.js";
@@ -63,7 +63,7 @@ import {
   generateSlashCommands,
   getToolDefinitions,
   startServer
-} from "./chunk-YL4UHE52.js";
+} from "./chunk-SQY4AAKP.js";
 import "./chunk-4U4V7A6U.js";
 import "./chunk-PDEEQJHH.js";
 import "./chunk-V73TEHIF.js";

package/dist/{mcp-I7UP73GV.js → mcp-KEY575NJ.js}

@@ -2,7 +2,7 @@ import {
   createHarnessServer,
   getToolDefinitions,
   startServer
-} from "./chunk-YL4UHE52.js";
+} from "./chunk-SQY4AAKP.js";
 import "./chunk-4U4V7A6U.js";
 import "./chunk-PDEEQJHH.js";
 import "./chunk-V73TEHIF.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@harness-engineering/cli",
-  "version": "1.20.0",
+  "version": "1.20.1",
   "description": "CLI for Harness Engineering toolkit",
   "type": "module",
   "bin": {
@@ -37,11 +37,11 @@
     "web-tree-sitter": "^0.24.7",
     "yaml": "^2.8.3",
     "zod": "^3.25.76",
-    "@harness-engineering/core": "0.19.0",
     "@harness-engineering/graph": "0.3.5",
     "@harness-engineering/linter-gen": "0.1.4",
-    "@harness-engineering/types": "0.8.0",
-    "@harness-engineering/orchestrator": "0.2.5"
+    "@harness-engineering/core": "0.19.0",
+    "@harness-engineering/orchestrator": "0.2.5",
+    "@harness-engineering/types": "0.8.0"
   },
   "devDependencies": {
     "@types/node": "^22.19.15",