@harness-engineering/cli 1.25.7 → 1.26.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (189) hide show
  1. package/dist/agents/skills/README.md +1 -0
  2. package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +33 -5
  3. package/dist/agents/skills/claude-code/harness-execution/SKILL.md +6 -0
  4. package/dist/agents/skills/claude-code/harness-knowledge-pipeline/SKILL.md +277 -0
  5. package/dist/agents/skills/claude-code/harness-knowledge-pipeline/skill.yaml +60 -0
  6. package/dist/agents/skills/claude-code/harness-planning/SKILL.md +25 -1
  7. package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +22 -6
  8. package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +2 -1
  9. package/dist/agents/skills/claude-code/initialize-test-suite-project/SKILL.md +415 -0
  10. package/dist/agents/skills/claude-code/initialize-test-suite-project/skill.yaml +35 -0
  11. package/dist/agents/skills/codex/harness-brainstorming/SKILL.md +33 -5
  12. package/dist/agents/skills/codex/harness-execution/SKILL.md +6 -0
  13. package/dist/agents/skills/codex/harness-knowledge-pipeline/SKILL.md +277 -0
  14. package/dist/agents/skills/codex/harness-knowledge-pipeline/skill.yaml +60 -0
  15. package/dist/agents/skills/codex/harness-planning/SKILL.md +25 -1
  16. package/dist/agents/skills/codex/initialize-harness-project/SKILL.md +22 -6
  17. package/dist/agents/skills/codex/initialize-harness-project/skill.yaml +2 -1
  18. package/dist/agents/skills/codex/initialize-test-suite-project/SKILL.md +415 -0
  19. package/dist/agents/skills/codex/initialize-test-suite-project/skill.yaml +35 -0
  20. package/dist/agents/skills/cursor/harness-brainstorming/SKILL.md +33 -5
  21. package/dist/agents/skills/cursor/harness-execution/SKILL.md +6 -0
  22. package/dist/agents/skills/cursor/harness-knowledge-pipeline/SKILL.md +277 -0
  23. package/dist/agents/skills/cursor/harness-knowledge-pipeline/skill.yaml +60 -0
  24. package/dist/agents/skills/cursor/harness-planning/SKILL.md +25 -1
  25. package/dist/agents/skills/cursor/initialize-harness-project/SKILL.md +22 -6
  26. package/dist/agents/skills/cursor/initialize-harness-project/skill.yaml +2 -1
  27. package/dist/agents/skills/cursor/initialize-test-suite-project/SKILL.md +415 -0
  28. package/dist/agents/skills/cursor/initialize-test-suite-project/skill.yaml +35 -0
  29. package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +33 -5
  30. package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +6 -0
  31. package/dist/agents/skills/gemini-cli/harness-knowledge-pipeline/SKILL.md +277 -0
  32. package/dist/agents/skills/gemini-cli/harness-knowledge-pipeline/skill.yaml +60 -0
  33. package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +25 -1
  34. package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +22 -6
  35. package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +2 -1
  36. package/dist/agents/skills/gemini-cli/initialize-test-suite-project/SKILL.md +415 -0
  37. package/dist/agents/skills/gemini-cli/initialize-test-suite-project/skill.yaml +35 -0
  38. package/dist/agents/skills/package.json +2 -2
  39. package/dist/agents/skills/tests/initialize-test-suite-project.test.ts +152 -0
  40. package/dist/{agents-md-QPO3H5HX.js → agents-md-VI3HLR7E.js} +3 -3
  41. package/dist/{architecture-IJLXRHZA.js → architecture-ZDDKEVID.js} +4 -4
  42. package/dist/{assess-project-QU6XIVJK.js → assess-project-Y6W7YDUA.js} +1 -1
  43. package/dist/bin/harness-mcp.js +16 -15
  44. package/dist/bin/harness.js +27 -27
  45. package/dist/{check-phase-gate-TNY64AOS.js → check-phase-gate-CXR3VM22.js} +4 -4
  46. package/dist/{chunk-JJQ3TW2E.js → chunk-2BPPS6YQ.js} +804 -93
  47. package/dist/{chunk-NKQEMWGT.js → chunk-2FPUPRCY.js} +3419 -126
  48. package/dist/{chunk-MLOGYWLY.js → chunk-3AMQYWGT.js} +2 -2
  49. package/dist/{chunk-AS5DQT4S.js → chunk-56A6OXVA.js} +9 -9
  50. package/dist/{chunk-G5SNXUIK.js → chunk-7GY6WNEI.js} +1 -1
  51. package/dist/{chunk-SZ3Q4XEO.js → chunk-AMRC4FU2.js} +441 -288
  52. package/dist/{chunk-K533WNZG.js → chunk-B66LRB5M.js} +1 -1
  53. package/dist/{chunk-YRBNAHH4.js → chunk-BK4DJIIY.js} +4 -4
  54. package/dist/{chunk-2DF6OZLG.js → chunk-DBIX3X4H.js} +2 -2
  55. package/dist/{chunk-LXPRO2FH.js → chunk-FUND5WJR.js} +2 -2
  56. package/dist/{chunk-FRDS4XGD.js → chunk-JV4Y2U5F.js} +1 -1
  57. package/dist/{chunk-XVJRFP7W.js → chunk-K56DTX7G.js} +6 -6
  58. package/dist/{chunk-K35D7HF3.js → chunk-N6B6RKQQ.js} +1 -1
  59. package/dist/{chunk-LTCEV7VF.js → chunk-NY7DTZ6K.js} +3 -3
  60. package/dist/{chunk-JPZY7ZQX.js → chunk-OLW7BJ5N.js} +1 -1
  61. package/dist/{chunk-KVJZQ2MV.js → chunk-ORNEK65Y.js} +1 -1
  62. package/dist/{chunk-D3XL2FLX.js → chunk-PNNFCVW4.js} +5 -5
  63. package/dist/{chunk-E5Z6NTTQ.js → chunk-Q3ZLVMQM.js} +1 -1
  64. package/dist/{chunk-PCOU2UXU.js → chunk-RAVD7QLY.js} +8 -8
  65. package/dist/{chunk-IQO7IINR.js → chunk-TSVYBDDE.js} +1 -1
  66. package/dist/{chunk-MCDCZMKN.js → chunk-TY2ESLVL.js} +1 -1
  67. package/dist/{chunk-TQRCODRJ.js → chunk-VKS3F46M.js} +1 -1
  68. package/dist/{chunk-GVNT2YC7.js → chunk-WZ7UHPT3.js} +9 -9
  69. package/dist/{chunk-ZIYLIYN4.js → chunk-YC4EYIER.js} +8 -2
  70. package/dist/{chunk-IT2KORSK.js → chunk-ZN6ROTYP.js} +1 -1
  71. package/dist/{ci-workflow-FJYRFZYQ.js → ci-workflow-EW37KVPS.js} +3 -3
  72. package/dist/{create-skill-6QWJHQYS.js → create-skill-4T5CBSJ2.js} +2 -2
  73. package/dist/{dist-ZV6GO6FA.js → dist-CJDGASPP.js} +2 -2
  74. package/dist/{dist-HPWNWCT6.js → dist-NCNAXUFD.js} +41 -1
  75. package/dist/{docs-7DW3DI4Z.js → docs-4XI2FQW2.js} +4 -4
  76. package/dist/{engine-P7EE2IWO.js → engine-4L4CDTHU.js} +3 -3
  77. package/dist/{entropy-HCXRTDFU.js → entropy-PBYSIQYS.js} +3 -3
  78. package/dist/{feedback-Y4FYN3NR.js → feedback-OTIFW5MK.js} +1 -1
  79. package/dist/{generate-agent-definitions-3EHPIWBO.js → generate-agent-definitions-CZGUXIIN.js} +4 -4
  80. package/dist/{graph-loader-KXVS3YK3.js → graph-loader-RDXSEBD7.js} +1 -1
  81. package/dist/index.d.ts +8 -8
  82. package/dist/index.js +27 -27
  83. package/dist/{loader-SKHF3JVV.js → loader-UZOXCWFC.js} +3 -3
  84. package/dist/{mcp-MWYIPDQU.js → mcp-GWVVV6LH.js} +16 -15
  85. package/dist/{performance-ADWH5NJY.js → performance-5UQPP3XX.js} +4 -4
  86. package/dist/{review-pipeline-TLKE5OQD.js → review-pipeline-65V4EO6O.js} +3 -3
  87. package/dist/{runtime-7LYAW7GU.js → runtime-PXX7HNB3.js} +3 -3
  88. package/dist/{scan-BGJ7TLLV.js → scan-WM7XDUF7.js} +1 -1
  89. package/dist/{security-5XWINYVB.js → security-CAYDRZIZ.js} +1 -1
  90. package/dist/{validate-BFFHYHY7.js → validate-CWGXR7QM.js} +4 -4
  91. package/dist/{validate-cross-check-GQX7OVCR.js → validate-cross-check-BKCNLZYG.js} +3 -3
  92. package/package.json +10 -10
  93. package/dist/agents/commands/claude-code/harness/harness.md +0 -36
  94. package/dist/agents/commands/codex/AGENTS.md +0 -39
  95. package/dist/agents/commands/codex/harness/add-harness-component/SKILL.md +0 -204
  96. package/dist/agents/commands/codex/harness/add-harness-component/agents/openai.yaml +0 -3
  97. package/dist/agents/commands/codex/harness/cleanup-dead-code/SKILL.md +0 -257
  98. package/dist/agents/commands/codex/harness/cleanup-dead-code/agents/openai.yaml +0 -3
  99. package/dist/agents/commands/codex/harness/detect-doc-drift/SKILL.md +0 -191
  100. package/dist/agents/commands/codex/harness/detect-doc-drift/agents/openai.yaml +0 -3
  101. package/dist/agents/commands/codex/harness/enforce-architecture/SKILL.md +0 -289
  102. package/dist/agents/commands/codex/harness/enforce-architecture/agents/openai.yaml +0 -3
  103. package/dist/agents/commands/codex/harness/harness-architecture-advisor/SKILL.md +0 -442
  104. package/dist/agents/commands/codex/harness/harness-architecture-advisor/agents/openai.yaml +0 -3
  105. package/dist/agents/commands/codex/harness/harness-autopilot/SKILL.md +0 -929
  106. package/dist/agents/commands/codex/harness/harness-autopilot/agents/openai.yaml +0 -3
  107. package/dist/agents/commands/codex/harness/harness-brainstorming/SKILL.md +0 -418
  108. package/dist/agents/commands/codex/harness/harness-brainstorming/agents/openai.yaml +0 -3
  109. package/dist/agents/commands/codex/harness/harness-code-review/SKILL.md +0 -850
  110. package/dist/agents/commands/codex/harness/harness-code-review/agents/openai.yaml +0 -3
  111. package/dist/agents/commands/codex/harness/harness-codebase-cleanup/SKILL.md +0 -236
  112. package/dist/agents/commands/codex/harness/harness-codebase-cleanup/agents/openai.yaml +0 -3
  113. package/dist/agents/commands/codex/harness/harness-debugging/SKILL.md +0 -378
  114. package/dist/agents/commands/codex/harness/harness-debugging/agents/openai.yaml +0 -3
  115. package/dist/agents/commands/codex/harness/harness-dependency-health/SKILL.md +0 -190
  116. package/dist/agents/commands/codex/harness/harness-dependency-health/agents/openai.yaml +0 -3
  117. package/dist/agents/commands/codex/harness/harness-docs-pipeline/SKILL.md +0 -472
  118. package/dist/agents/commands/codex/harness/harness-docs-pipeline/agents/openai.yaml +0 -3
  119. package/dist/agents/commands/codex/harness/harness-execution/SKILL.md +0 -522
  120. package/dist/agents/commands/codex/harness/harness-execution/agents/openai.yaml +0 -3
  121. package/dist/agents/commands/codex/harness/harness-hotspot-detector/SKILL.md +0 -172
  122. package/dist/agents/commands/codex/harness/harness-hotspot-detector/agents/openai.yaml +0 -3
  123. package/dist/agents/commands/codex/harness/harness-impact-analysis/SKILL.md +0 -195
  124. package/dist/agents/commands/codex/harness/harness-impact-analysis/agents/openai.yaml +0 -3
  125. package/dist/agents/commands/codex/harness/harness-integrity/SKILL.md +0 -178
  126. package/dist/agents/commands/codex/harness/harness-integrity/agents/openai.yaml +0 -3
  127. package/dist/agents/commands/codex/harness/harness-onboarding/SKILL.md +0 -299
  128. package/dist/agents/commands/codex/harness/harness-onboarding/agents/openai.yaml +0 -3
  129. package/dist/agents/commands/codex/harness/harness-perf/SKILL.md +0 -272
  130. package/dist/agents/commands/codex/harness/harness-perf/agents/openai.yaml +0 -3
  131. package/dist/agents/commands/codex/harness/harness-planning/SKILL.md +0 -592
  132. package/dist/agents/commands/codex/harness/harness-planning/agents/openai.yaml +0 -3
  133. package/dist/agents/commands/codex/harness/harness-refactoring/SKILL.md +0 -181
  134. package/dist/agents/commands/codex/harness/harness-refactoring/agents/openai.yaml +0 -3
  135. package/dist/agents/commands/codex/harness/harness-release-readiness/SKILL.md +0 -701
  136. package/dist/agents/commands/codex/harness/harness-release-readiness/agents/openai.yaml +0 -3
  137. package/dist/agents/commands/codex/harness/harness-roadmap/SKILL.md +0 -607
  138. package/dist/agents/commands/codex/harness/harness-roadmap/agents/openai.yaml +0 -3
  139. package/dist/agents/commands/codex/harness/harness-security-scan/SKILL.md +0 -147
  140. package/dist/agents/commands/codex/harness/harness-security-scan/agents/openai.yaml +0 -3
  141. package/dist/agents/commands/codex/harness/harness-skill-authoring/SKILL.md +0 -314
  142. package/dist/agents/commands/codex/harness/harness-skill-authoring/agents/openai.yaml +0 -3
  143. package/dist/agents/commands/codex/harness/harness-soundness-review/SKILL.md +0 -1280
  144. package/dist/agents/commands/codex/harness/harness-soundness-review/agents/openai.yaml +0 -3
  145. package/dist/agents/commands/codex/harness/harness-supply-chain-audit/SKILL.md +0 -255
  146. package/dist/agents/commands/codex/harness/harness-supply-chain-audit/agents/openai.yaml +0 -3
  147. package/dist/agents/commands/codex/harness/harness-tdd/SKILL.md +0 -189
  148. package/dist/agents/commands/codex/harness/harness-tdd/agents/openai.yaml +0 -3
  149. package/dist/agents/commands/codex/harness/harness-test-advisor/SKILL.md +0 -171
  150. package/dist/agents/commands/codex/harness/harness-test-advisor/agents/openai.yaml +0 -3
  151. package/dist/agents/commands/codex/harness/harness-verification/SKILL.md +0 -433
  152. package/dist/agents/commands/codex/harness/harness-verification/agents/openai.yaml +0 -3
  153. package/dist/agents/commands/codex/harness/harness-verify/SKILL.md +0 -170
  154. package/dist/agents/commands/codex/harness/harness-verify/agents/openai.yaml +0 -3
  155. package/dist/agents/commands/codex/harness/initialize-harness-project/SKILL.md +0 -244
  156. package/dist/agents/commands/codex/harness/initialize-harness-project/agents/openai.yaml +0 -3
  157. package/dist/agents/commands/cursor/harness/add-harness-component.mdc +0 -200
  158. package/dist/agents/commands/cursor/harness/cleanup-dead-code.mdc +0 -253
  159. package/dist/agents/commands/cursor/harness/detect-doc-drift.mdc +0 -187
  160. package/dist/agents/commands/cursor/harness/enforce-architecture.mdc +0 -304
  161. package/dist/agents/commands/cursor/harness/harness-architecture-advisor.mdc +0 -457
  162. package/dist/agents/commands/cursor/harness/harness-autopilot.mdc +0 -924
  163. package/dist/agents/commands/cursor/harness/harness-brainstorming.mdc +0 -414
  164. package/dist/agents/commands/cursor/harness/harness-code-review.mdc +0 -865
  165. package/dist/agents/commands/cursor/harness/harness-codebase-cleanup.mdc +0 -232
  166. package/dist/agents/commands/cursor/harness/harness-debugging.mdc +0 -374
  167. package/dist/agents/commands/cursor/harness/harness-dependency-health.mdc +0 -187
  168. package/dist/agents/commands/cursor/harness/harness-docs-pipeline.mdc +0 -468
  169. package/dist/agents/commands/cursor/harness/harness-execution.mdc +0 -518
  170. package/dist/agents/commands/cursor/harness/harness-hotspot-detector.mdc +0 -169
  171. package/dist/agents/commands/cursor/harness/harness-impact-analysis.mdc +0 -192
  172. package/dist/agents/commands/cursor/harness/harness-integrity.mdc +0 -175
  173. package/dist/agents/commands/cursor/harness/harness-onboarding.mdc +0 -296
  174. package/dist/agents/commands/cursor/harness/harness-perf.mdc +0 -268
  175. package/dist/agents/commands/cursor/harness/harness-planning.mdc +0 -587
  176. package/dist/agents/commands/cursor/harness/harness-refactoring.mdc +0 -177
  177. package/dist/agents/commands/cursor/harness/harness-release-readiness.mdc +0 -697
  178. package/dist/agents/commands/cursor/harness/harness-roadmap.mdc +0 -603
  179. package/dist/agents/commands/cursor/harness/harness-security-scan.mdc +0 -162
  180. package/dist/agents/commands/cursor/harness/harness-skill-authoring.mdc +0 -300
  181. package/dist/agents/commands/cursor/harness/harness-soundness-review.mdc +0 -1275
  182. package/dist/agents/commands/cursor/harness/harness-supply-chain-audit.mdc +0 -252
  183. package/dist/agents/commands/cursor/harness/harness-tdd.mdc +0 -185
  184. package/dist/agents/commands/cursor/harness/harness-test-advisor.mdc +0 -168
  185. package/dist/agents/commands/cursor/harness/harness-verification.mdc +0 -429
  186. package/dist/agents/commands/cursor/harness/harness-verify.mdc +0 -167
  187. package/dist/agents/commands/cursor/harness/initialize-harness-project.mdc +0 -240
  188. package/dist/agents/commands/gemini-cli/harness/harness.toml +0 -277
  189. package/dist/{chunk-RRHUCDRD.js → chunk-ZP5E7YET.js} +3 -3
@@ -1,172 +0,0 @@
1
- <!-- Generated by harness generate-slash-commands. Do not edit. -->
2
-
3
- # Harness Hotspot Detector
4
-
5
- > Identify modules that represent structural risk via co-change and churn analysis.
6
-
7
- ## When to Use
8
-
9
- - Weekly scheduled analysis to track codebase risk
10
- - Before major refactoring — find the riskiest areas
11
- - When investigating why changes keep breaking unrelated features
12
- - NOT for finding dead code (use cleanup-dead-code)
13
- - NOT for checking architecture rules (use enforce-architecture)
14
-
15
- ## Prerequisites
16
-
17
- A knowledge graph at `.harness/graph/` with git history enables full analysis. If no graph exists,
18
- the skill uses static analysis fallbacks (see Graph Availability section).
19
- Run `harness scan` to enable graph-enhanced analysis.
20
-
21
- ### Graph Availability
22
-
23
- Before starting, check if `.harness/graph/graph.json` exists.
24
-
25
- **If graph exists:** Use graph tools as primary strategy. (Staleness sensitivity: **Low** — never auto-refresh.
26
- Git-based churn data in the graph remains useful even when slightly stale.)
27
-
28
- **If graph exists and is fresh (or refreshed):** Use graph tools as primary strategy.
29
-
30
- **If no graph exists:** Output "Running without graph (run `harness scan` to
31
- enable full analysis)" and use fallback strategies for all subsequent steps.
32
-
33
- ## Process
34
-
35
- ### Phase 1: CO-CHANGE — Analyze Co-Change Patterns
36
-
37
- Query the graph for `co_changes_with` edges (created by GitIngestor):
38
-
39
- ```
40
- query_graph(rootNodeIds=[all file nodes], includeEdges=["co_changes_with"])
41
- ```
42
-
43
- Identify file pairs that frequently change together:
44
-
45
- - **Co-located pairs** (same directory): Normal — they share a concern.
46
- - **Distant pairs** (different modules): Suspicious — may indicate hidden coupling.
47
-
48
- Flag distant co-change pairs as potential hotspots.
49
-
50
- ### Phase 2: CHURN — Identify High-Churn Files
51
-
52
- Query commit nodes to find files with the highest change frequency:
53
-
54
- ```
55
- query_graph(rootNodeIds=[commit nodes], includeTypes=["commit", "file"], includeEdges=["co_changes_with"])
56
- ```
57
-
58
- Rank files by:
59
-
60
- - Total commit count touching the file
61
- - Recent velocity (commits in last 30 days vs prior 30 days)
62
- - Change size (total lines added + deleted)
63
-
64
- High churn in shared utilities or core modules = high risk.
65
-
66
- #### Fallback (without graph)
67
-
68
- When no graph is available, git log provides nearly all the data needed (~90% completeness):
69
-
70
- 1. **Per-file churn**: `git log --format="%H" -- <file>` for each source file (use glob to enumerate). Count commits per file. Sort descending to rank by churn.
71
- 2. **Recent velocity**: `git log --since="30 days ago" --format="%H" -- <file>` vs `git log --since="60 days ago" --until="30 days ago" --format="%H" -- <file>` to compare recent vs prior 30-day windows.
72
- 3. **Co-change detection**: `git log --format="%H %n" --name-only` to build a map of which files changed together in the same commit. File pairs that appear together in >3 commits are co-change candidates.
73
- 4. **Distant co-change identification**: For co-change pairs, check if they share a parent directory (co-located = normal) or are in different modules (distant = suspicious).
74
- 5. **Complexity proxy**: Use line count (`wc -l`) as a rough proxy for complexity when graph complexity metrics are unavailable.
75
- 6. **Hidden dependency detection**: Cross-reference co-change pairs against import parsing (grep for import statements). Co-change pairs with no import relationship indicate hidden dependencies.
76
-
77
- > Fallback completeness: ~90% — git log provides nearly all the data the graph stores for this use case.
78
-
79
- ### Phase 3: COUPLING — Detect Hidden Dependencies
80
-
81
- Cross-reference co-change data with structural data:
82
-
83
- 1. **High logical coupling, low structural coupling**: Files that always change together but have no `imports` edge between them. This indicates a hidden dependency — changing one requires changing the other, but the code doesn't express this relationship.
84
-
85
- 2. **High structural coupling, low logical coupling**: Files with `imports` edges but that rarely change together. This may indicate over-coupling — the import exists but the relationship is weak.
86
-
87
- Use `get_relationships` to check structural edges between co-change pairs.
88
-
89
- ### Phase 4: REPORT — Generate Ranked Hotspot Report
90
-
91
- ```
92
- ## Hotspot Analysis Report
93
-
94
- ### Risk Hotspots (ranked by risk score)
95
-
96
- 1. **src/services/billing.ts** — Risk: HIGH
97
- - Churn: 23 commits (last 30 days: 8)
98
- - Co-changes with: src/types/invoice.ts (distant, 15 co-changes)
99
- - Hidden dependency: no imports edge to invoice.ts
100
- - Recommendation: Extract shared billing types or add explicit dependency
101
-
102
- 2. **src/utils/helpers.ts** — Risk: HIGH
103
- - Churn: 45 commits (highest in codebase)
104
- - Co-changes with: 12 different files across 4 modules
105
- - Recommendation: Split into domain-specific utilities to reduce blast radius
106
-
107
- 3. **src/middleware/auth.ts** — Risk: MEDIUM
108
- - Churn: 15 commits
109
- - Co-changes with: src/routes/login.ts (co-located, expected)
110
- - No hidden dependencies detected
111
-
112
- ### Summary
113
- - Total hotspots detected: 5
114
- - High risk: 2
115
- - Medium risk: 3
116
- - Hidden dependencies: 1
117
- ```
118
-
119
- ## Harness Integration
120
-
121
- - **`harness scan`** — Recommended before this skill for full graph-enhanced analysis. If graph is missing, skill uses git log fallbacks.
122
- - **`harness validate`** — Run after acting on findings to verify project health.
123
- - **Graph tools** — This skill uses `query_graph`, `get_impact`, and `get_relationships` MCP tools.
124
-
125
- ## Success Criteria
126
-
127
- - Hotspots ranked by composite risk score (churn + coupling)
128
- - Hidden dependencies identified (high co-change, no structural edge)
129
- - Co-change patterns detected and classified (co-located vs distant)
130
- - Report follows the structured output format
131
- - All findings are backed by graph query evidence (with graph) or git log analysis (without graph)
132
-
133
- ## Examples
134
-
135
- ### Example: Detecting Hotspots in a Growing Codebase
136
-
137
- ```
138
- Input: Scheduled weekly analysis on project root
139
-
140
- 1. CO-CHANGE — query_graph for co_changes_with edges
141
- Found 4 distant co-change pairs
142
- 2. CHURN — Ranked files by commit frequency
143
- billing.ts: 23 commits, helpers.ts: 45 commits
144
- 3. COUPLING — Cross-referenced co-change vs imports edges
145
- billing.ts <-> invoice.ts: 15 co-changes, no imports edge
146
- (hidden dependency detected)
147
- 4. REPORT — Ranked hotspots by risk score
148
-
149
- Output:
150
- Hotspots: 5 total (2 high, 3 medium)
151
- Hidden dependencies: 1 (billing.ts <-> invoice.ts)
152
- Top recommendation: Extract shared billing types
153
- ```
154
-
155
- ## Rationalizations to Reject
156
-
157
- | Rationalization | Reality |
158
- | --- | --- |
159
- | "High churn just means the file is actively developed, not that it is risky" | High churn in shared utilities specifically equals high risk. A file with 45 commits that co-changes with 12 different files indicates hidden coupling. |
160
- | "The co-change pair is between two files in different modules, but they probably just happen to change at the same time" | Distant co-change pairs are flagged as suspicious precisely because they indicate hidden coupling. |
161
- | "No graph exists so the analysis will be too incomplete to be useful" | Git log provides ~90% of the data needed for hotspot detection. The fallback is the highest-completeness fallback across all graph-enhanced skills. |
162
-
163
- ## Gates
164
-
165
- - **Graph preferred, fallback available.** If no graph exists, use git log for churn and co-change analysis. Do not stop — git log provides ~90% of the data needed.
166
- - **Systematic analysis required.** Use graph `co_changes_with` edges when available; use `git log` commit analysis when not. Do not guess — parse actual git history.
167
-
168
- ## Escalation
169
-
170
- - **When hidden dependencies found**: Recommend making the dependency explicit (add import) or extracting shared code.
171
- - **When a single file has >30 commits**: Flag as critical hotspot requiring architectural attention.
172
-
@@ -1,3 +0,0 @@
1
- # Reserved for Phase B native integration
2
- name: harness-hotspot-detector
3
- version: "1.0.0"
@@ -1,195 +0,0 @@
1
- <!-- Generated by harness generate-slash-commands. Do not edit. -->
2
-
3
- # Harness Impact Analysis
4
-
5
- > Graph-based impact analysis. Answers: "if I change X, what breaks?"
6
-
7
- ## When to Use
8
-
9
- - Before merging a PR — understand the blast radius of changes
10
- - When planning a refactoring — know what will be affected
11
- - When a test fails — trace backwards to find what change caused it
12
- - When `on_pr` triggers fire
13
- - NOT for understanding code (use harness-onboarding or harness-code-review)
14
- - NOT for finding dead code (use cleanup-dead-code)
15
-
16
- ## Prerequisites
17
-
18
- A knowledge graph at `.harness/graph/` enables full analysis. If no graph exists,
19
- the skill uses static analysis fallbacks (see Graph Availability section).
20
- Run `harness scan` to enable graph-enhanced analysis.
21
-
22
- ### Graph Availability
23
-
24
- Before starting, check if `.harness/graph/graph.json` exists.
25
-
26
- **If graph exists:** Check staleness — compare `.harness/graph/metadata.json`
27
- scanTimestamp against `git log -1 --format=%ct` (latest commit timestamp).
28
- If graph is more than 2 commits behind (`git log --oneline <scanTimestamp>..HEAD | wc -l`),
29
- run `harness scan` to refresh before proceeding. (Staleness sensitivity: **High**)
30
-
31
- **If graph exists and is fresh (or refreshed):** Use graph tools as primary strategy.
32
-
33
- **If no graph exists:** Output "Running without graph (run `harness scan` to
34
- enable full analysis)" and use fallback strategies for all subsequent steps.
35
-
36
- ## Process
37
-
38
- ### Phase 1: IDENTIFY — Determine Changed Files
39
-
40
- 1. **From diff**: If a git diff is available, parse it to extract changed file paths.
41
- 2. **From input**: If file paths are provided directly, use those.
42
- 3. **From git**: If neither, use `git diff --name-only HEAD~1` to get recent changes.
43
-
44
- ### Phase 2: ANALYZE — Query Graph for Impact
45
-
46
- For each changed file:
47
-
48
- 1. **Direct dependents**: Use `get_impact` MCP tool to find all files that import or call the changed file.
49
-
50
- ```
51
- get_impact(filePath="src/services/auth.ts")
52
- → tests: [auth.test.ts, integration.test.ts]
53
- → docs: [auth-guide.md]
54
- → code: [routes/login.ts, middleware/verify.ts, ...]
55
- ```
56
-
57
- 2. **Transitive dependents**: Use `query_graph` with depth 3 to find indirect consumers.
58
-
59
- ```
60
- query_graph(rootNodeIds=["file:src/services/auth.ts"], maxDepth=3, includeEdges=["imports", "calls"])
61
- ```
62
-
63
- 3. **Documentation impact**: Use `get_relationships` to find `documents` edges pointing to changed nodes.
64
-
65
- 4. **Test coverage**: Identify test files connected via `imports` edges. Flag changed files with no test coverage.
66
-
67
- 5. **Design token impact**: When the graph contains `DesignToken` nodes, use `query_graph` with `USES_TOKEN` edges to find components that consume changed tokens.
68
-
69
- ```
70
- query_graph(rootNodeIds=["designtoken:color.primary"], maxDepth=2, includeEdges=["uses_token"])
71
- → components: [Button.tsx, Card.tsx, Header.tsx, ...]
72
- ```
73
-
74
- If a changed file is `design-system/tokens.json`, identify ALL tokens that changed and trace each to its consuming components. This reveals the full design blast radius of a token change.
75
-
76
- 6. **Design constraint impact**: When the graph contains `DesignConstraint` nodes, check if changed code introduces new `VIOLATES_DESIGN` edges.
77
-
78
- #### Fallback (without graph)
79
-
80
- When no graph is available, use static analysis to approximate impact:
81
-
82
- 1. **Parse imports**: For each changed file, grep all source files for `import.*from.*<changed-file>` and `require.*<changed-file>` patterns to find direct dependents.
83
- 2. **Follow imports 2 levels deep**: For each direct dependent found, repeat the import grep to find second-level dependents. Stop at 2 levels (fallback cannot reliably trace deeper).
84
- 3. **Find test files by naming convention**: For each changed file `foo.ts`, search for:
85
- - `foo.test.ts`, `foo.spec.ts` (same directory and `__tests__/` directory)
86
- - `*.test.*` and `*.spec.*` files that import the changed file (from step 1)
87
- 4. **Find docs by path matching**: Grep `docs/` directory for references to the changed module name (filename without extension).
88
- 5. **Group results** the same as the graph version: tests, docs, code, other. Note the count of files found.
89
-
90
- > Fallback completeness: ~70% — misses transitive deps beyond 2 levels.
91
-
92
- ### Phase 3: ASSESS — Risk Assessment and Report
93
-
94
- 1. **Impact score**: Calculate based on:
95
- - Number of direct dependents (weight: 3x)
96
- - Number of transitive dependents (weight: 1x)
97
- - Whether affected code includes entry points (weight: 5x)
98
- - Whether tests exist for the changed code (no tests = higher risk)
99
- - Whether design tokens are affected (weight: 2x — token changes cascade to all consumers)
100
-
101
- 2. **Risk tiers**:
102
- - **Critical** (score > 50): Changes affect entry points or >20 downstream files
103
- - **High** (score 20-50): Changes affect multiple modules or shared utilities
104
- - **Medium** (score 5-20): Changes affect a few files within the same module
105
- - **Low** (score < 5): Changes are isolated with minimal downstream impact
106
-
107
- 3. **Output report**:
108
-
109
- ```
110
- ## Impact Analysis Report
111
-
112
- ### Changed Files
113
- - src/services/auth.ts (modified)
114
- - src/types/user.ts (modified)
115
-
116
- ### Impact Summary
117
- - Direct dependents: 8 files
118
- - Transitive dependents: 23 files
119
- - Affected tests: 5 files
120
- - Affected docs: 2 files
121
- - Risk tier: HIGH
122
-
123
- ### Affected Tests (must run)
124
- 1. tests/services/auth.test.ts (direct)
125
- 2. tests/routes/login.test.ts (transitive)
126
- 3. tests/integration/auth-flow.test.ts (transitive)
127
-
128
- ### Affected Documentation (may need update)
129
- 1. docs/auth-guide.md → documents src/services/auth.ts
130
- 2. docs/api-reference.md → documents src/types/user.ts
131
-
132
- ### Downstream Consumers
133
- 1. src/routes/login.ts — imports auth.ts
134
- 2. src/middleware/verify.ts — imports auth.ts
135
- 3. src/routes/signup.ts — imports user.ts (transitive via auth.ts)
136
-
137
- ### Affected Design Tokens (when tokens change)
138
- 1. color.primary → used by 12 components
139
- 2. typography.body → used by 8 components
140
- ```
141
-
142
- ## Harness Integration
143
-
144
- - **`harness scan`** — Recommended before this skill for full graph-enhanced analysis. If graph is missing, skill uses static analysis fallbacks.
145
- - **`harness validate`** — Run after acting on findings to verify project health.
146
- - **Graph tools** — This skill uses `query_graph`, `get_impact`, and `get_relationships` MCP tools.
147
-
148
- ## Success Criteria
149
-
150
- - Impact report generated with a risk tier (Critical / High / Medium / Low)
151
- - All affected test files listed with direct vs transitive classification
152
- - All affected documentation files listed with relationship context
153
- - Report follows the structured output format
154
- - All findings are backed by graph query evidence (with graph) or systematic static analysis (without graph)
155
-
156
- ## Examples
157
-
158
- ### Example: Analyzing a Change to auth.ts
159
-
160
- ```
161
- Input: git diff shows src/services/auth.ts modified
162
-
163
- 1. IDENTIFY — Extract changed file: src/services/auth.ts
164
- 2. ANALYZE — get_impact(filePath="src/services/auth.ts")
165
- query_graph(rootNodeIds=["file:src/services/auth.ts"], maxDepth=3)
166
- Results: 8 direct dependents, 23 transitive, 5 tests, 2 docs
167
- 3. ASSESS — Impact score: 34 (High tier)
168
- - Entry points affected: no
169
- - Tests exist: yes (5 files)
170
-
171
- Output:
172
- Risk tier: HIGH
173
- Must-run tests: auth.test.ts, login.test.ts, auth-flow.test.ts
174
- Docs to update: auth-guide.md, api-reference.md
175
- Downstream consumers: 8 files across 3 modules
176
- ```
177
-
178
- ## Rationalizations to Reject
179
-
180
- | Rationalization | Reality |
181
- | --- | --- |
182
- | "The change is small so the blast radius must be low -- I can skip the transitive dependent check" | Small changes to shared utilities can have outsized blast radius. A one-line change to auth.ts can affect 23 transitive dependents. |
183
- | "The graph is a few commits behind but it is close enough for this analysis" | If the graph is more than 2 commits behind, the skill requires a refresh before proceeding. Recent commits may have added new consumers. |
184
- | "No graph exists so I cannot produce a useful impact analysis" | The fallback strategy using import parsing and naming conventions achieves ~70% completeness. Missing the graph does not mean stopping. |
185
-
186
- ## Gates
187
-
188
- - **Graph preferred, fallback available.** If no graph exists, use fallback strategies (import parsing, naming conventions, path matching). Do not stop — produce the best analysis possible with available tools.
189
- - **No risk assessment without data.** Use graph queries when available; use import parsing and naming conventions when not. If neither approach yields data, state what is missing.
190
-
191
- ## Escalation
192
-
193
- - **When graph is stale**: If the graph's last scan timestamp is older than the most recent commit, warn that results may be incomplete and suggest re-scanning.
194
- - **When impact is critical**: If risk tier is Critical, recommend a thorough code review and full test suite run before merging.
195
-
@@ -1,3 +0,0 @@
1
- # Reserved for Phase B native integration
2
- name: harness-impact-analysis
3
- version: "1.0.0"
@@ -1,178 +0,0 @@
1
- <!-- Generated by harness generate-slash-commands. Do not edit. -->
2
-
3
- # Harness Integrity
4
-
5
- > Unified integrity gate — single invocation chains mechanical verification with AI-powered code review and produces a consolidated pass/fail report.
6
-
7
- ## When to Use
8
-
9
- - Before opening or merging a pull request
10
- - At project milestones as a comprehensive quality check
11
- - When you need a single authoritative answer: "is this code ready to ship?"
12
- - NOT after every task (use `harness-verify` for quick post-task checks)
13
- - NOT for deep architectural audits (use `harness-verification` for that)
14
-
15
- ## Relationship to Other Skills
16
-
17
- | Skill | What It Does | Scope | Time |
18
- | ---------------------------- | ---------------------------------------------- | ---------------------- | ----- |
19
- | **harness-verify** | Mechanical only: typecheck, lint, test | Exit codes | ~30s |
20
- | **harness-code-review** | AI only: change-type-aware review | LLM analysis | ~2min |
21
- | **harness-integrity** (this) | Both: verify + code-review unified | Full pipeline | ~3min |
22
- | **harness-verification** | Deep audit: architecture, patterns, edge cases | Thorough investigation | ~5min |
23
-
24
- `harness-integrity` is the standard pre-PR gate. It runs the fast mechanical checks first, then layers on AI review, and produces a single consolidated report.
25
-
26
- ## Process
27
-
28
- ### Phase 1: VERIFY
29
-
30
- Invoke `harness-verify` to run the mechanical quick gate.
31
-
32
- 1. Delegate entirely to `harness-verify` — typecheck, lint, test.
33
- 2. Capture the structured result (PASS/FAIL per check).
34
- 3. **If ALL three checks FAIL**, stop here. Do not proceed to Phase 2. The code is not in a reviewable state.
35
- 4. If at least one check passes (or some are skipped), proceed to Phase 2.
36
-
37
- ### Phase 1.5: SECURITY SCAN
38
-
39
- Run the built-in security scanner as a mechanical check between verification and AI review.
40
-
41
- 1. Use `run_security_scan` MCP tool against the project root (or changed files if available).
42
- 2. Capture findings by severity: errors, warnings, info.
43
- 3. **Error-severity security findings are blocking** — they cause the overall integrity check to FAIL, same as a test failure.
44
- 4. Warning/info findings are included in the report but do not block.
45
-
46
- ### Phase 1.7: DESIGN HEALTH (conditional)
47
-
48
- When the project has `design` configured in `harness.config.json`:
49
-
50
- 1. Run `harness-design` in review mode to check existing components against design intent and anti-patterns.
51
- 2. Run `harness-accessibility` in scan+evaluate mode to check WCAG compliance.
52
- 3. Combine findings into a design health summary:
53
- - Error count (blocking, based on strictness)
54
- - Warning count (non-blocking)
55
- - Info count (advisory)
56
- 4. **Error-severity design findings are blocking** in `strict` mode only. In `standard` and `permissive` modes, design findings do not block.
57
- 5. If no `design` block exists, skip this phase entirely.
58
-
59
- ### Phase 1.8: I18N SCAN (conditional)
60
-
61
- When the project has `i18n.enabled: true` in `harness.config.json`:
62
-
63
- 1. Run `harness-i18n` in scan mode to detect hardcoded strings, missing translations, locale-sensitive formatting issues, and RTL violations.
64
- 2. Combine findings into an i18n health summary:
65
- - Error count (blocking, based on `i18n.strictness`)
66
- - Warning count (non-blocking)
67
- - Info count (advisory)
68
- 3. **Error-severity i18n findings are blocking** in `strict` mode only. In `standard` and `permissive` modes, i18n findings do not block.
69
- 4. If no `i18n` block exists or `i18n.enabled` is false, skip this phase entirely.
70
-
71
- ### Phase 2: REVIEW
72
-
73
- Run change-type-aware AI review using `harness-code-review`.
74
-
75
- 1. Detect the change type if not provided: `feature`, `bugfix`, `refactor`, or `docs`.
76
- 2. Invoke `harness-code-review` with the detected change type.
77
- 3. Capture the review findings: suggestions, blocking issues, and notes.
78
- 4. A review finding is "blocking" only if it would cause a runtime error, data loss, or security vulnerability.
79
- 5. The AI review includes a security-focused pass that complements the mechanical scanner — checking for semantic issues like user input flowing to dangerous sinks across function boundaries.
80
-
81
- ### Phase 3: REPORT
82
-
83
- Produce a unified integrity report in this exact format:
84
-
85
- ```
86
- Integrity Check: [PASS/FAIL]
87
- - Tests: [PASS/FAIL/SKIPPED]
88
- - Lint: [PASS/FAIL/SKIPPED]
89
- - Types: [PASS/FAIL/SKIPPED]
90
- - Security: [PASS/WARN/FAIL] ([count] errors, [count] warnings)
91
- - Design: [PASS/WARN/FAIL/SKIPPED] ([count] errors, [count] warnings)
92
- - i18n: [PASS/WARN/FAIL/SKIPPED] ([count] errors, [count] warnings)
93
- - Review: [PASS/FAIL] ([count] suggestions, [count] blocking)
94
-
95
- Overall: [PASS/FAIL]
96
- ```
97
-
98
- Rules:
99
-
100
- - Overall `PASS` requires: all non-skipped mechanical checks pass AND zero blocking review findings AND zero blocking design findings (strict mode only) AND zero blocking i18n findings (strict mode only).
101
- - Any mechanical failure OR any blocking review finding means `FAIL`.
102
- - On FAIL, include a summary section listing each failure reason.
103
- - Non-blocking review suggestions are noted but do not cause FAIL.
104
-
105
- ## Deterministic Checks
106
-
107
- - **Phase 1 is fully deterministic.** Exit codes determine pass/fail with no interpretation.
108
- - **Phase 2 involves LLM judgment.** The AI review may produce different results on repeated runs. Only "blocking" findings (runtime errors, data loss, security) affect the overall result.
109
-
110
- ## Harness Integration
111
-
112
- - Chains harness-verify (mechanical) and harness-code-review (AI) into a unified pipeline
113
- - Follows Principle 7 — deterministic checks always run first
114
- - Consumes change-type detection from harness-code-review for per-type checklists
115
- - Output can be written to `.harness/integrity-report.md` for CI integration
116
- - Invokes `harness-design` and `harness-accessibility` for design health when `design` config exists
117
- - Design strictness from config controls whether design findings block the overall result
118
- - Invokes `harness-i18n` for i18n compliance when `i18n.enabled` is true in config. i18n strictness controls whether findings block the overall result.
119
-
120
- ## Success Criteria
121
-
122
- - [ ] Mechanical verification ran and produced structured results
123
- - [ ] AI review ran with change-type awareness
124
- - [ ] Unified report follows the exact format
125
- - [ ] Overall verdict correctly reflects both mechanical and review results
126
-
127
- ## Examples
128
-
129
- ### Example: All Clear
130
-
131
- ```
132
- Integrity Check: PASS
133
- - Tests: PASS (42/42)
134
- - Lint: PASS (0 warnings)
135
- - Types: PASS
136
- - Security: PASS (0 errors, 0 warnings)
137
- - Design: PASS (0 errors, 0 warnings)
138
- - i18n: PASS (0 errors, 0 warnings)
139
- - Review: 1 suggestion (0 blocking)
140
- ```
141
-
142
- ### Example: Security Blocking Issue
143
-
144
- ```
145
- Integrity Check: FAIL
146
- - Tests: PASS (42/42)
147
- - Lint: PASS
148
- - Types: PASS
149
- - Security: FAIL (1 error, 0 warnings)
150
- - [SEC-INJ-002] src/auth/login.ts:42 — SQL query built with string concatenation
151
- - Design: WARN (0 errors, 2 warnings)
152
- - i18n: SKIPPED
153
- - Review: 3 findings (1 blocking)
154
-
155
- Blocking: [SEC-INJ-002] SQL injection — user input passed directly to query without parameterization.
156
- ```
157
-
158
- ## Rationalizations to Reject
159
-
160
- | Rationalization | Reality |
161
- | --- | --- |
162
- | "All three mechanical checks failed, but I should still run the AI review to get useful feedback" | When ALL three checks fail, stop immediately. Do not proceed to Phase 2. AI review on code that does not compile is wasted effort. |
163
- | "The security scanner found a warning but it is not high severity, so it should not affect the overall result" | Error-severity security findings are blocking. The distinction is severity, not the agent's opinion of importance. |
164
- | "The AI review flagged an architectural concern as blocking, so the integrity check should fail" | Only runtime errors, data loss, and security vulnerabilities count as blocking review findings. Architectural concerns are noted but do not block. |
165
-
166
- ## Gates
167
-
168
- - **Mechanical first.** Always run Phase 1 before Phase 2. If the code does not compile or pass basic checks, AI review is wasted effort (unless partial results exist).
169
- - **No partial reports.** The report must include results from all phases that were executed. Do not output Phase 1 results without attempting Phase 2 (unless the all-fail early stop triggers).
170
- - **Fresh execution only.** Do not reuse cached results. Run everything from scratch each time.
171
-
172
- ## Escalation
173
-
174
- - **All checks fail:** If typecheck, lint, and test all fail in Phase 1, stop immediately. Report the failures and skip Phase 2. The code needs basic fixes before review is worthwhile.
175
- - **Architectural concerns:** If the AI review identifies architectural concerns, note them in the report but do not mark them as blocking. Architectural decisions require human judgment.
176
- - **Timeout:** Phase 1 inherits the 120-second per-command timeout from `harness-verify`. Phase 2 has a 180-second timeout for the AI review.
177
- - **Missing dependencies:** If `harness-verify` or `harness-code-review` skills are unavailable, report the missing dependency and mark the corresponding phase as `ERROR`.
178
-
@@ -1,3 +0,0 @@
1
- # Reserved for Phase B native integration
2
- name: harness-integrity
3
- version: "1.0.0"