@harness-engineering/cli 1.26.0 → 1.26.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/skills/README.md +1 -0
- package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +33 -5
- package/dist/agents/skills/claude-code/harness-execution/SKILL.md +6 -0
- package/dist/agents/skills/claude-code/harness-planning/SKILL.md +25 -1
- package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +22 -6
- package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +2 -1
- package/dist/agents/skills/claude-code/initialize-test-suite-project/SKILL.md +415 -0
- package/dist/agents/skills/claude-code/initialize-test-suite-project/skill.yaml +35 -0
- package/dist/agents/skills/codex/harness-brainstorming/SKILL.md +33 -5
- package/dist/agents/skills/codex/harness-execution/SKILL.md +6 -0
- package/dist/agents/skills/codex/harness-planning/SKILL.md +25 -1
- package/dist/agents/skills/codex/initialize-harness-project/SKILL.md +22 -6
- package/dist/agents/skills/codex/initialize-harness-project/skill.yaml +2 -1
- package/dist/agents/skills/codex/initialize-test-suite-project/SKILL.md +415 -0
- package/dist/agents/skills/codex/initialize-test-suite-project/skill.yaml +35 -0
- package/dist/agents/skills/cursor/harness-brainstorming/SKILL.md +33 -5
- package/dist/agents/skills/cursor/harness-execution/SKILL.md +6 -0
- package/dist/agents/skills/cursor/harness-planning/SKILL.md +25 -1
- package/dist/agents/skills/cursor/initialize-harness-project/SKILL.md +22 -6
- package/dist/agents/skills/cursor/initialize-harness-project/skill.yaml +2 -1
- package/dist/agents/skills/cursor/initialize-test-suite-project/SKILL.md +415 -0
- package/dist/agents/skills/cursor/initialize-test-suite-project/skill.yaml +35 -0
- package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +33 -5
- package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +6 -0
- package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +25 -1
- package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +22 -6
- package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +2 -1
- package/dist/agents/skills/gemini-cli/initialize-test-suite-project/SKILL.md +415 -0
- package/dist/agents/skills/gemini-cli/initialize-test-suite-project/skill.yaml +35 -0
- package/dist/agents/skills/tests/initialize-test-suite-project.test.ts +152 -0
- package/dist/{agents-md-OPOZA5L7.js → agents-md-VI3HLR7E.js} +3 -3
- package/dist/{architecture-PMVMO6SF.js → architecture-ZDDKEVID.js} +4 -4
- package/dist/{assess-project-ZW7EKNIT.js → assess-project-Y6W7YDUA.js} +1 -1
- package/dist/bin/harness-mcp.js +16 -15
- package/dist/bin/harness.js +27 -27
- package/dist/{check-phase-gate-NTLAU3LO.js → check-phase-gate-CXR3VM22.js} +4 -4
- package/dist/{chunk-CAS3TS4Y.js → chunk-2BPPS6YQ.js} +793 -94
- package/dist/{chunk-VV2PJT4K.js → chunk-2FPUPRCY.js} +777 -598
- package/dist/{chunk-IFHAUFJX.js → chunk-3AMQYWGT.js} +2 -2
- package/dist/{chunk-FI3D6D7U.js → chunk-56A6OXVA.js} +9 -9
- package/dist/{chunk-QYSWNPXZ.js → chunk-7GY6WNEI.js} +1 -1
- package/dist/{chunk-ZBQ3ZY75.js → chunk-AMRC4FU2.js} +44 -41
- package/dist/{chunk-JZ6GORAK.js → chunk-B66LRB5M.js} +1 -1
- package/dist/{chunk-KFE2X7LG.js → chunk-BK4DJIIY.js} +4 -4
- package/dist/{chunk-G6SYTGOH.js → chunk-DBIX3X4H.js} +2 -2
- package/dist/{chunk-KXIAHHHP.js → chunk-FUND5WJR.js} +2 -2
- package/dist/{chunk-JWSVLC4I.js → chunk-JV4Y2U5F.js} +1 -1
- package/dist/{chunk-RNAGPTKF.js → chunk-K56DTX7G.js} +6 -6
- package/dist/{chunk-EXTWTJRF.js → chunk-N6B6RKQQ.js} +1 -1
- package/dist/{chunk-JBJ4AVE4.js → chunk-NY7DTZ6K.js} +3 -3
- package/dist/{chunk-Z2JORLRT.js → chunk-OLW7BJ5N.js} +1 -1
- package/dist/{chunk-HAOBHL3W.js → chunk-ORNEK65Y.js} +1 -1
- package/dist/{chunk-7JNZXJKY.js → chunk-PNNFCVW4.js} +5 -5
- package/dist/{chunk-NIOB6FTG.js → chunk-Q3ZLVMQM.js} +1 -1
- package/dist/{chunk-NVGQO4VM.js → chunk-RAVD7QLY.js} +8 -8
- package/dist/{chunk-J3O64D2A.js → chunk-TSVYBDDE.js} +1 -1
- package/dist/{chunk-KSFUJT5B.js → chunk-TY2ESLVL.js} +1 -1
- package/dist/{chunk-4KSKV5MK.js → chunk-VKS3F46M.js} +1 -1
- package/dist/{chunk-UBRD5FH4.js → chunk-WZ7UHPT3.js} +9 -9
- package/dist/{chunk-77EZGPSR.js → chunk-YC4EYIER.js} +8 -2
- package/dist/{chunk-6SCA4NEZ.js → chunk-ZN6ROTYP.js} +1 -1
- package/dist/{ci-workflow-H52EMCL6.js → ci-workflow-EW37KVPS.js} +3 -3
- package/dist/{create-skill-6QWJHQYS.js → create-skill-4T5CBSJ2.js} +2 -2
- package/dist/{dist-TG63OKA5.js → dist-CJDGASPP.js} +2 -2
- package/dist/{dist-PGQ32ZI7.js → dist-NCNAXUFD.js} +1 -1
- package/dist/{docs-GP4VUSIB.js → docs-4XI2FQW2.js} +4 -4
- package/dist/{engine-KQG5RVXX.js → engine-4L4CDTHU.js} +3 -3
- package/dist/{entropy-RXESIYKC.js → entropy-PBYSIQYS.js} +3 -3
- package/dist/{feedback-HS7ZYXOU.js → feedback-OTIFW5MK.js} +1 -1
- package/dist/{generate-agent-definitions-I4B7CVOB.js → generate-agent-definitions-CZGUXIIN.js} +4 -4
- package/dist/{graph-loader-TIVI6NQ7.js → graph-loader-RDXSEBD7.js} +1 -1
- package/dist/index.js +27 -27
- package/dist/{loader-CWAH6B4H.js → loader-UZOXCWFC.js} +3 -3
- package/dist/{mcp-KHK5KYER.js → mcp-GWVVV6LH.js} +16 -15
- package/dist/{performance-WDW5WS3J.js → performance-5UQPP3XX.js} +4 -4
- package/dist/{review-pipeline-QOZGWCTY.js → review-pipeline-65V4EO6O.js} +3 -3
- package/dist/{runtime-SFEFRPLX.js → runtime-PXX7HNB3.js} +3 -3
- package/dist/{scan-IJ7EYTF7.js → scan-WM7XDUF7.js} +1 -1
- package/dist/{security-2K7UUK6T.js → security-CAYDRZIZ.js} +1 -1
- package/dist/{validate-HXM6DXRZ.js → validate-CWGXR7QM.js} +4 -4
- package/dist/{validate-cross-check-ULQLEOME.js → validate-cross-check-BKCNLZYG.js} +3 -3
- package/package.json +4 -4
- package/dist/agents/commands/claude-code/harness/harness.md +0 -36
- package/dist/agents/commands/codex/AGENTS.md +0 -39
- package/dist/agents/commands/codex/harness/add-harness-component/SKILL.md +0 -204
- package/dist/agents/commands/codex/harness/add-harness-component/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/cleanup-dead-code/SKILL.md +0 -257
- package/dist/agents/commands/codex/harness/cleanup-dead-code/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/detect-doc-drift/SKILL.md +0 -191
- package/dist/agents/commands/codex/harness/detect-doc-drift/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/enforce-architecture/SKILL.md +0 -289
- package/dist/agents/commands/codex/harness/enforce-architecture/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-architecture-advisor/SKILL.md +0 -442
- package/dist/agents/commands/codex/harness/harness-architecture-advisor/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-autopilot/SKILL.md +0 -929
- package/dist/agents/commands/codex/harness/harness-autopilot/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-brainstorming/SKILL.md +0 -418
- package/dist/agents/commands/codex/harness/harness-brainstorming/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-code-review/SKILL.md +0 -850
- package/dist/agents/commands/codex/harness/harness-code-review/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-codebase-cleanup/SKILL.md +0 -236
- package/dist/agents/commands/codex/harness/harness-codebase-cleanup/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-debugging/SKILL.md +0 -378
- package/dist/agents/commands/codex/harness/harness-debugging/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-dependency-health/SKILL.md +0 -190
- package/dist/agents/commands/codex/harness/harness-dependency-health/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-docs-pipeline/SKILL.md +0 -472
- package/dist/agents/commands/codex/harness/harness-docs-pipeline/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-execution/SKILL.md +0 -522
- package/dist/agents/commands/codex/harness/harness-execution/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-hotspot-detector/SKILL.md +0 -172
- package/dist/agents/commands/codex/harness/harness-hotspot-detector/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-impact-analysis/SKILL.md +0 -195
- package/dist/agents/commands/codex/harness/harness-impact-analysis/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-integrity/SKILL.md +0 -178
- package/dist/agents/commands/codex/harness/harness-integrity/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-onboarding/SKILL.md +0 -299
- package/dist/agents/commands/codex/harness/harness-onboarding/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-perf/SKILL.md +0 -272
- package/dist/agents/commands/codex/harness/harness-perf/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-planning/SKILL.md +0 -592
- package/dist/agents/commands/codex/harness/harness-planning/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-refactoring/SKILL.md +0 -181
- package/dist/agents/commands/codex/harness/harness-refactoring/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-release-readiness/SKILL.md +0 -701
- package/dist/agents/commands/codex/harness/harness-release-readiness/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-roadmap/SKILL.md +0 -607
- package/dist/agents/commands/codex/harness/harness-roadmap/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-security-scan/SKILL.md +0 -147
- package/dist/agents/commands/codex/harness/harness-security-scan/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-skill-authoring/SKILL.md +0 -314
- package/dist/agents/commands/codex/harness/harness-skill-authoring/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-soundness-review/SKILL.md +0 -1280
- package/dist/agents/commands/codex/harness/harness-soundness-review/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-supply-chain-audit/SKILL.md +0 -255
- package/dist/agents/commands/codex/harness/harness-supply-chain-audit/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-tdd/SKILL.md +0 -189
- package/dist/agents/commands/codex/harness/harness-tdd/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-test-advisor/SKILL.md +0 -171
- package/dist/agents/commands/codex/harness/harness-test-advisor/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-verification/SKILL.md +0 -433
- package/dist/agents/commands/codex/harness/harness-verification/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/harness-verify/SKILL.md +0 -170
- package/dist/agents/commands/codex/harness/harness-verify/agents/openai.yaml +0 -3
- package/dist/agents/commands/codex/harness/initialize-harness-project/SKILL.md +0 -244
- package/dist/agents/commands/codex/harness/initialize-harness-project/agents/openai.yaml +0 -3
- package/dist/agents/commands/cursor/harness/add-harness-component.mdc +0 -200
- package/dist/agents/commands/cursor/harness/cleanup-dead-code.mdc +0 -253
- package/dist/agents/commands/cursor/harness/detect-doc-drift.mdc +0 -187
- package/dist/agents/commands/cursor/harness/enforce-architecture.mdc +0 -304
- package/dist/agents/commands/cursor/harness/harness-architecture-advisor.mdc +0 -457
- package/dist/agents/commands/cursor/harness/harness-autopilot.mdc +0 -924
- package/dist/agents/commands/cursor/harness/harness-brainstorming.mdc +0 -414
- package/dist/agents/commands/cursor/harness/harness-code-review.mdc +0 -865
- package/dist/agents/commands/cursor/harness/harness-codebase-cleanup.mdc +0 -232
- package/dist/agents/commands/cursor/harness/harness-debugging.mdc +0 -374
- package/dist/agents/commands/cursor/harness/harness-dependency-health.mdc +0 -187
- package/dist/agents/commands/cursor/harness/harness-docs-pipeline.mdc +0 -468
- package/dist/agents/commands/cursor/harness/harness-execution.mdc +0 -518
- package/dist/agents/commands/cursor/harness/harness-hotspot-detector.mdc +0 -169
- package/dist/agents/commands/cursor/harness/harness-impact-analysis.mdc +0 -192
- package/dist/agents/commands/cursor/harness/harness-integrity.mdc +0 -175
- package/dist/agents/commands/cursor/harness/harness-onboarding.mdc +0 -296
- package/dist/agents/commands/cursor/harness/harness-perf.mdc +0 -268
- package/dist/agents/commands/cursor/harness/harness-planning.mdc +0 -587
- package/dist/agents/commands/cursor/harness/harness-refactoring.mdc +0 -177
- package/dist/agents/commands/cursor/harness/harness-release-readiness.mdc +0 -697
- package/dist/agents/commands/cursor/harness/harness-roadmap.mdc +0 -603
- package/dist/agents/commands/cursor/harness/harness-security-scan.mdc +0 -162
- package/dist/agents/commands/cursor/harness/harness-skill-authoring.mdc +0 -300
- package/dist/agents/commands/cursor/harness/harness-soundness-review.mdc +0 -1275
- package/dist/agents/commands/cursor/harness/harness-supply-chain-audit.mdc +0 -252
- package/dist/agents/commands/cursor/harness/harness-tdd.mdc +0 -185
- package/dist/agents/commands/cursor/harness/harness-test-advisor.mdc +0 -168
- package/dist/agents/commands/cursor/harness/harness-verification.mdc +0 -429
- package/dist/agents/commands/cursor/harness/harness-verify.mdc +0 -167
- package/dist/agents/commands/cursor/harness/initialize-harness-project.mdc +0 -240
- package/dist/agents/commands/gemini-cli/harness/harness.toml +0 -277
- package/dist/{chunk-RRHUCDRD.js → chunk-ZP5E7YET.js} +3 -3
|
@@ -1,172 +0,0 @@
|
|
|
1
|
-
<!-- Generated by harness generate-slash-commands. Do not edit. -->
|
|
2
|
-
|
|
3
|
-
# Harness Hotspot Detector
|
|
4
|
-
|
|
5
|
-
> Identify modules that represent structural risk via co-change and churn analysis.
|
|
6
|
-
|
|
7
|
-
## When to Use
|
|
8
|
-
|
|
9
|
-
- Weekly scheduled analysis to track codebase risk
|
|
10
|
-
- Before major refactoring — find the riskiest areas
|
|
11
|
-
- When investigating why changes keep breaking unrelated features
|
|
12
|
-
- NOT for finding dead code (use cleanup-dead-code)
|
|
13
|
-
- NOT for checking architecture rules (use enforce-architecture)
|
|
14
|
-
|
|
15
|
-
## Prerequisites
|
|
16
|
-
|
|
17
|
-
A knowledge graph at `.harness/graph/` with git history enables full analysis. If no graph exists,
|
|
18
|
-
the skill uses static analysis fallbacks (see Graph Availability section).
|
|
19
|
-
Run `harness scan` to enable graph-enhanced analysis.
|
|
20
|
-
|
|
21
|
-
### Graph Availability
|
|
22
|
-
|
|
23
|
-
Before starting, check if `.harness/graph/graph.json` exists.
|
|
24
|
-
|
|
25
|
-
**If graph exists:** Use graph tools as primary strategy. (Staleness sensitivity: **Low** — never auto-refresh.
|
|
26
|
-
Git-based churn data in the graph remains useful even when slightly stale.)
|
|
27
|
-
|
|
28
|
-
**If graph exists and is fresh (or refreshed):** Use graph tools as primary strategy.
|
|
29
|
-
|
|
30
|
-
**If no graph exists:** Output "Running without graph (run `harness scan` to
|
|
31
|
-
enable full analysis)" and use fallback strategies for all subsequent steps.
|
|
32
|
-
|
|
33
|
-
## Process
|
|
34
|
-
|
|
35
|
-
### Phase 1: CO-CHANGE — Analyze Co-Change Patterns
|
|
36
|
-
|
|
37
|
-
Query the graph for `co_changes_with` edges (created by GitIngestor):
|
|
38
|
-
|
|
39
|
-
```
|
|
40
|
-
query_graph(rootNodeIds=[all file nodes], includeEdges=["co_changes_with"])
|
|
41
|
-
```
|
|
42
|
-
|
|
43
|
-
Identify file pairs that frequently change together:
|
|
44
|
-
|
|
45
|
-
- **Co-located pairs** (same directory): Normal — they share a concern.
|
|
46
|
-
- **Distant pairs** (different modules): Suspicious — may indicate hidden coupling.
|
|
47
|
-
|
|
48
|
-
Flag distant co-change pairs as potential hotspots.
|
|
49
|
-
|
|
50
|
-
### Phase 2: CHURN — Identify High-Churn Files
|
|
51
|
-
|
|
52
|
-
Query commit nodes to find files with the highest change frequency:
|
|
53
|
-
|
|
54
|
-
```
|
|
55
|
-
query_graph(rootNodeIds=[commit nodes], includeTypes=["commit", "file"], includeEdges=["co_changes_with"])
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
Rank files by:
|
|
59
|
-
|
|
60
|
-
- Total commit count touching the file
|
|
61
|
-
- Recent velocity (commits in last 30 days vs prior 30 days)
|
|
62
|
-
- Change size (total lines added + deleted)
|
|
63
|
-
|
|
64
|
-
High churn in shared utilities or core modules = high risk.
|
|
65
|
-
|
|
66
|
-
#### Fallback (without graph)
|
|
67
|
-
|
|
68
|
-
When no graph is available, git log provides nearly all the data needed (~90% completeness):
|
|
69
|
-
|
|
70
|
-
1. **Per-file churn**: `git log --format="%H" -- <file>` for each source file (use glob to enumerate). Count commits per file. Sort descending to rank by churn.
|
|
71
|
-
2. **Recent velocity**: `git log --since="30 days ago" --format="%H" -- <file>` vs `git log --since="60 days ago" --until="30 days ago" --format="%H" -- <file>` to compare recent vs prior 30-day windows.
|
|
72
|
-
3. **Co-change detection**: `git log --format="%H %n" --name-only` to build a map of which files changed together in the same commit. File pairs that appear together in >3 commits are co-change candidates.
|
|
73
|
-
4. **Distant co-change identification**: For co-change pairs, check if they share a parent directory (co-located = normal) or are in different modules (distant = suspicious).
|
|
74
|
-
5. **Complexity proxy**: Use line count (`wc -l`) as a rough proxy for complexity when graph complexity metrics are unavailable.
|
|
75
|
-
6. **Hidden dependency detection**: Cross-reference co-change pairs against import parsing (grep for import statements). Co-change pairs with no import relationship indicate hidden dependencies.
|
|
76
|
-
|
|
77
|
-
> Fallback completeness: ~90% — git log provides nearly all the data the graph stores for this use case.
|
|
78
|
-
|
|
79
|
-
### Phase 3: COUPLING — Detect Hidden Dependencies
|
|
80
|
-
|
|
81
|
-
Cross-reference co-change data with structural data:
|
|
82
|
-
|
|
83
|
-
1. **High logical coupling, low structural coupling**: Files that always change together but have no `imports` edge between them. This indicates a hidden dependency — changing one requires changing the other, but the code doesn't express this relationship.
|
|
84
|
-
|
|
85
|
-
2. **High structural coupling, low logical coupling**: Files with `imports` edges but that rarely change together. This may indicate over-coupling — the import exists but the relationship is weak.
|
|
86
|
-
|
|
87
|
-
Use `get_relationships` to check structural edges between co-change pairs.
|
|
88
|
-
|
|
89
|
-
### Phase 4: REPORT — Generate Ranked Hotspot Report
|
|
90
|
-
|
|
91
|
-
```
|
|
92
|
-
## Hotspot Analysis Report
|
|
93
|
-
|
|
94
|
-
### Risk Hotspots (ranked by risk score)
|
|
95
|
-
|
|
96
|
-
1. **src/services/billing.ts** — Risk: HIGH
|
|
97
|
-
- Churn: 23 commits (last 30 days: 8)
|
|
98
|
-
- Co-changes with: src/types/invoice.ts (distant, 15 co-changes)
|
|
99
|
-
- Hidden dependency: no imports edge to invoice.ts
|
|
100
|
-
- Recommendation: Extract shared billing types or add explicit dependency
|
|
101
|
-
|
|
102
|
-
2. **src/utils/helpers.ts** — Risk: HIGH
|
|
103
|
-
- Churn: 45 commits (highest in codebase)
|
|
104
|
-
- Co-changes with: 12 different files across 4 modules
|
|
105
|
-
- Recommendation: Split into domain-specific utilities to reduce blast radius
|
|
106
|
-
|
|
107
|
-
3. **src/middleware/auth.ts** — Risk: MEDIUM
|
|
108
|
-
- Churn: 15 commits
|
|
109
|
-
- Co-changes with: src/routes/login.ts (co-located, expected)
|
|
110
|
-
- No hidden dependencies detected
|
|
111
|
-
|
|
112
|
-
### Summary
|
|
113
|
-
- Total hotspots detected: 5
|
|
114
|
-
- High risk: 2
|
|
115
|
-
- Medium risk: 3
|
|
116
|
-
- Hidden dependencies: 1
|
|
117
|
-
```
|
|
118
|
-
|
|
119
|
-
## Harness Integration
|
|
120
|
-
|
|
121
|
-
- **`harness scan`** — Recommended before this skill for full graph-enhanced analysis. If graph is missing, skill uses git log fallbacks.
|
|
122
|
-
- **`harness validate`** — Run after acting on findings to verify project health.
|
|
123
|
-
- **Graph tools** — This skill uses `query_graph`, `get_impact`, and `get_relationships` MCP tools.
|
|
124
|
-
|
|
125
|
-
## Success Criteria
|
|
126
|
-
|
|
127
|
-
- Hotspots ranked by composite risk score (churn + coupling)
|
|
128
|
-
- Hidden dependencies identified (high co-change, no structural edge)
|
|
129
|
-
- Co-change patterns detected and classified (co-located vs distant)
|
|
130
|
-
- Report follows the structured output format
|
|
131
|
-
- All findings are backed by graph query evidence (with graph) or git log analysis (without graph)
|
|
132
|
-
|
|
133
|
-
## Examples
|
|
134
|
-
|
|
135
|
-
### Example: Detecting Hotspots in a Growing Codebase
|
|
136
|
-
|
|
137
|
-
```
|
|
138
|
-
Input: Scheduled weekly analysis on project root
|
|
139
|
-
|
|
140
|
-
1. CO-CHANGE — query_graph for co_changes_with edges
|
|
141
|
-
Found 4 distant co-change pairs
|
|
142
|
-
2. CHURN — Ranked files by commit frequency
|
|
143
|
-
billing.ts: 23 commits, helpers.ts: 45 commits
|
|
144
|
-
3. COUPLING — Cross-referenced co-change vs imports edges
|
|
145
|
-
billing.ts <-> invoice.ts: 15 co-changes, no imports edge
|
|
146
|
-
(hidden dependency detected)
|
|
147
|
-
4. REPORT — Ranked hotspots by risk score
|
|
148
|
-
|
|
149
|
-
Output:
|
|
150
|
-
Hotspots: 5 total (2 high, 3 medium)
|
|
151
|
-
Hidden dependencies: 1 (billing.ts <-> invoice.ts)
|
|
152
|
-
Top recommendation: Extract shared billing types
|
|
153
|
-
```
|
|
154
|
-
|
|
155
|
-
## Rationalizations to Reject
|
|
156
|
-
|
|
157
|
-
| Rationalization | Reality |
|
|
158
|
-
| --- | --- |
|
|
159
|
-
| "High churn just means the file is actively developed, not that it is risky" | High churn in shared utilities specifically equals high risk. A file with 45 commits that co-changes with 12 different files indicates hidden coupling. |
|
|
160
|
-
| "The co-change pair is between two files in different modules, but they probably just happen to change at the same time" | Distant co-change pairs are flagged as suspicious precisely because they indicate hidden coupling. |
|
|
161
|
-
| "No graph exists so the analysis will be too incomplete to be useful" | Git log provides ~90% of the data needed for hotspot detection. The fallback is the highest-completeness fallback across all graph-enhanced skills. |
|
|
162
|
-
|
|
163
|
-
## Gates
|
|
164
|
-
|
|
165
|
-
- **Graph preferred, fallback available.** If no graph exists, use git log for churn and co-change analysis. Do not stop — git log provides ~90% of the data needed.
|
|
166
|
-
- **Systematic analysis required.** Use graph `co_changes_with` edges when available; use `git log` commit analysis when not. Do not guess — parse actual git history.
|
|
167
|
-
|
|
168
|
-
## Escalation
|
|
169
|
-
|
|
170
|
-
- **When hidden dependencies found**: Recommend making the dependency explicit (add import) or extracting shared code.
|
|
171
|
-
- **When a single file has >30 commits**: Flag as critical hotspot requiring architectural attention.
|
|
172
|
-
|
|
@@ -1,195 +0,0 @@
|
|
|
1
|
-
<!-- Generated by harness generate-slash-commands. Do not edit. -->
|
|
2
|
-
|
|
3
|
-
# Harness Impact Analysis
|
|
4
|
-
|
|
5
|
-
> Graph-based impact analysis. Answers: "if I change X, what breaks?"
|
|
6
|
-
|
|
7
|
-
## When to Use
|
|
8
|
-
|
|
9
|
-
- Before merging a PR — understand the blast radius of changes
|
|
10
|
-
- When planning a refactoring — know what will be affected
|
|
11
|
-
- When a test fails — trace backwards to find what change caused it
|
|
12
|
-
- When `on_pr` triggers fire
|
|
13
|
-
- NOT for understanding code (use harness-onboarding or harness-code-review)
|
|
14
|
-
- NOT for finding dead code (use cleanup-dead-code)
|
|
15
|
-
|
|
16
|
-
## Prerequisites
|
|
17
|
-
|
|
18
|
-
A knowledge graph at `.harness/graph/` enables full analysis. If no graph exists,
|
|
19
|
-
the skill uses static analysis fallbacks (see Graph Availability section).
|
|
20
|
-
Run `harness scan` to enable graph-enhanced analysis.
|
|
21
|
-
|
|
22
|
-
### Graph Availability
|
|
23
|
-
|
|
24
|
-
Before starting, check if `.harness/graph/graph.json` exists.
|
|
25
|
-
|
|
26
|
-
**If graph exists:** Check staleness — compare `.harness/graph/metadata.json`
|
|
27
|
-
scanTimestamp against `git log -1 --format=%ct` (latest commit timestamp).
|
|
28
|
-
If graph is more than 2 commits behind (`git log --oneline <scanTimestamp>..HEAD | wc -l`),
|
|
29
|
-
run `harness scan` to refresh before proceeding. (Staleness sensitivity: **High**)
|
|
30
|
-
|
|
31
|
-
**If graph exists and is fresh (or refreshed):** Use graph tools as primary strategy.
|
|
32
|
-
|
|
33
|
-
**If no graph exists:** Output "Running without graph (run `harness scan` to
|
|
34
|
-
enable full analysis)" and use fallback strategies for all subsequent steps.
|
|
35
|
-
|
|
36
|
-
## Process
|
|
37
|
-
|
|
38
|
-
### Phase 1: IDENTIFY — Determine Changed Files
|
|
39
|
-
|
|
40
|
-
1. **From diff**: If a git diff is available, parse it to extract changed file paths.
|
|
41
|
-
2. **From input**: If file paths are provided directly, use those.
|
|
42
|
-
3. **From git**: If neither, use `git diff --name-only HEAD~1` to get recent changes.
|
|
43
|
-
|
|
44
|
-
### Phase 2: ANALYZE — Query Graph for Impact
|
|
45
|
-
|
|
46
|
-
For each changed file:
|
|
47
|
-
|
|
48
|
-
1. **Direct dependents**: Use `get_impact` MCP tool to find all files that import or call the changed file.
|
|
49
|
-
|
|
50
|
-
```
|
|
51
|
-
get_impact(filePath="src/services/auth.ts")
|
|
52
|
-
→ tests: [auth.test.ts, integration.test.ts]
|
|
53
|
-
→ docs: [auth-guide.md]
|
|
54
|
-
→ code: [routes/login.ts, middleware/verify.ts, ...]
|
|
55
|
-
```
|
|
56
|
-
|
|
57
|
-
2. **Transitive dependents**: Use `query_graph` with depth 3 to find indirect consumers.
|
|
58
|
-
|
|
59
|
-
```
|
|
60
|
-
query_graph(rootNodeIds=["file:src/services/auth.ts"], maxDepth=3, includeEdges=["imports", "calls"])
|
|
61
|
-
```
|
|
62
|
-
|
|
63
|
-
3. **Documentation impact**: Use `get_relationships` to find `documents` edges pointing to changed nodes.
|
|
64
|
-
|
|
65
|
-
4. **Test coverage**: Identify test files connected via `imports` edges. Flag changed files with no test coverage.
|
|
66
|
-
|
|
67
|
-
5. **Design token impact**: When the graph contains `DesignToken` nodes, use `query_graph` with `USES_TOKEN` edges to find components that consume changed tokens.
|
|
68
|
-
|
|
69
|
-
```
|
|
70
|
-
query_graph(rootNodeIds=["designtoken:color.primary"], maxDepth=2, includeEdges=["uses_token"])
|
|
71
|
-
→ components: [Button.tsx, Card.tsx, Header.tsx, ...]
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
If a changed file is `design-system/tokens.json`, identify ALL tokens that changed and trace each to its consuming components. This reveals the full design blast radius of a token change.
|
|
75
|
-
|
|
76
|
-
6. **Design constraint impact**: When the graph contains `DesignConstraint` nodes, check if changed code introduces new `VIOLATES_DESIGN` edges.
|
|
77
|
-
|
|
78
|
-
#### Fallback (without graph)
|
|
79
|
-
|
|
80
|
-
When no graph is available, use static analysis to approximate impact:
|
|
81
|
-
|
|
82
|
-
1. **Parse imports**: For each changed file, grep all source files for `import.*from.*<changed-file>` and `require.*<changed-file>` patterns to find direct dependents.
|
|
83
|
-
2. **Follow imports 2 levels deep**: For each direct dependent found, repeat the import grep to find second-level dependents. Stop at 2 levels (fallback cannot reliably trace deeper).
|
|
84
|
-
3. **Find test files by naming convention**: For each changed file `foo.ts`, search for:
|
|
85
|
-
- `foo.test.ts`, `foo.spec.ts` (same directory and `__tests__/` directory)
|
|
86
|
-
- `*.test.*` and `*.spec.*` files that import the changed file (from step 1)
|
|
87
|
-
4. **Find docs by path matching**: Grep `docs/` directory for references to the changed module name (filename without extension).
|
|
88
|
-
5. **Group results** the same as the graph version: tests, docs, code, other. Note the count of files found.
|
|
89
|
-
|
|
90
|
-
> Fallback completeness: ~70% — misses transitive deps beyond 2 levels.
|
|
91
|
-
|
|
92
|
-
### Phase 3: ASSESS — Risk Assessment and Report
|
|
93
|
-
|
|
94
|
-
1. **Impact score**: Calculate based on:
|
|
95
|
-
- Number of direct dependents (weight: 3x)
|
|
96
|
-
- Number of transitive dependents (weight: 1x)
|
|
97
|
-
- Whether affected code includes entry points (weight: 5x)
|
|
98
|
-
- Whether tests exist for the changed code (no tests = higher risk)
|
|
99
|
-
- Whether design tokens are affected (weight: 2x — token changes cascade to all consumers)
|
|
100
|
-
|
|
101
|
-
2. **Risk tiers**:
|
|
102
|
-
- **Critical** (score > 50): Changes affect entry points or >20 downstream files
|
|
103
|
-
- **High** (score 20-50): Changes affect multiple modules or shared utilities
|
|
104
|
-
- **Medium** (score 5-20): Changes affect a few files within the same module
|
|
105
|
-
- **Low** (score < 5): Changes are isolated with minimal downstream impact
|
|
106
|
-
|
|
107
|
-
3. **Output report**:
|
|
108
|
-
|
|
109
|
-
```
|
|
110
|
-
## Impact Analysis Report
|
|
111
|
-
|
|
112
|
-
### Changed Files
|
|
113
|
-
- src/services/auth.ts (modified)
|
|
114
|
-
- src/types/user.ts (modified)
|
|
115
|
-
|
|
116
|
-
### Impact Summary
|
|
117
|
-
- Direct dependents: 8 files
|
|
118
|
-
- Transitive dependents: 23 files
|
|
119
|
-
- Affected tests: 5 files
|
|
120
|
-
- Affected docs: 2 files
|
|
121
|
-
- Risk tier: HIGH
|
|
122
|
-
|
|
123
|
-
### Affected Tests (must run)
|
|
124
|
-
1. tests/services/auth.test.ts (direct)
|
|
125
|
-
2. tests/routes/login.test.ts (transitive)
|
|
126
|
-
3. tests/integration/auth-flow.test.ts (transitive)
|
|
127
|
-
|
|
128
|
-
### Affected Documentation (may need update)
|
|
129
|
-
1. docs/auth-guide.md → documents src/services/auth.ts
|
|
130
|
-
2. docs/api-reference.md → documents src/types/user.ts
|
|
131
|
-
|
|
132
|
-
### Downstream Consumers
|
|
133
|
-
1. src/routes/login.ts — imports auth.ts
|
|
134
|
-
2. src/middleware/verify.ts — imports auth.ts
|
|
135
|
-
3. src/routes/signup.ts — imports user.ts (transitive via auth.ts)
|
|
136
|
-
|
|
137
|
-
### Affected Design Tokens (when tokens change)
|
|
138
|
-
1. color.primary → used by 12 components
|
|
139
|
-
2. typography.body → used by 8 components
|
|
140
|
-
```
|
|
141
|
-
|
|
142
|
-
## Harness Integration
|
|
143
|
-
|
|
144
|
-
- **`harness scan`** — Recommended before this skill for full graph-enhanced analysis. If graph is missing, skill uses static analysis fallbacks.
|
|
145
|
-
- **`harness validate`** — Run after acting on findings to verify project health.
|
|
146
|
-
- **Graph tools** — This skill uses `query_graph`, `get_impact`, and `get_relationships` MCP tools.
|
|
147
|
-
|
|
148
|
-
## Success Criteria
|
|
149
|
-
|
|
150
|
-
- Impact report generated with a risk tier (Critical / High / Medium / Low)
|
|
151
|
-
- All affected test files listed with direct vs transitive classification
|
|
152
|
-
- All affected documentation files listed with relationship context
|
|
153
|
-
- Report follows the structured output format
|
|
154
|
-
- All findings are backed by graph query evidence (with graph) or systematic static analysis (without graph)
|
|
155
|
-
|
|
156
|
-
## Examples
|
|
157
|
-
|
|
158
|
-
### Example: Analyzing a Change to auth.ts
|
|
159
|
-
|
|
160
|
-
```
|
|
161
|
-
Input: git diff shows src/services/auth.ts modified
|
|
162
|
-
|
|
163
|
-
1. IDENTIFY — Extract changed file: src/services/auth.ts
|
|
164
|
-
2. ANALYZE — get_impact(filePath="src/services/auth.ts")
|
|
165
|
-
query_graph(rootNodeIds=["file:src/services/auth.ts"], maxDepth=3)
|
|
166
|
-
Results: 8 direct dependents, 23 transitive, 5 tests, 2 docs
|
|
167
|
-
3. ASSESS — Impact score: 34 (High tier)
|
|
168
|
-
- Entry points affected: no
|
|
169
|
-
- Tests exist: yes (5 files)
|
|
170
|
-
|
|
171
|
-
Output:
|
|
172
|
-
Risk tier: HIGH
|
|
173
|
-
Must-run tests: auth.test.ts, login.test.ts, auth-flow.test.ts
|
|
174
|
-
Docs to update: auth-guide.md, api-reference.md
|
|
175
|
-
Downstream consumers: 8 files across 3 modules
|
|
176
|
-
```
|
|
177
|
-
|
|
178
|
-
## Rationalizations to Reject
|
|
179
|
-
|
|
180
|
-
| Rationalization | Reality |
|
|
181
|
-
| --- | --- |
|
|
182
|
-
| "The change is small so the blast radius must be low -- I can skip the transitive dependent check" | Small changes to shared utilities can have outsized blast radius. A one-line change to auth.ts can affect 23 transitive dependents. |
|
|
183
|
-
| "The graph is a few commits behind but it is close enough for this analysis" | If the graph is more than 2 commits behind, the skill requires a refresh before proceeding. Recent commits may have added new consumers. |
|
|
184
|
-
| "No graph exists so I cannot produce a useful impact analysis" | The fallback strategy using import parsing and naming conventions achieves ~70% completeness. Missing the graph does not mean stopping. |
|
|
185
|
-
|
|
186
|
-
## Gates
|
|
187
|
-
|
|
188
|
-
- **Graph preferred, fallback available.** If no graph exists, use fallback strategies (import parsing, naming conventions, path matching). Do not stop — produce the best analysis possible with available tools.
|
|
189
|
-
- **No risk assessment without data.** Use graph queries when available; use import parsing and naming conventions when not. If neither approach yields data, state what is missing.
|
|
190
|
-
|
|
191
|
-
## Escalation
|
|
192
|
-
|
|
193
|
-
- **When graph is stale**: If the graph's last scan timestamp is older than the most recent commit, warn that results may be incomplete and suggest re-scanning.
|
|
194
|
-
- **When impact is critical**: If risk tier is Critical, recommend a thorough code review and full test suite run before merging.
|
|
195
|
-
|
|
@@ -1,178 +0,0 @@
|
|
|
1
|
-
<!-- Generated by harness generate-slash-commands. Do not edit. -->
|
|
2
|
-
|
|
3
|
-
# Harness Integrity
|
|
4
|
-
|
|
5
|
-
> Unified integrity gate — single invocation chains mechanical verification with AI-powered code review and produces a consolidated pass/fail report.
|
|
6
|
-
|
|
7
|
-
## When to Use
|
|
8
|
-
|
|
9
|
-
- Before opening or merging a pull request
|
|
10
|
-
- At project milestones as a comprehensive quality check
|
|
11
|
-
- When you need a single authoritative answer: "is this code ready to ship?"
|
|
12
|
-
- NOT after every task (use `harness-verify` for quick post-task checks)
|
|
13
|
-
- NOT for deep architectural audits (use `harness-verification` for that)
|
|
14
|
-
|
|
15
|
-
## Relationship to Other Skills
|
|
16
|
-
|
|
17
|
-
| Skill | What It Does | Scope | Time |
|
|
18
|
-
| ---------------------------- | ---------------------------------------------- | ---------------------- | ----- |
|
|
19
|
-
| **harness-verify** | Mechanical only: typecheck, lint, test | Exit codes | ~30s |
|
|
20
|
-
| **harness-code-review** | AI only: change-type-aware review | LLM analysis | ~2min |
|
|
21
|
-
| **harness-integrity** (this) | Both: verify + code-review unified | Full pipeline | ~3min |
|
|
22
|
-
| **harness-verification** | Deep audit: architecture, patterns, edge cases | Thorough investigation | ~5min |
|
|
23
|
-
|
|
24
|
-
`harness-integrity` is the standard pre-PR gate. It runs the fast mechanical checks first, then layers on AI review, and produces a single consolidated report.
|
|
25
|
-
|
|
26
|
-
## Process
|
|
27
|
-
|
|
28
|
-
### Phase 1: VERIFY
|
|
29
|
-
|
|
30
|
-
Invoke `harness-verify` to run the mechanical quick gate.
|
|
31
|
-
|
|
32
|
-
1. Delegate entirely to `harness-verify` — typecheck, lint, test.
|
|
33
|
-
2. Capture the structured result (PASS/FAIL per check).
|
|
34
|
-
3. **If ALL three checks FAIL**, stop here. Do not proceed to Phase 2. The code is not in a reviewable state.
|
|
35
|
-
4. If at least one check passes (or some are skipped), proceed to Phase 2.
|
|
36
|
-
|
|
37
|
-
### Phase 1.5: SECURITY SCAN
|
|
38
|
-
|
|
39
|
-
Run the built-in security scanner as a mechanical check between verification and AI review.
|
|
40
|
-
|
|
41
|
-
1. Use `run_security_scan` MCP tool against the project root (or changed files if available).
|
|
42
|
-
2. Capture findings by severity: errors, warnings, info.
|
|
43
|
-
3. **Error-severity security findings are blocking** — they cause the overall integrity check to FAIL, same as a test failure.
|
|
44
|
-
4. Warning/info findings are included in the report but do not block.
|
|
45
|
-
|
|
46
|
-
### Phase 1.7: DESIGN HEALTH (conditional)
|
|
47
|
-
|
|
48
|
-
When the project has `design` configured in `harness.config.json`:
|
|
49
|
-
|
|
50
|
-
1. Run `harness-design` in review mode to check existing components against design intent and anti-patterns.
|
|
51
|
-
2. Run `harness-accessibility` in scan+evaluate mode to check WCAG compliance.
|
|
52
|
-
3. Combine findings into a design health summary:
|
|
53
|
-
- Error count (blocking, based on strictness)
|
|
54
|
-
- Warning count (non-blocking)
|
|
55
|
-
- Info count (advisory)
|
|
56
|
-
4. **Error-severity design findings are blocking** in `strict` mode only. In `standard` and `permissive` modes, design findings do not block.
|
|
57
|
-
5. If no `design` block exists, skip this phase entirely.
|
|
58
|
-
|
|
59
|
-
### Phase 1.8: I18N SCAN (conditional)
|
|
60
|
-
|
|
61
|
-
When the project has `i18n.enabled: true` in `harness.config.json`:
|
|
62
|
-
|
|
63
|
-
1. Run `harness-i18n` in scan mode to detect hardcoded strings, missing translations, locale-sensitive formatting issues, and RTL violations.
|
|
64
|
-
2. Combine findings into an i18n health summary:
|
|
65
|
-
- Error count (blocking, based on `i18n.strictness`)
|
|
66
|
-
- Warning count (non-blocking)
|
|
67
|
-
- Info count (advisory)
|
|
68
|
-
3. **Error-severity i18n findings are blocking** in `strict` mode only. In `standard` and `permissive` modes, i18n findings do not block.
|
|
69
|
-
4. If no `i18n` block exists or `i18n.enabled` is false, skip this phase entirely.
|
|
70
|
-
|
|
71
|
-
### Phase 2: REVIEW
|
|
72
|
-
|
|
73
|
-
Run change-type-aware AI review using `harness-code-review`.
|
|
74
|
-
|
|
75
|
-
1. Detect the change type if not provided: `feature`, `bugfix`, `refactor`, or `docs`.
|
|
76
|
-
2. Invoke `harness-code-review` with the detected change type.
|
|
77
|
-
3. Capture the review findings: suggestions, blocking issues, and notes.
|
|
78
|
-
4. A review finding is "blocking" only if it would cause a runtime error, data loss, or security vulnerability.
|
|
79
|
-
5. The AI review includes a security-focused pass that complements the mechanical scanner — checking for semantic issues like user input flowing to dangerous sinks across function boundaries.
|
|
80
|
-
|
|
81
|
-
### Phase 3: REPORT
|
|
82
|
-
|
|
83
|
-
Produce a unified integrity report in this exact format:
|
|
84
|
-
|
|
85
|
-
```
|
|
86
|
-
Integrity Check: [PASS/FAIL]
|
|
87
|
-
- Tests: [PASS/FAIL/SKIPPED]
|
|
88
|
-
- Lint: [PASS/FAIL/SKIPPED]
|
|
89
|
-
- Types: [PASS/FAIL/SKIPPED]
|
|
90
|
-
- Security: [PASS/WARN/FAIL] ([count] errors, [count] warnings)
|
|
91
|
-
- Design: [PASS/WARN/FAIL/SKIPPED] ([count] errors, [count] warnings)
|
|
92
|
-
- i18n: [PASS/WARN/FAIL/SKIPPED] ([count] errors, [count] warnings)
|
|
93
|
-
- Review: [PASS/FAIL] ([count] suggestions, [count] blocking)
|
|
94
|
-
|
|
95
|
-
Overall: [PASS/FAIL]
|
|
96
|
-
```
|
|
97
|
-
|
|
98
|
-
Rules:
|
|
99
|
-
|
|
100
|
-
- Overall `PASS` requires: all non-skipped mechanical checks pass AND zero blocking review findings AND zero blocking design findings (strict mode only) AND zero blocking i18n findings (strict mode only).
|
|
101
|
-
- Any mechanical failure OR any blocking review finding means `FAIL`.
|
|
102
|
-
- On FAIL, include a summary section listing each failure reason.
|
|
103
|
-
- Non-blocking review suggestions are noted but do not cause FAIL.
|
|
104
|
-
|
|
105
|
-
## Deterministic Checks
|
|
106
|
-
|
|
107
|
-
- **Phase 1 is fully deterministic.** Exit codes determine pass/fail with no interpretation.
|
|
108
|
-
- **Phase 2 involves LLM judgment.** The AI review may produce different results on repeated runs. Only "blocking" findings (runtime errors, data loss, security) affect the overall result.
|
|
109
|
-
|
|
110
|
-
## Harness Integration
|
|
111
|
-
|
|
112
|
-
- Chains harness-verify (mechanical) and harness-code-review (AI) into a unified pipeline
|
|
113
|
-
- Follows Principle 7 — deterministic checks always run first
|
|
114
|
-
- Consumes change-type detection from harness-code-review for per-type checklists
|
|
115
|
-
- Output can be written to `.harness/integrity-report.md` for CI integration
|
|
116
|
-
- Invokes `harness-design` and `harness-accessibility` for design health when `design` config exists
|
|
117
|
-
- Design strictness from config controls whether design findings block the overall result
|
|
118
|
-
- Invokes `harness-i18n` for i18n compliance when `i18n.enabled` is true in config. i18n strictness controls whether findings block the overall result.
|
|
119
|
-
|
|
120
|
-
## Success Criteria
|
|
121
|
-
|
|
122
|
-
- [ ] Mechanical verification ran and produced structured results
|
|
123
|
-
- [ ] AI review ran with change-type awareness
|
|
124
|
-
- [ ] Unified report follows the exact format
|
|
125
|
-
- [ ] Overall verdict correctly reflects both mechanical and review results
|
|
126
|
-
|
|
127
|
-
## Examples
|
|
128
|
-
|
|
129
|
-
### Example: All Clear
|
|
130
|
-
|
|
131
|
-
```
|
|
132
|
-
Integrity Check: PASS
|
|
133
|
-
- Tests: PASS (42/42)
|
|
134
|
-
- Lint: PASS (0 warnings)
|
|
135
|
-
- Types: PASS
|
|
136
|
-
- Security: PASS (0 errors, 0 warnings)
|
|
137
|
-
- Design: PASS (0 errors, 0 warnings)
|
|
138
|
-
- i18n: PASS (0 errors, 0 warnings)
|
|
139
|
-
- Review: 1 suggestion (0 blocking)
|
|
140
|
-
```
|
|
141
|
-
|
|
142
|
-
### Example: Security Blocking Issue
|
|
143
|
-
|
|
144
|
-
```
|
|
145
|
-
Integrity Check: FAIL
|
|
146
|
-
- Tests: PASS (42/42)
|
|
147
|
-
- Lint: PASS
|
|
148
|
-
- Types: PASS
|
|
149
|
-
- Security: FAIL (1 error, 0 warnings)
|
|
150
|
-
- [SEC-INJ-002] src/auth/login.ts:42 — SQL query built with string concatenation
|
|
151
|
-
- Design: WARN (0 errors, 2 warnings)
|
|
152
|
-
- i18n: SKIPPED
|
|
153
|
-
- Review: 3 findings (1 blocking)
|
|
154
|
-
|
|
155
|
-
Blocking: [SEC-INJ-002] SQL injection — user input passed directly to query without parameterization.
|
|
156
|
-
```
|
|
157
|
-
|
|
158
|
-
## Rationalizations to Reject
|
|
159
|
-
|
|
160
|
-
| Rationalization | Reality |
|
|
161
|
-
| --- | --- |
|
|
162
|
-
| "All three mechanical checks failed, but I should still run the AI review to get useful feedback" | When ALL three checks fail, stop immediately. Do not proceed to Phase 2. AI review on code that does not compile is wasted effort. |
|
|
163
|
-
| "The security scanner found a warning but it is not high severity, so it should not affect the overall result" | Error-severity security findings are blocking. The distinction is severity, not the agent's opinion of importance. |
|
|
164
|
-
| "The AI review flagged an architectural concern as blocking, so the integrity check should fail" | Only runtime errors, data loss, and security vulnerabilities count as blocking review findings. Architectural concerns are noted but do not block. |
|
|
165
|
-
|
|
166
|
-
## Gates
|
|
167
|
-
|
|
168
|
-
- **Mechanical first.** Always run Phase 1 before Phase 2. If the code does not compile or pass basic checks, AI review is wasted effort (unless partial results exist).
|
|
169
|
-
- **No partial reports.** The report must include results from all phases that were executed. Do not output Phase 1 results without attempting Phase 2 (unless the all-fail early stop triggers).
|
|
170
|
-
- **Fresh execution only.** Do not reuse cached results. Run everything from scratch each time.
|
|
171
|
-
|
|
172
|
-
## Escalation
|
|
173
|
-
|
|
174
|
-
- **All checks fail:** If typecheck, lint, and test all fail in Phase 1, stop immediately. Report the failures and skip Phase 2. The code needs basic fixes before review is worthwhile.
|
|
175
|
-
- **Architectural concerns:** If the AI review identifies architectural concerns, note them in the report but do not mark them as blocking. Architectural decisions require human judgment.
|
|
176
|
-
- **Timeout:** Phase 1 inherits the 120-second per-command timeout from `harness-verify`. Phase 2 has a 180-second timeout for the AI review.
|
|
177
|
-
- **Missing dependencies:** If `harness-verify` or `harness-code-review` skills are unavailable, report the missing dependency and mark the corresponding phase as `ERROR`.
|
|
178
|
-
|