@harness-engineering/cli 1.26.0 → 1.26.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/dist/agents/skills/README.md +1 -0
  2. package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +33 -5
  3. package/dist/agents/skills/claude-code/harness-execution/SKILL.md +6 -0
  4. package/dist/agents/skills/claude-code/harness-planning/SKILL.md +25 -1
  5. package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +22 -6
  6. package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +2 -1
  7. package/dist/agents/skills/claude-code/initialize-test-suite-project/SKILL.md +415 -0
  8. package/dist/agents/skills/claude-code/initialize-test-suite-project/skill.yaml +35 -0
  9. package/dist/agents/skills/codex/harness-brainstorming/SKILL.md +33 -5
  10. package/dist/agents/skills/codex/harness-execution/SKILL.md +6 -0
  11. package/dist/agents/skills/codex/harness-planning/SKILL.md +25 -1
  12. package/dist/agents/skills/codex/initialize-harness-project/SKILL.md +22 -6
  13. package/dist/agents/skills/codex/initialize-harness-project/skill.yaml +2 -1
  14. package/dist/agents/skills/codex/initialize-test-suite-project/SKILL.md +415 -0
  15. package/dist/agents/skills/codex/initialize-test-suite-project/skill.yaml +35 -0
  16. package/dist/agents/skills/cursor/harness-brainstorming/SKILL.md +33 -5
  17. package/dist/agents/skills/cursor/harness-execution/SKILL.md +6 -0
  18. package/dist/agents/skills/cursor/harness-planning/SKILL.md +25 -1
  19. package/dist/agents/skills/cursor/initialize-harness-project/SKILL.md +22 -6
  20. package/dist/agents/skills/cursor/initialize-harness-project/skill.yaml +2 -1
  21. package/dist/agents/skills/cursor/initialize-test-suite-project/SKILL.md +415 -0
  22. package/dist/agents/skills/cursor/initialize-test-suite-project/skill.yaml +35 -0
  23. package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +33 -5
  24. package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +6 -0
  25. package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +25 -1
  26. package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +22 -6
  27. package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +2 -1
  28. package/dist/agents/skills/gemini-cli/initialize-test-suite-project/SKILL.md +415 -0
  29. package/dist/agents/skills/gemini-cli/initialize-test-suite-project/skill.yaml +35 -0
  30. package/dist/agents/skills/tests/initialize-test-suite-project.test.ts +152 -0
  31. package/dist/{agents-md-OPOZA5L7.js → agents-md-VI3HLR7E.js} +3 -3
  32. package/dist/{architecture-PMVMO6SF.js → architecture-ZDDKEVID.js} +4 -4
  33. package/dist/{assess-project-ZW7EKNIT.js → assess-project-Y6W7YDUA.js} +1 -1
  34. package/dist/bin/harness-mcp.js +16 -15
  35. package/dist/bin/harness.js +27 -27
  36. package/dist/{check-phase-gate-NTLAU3LO.js → check-phase-gate-CXR3VM22.js} +4 -4
  37. package/dist/{chunk-CAS3TS4Y.js → chunk-2BPPS6YQ.js} +793 -94
  38. package/dist/{chunk-VV2PJT4K.js → chunk-2FPUPRCY.js} +777 -598
  39. package/dist/{chunk-IFHAUFJX.js → chunk-3AMQYWGT.js} +2 -2
  40. package/dist/{chunk-FI3D6D7U.js → chunk-56A6OXVA.js} +9 -9
  41. package/dist/{chunk-QYSWNPXZ.js → chunk-7GY6WNEI.js} +1 -1
  42. package/dist/{chunk-ZBQ3ZY75.js → chunk-AMRC4FU2.js} +44 -41
  43. package/dist/{chunk-JZ6GORAK.js → chunk-B66LRB5M.js} +1 -1
  44. package/dist/{chunk-KFE2X7LG.js → chunk-BK4DJIIY.js} +4 -4
  45. package/dist/{chunk-G6SYTGOH.js → chunk-DBIX3X4H.js} +2 -2
  46. package/dist/{chunk-KXIAHHHP.js → chunk-FUND5WJR.js} +2 -2
  47. package/dist/{chunk-JWSVLC4I.js → chunk-JV4Y2U5F.js} +1 -1
  48. package/dist/{chunk-RNAGPTKF.js → chunk-K56DTX7G.js} +6 -6
  49. package/dist/{chunk-EXTWTJRF.js → chunk-N6B6RKQQ.js} +1 -1
  50. package/dist/{chunk-JBJ4AVE4.js → chunk-NY7DTZ6K.js} +3 -3
  51. package/dist/{chunk-Z2JORLRT.js → chunk-OLW7BJ5N.js} +1 -1
  52. package/dist/{chunk-HAOBHL3W.js → chunk-ORNEK65Y.js} +1 -1
  53. package/dist/{chunk-7JNZXJKY.js → chunk-PNNFCVW4.js} +5 -5
  54. package/dist/{chunk-NIOB6FTG.js → chunk-Q3ZLVMQM.js} +1 -1
  55. package/dist/{chunk-NVGQO4VM.js → chunk-RAVD7QLY.js} +8 -8
  56. package/dist/{chunk-J3O64D2A.js → chunk-TSVYBDDE.js} +1 -1
  57. package/dist/{chunk-KSFUJT5B.js → chunk-TY2ESLVL.js} +1 -1
  58. package/dist/{chunk-4KSKV5MK.js → chunk-VKS3F46M.js} +1 -1
  59. package/dist/{chunk-UBRD5FH4.js → chunk-WZ7UHPT3.js} +9 -9
  60. package/dist/{chunk-77EZGPSR.js → chunk-YC4EYIER.js} +8 -2
  61. package/dist/{chunk-6SCA4NEZ.js → chunk-ZN6ROTYP.js} +1 -1
  62. package/dist/{ci-workflow-H52EMCL6.js → ci-workflow-EW37KVPS.js} +3 -3
  63. package/dist/{create-skill-6QWJHQYS.js → create-skill-4T5CBSJ2.js} +2 -2
  64. package/dist/{dist-TG63OKA5.js → dist-CJDGASPP.js} +2 -2
  65. package/dist/{dist-PGQ32ZI7.js → dist-NCNAXUFD.js} +1 -1
  66. package/dist/{docs-GP4VUSIB.js → docs-4XI2FQW2.js} +4 -4
  67. package/dist/{engine-KQG5RVXX.js → engine-4L4CDTHU.js} +3 -3
  68. package/dist/{entropy-RXESIYKC.js → entropy-PBYSIQYS.js} +3 -3
  69. package/dist/{feedback-HS7ZYXOU.js → feedback-OTIFW5MK.js} +1 -1
  70. package/dist/{generate-agent-definitions-I4B7CVOB.js → generate-agent-definitions-CZGUXIIN.js} +4 -4
  71. package/dist/{graph-loader-TIVI6NQ7.js → graph-loader-RDXSEBD7.js} +1 -1
  72. package/dist/index.js +27 -27
  73. package/dist/{loader-CWAH6B4H.js → loader-UZOXCWFC.js} +3 -3
  74. package/dist/{mcp-KHK5KYER.js → mcp-GWVVV6LH.js} +16 -15
  75. package/dist/{performance-WDW5WS3J.js → performance-5UQPP3XX.js} +4 -4
  76. package/dist/{review-pipeline-QOZGWCTY.js → review-pipeline-65V4EO6O.js} +3 -3
  77. package/dist/{runtime-SFEFRPLX.js → runtime-PXX7HNB3.js} +3 -3
  78. package/dist/{scan-IJ7EYTF7.js → scan-WM7XDUF7.js} +1 -1
  79. package/dist/{security-2K7UUK6T.js → security-CAYDRZIZ.js} +1 -1
  80. package/dist/{validate-HXM6DXRZ.js → validate-CWGXR7QM.js} +4 -4
  81. package/dist/{validate-cross-check-ULQLEOME.js → validate-cross-check-BKCNLZYG.js} +3 -3
  82. package/package.json +4 -4
  83. package/dist/agents/commands/claude-code/harness/harness.md +0 -36
  84. package/dist/agents/commands/codex/AGENTS.md +0 -39
  85. package/dist/agents/commands/codex/harness/add-harness-component/SKILL.md +0 -204
  86. package/dist/agents/commands/codex/harness/add-harness-component/agents/openai.yaml +0 -3
  87. package/dist/agents/commands/codex/harness/cleanup-dead-code/SKILL.md +0 -257
  88. package/dist/agents/commands/codex/harness/cleanup-dead-code/agents/openai.yaml +0 -3
  89. package/dist/agents/commands/codex/harness/detect-doc-drift/SKILL.md +0 -191
  90. package/dist/agents/commands/codex/harness/detect-doc-drift/agents/openai.yaml +0 -3
  91. package/dist/agents/commands/codex/harness/enforce-architecture/SKILL.md +0 -289
  92. package/dist/agents/commands/codex/harness/enforce-architecture/agents/openai.yaml +0 -3
  93. package/dist/agents/commands/codex/harness/harness-architecture-advisor/SKILL.md +0 -442
  94. package/dist/agents/commands/codex/harness/harness-architecture-advisor/agents/openai.yaml +0 -3
  95. package/dist/agents/commands/codex/harness/harness-autopilot/SKILL.md +0 -929
  96. package/dist/agents/commands/codex/harness/harness-autopilot/agents/openai.yaml +0 -3
  97. package/dist/agents/commands/codex/harness/harness-brainstorming/SKILL.md +0 -418
  98. package/dist/agents/commands/codex/harness/harness-brainstorming/agents/openai.yaml +0 -3
  99. package/dist/agents/commands/codex/harness/harness-code-review/SKILL.md +0 -850
  100. package/dist/agents/commands/codex/harness/harness-code-review/agents/openai.yaml +0 -3
  101. package/dist/agents/commands/codex/harness/harness-codebase-cleanup/SKILL.md +0 -236
  102. package/dist/agents/commands/codex/harness/harness-codebase-cleanup/agents/openai.yaml +0 -3
  103. package/dist/agents/commands/codex/harness/harness-debugging/SKILL.md +0 -378
  104. package/dist/agents/commands/codex/harness/harness-debugging/agents/openai.yaml +0 -3
  105. package/dist/agents/commands/codex/harness/harness-dependency-health/SKILL.md +0 -190
  106. package/dist/agents/commands/codex/harness/harness-dependency-health/agents/openai.yaml +0 -3
  107. package/dist/agents/commands/codex/harness/harness-docs-pipeline/SKILL.md +0 -472
  108. package/dist/agents/commands/codex/harness/harness-docs-pipeline/agents/openai.yaml +0 -3
  109. package/dist/agents/commands/codex/harness/harness-execution/SKILL.md +0 -522
  110. package/dist/agents/commands/codex/harness/harness-execution/agents/openai.yaml +0 -3
  111. package/dist/agents/commands/codex/harness/harness-hotspot-detector/SKILL.md +0 -172
  112. package/dist/agents/commands/codex/harness/harness-hotspot-detector/agents/openai.yaml +0 -3
  113. package/dist/agents/commands/codex/harness/harness-impact-analysis/SKILL.md +0 -195
  114. package/dist/agents/commands/codex/harness/harness-impact-analysis/agents/openai.yaml +0 -3
  115. package/dist/agents/commands/codex/harness/harness-integrity/SKILL.md +0 -178
  116. package/dist/agents/commands/codex/harness/harness-integrity/agents/openai.yaml +0 -3
  117. package/dist/agents/commands/codex/harness/harness-onboarding/SKILL.md +0 -299
  118. package/dist/agents/commands/codex/harness/harness-onboarding/agents/openai.yaml +0 -3
  119. package/dist/agents/commands/codex/harness/harness-perf/SKILL.md +0 -272
  120. package/dist/agents/commands/codex/harness/harness-perf/agents/openai.yaml +0 -3
  121. package/dist/agents/commands/codex/harness/harness-planning/SKILL.md +0 -592
  122. package/dist/agents/commands/codex/harness/harness-planning/agents/openai.yaml +0 -3
  123. package/dist/agents/commands/codex/harness/harness-refactoring/SKILL.md +0 -181
  124. package/dist/agents/commands/codex/harness/harness-refactoring/agents/openai.yaml +0 -3
  125. package/dist/agents/commands/codex/harness/harness-release-readiness/SKILL.md +0 -701
  126. package/dist/agents/commands/codex/harness/harness-release-readiness/agents/openai.yaml +0 -3
  127. package/dist/agents/commands/codex/harness/harness-roadmap/SKILL.md +0 -607
  128. package/dist/agents/commands/codex/harness/harness-roadmap/agents/openai.yaml +0 -3
  129. package/dist/agents/commands/codex/harness/harness-security-scan/SKILL.md +0 -147
  130. package/dist/agents/commands/codex/harness/harness-security-scan/agents/openai.yaml +0 -3
  131. package/dist/agents/commands/codex/harness/harness-skill-authoring/SKILL.md +0 -314
  132. package/dist/agents/commands/codex/harness/harness-skill-authoring/agents/openai.yaml +0 -3
  133. package/dist/agents/commands/codex/harness/harness-soundness-review/SKILL.md +0 -1280
  134. package/dist/agents/commands/codex/harness/harness-soundness-review/agents/openai.yaml +0 -3
  135. package/dist/agents/commands/codex/harness/harness-supply-chain-audit/SKILL.md +0 -255
  136. package/dist/agents/commands/codex/harness/harness-supply-chain-audit/agents/openai.yaml +0 -3
  137. package/dist/agents/commands/codex/harness/harness-tdd/SKILL.md +0 -189
  138. package/dist/agents/commands/codex/harness/harness-tdd/agents/openai.yaml +0 -3
  139. package/dist/agents/commands/codex/harness/harness-test-advisor/SKILL.md +0 -171
  140. package/dist/agents/commands/codex/harness/harness-test-advisor/agents/openai.yaml +0 -3
  141. package/dist/agents/commands/codex/harness/harness-verification/SKILL.md +0 -433
  142. package/dist/agents/commands/codex/harness/harness-verification/agents/openai.yaml +0 -3
  143. package/dist/agents/commands/codex/harness/harness-verify/SKILL.md +0 -170
  144. package/dist/agents/commands/codex/harness/harness-verify/agents/openai.yaml +0 -3
  145. package/dist/agents/commands/codex/harness/initialize-harness-project/SKILL.md +0 -244
  146. package/dist/agents/commands/codex/harness/initialize-harness-project/agents/openai.yaml +0 -3
  147. package/dist/agents/commands/cursor/harness/add-harness-component.mdc +0 -200
  148. package/dist/agents/commands/cursor/harness/cleanup-dead-code.mdc +0 -253
  149. package/dist/agents/commands/cursor/harness/detect-doc-drift.mdc +0 -187
  150. package/dist/agents/commands/cursor/harness/enforce-architecture.mdc +0 -304
  151. package/dist/agents/commands/cursor/harness/harness-architecture-advisor.mdc +0 -457
  152. package/dist/agents/commands/cursor/harness/harness-autopilot.mdc +0 -924
  153. package/dist/agents/commands/cursor/harness/harness-brainstorming.mdc +0 -414
  154. package/dist/agents/commands/cursor/harness/harness-code-review.mdc +0 -865
  155. package/dist/agents/commands/cursor/harness/harness-codebase-cleanup.mdc +0 -232
  156. package/dist/agents/commands/cursor/harness/harness-debugging.mdc +0 -374
  157. package/dist/agents/commands/cursor/harness/harness-dependency-health.mdc +0 -187
  158. package/dist/agents/commands/cursor/harness/harness-docs-pipeline.mdc +0 -468
  159. package/dist/agents/commands/cursor/harness/harness-execution.mdc +0 -518
  160. package/dist/agents/commands/cursor/harness/harness-hotspot-detector.mdc +0 -169
  161. package/dist/agents/commands/cursor/harness/harness-impact-analysis.mdc +0 -192
  162. package/dist/agents/commands/cursor/harness/harness-integrity.mdc +0 -175
  163. package/dist/agents/commands/cursor/harness/harness-onboarding.mdc +0 -296
  164. package/dist/agents/commands/cursor/harness/harness-perf.mdc +0 -268
  165. package/dist/agents/commands/cursor/harness/harness-planning.mdc +0 -587
  166. package/dist/agents/commands/cursor/harness/harness-refactoring.mdc +0 -177
  167. package/dist/agents/commands/cursor/harness/harness-release-readiness.mdc +0 -697
  168. package/dist/agents/commands/cursor/harness/harness-roadmap.mdc +0 -603
  169. package/dist/agents/commands/cursor/harness/harness-security-scan.mdc +0 -162
  170. package/dist/agents/commands/cursor/harness/harness-skill-authoring.mdc +0 -300
  171. package/dist/agents/commands/cursor/harness/harness-soundness-review.mdc +0 -1275
  172. package/dist/agents/commands/cursor/harness/harness-supply-chain-audit.mdc +0 -252
  173. package/dist/agents/commands/cursor/harness/harness-tdd.mdc +0 -185
  174. package/dist/agents/commands/cursor/harness/harness-test-advisor.mdc +0 -168
  175. package/dist/agents/commands/cursor/harness/harness-verification.mdc +0 -429
  176. package/dist/agents/commands/cursor/harness/harness-verify.mdc +0 -167
  177. package/dist/agents/commands/cursor/harness/initialize-harness-project.mdc +0 -240
  178. package/dist/agents/commands/gemini-cli/harness/harness.toml +0 -277
  179. package/dist/{chunk-RRHUCDRD.js → chunk-ZP5E7YET.js} +3 -3
@@ -1,169 +0,0 @@
1
- ---
2
- description: Identify structural risk hotspots via co-change and churn analysis
3
- alwaysApply: false
4
- ---
5
-
6
- <!-- Generated by harness generate-slash-commands. Do not edit. -->
7
-
8
- # Harness Hotspot Detector
9
-
10
- > Identify modules that represent structural risk via co-change and churn analysis.
11
-
12
- ## When to Use
13
-
14
- - Weekly scheduled analysis to track codebase risk
15
- - Before major refactoring — find the riskiest areas
16
- - When investigating why changes keep breaking unrelated features
17
- - NOT for finding dead code (use cleanup-dead-code)
18
- - NOT for checking architecture rules (use enforce-architecture)
19
-
20
- ## Prerequisites
21
-
22
- A knowledge graph at `.harness/graph/` with git history enables full analysis. If no graph exists,
23
- the skill uses static analysis fallbacks (see Graph Availability section).
24
- Run `harness scan` to enable graph-enhanced analysis.
25
-
26
- ### Graph Availability
27
-
28
- Before starting, check if `.harness/graph/graph.json` exists.
29
-
30
- **If graph exists:** Use graph tools as primary strategy. (Staleness sensitivity: **Low** — never auto-refresh.
31
- Git-based churn data in the graph remains useful even when slightly stale.)
32
-
33
- **If graph exists and is fresh (or refreshed):** Use graph tools as primary strategy.
34
-
35
- **If no graph exists:** Output "Running without graph (run `harness scan` to
36
- enable full analysis)" and use fallback strategies for all subsequent steps.
37
-
38
- ## Process
39
-
40
- ### Phase 1: CO-CHANGE — Analyze Co-Change Patterns
41
-
42
- Query the graph for `co_changes_with` edges (created by GitIngestor):
43
-
44
- ```
45
- query_graph(rootNodeIds=[all file nodes], includeEdges=["co_changes_with"])
46
- ```
47
-
48
- Identify file pairs that frequently change together:
49
-
50
- - **Co-located pairs** (same directory): Normal — they share a concern.
51
- - **Distant pairs** (different modules): Suspicious — may indicate hidden coupling.
52
-
53
- Flag distant co-change pairs as potential hotspots.
54
-
55
- ### Phase 2: CHURN — Identify High-Churn Files
56
-
57
- Query commit nodes to find files with the highest change frequency:
58
-
59
- ```
60
- query_graph(rootNodeIds=[commit nodes], includeTypes=["commit", "file"], includeEdges=["co_changes_with"])
61
- ```
62
-
63
- Rank files by:
64
-
65
- - Total commit count touching the file
66
- - Recent velocity (commits in last 30 days vs prior 30 days)
67
- - Change size (total lines added + deleted)
68
-
69
- High churn in shared utilities or core modules = high risk.
70
-
71
- #### Fallback (without graph)
72
-
73
- When no graph is available, git log provides nearly all the data needed (~90% completeness):
74
-
75
- 1. **Per-file churn**: `git log --format="%H" -- <file>` for each source file (use glob to enumerate). Count commits per file. Sort descending to rank by churn.
76
- 2. **Recent velocity**: `git log --since="30 days ago" --format="%H" -- <file>` vs `git log --since="60 days ago" --until="30 days ago" --format="%H" -- <file>` to compare recent vs prior 30-day windows.
77
- 3. **Co-change detection**: `git log --format="%H %n" --name-only` to build a map of which files changed together in the same commit. File pairs that appear together in >3 commits are co-change candidates.
78
- 4. **Distant co-change identification**: For co-change pairs, check if they share a parent directory (co-located = normal) or are in different modules (distant = suspicious).
79
- 5. **Complexity proxy**: Use line count (`wc -l`) as a rough proxy for complexity when graph complexity metrics are unavailable.
80
- 6. **Hidden dependency detection**: Cross-reference co-change pairs against import parsing (grep for import statements). Co-change pairs with no import relationship indicate hidden dependencies.
81
-
82
- > Fallback completeness: ~90% — git log provides nearly all the data the graph stores for this use case.
83
-
84
- ### Phase 3: COUPLING — Detect Hidden Dependencies
85
-
86
- Cross-reference co-change data with structural data:
87
-
88
- 1. **High logical coupling, low structural coupling**: Files that always change together but have no `imports` edge between them. This indicates a hidden dependency — changing one requires changing the other, but the code doesn't express this relationship.
89
-
90
- 2. **High structural coupling, low logical coupling**: Files with `imports` edges but that rarely change together. This may indicate over-coupling — the import exists but the relationship is weak.
91
-
92
- Use `get_relationships` to check structural edges between co-change pairs.
93
-
94
- ### Phase 4: REPORT — Generate Ranked Hotspot Report
95
-
96
- ```
97
- ## Hotspot Analysis Report
98
-
99
- ### Risk Hotspots (ranked by risk score)
100
-
101
- 1. **src/services/billing.ts** — Risk: HIGH
102
- - Churn: 23 commits (last 30 days: 8)
103
- - Co-changes with: src/types/invoice.ts (distant, 15 co-changes)
104
- - Hidden dependency: no imports edge to invoice.ts
105
- - Recommendation: Extract shared billing types or add explicit dependency
106
-
107
- 2. **src/utils/helpers.ts** — Risk: HIGH
108
- - Churn: 45 commits (highest in codebase)
109
- - Co-changes with: 12 different files across 4 modules
110
- - Recommendation: Split into domain-specific utilities to reduce blast radius
111
-
112
- 3. **src/middleware/auth.ts** — Risk: MEDIUM
113
- - Churn: 15 commits
114
- - Co-changes with: src/routes/login.ts (co-located, expected)
115
- - No hidden dependencies detected
116
-
117
- ### Summary
118
- - Total hotspots detected: 5
119
- - High risk: 2
120
- - Medium risk: 3
121
- - Hidden dependencies: 1
122
- ```
123
-
124
- ## Harness Integration
125
-
126
- - **`harness scan`** — Recommended before this skill for full graph-enhanced analysis. If graph is missing, skill uses git log fallbacks.
127
- - **`harness validate`** — Run after acting on findings to verify project health.
128
- - **Graph tools** — This skill uses `query_graph`, `get_impact`, and `get_relationships` MCP tools.
129
-
130
- ## Success Criteria
131
-
132
- - Hotspots ranked by composite risk score (churn + coupling)
133
- - Hidden dependencies identified (high co-change, no structural edge)
134
- - Co-change patterns detected and classified (co-located vs distant)
135
- - Report follows the structured output format
136
- - All findings are backed by graph query evidence (with graph) or git log analysis (without graph)
137
-
138
- ## Examples
139
-
140
- ### Example: Detecting Hotspots in a Growing Codebase
141
-
142
- ```
143
- Input: Scheduled weekly analysis on project root
144
-
145
- 1. CO-CHANGE — query_graph for co_changes_with edges
146
- Found 4 distant co-change pairs
147
- 2. CHURN — Ranked files by commit frequency
148
- billing.ts: 23 commits, helpers.ts: 45 commits
149
- 3. COUPLING — Cross-referenced co-change vs imports edges
150
- billing.ts <-> invoice.ts: 15 co-changes, no imports edge
151
- (hidden dependency detected)
152
- 4. REPORT — Ranked hotspots by risk score
153
-
154
- Output:
155
- Hotspots: 5 total (2 high, 3 medium)
156
- Hidden dependencies: 1 (billing.ts <-> invoice.ts)
157
- Top recommendation: Extract shared billing types
158
- ```
159
-
160
- ## Gates
161
-
162
- - **Graph preferred, fallback available.** If no graph exists, use git log for churn and co-change analysis. Do not stop — git log provides ~90% of the data needed.
163
- - **Systematic analysis required.** Use graph `co_changes_with` edges when available; use `git log` commit analysis when not. Do not guess — parse actual git history.
164
-
165
- ## Escalation
166
-
167
- - **When hidden dependencies found**: Recommend making the dependency explicit (add import) or extracting shared code.
168
- - **When a single file has >30 commits**: Flag as critical hotspot requiring architectural attention.
169
-
@@ -1,192 +0,0 @@
1
- ---
2
- description: Graph-based impact analysis — answers "if I change X, what breaks?"
3
- alwaysApply: false
4
- ---
5
-
6
- <!-- Generated by harness generate-slash-commands. Do not edit. -->
7
-
8
- # Harness Impact Analysis
9
-
10
- > Graph-based impact analysis. Answers: "if I change X, what breaks?"
11
-
12
- ## When to Use
13
-
14
- - Before merging a PR — understand the blast radius of changes
15
- - When planning a refactoring — know what will be affected
16
- - When a test fails — trace backwards to find what change caused it
17
- - When `on_pr` triggers fire
18
- - NOT for understanding code (use harness-onboarding or harness-code-review)
19
- - NOT for finding dead code (use cleanup-dead-code)
20
-
21
- ## Prerequisites
22
-
23
- A knowledge graph at `.harness/graph/` enables full analysis. If no graph exists,
24
- the skill uses static analysis fallbacks (see Graph Availability section).
25
- Run `harness scan` to enable graph-enhanced analysis.
26
-
27
- ### Graph Availability
28
-
29
- Before starting, check if `.harness/graph/graph.json` exists.
30
-
31
- **If graph exists:** Check staleness — compare `.harness/graph/metadata.json`
32
- scanTimestamp against `git log -1 --format=%ct` (latest commit timestamp).
33
- If graph is more than 2 commits behind (`git log --oneline <scanTimestamp>..HEAD | wc -l`),
34
- run `harness scan` to refresh before proceeding. (Staleness sensitivity: **High**)
35
-
36
- **If graph exists and is fresh (or refreshed):** Use graph tools as primary strategy.
37
-
38
- **If no graph exists:** Output "Running without graph (run `harness scan` to
39
- enable full analysis)" and use fallback strategies for all subsequent steps.
40
-
41
- ## Process
42
-
43
- ### Phase 1: IDENTIFY — Determine Changed Files
44
-
45
- 1. **From diff**: If a git diff is available, parse it to extract changed file paths.
46
- 2. **From input**: If file paths are provided directly, use those.
47
- 3. **From git**: If neither, use `git diff --name-only HEAD~1` to get recent changes.
48
-
49
- ### Phase 2: ANALYZE — Query Graph for Impact
50
-
51
- For each changed file:
52
-
53
- 1. **Direct dependents**: Use `get_impact` MCP tool to find all files that import or call the changed file.
54
-
55
- ```
56
- get_impact(filePath="src/services/auth.ts")
57
- → tests: [auth.test.ts, integration.test.ts]
58
- → docs: [auth-guide.md]
59
- → code: [routes/login.ts, middleware/verify.ts, ...]
60
- ```
61
-
62
- 2. **Transitive dependents**: Use `query_graph` with depth 3 to find indirect consumers.
63
-
64
- ```
65
- query_graph(rootNodeIds=["file:src/services/auth.ts"], maxDepth=3, includeEdges=["imports", "calls"])
66
- ```
67
-
68
- 3. **Documentation impact**: Use `get_relationships` to find `documents` edges pointing to changed nodes.
69
-
70
- 4. **Test coverage**: Identify test files connected via `imports` edges. Flag changed files with no test coverage.
71
-
72
- 5. **Design token impact**: When the graph contains `DesignToken` nodes, use `query_graph` with `USES_TOKEN` edges to find components that consume changed tokens.
73
-
74
- ```
75
- query_graph(rootNodeIds=["designtoken:color.primary"], maxDepth=2, includeEdges=["uses_token"])
76
- → components: [Button.tsx, Card.tsx, Header.tsx, ...]
77
- ```
78
-
79
- If a changed file is `design-system/tokens.json`, identify ALL tokens that changed and trace each to its consuming components. This reveals the full design blast radius of a token change.
80
-
81
- 6. **Design constraint impact**: When the graph contains `DesignConstraint` nodes, check if changed code introduces new `VIOLATES_DESIGN` edges.
82
-
83
- #### Fallback (without graph)
84
-
85
- When no graph is available, use static analysis to approximate impact:
86
-
87
- 1. **Parse imports**: For each changed file, grep all source files for `import.*from.*<changed-file>` and `require.*<changed-file>` patterns to find direct dependents.
88
- 2. **Follow imports 2 levels deep**: For each direct dependent found, repeat the import grep to find second-level dependents. Stop at 2 levels (fallback cannot reliably trace deeper).
89
- 3. **Find test files by naming convention**: For each changed file `foo.ts`, search for:
90
- - `foo.test.ts`, `foo.spec.ts` (same directory and `__tests__/` directory)
91
- - `*.test.*` and `*.spec.*` files that import the changed file (from step 1)
92
- 4. **Find docs by path matching**: Grep `docs/` directory for references to the changed module name (filename without extension).
93
- 5. **Group results** the same as the graph version: tests, docs, code, other. Note the count of files found.
94
-
95
- > Fallback completeness: ~70% — misses transitive deps beyond 2 levels.
96
-
97
- ### Phase 3: ASSESS — Risk Assessment and Report
98
-
99
- 1. **Impact score**: Calculate based on:
100
- - Number of direct dependents (weight: 3x)
101
- - Number of transitive dependents (weight: 1x)
102
- - Whether affected code includes entry points (weight: 5x)
103
- - Whether tests exist for the changed code (no tests = higher risk)
104
- - Whether design tokens are affected (weight: 2x — token changes cascade to all consumers)
105
-
106
- 2. **Risk tiers**:
107
- - **Critical** (score > 50): Changes affect entry points or >20 downstream files
108
- - **High** (score 20-50): Changes affect multiple modules or shared utilities
109
- - **Medium** (score 5-20): Changes affect a few files within the same module
110
- - **Low** (score < 5): Changes are isolated with minimal downstream impact
111
-
112
- 3. **Output report**:
113
-
114
- ```
115
- ## Impact Analysis Report
116
-
117
- ### Changed Files
118
- - src/services/auth.ts (modified)
119
- - src/types/user.ts (modified)
120
-
121
- ### Impact Summary
122
- - Direct dependents: 8 files
123
- - Transitive dependents: 23 files
124
- - Affected tests: 5 files
125
- - Affected docs: 2 files
126
- - Risk tier: HIGH
127
-
128
- ### Affected Tests (must run)
129
- 1. tests/services/auth.test.ts (direct)
130
- 2. tests/routes/login.test.ts (transitive)
131
- 3. tests/integration/auth-flow.test.ts (transitive)
132
-
133
- ### Affected Documentation (may need update)
134
- 1. docs/auth-guide.md → documents src/services/auth.ts
135
- 2. docs/api-reference.md → documents src/types/user.ts
136
-
137
- ### Downstream Consumers
138
- 1. src/routes/login.ts — imports auth.ts
139
- 2. src/middleware/verify.ts — imports auth.ts
140
- 3. src/routes/signup.ts — imports user.ts (transitive via auth.ts)
141
-
142
- ### Affected Design Tokens (when tokens change)
143
- 1. color.primary → used by 12 components
144
- 2. typography.body → used by 8 components
145
- ```
146
-
147
- ## Harness Integration
148
-
149
- - **`harness scan`** — Recommended before this skill for full graph-enhanced analysis. If graph is missing, skill uses static analysis fallbacks.
150
- - **`harness validate`** — Run after acting on findings to verify project health.
151
- - **Graph tools** — This skill uses `query_graph`, `get_impact`, and `get_relationships` MCP tools.
152
-
153
- ## Success Criteria
154
-
155
- - Impact report generated with a risk tier (Critical / High / Medium / Low)
156
- - All affected test files listed with direct vs transitive classification
157
- - All affected documentation files listed with relationship context
158
- - Report follows the structured output format
159
- - All findings are backed by graph query evidence (with graph) or systematic static analysis (without graph)
160
-
161
- ## Examples
162
-
163
- ### Example: Analyzing a Change to auth.ts
164
-
165
- ```
166
- Input: git diff shows src/services/auth.ts modified
167
-
168
- 1. IDENTIFY — Extract changed file: src/services/auth.ts
169
- 2. ANALYZE — get_impact(filePath="src/services/auth.ts")
170
- query_graph(rootNodeIds=["file:src/services/auth.ts"], maxDepth=3)
171
- Results: 8 direct dependents, 23 transitive, 5 tests, 2 docs
172
- 3. ASSESS — Impact score: 34 (High tier)
173
- - Entry points affected: no
174
- - Tests exist: yes (5 files)
175
-
176
- Output:
177
- Risk tier: HIGH
178
- Must-run tests: auth.test.ts, login.test.ts, auth-flow.test.ts
179
- Docs to update: auth-guide.md, api-reference.md
180
- Downstream consumers: 8 files across 3 modules
181
- ```
182
-
183
- ## Gates
184
-
185
- - **Graph preferred, fallback available.** If no graph exists, use fallback strategies (import parsing, naming conventions, path matching). Do not stop — produce the best analysis possible with available tools.
186
- - **No risk assessment without data.** Use graph queries when available; use import parsing and naming conventions when not. If neither approach yields data, state what is missing.
187
-
188
- ## Escalation
189
-
190
- - **When graph is stale**: If the graph's last scan timestamp is older than the most recent commit, warn that results may be incomplete and suggest re-scanning.
191
- - **When impact is critical**: If risk tier is Critical, recommend a thorough code review and full test suite run before merging.
192
-
@@ -1,175 +0,0 @@
1
- ---
2
- description: Unified integrity gate — chains verify (quick gate) with AI review into a single report
3
- alwaysApply: false
4
- ---
5
-
6
- <!-- Generated by harness generate-slash-commands. Do not edit. -->
7
-
8
- # Harness Integrity
9
-
10
- > Unified integrity gate — single invocation chains mechanical verification with AI-powered code review and produces a consolidated pass/fail report.
11
-
12
- ## When to Use
13
-
14
- - Before opening or merging a pull request
15
- - At project milestones as a comprehensive quality check
16
- - When you need a single authoritative answer: "is this code ready to ship?"
17
- - NOT after every task (use `harness-verify` for quick post-task checks)
18
- - NOT for deep architectural audits (use `harness-verification` for that)
19
-
20
- ## Relationship to Other Skills
21
-
22
- | Skill | What It Does | Scope | Time |
23
- | ---------------------------- | ---------------------------------------------- | ---------------------- | ----- |
24
- | **harness-verify** | Mechanical only: typecheck, lint, test | Exit codes | ~30s |
25
- | **harness-code-review** | AI only: change-type-aware review | LLM analysis | ~2min |
26
- | **harness-integrity** (this) | Both: verify + code-review unified | Full pipeline | ~3min |
27
- | **harness-verification** | Deep audit: architecture, patterns, edge cases | Thorough investigation | ~5min |
28
-
29
- `harness-integrity` is the standard pre-PR gate. It runs the fast mechanical checks first, then layers on AI review, and produces a single consolidated report.
30
-
31
- ## Process
32
-
33
- ### Phase 1: VERIFY
34
-
35
- Invoke `harness-verify` to run the mechanical quick gate.
36
-
37
- 1. Delegate entirely to `harness-verify` — typecheck, lint, test.
38
- 2. Capture the structured result (PASS/FAIL per check).
39
- 3. **If ALL three checks FAIL**, stop here. Do not proceed to Phase 2. The code is not in a reviewable state.
40
- 4. If at least one check passes (or some are skipped), proceed to Phase 2.
41
-
42
- ### Phase 1.5: SECURITY SCAN
43
-
44
- Run the built-in security scanner as a mechanical check between verification and AI review.
45
-
46
- 1. Use `run_security_scan` MCP tool against the project root (or changed files if available).
47
- 2. Capture findings by severity: errors, warnings, info.
48
- 3. **Error-severity security findings are blocking** — they cause the overall integrity check to FAIL, same as a test failure.
49
- 4. Warning/info findings are included in the report but do not block.
50
-
51
- ### Phase 1.7: DESIGN HEALTH (conditional)
52
-
53
- When the project has `design` configured in `harness.config.json`:
54
-
55
- 1. Run `harness-design` in review mode to check existing components against design intent and anti-patterns.
56
- 2. Run `harness-accessibility` in scan+evaluate mode to check WCAG compliance.
57
- 3. Combine findings into a design health summary:
58
- - Error count (blocking, based on strictness)
59
- - Warning count (non-blocking)
60
- - Info count (advisory)
61
- 4. **Error-severity design findings are blocking** in `strict` mode only. In `standard` and `permissive` modes, design findings do not block.
62
- 5. If no `design` block exists, skip this phase entirely.
63
-
64
- ### Phase 1.8: I18N SCAN (conditional)
65
-
66
- When the project has `i18n.enabled: true` in `harness.config.json`:
67
-
68
- 1. Run `harness-i18n` in scan mode to detect hardcoded strings, missing translations, locale-sensitive formatting issues, and RTL violations.
69
- 2. Combine findings into an i18n health summary:
70
- - Error count (blocking, based on `i18n.strictness`)
71
- - Warning count (non-blocking)
72
- - Info count (advisory)
73
- 3. **Error-severity i18n findings are blocking** in `strict` mode only. In `standard` and `permissive` modes, i18n findings do not block.
74
- 4. If no `i18n` block exists or `i18n.enabled` is false, skip this phase entirely.
75
-
76
- ### Phase 2: REVIEW
77
-
78
- Run change-type-aware AI review using `harness-code-review`.
79
-
80
- 1. Detect the change type if not provided: `feature`, `bugfix`, `refactor`, or `docs`.
81
- 2. Invoke `harness-code-review` with the detected change type.
82
- 3. Capture the review findings: suggestions, blocking issues, and notes.
83
- 4. A review finding is "blocking" only if it would cause a runtime error, data loss, or security vulnerability.
84
- 5. The AI review includes a security-focused pass that complements the mechanical scanner — checking for semantic issues like user input flowing to dangerous sinks across function boundaries.
85
-
86
- ### Phase 3: REPORT
87
-
88
- Produce a unified integrity report in this exact format:
89
-
90
- ```
91
- Integrity Check: [PASS/FAIL]
92
- - Tests: [PASS/FAIL/SKIPPED]
93
- - Lint: [PASS/FAIL/SKIPPED]
94
- - Types: [PASS/FAIL/SKIPPED]
95
- - Security: [PASS/WARN/FAIL] ([count] errors, [count] warnings)
96
- - Design: [PASS/WARN/FAIL/SKIPPED] ([count] errors, [count] warnings)
97
- - i18n: [PASS/WARN/FAIL/SKIPPED] ([count] errors, [count] warnings)
98
- - Review: [PASS/FAIL] ([count] suggestions, [count] blocking)
99
-
100
- Overall: [PASS/FAIL]
101
- ```
102
-
103
- Rules:
104
-
105
- - Overall `PASS` requires: all non-skipped mechanical checks pass AND zero blocking review findings AND zero blocking design findings (strict mode only) AND zero blocking i18n findings (strict mode only).
106
- - Any mechanical failure OR any blocking review finding means `FAIL`.
107
- - On FAIL, include a summary section listing each failure reason.
108
- - Non-blocking review suggestions are noted but do not cause FAIL.
109
-
110
- ## Deterministic Checks
111
-
112
- - **Phase 1 is fully deterministic.** Exit codes determine pass/fail with no interpretation.
113
- - **Phase 2 involves LLM judgment.** The AI review may produce different results on repeated runs. Only "blocking" findings (runtime errors, data loss, security) affect the overall result.
114
-
115
- ## Harness Integration
116
-
117
- - Chains harness-verify (mechanical) and harness-code-review (AI) into a unified pipeline
118
- - Follows Principle 7 — deterministic checks always run first
119
- - Consumes change-type detection from harness-code-review for per-type checklists
120
- - Output can be written to `.harness/integrity-report.md` for CI integration
121
- - Invokes `harness-design` and `harness-accessibility` for design health when `design` config exists
122
- - Design strictness from config controls whether design findings block the overall result
123
- - Invokes `harness-i18n` for i18n compliance when `i18n.enabled` is true in config. i18n strictness controls whether findings block the overall result.
124
-
125
- ## Success Criteria
126
-
127
- - [ ] Mechanical verification ran and produced structured results
128
- - [ ] AI review ran with change-type awareness
129
- - [ ] Unified report follows the exact format
130
- - [ ] Overall verdict correctly reflects both mechanical and review results
131
-
132
- ## Examples
133
-
134
- ### Example: All Clear
135
-
136
- ```
137
- Integrity Check: PASS
138
- - Tests: PASS (42/42)
139
- - Lint: PASS (0 warnings)
140
- - Types: PASS
141
- - Security: PASS (0 errors, 0 warnings)
142
- - Design: PASS (0 errors, 0 warnings)
143
- - i18n: PASS (0 errors, 0 warnings)
144
- - Review: 1 suggestion (0 blocking)
145
- ```
146
-
147
- ### Example: Security Blocking Issue
148
-
149
- ```
150
- Integrity Check: FAIL
151
- - Tests: PASS (42/42)
152
- - Lint: PASS
153
- - Types: PASS
154
- - Security: FAIL (1 error, 0 warnings)
155
- - [SEC-INJ-002] src/auth/login.ts:42 — SQL query built with string concatenation
156
- - Design: WARN (0 errors, 2 warnings)
157
- - i18n: SKIPPED
158
- - Review: 3 findings (1 blocking)
159
-
160
- Blocking: [SEC-INJ-002] SQL injection — user input passed directly to query without parameterization.
161
- ```
162
-
163
- ## Gates
164
-
165
- - **Mechanical first.** Always run Phase 1 before Phase 2. If the code does not compile or pass basic checks, AI review is wasted effort (unless partial results exist).
166
- - **No partial reports.** The report must include results from all phases that were executed. Do not output Phase 1 results without attempting Phase 2 (unless the all-fail early stop triggers).
167
- - **Fresh execution only.** Do not reuse cached results. Run everything from scratch each time.
168
-
169
- ## Escalation
170
-
171
- - **All checks fail:** If typecheck, lint, and test all fail in Phase 1, stop immediately. Report the failures and skip Phase 2. The code needs basic fixes before review is worthwhile.
172
- - **Architectural concerns:** If the AI review identifies architectural concerns, note them in the report but do not mark them as blocking. Architectural decisions require human judgment.
173
- - **Timeout:** Phase 1 inherits the 120-second per-command timeout from `harness-verify`. Phase 2 has a 180-second timeout for the AI review.
174
- - **Missing dependencies:** If `harness-verify` or `harness-code-review` skills are unavailable, report the missing dependency and mark the corresponding phase as `ERROR`.
175
-