@harness-engineering/cli 1.26.1 → 1.27.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/dist/agents/skills/claude-code/cleanup-dead-code/SKILL.md +3 -1
  2. package/dist/agents/skills/claude-code/detect-doc-drift/SKILL.md +3 -1
  3. package/dist/agents/skills/claude-code/harness-architecture-advisor/SKILL.md +4 -0
  4. package/dist/agents/skills/claude-code/harness-autopilot/SKILL.md +55 -24
  5. package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +16 -5
  6. package/dist/agents/skills/claude-code/harness-code-review/SKILL.md +21 -6
  7. package/dist/agents/skills/claude-code/harness-codebase-cleanup/SKILL.md +2 -0
  8. package/dist/agents/skills/claude-code/harness-debugging/SKILL.md +13 -1
  9. package/dist/agents/skills/claude-code/harness-dependency-health/SKILL.md +4 -0
  10. package/dist/agents/skills/claude-code/harness-execution/SKILL.md +16 -6
  11. package/dist/agents/skills/claude-code/harness-impact-analysis/SKILL.md +2 -0
  12. package/dist/agents/skills/claude-code/harness-integration/SKILL.md +560 -0
  13. package/dist/agents/skills/claude-code/harness-integration/skill.yaml +65 -0
  14. package/dist/agents/skills/claude-code/harness-integrity/SKILL.md +2 -0
  15. package/dist/agents/skills/claude-code/harness-onboarding/SKILL.md +4 -0
  16. package/dist/agents/skills/claude-code/harness-perf/SKILL.md +9 -7
  17. package/dist/agents/skills/claude-code/harness-planning/SKILL.md +77 -10
  18. package/dist/agents/skills/claude-code/harness-refactoring/SKILL.md +13 -4
  19. package/dist/agents/skills/claude-code/harness-security-scan/SKILL.md +3 -1
  20. package/dist/agents/skills/claude-code/harness-soundness-review/SKILL.md +4 -0
  21. package/dist/agents/skills/claude-code/harness-tdd/SKILL.md +5 -2
  22. package/dist/agents/skills/claude-code/harness-verification/SKILL.md +4 -0
  23. package/dist/agents/skills/codex/cleanup-dead-code/SKILL.md +3 -1
  24. package/dist/agents/skills/codex/detect-doc-drift/SKILL.md +3 -1
  25. package/dist/agents/skills/codex/harness-architecture-advisor/SKILL.md +4 -0
  26. package/dist/agents/skills/codex/harness-autopilot/SKILL.md +55 -24
  27. package/dist/agents/skills/codex/harness-brainstorming/SKILL.md +16 -5
  28. package/dist/agents/skills/codex/harness-code-review/SKILL.md +21 -6
  29. package/dist/agents/skills/codex/harness-codebase-cleanup/SKILL.md +2 -0
  30. package/dist/agents/skills/codex/harness-debugging/SKILL.md +13 -1
  31. package/dist/agents/skills/codex/harness-dependency-health/SKILL.md +4 -0
  32. package/dist/agents/skills/codex/harness-execution/SKILL.md +16 -6
  33. package/dist/agents/skills/codex/harness-impact-analysis/SKILL.md +2 -0
  34. package/dist/agents/skills/codex/harness-integration/SKILL.md +560 -0
  35. package/dist/agents/skills/codex/harness-integration/skill.yaml +65 -0
  36. package/dist/agents/skills/codex/harness-integrity/SKILL.md +2 -0
  37. package/dist/agents/skills/codex/harness-onboarding/SKILL.md +4 -0
  38. package/dist/agents/skills/codex/harness-perf/SKILL.md +9 -7
  39. package/dist/agents/skills/codex/harness-planning/SKILL.md +77 -10
  40. package/dist/agents/skills/codex/harness-refactoring/SKILL.md +13 -4
  41. package/dist/agents/skills/codex/harness-security-scan/SKILL.md +3 -1
  42. package/dist/agents/skills/codex/harness-soundness-review/SKILL.md +4 -0
  43. package/dist/agents/skills/codex/harness-tdd/SKILL.md +5 -2
  44. package/dist/agents/skills/codex/harness-verification/SKILL.md +4 -0
  45. package/dist/agents/skills/cursor/cleanup-dead-code/SKILL.md +3 -1
  46. package/dist/agents/skills/cursor/detect-doc-drift/SKILL.md +3 -1
  47. package/dist/agents/skills/cursor/harness-architecture-advisor/SKILL.md +4 -0
  48. package/dist/agents/skills/cursor/harness-autopilot/SKILL.md +55 -24
  49. package/dist/agents/skills/cursor/harness-brainstorming/SKILL.md +16 -5
  50. package/dist/agents/skills/cursor/harness-code-review/SKILL.md +21 -6
  51. package/dist/agents/skills/cursor/harness-codebase-cleanup/SKILL.md +2 -0
  52. package/dist/agents/skills/cursor/harness-debugging/SKILL.md +13 -1
  53. package/dist/agents/skills/cursor/harness-dependency-health/SKILL.md +4 -0
  54. package/dist/agents/skills/cursor/harness-execution/SKILL.md +16 -6
  55. package/dist/agents/skills/cursor/harness-impact-analysis/SKILL.md +2 -0
  56. package/dist/agents/skills/cursor/harness-integration/SKILL.md +560 -0
  57. package/dist/agents/skills/cursor/harness-integration/skill.yaml +65 -0
  58. package/dist/agents/skills/cursor/harness-integrity/SKILL.md +2 -0
  59. package/dist/agents/skills/cursor/harness-onboarding/SKILL.md +4 -0
  60. package/dist/agents/skills/cursor/harness-perf/SKILL.md +9 -7
  61. package/dist/agents/skills/cursor/harness-planning/SKILL.md +77 -10
  62. package/dist/agents/skills/cursor/harness-refactoring/SKILL.md +13 -4
  63. package/dist/agents/skills/cursor/harness-security-scan/SKILL.md +3 -1
  64. package/dist/agents/skills/cursor/harness-soundness-review/SKILL.md +4 -0
  65. package/dist/agents/skills/cursor/harness-tdd/SKILL.md +5 -2
  66. package/dist/agents/skills/cursor/harness-verification/SKILL.md +4 -0
  67. package/dist/agents/skills/gemini-cli/cleanup-dead-code/SKILL.md +3 -1
  68. package/dist/agents/skills/gemini-cli/detect-doc-drift/SKILL.md +3 -1
  69. package/dist/agents/skills/gemini-cli/harness-architecture-advisor/SKILL.md +4 -0
  70. package/dist/agents/skills/gemini-cli/harness-autopilot/SKILL.md +55 -24
  71. package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +16 -5
  72. package/dist/agents/skills/gemini-cli/harness-code-review/SKILL.md +21 -6
  73. package/dist/agents/skills/gemini-cli/harness-codebase-cleanup/SKILL.md +2 -0
  74. package/dist/agents/skills/gemini-cli/harness-debugging/SKILL.md +13 -1
  75. package/dist/agents/skills/gemini-cli/harness-dependency-health/SKILL.md +4 -0
  76. package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +16 -6
  77. package/dist/agents/skills/gemini-cli/harness-impact-analysis/SKILL.md +2 -0
  78. package/dist/agents/skills/gemini-cli/harness-integration/SKILL.md +560 -0
  79. package/dist/agents/skills/gemini-cli/harness-integration/skill.yaml +65 -0
  80. package/dist/agents/skills/gemini-cli/harness-integrity/SKILL.md +2 -0
  81. package/dist/agents/skills/gemini-cli/harness-onboarding/SKILL.md +4 -0
  82. package/dist/agents/skills/gemini-cli/harness-perf/SKILL.md +9 -7
  83. package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +77 -10
  84. package/dist/agents/skills/gemini-cli/harness-refactoring/SKILL.md +13 -4
  85. package/dist/agents/skills/gemini-cli/harness-security-scan/SKILL.md +3 -1
  86. package/dist/agents/skills/gemini-cli/harness-soundness-review/SKILL.md +4 -0
  87. package/dist/agents/skills/gemini-cli/harness-tdd/SKILL.md +5 -2
  88. package/dist/agents/skills/gemini-cli/harness-verification/SKILL.md +4 -0
  89. package/dist/{agents-md-VI3HLR7E.js → agents-md-2RN666DE.js} +3 -3
  90. package/dist/{architecture-ZDDKEVID.js → architecture-ZR33YKJB.js} +4 -4
  91. package/dist/{assess-project-Y6W7YDUA.js → assess-project-LLWWEQEV.js} +1 -1
  92. package/dist/bin/harness-mcp.js +17 -16
  93. package/dist/bin/harness.js +27 -26
  94. package/dist/{business-knowledge-6RHYJOB3.js → business-knowledge-EISPR7FU.js} +1 -1
  95. package/dist/{check-phase-gate-CXR3VM22.js → check-phase-gate-ZVG56NT2.js} +4 -4
  96. package/dist/chunk-27AJKSQY.js +107 -0
  97. package/dist/{chunk-DBIX3X4H.js → chunk-2FOLD76X.js} +2 -2
  98. package/dist/{chunk-3AMQYWGT.js → chunk-3AJW7VQ3.js} +2 -2
  99. package/dist/{chunk-FUND5WJR.js → chunk-3XMOWLK3.js} +2 -2
  100. package/dist/{chunk-OLW7BJ5N.js → chunk-776JFSPK.js} +1 -1
  101. package/dist/{chunk-VKS3F46M.js → chunk-A4ETL34H.js} +7 -2
  102. package/dist/{chunk-JV4Y2U5F.js → chunk-BO4AJZRE.js} +1 -1
  103. package/dist/{chunk-WZ7UHPT3.js → chunk-BZZNYHRY.js} +9 -9
  104. package/dist/{chunk-ZN6ROTYP.js → chunk-C7RPQWBG.js} +1 -1
  105. package/dist/{chunk-RAVD7QLY.js → chunk-CJYNZMOP.js} +8 -8
  106. package/dist/{chunk-PNNFCVW4.js → chunk-EGRQHLDM.js} +5 -5
  107. package/dist/{chunk-2BPPS6YQ.js → chunk-EHTUWULH.js} +458 -363
  108. package/dist/{chunk-N6B6RKQQ.js → chunk-EICASBYP.js} +1 -1
  109. package/dist/{chunk-K56DTX7G.js → chunk-F3Y64VNF.js} +6 -6
  110. package/dist/{chunk-ORNEK65Y.js → chunk-FUS4OOGC.js} +1 -1
  111. package/dist/{chunk-2FPUPRCY.js → chunk-GAIOIINV.js} +594 -127
  112. package/dist/{chunk-YC4EYIER.js → chunk-IBTHD2UA.js} +132 -77
  113. package/dist/{chunk-RC5ZY3EV.js → chunk-IOW3MW2K.js} +2 -2
  114. package/dist/{chunk-B66LRB5M.js → chunk-L3Y7L4EG.js} +1 -1
  115. package/dist/{chunk-BK4DJIIY.js → chunk-MGPVA2EM.js} +27 -4
  116. package/dist/{chunk-NY7DTZ6K.js → chunk-Q5DKIL46.js} +3 -3
  117. package/dist/{chunk-TY2ESLVL.js → chunk-SDDQPMZK.js} +1 -1
  118. package/dist/{chunk-7GY6WNEI.js → chunk-SDPHFDQS.js} +1 -1
  119. package/dist/{chunk-56A6OXVA.js → chunk-T7UZOJF4.js} +9 -9
  120. package/dist/{chunk-AMRC4FU2.js → chunk-VCC47EXU.js} +109 -57
  121. package/dist/{chunk-Q3ZLVMQM.js → chunk-XKU37HGH.js} +10 -1
  122. package/dist/{chunk-TSVYBDDE.js → chunk-YZH4I4JO.js} +1 -1
  123. package/dist/{ci-workflow-EW37KVPS.js → ci-workflow-JFOL4YWW.js} +3 -3
  124. package/dist/{dist-NCNAXUFD.js → dist-BZS2XRLG.js} +5 -1
  125. package/dist/{dist-CJDGASPP.js → dist-CPKL5Y2R.js} +2 -2
  126. package/dist/{docs-4XI2FQW2.js → docs-FUTRJQHA.js} +4 -4
  127. package/dist/{engine-4L4CDTHU.js → engine-FB3HCNVT.js} +3 -3
  128. package/dist/{entropy-PBYSIQYS.js → entropy-FIEE4YDA.js} +3 -3
  129. package/dist/{feedback-OTIFW5MK.js → feedback-7EC4T6XG.js} +1 -1
  130. package/dist/{generate-agent-definitions-CZGUXIIN.js → generate-agent-definitions-FOSFADNR.js} +4 -4
  131. package/dist/{graph-loader-RDXSEBD7.js → graph-loader-QEI7SYOQ.js} +1 -1
  132. package/dist/hooks/adoption-tracker.js +36 -8
  133. package/dist/hooks/sentinel-pre.js +3 -2
  134. package/dist/hooks/telemetry-reporter.js +34 -15
  135. package/dist/index-builder-3AOQ3ZII.js +13 -0
  136. package/dist/index.d.ts +15 -0
  137. package/dist/index.js +29 -28
  138. package/dist/{loader-UZOXCWFC.js → loader-HXUOBTYA.js} +3 -3
  139. package/dist/{mcp-GWVVV6LH.js → mcp-NUG4BMKJ.js} +17 -16
  140. package/dist/{performance-5UQPP3XX.js → performance-TYXBCTR7.js} +4 -4
  141. package/dist/{review-pipeline-65V4EO6O.js → review-pipeline-B4WPU6BQ.js} +3 -3
  142. package/dist/{runtime-PXX7HNB3.js → runtime-HQQNOARD.js} +3 -3
  143. package/dist/{scan-WM7XDUF7.js → scan-M4EGDAQ2.js} +1 -1
  144. package/dist/{security-CAYDRZIZ.js → security-25VFLIAO.js} +1 -1
  145. package/dist/templates/orchestrator/harness.orchestrator.md +18 -8
  146. package/dist/{validate-CWGXR7QM.js → validate-EAVGKZQB.js} +4 -4
  147. package/dist/{validate-cross-check-BKCNLZYG.js → validate-cross-check-SPL3H4O5.js} +3 -3
  148. package/package.json +13 -5
  149. package/dist/hooks/profiles.ts +0 -48
@@ -123,6 +123,10 @@ After review, consider suggesting `.harness/review-learnings.md` creation if you
123
123
 
124
124
  ## Pipeline Phases
125
125
 
126
+ ### Pre-Pipeline: Self-Review Baseline
127
+
128
+ Generate a self-review checklist via `create_self_review` to establish baseline expectations before deeper analysis. This checklist feeds into Phase 4 subagents as an additional input.
129
+
126
130
  ### Phase 1: GATE
127
131
 
128
132
  **Tier:** fast | **Mode:** CI only (`--ci`). Skip when invoked manually.
@@ -154,10 +158,11 @@ Run mechanical checks to establish an exclusion boundary. Issues caught here are
154
158
  **Checks:**
155
159
 
156
160
  1. **Harness validation:** `assess_project({ path, checks: ["validate", "deps", "docs"], mode: "detailed" })` — runs checks in parallel.
157
- 2. **Security scan:** `run_security_scan` on changed files. Record findings with rule ID, file, line.
158
- 3. **Type checking:** Run `tsc --noEmit`. Record errors.
159
- 4. **Linting:** Run linter. Record violations.
160
- 5. **Tests:** Run test suite. Record failures.
161
+ 2. **Diff analysis:** Run `analyze_diff` to get a structured breakdown of changes by file, category, and risk level.
162
+ 3. **Security scan:** `run_security_scan` on changed files. Record findings with rule ID, file, line.
163
+ 4. **Type checking:** Run `tsc --noEmit`. Record errors.
164
+ 5. **Linting:** Run linter. Record violations.
165
+ 6. **Tests:** Run test suite. Record failures.
161
166
 
162
167
  **Output:** Set of mechanical findings (file, line, tool, message) forming the exclusion list for Phase 5.
163
168
 
@@ -197,6 +202,8 @@ Determine change type to shape review focus:
197
202
  | **Security** | Security paths + data flow via `query_graph` | Changed files + files with auth/crypto/SQL/shell patterns |
198
203
  | **Architecture** | Layer boundaries + imports via `query_graph`/`get_impact` | Changed files + `harness check-deps` output |
199
204
 
205
+ Run `compute_blast_radius` on changed files to identify downstream modules that may be affected and should be included in context bundles.
206
+
200
207
  #### 1:1 Context Ratio Rule
201
208
 
202
209
  - **Small diffs (<20 lines):** 3:1 context-to-diff ratio.
@@ -342,7 +349,9 @@ Invokes `harness-security-review` in changed-files mode as the security fan-out
342
349
 
343
350
  2. **Stack-adaptive:** Node.js (prototype pollution, ReDoS, path traversal), React (XSS, dangerouslySetInnerHTML), Go (race conditions, integer overflow, unsafe pointer), Python (pickle, SSTI, command injection)
344
351
 
345
- 3. **CWE/OWASP references:** All findings include `cweId`, `owaspCategory`, `remediation`.
352
+ 3. **Security posture alignment:** Check `get_security_trends` to see if the changes align with or diverge from the project's security posture trajectory.
353
+
354
+ 4. **CWE/OWASP references:** All findings include `cweId`, `owaspCategory`, `remediation`.
346
355
 
347
356
  Confirmed vulnerabilities are always `severity: 'critical'`.
348
357
 
@@ -383,7 +392,8 @@ Reviews architectural violations, dependency direction, and design pattern compl
383
392
 
384
393
  1. **Mechanical exclusion:** Discard AI findings where same file + line range already flagged by Phase 2.
385
394
  2. **Graph reachability (if available):** Verify claimed dependency paths via `query_graph`. Discard findings with invalid reachability claims.
386
- 3. **Import-chain heuristic (fallback):** Follow imports 2 levels deep. If claimed impact unreachable within 2 hops, downgrade to `suggestion`.
395
+ 3. **Stale constraint check:** Run `detect_stale_constraints` to check if architectural constraints are still valid after the reviewed changes. Findings referencing invalidated constraints are downgraded.
396
+ 4. **Import-chain heuristic (fallback):** Follow imports 2 levels deep. If claimed impact unreachable within 2 hops, downgrade to `suggestion`.
387
397
 
388
398
  **Exit:** Validated finding set. Continue to Phase 6.
389
399
 
@@ -595,6 +605,11 @@ compliance|naming|suggestion|Names follow project conventions (check AGENTS.md o
595
605
  ## Harness Integration
596
606
 
597
607
  - **`assess_project`** — Phase 2: run validate/deps/docs in parallel. Failures are Critical and stop pipeline.
608
+ - **`analyze_diff`** — Phase 2: structured breakdown of changes by file, category, and risk level.
609
+ - **`create_self_review`** — Pre-pipeline: generate a self-review checklist as baseline expectations.
610
+ - **`compute_blast_radius`** — Phase 3/5: run on changed files to identify downstream modules that may be affected by the changes.
611
+ - **`detect_stale_constraints`** — Phase 5: check if architectural constraints are still valid after the reviewed changes.
612
+ - **`get_security_trends`** — Phase 4 (Security Agent): check if changes align with or diverge from the project's security posture trajectory.
598
613
  - **`gather_context`** — Phase 3: parallel context assembly. Session parameter scopes to session directory.
599
614
  - **`harness cleanup`** — Optional Phase 2 check for entropy in changed files.
600
615
  - **Graph queries** — Phase 3 (dependency context) and Phase 5 (reachability verification). Graceful fallback.
@@ -34,6 +34,8 @@
34
34
  3. **Compute top 10% threshold.** Sort all files by commit count. The file at the 90th percentile defines the threshold. Files above this threshold are "high churn."
35
35
  4. **Store as HotspotContext** for use in Phase 3 (CLASSIFY).
36
36
 
37
+ Run `detect_stale_constraints` to find architectural constraints referencing removed or restructured code. Run `detect_anomalies` to identify structural irregularities that should be addressed during cleanup.
38
+
37
39
  ### Phase 2: DETECT -- Run Both Concerns in Parallel
38
40
 
39
41
  1. **Dead code detection** (skip if `--architecture-only`):
@@ -110,7 +110,11 @@ git diff HEAD~5
110
110
 
111
111
  What changed recently? Many bugs are caused by the most recent change. Compare the failing state to the last known working state.
112
112
 
113
- #### Step 5: Trace Data Flow Backward
113
+ #### Step 5: Explore Code Structure
114
+
115
+ Use `code_outline` to get a structural overview of suspect modules (functions, classes, exports) without reading full source. Use `code_search` to locate symbol usages, error strings, or patterns across the codebase. Use `code_unfold` to expand a specific symbol to its full implementation with dependency context. These tools let you navigate efficiently without reading entire files.
116
+
117
+ #### Step 6: Trace Data Flow Backward
114
118
 
115
119
  Start at the error location and trace backward:
116
120
 
@@ -149,6 +153,10 @@ Look for:
149
153
  - Documentation or comments that describe expected behavior
150
154
  ```
151
155
 
156
+ #### Step 1b: Run Anomaly Detection
157
+
158
+ Run `detect_anomalies` to identify structural irregularities (orphaned files, missing tests, unusual coupling) that may relate to the bug. Anomalies near the failure site often point to the root cause.
159
+
152
160
  #### Step 2: Read Reference Implementations Completely
153
161
 
154
162
  When you find a working example, read it in its entirety. Do not cherry-pick lines. Understand:
@@ -306,6 +314,10 @@ Update the session status to `resolved`.
306
314
  - **`harness validate`** — Run in Phase 4 VERIFY after applying the fix. Confirms the fix does not break project-wide constraints.
307
315
  - **`harness check-deps`** — Run in Phase 4 VERIFY. Confirms the fix does not introduce dependency violations.
308
316
  - **`harness state learn`** — Run after resolution to capture learnings for future sessions.
317
+ - **`code_outline`** — Use in Phase 1 INVESTIGATE to get a structural overview of suspect modules without reading full source.
318
+ - **`code_search`** — Use in Phase 1 INVESTIGATE to locate symbol usages, error strings, or patterns across the codebase.
319
+ - **`code_unfold`** — Use in Phase 1 INVESTIGATE to expand a specific symbol to its full implementation with dependency context.
320
+ - **`detect_anomalies`** — Run in Phase 2 ANALYZE to identify structural irregularities (orphaned files, missing tests, unusual coupling) near the failure site.
309
321
  - **Debug session files** — Stored in `.harness/debug/active/` (in progress) and `.harness/debug/resolved/` (completed). These persist across context resets.
310
322
 
311
323
  ## Success Criteria
@@ -79,6 +79,8 @@ When no graph is available, use static analysis to approximate structural metric
79
79
 
80
80
  > Fallback completeness: ~60% — cannot compute transitive depth beyond what import parsing reveals; coupling metrics are approximate.
81
81
 
82
+ 6. **Detect structural anomalies**: Run `detect_anomalies` to identify structural irregularities (orphaned modules, unusual coupling patterns) that indicate dependency health issues.
83
+
82
84
  ### Phase 2: SCORE — Calculate Health Score
83
85
 
84
86
  Compute a weighted health score (0-100):
@@ -93,6 +95,8 @@ Compute a weighted health score (0-100):
93
95
 
94
96
  **Grades**: A (90-100), B (75-89), C (60-74), D (40-59), F (<40)
95
97
 
98
+ Check `get_decay_trends` to see how dependency health metrics have changed over time and whether current trends are improving or degrading.
99
+
96
100
  ### Phase 3: RECOMMEND — Generate Recommendations
97
101
 
98
102
  For each problem found, generate a specific, actionable recommendation:
@@ -45,25 +45,29 @@ When no arguments are provided (standalone invocation), discover plan from `docs
45
45
  intent: "Execute plan tasks starting from current position",
46
46
  skill: "harness-execution",
47
47
  session: "<session-slug-if-known>",
48
- include: ["state", "learnings", "handoff", "validation"]
48
+ include: ["state", "learnings", "handoff", "graph", "businessKnowledge", "sessions", "validation"]
49
49
  })
50
50
  ```
51
51
 
52
- If session slug is known, include `session` to scope reads/writes to `.harness/sessions/<slug>/`. If unknown, omit it — falls back to `.harness/`. Returns `state` (current position, null = fresh start), `learnings` (prior insights — do not ignore), `handoff` (context from previous skill), `validation` (project health). Failed constituents return null with errors in `meta.errors`.
52
+ If session slug is known, include `session` to scope reads/writes to `.harness/sessions/<slug>/`. If unknown, omit it — falls back to `.harness/`. Returns `state` (current position, null = fresh start), `learnings` (prior insights — do not ignore), `handoff` (context from previous skill), `graph` (business_fact nodes and module dependencies), `businessKnowledge` (documented domain knowledge from `docs/knowledge/`), `validation` (project health). Use graph and businessKnowledge context to inform implementation decisions — especially when tasks reference domain rules or business logic. Failed constituents return null with errors in `meta.errors`.
53
53
 
54
- 3. **Load session summary for cold start.** If resuming (session slug known):
54
+ 3. **Review prior decisions and questions.** Check `decisions` and `openQuestions` from the planning session (loaded via `sessions` in gather_context). Resolved questions provide context for task execution. Open questions may require escalation before proceeding.
55
+
56
+ 4. **Load session summary for cold start.** If resuming (session slug known):
55
57
  - Call `listActiveSessions()` to read the session index.
56
58
  - Call `loadSessionSummary()` for the target session.
57
59
  - If ambiguous, present the index and ask which session to resume.
58
60
 
59
- 4. **Check for known dead ends.** Review `learnings` tagged `[outcome:failure]`. Warn if any match current plan approaches.
61
+ 5. **Check for known dead ends.** Review `learnings` tagged `[outcome:failure]`. Warn if any match current plan approaches.
60
62
 
61
- 5. **Verify prerequisites** for the current task:
63
+ 6. **Verify prerequisites** for the current task:
62
64
  - Dependency tasks marked complete in state?
63
65
  - Referenced files exist?
64
66
  - Test suite passes? Run `harness validate` for clean baseline.
65
67
 
66
- 6. **If prerequisites fail,** do not proceed. Report what is missing and which task is blocked.
68
+ 6b. **Knowledge health check.** If `docs/knowledge/` exists and the knowledge graph is available, run the knowledge pipeline in detect-only mode for domains touched by the current plan. If contradictions exist (severity: critical), treat as a blocker — knowledge must be reconciled before implementation. If gaps exist, surface as a warning but do not block execution.
69
+
70
+ 7. **If prerequisites fail,** do not proceed. Report what is missing and which task is blocked.
67
71
 
68
72
  ### Graph-Enhanced Context (when available)
69
73
 
@@ -71,6 +75,8 @@ When a knowledge graph exists at `.harness/graph/`:
71
75
 
72
76
  - `query_graph` — check file overlap between tasks for conflict detection
73
77
  - `get_impact` — understand blast radius before executing a task
78
+ - `compute_blast_radius` — before executing tasks that touch shared modules, simulate failure propagation to anticipate side effects
79
+ - `predict_failures` — before risky tasks (large blast radius, many file touches), check which constraints are trending toward violation
74
80
 
75
81
  Fall back to file-based commands if no graph is available.
76
82
 
@@ -102,6 +108,8 @@ For each task, starting from current position:
102
108
  - For `reference` tier skills (type: `knowledge`): load the skill's SKILL.md content as supplementary context. Cap at 3 reference skills per task to manage context budget.
103
109
  - Use the skill content to inform implementation decisions but follow the plan's exact instructions as written. Skill context provides background knowledge, not overriding instructions.
104
110
 
111
+ 1c. **Auto-inject knowledge skills.** If the plan was produced with skill recommendations (`docs/changes/<feature>/SKILLS.md`), run `recommend_skills` for the current task domain. If the response includes `autoInjectKnowledge` entries, load those knowledge skills as supplementary context alongside any explicitly annotated skills. This ensures domain-specific business rules, API patterns, and framework conventions are available during implementation without manual annotation on every task.
112
+
105
113
  2. **Follow instructions exactly.** The plan contains exact file paths, code, and commands. Execute as written.
106
114
 
107
115
  3. **TDD rhythm:**
@@ -238,6 +246,8 @@ All session-scoped files use `{sessionDir}/` when session is known, otherwise `.
238
246
 
239
247
  **Graph Refresh:** If `.harness/graph/` exists, run `harness scan [path]` after code changes. Skipping causes stale graph query results.
240
248
 
249
+ 1b. **Knowledge reconciliation.** After code changes committed and graph refreshed, run the knowledge pipeline in extract-only mode to stage any new business signals discovered in the code (validation rules, API contracts, test descriptions) for future materialization. This keeps the knowledge graph current with what was actually implemented. Skip if no `docs/knowledge/` directory exists.
250
+
241
251
  2. **Append tagged learnings** to `learnings.md`. Tag every entry:
242
252
 
243
253
  ```markdown
@@ -41,6 +41,8 @@ enable full analysis)" and use fallback strategies for all subsequent steps.
41
41
 
42
42
  ### Phase 2: ANALYZE — Query Graph for Impact
43
43
 
44
+ Run `compute_blast_radius` on target files to simulate failure propagation and identify all downstream modules affected. Run `predict_failures` to forecast which architectural constraints are most at risk from the proposed changes.
45
+
44
46
  For each changed file:
45
47
 
46
48
  1. **Direct dependents**: Use `get_impact` MCP tool to find all files that import or call the changed file.