@harness-engineering/cli 2.7.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. package/dist/agents/personas/adversarial-reviewer.yaml +43 -0
  2. package/dist/agents/personas/frontend-races-reviewer.yaml +54 -0
  3. package/dist/agents/personas/typescript-strict-reviewer.yaml +53 -0
  4. package/dist/agents/skills/CHANGELOG.md +12 -0
  5. package/dist/agents/skills/claude-code/align-design-system/SKILL.md +18 -0
  6. package/dist/agents/skills/claude-code/align-design-system/skill.yaml +3 -0
  7. package/dist/agents/skills/claude-code/harness-audit-harness-strength/SKILL.md +188 -0
  8. package/dist/agents/skills/claude-code/harness-audit-harness-strength/skill.yaml +54 -0
  9. package/dist/agents/skills/claude-code/harness-autopilot/SKILL.md +2 -0
  10. package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +58 -12
  11. package/dist/agents/skills/claude-code/harness-code-review/SKILL.md +107 -22
  12. package/dist/agents/skills/claude-code/harness-code-review/references/confidence-rubric.md +45 -0
  13. package/dist/agents/skills/claude-code/harness-code-review/references/risk-keywords.md +40 -0
  14. package/dist/agents/skills/claude-code/harness-code-review/skill.yaml +3 -0
  15. package/dist/agents/skills/claude-code/harness-compound/SKILL.md +7 -4
  16. package/dist/agents/skills/claude-code/harness-execution/SKILL.md +1 -1
  17. package/dist/agents/skills/claude-code/harness-git-workflow/SKILL.md +2 -0
  18. package/dist/agents/skills/claude-code/harness-ideate/SKILL.md +279 -0
  19. package/dist/agents/skills/claude-code/harness-ideate/references/scoring.md +88 -0
  20. package/dist/agents/skills/claude-code/harness-ideate/skill.yaml +66 -0
  21. package/dist/agents/skills/claude-code/harness-knowledge-pipeline/SKILL.md +2 -0
  22. package/dist/agents/skills/claude-code/harness-planning/SKILL.md +14 -4
  23. package/dist/agents/skills/claude-code/harness-pulse/SKILL.md +12 -16
  24. package/dist/agents/skills/claude-code/harness-roadmap/SKILL.md +62 -4
  25. package/dist/agents/skills/claude-code/harness-roadmap-pilot/SKILL.md +36 -6
  26. package/dist/agents/skills/claude-code/harness-strategy/SKILL.md +152 -0
  27. package/dist/agents/skills/claude-code/harness-strategy/references/interview.md +122 -0
  28. package/dist/agents/skills/claude-code/harness-strategy/skill.yaml +54 -0
  29. package/dist/agents/skills/claude-code/harness-test-advisor/SKILL.md +80 -2
  30. package/dist/agents/skills/claude-code/harness-test-advisor/skill.yaml +4 -1
  31. package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +86 -18
  32. package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +1 -0
  33. package/dist/agents/skills/claude-code/outcome-eval/SKILL.md +97 -0
  34. package/dist/agents/skills/claude-code/outcome-eval/skill.yaml +51 -0
  35. package/dist/agents/skills/codex/align-design-system/SKILL.md +18 -0
  36. package/dist/agents/skills/codex/align-design-system/skill.yaml +3 -0
  37. package/dist/agents/skills/codex/harness-audit-harness-strength/SKILL.md +188 -0
  38. package/dist/agents/skills/codex/harness-audit-harness-strength/skill.yaml +54 -0
  39. package/dist/agents/skills/codex/harness-autopilot/SKILL.md +2 -0
  40. package/dist/agents/skills/codex/harness-brainstorming/SKILL.md +58 -12
  41. package/dist/agents/skills/codex/harness-code-review/SKILL.md +107 -22
  42. package/dist/agents/skills/codex/harness-code-review/references/confidence-rubric.md +45 -0
  43. package/dist/agents/skills/codex/harness-code-review/references/risk-keywords.md +40 -0
  44. package/dist/agents/skills/codex/harness-code-review/skill.yaml +3 -0
  45. package/dist/agents/skills/codex/harness-compound/SKILL.md +7 -4
  46. package/dist/agents/skills/codex/harness-execution/SKILL.md +1 -1
  47. package/dist/agents/skills/codex/harness-git-workflow/SKILL.md +2 -0
  48. package/dist/agents/skills/codex/harness-ideate/SKILL.md +279 -0
  49. package/dist/agents/skills/codex/harness-ideate/references/scoring.md +88 -0
  50. package/dist/agents/skills/codex/harness-ideate/skill.yaml +66 -0
  51. package/dist/agents/skills/codex/harness-knowledge-pipeline/SKILL.md +2 -0
  52. package/dist/agents/skills/codex/harness-planning/SKILL.md +14 -4
  53. package/dist/agents/skills/codex/harness-pulse/SKILL.md +12 -16
  54. package/dist/agents/skills/codex/harness-roadmap/SKILL.md +62 -4
  55. package/dist/agents/skills/codex/harness-roadmap-pilot/SKILL.md +36 -6
  56. package/dist/agents/skills/codex/harness-strategy/SKILL.md +152 -0
  57. package/dist/agents/skills/codex/harness-strategy/references/interview.md +122 -0
  58. package/dist/agents/skills/codex/harness-strategy/skill.yaml +54 -0
  59. package/dist/agents/skills/codex/harness-test-advisor/SKILL.md +80 -2
  60. package/dist/agents/skills/codex/harness-test-advisor/skill.yaml +4 -1
  61. package/dist/agents/skills/codex/initialize-harness-project/SKILL.md +86 -18
  62. package/dist/agents/skills/codex/initialize-harness-project/skill.yaml +1 -0
  63. package/dist/agents/skills/codex/outcome-eval/SKILL.md +97 -0
  64. package/dist/agents/skills/codex/outcome-eval/skill.yaml +51 -0
  65. package/dist/agents/skills/cursor/align-design-system/SKILL.md +18 -0
  66. package/dist/agents/skills/cursor/align-design-system/skill.yaml +3 -0
  67. package/dist/agents/skills/cursor/harness-audit-harness-strength/SKILL.md +188 -0
  68. package/dist/agents/skills/cursor/harness-audit-harness-strength/skill.yaml +54 -0
  69. package/dist/agents/skills/cursor/harness-autopilot/SKILL.md +2 -0
  70. package/dist/agents/skills/cursor/harness-brainstorming/SKILL.md +58 -12
  71. package/dist/agents/skills/cursor/harness-code-review/SKILL.md +107 -22
  72. package/dist/agents/skills/cursor/harness-code-review/references/confidence-rubric.md +45 -0
  73. package/dist/agents/skills/cursor/harness-code-review/references/risk-keywords.md +40 -0
  74. package/dist/agents/skills/cursor/harness-code-review/skill.yaml +3 -0
  75. package/dist/agents/skills/cursor/harness-compound/SKILL.md +7 -4
  76. package/dist/agents/skills/cursor/harness-execution/SKILL.md +1 -1
  77. package/dist/agents/skills/cursor/harness-git-workflow/SKILL.md +2 -0
  78. package/dist/agents/skills/cursor/harness-ideate/SKILL.md +279 -0
  79. package/dist/agents/skills/cursor/harness-ideate/references/scoring.md +88 -0
  80. package/dist/agents/skills/cursor/harness-ideate/skill.yaml +66 -0
  81. package/dist/agents/skills/cursor/harness-knowledge-pipeline/SKILL.md +2 -0
  82. package/dist/agents/skills/cursor/harness-planning/SKILL.md +14 -4
  83. package/dist/agents/skills/cursor/harness-pulse/SKILL.md +12 -16
  84. package/dist/agents/skills/cursor/harness-roadmap/SKILL.md +62 -4
  85. package/dist/agents/skills/cursor/harness-roadmap-pilot/SKILL.md +36 -6
  86. package/dist/agents/skills/cursor/harness-strategy/SKILL.md +152 -0
  87. package/dist/agents/skills/cursor/harness-strategy/references/interview.md +122 -0
  88. package/dist/agents/skills/cursor/harness-strategy/skill.yaml +54 -0
  89. package/dist/agents/skills/cursor/harness-test-advisor/SKILL.md +80 -2
  90. package/dist/agents/skills/cursor/harness-test-advisor/skill.yaml +4 -1
  91. package/dist/agents/skills/cursor/initialize-harness-project/SKILL.md +86 -18
  92. package/dist/agents/skills/cursor/initialize-harness-project/skill.yaml +1 -0
  93. package/dist/agents/skills/cursor/outcome-eval/SKILL.md +97 -0
  94. package/dist/agents/skills/cursor/outcome-eval/skill.yaml +51 -0
  95. package/dist/agents/skills/gemini-cli/align-design-system/SKILL.md +18 -0
  96. package/dist/agents/skills/gemini-cli/align-design-system/skill.yaml +3 -0
  97. package/dist/agents/skills/gemini-cli/harness-audit-harness-strength/SKILL.md +188 -0
  98. package/dist/agents/skills/gemini-cli/harness-audit-harness-strength/skill.yaml +54 -0
  99. package/dist/agents/skills/gemini-cli/harness-autopilot/SKILL.md +2 -0
  100. package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +58 -12
  101. package/dist/agents/skills/gemini-cli/harness-code-review/SKILL.md +107 -22
  102. package/dist/agents/skills/gemini-cli/harness-code-review/references/confidence-rubric.md +45 -0
  103. package/dist/agents/skills/gemini-cli/harness-code-review/references/risk-keywords.md +40 -0
  104. package/dist/agents/skills/gemini-cli/harness-code-review/skill.yaml +3 -0
  105. package/dist/agents/skills/gemini-cli/harness-compound/SKILL.md +7 -4
  106. package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +1 -1
  107. package/dist/agents/skills/gemini-cli/harness-git-workflow/SKILL.md +2 -0
  108. package/dist/agents/skills/gemini-cli/harness-ideate/SKILL.md +279 -0
  109. package/dist/agents/skills/gemini-cli/harness-ideate/references/scoring.md +88 -0
  110. package/dist/agents/skills/gemini-cli/harness-ideate/skill.yaml +66 -0
  111. package/dist/agents/skills/gemini-cli/harness-knowledge-pipeline/SKILL.md +2 -0
  112. package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +14 -4
  113. package/dist/agents/skills/gemini-cli/harness-pulse/SKILL.md +12 -16
  114. package/dist/agents/skills/gemini-cli/harness-roadmap/SKILL.md +62 -4
  115. package/dist/agents/skills/gemini-cli/harness-roadmap-pilot/SKILL.md +36 -6
  116. package/dist/agents/skills/gemini-cli/harness-strategy/SKILL.md +152 -0
  117. package/dist/agents/skills/gemini-cli/harness-strategy/references/interview.md +122 -0
  118. package/dist/agents/skills/gemini-cli/harness-strategy/skill.yaml +54 -0
  119. package/dist/agents/skills/gemini-cli/harness-test-advisor/SKILL.md +80 -2
  120. package/dist/agents/skills/gemini-cli/harness-test-advisor/skill.yaml +4 -1
  121. package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +86 -18
  122. package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +1 -0
  123. package/dist/agents/skills/gemini-cli/outcome-eval/SKILL.md +97 -0
  124. package/dist/agents/skills/gemini-cli/outcome-eval/skill.yaml +51 -0
  125. package/dist/agents/skills/package.json +1 -1
  126. package/dist/agents/skills/tests/harness-strategy.test.ts +145 -0
  127. package/dist/agents/skills/tests/harness-test-advisor.test.ts +94 -0
  128. package/dist/agents-md-XOJE5ETA.js +13 -0
  129. package/dist/analyzer-V633GUHY-MBCQWKDU.js +26 -0
  130. package/dist/{architecture-LUR2I67H.js → architecture-JEZPJ725.js} +6 -6
  131. package/dist/{assess-project-OJWECOP2.js → assess-project-RHXOQNMM.js} +1 -1
  132. package/dist/bin/harness-mcp.js +17 -17
  133. package/dist/bin/harness.js +27 -27
  134. package/dist/{check-phase-gate-HS5KYLRO.js → check-phase-gate-GNDOMS35.js} +6 -6
  135. package/dist/{chunk-6UHDQP2N.js → chunk-2N4OENGE.js} +1 -1
  136. package/dist/{chunk-O2ASYKA6.js → chunk-3ISHDWO7.js} +2 -2
  137. package/dist/{chunk-GGSNWH7P.js → chunk-527G27VI.js} +5 -5
  138. package/dist/{chunk-N5NSSLMU.js → chunk-6WQCLCBO.js} +2 -2
  139. package/dist/{chunk-OH3NXXUY.js → chunk-BDGTZRZ6.js} +11 -1
  140. package/dist/{chunk-Z3TMCCZB.js → chunk-BYVT5LVO.js} +9 -9
  141. package/dist/{chunk-TIH53QXY.js → chunk-CLI4K2CH.js} +1 -1
  142. package/dist/{chunk-VSIRUZQP.js → chunk-DE5U6KOL.js} +2 -2
  143. package/dist/{chunk-FXZI6NJ2.js → chunk-GGKRA7A7.js} +51 -4
  144. package/dist/{chunk-RJ2WEES5.js → chunk-GSP2XIVS.js} +2 -2
  145. package/dist/{chunk-CZPOPMMI.js → chunk-HEIMJJI4.js} +3 -3
  146. package/dist/{chunk-7AF6C5GE.js → chunk-HWTUUQOW.js} +3 -3
  147. package/dist/{chunk-FC4JPM6W.js → chunk-KAJOS3BA.js} +3 -3
  148. package/dist/{chunk-NIVWM7OW.js → chunk-MGUPSE6D.js} +10 -10
  149. package/dist/{chunk-WZY5U6NS.js → chunk-N24HCQA4.js} +3351 -887
  150. package/dist/{chunk-Y4T6ENKQ.js → chunk-N55WOGN3.js} +86 -17
  151. package/dist/{chunk-INBTDBV2.js → chunk-NWLGL3IR.js} +1 -1
  152. package/dist/{chunk-FEKBXX2J.js → chunk-ONCPJGHY.js} +9 -9
  153. package/dist/{chunk-PTHX545Q.js → chunk-PC2R5RUJ.js} +2 -2
  154. package/dist/{chunk-H2ZJOJ7A.js → chunk-PP6ZRL5T.js} +316 -42
  155. package/dist/{chunk-LECXPXS3.js → chunk-QBC7DI4Q.js} +2 -2
  156. package/dist/{chunk-B2VAYLYI.js → chunk-UX3PQKVZ.js} +8 -3
  157. package/dist/{chunk-7PLIWP7U.js → chunk-WWEVS7RO.js} +4409 -743
  158. package/dist/{chunk-LGYXR2KZ.js → chunk-XFU6SB2Q.js} +1122 -689
  159. package/dist/{chunk-KN3EMDZ5.js → chunk-XX4OLNWQ.js} +23 -3
  160. package/dist/{chunk-VI4IS55S.js → chunk-YQSYCBAH.js} +6 -6
  161. package/dist/{chunk-LYIPI2SJ.js → chunk-Z4AWEIBY.js} +6 -6
  162. package/dist/{ci-workflow-MDSTHJOY.js → ci-workflow-ORZ4F45F.js} +5 -5
  163. package/dist/{dist-E3SAAHCM.js → dist-ICW4QUEW.js} +5 -1
  164. package/dist/{dist-72ID44UE.js → dist-LHINSVK4.js} +136 -4
  165. package/dist/{dist-R3TOOPJ7.js → dist-OWHMNL4W.js} +1 -1
  166. package/dist/{docs-2RFOJ6XY.js → docs-AU3DXFFO.js} +6 -6
  167. package/dist/engine-6GPWOYQH.js +13 -0
  168. package/dist/{entropy-3UX6644G.js → entropy-VLKDRMRT.js} +5 -5
  169. package/dist/{feedback-CVCFYND4.js → feedback-YXYY44ZC.js} +1 -1
  170. package/dist/{generate-agent-definitions-HZ3XENWO.js → generate-agent-definitions-XIHQPKG3.js} +6 -6
  171. package/dist/{glob-helper-EX4YZKZO.js → glob-helper-GLZAURJC.js} +1 -1
  172. package/dist/{graph-loader-EIFEOUVI.js → graph-loader-HHXN5FLP.js} +1 -1
  173. package/dist/hooks/cost-tracker.js +29 -6
  174. package/dist/index.d.ts +202 -0
  175. package/dist/index.js +27 -27
  176. package/dist/{loader-6RHWU5FH.js → loader-YAN56MT3.js} +5 -5
  177. package/dist/{mcp-OYR26JDI.js → mcp-RK3SFVYB.js} +17 -17
  178. package/dist/{performance-JJMIRXCH.js → performance-64DPTLLQ.js} +6 -6
  179. package/dist/{review-pipeline-BHQZIXWZ.js → review-pipeline-NENG6LW7.js} +5 -5
  180. package/dist/{runtime-DALTAVTN.js → runtime-FFIIRT2T.js} +5 -5
  181. package/dist/{scan-LYKLM4EQ.js → scan-P7YFKB77.js} +1 -1
  182. package/dist/{security-RMLMYFPB.js → security-3PIBN35B.js} +1 -1
  183. package/dist/templates/basic/harness.config.json.hbs +34 -0
  184. package/dist/templates/ci/README.md +86 -0
  185. package/dist/templates/ci/required-review.ruleset.json +20 -0
  186. package/dist/templates/ci/required-review.yml.hbs +57 -0
  187. package/dist/templates/ci/template.json +5 -0
  188. package/dist/templates/intermediate/harness.config.json.hbs +36 -0
  189. package/dist/templates/orchestrator/harness.orchestrator.md +9 -0
  190. package/dist/{tool-tiers-B7JC2XC3.js → tool-tiers-OKK5FE57.js} +2 -0
  191. package/dist/{validate-R7DZRDFK.js → validate-7IAF2ES3.js} +6 -6
  192. package/dist/validate-cross-check-QPSAOZKD.js +13 -0
  193. package/package.json +8 -8
  194. package/dist/agents-md-FKMKH6ZF.js +0 -13
  195. package/dist/analyzer-H3AHBFSL-KPOPJYRB.js +0 -26
  196. package/dist/engine-BSFKOGPN.js +0 -13
  197. package/dist/validate-cross-check-AUUZFNVL.js +0 -13
@@ -0,0 +1,43 @@
1
+ version: 2
2
+ name: Adversarial Reviewer
3
+ description: Constructs failure scenarios between the existing 4 review agents — assumption violations, composition failures, abuse cases, and cascade chains
4
+ role: >
5
+ Sit between bug, security, and architecture. Hunt for failure modes that
6
+ single-pattern agents miss — assumptions the diff relies on but does not
7
+ enforce, two correct pieces that misbehave together, adversarial inputs the
8
+ diff does not anticipate, and (at Deep depth) single failures that cascade
9
+ through downstream callers.
10
+
11
+ Never re-flag findings owned by the existing 4 agents. Emit `ReviewFinding[]`
12
+ with `domain: 'bug'`, `subagent: 'adversarial'`, and numeric `confidence`
13
+ per the shared confidence rubric.
14
+ skills:
15
+ - harness-code-review
16
+ steps:
17
+ - skill: harness-code-review
18
+ when: manual
19
+ output: auto
20
+ - skill: harness-code-review
21
+ when: on_pr
22
+ output: auto
23
+ triggers:
24
+ - event: on_pr
25
+ conditions:
26
+ paths:
27
+ - "src/**"
28
+ - "packages/**"
29
+ config:
30
+ severity: warning
31
+ autoFix: false
32
+ timeout: 600000
33
+ # Activation predicate (read by Phase 3.5 of harness-code-review):
34
+ # - Active at Standard or Deep depth
35
+ # - Cascade-construction hunt category gated to Deep depth
36
+ activation:
37
+ depth: ["standard", "deep"]
38
+ references:
39
+ rubric: agents/skills/claude-code/harness-code-review/references/confidence-rubric.md
40
+ outputs:
41
+ agents-md: false
42
+ ci-workflow: false
43
+ runtime-config: true
@@ -0,0 +1,54 @@
1
+ version: 2
2
+ name: Frontend-races Reviewer
3
+ description: Framework-aware reviewer for async-UI diffs — flags lifecycle gaps, hook-timing mistakes, concurrent interactions, and stale-work races
4
+ role: >
5
+ Activate when the TypeScript-strict reviewer is active AND the diff contains
6
+ an async-UI signal (`.tsx`, `useEffect`, `useState`, `setTimeout`,
7
+ `setInterval`, `addEventListener`, `data-controller=` for Stimulus).
8
+ Hunt for lifecycle cleanup gaps (listeners and timers outliving the owner),
9
+ hook-timing mistakes (state in the wrong hook, async after unmount),
10
+ concurrent-interaction bugs (overlapping clicks/requests, impossible-state
11
+ booleans), and promise/timer flows that leave stale work behind.
12
+
13
+ Emit `ReviewFinding[]` with `domain: 'bug'`, `subagent: 'frontend-races'`,
14
+ and numeric `confidence` per the shared confidence rubric.
15
+ skills:
16
+ - harness-code-review
17
+ steps:
18
+ - skill: harness-code-review
19
+ when: manual
20
+ output: auto
21
+ - skill: harness-code-review
22
+ when: on_pr
23
+ output: auto
24
+ triggers:
25
+ - event: on_pr
26
+ conditions:
27
+ paths:
28
+ - "**/*.tsx"
29
+ - "**/*.ts"
30
+ config:
31
+ severity: warning
32
+ autoFix: false
33
+ timeout: 600000
34
+ # Activation predicate (read by Phase 3.5 of harness-code-review):
35
+ # - TypeScript-strict must be active
36
+ # - AND diff contains at least one of:
37
+ # `.tsx`, `useEffect`, `useState`, `setTimeout`, `setInterval`,
38
+ # `addEventListener`, `data-controller=`
39
+ activation:
40
+ depends_on: typescript-strict
41
+ diff_signals:
42
+ - ".tsx"
43
+ - "useEffect"
44
+ - "useState"
45
+ - "setTimeout"
46
+ - "setInterval"
47
+ - "addEventListener"
48
+ - "data-controller="
49
+ references:
50
+ rubric: agents/skills/claude-code/harness-code-review/references/confidence-rubric.md
51
+ outputs:
52
+ agents-md: false
53
+ ci-workflow: false
54
+ runtime-config: true
@@ -0,0 +1,53 @@
1
+ version: 2
2
+ name: TypeScript-strict Reviewer
3
+ description: Framework-aware reviewer for TypeScript diffs — flags type holes, refactor regressions, complexity growth, and five-second-rule names
4
+ role: >
5
+ Activate when the diff includes a non-test `.ts` or `.tsx` file. Hunt for
6
+ type-system holes that disable the checker (explicit `any`, `// @ts-ignore`,
7
+ `as unknown as T`, non-null assertions), refactor regressions where call
8
+ sites lose coverage, existing-file complexity that would be safer as a new
9
+ module, and names that fail the five-second rule at the call site.
10
+
11
+ Emit `ReviewFinding[]` with `domain: 'bug'` (or `'architecture'` for
12
+ complexity findings), `subagent: 'typescript-strict'`, and numeric
13
+ `confidence` per the shared confidence rubric.
14
+ skills:
15
+ - harness-code-review
16
+ steps:
17
+ - skill: harness-code-review
18
+ when: manual
19
+ output: auto
20
+ - skill: harness-code-review
21
+ when: on_pr
22
+ output: auto
23
+ triggers:
24
+ - event: on_pr
25
+ conditions:
26
+ paths:
27
+ - "**/*.ts"
28
+ - "**/*.tsx"
29
+ config:
30
+ severity: warning
31
+ autoFix: false
32
+ timeout: 600000
33
+ # Activation predicate (read by Phase 3.5 of harness-code-review):
34
+ # - Active when the diff contains at least one non-test `.ts` or `.tsx`
35
+ # - Excludes `*.d.ts`, `*.test.ts(x)`, `*.spec.ts(x)`, `__tests__/**`
36
+ activation:
37
+ file_patterns:
38
+ include:
39
+ - "**/*.ts"
40
+ - "**/*.tsx"
41
+ exclude:
42
+ - "**/*.d.ts"
43
+ - "**/*.test.ts"
44
+ - "**/*.test.tsx"
45
+ - "**/*.spec.ts"
46
+ - "**/*.spec.tsx"
47
+ - "**/__tests__/**"
48
+ references:
49
+ rubric: agents/skills/claude-code/harness-code-review/references/confidence-rubric.md
50
+ outputs:
51
+ agents-md: false
52
+ ci-workflow: false
53
+ runtime-config: true
@@ -0,0 +1,12 @@
1
+ # @harness-engineering/skills
2
+
3
+ ## 1.1.0
4
+
5
+ ### Minor Changes
6
+
7
+ - af56053: Ship the `harness-strategy` skill and the `writeStrategyDoc` writer (strategic-anchor phase 2 of 8 in the compound-engineering-adoption initiative).
8
+ - `packages/core/strategy` exports `writeStrategyDoc(doc, { cwd, skipBackup? })` — atomic disk write of `STRATEGY.md` with schema-validation-rejects-disk-write, an idempotent `.bak` on first overwrite, H1 preservation across re-writes, and `tmp-<pid>` + `rename` semantics that mirror `writePulseConfig`. Composes a pure `serializeStrategyDoc(doc, opts?)` (also exported) so the serializer is unit-testable without filesystem fixtures.
9
+ - `agents/skills/{claude-code,gemini-cli,cursor,codex}/harness-strategy/` ships the rigid skill (Phase 0 file-state routing; Phase 1 first-run interview in template order; Phase 2 per-section update flow; Phase 3 downstream handoff). `references/interview.md` documents the three pushback rules (fluff detection, goal-as-strategy, feature-list-as-strategy) with detection signals, repair scripts, anti-pattern fixtures, and the hard 2-round-per-section cap.
10
+ - CLI emits `/harness:strategy` via `generate-slash-commands` (and the per-platform plugin generators); the slash command appears in `.claude-plugin/commands/strategy.md`, `.gemini-extension/commands/strategy.toml`, `.cursor-plugin/commands/strategy.md`, plus the `agents/commands/*` mirrors. Skill listed in the auto-generated skills catalog.
11
+
12
+ Scope: writer + skill prose only. Init wiring, `harness-ideate`, brainstorming/roadmap-pilot grounding, knowledge-graph integration, and ADRs ship in follow-up PRs (one per phase).
@@ -65,6 +65,7 @@ For each finding classified as `suggestion`: emit a human-readable description p
65
65
 
66
66
  - **`harness align-design-system`** — the CLI entry point. `--dry-run` for preview; `--write` is the default. Standard `--json` / `--verbose` / `--quiet` flags.
67
67
  - **`harness align-design-system --mode pipeline`** — orchestrator-driven mode. Reads pre-classified findings from handoff.json; writes outcomes back.
68
+ - **`harness align-design-system --revert`** — inverse-applies the most-recent batch recorded at `.harness/align/last-batch.json`. Skips files edited externally since the apply (content-hash check). Idempotent: a second revert on the same batch is a no-op because the file no longer matches the recorded post-apply text.
68
69
  - **`mcp__harness__align_design_system`** — MCP tool for agent consumption. Same input/output shape as the function call.
69
70
  - **`detect-design-drift`** — soft dependency. Standalone mode invokes detect internally; pipeline mode trusts the orchestrator to have done it.
70
71
  - **`harness check-design`** — composes detect (as 3rd verifier) into a single-pass design check. align is the matching FIX step; together they form the DETECT → FIX cycle that the (future) #5 orchestrator will loop.
@@ -82,6 +83,7 @@ See `docs/changes/design-pipeline/align-design-system/proposal.md` for the full
82
83
  - Pipeline mode writes `pipeline.fixesApplied` back to handoff.json
83
84
  - `--dry-run` produces identical `FixOutcome` shapes but never writes files
84
85
  - Re-running detect after align produces strictly fewer T001/T002/T003 findings
86
+ - `--revert` re-applies the inverse of the most-recent `fixesApplied` batch; no-op when the file has been edited externally since the apply
85
87
 
86
88
  ## Examples
87
89
 
@@ -147,6 +149,21 @@ src/SaveButton.tsx
147
149
 
148
150
  v1 never auto-applies primitive adoption — prop translation across `<button>` ⇄ `<Button>` is the kind of judgment-call that benefits from a human or LLM review.
149
151
 
152
+ ### Example: Revert the last batch
153
+
154
+ After a write run, the applied diffs (plus a SHA-256 of each post-apply file) are persisted to `.harness/align/last-batch.json`. Running `harness align-design-system --revert` reads that batch and inverse-applies each diff:
155
+
156
+ ```
157
+ src/Card.tsx
158
+ ✓ DRIFT-T001:2 — Hex color "#0066cc" should use a token reference instead of a raw literal
159
+ before: const styles = { color: tokens.color.brand.primary };
160
+ after: const styles = { color: "#0066cc" };
161
+
162
+ Summary: 1 reverted, 0 suggestions, 0 skipped, 0 failed (1 files modified, 4ms)
163
+ ```
164
+
165
+ If the file has been edited externally between apply and revert (the SHA-256 doesn't match), every entry for that file is skipped with `skipped-unsafe / reason: file changed externally since apply`. A second revert on the same batch is a no-op for the same reason — the file's post-revert content no longer matches the recorded post-apply text.
166
+
150
167
  ## Gates
151
168
 
152
169
  - **No autofix without classifier approval.** Every codemod application goes through `classifyFinding`. If the classifier returns `suggestion`, NO file write occurs — even for the same finding code in the same file.
@@ -162,6 +179,7 @@ v1 never auto-applies primitive adoption — prop translation across `<button>`
162
179
  - **When the codemod corrupts a file (rare):** every application includes a structured diff. Recover via `git checkout <file>`. If the same input repeatedly corrupts, report the case — pre-flight classifier rules are conservative by design.
163
180
  - **When pipeline-mode run finds no `pipeline.driftFindings` field:** align exits cleanly with empty outcomes. The orchestrator's contract is to write the field BEFORE invoking align.
164
181
  - **When `--dry-run` shows fixes you don't want applied:** scope with `--files <glob>` to apply only specific files, or invoke align in pipeline mode with a curated `pipeline.fixBatch` list.
182
+ - **When you want to undo an apply:** run `harness align-design-system --revert`. It reads `.harness/align/last-batch.json`, content-hash-checks each file, and inverse-applies. Files edited since the apply are skipped (no silent corruption); recover via `git checkout <file>` if the content-hash check blocks revert and the prior commit is still in history.
165
183
  - **When you want primitive-adoption fixes today:** apply the suggestion manually. The v1.x sub-project will add prop-translation tables + import resolution + revert-on-test-fail.
166
184
  - **When align is invoked without detect having run first (standalone mode):** standalone mode runs detect internally — no manual ordering needed. Pipeline mode trusts the orchestrator to populate findings.
167
185
 
@@ -31,6 +31,9 @@ cli:
31
31
  - name: mode
32
32
  description: standalone (default) or pipeline (read findings from handoff.json)
33
33
  required: false
34
+ - name: revert
35
+ description: Inverse-apply the most-recent batch persisted at .harness/align/last-batch.json
36
+ required: false
34
37
  mcp:
35
38
  tool: run_skill
36
39
  input:
@@ -0,0 +1,188 @@
1
+ # Harness Audit: Harness Strength
2
+
3
+ > Mechanically audit whether a project's harness is load-bearing. Orchestrates the deterministic check-harness-strength engine; interprets results. Not a deep/AI review.
4
+
5
+ ## When to Use
6
+
7
+ - On a milestone gate, to confirm the harness still constrains rather than merely decorates the project
8
+ - When adding the strength audit as a required CI check, so the seven STRENGTH patterns block the merge instead of being prose advice
9
+ - When validating a harness-distribution (toolkit) repo before shipping templates downstream — to catch a default that would weaken every adopter
10
+ - When a reviewer suspects a gate "passes" without doing anything (a snapshot that asserts `passed: true` for a check it never ran)
11
+ - NOT for deep security review — use `harness-security-review` (semantic, AI-assisted)
12
+ - NOT for design-system drift — use `detect-design-drift`
13
+ - NOT for reimplementing pattern detection by hand — the engine (`HarnessStrengthAuditor`) owns detection. This skill runs it and interprets the output.
14
+
15
+ ## Process
16
+
17
+ This skill ORCHESTRATES `harness check-harness-strength`. It never re-greps configs, never re-parses hooks, and never re-derives findings. The engine reads the project once and returns a structured `AuditResult`; the skill's job is to run it with the right mode/severity and turn the JSON into an actionable report.
18
+
19
+ ### Phase 1: SCAN — Run the engine
20
+
21
+ 1. **Resolve the project root.** Use the provided `path` argument, else the current working directory.
22
+
23
+ 2. **Resolve the mode.**
24
+ - If `--toolkit` or `--adopter` (or `--mode toolkit|adopter`) is supplied, honor it. Explicit mode wins.
25
+ - Otherwise auto-detect: treat the repo as **toolkit** when it is a harness distribution — both `templates/` and `agents/skills/` exist at the root. Otherwise **adopter**.
26
+ - Do not inspect config files to "double-check" the mode. The engine resolves and reports the mode it used.
27
+
28
+ 3. **Invoke the command** via Bash, requesting JSON:
29
+
30
+ ```bash
31
+ harness check-harness-strength [--mode <adopter|toolkit>] [--severity <error|warning|info>] [--report-only] --json
32
+ ```
33
+
34
+ The `--json` payload is the raw structured `AuditResult` (score, tier, mode, findings with `id`, `gearPiece`, `severity`, `message`, `remediation`, and file:line evidence). Parse this — do not re-derive it.
35
+
36
+ 4. **Do NOT inspect config files by hand.** The engine reads `harness.config.json`, hook profiles, baselines, snapshots, and tier defaults exactly once. Hand-grepping `.husky/pre-commit` or `harness.config.json` to "confirm" a finding reimplements detection and violates the core decision behind this skill (ADR 0039 / spec D1).
37
+
38
+ ### Phase 2: DETECT — Interpret findings
39
+
40
+ 1. **Map each finding to its STRENGTH pattern** using the JSON `id` and `gearPiece` fields. Every finding the engine emits corresponds to exactly one of the seven patterns below. Do not invent findings the engine did not emit, and do not silence findings it did.
41
+
42
+ 2. **The seven STRENGTH patterns** (the engine's rule registry — for interpretation only; the engine, not the skill, decides which fire):
43
+
44
+ | ID | Gear piece | Pattern | Default |
45
+ | ------------ | ----------------------- | -------------------------------------------------------------------- | ------- |
46
+ | STRENGTH-001 | blocking-gate | Hook documented "never blocks"/"always exits 0" in an active profile | error |
47
+ | STRENGTH-002 | regression-baseline | Pre-commit auto-updates baselines/thresholds on regression | error |
48
+ | STRENGTH-003 | skip-discipline | `--skip` list > 2 categories without inline justification | warning |
49
+ | STRENGTH-004 | architecture-thresholds | `layers` defined but `architecture.thresholds` empty/absent | error |
50
+ | STRENGTH-005 | tier-default | Init/config defaults to lowest tier (`basic`) | warning |
51
+ | STRENGTH-006 | review-gate | Baseline-update PR auto-approved without independent review | error |
52
+ | STRENGTH-007 | snapshot-honesty | `passed:true` in health snapshot whose `signals[]` names that check | error |
53
+
54
+ 3. **Attach evidence.** Each finding carries a `file:line` (or config-key) reference and a remediation string from the engine. Surface them verbatim — do not paraphrase the remediation.
55
+
56
+ ### Phase 3: SCORE/REPORT
57
+
58
+ 1. **Surface the score and tier.** The engine returns a 0-100 strength score and a tier label:
59
+ - `solid` — score >= 85
60
+ - `at-risk` — score 50-84
61
+ - `theatre` — score < 50
62
+
63
+ 2. **Report format** (mirror of the security-scan report block):
64
+
65
+ ```
66
+ Harness Strength: [PASS/FAIL] — tier: <solid|at-risk|theatre> (score N/100, mode <adopter|toolkit>)
67
+ Findings: <count> (Errors: N | Warnings: N | Info: N)
68
+
69
+ [STRENGTH-00N] <gearPiece> <file:line> (severity)
70
+ <message>
71
+ Remediation: <engine remediation string>
72
+ ```
73
+
74
+ 3. **PASS/FAIL.** FAIL if any error-severity finding survives the severity threshold, unless `--report-only` was passed (then exit softens to PASS but findings are still listed). Otherwise PASS.
75
+
76
+ ## Gates
77
+
78
+ - **Error-severity findings are blocking.** The report is FAIL and the exit is non-zero when any error-severity finding survives filtering — unless `--report-only` was explicitly requested. Do not report PASS over an unsuppressed error finding.
79
+ - **No reimplementation.** The skill must run `harness check-harness-strength` and interpret its JSON. It must never hand-grep hooks, hand-parse `harness.config.json`, or re-derive a score. Reimplementing detection violates ADR 0039.
80
+ - **"Not evaluable" is not a pass.** When an input the engine needs is absent (e.g., no hook profile, no snapshot), the engine reports that state. Surface it as-is. Do not convert "could not evaluate" into "passed."
81
+ - **Mechanical only.** No AI judgment about whether a weakness "really matters." The patterns are deterministic; the engine decides what fires.
82
+
83
+ ## Escalation
84
+
85
+ - **Disputed finding / false positive:** Do not suppress by editing files or skipping the rule in the skill. Adjust severity via config — `audit.harnessStrength.severities` in `harness.config.json` (e.g., downgrade STRENGTH-003 to `info` for a justified wide `--skip`). Document the rationale alongside the override.
86
+ - **Engine misses a known weakness:** This skill cannot add detection. A missing pattern is engine work — file a new `StrengthRule` (`{ id, gearPiece, defaultSeverity, appliesIn(mode), evaluable?(ctx), detect(ctx) }`) in `packages/core/src/harness-strength/`. Out of scope for the skill.
87
+ - **Mode mis-detected:** If auto-detection picks the wrong mode (e.g., a repo with `templates/` that is not a distribution), pass `--mode adopter` (or `--toolkit`) explicitly. Do not work around it by hand-editing detection.
88
+ - **Engine throws or the build is stale:** If `harness check-harness-strength` errors (command not found / not in the built CLI), the dist may be stale. Rebuild the CLI and re-run. Do not substitute a manual config read for the engine.
89
+
90
+ ## Rationalizations to Reject
91
+
92
+ ### Universal
93
+
94
+ These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
95
+
96
+ - **"It's probably fine"** — "Probably" is not evidence. Run the engine and cite the result.
97
+ - **"This is best practice"** — Best practice in what context? Cite the source and confirm it applies to this codebase.
98
+ - **"We can fix it later"** — If it is worth flagging, it is worth documenting now with a concrete follow-up plan.
99
+
100
+ ### Domain-Specific
101
+
102
+ | Rationalization | Reality |
103
+ | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
104
+ | "The config looks fine when I read it" | The engine exists because manual reading misses these patterns — that is the whole point of D1. Reading is not running. Run `harness check-harness-strength`. |
105
+ | "It only warns, not errors, so it's fine" | A gate that warns but does not stop IS STRENGTH-001 — this is the recursion item the audit was built to catch. Do not normalize "warns but doesn't block." |
106
+ | "I'll re-grep the hooks myself to double-check the engine" | Reimplementing detection violates ADR 0039 / spec D1. The engine is the single source of truth — trust and interpret its output, do not shadow it. |
107
+ | "Score is 70, that's a passing grade" | 70 is `at-risk`, not `solid`. Tier labels are thresholds, not letter grades. Below 85 means the harness has load-bearing gaps. |
108
+ | "No error findings, so I can skip reading the warnings" | Warnings (STRENGTH-003, -005) are erosion signals — a `basic` tier default or an unjustified wide `--skip` weakens every future run. Surface them. |
109
+
110
+ ## Success Criteria
111
+
112
+ - The engine (`harness check-harness-strength`) ran and produced a score, tier label, and findings (or a clean result).
113
+ - Every finding is interpreted against the seven-pattern table, with the engine's file:line evidence and remediation surfaced verbatim.
114
+ - The exit code / PASS-FAIL reflects the gate (error-severity findings fail unless `--report-only`).
115
+ - No manual config inspection was substituted for the engine — the report is derived entirely from the command's `--json` output.
116
+ - "Not evaluable" states are surfaced as-is, never converted to passes.
117
+
118
+ ## Evidence Requirements
119
+
120
+ When this skill makes claims about existing code, architecture, or behavior, it MUST cite evidence using one of:
121
+
122
+ 1. **File reference:** `file:line` format (e.g., `.husky/pre-commit:12`) — taken from the engine's finding, not re-derived.
123
+ 2. **Code pattern reference:** `file` with description (e.g., `harness.config.json` — "architecture.layers defined, thresholds absent").
124
+ 3. **Test/command output:** Inline or referenced output from the `harness check-harness-strength --json` run.
125
+ 4. **Session evidence:** Write to the `evidence` session section via `manage_state`.
126
+
127
+ **Uncited claims:** Technical assertions without citations MUST be prefixed with `[UNVERIFIED]`. Example: `[UNVERIFIED] The pre-commit hook auto-updates baselines`.
128
+
129
+ ## Harness Integration
130
+
131
+ - **`harness check-harness-strength`** — The CLI command this skill runs and interprets. Options: `--mode <adopter|toolkit>`, `--toolkit`/`--adopter` shortcuts, `--severity <error|warning|info>` (default `warning`), `--report-only`, `--json`.
132
+ - **`HarnessStrengthAuditor`** — Core class from `@harness-engineering/core` that builds a `ProjectContext` once, runs the applicable `StrengthRule`s, and aggregates the score/tier/findings. The skill never instantiates it directly; it goes through the command.
133
+ - **`harness.config.json` → `audit.harnessStrength.severities`** — Per-pattern severity overrides. The supported escalation path for false positives — never suppress by editing source.
134
+ - **`docs/standard/article-failure-patterns.md`** — Narrative companion documenting the seven patterns (forthcoming — downstream item; may not exist yet).
135
+
136
+ ## Examples
137
+
138
+ ### Example: Clean toolkit-mode run
139
+
140
+ **Input:** A harness-distribution repo (`templates/` and `agents/skills/` present), run at a milestone gate. `harness check-harness-strength --toolkit --json`.
141
+
142
+ **Output:**
143
+
144
+ ```
145
+ Harness Strength: PASS — tier: solid (score 100/100, mode toolkit)
146
+ Findings: 0 (Errors: 0 | Warnings: 0 | Info: 0)
147
+ ```
148
+
149
+ Every gear piece is load-bearing: no "never blocks" hook, baselines are not auto-updated on regression, architecture thresholds are set, the init default is not `basic`, baseline-update PRs require independent review, and no snapshot claims a check passed that it never ran.
150
+
151
+ ### Example: Findings detected (adopter mode)
152
+
153
+ **Input:** An adopter repo, run with default severity. `harness check-harness-strength --json`.
154
+
155
+ **Output:**
156
+
157
+ ```
158
+ Harness Strength: FAIL — tier: at-risk (score 62/100, mode adopter)
159
+ Findings: 2 (Errors: 2 | Warnings: 0 | Info: 0)
160
+
161
+ [STRENGTH-001] blocking-gate .husky/pre-commit:12 (error)
162
+ Active pre-commit profile documents "always exits 0" — the gate reports but never blocks.
163
+ Remediation: Remove the unconditional `exit 0`; let failing checks return a non-zero status.
164
+
165
+ [STRENGTH-004] architecture-thresholds harness.config.json (error)
166
+ architecture.layers is defined but architecture.thresholds is empty — layer rules cannot be enforced.
167
+ Remediation: Set architecture.thresholds (e.g. maxModuleLines, maxDependencyDepth) so the layer
168
+ definitions become enforceable, or remove the unused layers block.
169
+ ```
170
+
171
+ Two error-severity findings → FAIL. STRENGTH-001 is the recursion item: a hook that runs but cannot block. Run with `--report-only` only when you explicitly want to surface findings without failing the build (e.g., a first baseline-capture run) — and never to normalize the weakness.
172
+
173
+ ## Skill Test Scenarios
174
+
175
+ ### Scenario 1: Red Flag — "I'll re-grep the hooks myself to double-check the engine"
176
+
177
+ Input: The agent has the `harness check-harness-strength --json` output in hand but is about to open `.husky/pre-commit` and grep it by hand to "confirm" the STRENGTH-001 finding.
178
+ Expected: Agent stops, cites the no-reimplementation gate (ADR 0039 / spec D1), and interprets the engine's JSON instead of hand-grepping the hook.
179
+
180
+ ### Scenario 2: Rationalization — "it only warns, not errors, so it's fine"
181
+
182
+ Input: The engine reports a documented "never blocks" pre-commit profile, and the agent is tempted to treat it as acceptable because nothing currently fails the build.
183
+ Expected: Agent rejects the rationalization, recognizes that "warns but doesn't stop" IS STRENGTH-001 (the recursion item), and surfaces it as a finding rather than normalizing it.
184
+
185
+ ### Scenario 3: Gate — error-severity STRENGTH-001 finding present without `--report-only`
186
+
187
+ Input: The `--json` output contains an error-severity STRENGTH-001 finding, `--report-only` was not passed, and the agent is about to summarize the run as PASS.
188
+ Expected: Agent halts, reports FAIL with a non-zero exit, lists the finding with its file:line evidence and remediation, and does not proceed past the gate.
@@ -0,0 +1,54 @@
1
+ name: harness-audit-harness-strength
2
+ version: '0.1.0'
3
+ description: Mechanically audit a project's own harness setup against the seven STRENGTH failure patterns; reports per-pattern findings, a 0-100 strength score, and a tier label (solid/at-risk/theatre). Orchestrates harness check-harness-strength; never reimplements detection.
4
+ stability: draft
5
+ cognitive_mode: constructive-architect
6
+ triggers:
7
+ - manual
8
+ - on_milestone
9
+ platforms:
10
+ - claude-code
11
+ - gemini-cli
12
+ - cursor
13
+ - codex
14
+ tools:
15
+ - Bash
16
+ - Read
17
+ - Grep
18
+ - Glob
19
+ cli:
20
+ command: harness skill run harness-audit-harness-strength
21
+ args:
22
+ - name: path
23
+ description: Project root path
24
+ required: false
25
+ - name: mode
26
+ description: 'adopter (default) or toolkit (auto-detected in a harness-distribution repo)'
27
+ required: false
28
+ - name: severity
29
+ description: Minimum severity threshold (error, warning, info)
30
+ required: false
31
+ - name: report-only
32
+ description: Soften exit to 0 even when error-severity findings exist
33
+ required: false
34
+ mcp:
35
+ tool: run_skill
36
+ input:
37
+ skill: harness-audit-harness-strength
38
+ path: string
39
+ type: rigid
40
+ tier: 2
41
+ phases:
42
+ - name: scan
43
+ description: Resolve mode and run harness check-harness-strength against the target repo
44
+ required: true
45
+ - name: detect
46
+ description: Interpret the 7 STRENGTH pattern findings with file-line evidence
47
+ required: true
48
+ - name: score_report
49
+ description: Surface the 0-100 score, tier label, and per-pattern remediation
50
+ required: true
51
+ state:
52
+ persistent: false
53
+ files: []
54
+ depends_on: []
@@ -213,6 +213,8 @@ Persist findings to `{sessionDir}/phase-{N}-review.json`. No blocking → PHASE_
213
213
 
214
214
  ## Process
215
215
 
216
+ **Prompt the human in plain text** — every phase-continue and human-decision interaction in this skill is plain text only. Do not elevate to `AskUserQuestion`: natural headers like "Continue phase" exceed its 12-char cap, rendering the call as ERR.
217
+
216
218
  1. **INIT** — Resolve spec, derive session slug, check for existing state, parse phases.
217
219
  2. **ASSESS** — Route by complexity: low/medium auto-plans, high pauses for interactive planning.
218
220
  3. **PLAN → APPROVE** — Dispatch harness-planner, check approval signals, auto-approve or pause.
@@ -35,7 +35,26 @@ When no arguments are provided (standalone invocation), the skill operates exact
35
35
 
36
36
  ### Phase 1: EXPLORE -- Gather Context
37
37
 
38
- 1. **Load project context.** Call `gather_context({ path: "<project-root>", intent: "<feature description>", skill: "harness-brainstorming", session: "<session-slug-if-known>", include: ["graph", "businessKnowledge", "sessions", "validation"] })`. The `graph` context surfaces `business_fact` nodes relevant to the feature domain. The `businessKnowledge` context loads documented domain knowledge from `docs/knowledge/`. Use both to ground exploration in verified facts rather than assumptions.
38
+ 0a. **Read STRATEGY.md if present at repo root (upstream grounding).** Strategy is the durable product anchor that ranks above feature-level context — read it first so the rest of EXPLORE can cross-reference. Call `read_strategy({ path: "<project-root>" })` on the harness MCP server it returns `{ present, valid, doc?, error? }` and runs validation + parsing inside the server so the project does not need `@harness-engineering/core` installed.
39
+
40
+ Fallback for environments without the MCP server (only works when core is resolvable from the project):
41
+
42
+ ```bash
43
+ node -e "import('@harness-engineering/core').then(async m => {
44
+ const v = await m.validateStrategy(process.cwd());
45
+ if (!v.ok || !v.value.present) { console.log(JSON.stringify({ grounded: false, reason: 'absent' })); return; }
46
+ const raw = require('fs').readFileSync('STRATEGY.md', 'utf-8');
47
+ console.log(JSON.stringify({ grounded: true, doc: m.asStrategyDoc(m.parseStrategyDoc(raw)) }));
48
+ })"
49
+ ```
50
+
51
+ Three cases:
52
+
53
+ - **Absent or invalid:** soft-fail silently. Do not block and do not warn in the spec — the skill works exactly as before when there is no strategic anchor.
54
+ - **Present and valid:** capture the `Target problem`, `Our approach`, `Who it's for`, and `Tracks` section bodies. Treat them as grounding context alongside `gather_context` outputs. The captured strategy is cited as evidence in step 1's `[evidence]` annotations of the spec output.
55
+ - **Contradiction with the user's feature description:** do NOT auto-resolve. Carry the contradiction forward as an open question into Phase 2 EVALUATE — surface it explicitly so the human can decide whether to refine the feature or update strategy via `/harness:strategy`.
56
+
57
+ 1. **Load project context.** Call `gather_context({ path: "<project-root>", intent: "<feature description>", skill: "harness-brainstorming", session: "<session-slug-if-known>", include: ["graph", "businessKnowledge", "sessions", "validation"] })`. The `graph` context surfaces `business_fact` nodes relevant to the feature domain. The `businessKnowledge` context loads documented domain knowledge from `docs/knowledge/`. Use both to ground exploration in verified facts rather than assumptions. When `STRATEGY.md` was loaded in step 0a, treat its sections as a higher-tier grounding source than `businessKnowledge` — strategy reflects an explicit human commitment, knowledge is observation.
39
58
  2. **Read the existing codebase.** Understand architecture, constraints, and conventions. Check AGENTS.md, existing specs in `docs/`, and relevant source files.
40
59
  3. **Identify the problem boundary.** What exactly needs solving? What is out of scope? Write both down. Cross-reference `businessKnowledge` domains — if documented business rules constrain the problem, note them.
41
60
  4. **Check for prior art.** Has this been partially solved elsewhere? Are there patterns to follow or deliberately break?
@@ -66,7 +85,8 @@ When no arguments are provided (standalone invocation), the skill operates exact
66
85
  2. **Prefer multiple choice over open-ended questions.** Give 2-4 concrete options with brief tradeoff notes.
67
86
  3. **Acknowledge answers and build on them.** Do not re-ask clarified points. Track decisions as they accumulate.
68
87
  4. **Apply YAGNI ruthlessly.** For every proposed capability, ask: "Do we need this for the stated goal, or is this speculative?" If speculative, cut it. If the human insists, note it as a future consideration.
69
- 5. **Continue until you have enough clarity** to propose concrete approaches. Typically 3-7 questions suffice. If you need >10, the scope is too large -- decompose.
88
+ 5. **Surface strategy contradictions.** If Phase 1 step 0a captured a contradiction between the feature description and `STRATEGY.md`, ask the human about it explicitly as one of the first few EVALUATE questions. Frame it as a choice — refine the feature to align, or refine strategy via `/harness:strategy` — never auto-resolve. Skip this when STRATEGY.md was absent or no contradiction was detected.
89
+ 6. **Continue until you have enough clarity** to propose concrete approaches. Typically 3-7 questions suffice. If you need >10, the scope is too large -- decompose.
70
90
 
71
91
  ### Context Keywords
72
92
 
@@ -116,7 +136,7 @@ These flow into `handoff.json` `contextKeywords` field. Select keywords that hel
116
136
  - **Entry Points** -- Which system entry points does this feature touch or create? (e.g., new CLI command, new MCP tool, new skill, new API route, new barrel export)
117
137
  - **Registrations Required** -- What registrations are needed for the feature to be discoverable? (e.g., barrel export regeneration, skill tier assignment, route registration)
118
138
  - **Documentation Updates** -- What docs need updating to reflect the new capability? (e.g., AGENTS.md section, API docs, README, guides)
119
- - **Architectural Decisions** -- What decisions warrant ADRs? List the decision and a one-line rationale. Only for medium/large tier changes -- omit for small changes.
139
+ - **Architectural Decisions** -- Which decisions from the **Decisions made** section rise to a standalone ADR? Reference each by name with a one-line note on _why_ it warrants an ADR. Do **not** restate the decisions here -- this subsection points back to the canonical **Decisions made** section; duplicating them creates two sources that drift (spec-craft flags this as SPEC-R004). Only for medium/large tier changes -- "None" for small changes.
120
140
  - **Knowledge Impact** -- What domain concepts, patterns, or relationships should enter the knowledge graph?
121
141
 
122
142
  If the feature is a small change (bug fix, config tweak, < 3 files), the section may contain only Entry Points and Registrations Required with "None" for the others. The section must still be present.
@@ -166,14 +186,37 @@ These flow into `handoff.json` `contextKeywords` field. Select keywords that hel
166
186
 
167
187
  The human must explicitly approve before this skill is complete.
168
188
 
169
- 7. **Add feature to roadmap.** If `docs/roadmap.md` exists:
170
- - Derive feature name from the spec title (the H1 heading).
171
- - Call `manage_roadmap` with action `add`, `status: "planned"`, `milestone: "Current Work"`, and the spec path.
172
- - If the feature already exists, skip silently.
173
- - If `manage_roadmap` is unavailable, fall back to `parseRoadmap`/`serializeRoadmap` from core. Warn: "External sync skipped (MCP unavailable). Run `manage_roadmap sync` when MCP is restored."
174
- - If no roadmap exists, skip silently.
189
+ 7. **Promote the roadmap row.** If `docs/roadmap.md` exists, transition the named row to `planned` and link the spec in a single structured call (steps 7 and 8 are intentionally ordered so the commit captures the roadmap mutation). Skip silently only when no roadmap exists.
190
+ - Derive the lookup key from the slash-command `ARGUMENTS` string (D1). Derive the summary from the spec title (the H1 heading).
191
+ - Call `manage_roadmap` with action `promote`, `feature: "<ARGUMENTS>"`, `spec: "docs/changes/<feature>/proposal.md"`, and `summary: "<H1>"`.
192
+ - Branch on the returned `PromoteResult` envelope:
193
+
194
+ | Envelope | Skill behavior |
195
+ | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
196
+ | `ok: true, transitioned: 'backlog→planned'` | Log "Promoted `<feature>`: backlog → planned". Continue to step 8. |
197
+ | `ok: true, transitioned: 'spec-updated'` | Log "Updated spec link for `<feature>` (status preserved)". Continue to step 8. |
198
+ | `ok: true, transitioned: 'noop'` | Log "No change — `<feature>` already promoted with this spec". Continue to step 8. |
199
+ | `ok: false, reason: 'in-progress'` | **STOP.** Surface: "Refused to promote `<feature>`: an agent is currently dispatched against this row. Stop the agent or use a different feature name." |
200
+ | `ok: false, reason: 'done'` | **STOP.** Surface: "Refused to promote `<feature>`: row is already 'done'. To revise a shipped feature, use a new name." |
201
+ | `ok: false, reason: 'not-found'` | If no row was expected to exist, fall through to a `created` outcome. Otherwise surface `closestMatches` as a typo hint and **STOP**. |
202
+ | `ok: false, reason: 'ambiguous'` | **STOP.** Surface: "Refused to promote `<feature>`: matches multiple rows across milestones. Re-invoke with one of: `<matches>`." Matches are milestone-qualified. |
203
+ | `ok: false, reason: 'write-failed'` | **STOP.** Surface `detail` verbatim. The brainstorm is not considered complete. |
204
+
205
+ - The `not-found` create path: when the row genuinely does not exist yet, call `manage_roadmap` action `add` with `status: "planned"`, `milestone: "Current Work"`, the spec path, and the H1 summary (unchanged from the legacy behavior), then continue to step 8.
206
+ - "STOP" cases skip step 8 (no commit) and step 9 (no handoff/transition). The spec file written in step 3 stays on disk; the user re-runs the skill after resolving the conflict.
207
+ - If `manage_roadmap` is unavailable, fall back to `parseRoadmap`/`promoteFeature`/`serializeRoadmap` from core. Warn: "External sync skipped (MCP unavailable). Run `manage_roadmap sync` when MCP is restored."
208
+ - If no roadmap exists, skip silently (no envelope) and continue to step 8; the commit then contains only the spec files.
209
+
210
+ 8. **Commit spec artifacts and roadmap promotion.** After a successful promote (or a silent skip when no roadmap exists), commit the spec, skill recommendations, and the roadmap mutation together so the promotion ships atomically with the spec:
211
+
212
+ ```bash
213
+ git add docs/changes/<feature>/proposal.md docs/changes/<feature>/SKILLS.md docs/roadmap.md
214
+ git commit -m "docs(<feature>): add spec and promote to planned"
215
+ ```
216
+
217
+ Include `docs/roadmap.md` in `git add` only when it exists; omit it when the project has no roadmap. Do not skip this step — `harness-execution` commits only implementation files, so a spec uncommitted here stays untracked until someone notices. If a pre-commit hook reformats a file, re-add and re-commit.
175
218
 
176
- 8. **Write handoff and suggest transition.** After approval:
219
+ 9. **Write handoff and suggest transition.** After approval:
177
220
 
178
221
  Write handoff to the session-scoped path when a session slug is known, otherwise fall back to the global path:
179
222
  - Session-scoped (preferred): `.harness/sessions/<session-slug>/handoff.json`
@@ -292,7 +335,8 @@ Technical claims about existing code, architecture, or tradeoffs MUST cite evide
292
335
  1. **File reference:** `file:line` (e.g., `src/services/auth.ts:42` -- "existing JWT middleware")
293
336
  2. **Prior art:** `file` with description (e.g., `src/utils/email.ts` -- "reusable for notifications")
294
337
  3. **Docs:** `docs/path` (e.g., `docs/changes/user-auth/proposal.md` -- "established OAuth2 standard")
295
- 4. **Session evidence:** Write via `manage_state` `append_entry` to `evidence` section.
338
+ 4. **Strategy grounding:** `STRATEGY.md` with section reference (e.g., `STRATEGY.md#tracks` -- "advances the 'pulse-reports' track"). Cite when Phase 1 step 0a loaded a valid strategy AND the decision is informed by it. Mandatory when the spec extends, narrows, or contradicts a strategy section.
339
+ 5. **Session evidence:** Write via `manage_state` `append_entry` to `evidence` section.
296
340
 
297
341
  **When to cite:** Phase 1 (existing code/patterns), Phase 3 (tradeoff justifications), Phase 4 (spec referencing existing implementation).
298
342
 
@@ -302,10 +346,12 @@ Technical claims about existing code, architecture, or tradeoffs MUST cite evide
302
346
 
303
347
  - **`harness validate`** -- Run after writing the spec. Verifies project health and spec placement.
304
348
  - **`harness check-docs`** -- Verify spec does not conflict with existing docs.
349
+ - **`STRATEGY.md` grounding (Phase 1 step 0a)** -- When present at repo root and valid, loaded via the `read_strategy` MCP tool (which the harness MCP server backs with `validateStrategy` + `parseStrategyDoc` + `asStrategyDoc` from `@harness-engineering/core` — projects do not need core installed). Soft-fails when absent or invalid; cites strategy sections in the spec's evidence annotations when present. Boundary with `harness-strategy`: brainstorming READS; `harness-strategy` WRITES. Never modify `STRATEGY.md` from this skill.
305
350
  - **Spec location** -- `docs/changes/<feature>/proposal.md`.
306
351
  - **Handoff** -- Once approved, invoke harness-planning to create the implementation plan.
307
352
  - **Session directory** — When session slug is known, handoff goes to `.harness/sessions/<slug>/handoff.json`. The session directory structure is: `handoff.json`, `state.json`, `artifacts.json` (registry of spec/plan paths and file lists). Do not write to `.harness/handoff.json` in session context.
308
- - **Roadmap sync** -- After approval, call `manage_roadmap` action `add` to register as `planned`. Skip silently if no roadmap. Duplicates ignored.
353
+ - **Spec commit** -- After sign-off, the Phase 4 step 8 commit captures `docs/changes/<feature>/proposal.md`, `docs/changes/<feature>/SKILLS.md`, and the promoted `docs/roadmap.md` together so the spec enters git history at approval, not retroactively. `harness-execution` does not backfill these — see issue #487.
354
+ - **Roadmap promotion** -- After approval (Phase 4 step 7), call `manage_roadmap` action `promote` to transition the named row to `planned` and link the spec atomically with the spec commit. Falls back to `add` (create new row) when the row does not exist; refuses on `in-progress`/`done`/`ambiguous`. Skip silently if no roadmap.
309
355
  - **`emit_interaction`** -- End of Phase 4 to suggest transition to harness-planning (confirmed transition).
310
356
 
311
357
  #### Requirement Phrasing