@harness-engineering/cli 2.7.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/personas/adversarial-reviewer.yaml +43 -0
- package/dist/agents/personas/frontend-races-reviewer.yaml +54 -0
- package/dist/agents/personas/typescript-strict-reviewer.yaml +53 -0
- package/dist/agents/skills/CHANGELOG.md +12 -0
- package/dist/agents/skills/claude-code/align-design-system/SKILL.md +18 -0
- package/dist/agents/skills/claude-code/align-design-system/skill.yaml +3 -0
- package/dist/agents/skills/claude-code/harness-audit-harness-strength/SKILL.md +188 -0
- package/dist/agents/skills/claude-code/harness-audit-harness-strength/skill.yaml +54 -0
- package/dist/agents/skills/claude-code/harness-autopilot/SKILL.md +2 -0
- package/dist/agents/skills/claude-code/harness-brainstorming/SKILL.md +58 -12
- package/dist/agents/skills/claude-code/harness-code-review/SKILL.md +107 -22
- package/dist/agents/skills/claude-code/harness-code-review/references/confidence-rubric.md +45 -0
- package/dist/agents/skills/claude-code/harness-code-review/references/risk-keywords.md +40 -0
- package/dist/agents/skills/claude-code/harness-code-review/skill.yaml +3 -0
- package/dist/agents/skills/claude-code/harness-compound/SKILL.md +7 -4
- package/dist/agents/skills/claude-code/harness-execution/SKILL.md +1 -1
- package/dist/agents/skills/claude-code/harness-git-workflow/SKILL.md +2 -0
- package/dist/agents/skills/claude-code/harness-ideate/SKILL.md +279 -0
- package/dist/agents/skills/claude-code/harness-ideate/references/scoring.md +88 -0
- package/dist/agents/skills/claude-code/harness-ideate/skill.yaml +66 -0
- package/dist/agents/skills/claude-code/harness-knowledge-pipeline/SKILL.md +2 -0
- package/dist/agents/skills/claude-code/harness-planning/SKILL.md +14 -4
- package/dist/agents/skills/claude-code/harness-pulse/SKILL.md +12 -16
- package/dist/agents/skills/claude-code/harness-roadmap/SKILL.md +62 -4
- package/dist/agents/skills/claude-code/harness-roadmap-pilot/SKILL.md +36 -6
- package/dist/agents/skills/claude-code/harness-strategy/SKILL.md +152 -0
- package/dist/agents/skills/claude-code/harness-strategy/references/interview.md +122 -0
- package/dist/agents/skills/claude-code/harness-strategy/skill.yaml +54 -0
- package/dist/agents/skills/claude-code/harness-test-advisor/SKILL.md +80 -2
- package/dist/agents/skills/claude-code/harness-test-advisor/skill.yaml +4 -1
- package/dist/agents/skills/claude-code/initialize-harness-project/SKILL.md +86 -18
- package/dist/agents/skills/claude-code/initialize-harness-project/skill.yaml +1 -0
- package/dist/agents/skills/claude-code/outcome-eval/SKILL.md +97 -0
- package/dist/agents/skills/claude-code/outcome-eval/skill.yaml +51 -0
- package/dist/agents/skills/codex/align-design-system/SKILL.md +18 -0
- package/dist/agents/skills/codex/align-design-system/skill.yaml +3 -0
- package/dist/agents/skills/codex/harness-audit-harness-strength/SKILL.md +188 -0
- package/dist/agents/skills/codex/harness-audit-harness-strength/skill.yaml +54 -0
- package/dist/agents/skills/codex/harness-autopilot/SKILL.md +2 -0
- package/dist/agents/skills/codex/harness-brainstorming/SKILL.md +58 -12
- package/dist/agents/skills/codex/harness-code-review/SKILL.md +107 -22
- package/dist/agents/skills/codex/harness-code-review/references/confidence-rubric.md +45 -0
- package/dist/agents/skills/codex/harness-code-review/references/risk-keywords.md +40 -0
- package/dist/agents/skills/codex/harness-code-review/skill.yaml +3 -0
- package/dist/agents/skills/codex/harness-compound/SKILL.md +7 -4
- package/dist/agents/skills/codex/harness-execution/SKILL.md +1 -1
- package/dist/agents/skills/codex/harness-git-workflow/SKILL.md +2 -0
- package/dist/agents/skills/codex/harness-ideate/SKILL.md +279 -0
- package/dist/agents/skills/codex/harness-ideate/references/scoring.md +88 -0
- package/dist/agents/skills/codex/harness-ideate/skill.yaml +66 -0
- package/dist/agents/skills/codex/harness-knowledge-pipeline/SKILL.md +2 -0
- package/dist/agents/skills/codex/harness-planning/SKILL.md +14 -4
- package/dist/agents/skills/codex/harness-pulse/SKILL.md +12 -16
- package/dist/agents/skills/codex/harness-roadmap/SKILL.md +62 -4
- package/dist/agents/skills/codex/harness-roadmap-pilot/SKILL.md +36 -6
- package/dist/agents/skills/codex/harness-strategy/SKILL.md +152 -0
- package/dist/agents/skills/codex/harness-strategy/references/interview.md +122 -0
- package/dist/agents/skills/codex/harness-strategy/skill.yaml +54 -0
- package/dist/agents/skills/codex/harness-test-advisor/SKILL.md +80 -2
- package/dist/agents/skills/codex/harness-test-advisor/skill.yaml +4 -1
- package/dist/agents/skills/codex/initialize-harness-project/SKILL.md +86 -18
- package/dist/agents/skills/codex/initialize-harness-project/skill.yaml +1 -0
- package/dist/agents/skills/codex/outcome-eval/SKILL.md +97 -0
- package/dist/agents/skills/codex/outcome-eval/skill.yaml +51 -0
- package/dist/agents/skills/cursor/align-design-system/SKILL.md +18 -0
- package/dist/agents/skills/cursor/align-design-system/skill.yaml +3 -0
- package/dist/agents/skills/cursor/harness-audit-harness-strength/SKILL.md +188 -0
- package/dist/agents/skills/cursor/harness-audit-harness-strength/skill.yaml +54 -0
- package/dist/agents/skills/cursor/harness-autopilot/SKILL.md +2 -0
- package/dist/agents/skills/cursor/harness-brainstorming/SKILL.md +58 -12
- package/dist/agents/skills/cursor/harness-code-review/SKILL.md +107 -22
- package/dist/agents/skills/cursor/harness-code-review/references/confidence-rubric.md +45 -0
- package/dist/agents/skills/cursor/harness-code-review/references/risk-keywords.md +40 -0
- package/dist/agents/skills/cursor/harness-code-review/skill.yaml +3 -0
- package/dist/agents/skills/cursor/harness-compound/SKILL.md +7 -4
- package/dist/agents/skills/cursor/harness-execution/SKILL.md +1 -1
- package/dist/agents/skills/cursor/harness-git-workflow/SKILL.md +2 -0
- package/dist/agents/skills/cursor/harness-ideate/SKILL.md +279 -0
- package/dist/agents/skills/cursor/harness-ideate/references/scoring.md +88 -0
- package/dist/agents/skills/cursor/harness-ideate/skill.yaml +66 -0
- package/dist/agents/skills/cursor/harness-knowledge-pipeline/SKILL.md +2 -0
- package/dist/agents/skills/cursor/harness-planning/SKILL.md +14 -4
- package/dist/agents/skills/cursor/harness-pulse/SKILL.md +12 -16
- package/dist/agents/skills/cursor/harness-roadmap/SKILL.md +62 -4
- package/dist/agents/skills/cursor/harness-roadmap-pilot/SKILL.md +36 -6
- package/dist/agents/skills/cursor/harness-strategy/SKILL.md +152 -0
- package/dist/agents/skills/cursor/harness-strategy/references/interview.md +122 -0
- package/dist/agents/skills/cursor/harness-strategy/skill.yaml +54 -0
- package/dist/agents/skills/cursor/harness-test-advisor/SKILL.md +80 -2
- package/dist/agents/skills/cursor/harness-test-advisor/skill.yaml +4 -1
- package/dist/agents/skills/cursor/initialize-harness-project/SKILL.md +86 -18
- package/dist/agents/skills/cursor/initialize-harness-project/skill.yaml +1 -0
- package/dist/agents/skills/cursor/outcome-eval/SKILL.md +97 -0
- package/dist/agents/skills/cursor/outcome-eval/skill.yaml +51 -0
- package/dist/agents/skills/gemini-cli/align-design-system/SKILL.md +18 -0
- package/dist/agents/skills/gemini-cli/align-design-system/skill.yaml +3 -0
- package/dist/agents/skills/gemini-cli/harness-audit-harness-strength/SKILL.md +188 -0
- package/dist/agents/skills/gemini-cli/harness-audit-harness-strength/skill.yaml +54 -0
- package/dist/agents/skills/gemini-cli/harness-autopilot/SKILL.md +2 -0
- package/dist/agents/skills/gemini-cli/harness-brainstorming/SKILL.md +58 -12
- package/dist/agents/skills/gemini-cli/harness-code-review/SKILL.md +107 -22
- package/dist/agents/skills/gemini-cli/harness-code-review/references/confidence-rubric.md +45 -0
- package/dist/agents/skills/gemini-cli/harness-code-review/references/risk-keywords.md +40 -0
- package/dist/agents/skills/gemini-cli/harness-code-review/skill.yaml +3 -0
- package/dist/agents/skills/gemini-cli/harness-compound/SKILL.md +7 -4
- package/dist/agents/skills/gemini-cli/harness-execution/SKILL.md +1 -1
- package/dist/agents/skills/gemini-cli/harness-git-workflow/SKILL.md +2 -0
- package/dist/agents/skills/gemini-cli/harness-ideate/SKILL.md +279 -0
- package/dist/agents/skills/gemini-cli/harness-ideate/references/scoring.md +88 -0
- package/dist/agents/skills/gemini-cli/harness-ideate/skill.yaml +66 -0
- package/dist/agents/skills/gemini-cli/harness-knowledge-pipeline/SKILL.md +2 -0
- package/dist/agents/skills/gemini-cli/harness-planning/SKILL.md +14 -4
- package/dist/agents/skills/gemini-cli/harness-pulse/SKILL.md +12 -16
- package/dist/agents/skills/gemini-cli/harness-roadmap/SKILL.md +62 -4
- package/dist/agents/skills/gemini-cli/harness-roadmap-pilot/SKILL.md +36 -6
- package/dist/agents/skills/gemini-cli/harness-strategy/SKILL.md +152 -0
- package/dist/agents/skills/gemini-cli/harness-strategy/references/interview.md +122 -0
- package/dist/agents/skills/gemini-cli/harness-strategy/skill.yaml +54 -0
- package/dist/agents/skills/gemini-cli/harness-test-advisor/SKILL.md +80 -2
- package/dist/agents/skills/gemini-cli/harness-test-advisor/skill.yaml +4 -1
- package/dist/agents/skills/gemini-cli/initialize-harness-project/SKILL.md +86 -18
- package/dist/agents/skills/gemini-cli/initialize-harness-project/skill.yaml +1 -0
- package/dist/agents/skills/gemini-cli/outcome-eval/SKILL.md +97 -0
- package/dist/agents/skills/gemini-cli/outcome-eval/skill.yaml +51 -0
- package/dist/agents/skills/package.json +1 -1
- package/dist/agents/skills/tests/harness-strategy.test.ts +145 -0
- package/dist/agents/skills/tests/harness-test-advisor.test.ts +94 -0
- package/dist/agents-md-XOJE5ETA.js +13 -0
- package/dist/analyzer-V633GUHY-MBCQWKDU.js +26 -0
- package/dist/{architecture-LUR2I67H.js → architecture-JEZPJ725.js} +6 -6
- package/dist/{assess-project-OJWECOP2.js → assess-project-RHXOQNMM.js} +1 -1
- package/dist/bin/harness-mcp.js +17 -17
- package/dist/bin/harness.js +27 -27
- package/dist/{check-phase-gate-HS5KYLRO.js → check-phase-gate-GNDOMS35.js} +6 -6
- package/dist/{chunk-6UHDQP2N.js → chunk-2N4OENGE.js} +1 -1
- package/dist/{chunk-O2ASYKA6.js → chunk-3ISHDWO7.js} +2 -2
- package/dist/{chunk-GGSNWH7P.js → chunk-527G27VI.js} +5 -5
- package/dist/{chunk-N5NSSLMU.js → chunk-6WQCLCBO.js} +2 -2
- package/dist/{chunk-OH3NXXUY.js → chunk-BDGTZRZ6.js} +11 -1
- package/dist/{chunk-Z3TMCCZB.js → chunk-BYVT5LVO.js} +9 -9
- package/dist/{chunk-TIH53QXY.js → chunk-CLI4K2CH.js} +1 -1
- package/dist/{chunk-VSIRUZQP.js → chunk-DE5U6KOL.js} +2 -2
- package/dist/{chunk-FXZI6NJ2.js → chunk-GGKRA7A7.js} +51 -4
- package/dist/{chunk-RJ2WEES5.js → chunk-GSP2XIVS.js} +2 -2
- package/dist/{chunk-CZPOPMMI.js → chunk-HEIMJJI4.js} +3 -3
- package/dist/{chunk-7AF6C5GE.js → chunk-HWTUUQOW.js} +3 -3
- package/dist/{chunk-FC4JPM6W.js → chunk-KAJOS3BA.js} +3 -3
- package/dist/{chunk-NIVWM7OW.js → chunk-MGUPSE6D.js} +10 -10
- package/dist/{chunk-WZY5U6NS.js → chunk-N24HCQA4.js} +3351 -887
- package/dist/{chunk-Y4T6ENKQ.js → chunk-N55WOGN3.js} +86 -17
- package/dist/{chunk-INBTDBV2.js → chunk-NWLGL3IR.js} +1 -1
- package/dist/{chunk-FEKBXX2J.js → chunk-ONCPJGHY.js} +9 -9
- package/dist/{chunk-PTHX545Q.js → chunk-PC2R5RUJ.js} +2 -2
- package/dist/{chunk-H2ZJOJ7A.js → chunk-PP6ZRL5T.js} +316 -42
- package/dist/{chunk-LECXPXS3.js → chunk-QBC7DI4Q.js} +2 -2
- package/dist/{chunk-B2VAYLYI.js → chunk-UX3PQKVZ.js} +8 -3
- package/dist/{chunk-7PLIWP7U.js → chunk-WWEVS7RO.js} +4409 -743
- package/dist/{chunk-LGYXR2KZ.js → chunk-XFU6SB2Q.js} +1122 -689
- package/dist/{chunk-KN3EMDZ5.js → chunk-XX4OLNWQ.js} +23 -3
- package/dist/{chunk-VI4IS55S.js → chunk-YQSYCBAH.js} +6 -6
- package/dist/{chunk-LYIPI2SJ.js → chunk-Z4AWEIBY.js} +6 -6
- package/dist/{ci-workflow-MDSTHJOY.js → ci-workflow-ORZ4F45F.js} +5 -5
- package/dist/{dist-E3SAAHCM.js → dist-ICW4QUEW.js} +5 -1
- package/dist/{dist-72ID44UE.js → dist-LHINSVK4.js} +136 -4
- package/dist/{dist-R3TOOPJ7.js → dist-OWHMNL4W.js} +1 -1
- package/dist/{docs-2RFOJ6XY.js → docs-AU3DXFFO.js} +6 -6
- package/dist/engine-6GPWOYQH.js +13 -0
- package/dist/{entropy-3UX6644G.js → entropy-VLKDRMRT.js} +5 -5
- package/dist/{feedback-CVCFYND4.js → feedback-YXYY44ZC.js} +1 -1
- package/dist/{generate-agent-definitions-HZ3XENWO.js → generate-agent-definitions-XIHQPKG3.js} +6 -6
- package/dist/{glob-helper-EX4YZKZO.js → glob-helper-GLZAURJC.js} +1 -1
- package/dist/{graph-loader-EIFEOUVI.js → graph-loader-HHXN5FLP.js} +1 -1
- package/dist/hooks/cost-tracker.js +29 -6
- package/dist/index.d.ts +202 -0
- package/dist/index.js +27 -27
- package/dist/{loader-6RHWU5FH.js → loader-YAN56MT3.js} +5 -5
- package/dist/{mcp-OYR26JDI.js → mcp-RK3SFVYB.js} +17 -17
- package/dist/{performance-JJMIRXCH.js → performance-64DPTLLQ.js} +6 -6
- package/dist/{review-pipeline-BHQZIXWZ.js → review-pipeline-NENG6LW7.js} +5 -5
- package/dist/{runtime-DALTAVTN.js → runtime-FFIIRT2T.js} +5 -5
- package/dist/{scan-LYKLM4EQ.js → scan-P7YFKB77.js} +1 -1
- package/dist/{security-RMLMYFPB.js → security-3PIBN35B.js} +1 -1
- package/dist/templates/basic/harness.config.json.hbs +34 -0
- package/dist/templates/ci/README.md +86 -0
- package/dist/templates/ci/required-review.ruleset.json +20 -0
- package/dist/templates/ci/required-review.yml.hbs +57 -0
- package/dist/templates/ci/template.json +5 -0
- package/dist/templates/intermediate/harness.config.json.hbs +36 -0
- package/dist/templates/orchestrator/harness.orchestrator.md +9 -0
- package/dist/{tool-tiers-B7JC2XC3.js → tool-tiers-OKK5FE57.js} +2 -0
- package/dist/{validate-R7DZRDFK.js → validate-7IAF2ES3.js} +6 -6
- package/dist/validate-cross-check-QPSAOZKD.js +13 -0
- package/package.json +8 -8
- package/dist/agents-md-FKMKH6ZF.js +0 -13
- package/dist/analyzer-H3AHBFSL-KPOPJYRB.js +0 -26
- package/dist/engine-BSFKOGPN.js +0 -13
- package/dist/validate-cross-check-AUUZFNVL.js +0 -13
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
version: 2
|
|
2
|
+
name: Adversarial Reviewer
|
|
3
|
+
description: Constructs failure scenarios between the existing 4 review agents — assumption violations, composition failures, abuse cases, and cascade chains
|
|
4
|
+
role: >
|
|
5
|
+
Sit between bug, security, and architecture. Hunt for failure modes that
|
|
6
|
+
single-pattern agents miss — assumptions the diff relies on but does not
|
|
7
|
+
enforce, two correct pieces that misbehave together, adversarial inputs the
|
|
8
|
+
diff does not anticipate, and (at Deep depth) single failures that cascade
|
|
9
|
+
through downstream callers.
|
|
10
|
+
|
|
11
|
+
Never re-flag findings owned by the existing 4 agents. Emit `ReviewFinding[]`
|
|
12
|
+
with `domain: 'bug'`, `subagent: 'adversarial'`, and numeric `confidence`
|
|
13
|
+
per the shared confidence rubric.
|
|
14
|
+
skills:
|
|
15
|
+
- harness-code-review
|
|
16
|
+
steps:
|
|
17
|
+
- skill: harness-code-review
|
|
18
|
+
when: manual
|
|
19
|
+
output: auto
|
|
20
|
+
- skill: harness-code-review
|
|
21
|
+
when: on_pr
|
|
22
|
+
output: auto
|
|
23
|
+
triggers:
|
|
24
|
+
- event: on_pr
|
|
25
|
+
conditions:
|
|
26
|
+
paths:
|
|
27
|
+
- "src/**"
|
|
28
|
+
- "packages/**"
|
|
29
|
+
config:
|
|
30
|
+
severity: warning
|
|
31
|
+
autoFix: false
|
|
32
|
+
timeout: 600000
|
|
33
|
+
# Activation predicate (read by Phase 3.5 of harness-code-review):
|
|
34
|
+
# - Active at Standard or Deep depth
|
|
35
|
+
# - Cascade-construction hunt category gated to Deep depth
|
|
36
|
+
activation:
|
|
37
|
+
depth: ["standard", "deep"]
|
|
38
|
+
references:
|
|
39
|
+
rubric: agents/skills/claude-code/harness-code-review/references/confidence-rubric.md
|
|
40
|
+
outputs:
|
|
41
|
+
agents-md: false
|
|
42
|
+
ci-workflow: false
|
|
43
|
+
runtime-config: true
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
version: 2
|
|
2
|
+
name: Frontend-races Reviewer
|
|
3
|
+
description: Framework-aware reviewer for async-UI diffs — flags lifecycle gaps, hook-timing mistakes, concurrent interactions, and stale-work races
|
|
4
|
+
role: >
|
|
5
|
+
Activate when the TypeScript-strict reviewer is active AND the diff contains
|
|
6
|
+
an async-UI signal (`.tsx`, `useEffect`, `useState`, `setTimeout`,
|
|
7
|
+
`setInterval`, `addEventListener`, `data-controller=` for Stimulus).
|
|
8
|
+
Hunt for lifecycle cleanup gaps (listeners and timers outliving the owner),
|
|
9
|
+
hook-timing mistakes (state in the wrong hook, async after unmount),
|
|
10
|
+
concurrent-interaction bugs (overlapping clicks/requests, impossible-state
|
|
11
|
+
booleans), and promise/timer flows that leave stale work behind.
|
|
12
|
+
|
|
13
|
+
Emit `ReviewFinding[]` with `domain: 'bug'`, `subagent: 'frontend-races'`,
|
|
14
|
+
and numeric `confidence` per the shared confidence rubric.
|
|
15
|
+
skills:
|
|
16
|
+
- harness-code-review
|
|
17
|
+
steps:
|
|
18
|
+
- skill: harness-code-review
|
|
19
|
+
when: manual
|
|
20
|
+
output: auto
|
|
21
|
+
- skill: harness-code-review
|
|
22
|
+
when: on_pr
|
|
23
|
+
output: auto
|
|
24
|
+
triggers:
|
|
25
|
+
- event: on_pr
|
|
26
|
+
conditions:
|
|
27
|
+
paths:
|
|
28
|
+
- "**/*.tsx"
|
|
29
|
+
- "**/*.ts"
|
|
30
|
+
config:
|
|
31
|
+
severity: warning
|
|
32
|
+
autoFix: false
|
|
33
|
+
timeout: 600000
|
|
34
|
+
# Activation predicate (read by Phase 3.5 of harness-code-review):
|
|
35
|
+
# - TypeScript-strict must be active
|
|
36
|
+
# - AND diff contains at least one of:
|
|
37
|
+
# `.tsx`, `useEffect`, `useState`, `setTimeout`, `setInterval`,
|
|
38
|
+
# `addEventListener`, `data-controller=`
|
|
39
|
+
activation:
|
|
40
|
+
depends_on: typescript-strict
|
|
41
|
+
diff_signals:
|
|
42
|
+
- ".tsx"
|
|
43
|
+
- "useEffect"
|
|
44
|
+
- "useState"
|
|
45
|
+
- "setTimeout"
|
|
46
|
+
- "setInterval"
|
|
47
|
+
- "addEventListener"
|
|
48
|
+
- "data-controller="
|
|
49
|
+
references:
|
|
50
|
+
rubric: agents/skills/claude-code/harness-code-review/references/confidence-rubric.md
|
|
51
|
+
outputs:
|
|
52
|
+
agents-md: false
|
|
53
|
+
ci-workflow: false
|
|
54
|
+
runtime-config: true
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
version: 2
|
|
2
|
+
name: TypeScript-strict Reviewer
|
|
3
|
+
description: Framework-aware reviewer for TypeScript diffs — flags type holes, refactor regressions, complexity growth, and five-second-rule names
|
|
4
|
+
role: >
|
|
5
|
+
Activate when the diff includes a non-test `.ts` or `.tsx` file. Hunt for
|
|
6
|
+
type-system holes that disable the checker (explicit `any`, `// @ts-ignore`,
|
|
7
|
+
`as unknown as T`, non-null assertions), refactor regressions where call
|
|
8
|
+
sites lose coverage, existing-file complexity that would be safer as a new
|
|
9
|
+
module, and names that fail the five-second rule at the call site.
|
|
10
|
+
|
|
11
|
+
Emit `ReviewFinding[]` with `domain: 'bug'` (or `'architecture'` for
|
|
12
|
+
complexity findings), `subagent: 'typescript-strict'`, and numeric
|
|
13
|
+
`confidence` per the shared confidence rubric.
|
|
14
|
+
skills:
|
|
15
|
+
- harness-code-review
|
|
16
|
+
steps:
|
|
17
|
+
- skill: harness-code-review
|
|
18
|
+
when: manual
|
|
19
|
+
output: auto
|
|
20
|
+
- skill: harness-code-review
|
|
21
|
+
when: on_pr
|
|
22
|
+
output: auto
|
|
23
|
+
triggers:
|
|
24
|
+
- event: on_pr
|
|
25
|
+
conditions:
|
|
26
|
+
paths:
|
|
27
|
+
- "**/*.ts"
|
|
28
|
+
- "**/*.tsx"
|
|
29
|
+
config:
|
|
30
|
+
severity: warning
|
|
31
|
+
autoFix: false
|
|
32
|
+
timeout: 600000
|
|
33
|
+
# Activation predicate (read by Phase 3.5 of harness-code-review):
|
|
34
|
+
# - Active when the diff contains at least one non-test `.ts` or `.tsx`
|
|
35
|
+
# - Excludes `*.d.ts`, `*.test.ts(x)`, `*.spec.ts(x)`, `__tests__/**`
|
|
36
|
+
activation:
|
|
37
|
+
file_patterns:
|
|
38
|
+
include:
|
|
39
|
+
- "**/*.ts"
|
|
40
|
+
- "**/*.tsx"
|
|
41
|
+
exclude:
|
|
42
|
+
- "**/*.d.ts"
|
|
43
|
+
- "**/*.test.ts"
|
|
44
|
+
- "**/*.test.tsx"
|
|
45
|
+
- "**/*.spec.ts"
|
|
46
|
+
- "**/*.spec.tsx"
|
|
47
|
+
- "**/__tests__/**"
|
|
48
|
+
references:
|
|
49
|
+
rubric: agents/skills/claude-code/harness-code-review/references/confidence-rubric.md
|
|
50
|
+
outputs:
|
|
51
|
+
agents-md: false
|
|
52
|
+
ci-workflow: false
|
|
53
|
+
runtime-config: true
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# @harness-engineering/skills
|
|
2
|
+
|
|
3
|
+
## 1.1.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- af56053: Ship the `harness-strategy` skill and the `writeStrategyDoc` writer (strategic-anchor phase 2 of 8 in the compound-engineering-adoption initiative).
|
|
8
|
+
- `packages/core/strategy` exports `writeStrategyDoc(doc, { cwd, skipBackup? })` — atomic disk write of `STRATEGY.md` with schema-validation-rejects-disk-write, an idempotent `.bak` on first overwrite, H1 preservation across re-writes, and `tmp-<pid>` + `rename` semantics that mirror `writePulseConfig`. Composes a pure `serializeStrategyDoc(doc, opts?)` (also exported) so the serializer is unit-testable without filesystem fixtures.
|
|
9
|
+
- `agents/skills/{claude-code,gemini-cli,cursor,codex}/harness-strategy/` ships the rigid skill (Phase 0 file-state routing; Phase 1 first-run interview in template order; Phase 2 per-section update flow; Phase 3 downstream handoff). `references/interview.md` documents the three pushback rules (fluff detection, goal-as-strategy, feature-list-as-strategy) with detection signals, repair scripts, anti-pattern fixtures, and the hard 2-round-per-section cap.
|
|
10
|
+
- CLI emits `/harness:strategy` via `generate-slash-commands` (and the per-platform plugin generators); the slash command appears in `.claude-plugin/commands/strategy.md`, `.gemini-extension/commands/strategy.toml`, `.cursor-plugin/commands/strategy.md`, plus the `agents/commands/*` mirrors. Skill listed in the auto-generated skills catalog.
|
|
11
|
+
|
|
12
|
+
Scope: writer + skill prose only. Init wiring, `harness-ideate`, brainstorming/roadmap-pilot grounding, knowledge-graph integration, and ADRs ship in follow-up PRs (one per phase).
|
|
@@ -65,6 +65,7 @@ For each finding classified as `suggestion`: emit a human-readable description p
|
|
|
65
65
|
|
|
66
66
|
- **`harness align-design-system`** — the CLI entry point. `--dry-run` for preview; `--write` is the default. Standard `--json` / `--verbose` / `--quiet` flags.
|
|
67
67
|
- **`harness align-design-system --mode pipeline`** — orchestrator-driven mode. Reads pre-classified findings from handoff.json; writes outcomes back.
|
|
68
|
+
- **`harness align-design-system --revert`** — inverse-applies the most-recent batch recorded at `.harness/align/last-batch.json`. Skips files edited externally since the apply (content-hash check). Idempotent: a second revert on the same batch is a no-op because the file no longer matches the recorded post-apply text.
|
|
68
69
|
- **`mcp__harness__align_design_system`** — MCP tool for agent consumption. Same input/output shape as the function call.
|
|
69
70
|
- **`detect-design-drift`** — soft dependency. Standalone mode invokes detect internally; pipeline mode trusts the orchestrator to have done it.
|
|
70
71
|
- **`harness check-design`** — composes detect (as 3rd verifier) into a single-pass design check. align is the matching FIX step; together they form the DETECT → FIX cycle that the (future) #5 orchestrator will loop.
|
|
@@ -82,6 +83,7 @@ See `docs/changes/design-pipeline/align-design-system/proposal.md` for the full
|
|
|
82
83
|
- Pipeline mode writes `pipeline.fixesApplied` back to handoff.json
|
|
83
84
|
- `--dry-run` produces identical `FixOutcome` shapes but never writes files
|
|
84
85
|
- Re-running detect after align produces strictly fewer T001/T002/T003 findings
|
|
86
|
+
- `--revert` re-applies the inverse of the most-recent `fixesApplied` batch; no-op when the file has been edited externally since the apply
|
|
85
87
|
|
|
86
88
|
## Examples
|
|
87
89
|
|
|
@@ -147,6 +149,21 @@ src/SaveButton.tsx
|
|
|
147
149
|
|
|
148
150
|
v1 never auto-applies primitive adoption — prop translation across `<button>` ⇄ `<Button>` is the kind of judgment-call that benefits from a human or LLM review.
|
|
149
151
|
|
|
152
|
+
### Example: Revert the last batch
|
|
153
|
+
|
|
154
|
+
After a write run, the applied diffs (plus a SHA-256 of each post-apply file) are persisted to `.harness/align/last-batch.json`. Running `harness align-design-system --revert` reads that batch and inverse-applies each diff:
|
|
155
|
+
|
|
156
|
+
```
|
|
157
|
+
src/Card.tsx
|
|
158
|
+
✓ DRIFT-T001:2 — Hex color "#0066cc" should use a token reference instead of a raw literal
|
|
159
|
+
before: const styles = { color: tokens.color.brand.primary };
|
|
160
|
+
after: const styles = { color: "#0066cc" };
|
|
161
|
+
|
|
162
|
+
Summary: 1 reverted, 0 suggestions, 0 skipped, 0 failed (1 files modified, 4ms)
|
|
163
|
+
```
|
|
164
|
+
|
|
165
|
+
If the file has been edited externally between apply and revert (the SHA-256 doesn't match), every entry for that file is skipped with `skipped-unsafe / reason: file changed externally since apply`. A second revert on the same batch is a no-op for the same reason — the file's post-revert content no longer matches the recorded post-apply text.
|
|
166
|
+
|
|
150
167
|
## Gates
|
|
151
168
|
|
|
152
169
|
- **No autofix without classifier approval.** Every codemod application goes through `classifyFinding`. If the classifier returns `suggestion`, NO file write occurs — even for the same finding code in the same file.
|
|
@@ -162,6 +179,7 @@ v1 never auto-applies primitive adoption — prop translation across `<button>`
|
|
|
162
179
|
- **When the codemod corrupts a file (rare):** every application includes a structured diff. Recover via `git checkout <file>`. If the same input repeatedly corrupts, report the case — pre-flight classifier rules are conservative by design.
|
|
163
180
|
- **When pipeline-mode run finds no `pipeline.driftFindings` field:** align exits cleanly with empty outcomes. The orchestrator's contract is to write the field BEFORE invoking align.
|
|
164
181
|
- **When `--dry-run` shows fixes you don't want applied:** scope with `--files <glob>` to apply only specific files, or invoke align in pipeline mode with a curated `pipeline.fixBatch` list.
|
|
182
|
+
- **When you want to undo an apply:** run `harness align-design-system --revert`. It reads `.harness/align/last-batch.json`, content-hash-checks each file, and inverse-applies. Files edited since the apply are skipped (no silent corruption); recover via `git checkout <file>` if the content-hash check blocks revert and the prior commit is still in history.
|
|
165
183
|
- **When you want primitive-adoption fixes today:** apply the suggestion manually. The v1.x sub-project will add prop-translation tables + import resolution + revert-on-test-fail.
|
|
166
184
|
- **When align is invoked without detect having run first (standalone mode):** standalone mode runs detect internally — no manual ordering needed. Pipeline mode trusts the orchestrator to populate findings.
|
|
167
185
|
|
|
@@ -31,6 +31,9 @@ cli:
|
|
|
31
31
|
- name: mode
|
|
32
32
|
description: standalone (default) or pipeline (read findings from handoff.json)
|
|
33
33
|
required: false
|
|
34
|
+
- name: revert
|
|
35
|
+
description: Inverse-apply the most-recent batch persisted at .harness/align/last-batch.json
|
|
36
|
+
required: false
|
|
34
37
|
mcp:
|
|
35
38
|
tool: run_skill
|
|
36
39
|
input:
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# Harness Audit: Harness Strength
|
|
2
|
+
|
|
3
|
+
> Mechanically audit whether a project's harness is load-bearing. Orchestrates the deterministic check-harness-strength engine; interprets results. Not a deep/AI review.
|
|
4
|
+
|
|
5
|
+
## When to Use
|
|
6
|
+
|
|
7
|
+
- On a milestone gate, to confirm the harness still constrains rather than merely decorates the project
|
|
8
|
+
- When adding the strength audit as a required CI check, so the seven STRENGTH patterns block the merge instead of being prose advice
|
|
9
|
+
- When validating a harness-distribution (toolkit) repo before shipping templates downstream — to catch a default that would weaken every adopter
|
|
10
|
+
- When a reviewer suspects a gate "passes" without doing anything (a snapshot that asserts `passed: true` for a check it never ran)
|
|
11
|
+
- NOT for deep security review — use `harness-security-review` (semantic, AI-assisted)
|
|
12
|
+
- NOT for design-system drift — use `detect-design-drift`
|
|
13
|
+
- NOT for reimplementing pattern detection by hand — the engine (`HarnessStrengthAuditor`) owns detection. This skill runs it and interprets the output.
|
|
14
|
+
|
|
15
|
+
## Process
|
|
16
|
+
|
|
17
|
+
This skill ORCHESTRATES `harness check-harness-strength`. It never re-greps configs, never re-parses hooks, and never re-derives findings. The engine reads the project once and returns a structured `AuditResult`; the skill's job is to run it with the right mode/severity and turn the JSON into an actionable report.
|
|
18
|
+
|
|
19
|
+
### Phase 1: SCAN — Run the engine
|
|
20
|
+
|
|
21
|
+
1. **Resolve the project root.** Use the provided `path` argument, else the current working directory.
|
|
22
|
+
|
|
23
|
+
2. **Resolve the mode.**
|
|
24
|
+
- If `--toolkit` or `--adopter` (or `--mode toolkit|adopter`) is supplied, honor it. Explicit mode wins.
|
|
25
|
+
- Otherwise auto-detect: treat the repo as **toolkit** when it is a harness distribution — both `templates/` and `agents/skills/` exist at the root. Otherwise **adopter**.
|
|
26
|
+
- Do not inspect config files to "double-check" the mode. The engine resolves and reports the mode it used.
|
|
27
|
+
|
|
28
|
+
3. **Invoke the command** via Bash, requesting JSON:
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
harness check-harness-strength [--mode <adopter|toolkit>] [--severity <error|warning|info>] [--report-only] --json
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
The `--json` payload is the raw structured `AuditResult` (score, tier, mode, findings with `id`, `gearPiece`, `severity`, `message`, `remediation`, and file:line evidence). Parse this — do not re-derive it.
|
|
35
|
+
|
|
36
|
+
4. **Do NOT inspect config files by hand.** The engine reads `harness.config.json`, hook profiles, baselines, snapshots, and tier defaults exactly once. Hand-grepping `.husky/pre-commit` or `harness.config.json` to "confirm" a finding reimplements detection and violates the core decision behind this skill (ADR 0039 / spec D1).
|
|
37
|
+
|
|
38
|
+
### Phase 2: DETECT — Interpret findings
|
|
39
|
+
|
|
40
|
+
1. **Map each finding to its STRENGTH pattern** using the JSON `id` and `gearPiece` fields. Every finding the engine emits corresponds to exactly one of the seven patterns below. Do not invent findings the engine did not emit, and do not silence findings it did.
|
|
41
|
+
|
|
42
|
+
2. **The seven STRENGTH patterns** (the engine's rule registry — for interpretation only; the engine, not the skill, decides which fire):
|
|
43
|
+
|
|
44
|
+
| ID | Gear piece | Pattern | Default |
|
|
45
|
+
| ------------ | ----------------------- | -------------------------------------------------------------------- | ------- |
|
|
46
|
+
| STRENGTH-001 | blocking-gate | Hook documented "never blocks"/"always exits 0" in an active profile | error |
|
|
47
|
+
| STRENGTH-002 | regression-baseline | Pre-commit auto-updates baselines/thresholds on regression | error |
|
|
48
|
+
| STRENGTH-003 | skip-discipline | `--skip` list > 2 categories without inline justification | warning |
|
|
49
|
+
| STRENGTH-004 | architecture-thresholds | `layers` defined but `architecture.thresholds` empty/absent | error |
|
|
50
|
+
| STRENGTH-005 | tier-default | Init/config defaults to lowest tier (`basic`) | warning |
|
|
51
|
+
| STRENGTH-006 | review-gate | Baseline-update PR auto-approved without independent review | error |
|
|
52
|
+
| STRENGTH-007 | snapshot-honesty | `passed:true` in health snapshot whose `signals[]` names that check | error |
|
|
53
|
+
|
|
54
|
+
3. **Attach evidence.** Each finding carries a `file:line` (or config-key) reference and a remediation string from the engine. Surface them verbatim — do not paraphrase the remediation.
|
|
55
|
+
|
|
56
|
+
### Phase 3: SCORE/REPORT
|
|
57
|
+
|
|
58
|
+
1. **Surface the score and tier.** The engine returns a 0-100 strength score and a tier label:
|
|
59
|
+
- `solid` — score >= 85
|
|
60
|
+
- `at-risk` — score 50-84
|
|
61
|
+
- `theatre` — score < 50
|
|
62
|
+
|
|
63
|
+
2. **Report format** (mirror of the security-scan report block):
|
|
64
|
+
|
|
65
|
+
```
|
|
66
|
+
Harness Strength: [PASS/FAIL] — tier: <solid|at-risk|theatre> (score N/100, mode <adopter|toolkit>)
|
|
67
|
+
Findings: <count> (Errors: N | Warnings: N | Info: N)
|
|
68
|
+
|
|
69
|
+
[STRENGTH-00N] <gearPiece> <file:line> (severity)
|
|
70
|
+
<message>
|
|
71
|
+
Remediation: <engine remediation string>
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
3. **PASS/FAIL.** FAIL if any error-severity finding survives the severity threshold, unless `--report-only` was passed (then exit softens to PASS but findings are still listed). Otherwise PASS.
|
|
75
|
+
|
|
76
|
+
## Gates
|
|
77
|
+
|
|
78
|
+
- **Error-severity findings are blocking.** The report is FAIL and the exit is non-zero when any error-severity finding survives filtering — unless `--report-only` was explicitly requested. Do not report PASS over an unsuppressed error finding.
|
|
79
|
+
- **No reimplementation.** The skill must run `harness check-harness-strength` and interpret its JSON. It must never hand-grep hooks, hand-parse `harness.config.json`, or re-derive a score. Reimplementing detection violates ADR 0039.
|
|
80
|
+
- **"Not evaluable" is not a pass.** When an input the engine needs is absent (e.g., no hook profile, no snapshot), the engine reports that state. Surface it as-is. Do not convert "could not evaluate" into "passed."
|
|
81
|
+
- **Mechanical only.** No AI judgment about whether a weakness "really matters." The patterns are deterministic; the engine decides what fires.
|
|
82
|
+
|
|
83
|
+
## Escalation
|
|
84
|
+
|
|
85
|
+
- **Disputed finding / false positive:** Do not suppress by editing files or skipping the rule in the skill. Adjust severity via config — `audit.harnessStrength.severities` in `harness.config.json` (e.g., downgrade STRENGTH-003 to `info` for a justified wide `--skip`). Document the rationale alongside the override.
|
|
86
|
+
- **Engine misses a known weakness:** This skill cannot add detection. A missing pattern is engine work — file a new `StrengthRule` (`{ id, gearPiece, defaultSeverity, appliesIn(mode), evaluable?(ctx), detect(ctx) }`) in `packages/core/src/harness-strength/`. Out of scope for the skill.
|
|
87
|
+
- **Mode mis-detected:** If auto-detection picks the wrong mode (e.g., a repo with `templates/` that is not a distribution), pass `--mode adopter` (or `--toolkit`) explicitly. Do not work around it by hand-editing detection.
|
|
88
|
+
- **Engine throws or the build is stale:** If `harness check-harness-strength` errors (command not found / not in the built CLI), the dist may be stale. Rebuild the CLI and re-run. Do not substitute a manual config read for the engine.
|
|
89
|
+
|
|
90
|
+
## Rationalizations to Reject
|
|
91
|
+
|
|
92
|
+
### Universal
|
|
93
|
+
|
|
94
|
+
These reasoning patterns sound plausible but lead to bad outcomes. Reject them.
|
|
95
|
+
|
|
96
|
+
- **"It's probably fine"** — "Probably" is not evidence. Run the engine and cite the result.
|
|
97
|
+
- **"This is best practice"** — Best practice in what context? Cite the source and confirm it applies to this codebase.
|
|
98
|
+
- **"We can fix it later"** — If it is worth flagging, it is worth documenting now with a concrete follow-up plan.
|
|
99
|
+
|
|
100
|
+
### Domain-Specific
|
|
101
|
+
|
|
102
|
+
| Rationalization | Reality |
|
|
103
|
+
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
104
|
+
| "The config looks fine when I read it" | The engine exists because manual reading misses these patterns — that is the whole point of D1. Reading is not running. Run `harness check-harness-strength`. |
|
|
105
|
+
| "It only warns, not errors, so it's fine" | A gate that warns but does not stop IS STRENGTH-001 — this is the recursion item the audit was built to catch. Do not normalize "warns but doesn't block." |
|
|
106
|
+
| "I'll re-grep the hooks myself to double-check the engine" | Reimplementing detection violates ADR 0039 / spec D1. The engine is the single source of truth — trust and interpret its output, do not shadow it. |
|
|
107
|
+
| "Score is 70, that's a passing grade" | 70 is `at-risk`, not `solid`. Tier labels are thresholds, not letter grades. Below 85 means the harness has load-bearing gaps. |
|
|
108
|
+
| "No error findings, so I can skip reading the warnings" | Warnings (STRENGTH-003, -005) are erosion signals — a `basic` tier default or an unjustified wide `--skip` weakens every future run. Surface them. |
|
|
109
|
+
|
|
110
|
+
## Success Criteria
|
|
111
|
+
|
|
112
|
+
- The engine (`harness check-harness-strength`) ran and produced a score, tier label, and findings (or a clean result).
|
|
113
|
+
- Every finding is interpreted against the seven-pattern table, with the engine's file:line evidence and remediation surfaced verbatim.
|
|
114
|
+
- The exit code / PASS-FAIL reflects the gate (error-severity findings fail unless `--report-only`).
|
|
115
|
+
- No manual config inspection was substituted for the engine — the report is derived entirely from the command's `--json` output.
|
|
116
|
+
- "Not evaluable" states are surfaced as-is, never converted to passes.
|
|
117
|
+
|
|
118
|
+
## Evidence Requirements
|
|
119
|
+
|
|
120
|
+
When this skill makes claims about existing code, architecture, or behavior, it MUST cite evidence using one of:
|
|
121
|
+
|
|
122
|
+
1. **File reference:** `file:line` format (e.g., `.husky/pre-commit:12`) — taken from the engine's finding, not re-derived.
|
|
123
|
+
2. **Code pattern reference:** `file` with description (e.g., `harness.config.json` — "architecture.layers defined, thresholds absent").
|
|
124
|
+
3. **Test/command output:** Inline or referenced output from the `harness check-harness-strength --json` run.
|
|
125
|
+
4. **Session evidence:** Write to the `evidence` session section via `manage_state`.
|
|
126
|
+
|
|
127
|
+
**Uncited claims:** Technical assertions without citations MUST be prefixed with `[UNVERIFIED]`. Example: `[UNVERIFIED] The pre-commit hook auto-updates baselines`.
|
|
128
|
+
|
|
129
|
+
## Harness Integration
|
|
130
|
+
|
|
131
|
+
- **`harness check-harness-strength`** — The CLI command this skill runs and interprets. Options: `--mode <adopter|toolkit>`, `--toolkit`/`--adopter` shortcuts, `--severity <error|warning|info>` (default `warning`), `--report-only`, `--json`.
|
|
132
|
+
- **`HarnessStrengthAuditor`** — Core class from `@harness-engineering/core` that builds a `ProjectContext` once, runs the applicable `StrengthRule`s, and aggregates the score/tier/findings. The skill never instantiates it directly; it goes through the command.
|
|
133
|
+
- **`harness.config.json` → `audit.harnessStrength.severities`** — Per-pattern severity overrides. The supported escalation path for false positives — never suppress by editing source.
|
|
134
|
+
- **`docs/standard/article-failure-patterns.md`** — Narrative companion documenting the seven patterns (forthcoming — downstream item; may not exist yet).
|
|
135
|
+
|
|
136
|
+
## Examples
|
|
137
|
+
|
|
138
|
+
### Example: Clean toolkit-mode run
|
|
139
|
+
|
|
140
|
+
**Input:** A harness-distribution repo (`templates/` and `agents/skills/` present), run at a milestone gate. `harness check-harness-strength --toolkit --json`.
|
|
141
|
+
|
|
142
|
+
**Output:**
|
|
143
|
+
|
|
144
|
+
```
|
|
145
|
+
Harness Strength: PASS — tier: solid (score 100/100, mode toolkit)
|
|
146
|
+
Findings: 0 (Errors: 0 | Warnings: 0 | Info: 0)
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
Every gear piece is load-bearing: no "never blocks" hook, baselines are not auto-updated on regression, architecture thresholds are set, the init default is not `basic`, baseline-update PRs require independent review, and no snapshot claims a check passed that it never ran.
|
|
150
|
+
|
|
151
|
+
### Example: Findings detected (adopter mode)
|
|
152
|
+
|
|
153
|
+
**Input:** An adopter repo, run with default severity. `harness check-harness-strength --json`.
|
|
154
|
+
|
|
155
|
+
**Output:**
|
|
156
|
+
|
|
157
|
+
```
|
|
158
|
+
Harness Strength: FAIL — tier: at-risk (score 62/100, mode adopter)
|
|
159
|
+
Findings: 2 (Errors: 2 | Warnings: 0 | Info: 0)
|
|
160
|
+
|
|
161
|
+
[STRENGTH-001] blocking-gate .husky/pre-commit:12 (error)
|
|
162
|
+
Active pre-commit profile documents "always exits 0" — the gate reports but never blocks.
|
|
163
|
+
Remediation: Remove the unconditional `exit 0`; let failing checks return a non-zero status.
|
|
164
|
+
|
|
165
|
+
[STRENGTH-004] architecture-thresholds harness.config.json (error)
|
|
166
|
+
architecture.layers is defined but architecture.thresholds is empty — layer rules cannot be enforced.
|
|
167
|
+
Remediation: Set architecture.thresholds (e.g. maxModuleLines, maxDependencyDepth) so the layer
|
|
168
|
+
definitions become enforceable, or remove the unused layers block.
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
Two error-severity findings → FAIL. STRENGTH-001 is the recursion item: a hook that runs but cannot block. Run with `--report-only` only when you explicitly want to surface findings without failing the build (e.g., a first baseline-capture run) — and never to normalize the weakness.
|
|
172
|
+
|
|
173
|
+
## Skill Test Scenarios
|
|
174
|
+
|
|
175
|
+
### Scenario 1: Red Flag — "I'll re-grep the hooks myself to double-check the engine"
|
|
176
|
+
|
|
177
|
+
Input: The agent has the `harness check-harness-strength --json` output in hand but is about to open `.husky/pre-commit` and grep it by hand to "confirm" the STRENGTH-001 finding.
|
|
178
|
+
Expected: Agent stops, cites the no-reimplementation gate (ADR 0039 / spec D1), and interprets the engine's JSON instead of hand-grepping the hook.
|
|
179
|
+
|
|
180
|
+
### Scenario 2: Rationalization — "it only warns, not errors, so it's fine"
|
|
181
|
+
|
|
182
|
+
Input: The engine reports a documented "never blocks" pre-commit profile, and the agent is tempted to treat it as acceptable because nothing currently fails the build.
|
|
183
|
+
Expected: Agent rejects the rationalization, recognizes that "warns but doesn't stop" IS STRENGTH-001 (the recursion item), and surfaces it as a finding rather than normalizing it.
|
|
184
|
+
|
|
185
|
+
### Scenario 3: Gate — error-severity STRENGTH-001 finding present without `--report-only`
|
|
186
|
+
|
|
187
|
+
Input: The `--json` output contains an error-severity STRENGTH-001 finding, `--report-only` was not passed, and the agent is about to summarize the run as PASS.
|
|
188
|
+
Expected: Agent halts, reports FAIL with a non-zero exit, lists the finding with its file:line evidence and remediation, and does not proceed past the gate.
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
name: harness-audit-harness-strength
|
|
2
|
+
version: '0.1.0'
|
|
3
|
+
description: Mechanically audit a project's own harness setup against the seven STRENGTH failure patterns; reports per-pattern findings, a 0-100 strength score, and a tier label (solid/at-risk/theatre). Orchestrates harness check-harness-strength; never reimplements detection.
|
|
4
|
+
stability: draft
|
|
5
|
+
cognitive_mode: constructive-architect
|
|
6
|
+
triggers:
|
|
7
|
+
- manual
|
|
8
|
+
- on_milestone
|
|
9
|
+
platforms:
|
|
10
|
+
- claude-code
|
|
11
|
+
- gemini-cli
|
|
12
|
+
- cursor
|
|
13
|
+
- codex
|
|
14
|
+
tools:
|
|
15
|
+
- Bash
|
|
16
|
+
- Read
|
|
17
|
+
- Grep
|
|
18
|
+
- Glob
|
|
19
|
+
cli:
|
|
20
|
+
command: harness skill run harness-audit-harness-strength
|
|
21
|
+
args:
|
|
22
|
+
- name: path
|
|
23
|
+
description: Project root path
|
|
24
|
+
required: false
|
|
25
|
+
- name: mode
|
|
26
|
+
description: 'adopter (default) or toolkit (auto-detected in a harness-distribution repo)'
|
|
27
|
+
required: false
|
|
28
|
+
- name: severity
|
|
29
|
+
description: Minimum severity threshold (error, warning, info)
|
|
30
|
+
required: false
|
|
31
|
+
- name: report-only
|
|
32
|
+
description: Soften exit to 0 even when error-severity findings exist
|
|
33
|
+
required: false
|
|
34
|
+
mcp:
|
|
35
|
+
tool: run_skill
|
|
36
|
+
input:
|
|
37
|
+
skill: harness-audit-harness-strength
|
|
38
|
+
path: string
|
|
39
|
+
type: rigid
|
|
40
|
+
tier: 2
|
|
41
|
+
phases:
|
|
42
|
+
- name: scan
|
|
43
|
+
description: Resolve mode and run harness check-harness-strength against the target repo
|
|
44
|
+
required: true
|
|
45
|
+
- name: detect
|
|
46
|
+
description: Interpret the 7 STRENGTH pattern findings with file-line evidence
|
|
47
|
+
required: true
|
|
48
|
+
- name: score_report
|
|
49
|
+
description: Surface the 0-100 score, tier label, and per-pattern remediation
|
|
50
|
+
required: true
|
|
51
|
+
state:
|
|
52
|
+
persistent: false
|
|
53
|
+
files: []
|
|
54
|
+
depends_on: []
|
|
@@ -213,6 +213,8 @@ Persist findings to `{sessionDir}/phase-{N}-review.json`. No blocking → PHASE_
|
|
|
213
213
|
|
|
214
214
|
## Process
|
|
215
215
|
|
|
216
|
+
**Prompt the human in plain text** — every phase-continue and human-decision interaction in this skill is plain text only. Do not elevate to `AskUserQuestion`: natural headers like "Continue phase" exceed its 12-char cap, rendering the call as ERR.
|
|
217
|
+
|
|
216
218
|
1. **INIT** — Resolve spec, derive session slug, check for existing state, parse phases.
|
|
217
219
|
2. **ASSESS** — Route by complexity: low/medium auto-plans, high pauses for interactive planning.
|
|
218
220
|
3. **PLAN → APPROVE** — Dispatch harness-planner, check approval signals, auto-approve or pause.
|
|
@@ -35,7 +35,26 @@ When no arguments are provided (standalone invocation), the skill operates exact
|
|
|
35
35
|
|
|
36
36
|
### Phase 1: EXPLORE -- Gather Context
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
0a. **Read STRATEGY.md if present at repo root (upstream grounding).** Strategy is the durable product anchor that ranks above feature-level context — read it first so the rest of EXPLORE can cross-reference. Call `read_strategy({ path: "<project-root>" })` on the harness MCP server — it returns `{ present, valid, doc?, error? }` and runs validation + parsing inside the server so the project does not need `@harness-engineering/core` installed.
|
|
39
|
+
|
|
40
|
+
Fallback for environments without the MCP server (only works when core is resolvable from the project):
|
|
41
|
+
|
|
42
|
+
```bash
|
|
43
|
+
node -e "import('@harness-engineering/core').then(async m => {
|
|
44
|
+
const v = await m.validateStrategy(process.cwd());
|
|
45
|
+
if (!v.ok || !v.value.present) { console.log(JSON.stringify({ grounded: false, reason: 'absent' })); return; }
|
|
46
|
+
const raw = require('fs').readFileSync('STRATEGY.md', 'utf-8');
|
|
47
|
+
console.log(JSON.stringify({ grounded: true, doc: m.asStrategyDoc(m.parseStrategyDoc(raw)) }));
|
|
48
|
+
})"
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
Three cases:
|
|
52
|
+
|
|
53
|
+
- **Absent or invalid:** soft-fail silently. Do not block and do not warn in the spec — the skill works exactly as before when there is no strategic anchor.
|
|
54
|
+
- **Present and valid:** capture the `Target problem`, `Our approach`, `Who it's for`, and `Tracks` section bodies. Treat them as grounding context alongside `gather_context` outputs. The captured strategy is cited as evidence in step 1's `[evidence]` annotations of the spec output.
|
|
55
|
+
- **Contradiction with the user's feature description:** do NOT auto-resolve. Carry the contradiction forward as an open question into Phase 2 EVALUATE — surface it explicitly so the human can decide whether to refine the feature or update strategy via `/harness:strategy`.
|
|
56
|
+
|
|
57
|
+
1. **Load project context.** Call `gather_context({ path: "<project-root>", intent: "<feature description>", skill: "harness-brainstorming", session: "<session-slug-if-known>", include: ["graph", "businessKnowledge", "sessions", "validation"] })`. The `graph` context surfaces `business_fact` nodes relevant to the feature domain. The `businessKnowledge` context loads documented domain knowledge from `docs/knowledge/`. Use both to ground exploration in verified facts rather than assumptions. When `STRATEGY.md` was loaded in step 0a, treat its sections as a higher-tier grounding source than `businessKnowledge` — strategy reflects an explicit human commitment, knowledge is observation.
|
|
39
58
|
2. **Read the existing codebase.** Understand architecture, constraints, and conventions. Check AGENTS.md, existing specs in `docs/`, and relevant source files.
|
|
40
59
|
3. **Identify the problem boundary.** What exactly needs solving? What is out of scope? Write both down. Cross-reference `businessKnowledge` domains — if documented business rules constrain the problem, note them.
|
|
41
60
|
4. **Check for prior art.** Has this been partially solved elsewhere? Are there patterns to follow or deliberately break?
|
|
@@ -66,7 +85,8 @@ When no arguments are provided (standalone invocation), the skill operates exact
|
|
|
66
85
|
2. **Prefer multiple choice over open-ended questions.** Give 2-4 concrete options with brief tradeoff notes.
|
|
67
86
|
3. **Acknowledge answers and build on them.** Do not re-ask clarified points. Track decisions as they accumulate.
|
|
68
87
|
4. **Apply YAGNI ruthlessly.** For every proposed capability, ask: "Do we need this for the stated goal, or is this speculative?" If speculative, cut it. If the human insists, note it as a future consideration.
|
|
69
|
-
5. **
|
|
88
|
+
5. **Surface strategy contradictions.** If Phase 1 step 0a captured a contradiction between the feature description and `STRATEGY.md`, ask the human about it explicitly as one of the first few EVALUATE questions. Frame it as a choice — refine the feature to align, or refine strategy via `/harness:strategy` — never auto-resolve. Skip this when STRATEGY.md was absent or no contradiction was detected.
|
|
89
|
+
6. **Continue until you have enough clarity** to propose concrete approaches. Typically 3-7 questions suffice. If you need >10, the scope is too large -- decompose.
|
|
70
90
|
|
|
71
91
|
### Context Keywords
|
|
72
92
|
|
|
@@ -116,7 +136,7 @@ These flow into `handoff.json` `contextKeywords` field. Select keywords that hel
|
|
|
116
136
|
- **Entry Points** -- Which system entry points does this feature touch or create? (e.g., new CLI command, new MCP tool, new skill, new API route, new barrel export)
|
|
117
137
|
- **Registrations Required** -- What registrations are needed for the feature to be discoverable? (e.g., barrel export regeneration, skill tier assignment, route registration)
|
|
118
138
|
- **Documentation Updates** -- What docs need updating to reflect the new capability? (e.g., AGENTS.md section, API docs, README, guides)
|
|
119
|
-
- **Architectural Decisions** --
|
|
139
|
+
- **Architectural Decisions** -- Which decisions from the **Decisions made** section rise to a standalone ADR? Reference each by name with a one-line note on _why_ it warrants an ADR. Do **not** restate the decisions here -- this subsection points back to the canonical **Decisions made** section; duplicating them creates two sources that drift (spec-craft flags this as SPEC-R004). Only for medium/large tier changes -- "None" for small changes.
|
|
120
140
|
- **Knowledge Impact** -- What domain concepts, patterns, or relationships should enter the knowledge graph?
|
|
121
141
|
|
|
122
142
|
If the feature is a small change (bug fix, config tweak, < 3 files), the section may contain only Entry Points and Registrations Required with "None" for the others. The section must still be present.
|
|
@@ -166,14 +186,37 @@ These flow into `handoff.json` `contextKeywords` field. Select keywords that hel
|
|
|
166
186
|
|
|
167
187
|
The human must explicitly approve before this skill is complete.
|
|
168
188
|
|
|
169
|
-
7. **
|
|
170
|
-
- Derive
|
|
171
|
-
- Call `manage_roadmap` with action `
|
|
172
|
-
-
|
|
173
|
-
|
|
174
|
-
|
|
189
|
+
7. **Promote the roadmap row.** If `docs/roadmap.md` exists, transition the named row to `planned` and link the spec in a single structured call (steps 7 and 8 are intentionally ordered so the commit captures the roadmap mutation). Skip silently only when no roadmap exists.
|
|
190
|
+
- Derive the lookup key from the slash-command `ARGUMENTS` string (D1). Derive the summary from the spec title (the H1 heading).
|
|
191
|
+
- Call `manage_roadmap` with action `promote`, `feature: "<ARGUMENTS>"`, `spec: "docs/changes/<feature>/proposal.md"`, and `summary: "<H1>"`.
|
|
192
|
+
- Branch on the returned `PromoteResult` envelope:
|
|
193
|
+
|
|
194
|
+
| Envelope | Skill behavior |
|
|
195
|
+
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
|
196
|
+
| `ok: true, transitioned: 'backlog→planned'` | Log "Promoted `<feature>`: backlog → planned". Continue to step 8. |
|
|
197
|
+
| `ok: true, transitioned: 'spec-updated'` | Log "Updated spec link for `<feature>` (status preserved)". Continue to step 8. |
|
|
198
|
+
| `ok: true, transitioned: 'noop'` | Log "No change — `<feature>` already promoted with this spec". Continue to step 8. |
|
|
199
|
+
| `ok: false, reason: 'in-progress'` | **STOP.** Surface: "Refused to promote `<feature>`: an agent is currently dispatched against this row. Stop the agent or use a different feature name." |
|
|
200
|
+
| `ok: false, reason: 'done'` | **STOP.** Surface: "Refused to promote `<feature>`: row is already 'done'. To revise a shipped feature, use a new name." |
|
|
201
|
+
| `ok: false, reason: 'not-found'` | If no row was expected to exist, fall through to a `created` outcome. Otherwise surface `closestMatches` as a typo hint and **STOP**. |
|
|
202
|
+
| `ok: false, reason: 'ambiguous'` | **STOP.** Surface: "Refused to promote `<feature>`: matches multiple rows across milestones. Re-invoke with one of: `<matches>`." Matches are milestone-qualified. |
|
|
203
|
+
| `ok: false, reason: 'write-failed'` | **STOP.** Surface `detail` verbatim. The brainstorm is not considered complete. |
|
|
204
|
+
|
|
205
|
+
- The `not-found` create path: when the row genuinely does not exist yet, call `manage_roadmap` action `add` with `status: "planned"`, `milestone: "Current Work"`, the spec path, and the H1 summary (unchanged from the legacy behavior), then continue to step 8.
|
|
206
|
+
- "STOP" cases skip step 8 (no commit) and step 9 (no handoff/transition). The spec file written in step 3 stays on disk; the user re-runs the skill after resolving the conflict.
|
|
207
|
+
- If `manage_roadmap` is unavailable, fall back to `parseRoadmap`/`promoteFeature`/`serializeRoadmap` from core. Warn: "External sync skipped (MCP unavailable). Run `manage_roadmap sync` when MCP is restored."
|
|
208
|
+
- If no roadmap exists, skip silently (no envelope) and continue to step 8; the commit then contains only the spec files.
|
|
209
|
+
|
|
210
|
+
8. **Commit spec artifacts and roadmap promotion.** After a successful promote (or a silent skip when no roadmap exists), commit the spec, skill recommendations, and the roadmap mutation together so the promotion ships atomically with the spec:
|
|
211
|
+
|
|
212
|
+
```bash
|
|
213
|
+
git add docs/changes/<feature>/proposal.md docs/changes/<feature>/SKILLS.md docs/roadmap.md
|
|
214
|
+
git commit -m "docs(<feature>): add spec and promote to planned"
|
|
215
|
+
```
|
|
216
|
+
|
|
217
|
+
Include `docs/roadmap.md` in `git add` only when it exists; omit it when the project has no roadmap. Do not skip this step — `harness-execution` commits only implementation files, so a spec uncommitted here stays untracked until someone notices. If a pre-commit hook reformats a file, re-add and re-commit.
|
|
175
218
|
|
|
176
|
-
|
|
219
|
+
9. **Write handoff and suggest transition.** After approval:
|
|
177
220
|
|
|
178
221
|
Write handoff to the session-scoped path when a session slug is known, otherwise fall back to the global path:
|
|
179
222
|
- Session-scoped (preferred): `.harness/sessions/<session-slug>/handoff.json`
|
|
@@ -292,7 +335,8 @@ Technical claims about existing code, architecture, or tradeoffs MUST cite evide
|
|
|
292
335
|
1. **File reference:** `file:line` (e.g., `src/services/auth.ts:42` -- "existing JWT middleware")
|
|
293
336
|
2. **Prior art:** `file` with description (e.g., `src/utils/email.ts` -- "reusable for notifications")
|
|
294
337
|
3. **Docs:** `docs/path` (e.g., `docs/changes/user-auth/proposal.md` -- "established OAuth2 standard")
|
|
295
|
-
4. **
|
|
338
|
+
4. **Strategy grounding:** `STRATEGY.md` with section reference (e.g., `STRATEGY.md#tracks` -- "advances the 'pulse-reports' track"). Cite when Phase 1 step 0a loaded a valid strategy AND the decision is informed by it. Mandatory when the spec extends, narrows, or contradicts a strategy section.
|
|
339
|
+
5. **Session evidence:** Write via `manage_state` `append_entry` to `evidence` section.
|
|
296
340
|
|
|
297
341
|
**When to cite:** Phase 1 (existing code/patterns), Phase 3 (tradeoff justifications), Phase 4 (spec referencing existing implementation).
|
|
298
342
|
|
|
@@ -302,10 +346,12 @@ Technical claims about existing code, architecture, or tradeoffs MUST cite evide
|
|
|
302
346
|
|
|
303
347
|
- **`harness validate`** -- Run after writing the spec. Verifies project health and spec placement.
|
|
304
348
|
- **`harness check-docs`** -- Verify spec does not conflict with existing docs.
|
|
349
|
+
- **`STRATEGY.md` grounding (Phase 1 step 0a)** -- When present at repo root and valid, loaded via the `read_strategy` MCP tool (which the harness MCP server backs with `validateStrategy` + `parseStrategyDoc` + `asStrategyDoc` from `@harness-engineering/core` — projects do not need core installed). Soft-fails when absent or invalid; cites strategy sections in the spec's evidence annotations when present. Boundary with `harness-strategy`: brainstorming READS; `harness-strategy` WRITES. Never modify `STRATEGY.md` from this skill.
|
|
305
350
|
- **Spec location** -- `docs/changes/<feature>/proposal.md`.
|
|
306
351
|
- **Handoff** -- Once approved, invoke harness-planning to create the implementation plan.
|
|
307
352
|
- **Session directory** — When session slug is known, handoff goes to `.harness/sessions/<slug>/handoff.json`. The session directory structure is: `handoff.json`, `state.json`, `artifacts.json` (registry of spec/plan paths and file lists). Do not write to `.harness/handoff.json` in session context.
|
|
308
|
-
- **
|
|
353
|
+
- **Spec commit** -- After sign-off, the Phase 4 step 8 commit captures `docs/changes/<feature>/proposal.md`, `docs/changes/<feature>/SKILLS.md`, and the promoted `docs/roadmap.md` together so the spec enters git history at approval, not retroactively. `harness-execution` does not backfill these — see issue #487.
|
|
354
|
+
- **Roadmap promotion** -- After approval (Phase 4 step 7), call `manage_roadmap` action `promote` to transition the named row to `planned` and link the spec atomically with the spec commit. Falls back to `add` (create new row) when the row does not exist; refuses on `in-progress`/`done`/`ambiguous`. Skip silently if no roadmap.
|
|
309
355
|
- **`emit_interaction`** -- End of Phase 4 to suggest transition to harness-planning (confirmed transition).
|
|
310
356
|
|
|
311
357
|
#### Requirement Phrasing
|