@harness-engineering/cli 4.0.1 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/dist/agents/skills/claude-code/harness-autopilot/SKILL.md +9 -8
  2. package/dist/agents/skills/claude-code/pre-merge-brief/SKILL.md +86 -0
  3. package/dist/agents/skills/claude-code/pre-merge-brief/skill.yaml +67 -0
  4. package/dist/agents/skills/codex/harness-autopilot/SKILL.md +9 -8
  5. package/dist/agents/skills/codex/pre-merge-brief/SKILL.md +86 -0
  6. package/dist/agents/skills/codex/pre-merge-brief/skill.yaml +67 -0
  7. package/dist/agents/skills/cursor/harness-autopilot/SKILL.md +9 -8
  8. package/dist/agents/skills/cursor/pre-merge-brief/SKILL.md +86 -0
  9. package/dist/agents/skills/cursor/pre-merge-brief/skill.yaml +67 -0
  10. package/dist/agents/skills/gemini-cli/harness-autopilot/SKILL.md +9 -8
  11. package/dist/agents/skills/gemini-cli/pre-merge-brief/SKILL.md +86 -0
  12. package/dist/agents/skills/gemini-cli/pre-merge-brief/skill.yaml +67 -0
  13. package/dist/{agents-md-VJLYEH2S.js → agents-md-7L4PKKOM.js} +3 -3
  14. package/dist/analyzer-XRCV63KC-HLTEIKAJ.js +26 -0
  15. package/dist/{architecture-YQH2NYXY.js → architecture-RCHFDI7E.js} +4 -4
  16. package/dist/{assess-project-KOTAPAHD.js → assess-project-YUDPNRS6.js} +5 -3
  17. package/dist/bin/harness-mcp.js +14 -14
  18. package/dist/bin/harness.js +24 -24
  19. package/dist/{check-phase-gate-CHU2E3OU.js → check-phase-gate-56GS3A72.js} +4 -4
  20. package/dist/{chunk-JPVOI7GP.js → chunk-4SKWGVYD.js} +2 -2
  21. package/dist/{chunk-GHBFNLV2.js → chunk-ABRYIEWJ.js} +923 -614
  22. package/dist/{chunk-36GQREOE.js → chunk-AU4YPEIE.js} +3 -3
  23. package/dist/{chunk-OQ6KOQEV.js → chunk-DGVT4DBI.js} +3 -3
  24. package/dist/{chunk-I3CGCZJF.js → chunk-GLHLXTKC.js} +5 -5
  25. package/dist/{chunk-4VXFZSYF.js → chunk-GSYBGOY3.js} +1 -1
  26. package/dist/{chunk-UWVMJEUJ.js → chunk-IGWJRAJT.js} +1 -1
  27. package/dist/{chunk-YANR2RL7.js → chunk-N4AI2WFH.js} +1 -1
  28. package/dist/{chunk-5RSXUAMN.js → chunk-NCMJXBEO.js} +1 -1
  29. package/dist/{chunk-SEA2PFVI.js → chunk-OZSKLJQW.js} +1 -1
  30. package/dist/{chunk-AX5KGRM6.js → chunk-P4NA5OQX.js} +1 -1
  31. package/dist/{chunk-7PJCK7UE.js → chunk-RY2U77OY.js} +6 -6
  32. package/dist/{chunk-6SCYTIF4.js → chunk-RZQZXWEL.js} +32 -7
  33. package/dist/{chunk-MMLQPHZ5.js → chunk-UACYZCW4.js} +31 -13
  34. package/dist/{chunk-T746REAE.js → chunk-VG4G3R2V.js} +1 -1
  35. package/dist/{chunk-7TIJXWG3.js → chunk-XW5XVVMI.js} +2 -2
  36. package/dist/{chunk-E5EW5HVJ.js → chunk-XZNCONFG.js} +1 -1
  37. package/dist/{chunk-SDMV4QHM.js → chunk-Y33P35U3.js} +24 -6
  38. package/dist/{chunk-XAVMTAUT.js → chunk-Y5HPJMTM.js} +18 -2
  39. package/dist/{chunk-6YFHUIGT.js → chunk-YJYUJSWK.js} +58 -20
  40. package/dist/{chunk-AAUY53CC.js → chunk-YWRPQZL7.js} +1 -1
  41. package/dist/{chunk-M7F2PPN3.js → chunk-YXOPQEFZ.js} +2 -2
  42. package/dist/{chunk-RG3TNIUB.js → chunk-Z4XWWNYX.js} +86 -86
  43. package/dist/{chunk-EYMOPFSD.js → chunk-ZU6T7W3U.js} +2 -2
  44. package/dist/{ci-workflow-HO4WKGNG.js → ci-workflow-TFAA5BK7.js} +3 -3
  45. package/dist/{dist-6D2F2J57.js → dist-MCTEX5QH.js} +4 -2
  46. package/dist/{docs-FP47JONV.js → docs-BBMAN3CY.js} +4 -4
  47. package/dist/{engine-YUA6IYOG.js → engine-R2YH74AL.js} +3 -3
  48. package/dist/{entropy-DBW2INZU.js → entropy-5UP5N6AF.js} +6 -3
  49. package/dist/{feedback-BPHADTRQ.js → feedback-6MDCCFZL.js} +1 -1
  50. package/dist/{generate-agent-definitions-KPVGBGDY.js → generate-agent-definitions-KKAN5DB5.js} +4 -4
  51. package/dist/hooks/sentinel-pre.js +15 -138
  52. package/dist/index.d.ts +61 -0
  53. package/dist/index.js +24 -24
  54. package/dist/{loader-QOJQ6NZM.js → loader-2WT2ZE2T.js} +3 -3
  55. package/dist/{mcp-ZPX6O767.js → mcp-5V4LPMB3.js} +14 -14
  56. package/dist/{performance-FXYTGJGQ.js → performance-2N3CFXLR.js} +4 -4
  57. package/dist/{review-pipeline-2TFQ5OAE.js → review-pipeline-XZIGBU3Q.js} +3 -3
  58. package/dist/{runtime-XK6ZCHKE.js → runtime-POME3GTR.js} +3 -3
  59. package/dist/{security-4W2P5ZGI.js → security-QLJLMSIW.js} +1 -1
  60. package/dist/{state-events-ECQAIZLU.js → state-events-YY5KBZTC.js} +3 -3
  61. package/dist/{validate-64KTEGIE.js → validate-VZORVK43.js} +4 -4
  62. package/dist/{validate-cross-check-J5PVGICB.js → validate-cross-check-OYKEDCST.js} +3 -3
  63. package/package.json +5 -4
  64. package/dist/analyzer-V633GUHY-OV335HGM.js +0 -26
@@ -4,7 +4,7 @@ import {
4
4
  import {
5
5
  init_dist,
6
6
  paginate
7
- } from "./chunk-MMLQPHZ5.js";
7
+ } from "./chunk-UACYZCW4.js";
8
8
 
9
9
  // src/mcp/tools/review-pipeline.ts
10
10
  init_dist();
@@ -84,7 +84,7 @@ var runCodeReviewDefinition = {
84
84
  };
85
85
  async function handleRunCodeReview(input) {
86
86
  try {
87
- const { parseDiff, runReviewPipeline } = await import("./dist-6D2F2J57.js");
87
+ const { parseDiff, runReviewPipeline } = await import("./dist-MCTEX5QH.js");
88
88
  const parseResult = parseDiff(input.diff);
89
89
  if (!parseResult.ok) {
90
90
  return {
@@ -1,8 +1,8 @@
1
1
  import {
2
2
  generateCIWorkflow
3
- } from "./chunk-AX5KGRM6.js";
4
- import "./chunk-MMLQPHZ5.js";
5
- import "./chunk-6YFHUIGT.js";
3
+ } from "./chunk-P4NA5OQX.js";
4
+ import "./chunk-UACYZCW4.js";
5
+ import "./chunk-YJYUJSWK.js";
6
6
  import "./chunk-BDGTZRZ6.js";
7
7
  import "./chunk-WZJR6SOI.js";
8
8
  import "./chunk-QCLOIUMX.js";
@@ -385,6 +385,7 @@ import {
385
385
  parseManifest,
386
386
  parseMeta,
387
387
  parseProtectedRegions,
388
+ parseReferencedIssues,
388
389
  parseRoadmap,
389
390
  parseSections,
390
391
  parseSecurityConfig,
@@ -516,7 +517,7 @@ import {
516
517
  writeStrategyDoc,
517
518
  writeTaint,
518
519
  xssRules
519
- } from "./chunk-MMLQPHZ5.js";
520
+ } from "./chunk-UACYZCW4.js";
520
521
  import {
521
522
  EXTENSION_MAP,
522
523
  EntropyAnalyzer,
@@ -542,7 +543,7 @@ import {
542
543
  resetParserCache,
543
544
  resolveFileToLayer,
544
545
  validateDependencies
545
- } from "./chunk-6YFHUIGT.js";
546
+ } from "./chunk-YJYUJSWK.js";
546
547
  import {
547
548
  AuthAuditEntrySchema,
548
549
  AuthTokenPublicSchema,
@@ -1091,6 +1092,7 @@ export {
1091
1092
  parseManifest,
1092
1093
  parseMeta,
1093
1094
  parseProtectedRegions,
1095
+ parseReferencedIssues,
1094
1096
  parseRoadmap,
1095
1097
  parseSections,
1096
1098
  parseSecurityConfig,
@@ -1,14 +1,14 @@
1
1
  import {
2
2
  checkDocsDefinition,
3
3
  handleCheckDocs
4
- } from "./chunk-I3CGCZJF.js";
4
+ } from "./chunk-GLHLXTKC.js";
5
5
  import "./chunk-RC3OI5NK.js";
6
6
  import "./chunk-W6Y7ZW3Y.js";
7
- import "./chunk-XAVMTAUT.js";
7
+ import "./chunk-Y5HPJMTM.js";
8
8
  import "./chunk-ZCZD7FHU.js";
9
9
  import "./chunk-3WGJMBKH.js";
10
- import "./chunk-MMLQPHZ5.js";
11
- import "./chunk-6YFHUIGT.js";
10
+ import "./chunk-UACYZCW4.js";
11
+ import "./chunk-YJYUJSWK.js";
12
12
  import "./chunk-BDGTZRZ6.js";
13
13
  import "./chunk-WZJR6SOI.js";
14
14
  import "./chunk-QCLOIUMX.js";
@@ -1,8 +1,8 @@
1
1
  import {
2
2
  TemplateEngine
3
- } from "./chunk-UWVMJEUJ.js";
4
- import "./chunk-MMLQPHZ5.js";
5
- import "./chunk-6YFHUIGT.js";
3
+ } from "./chunk-IGWJRAJT.js";
4
+ import "./chunk-UACYZCW4.js";
5
+ import "./chunk-YJYUJSWK.js";
6
6
  import "./chunk-BDGTZRZ6.js";
7
7
  import "./chunk-WZJR6SOI.js";
8
8
  import "./chunk-QCLOIUMX.js";
@@ -1,11 +1,14 @@
1
1
  import {
2
2
  detectEntropyDefinition,
3
3
  handleDetectEntropy
4
- } from "./chunk-SDMV4QHM.js";
4
+ } from "./chunk-Y33P35U3.js";
5
5
  import "./chunk-RC3OI5NK.js";
6
6
  import "./chunk-W6Y7ZW3Y.js";
7
- import "./chunk-MMLQPHZ5.js";
8
- import "./chunk-6YFHUIGT.js";
7
+ import "./chunk-Y5HPJMTM.js";
8
+ import "./chunk-ZCZD7FHU.js";
9
+ import "./chunk-3WGJMBKH.js";
10
+ import "./chunk-UACYZCW4.js";
11
+ import "./chunk-YJYUJSWK.js";
9
12
  import "./chunk-BDGTZRZ6.js";
10
13
  import "./chunk-WZJR6SOI.js";
11
14
  import "./chunk-QCLOIUMX.js";
@@ -5,7 +5,7 @@ import {
5
5
  handleCreateSelfReview,
6
6
  handleRequestPeerReview,
7
7
  requestPeerReviewDefinition
8
- } from "./chunk-OQ6KOQEV.js";
8
+ } from "./chunk-DGVT4DBI.js";
9
9
  import "./chunk-RC3OI5NK.js";
10
10
  import "./chunk-W6Y7ZW3Y.js";
11
11
  import "./chunk-KFQGP6VL.js";
@@ -1,14 +1,14 @@
1
1
  import {
2
2
  createGenerateAgentDefinitionsCommand,
3
3
  generateAgentDefinitions
4
- } from "./chunk-E5EW5HVJ.js";
4
+ } from "./chunk-XZNCONFG.js";
5
5
  import "./chunk-KET4QQZB.js";
6
- import "./chunk-5RSXUAMN.js";
6
+ import "./chunk-NCMJXBEO.js";
7
7
  import "./chunk-3ISINLYT.js";
8
8
  import "./chunk-UTJJJDNN.js";
9
9
  import "./chunk-3WGJMBKH.js";
10
- import "./chunk-MMLQPHZ5.js";
11
- import "./chunk-6YFHUIGT.js";
10
+ import "./chunk-UACYZCW4.js";
11
+ import "./chunk-YJYUJSWK.js";
12
12
  import "./chunk-BDGTZRZ6.js";
13
13
  import "./chunk-WZJR6SOI.js";
14
14
  import "./chunk-QCLOIUMX.js";
@@ -1,17 +1,23 @@
1
1
  #!/usr/bin/env node
2
- /* global console */
3
2
  // sentinel-pre.js — PreToolUse:* hook
4
- // Sentinel prompt injection defense scans tool inputs for injection patterns
5
- // and blocks destructive operations during tainted sessions.
3
+ // Sentinel ENFORCEMENT: blocks destructive operations during an already-tainted
4
+ // session. Taint is set exclusively by sentinel-post from untrusted tool OUTPUT
5
+ // (the actual prompt-injection vector). This hook performs NO injection detection
6
+ // on tool INPUTS — an agent's own tool inputs are its intent, not untrusted content,
7
+ // and scanning them here falsely tainted legitimate work (e.g. an agent running
8
+ // `git commit --no-verify`, or inputs containing base64/git-SHA tokens), then blocked
9
+ // the agent's own `git push`. Detection lives in sentinel-post; pre only enforces.
6
10
  // Exit codes: 0 = allow, 2 = block
11
+ //
12
+ // Design contract: see packages/cli/src/hooks/profiles.ts — "sentinel-pre (exit-2
13
+ // blocks a destructive op in an already-tainted session) and sentinel-post
14
+ // (detection only)".
7
15
 
8
- import { readFileSync, writeFileSync, mkdirSync, unlinkSync, realpathSync } from 'node:fs';
9
- import { resolve, dirname } from 'node:path';
16
+ import { readFileSync, unlinkSync, realpathSync } from 'node:fs';
17
+ import { resolve } from 'node:path';
10
18
  import process from 'node:process';
11
19
 
12
20
  // Destructive tool patterns blocked during taint.
13
- // These are intentionally inline — this check runs before the @harness-engineering/core
14
- // import attempt to ensure enforcement even when core is unavailable.
15
21
  // Keep in sync with DESTRUCTIVE_BASH exported from @harness-engineering/core injection-patterns.ts.
16
22
  const DESTRUCTIVE_BASH = [
17
23
  /\bgit\s+push\b/,
@@ -33,73 +39,6 @@ function isOutsideWorkspace(filePath, workspaceRoot) {
33
39
  return !realResolved.startsWith(workspaceRoot);
34
40
  }
35
41
 
36
- // Minimal inline patterns for when @harness-engineering/core isn't available.
37
- // Keep in sync with @harness-engineering/core injection-patterns.ts ALL_PATTERNS.
38
- // Covers all HIGH-severity patterns and key MEDIUM patterns for degraded-mode safety.
39
- function inlineScan(text) {
40
- console.error('[sentinel] Running in degraded mode: core import failed, using inline patterns');
41
- const findings = [];
42
- const lines = text.split('\n');
43
- for (let i = 0; i < lines.length; i++) {
44
- const line = lines[i];
45
- // HIGH: INJ-UNI-001 — Zero-width characters
46
- // eslint-disable-next-line no-misleading-character-class -- intentional: detects zero-width chars for security
47
- if (/[\u200B\u200C\u200D\uFEFF\u2060]/.test(line)) {
48
- findings.push({ severity: 'high', ruleId: 'INJ-UNI-001', match: line.trim(), line: i + 1 });
49
- }
50
- // HIGH: INJ-UNI-002 — RTL/LTR override characters
51
- if (/[\u202A-\u202E\u2066-\u2069]/.test(line)) {
52
- findings.push({ severity: 'high', ruleId: 'INJ-UNI-002', match: line.trim(), line: i + 1 });
53
- }
54
- // HIGH: INJ-REROL-001 — Ignore previous instructions
55
- if (/(?:ignore|disregard|forget)\s+(?:all\s+)?(?:previous|prior|above|earlier)\s+(?:instructions?|prompts?|context|rules?|guidelines?)/i.test(line)) {
56
- findings.push({ severity: 'high', ruleId: 'INJ-REROL-001', match: line.trim(), line: i + 1 });
57
- }
58
- // HIGH: INJ-REROL-002 — Role reassignment
59
- if (/you\s+are\s+now\s+(?:a\s+|an\s+)?(?:new\s+)?(?:helpful\s+)?(?:my\s+)?(?:\w+\s+)?(?:assistant|agent|AI|bot|chatbot|system|persona)\b/i.test(line)) {
60
- findings.push({ severity: 'high', ruleId: 'INJ-REROL-002', match: line.trim(), line: i + 1 });
61
- }
62
- // HIGH: INJ-REROL-003 — Direct instruction override
63
- if (/(?:new\s+)?(?:system\s+)?(?:instruction|directive|role|persona)\s*[:=]\s*/i.test(line)) {
64
- findings.push({ severity: 'high', ruleId: 'INJ-REROL-003', match: line.trim(), line: i + 1 });
65
- }
66
- // HIGH: INJ-PERM-001 — Enable all tools/permissions
67
- if (/(?:allow|enable|grant)\s+all\s+(?:tools?|permissions?|access)/i.test(line)) {
68
- findings.push({ severity: 'high', ruleId: 'INJ-PERM-001', match: line.trim(), line: i + 1 });
69
- }
70
- // HIGH: INJ-PERM-002 — Disable safety/security
71
- if (/(?:disable|turn\s+off|remove|bypass)\s+(?:all\s+)?(?:safety|security|restrictions?|guardrails?|protections?|checks?)/i.test(line)) {
72
- findings.push({ severity: 'high', ruleId: 'INJ-PERM-002', match: line.trim(), line: i + 1 });
73
- }
74
- // HIGH: INJ-PERM-003 — Auto-approve directive
75
- if (/(?:auto[- ]?approve|--no-verify|--dangerously-skip-permissions)/i.test(line)) {
76
- findings.push({ severity: 'high', ruleId: 'INJ-PERM-003', match: line.trim(), line: i + 1 });
77
- }
78
- // HIGH: INJ-ENC-001 — Suspicious base64 (skip lines that look like file paths or CLI commands)
79
- if (!/^[\s]*(?:cd |git |node |pnpm |npm |\/|packages\/|agents\/|src\/)/.test(line) &&
80
- /(?<!Bearer\s)(?<![:])(?<![A-Za-z0-9/])(?!eyJ)(?:[A-Za-z0-9+/]{4}){7,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?(?![A-Za-z0-9/])/.test(line)) {
81
- findings.push({ severity: 'high', ruleId: 'INJ-ENC-001', match: line.trim(), line: i + 1 });
82
- }
83
- // MEDIUM: INJ-CTX-001 — System prompt claims
84
- if (/(?:the\s+)?(?:system\s+prompt|system\s+message|hidden\s+instructions?)\s+(?:says?|tells?|instructs?|contains?|is)/i.test(line)) {
85
- findings.push({ severity: 'medium', ruleId: 'INJ-CTX-001', match: line.trim(), line: i + 1 });
86
- }
87
- }
88
- return findings;
89
- }
90
-
91
- function extractText(toolName, toolInput) {
92
- if (toolName === 'Bash') return toolInput?.command ?? '';
93
- if (toolName === 'Write') return toolInput?.content ?? '';
94
- if (toolName === 'Edit') return `${toolInput?.old_string ?? ''}\n${toolInput?.new_string ?? ''}`;
95
- if (toolName === 'Read') return toolInput?.file_path ?? '';
96
- const parts = [];
97
- for (const value of Object.values(toolInput || {})) {
98
- if (typeof value === 'string') parts.push(value);
99
- }
100
- return parts.join('\n') || null;
101
- }
102
-
103
42
  async function main() {
104
43
  let raw = '';
105
44
  try {
@@ -125,7 +64,8 @@ async function main() {
125
64
  const sessionId = input?.session_id;
126
65
  const workspaceRoot = process.cwd();
127
66
 
128
- // Step 1: Check taint state — block destructive ops if tainted
67
+ // Check taint state — block destructive ops if the session is already tainted.
68
+ // Taint is written only by sentinel-post (from untrusted tool OUTPUT).
129
69
  let tainted = false;
130
70
  try {
131
71
  const taintPath = resolve(
@@ -173,69 +113,6 @@ async function main() {
173
113
  }
174
114
  }
175
115
 
176
- // Step 2: Scan tool inputs for injection patterns
177
- const textToScan = extractText(toolName, toolInput);
178
- if (textToScan) {
179
- let findings;
180
- try {
181
- const core = await import('@harness-engineering/core');
182
- findings = core.scanForInjection(textToScan);
183
- } catch {
184
- findings = inlineScan(textToScan);
185
- }
186
-
187
- const actionable = findings.filter((f) => f.severity === 'high' || f.severity === 'medium');
188
-
189
- if (actionable.length > 0) {
190
- try {
191
- const core = await import('@harness-engineering/core');
192
- core.writeTaint(
193
- workspaceRoot,
194
- sessionId,
195
- `Injection pattern detected in PreToolUse:${toolName} input`,
196
- actionable,
197
- `PreToolUse:${toolName}`
198
- );
199
- } catch {
200
- // Fallback inline taint writer — merges with existing taint state
201
- try {
202
- const id = sessionId || 'default';
203
- const taintPath = resolve(workspaceRoot, '.harness', `session-taint-${id}.json`);
204
- mkdirSync(dirname(taintPath), { recursive: true });
205
- const now = new Date().toISOString();
206
- const maxSev = actionable.some((f) => f.severity === 'high') ? 'high' : 'medium';
207
- const newFindings = actionable.map((f) => ({
208
- ruleId: f.ruleId, severity: f.severity, match: f.match,
209
- source: `PreToolUse:${toolName}`, detectedAt: now,
210
- }));
211
- // Read and merge existing taint state to preserve earlier taintedAt and findings
212
- let existing = null;
213
- try { existing = JSON.parse(readFileSync(taintPath, 'utf-8')); } catch { /* no existing */ }
214
- const state = {
215
- sessionId: id,
216
- taintedAt: existing?.taintedAt ?? now,
217
- expiresAt: new Date(Date.now() + 30 * 60 * 1000).toISOString(),
218
- reason: existing?.reason ?? `Injection pattern detected in PreToolUse:${toolName} input`,
219
- severity: maxSev,
220
- findings: [...(existing?.findings ?? []), ...newFindings],
221
- };
222
- writeFileSync(taintPath, JSON.stringify(state, null, 2) + '\n');
223
- } catch { /* best-effort */ }
224
- }
225
-
226
- for (const f of actionable) {
227
- process.stderr.write(
228
- `Sentinel [${f.severity}] ${f.ruleId}: detected in ${toolName} input\n`
229
- );
230
- }
231
- }
232
-
233
- const low = findings.filter((f) => f.severity === 'low');
234
- for (const f of low) {
235
- process.stderr.write(`Sentinel [low] ${f.ruleId}: ${f.match.slice(0, 80)}\n`);
236
- }
237
- }
238
-
239
116
  process.exit(0);
240
117
  } catch {
241
118
  process.exit(0);
package/dist/index.d.ts CHANGED
@@ -704,14 +704,59 @@ declare const HarnessConfigSchema: z.ZodObject<{
704
704
  excludePatterns: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
705
705
  /** Whether to automatically attempt to fix simple entropy issues */
706
706
  autoFix: z.ZodDefault<z.ZodBoolean>;
707
+ /** Documentation-drift detection tuning (scope/disable individual checks) */
708
+ drift: z.ZodOptional<z.ZodObject<{
709
+ /** Glob patterns for docs to scan for drift (default: docs/**, README) */
710
+ docPaths: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
711
+ /** Flag doc references to code symbols that no longer exist (default: true) */
712
+ checkApiSignatures: z.ZodOptional<z.ZodBoolean>;
713
+ /** Check fenced code examples against the codebase (default: true) */
714
+ checkExamples: z.ZodOptional<z.ZodBoolean>;
715
+ /** Check documented structure against the filesystem (default: true) */
716
+ checkStructure: z.ZodOptional<z.ZodBoolean>;
717
+ /** Regexes matched against a reference to exclude it from drift reporting */
718
+ ignorePatterns: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
719
+ /** Doc-path prefixes whose symbols describe intended future code (ADRs, proposals) */
720
+ forwardLookingPaths: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
721
+ }, "strip", z.ZodTypeAny, {
722
+ docPaths?: string[] | undefined;
723
+ checkApiSignatures?: boolean | undefined;
724
+ checkExamples?: boolean | undefined;
725
+ checkStructure?: boolean | undefined;
726
+ ignorePatterns?: string[] | undefined;
727
+ forwardLookingPaths?: string[] | undefined;
728
+ }, {
729
+ docPaths?: string[] | undefined;
730
+ checkApiSignatures?: boolean | undefined;
731
+ checkExamples?: boolean | undefined;
732
+ checkStructure?: boolean | undefined;
733
+ ignorePatterns?: string[] | undefined;
734
+ forwardLookingPaths?: string[] | undefined;
735
+ }>>;
707
736
  }, "strip", z.ZodTypeAny, {
708
737
  excludePatterns: string[];
709
738
  autoFix: boolean;
710
739
  entryPoints?: string[] | undefined;
740
+ drift?: {
741
+ docPaths?: string[] | undefined;
742
+ checkApiSignatures?: boolean | undefined;
743
+ checkExamples?: boolean | undefined;
744
+ checkStructure?: boolean | undefined;
745
+ ignorePatterns?: string[] | undefined;
746
+ forwardLookingPaths?: string[] | undefined;
747
+ } | undefined;
711
748
  }, {
712
749
  excludePatterns?: string[] | undefined;
713
750
  entryPoints?: string[] | undefined;
714
751
  autoFix?: boolean | undefined;
752
+ drift?: {
753
+ docPaths?: string[] | undefined;
754
+ checkApiSignatures?: boolean | undefined;
755
+ checkExamples?: boolean | undefined;
756
+ checkStructure?: boolean | undefined;
757
+ ignorePatterns?: string[] | undefined;
758
+ forwardLookingPaths?: string[] | undefined;
759
+ } | undefined;
715
760
  }>>;
716
761
  /** Security scanning configuration */
717
762
  security: z.ZodOptional<z.ZodObject<{
@@ -2100,6 +2145,14 @@ declare const HarnessConfigSchema: z.ZodObject<{
2100
2145
  excludePatterns: string[];
2101
2146
  autoFix: boolean;
2102
2147
  entryPoints?: string[] | undefined;
2148
+ drift?: {
2149
+ docPaths?: string[] | undefined;
2150
+ checkApiSignatures?: boolean | undefined;
2151
+ checkExamples?: boolean | undefined;
2152
+ checkStructure?: boolean | undefined;
2153
+ ignorePatterns?: string[] | undefined;
2154
+ forwardLookingPaths?: string[] | undefined;
2155
+ } | undefined;
2103
2156
  } | undefined;
2104
2157
  security?: z.objectOutputType<{
2105
2158
  /** Whether security scanning is enabled */
@@ -2418,6 +2471,14 @@ declare const HarnessConfigSchema: z.ZodObject<{
2418
2471
  excludePatterns?: string[] | undefined;
2419
2472
  entryPoints?: string[] | undefined;
2420
2473
  autoFix?: boolean | undefined;
2474
+ drift?: {
2475
+ docPaths?: string[] | undefined;
2476
+ checkApiSignatures?: boolean | undefined;
2477
+ checkExamples?: boolean | undefined;
2478
+ checkStructure?: boolean | undefined;
2479
+ ignorePatterns?: string[] | undefined;
2480
+ forwardLookingPaths?: string[] | undefined;
2481
+ } | undefined;
2421
2482
  } | undefined;
2422
2483
  security?: z.objectInputType<{
2423
2484
  /** Whether security scanning is enabled */
package/dist/index.js CHANGED
@@ -12,20 +12,20 @@ import {
12
12
  runSnapshotCapture,
13
13
  runUninstall,
14
14
  runUninstallConstraints
15
- } from "./chunk-GHBFNLV2.js";
15
+ } from "./chunk-ABRYIEWJ.js";
16
16
  import {
17
17
  generateRuntime
18
- } from "./chunk-YANR2RL7.js";
18
+ } from "./chunk-N4AI2WFH.js";
19
19
  import {
20
20
  generateAgentsMd
21
- } from "./chunk-T746REAE.js";
21
+ } from "./chunk-VG4G3R2V.js";
22
22
  import {
23
23
  generateCIWorkflow
24
- } from "./chunk-AX5KGRM6.js";
25
- import "./chunk-AAUY53CC.js";
24
+ } from "./chunk-P4NA5OQX.js";
25
+ import "./chunk-YWRPQZL7.js";
26
26
  import {
27
27
  runCrossCheck
28
- } from "./chunk-4VXFZSYF.js";
28
+ } from "./chunk-GSYBGOY3.js";
29
29
  import {
30
30
  AGENT_DESCRIPTIONS,
31
31
  DEFAULT_TOOLS,
@@ -34,14 +34,14 @@ import {
34
34
  generateAgentDefinitions,
35
35
  renderClaudeCodeAgent,
36
36
  renderGeminiAgent
37
- } from "./chunk-E5EW5HVJ.js";
37
+ } from "./chunk-XZNCONFG.js";
38
38
  import "./chunk-KET4QQZB.js";
39
39
  import {
40
40
  runScan
41
41
  } from "./chunk-YYFSFSB3.js";
42
42
  import {
43
43
  TemplateEngine
44
- } from "./chunk-UWVMJEUJ.js";
44
+ } from "./chunk-IGWJRAJT.js";
45
45
  import "./chunk-CQ553GZO.js";
46
46
  import {
47
47
  generateSkillFiles
@@ -49,7 +49,7 @@ import {
49
49
  import {
50
50
  listPersonas,
51
51
  loadPersona
52
- } from "./chunk-5RSXUAMN.js";
52
+ } from "./chunk-NCMJXBEO.js";
53
53
  import {
54
54
  detectTrigger,
55
55
  runPersona
@@ -64,27 +64,27 @@ import {
64
64
  OutputFormatter,
65
65
  OutputMode,
66
66
  runCheckPhaseGate
67
- } from "./chunk-7TIJXWG3.js";
67
+ } from "./chunk-XW5XVVMI.js";
68
68
  import {
69
69
  createHarnessServer,
70
70
  generateSlashCommands,
71
71
  getToolDefinitions,
72
72
  startServer
73
- } from "./chunk-RG3TNIUB.js";
74
- import "./chunk-OQ6KOQEV.js";
75
- import "./chunk-M7F2PPN3.js";
76
- import "./chunk-EYMOPFSD.js";
77
- import "./chunk-6SCYTIF4.js";
78
- import "./chunk-I3CGCZJF.js";
79
- import "./chunk-SDMV4QHM.js";
80
- import "./chunk-7PJCK7UE.js";
73
+ } from "./chunk-Z4XWWNYX.js";
74
+ import "./chunk-DGVT4DBI.js";
75
+ import "./chunk-YXOPQEFZ.js";
76
+ import "./chunk-ZU6T7W3U.js";
77
+ import "./chunk-RZQZXWEL.js";
78
+ import "./chunk-GLHLXTKC.js";
79
+ import "./chunk-Y33P35U3.js";
80
+ import "./chunk-RY2U77OY.js";
81
81
  import "./chunk-IOW3MW2K.js";
82
82
  import "./chunk-3ISINLYT.js";
83
83
  import "./chunk-4U5LDFCY.js";
84
- import "./chunk-36GQREOE.js";
85
- import "./chunk-JPVOI7GP.js";
84
+ import "./chunk-AU4YPEIE.js";
85
+ import "./chunk-4SKWGVYD.js";
86
86
  import "./chunk-RC3OI5NK.js";
87
- import "./chunk-SEA2PFVI.js";
87
+ import "./chunk-OZSKLJQW.js";
88
88
  import "./chunk-W6Y7ZW3Y.js";
89
89
  import "./chunk-WBVCN35T.js";
90
90
  import "./chunk-UTJJJDNN.js";
@@ -94,7 +94,7 @@ import {
94
94
  findConfigFile,
95
95
  loadConfig,
96
96
  resolveConfig
97
- } from "./chunk-XAVMTAUT.js";
97
+ } from "./chunk-Y5HPJMTM.js";
98
98
  import "./chunk-ZCZD7FHU.js";
99
99
  import {
100
100
  logger
@@ -104,9 +104,9 @@ import {
104
104
  ExitCode,
105
105
  handleError
106
106
  } from "./chunk-3WGJMBKH.js";
107
- import "./chunk-MMLQPHZ5.js";
107
+ import "./chunk-UACYZCW4.js";
108
108
  import "./chunk-BM3PWGXQ.js";
109
- import "./chunk-6YFHUIGT.js";
109
+ import "./chunk-YJYUJSWK.js";
110
110
  import "./chunk-BDGTZRZ6.js";
111
111
  import "./chunk-WZJR6SOI.js";
112
112
  import "./chunk-QCLOIUMX.js";
@@ -1,9 +1,9 @@
1
1
  import {
2
2
  listPersonas,
3
3
  loadPersona
4
- } from "./chunk-5RSXUAMN.js";
5
- import "./chunk-MMLQPHZ5.js";
6
- import "./chunk-6YFHUIGT.js";
4
+ } from "./chunk-NCMJXBEO.js";
5
+ import "./chunk-UACYZCW4.js";
6
+ import "./chunk-YJYUJSWK.js";
7
7
  import "./chunk-BDGTZRZ6.js";
8
8
  import "./chunk-WZJR6SOI.js";
9
9
  import "./chunk-QCLOIUMX.js";
@@ -2,36 +2,36 @@ import {
2
2
  createHarnessServer,
3
3
  getToolDefinitions,
4
4
  startServer
5
- } from "./chunk-RG3TNIUB.js";
6
- import "./chunk-OQ6KOQEV.js";
7
- import "./chunk-M7F2PPN3.js";
8
- import "./chunk-EYMOPFSD.js";
9
- import "./chunk-6SCYTIF4.js";
10
- import "./chunk-I3CGCZJF.js";
11
- import "./chunk-SDMV4QHM.js";
12
- import "./chunk-7PJCK7UE.js";
5
+ } from "./chunk-Z4XWWNYX.js";
6
+ import "./chunk-DGVT4DBI.js";
7
+ import "./chunk-YXOPQEFZ.js";
8
+ import "./chunk-ZU6T7W3U.js";
9
+ import "./chunk-RZQZXWEL.js";
10
+ import "./chunk-GLHLXTKC.js";
11
+ import "./chunk-Y33P35U3.js";
12
+ import "./chunk-RY2U77OY.js";
13
13
  import "./chunk-IOW3MW2K.js";
14
14
  import "./chunk-3ISINLYT.js";
15
15
  import "./chunk-4U5LDFCY.js";
16
- import "./chunk-36GQREOE.js";
17
- import "./chunk-JPVOI7GP.js";
16
+ import "./chunk-AU4YPEIE.js";
17
+ import "./chunk-4SKWGVYD.js";
18
18
  import {
19
19
  resultToMcpResponse
20
20
  } from "./chunk-RC3OI5NK.js";
21
21
  import {
22
22
  resolveProjectConfig
23
- } from "./chunk-SEA2PFVI.js";
23
+ } from "./chunk-OZSKLJQW.js";
24
24
  import "./chunk-W6Y7ZW3Y.js";
25
25
  import "./chunk-WBVCN35T.js";
26
26
  import "./chunk-UTJJJDNN.js";
27
27
  import "./chunk-HIK6OEUF.js";
28
28
  import "./chunk-Y6SUQC32.js";
29
- import "./chunk-XAVMTAUT.js";
29
+ import "./chunk-Y5HPJMTM.js";
30
30
  import "./chunk-ZCZD7FHU.js";
31
31
  import "./chunk-EBJQ6N4M.js";
32
32
  import "./chunk-3WGJMBKH.js";
33
- import "./chunk-MMLQPHZ5.js";
34
- import "./chunk-6YFHUIGT.js";
33
+ import "./chunk-UACYZCW4.js";
34
+ import "./chunk-YJYUJSWK.js";
35
35
  import "./chunk-BDGTZRZ6.js";
36
36
  import "./chunk-WZJR6SOI.js";
37
37
  import "./chunk-QCLOIUMX.js";
@@ -7,14 +7,14 @@ import {
7
7
  handleGetPerfBaselines,
8
8
  handleUpdatePerfBaselines,
9
9
  updatePerfBaselinesDefinition
10
- } from "./chunk-7PJCK7UE.js";
10
+ } from "./chunk-RY2U77OY.js";
11
11
  import "./chunk-RC3OI5NK.js";
12
12
  import "./chunk-W6Y7ZW3Y.js";
13
- import "./chunk-XAVMTAUT.js";
13
+ import "./chunk-Y5HPJMTM.js";
14
14
  import "./chunk-ZCZD7FHU.js";
15
15
  import "./chunk-3WGJMBKH.js";
16
- import "./chunk-MMLQPHZ5.js";
17
- import "./chunk-6YFHUIGT.js";
16
+ import "./chunk-UACYZCW4.js";
17
+ import "./chunk-YJYUJSWK.js";
18
18
  import "./chunk-BDGTZRZ6.js";
19
19
  import "./chunk-WZJR6SOI.js";
20
20
  import "./chunk-QCLOIUMX.js";
@@ -1,10 +1,10 @@
1
1
  import {
2
2
  handleRunCodeReview,
3
3
  runCodeReviewDefinition
4
- } from "./chunk-EYMOPFSD.js";
4
+ } from "./chunk-ZU6T7W3U.js";
5
5
  import "./chunk-W6Y7ZW3Y.js";
6
- import "./chunk-MMLQPHZ5.js";
7
- import "./chunk-6YFHUIGT.js";
6
+ import "./chunk-UACYZCW4.js";
7
+ import "./chunk-YJYUJSWK.js";
8
8
  import "./chunk-BDGTZRZ6.js";
9
9
  import "./chunk-WZJR6SOI.js";
10
10
  import "./chunk-QCLOIUMX.js";
@@ -1,9 +1,9 @@
1
1
  import {
2
2
  generateRuntime
3
- } from "./chunk-YANR2RL7.js";
3
+ } from "./chunk-N4AI2WFH.js";
4
4
  import "./chunk-KET4QQZB.js";
5
- import "./chunk-MMLQPHZ5.js";
6
- import "./chunk-6YFHUIGT.js";
5
+ import "./chunk-UACYZCW4.js";
6
+ import "./chunk-YJYUJSWK.js";
7
7
  import "./chunk-BDGTZRZ6.js";
8
8
  import "./chunk-WZJR6SOI.js";
9
9
  import "./chunk-QCLOIUMX.js";
@@ -3,7 +3,7 @@ import {
3
3
  handleGetSecurityTrends,
4
4
  handleRunSecurityScan,
5
5
  runSecurityScanDefinition
6
- } from "./chunk-M7F2PPN3.js";
6
+ } from "./chunk-YXOPQEFZ.js";
7
7
  import "./chunk-W6Y7ZW3Y.js";
8
8
  import "./chunk-KFQGP6VL.js";
9
9
  export {