npm - @harness-engineering/core - Versions diffs - 0.8.0 → 0.9.1 - Mend

@harness-engineering/core 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Result, WorkflowStep, WorkflowStepResult, Workflow, WorkflowResult, SkillLifecycleHooks, SkillContext, SkillResult, TurnContext, CICheckName, CIFailOnSeverity, CICheckReport } from '@harness-engineering/types';
+import { Result, WorkflowStep, WorkflowStepResult, Workflow, WorkflowResult, SkillLifecycleHooks, SkillContext, SkillResult, TurnContext, CICheckName, CIFailOnSeverity, CICheckReport, Roadmap, FeatureStatus } from '@harness-engineering/types';
 export * from '@harness-engineering/types';
 import { z } from 'zod';
@@ -529,6 +529,9 @@ interface EntropyConfig {
         drift?: boolean | Partial<DriftConfig>;
         deadCode?: boolean | Partial<DeadCodeConfig>;
         patterns?: boolean | PatternConfig;
+        complexity?: boolean | Partial<ComplexityConfig>;
+        coupling?: boolean | Partial<CouplingConfig>;
+        sizeBudget?: boolean | Partial<SizeBudgetConfig>;
     };
     include?: string[];
     exclude?: string[];
@@ -684,7 +687,116 @@ interface PatternReport {
     };
     passRate: number;
 }
-type FixType = 'unused-imports' | 'dead-files' | 'trailing-whitespace' | 'broken-links' | 'sort-imports';
+interface ComplexityThresholds {
+    cyclomaticComplexity?: {
+        error?: number;
+        warn?: number;
+    };
+    nestingDepth?: {
+        warn?: number;
+    };
+    functionLength?: {
+        warn?: number;
+    };
+    parameterCount?: {
+        warn?: number;
+    };
+    fileLength?: {
+        info?: number;
+    };
+    hotspotPercentile?: {
+        error?: number;
+    };
+}
+interface ComplexityConfig {
+    enabled?: boolean;
+    thresholds?: ComplexityThresholds;
+}
+interface ComplexityViolation {
+    file: string;
+    function: string;
+    line: number;
+    metric: 'cyclomaticComplexity' | 'nestingDepth' | 'functionLength' | 'parameterCount' | 'fileLength' | 'hotspotScore';
+    value: number;
+    threshold: number;
+    tier: 1 | 2 | 3;
+    severity: 'error' | 'warning' | 'info';
+    message?: string;
+}
+interface ComplexityReport {
+    violations: ComplexityViolation[];
+    stats: {
+        filesAnalyzed: number;
+        functionsAnalyzed: number;
+        violationCount: number;
+        errorCount: number;
+        warningCount: number;
+        infoCount: number;
+    };
+}
+interface CouplingThresholds {
+    fanOut?: {
+        warn?: number;
+    };
+    fanIn?: {
+        info?: number;
+    };
+    couplingRatio?: {
+        warn?: number;
+    };
+    transitiveDependencyDepth?: {
+        info?: number;
+    };
+}
+interface CouplingConfig {
+    enabled?: boolean;
+    thresholds?: CouplingThresholds;
+}
+interface CouplingViolation {
+    file: string;
+    metric: 'fanOut' | 'fanIn' | 'couplingRatio' | 'transitiveDependencyDepth';
+    value: number;
+    threshold: number;
+    tier: 1 | 2 | 3;
+    severity: 'error' | 'warning' | 'info';
+    message?: string;
+}
+interface CouplingReport {
+    violations: CouplingViolation[];
+    stats: {
+        filesAnalyzed: number;
+        violationCount: number;
+        warningCount: number;
+        infoCount: number;
+    };
+}
+interface SizeBudgetConfig {
+    enabled?: boolean;
+    budgets: Record<string, {
+        warn?: string;
+    }>;
+    dependencyWeight?: {
+        info?: string;
+    };
+}
+interface SizeBudgetViolation {
+    package: string;
+    currentSize: number;
+    budgetSize: number;
+    unit: 'bytes';
+    tier: 2 | 3;
+    severity: 'warning' | 'info';
+}
+interface SizeBudgetReport {
+    violations: SizeBudgetViolation[];
+    stats: {
+        packagesChecked: number;
+        violationCount: number;
+        warningCount: number;
+        infoCount: number;
+    };
+}
+type FixType = 'unused-imports' | 'dead-files' | 'dead-exports' | 'commented-code' | 'orphaned-deps' | 'forbidden-import-replacement' | 'import-ordering' | 'trailing-whitespace' | 'broken-links' | 'sort-imports';
 interface FixConfig {
     dryRun: boolean;
     fixTypes: FixType[];
@@ -716,6 +828,24 @@ interface FixResult {
         backupPath?: string;
     };
 }
+type SafetyLevel = 'safe' | 'probably-safe' | 'unsafe';
+interface CleanupFinding {
+    id: string;
+    concern: 'dead-code' | 'architecture';
+    file: string;
+    line?: number;
+    type: string;
+    description: string;
+    safety: SafetyLevel;
+    safetyReason: string;
+    hotspotDowngraded: boolean;
+    fixAction?: string;
+    suggestion: string;
+}
+interface HotspotContext {
+    churnMap: Map<string, number>;
+    topPercentileThreshold: number;
+}
 interface Suggestion {
     type: 'rename' | 'move' | 'merge' | 'split' | 'delete' | 'update-docs' | 'add-export' | 'refactor';
     priority: 'high' | 'medium' | 'low';
@@ -741,7 +871,7 @@ interface SuggestionReport {
     estimatedEffort: 'trivial' | 'small' | 'medium' | 'large';
 }
 interface AnalysisError {
-    analyzer: 'drift' | 'deadCode' | 'patterns';
+    analyzer: 'drift' | 'deadCode' | 'patterns' | 'complexity' | 'coupling' | 'sizeBudget';
     error: EntropyError;
 }
 interface EntropyReport {
@@ -749,6 +879,9 @@ interface EntropyReport {
     drift?: DriftReport;
     deadCode?: DeadCodeReport;
     patterns?: PatternReport;
+    complexity?: ComplexityReport;
+    coupling?: CouplingReport;
+    sizeBudget?: SizeBudgetReport;
     analysisErrors: AnalysisError[];
     summary: {
         totalIssues: number;
@@ -792,6 +925,23 @@ declare class EntropyAnalyzer {
                 path?: string;
             }>;
         };
+        graphComplexityData?: {
+            hotspots: Array<{
+                file: string;
+                function: string;
+                hotspotScore: number;
+            }>;
+            percentile95Score: number;
+        };
+        graphCouplingData?: {
+            files: Array<{
+                file: string;
+                fanIn: number;
+                fanOut: number;
+                couplingRatio: number;
+                transitiveDepth: number;
+            }>;
+        };
     }): Promise<Result<EntropyReport, EntropyError>>;
     /**
      * Get the built snapshot (must call analyze first)
@@ -880,6 +1030,59 @@ declare function detectDeadCode(snapshot: CodebaseSnapshot, graphDeadCodeData?:
  */
 declare function detectPatternViolations(snapshot: CodebaseSnapshot, config?: PatternConfig): Promise<Result<PatternReport, EntropyError>>;
+interface GraphComplexityData {
+    hotspots: Array<{
+        file: string;
+        function: string;
+        hotspotScore: number;
+    }>;
+    percentile95Score: number;
+}
+/**
+ * Detect complexity violations across a codebase snapshot.
+ */
+declare function detectComplexityViolations(snapshot: CodebaseSnapshot, config?: ComplexityConfig, graphData?: GraphComplexityData): Promise<Result<ComplexityReport, EntropyError>>;
+interface GraphCouplingData {
+    files: Array<{
+        file: string;
+        fanIn: number;
+        fanOut: number;
+        couplingRatio: number;
+        transitiveDepth: number;
+    }>;
+}
+declare function detectCouplingViolations(snapshot: CodebaseSnapshot, config?: Partial<CouplingConfig>, graphData?: GraphCouplingData): Promise<Result<CouplingReport, EntropyError>>;
+/**
+ * Parse a human-readable size string into bytes.
+ * Supports: "100KB", "1MB", "500", "1GB".
+ */
+declare function parseSize(size: string): number;
+/**
+ * Detect size budget violations for configured packages.
+ */
+declare function detectSizeBudgetViolations(rootDir: string, config?: Partial<SizeBudgetConfig>): Promise<Result<SizeBudgetReport, EntropyError>>;
+interface CommentedCodeBlock {
+    file: string;
+    startLine: number;
+    endLine: number;
+    content: string;
+}
+/**
+ * Create fixes for commented-out code blocks
+ */
+declare function createCommentedCodeFixes(blocks: CommentedCodeBlock[]): Fix[];
+interface OrphanedDep {
+    name: string;
+    packageJsonPath: string;
+    depType: 'dependencies' | 'devDependencies';
+}
+/**
+ * Create fixes for orphaned npm dependencies
+ */
+declare function createOrphanedDepFixes(deps: OrphanedDep[]): Fix[];
 /**
  * Create fixes from dead code report
  */
@@ -898,6 +1101,39 @@ declare function applyFixes(fixes: Fix[], config?: Partial<FixConfig>): Promise<
  */
 declare function generateSuggestions(deadCode?: DeadCodeReport, drift?: DriftReport, patterns?: PatternReport): SuggestionReport;
+interface ForbiddenImportViolation {
+    file: string;
+    line: number;
+    forbiddenImport: string;
+    alternative?: string;
+}
+/**
+ * Create fixes for forbidden imports that have a configured alternative
+ */
+declare function createForbiddenImportFixes(violations: ForbiddenImportViolation[]): Fix[];
+interface FindingInput {
+    concern: 'dead-code' | 'architecture';
+    file: string;
+    line?: number;
+    type: string;
+    description: string;
+    isPublicApi?: boolean;
+    hasAlternative?: boolean;
+}
+/**
+ * Classify a raw finding into a CleanupFinding with safety level
+ */
+declare function classifyFinding(input: FindingInput): CleanupFinding;
+/**
+ * Downgrade safety for findings in high-churn files
+ */
+declare function applyHotspotDowngrade(finding: CleanupFinding, hotspot: HotspotContext): CleanupFinding;
+/**
+ * Deduplicate cross-concern findings (e.g., dead import + forbidden import on same line)
+ */
+declare function deduplicateCleanupFindings(findings: CleanupFinding[]): CleanupFinding[];
 declare const PatternConfigSchema: z.ZodObject<{
     patterns: z.ZodArray<z.ZodObject<{
         name: z.ZodString;
@@ -1693,6 +1929,136 @@ declare const EntropyConfigSchema: z.ZodObject<{
  */
 declare function validatePatternConfig(config: unknown): Result<PatternConfig, EntropyError>;
+interface BenchmarkResult {
+    name: string;
+    file: string;
+    opsPerSec: number;
+    meanMs: number;
+    p99Ms: number;
+    marginOfError: number;
+}
+interface Baseline {
+    opsPerSec: number;
+    meanMs: number;
+    p99Ms: number;
+    marginOfError: number;
+}
+interface BaselinesFile {
+    version: 1;
+    updatedAt: string;
+    updatedFrom: string;
+    benchmarks: Record<string, Baseline>;
+}
+interface RegressionResult {
+    benchmark: string;
+    current: BenchmarkResult;
+    baseline: Baseline;
+    regressionPct: number;
+    isCriticalPath: boolean;
+    tier: 1 | 2 | 3;
+    severity: 'error' | 'warning' | 'info';
+    withinNoise: boolean;
+}
+interface RegressionReport {
+    regressions: RegressionResult[];
+    improvements: Array<{
+        benchmark: string;
+        improvementPct: number;
+    }>;
+    stats: {
+        benchmarksCompared: number;
+        regressionCount: number;
+        improvementCount: number;
+        newBenchmarks: number;
+    };
+}
+interface CriticalPathEntry {
+    file: string;
+    function: string;
+    source: 'annotation' | 'graph-inferred';
+    fanIn?: number;
+}
+interface CriticalPathSet {
+    entries: CriticalPathEntry[];
+    stats: {
+        annotated: number;
+        graphInferred: number;
+        total: number;
+    };
+}
+/**
+ * Manages performance baselines stored on disk.
+ *
+ * Baselines are stored at `.harness/perf/baselines.json` relative to the project root.
+ * Each benchmark is keyed by `${file}::${name}`.
+ */
+declare class BaselineManager {
+    private readonly baselinesPath;
+    constructor(projectRoot: string);
+    /**
+     * Load the baselines file from disk.
+     * Returns null if the file does not exist or contains invalid JSON.
+     */
+    load(): BaselinesFile | null;
+    /**
+     * Save benchmark results to disk, merging with any existing baselines.
+     * Each result is keyed by `${file}::${name}`.
+     */
+    save(results: BenchmarkResult[], commitHash: string): void;
+    /**
+     * Remove baselines whose file prefix does not match any of the given bench files.
+     * This cleans up entries for deleted benchmark files.
+     */
+    prune(existingBenchFiles: string[]): void;
+}
+interface BenchmarkRunOptions {
+    glob?: string;
+    cwd?: string;
+    timeout?: number;
+}
+declare class BenchmarkRunner {
+    /**
+     * Discover .bench.ts files matching the glob pattern.
+     */
+    discover(cwd: string, glob?: string): string[];
+    /**
+     * Run benchmarks via vitest bench and capture results.
+     * Returns parsed BenchmarkResult[] from vitest bench JSON output.
+     */
+    run(options?: BenchmarkRunOptions): Promise<{
+        results: BenchmarkResult[];
+        rawOutput: string;
+        success: boolean;
+    }>;
+    /**
+     * Parse vitest bench JSON reporter output into BenchmarkResult[].
+     * Vitest bench JSON output contains testResults with benchmark data.
+     */
+    parseVitestBenchOutput(output: string): BenchmarkResult[];
+}
+declare class RegressionDetector {
+    detect(results: BenchmarkResult[], baselines: Record<string, Baseline>, criticalPaths: CriticalPathSet): RegressionReport;
+}
+interface GraphCriticalPathData {
+    highFanInFunctions: Array<{
+        file: string;
+        function: string;
+        fanIn: number;
+    }>;
+}
+declare class CriticalPathResolver {
+    private readonly projectRoot;
+    constructor(projectRoot: string);
+    resolve(graphData?: GraphCriticalPathData): Promise<CriticalPathSet>;
+    private scanAnnotations;
+    private walkDir;
+    private scanFile;
+}
 interface FeedbackError extends BaseError {
     code: 'AGENT_SPAWN_ERROR' | 'AGENT_TIMEOUT' | 'TELEMETRY_ERROR' | 'TELEMETRY_UNAVAILABLE' | 'REVIEW_ERROR' | 'DIFF_PARSE_ERROR' | 'SINK_ERROR';
     details: {
@@ -2317,22 +2683,107 @@ declare const HarnessStateSchema: z.ZodObject<{
 type HarnessState = z.infer<typeof HarnessStateSchema>;
 declare const DEFAULT_STATE: HarnessState;
-declare function loadState(projectPath: string): Promise<Result<HarnessState, Error>>;
-declare function saveState(projectPath: string, state: HarnessState): Promise<Result<void, Error>>;
-declare function appendLearning(projectPath: string, learning: string, skillName?: string, outcome?: string): Promise<Result<void, Error>>;
-declare function loadRelevantLearnings(projectPath: string, skillName?: string): Promise<Result<string[], Error>>;
-declare function appendFailure(projectPath: string, description: string, skillName: string, type: string): Promise<Result<void, Error>>;
-declare function loadFailures(projectPath: string): Promise<Result<Array<{
+declare function loadState(projectPath: string, stream?: string): Promise<Result<HarnessState, Error>>;
+declare function saveState(projectPath: string, state: HarnessState, stream?: string): Promise<Result<void, Error>>;
+declare function appendLearning(projectPath: string, learning: string, skillName?: string, outcome?: string, stream?: string): Promise<Result<void, Error>>;
+declare function loadRelevantLearnings(projectPath: string, skillName?: string, stream?: string): Promise<Result<string[], Error>>;
+declare function appendFailure(projectPath: string, description: string, skillName: string, type: string, stream?: string): Promise<Result<void, Error>>;
+declare function loadFailures(projectPath: string, stream?: string): Promise<Result<Array<{
     date: string;
     skill: string;
     type: string;
     description: string;
 }>, Error>>;
-declare function archiveFailures(projectPath: string): Promise<Result<void, Error>>;
-declare function saveHandoff(projectPath: string, handoff: Handoff): Promise<Result<void, Error>>;
-declare function loadHandoff(projectPath: string): Promise<Result<Handoff | null, Error>>;
+declare function archiveFailures(projectPath: string, stream?: string): Promise<Result<void, Error>>;
+declare function saveHandoff(projectPath: string, handoff: Handoff, stream?: string): Promise<Result<void, Error>>;
+declare function loadHandoff(projectPath: string, stream?: string): Promise<Result<Handoff | null, Error>>;
 declare function runMechanicalGate(projectPath: string): Promise<Result<GateResult, Error>>;
+declare const StreamInfoSchema: z.ZodObject<{
+    name: z.ZodString;
+    branch: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodString;
+    lastActiveAt: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    createdAt: string;
+    lastActiveAt: string;
+    branch?: string | undefined;
+}, {
+    name: string;
+    createdAt: string;
+    lastActiveAt: string;
+    branch?: string | undefined;
+}>;
+type StreamInfo = z.infer<typeof StreamInfoSchema>;
+declare const StreamIndexSchema: z.ZodObject<{
+    schemaVersion: z.ZodLiteral<1>;
+    activeStream: z.ZodNullable<z.ZodString>;
+    streams: z.ZodRecord<z.ZodString, z.ZodObject<{
+        name: z.ZodString;
+        branch: z.ZodOptional<z.ZodString>;
+        createdAt: z.ZodString;
+        lastActiveAt: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        createdAt: string;
+        lastActiveAt: string;
+        branch?: string | undefined;
+    }, {
+        name: string;
+        createdAt: string;
+        lastActiveAt: string;
+        branch?: string | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    schemaVersion: 1;
+    activeStream: string | null;
+    streams: Record<string, {
+        name: string;
+        createdAt: string;
+        lastActiveAt: string;
+        branch?: string | undefined;
+    }>;
+}, {
+    schemaVersion: 1;
+    activeStream: string | null;
+    streams: Record<string, {
+        name: string;
+        createdAt: string;
+        lastActiveAt: string;
+        branch?: string | undefined;
+    }>;
+}>;
+type StreamIndex = z.infer<typeof StreamIndexSchema>;
+declare const DEFAULT_STREAM_INDEX: StreamIndex;
+declare function loadStreamIndex(projectPath: string): Promise<Result<StreamIndex, Error>>;
+declare function saveStreamIndex(projectPath: string, index: StreamIndex): Promise<Result<void, Error>>;
+/**
+ * Resolves a stream path without side effects.
+ *
+ * Does NOT update lastActiveAt or activeStream in the index.
+ * Callers that need to mark a stream as active should call `touchStream()` separately.
+ */
+declare function resolveStreamPath(projectPath: string, options?: {
+    stream?: string;
+}): Promise<Result<string, Error>>;
+/**
+ * Updates lastActiveAt and activeStream for the given stream.
+ * Call this once per session start, not on every state operation.
+ */
+declare function touchStream(projectPath: string, name: string): Promise<Result<void, Error>>;
+declare function createStream(projectPath: string, name: string, branch?: string): Promise<Result<string, Error>>;
+declare function listStreams(projectPath: string): Promise<Result<StreamInfo[], Error>>;
+declare function setActiveStream(projectPath: string, name: string): Promise<Result<void, Error>>;
+/**
+ * Archives a stream by moving its entire directory (including any failure archives
+ * within it) to `.harness/archive/streams/<name>-<date>`.
+ */
+declare function archiveStream(projectPath: string, name: string): Promise<Result<void, Error>>;
+declare function getStreamForBranch(index: StreamIndex, branch: string): string | null;
+declare function migrateToStreams(projectPath: string): Promise<Result<void, Error>>;
 type StepExecutor = (step: WorkflowStep, previousArtifact?: string) => Promise<WorkflowStepResult>;
 declare function executeWorkflow(workflow: Workflow, executor: StepExecutor): Promise<WorkflowResult>;
@@ -2356,6 +2807,179 @@ type TurnExecutor = (context: TurnContext) => Promise<{
 declare function runPipeline(initialContext: SkillContext, executor: SkillExecutor, options?: PipelineOptions): Promise<PipelineResult>;
 declare function runMultiTurnPipeline(initialContext: SkillContext, turnExecutor: TurnExecutor, options?: PipelineOptions): Promise<PipelineResult>;
+type SecurityCategory = 'secrets' | 'injection' | 'xss' | 'crypto' | 'network' | 'deserialization' | 'path-traversal';
+type SecuritySeverity = 'error' | 'warning' | 'info';
+type SecurityConfidence = 'high' | 'medium' | 'low';
+interface SecurityRule {
+    id: string;
+    name: string;
+    category: SecurityCategory;
+    severity: SecuritySeverity;
+    confidence: SecurityConfidence;
+    patterns: RegExp[];
+    fileGlob?: string;
+    stack?: string[];
+    message: string;
+    remediation: string;
+    references?: string[];
+}
+interface SecurityFinding {
+    ruleId: string;
+    ruleName: string;
+    category: SecurityCategory;
+    severity: SecuritySeverity;
+    confidence: SecurityConfidence;
+    file: string;
+    line: number;
+    column?: number;
+    match: string;
+    context: string;
+    message: string;
+    remediation: string;
+    references?: string[];
+}
+interface ScanResult {
+    findings: SecurityFinding[];
+    scannedFiles: number;
+    rulesApplied: number;
+    externalToolsUsed: string[];
+    coverage: 'baseline' | 'enhanced';
+}
+type RuleOverride = 'off' | SecuritySeverity;
+interface SecurityConfig {
+    enabled: boolean;
+    strict: boolean;
+    rules?: Record<string, RuleOverride>;
+    exclude?: string[];
+    external?: {
+        semgrep?: {
+            enabled: 'auto' | boolean;
+            rulesets?: string[];
+        };
+        gitleaks?: {
+            enabled: 'auto' | boolean;
+        };
+    };
+}
+declare const DEFAULT_SECURITY_CONFIG: SecurityConfig;
+declare class SecurityScanner {
+    private registry;
+    private config;
+    private activeRules;
+    constructor(config?: Partial<SecurityConfig>);
+    configureForProject(projectRoot: string): void;
+    scanContent(content: string, filePath: string, startLine?: number): SecurityFinding[];
+    scanFile(filePath: string): Promise<SecurityFinding[]>;
+    scanFiles(filePaths: string[]): Promise<ScanResult>;
+}
+declare const SecurityConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    strict: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodEnum<["off", "error", "warning", "info"]>>>>;
+    exclude: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    external: z.ZodOptional<z.ZodObject<{
+        semgrep: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodUnion<[z.ZodLiteral<"auto">, z.ZodBoolean]>>;
+            rulesets: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        }, "strip", z.ZodTypeAny, {
+            enabled: boolean | "auto";
+            rulesets?: string[] | undefined;
+        }, {
+            enabled?: boolean | "auto" | undefined;
+            rulesets?: string[] | undefined;
+        }>>;
+        gitleaks: z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodUnion<[z.ZodLiteral<"auto">, z.ZodBoolean]>>;
+        }, "strip", z.ZodTypeAny, {
+            enabled: boolean | "auto";
+        }, {
+            enabled?: boolean | "auto" | undefined;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        semgrep?: {
+            enabled: boolean | "auto";
+            rulesets?: string[] | undefined;
+        } | undefined;
+        gitleaks?: {
+            enabled: boolean | "auto";
+        } | undefined;
+    }, {
+        semgrep?: {
+            enabled?: boolean | "auto" | undefined;
+            rulesets?: string[] | undefined;
+        } | undefined;
+        gitleaks?: {
+            enabled?: boolean | "auto" | undefined;
+        } | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    enabled: boolean;
+    strict: boolean;
+    exclude: string[];
+    rules: Record<string, "error" | "warning" | "info" | "off">;
+    external?: {
+        semgrep?: {
+            enabled: boolean | "auto";
+            rulesets?: string[] | undefined;
+        } | undefined;
+        gitleaks?: {
+            enabled: boolean | "auto";
+        } | undefined;
+    } | undefined;
+}, {
+    enabled?: boolean | undefined;
+    strict?: boolean | undefined;
+    exclude?: string[] | undefined;
+    rules?: Record<string, "error" | "warning" | "info" | "off"> | undefined;
+    external?: {
+        semgrep?: {
+            enabled?: boolean | "auto" | undefined;
+            rulesets?: string[] | undefined;
+        } | undefined;
+        gitleaks?: {
+            enabled?: boolean | "auto" | undefined;
+        } | undefined;
+    } | undefined;
+}>;
+declare function parseSecurityConfig(input: unknown): SecurityConfig;
+declare function resolveRuleSeverity(ruleId: string, defaultSeverity: SecuritySeverity, overrides: Record<string, RuleOverride>, strict: boolean): RuleOverride;
+declare class RuleRegistry {
+    private rules;
+    register(rule: SecurityRule): void;
+    registerAll(rules: SecurityRule[]): void;
+    getById(id: string): SecurityRule | undefined;
+    getAll(): SecurityRule[];
+    getByCategory(category: SecurityCategory): SecurityRule[];
+    getForStacks(stacks: string[]): SecurityRule[];
+}
+declare function detectStack(projectRoot: string): string[];
+declare const secretRules: SecurityRule[];
+declare const injectionRules: SecurityRule[];
+declare const xssRules: SecurityRule[];
+declare const cryptoRules: SecurityRule[];
+declare const pathTraversalRules: SecurityRule[];
+declare const networkRules: SecurityRule[];
+declare const deserializationRules: SecurityRule[];
+declare const nodeRules: SecurityRule[];
+declare const expressRules: SecurityRule[];
+declare const reactRules: SecurityRule[];
+declare const goRules: SecurityRule[];
 interface RunCIChecksInput {
     projectRoot: string;
     config: Record<string, unknown>;
@@ -2364,12 +2988,941 @@ interface RunCIChecksInput {
 }
 declare function runCIChecks(input: RunCIChecksInput): Promise<Result<CICheckReport, Error>>;
+/**
+ * An index of mechanical findings, queryable by file + line range.
+ * Used in Phase 5 (VALIDATE) to determine whether an AI-produced finding
+ * overlaps with a mechanical finding and should be excluded.
+ */
+declare class ExclusionSet {
+    /** Findings indexed by file path for O(1) file lookup */
+    private byFile;
+    private allFindings;
+    constructor(findings: MechanicalFinding[]);
+    /**
+     * Returns true if any mechanical finding covers the given file + line range.
+     *
+     * A mechanical finding "covers" a range if:
+     * - The file matches, AND
+     * - The finding has no line (file-level finding — covers everything), OR
+     * - The finding's line falls within [startLine, endLine] inclusive.
+     */
+    isExcluded(file: string, lineRange: [number, number]): boolean;
+    /** Number of findings in the set */
+    get size(): number;
+    /** Returns a copy of all findings */
+    getFindings(): MechanicalFinding[];
+}
+/**
+ * Build an ExclusionSet from mechanical findings.
+ */
+declare function buildExclusionSet(findings: MechanicalFinding[]): ExclusionSet;
+/**
+ * A finding produced by a mechanical check (lint, typecheck, security scan, harness validate/deps/docs).
+ * Used as input to the exclusion set and reported when the pipeline stops due to mechanical failures.
+ */
+interface MechanicalFinding {
+    /** Which mechanical tool produced this finding */
+    tool: 'validate' | 'check-deps' | 'check-docs' | 'security-scan';
+    /** File path (absolute or project-relative) */
+    file: string;
+    /** Line number, if available */
+    line?: number;
+    /** Rule ID from the tool (e.g., security rule ID) */
+    ruleId?: string;
+    /** Human-readable message */
+    message: string;
+    /** Severity level */
+    severity: 'error' | 'warning';
+}
+/**
+ * Result of running all mechanical checks.
+ */
+interface MechanicalCheckResult {
+    /** Overall pass/fail — false if any check produced errors */
+    pass: boolean;
+    /** True if the pipeline should stop (validate or check-deps failed) */
+    stopPipeline: boolean;
+    /** All findings from all mechanical checks */
+    findings: MechanicalFinding[];
+    /** Per-check status for reporting */
+    checks: {
+        validate: MechanicalCheckStatus;
+        checkDeps: MechanicalCheckStatus;
+        checkDocs: MechanicalCheckStatus;
+        securityScan: MechanicalCheckStatus;
+    };
+}
+type MechanicalCheckStatus = 'pass' | 'fail' | 'warn' | 'skip';
+/**
+ * Options for running mechanical checks.
+ */
+interface MechanicalCheckOptions {
+    /** Project root directory */
+    projectRoot: string;
+    /** Config object (from resolveConfig or harness.config.json) */
+    config: Record<string, unknown>;
+    /** Skip specific checks */
+    skip?: Array<'validate' | 'check-deps' | 'check-docs' | 'security-scan'>;
+    /** Only scan these files for security (e.g., changed files from a PR) */
+    changedFiles?: string[];
+}
+/**
+ * Change type detected from commit message prefix or diff heuristic.
+ */
+type ChangeType = 'feature' | 'bugfix' | 'refactor' | 'docs';
+/**
+ * Review domain — each gets its own scoped context bundle.
+ */
+type ReviewDomain = 'compliance' | 'bug' | 'security' | 'architecture';
+/**
+ * A file included in a context bundle with its content.
+ */
+interface ContextFile {
+    /** File path (project-relative) */
+    path: string;
+    /** File content (full or truncated to budget) */
+    content: string;
+    /** Why this file was included */
+    reason: 'changed' | 'import' | 'test' | 'spec' | 'type' | 'convention' | 'graph-dependency' | 'graph-impact';
+    /** Line count of the content */
+    lines: number;
+}
+/**
+ * Commit history entry for a changed file.
+ */
+interface CommitHistoryEntry {
+    /** Short SHA */
+    sha: string;
+    /** One-line commit message */
+    message: string;
+    /** File path this commit touched */
+    file: string;
+}
+/**
+ * Context bundle assembled for a single review domain.
+ * Each Phase 4 subagent receives one of these.
+ */
+interface ContextBundle {
+    /** Which review domain this bundle is for */
+    domain: ReviewDomain;
+    /** Detected change type */
+    changeType: ChangeType;
+    /** Files that were changed in the diff */
+    changedFiles: ContextFile[];
+    /** Additional context files (imports, tests, specs, types, conventions) */
+    contextFiles: ContextFile[];
+    /**
+     * Recent commit history for changed files.
+     * @remarks Empty by default from `scopeContext()`. Callers should populate this
+     * via `git log` commands at the orchestration layer before passing bundles to
+     * Phase 4 subagents. Example: `git log --oneline -5 -- <file>` per changed file.
+     */
+    commitHistory: CommitHistoryEntry[];
+    /** Total lines of diff */
+    diffLines: number;
+    /** Total lines of context gathered */
+    contextLines: number;
+}
+/**
+ * Information about a diff, used as input to context scoping.
+ */
+interface DiffInfo {
+    /** Changed file paths (project-relative) */
+    changedFiles: string[];
+    /** New files (subset of changedFiles) */
+    newFiles: string[];
+    /** Deleted files (subset of changedFiles) */
+    deletedFiles: string[];
+    /** Total lines of diff across all files */
+    totalDiffLines: number;
+    /** Per-file diff content */
+    fileDiffs: Map<string, string>;
+}
+/**
+ * Adapter interface for graph queries.
+ * Callers implement this using @harness-engineering/graph when available.
+ * The context scoper does NOT depend on the graph package directly.
+ */
+interface GraphAdapter {
+    /**
+     * Find direct dependencies of a file (imports, calls).
+     * Returns file paths of dependencies.
+     */
+    getDependencies(filePath: string): Promise<string[]>;
+    /**
+     * Find files impacted by changes to a file (reverse dependencies, tests, docs).
+     * Returns file paths of impacted nodes grouped by category.
+     */
+    getImpact(filePath: string): Promise<{
+        tests: string[];
+        docs: string[];
+        code: string[];
+    }>;
+    /**
+     * Check if a path exists in the dependency graph between two files.
+     * Used for reachability validation in Phase 5 (exported here for shared use).
+     */
+    isReachable(fromFile: string, toFile: string, maxDepth?: number): Promise<boolean>;
+}
+/**
+ * Options for context scoping.
+ */
+interface ContextScopeOptions {
+    /** Project root directory */
+    projectRoot: string;
+    /** Diff information */
+    diff: DiffInfo;
+    /** Most recent commit message (for change-type detection) */
+    commitMessage: string;
+    /** Graph adapter (optional -- falls back to heuristics when absent) */
+    graph?: GraphAdapter;
+    /** Convention files to include for compliance domain */
+    conventionFiles?: string[];
+    /** Output from `harness check-deps` (for architecture fallback) */
+    checkDepsOutput?: string;
+    /** Pre-gathered commit history entries. If provided, included in all bundles. */
+    commitHistory?: CommitHistoryEntry[];
+}
+/**
+ * Model tier — abstract label resolved at runtime from project config.
+ * - fast: haiku-class (gate, context phases)
+ * - standard: sonnet-class (compliance, architecture agents)
+ * - strong: opus-class (bug detection, security agents)
+ */
+type ModelTier = 'fast' | 'standard' | 'strong';
+/**
+ * Severity level for AI-produced review findings.
+ */
+type FindingSeverity = 'critical' | 'important' | 'suggestion';
+/**
+ * A finding produced by a Phase 4 review subagent.
+ * Common schema used across all four agents and in Phases 5-7.
+ */
+interface ReviewFinding {
+    /** Unique identifier for dedup (format: domain-file-line, e.g. "bug-src/auth.ts-42") */
+    id: string;
+    /** File path (project-relative) */
+    file: string;
+    /** Start and end line numbers */
+    lineRange: [number, number];
+    /** Which review domain produced this finding */
+    domain: ReviewDomain;
+    /** Severity level */
+    severity: FindingSeverity;
+    /** One-line summary of the issue */
+    title: string;
+    /** Why this is an issue — the reasoning */
+    rationale: string;
+    /** Suggested fix, if available */
+    suggestion?: string;
+    /** Supporting context/evidence from the agent */
+    evidence: string[];
+    /** How this finding was validated (set in Phase 5; agents set 'heuristic' by default) */
+    validatedBy: 'mechanical' | 'graph' | 'heuristic';
+    /** CWE identifier, e.g. "CWE-89" (security domain only) */
+    cweId?: string;
+    /** OWASP Top 10 category, e.g. "A03:2021 Injection" (security domain only) */
+    owaspCategory?: string;
+    /** Confidence level of the finding (security domain only) */
+    confidence?: 'high' | 'medium' | 'low';
+    /** Specific remediation guidance (security domain only) */
+    remediation?: string;
+    /** Links to CWE/OWASP reference docs (security domain only) */
+    references?: string[];
+}
+/**
+ * Descriptor for a review subagent — metadata about its purpose and model tier.
+ */
+interface ReviewAgentDescriptor {
+    /** Review domain this agent covers */
+    domain: ReviewDomain;
+    /** Model tier annotation (resolved to a concrete model at runtime) */
+    tier: ModelTier;
+    /** Human-readable name for output */
+    displayName: string;
+    /** Focus area descriptions for this agent */
+    focusAreas: string[];
+}
+/**
+ * Result from a single review agent.
+ */
+interface AgentReviewResult {
+    /** Which domain produced these findings */
+    domain: ReviewDomain;
+    /** Findings produced by this agent */
+    findings: ReviewFinding[];
+    /** Time taken in milliseconds */
+    durationMs: number;
+}
+/**
+ * Options for the fan-out orchestrator.
+ */
+interface FanOutOptions {
+    /** Context bundles from Phase 3 (one per domain) */
+    bundles: ContextBundle[];
+}
+/**
+ * Assessment decision — determines exit code and PR review action.
+ */
+type ReviewAssessment = 'approve' | 'comment' | 'request-changes';
+/**
+ * A strength identified during review (positive feedback).
+ */
+interface ReviewStrength {
+    /** File path (project-relative), or null for project-wide strengths */
+    file: string | null;
+    /** One-line description of what's done well */
+    description: string;
+}
+/**
+ * Options for formatting review output.
+ */
+interface ReviewOutputOptions {
+    /** Deduplicated findings from Phase 6 */
+    findings: ReviewFinding[];
+    /** Strengths identified during review */
+    strengths: ReviewStrength[];
+    /** PR number (required for GitHub comments) */
+    prNumber?: number;
+    /** Repository in owner/repo format (required for GitHub comments) */
+    repo?: string;
+}
+/**
+ * A formatted GitHub inline comment ready for posting.
+ */
+interface GitHubInlineComment {
+    /** File path (project-relative) */
+    path: string;
+    /** Line number for the comment */
+    line: number;
+    /** Side of the diff ('RIGHT' for additions) */
+    side: 'RIGHT';
+    /** Comment body (markdown) */
+    body: string;
+}
+/**
+ * Information about a prior review on this PR.
+ */
+interface PriorReview {
+    /** The head commit SHA that was reviewed */
+    headSha: string;
+    /** ISO timestamp of when the review was submitted */
+    reviewedAt: string;
+}
+/**
+ * PR metadata used by the eligibility gate.
+ * This is a pure data object — the caller is responsible for fetching
+ * this data from GitHub (via `gh` CLI, GitHub MCP, or mock).
+ */
+interface PrMetadata {
+    /** PR state: open, closed, or merged */
+    state: 'open' | 'closed' | 'merged';
+    /** Whether the PR is marked as draft */
+    isDraft: boolean;
+    /** List of changed file paths (project-relative) */
+    changedFiles: string[];
+    /** The HEAD commit SHA of the PR branch */
+    headSha: string;
+    /** Prior reviews submitted on this PR */
+    priorReviews: PriorReview[];
+}
+/**
+ * Result of the eligibility gate check.
+ */
+interface EligibilityResult {
+    /** Whether the PR is eligible for review */
+    eligible: boolean;
+    /** Human-readable reason when not eligible */
+    reason?: string;
+}
+/**
+ * Configuration mapping abstract model tiers to concrete model identifiers.
+ * All tiers are optional — unmapped tiers resolve to undefined (use current model).
+ *
+ * Example config:
+ *   { fast: "haiku", standard: "sonnet", strong: "opus" }
+ *   { fast: "gpt-4o-mini", standard: "gpt-4o", strong: "o1" }
+ */
+interface ModelTierConfig {
+    fast?: string;
+    standard?: string;
+    strong?: string;
+}
+/**
+ * Known provider identifiers for default tier resolution.
+ */
+type ModelProvider = 'claude' | 'openai' | 'gemini';
+/**
+ * Default model tier mappings per provider.
+ * Used as fallback when config does not specify a tier.
+ */
+type ProviderDefaults = Record<ModelProvider, ModelTierConfig>;
+/**
+ * Flags controlling pipeline behavior, derived from CLI/MCP input.
+ */
+interface PipelineFlags {
+    /** Post inline comments to GitHub PR */
+    comment: boolean;
+    /** Enable eligibility gate (CI mode) */
+    ci: boolean;
+    /** Add threat modeling pass to security agent */
+    deep: boolean;
+    /** Skip mechanical checks */
+    noMechanical: boolean;
+}
+/**
+ * Mutable context object threaded through all 7 pipeline phases.
+ * Each phase reads from upstream fields and writes to its own fields.
+ */
+interface PipelineContext {
+    /** Project root directory */
+    projectRoot: string;
+    /** Diff information from git */
+    diff: DiffInfo;
+    /** Most recent commit message */
+    commitMessage: string;
+    /** Pipeline flags from CLI/MCP */
+    flags: PipelineFlags;
+    /** Model tier config (from harness.config.json review.model_tiers) */
+    modelTierConfig?: ModelTierConfig;
+    /** Graph adapter (optional — enhances context and validation) */
+    graph?: GraphAdapter;
+    /** PR metadata for gate phase and GitHub comments */
+    prMetadata?: PrMetadata;
+    /** Convention file paths for compliance context */
+    conventionFiles?: string[];
+    /** Output from `harness check-deps` for architecture fallback */
+    checkDepsOutput?: string;
+    /** Repository in owner/repo format (for --comment) */
+    repo?: string;
+    /** Whether the pipeline was skipped by the gate */
+    skipped: boolean;
+    /** Reason for skipping (when skipped is true) */
+    skipReason?: string;
+    /** Mechanical check results */
+    mechanicalResult?: MechanicalCheckResult;
+    /** Exclusion set built from mechanical findings */
+    exclusionSet?: ExclusionSet;
+    /** Context bundles per review domain */
+    contextBundles?: ContextBundle[];
+    /** Raw findings from all agents */
+    rawFindings?: ReviewFinding[];
+    /** Findings after mechanical exclusion and reachability validation */
+    validatedFindings?: ReviewFinding[];
+    /** Final deduplicated finding list */
+    dedupedFindings?: ReviewFinding[];
+    /** Strengths identified during review */
+    strengths: ReviewStrength[];
+    /** Final assessment */
+    assessment?: ReviewAssessment;
+    /** Formatted terminal output */
+    terminalOutput?: string;
+    /** GitHub inline comments (when --comment is set) */
+    githubComments?: GitHubInlineComment[];
+    /** Process exit code (0 = approve/comment, 1 = request-changes) */
+    exitCode: number;
+}
+/**
+ * Immutable result returned from `runPipeline()`.
+ */
+interface ReviewPipelineResult {
+    /** Whether the pipeline was skipped by the eligibility gate */
+    skipped: boolean;
+    /** Reason for skipping */
+    skipReason?: string;
+    /** Whether the pipeline stopped due to mechanical failures */
+    stoppedByMechanical: boolean;
+    /** Final assessment (undefined if skipped or stopped) */
+    assessment?: ReviewAssessment;
+    /** Deduplicated findings */
+    findings: ReviewFinding[];
+    /** Strengths identified */
+    strengths: ReviewStrength[];
+    /** Formatted terminal output */
+    terminalOutput: string;
+    /** GitHub inline comments (empty if --comment not set) */
+    githubComments: GitHubInlineComment[];
+    /** Process exit code */
+    exitCode: number;
+    /** Mechanical check result (for reporting) */
+    mechanicalResult?: MechanicalCheckResult;
+}
+/**
+ * Run all mechanical checks and produce the exclusion set inputs.
+ *
+ * Mechanical checks that fail with errors (validate, check-deps) set `stopPipeline: true`.
+ * Checks that produce warnings (check-docs, security-scan) record findings but do NOT stop the pipeline.
+ */
+declare function runMechanicalChecks(options: MechanicalCheckOptions): Promise<Result<MechanicalCheckResult, Error>>;
+/**
+ * Detect the change type from a commit message and diff information.
+ *
+ * Detection priority:
+ * 1. Conventional commit prefix in commit message
+ * 2. Diff pattern heuristics (new files, test files, docs-only)
+ * 3. Default to 'feature' (most thorough review)
+ */
+declare function detectChangeType(commitMessage: string, diff: DiffInfo): ChangeType;
+/**
+ * Assemble scoped context bundles for each review domain.
+ *
+ * Returns one ContextBundle per domain. Each bundle contains:
+ * - The changed files with their content
+ * - Domain-specific context files (imports, tests, conventions, etc.)
+ * - Recent commit history
+ * - Change type and context ratio metadata
+ */
+declare function scopeContext(options: ContextScopeOptions): Promise<ContextBundle[]>;
+/**
+ * Descriptor for the compliance review agent.
+ */
+declare const COMPLIANCE_DESCRIPTOR: ReviewAgentDescriptor;
+/**
+ * Run the compliance review agent.
+ *
+ * Analyzes the context bundle for convention adherence, spec alignment,
+ * and documentation completeness. Produces ReviewFinding[] with domain 'compliance'.
+ *
+ * This function performs static/heuristic analysis. The actual LLM invocation
+ * for deeper compliance review happens at the orchestration layer (MCP/CLI).
+ */
+declare function runComplianceAgent(bundle: ContextBundle): ReviewFinding[];
+declare const BUG_DETECTION_DESCRIPTOR: ReviewAgentDescriptor;
+/**
+ * Run the bug detection review agent.
+ *
+ * Analyzes the context bundle for logic errors, edge cases, error handling issues,
+ * and test coverage gaps. Produces ReviewFinding[] with domain 'bug'.
+ */
+declare function runBugDetectionAgent(bundle: ContextBundle): ReviewFinding[];
+declare const SECURITY_DESCRIPTOR: ReviewAgentDescriptor;
+/**
+ * Run the security review agent.
+ *
+ * Analyzes the context bundle for security vulnerabilities using pattern-based
+ * heuristics. Produces ReviewFinding[] with domain 'security'.
+ */
+declare function runSecurityAgent(bundle: ContextBundle): ReviewFinding[];
+declare const ARCHITECTURE_DESCRIPTOR: ReviewAgentDescriptor;
+/**
+ * Run the architecture review agent.
+ *
+ * Analyzes the context bundle for architectural violations, dependency direction,
+ * and design pattern compliance. Produces ReviewFinding[] with domain 'architecture'.
+ */
+declare function runArchitectureAgent(bundle: ContextBundle): ReviewFinding[];
+/**
+ * All agent descriptors indexed by domain.
+ * Used by the fan-out orchestrator to dispatch agents and by output formatting
+ * to display agent metadata.
+ */
+declare const AGENT_DESCRIPTORS: Record<ReviewDomain, ReviewAgentDescriptor>;
+/**
+ * Fan out review to all agents in parallel.
+ *
+ * Dispatches one agent per context bundle (each bundle targets a specific domain).
+ * All agents run concurrently via Promise.all.
+ *
+ * Currently dispatches synchronous heuristic agents. Parallelism becomes
+ * meaningful when agents perform async LLM calls (Phase 8 model tiering).
+ *
+ * Returns an AgentReviewResult per domain, each containing the findings
+ * and timing information.
+ */
+declare function fanOutReview(options: FanOutOptions): Promise<AgentReviewResult[]>;
+/**
+ * Options for the validation phase.
+ */
+interface ValidateFindingsOptions {
+    /** All findings from Phase 4 fan-out */
+    findings: ReviewFinding[];
+    /** ExclusionSet built from mechanical findings in Phase 2 */
+    exclusionSet: ExclusionSet;
+    /** Graph adapter (optional — falls back to import-chain heuristic when absent) */
+    graph?: GraphAdapter;
+    /** Project root for path normalization */
+    projectRoot: string;
+    /** Changed file contents for import-chain heuristic (file path -> content) */
+    fileContents?: Map<string, string>;
+}
+/**
+ * Validate Phase 4 findings against mechanical exclusion, graph reachability,
+ * and import-chain heuristic fallback.
+ *
+ * 1. Mechanical exclusion: discard findings that overlap with ExclusionSet
+ * 2. Graph reachability (if graph provided): verify cross-file claims, discard unreachable
+ * 3. Import-chain heuristic (no graph): downgrade findings with unvalidated cross-file claims
+ */
+declare function validateFindings(options: ValidateFindingsOptions): Promise<ReviewFinding[]>;
+/**
+ * Options for the deduplication phase.
+ */
+interface DeduplicateFindingsOptions {
+    /** Validated findings from Phase 5 */
+    findings: ReviewFinding[];
+    /** Maximum line gap to consider findings as overlapping (default: 3) */
+    lineGap?: number;
+}
+/**
+ * Deduplicate and merge overlapping findings.
+ *
+ * Groups findings by file, then merges findings with overlapping line ranges
+ * (within `lineGap` lines of each other). Merged findings keep the highest
+ * severity, combine evidence, preserve the strongest rationale, and note
+ * all contributing domains in the title.
+ */
+declare function deduplicateFindings(options: DeduplicateFindingsOptions): ReviewFinding[];
+/**
+ * Phase 1: Eligibility Gate
+ *
+ * Pure function that checks whether a PR should be reviewed.
+ * In CI mode (`ciMode: true`), checks PR state, draft status,
+ * trivial changes, and prior reviews. When `ciMode` is false
+ * (manual invocation), always returns eligible.
+ *
+ * @param pr - PR metadata (state, draft status, files, commit range, prior reviews)
+ * @param ciMode - Whether the review was invoked with --ci flag
+ * @returns Eligibility result with optional skip reason
+ */
+declare function checkEligibility(pr: PrMetadata, ciMode: boolean): EligibilityResult;
+/**
+ * Sensible default model tier mappings per known provider.
+ * Used as fallback when project config does not map a tier.
+ */
+declare const DEFAULT_PROVIDER_TIERS: ProviderDefaults;
+/**
+ * Resolve an abstract model tier to a concrete model identifier.
+ *
+ * Resolution order:
+ * 1. If config has a mapping for the tier, return it.
+ * 2. If a provider is specified and has a default for the tier, return the default.
+ * 3. Return undefined (meaning "use whatever model the user is currently running").
+ *
+ * @param tier - Abstract model tier ('fast', 'standard', 'strong')
+ * @param config - Optional model tier config from harness.config.json review.model_tiers
+ * @param provider - Optional known provider for default fallback
+ * @returns Concrete model identifier string, or undefined if no mapping found
+ */
+declare function resolveModelTier(tier: ModelTier, config?: ModelTierConfig, provider?: ModelProvider): string | undefined;
+/**
+ * Determine the overall assessment based on the highest severity finding.
+ *
+ * - No findings or all suggestions → approve
+ * - Any important (but no critical) → comment
+ * - Any critical → request-changes
+ */
+declare function determineAssessment(findings: ReviewFinding[]): ReviewAssessment;
+/**
+ * Map an assessment to a process exit code.
+ * - approve / comment → 0
+ * - request-changes → 1
+ */
+declare function getExitCode(assessment: ReviewAssessment): number;
+/**
+ * Format a single finding as a terminal text block.
+ */
+declare function formatFindingBlock(finding: ReviewFinding): string;
+/**
+ * Format the full terminal output in Strengths / Issues / Assessment format.
+ */
+declare function formatTerminalOutput(options: {
+    findings: ReviewFinding[];
+    strengths: ReviewStrength[];
+}): string;
+/**
+ * Check if a suggestion is "small" (under 10 lines) and suitable
+ * for a committable GitHub suggestion block.
+ */
+declare function isSmallSuggestion(suggestion: string | undefined): boolean;
+/**
+ * Format a single finding as a GitHub inline comment.
+ *
+ * - Small suggestions (< 10 lines): committable suggestion block
+ * - Large suggestions or no suggestion: description + rationale
+ */
+declare function formatGitHubComment(finding: ReviewFinding): GitHubInlineComment;
+/**
+ * Format the review summary for a GitHub PR review body.
+ * Uses markdown formatting (## headers, bullet lists).
+ */
+declare function formatGitHubSummary(options: {
+    findings: ReviewFinding[];
+    strengths: ReviewStrength[];
+}): string;
+/**
+ * Options for invoking the pipeline.
+ */
+interface RunPipelineOptions {
+    projectRoot: string;
+    diff: DiffInfo;
+    commitMessage: string;
+    flags: PipelineFlags;
+    modelTierConfig?: ModelTierConfig;
+    graph?: GraphAdapter;
+    prMetadata?: PrMetadata;
+    conventionFiles?: string[];
+    checkDepsOutput?: string;
+    repo?: string;
+    /** Harness config object for mechanical checks */
+    config?: Record<string, unknown>;
+    /** Pre-gathered commit history entries */
+    commitHistory?: CommitHistoryEntry[];
+}
+/**
+ * Run the full 7-phase code review pipeline.
+ *
+ * Phase 1: GATE (CI mode only)
+ * Phase 2: MECHANICAL (skipped with --no-mechanical)
+ * Phase 3: CONTEXT
+ * Phase 4: FAN-OUT (parallel agents)
+ * Phase 5: VALIDATE
+ * Phase 6: DEDUP+MERGE
+ * Phase 7: OUTPUT
+ */
+declare function runReviewPipeline(options: RunPipelineOptions): Promise<ReviewPipelineResult>;
+/**
+ * Parse a roadmap markdown string into a structured Roadmap object.
+ * Returns Result<Roadmap> — Err on invalid input.
+ */
+declare function parseRoadmap(markdown: string): Result<Roadmap>;
+/**
+ * Serialize a Roadmap object to markdown string.
+ * Produces output that round-trips with parseRoadmap.
+ */
+declare function serializeRoadmap(roadmap: Roadmap): string;
+/**
+ * A proposed status change from the sync engine.
+ */
+interface SyncChange {
+    /** Feature name */
+    feature: string;
+    /** Current status in the roadmap */
+    from: FeatureStatus;
+    /** Proposed new status based on execution state */
+    to: FeatureStatus;
+}
+interface SyncOptions {
+    /** Path to project root */
+    projectPath: string;
+    /** Parsed roadmap object */
+    roadmap: Roadmap;
+    /** Override human-always-wins rule */
+    forceSync?: boolean;
+}
+/**
+ * Scan execution state files and infer status changes for roadmap features.
+ * Returns proposed changes without modifying the roadmap.
+ */
+declare function syncRoadmap(options: SyncOptions): Result<SyncChange[]>;
+declare const InteractionTypeSchema: z.ZodEnum<["question", "confirmation", "transition"]>;
+declare const QuestionSchema: z.ZodObject<{
+    text: z.ZodString;
+    options: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    default: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    text: string;
+    default?: string | undefined;
+    options?: string[] | undefined;
+}, {
+    text: string;
+    default?: string | undefined;
+    options?: string[] | undefined;
+}>;
+declare const ConfirmationSchema: z.ZodObject<{
+    text: z.ZodString;
+    context: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    text: string;
+    context: string;
+}, {
+    text: string;
+    context: string;
+}>;
+declare const TransitionSchema: z.ZodObject<{
+    completedPhase: z.ZodString;
+    suggestedNext: z.ZodString;
+    reason: z.ZodString;
+    artifacts: z.ZodArray<z.ZodString, "many">;
+    requiresConfirmation: z.ZodBoolean;
+    summary: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    reason: string;
+    summary: string;
+    completedPhase: string;
+    suggestedNext: string;
+    artifacts: string[];
+    requiresConfirmation: boolean;
+}, {
+    reason: string;
+    summary: string;
+    completedPhase: string;
+    suggestedNext: string;
+    artifacts: string[];
+    requiresConfirmation: boolean;
+}>;
+declare const EmitInteractionInputSchema: z.ZodObject<{
+    path: z.ZodString;
+    type: z.ZodEnum<["question", "confirmation", "transition"]>;
+    stream: z.ZodOptional<z.ZodString>;
+    question: z.ZodOptional<z.ZodObject<{
+        text: z.ZodString;
+        options: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        default: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        text: string;
+        default?: string | undefined;
+        options?: string[] | undefined;
+    }, {
+        text: string;
+        default?: string | undefined;
+        options?: string[] | undefined;
+    }>>;
+    confirmation: z.ZodOptional<z.ZodObject<{
+        text: z.ZodString;
+        context: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        text: string;
+        context: string;
+    }, {
+        text: string;
+        context: string;
+    }>>;
+    transition: z.ZodOptional<z.ZodObject<{
+        completedPhase: z.ZodString;
+        suggestedNext: z.ZodString;
+        reason: z.ZodString;
+        artifacts: z.ZodArray<z.ZodString, "many">;
+        requiresConfirmation: z.ZodBoolean;
+        summary: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        reason: string;
+        summary: string;
+        completedPhase: string;
+        suggestedNext: string;
+        artifacts: string[];
+        requiresConfirmation: boolean;
+    }, {
+        reason: string;
+        summary: string;
+        completedPhase: string;
+        suggestedNext: string;
+        artifacts: string[];
+        requiresConfirmation: boolean;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    path: string;
+    type: "question" | "confirmation" | "transition";
+    stream?: string | undefined;
+    question?: {
+        text: string;
+        default?: string | undefined;
+        options?: string[] | undefined;
+    } | undefined;
+    confirmation?: {
+        text: string;
+        context: string;
+    } | undefined;
+    transition?: {
+        reason: string;
+        summary: string;
+        completedPhase: string;
+        suggestedNext: string;
+        artifacts: string[];
+        requiresConfirmation: boolean;
+    } | undefined;
+}, {
+    path: string;
+    type: "question" | "confirmation" | "transition";
+    stream?: string | undefined;
+    question?: {
+        text: string;
+        default?: string | undefined;
+        options?: string[] | undefined;
+    } | undefined;
+    confirmation?: {
+        text: string;
+        context: string;
+    } | undefined;
+    transition?: {
+        reason: string;
+        summary: string;
+        completedPhase: string;
+        suggestedNext: string;
+        artifacts: string[];
+        requiresConfirmation: boolean;
+    } | undefined;
+}>;
+type InteractionType = z.infer<typeof InteractionTypeSchema>;
+type Question = z.infer<typeof QuestionSchema>;
+type Confirmation = z.infer<typeof ConfirmationSchema>;
+type Transition = z.infer<typeof TransitionSchema>;
+type EmitInteractionInput = z.infer<typeof EmitInteractionInputSchema>;
+interface UpdateCheckState {
+    lastCheckTime: number;
+    latestVersion: string | null;
+    currentVersion: string;
+}
+/**
+ * Returns false if the HARNESS_NO_UPDATE_CHECK env var is set to "1"
+ * or the configured interval is 0 (disabled).
+ */
+declare function isUpdateCheckEnabled(configInterval?: number): boolean;
+/**
+ * Returns true when enough time has passed since the last check.
+ * If state is null (never checked), returns true.
+ */
+declare function shouldRunCheck(state: UpdateCheckState | null, intervalMs: number): boolean;
+/**
+ * Reads the update check state from ~/.harness/update-check.json.
+ * Returns null if the file is missing, unreadable, or has invalid content.
+ */
+declare function readCheckState(): UpdateCheckState | null;
+/**
+ * Spawns a detached background Node process that:
+ * 1. Queries npm registry for the latest version of @harness-engineering/cli
+ * 2. Writes the result to ~/.harness/update-check.json
+ * 3. Exits silently on any failure
+ *
+ * The parent calls child.unref() so the child does not block process exit.
+ */
+declare function spawnBackgroundCheck(currentVersion: string): void;
+/**
+ * Reads the cached update check state and returns a formatted notification
+ * string if a newer version is available. Returns null otherwise.
+ *
+ * @param currentVersion - The currently running version (e.g. VERSION from index.ts)
+ */
+declare function getUpdateNotification(currentVersion: string): string | null;
 /**
  * @harness-engineering/core
  *
  * Core library for Harness Engineering toolkit
  */
-declare const VERSION = "0.6.0";
+declare const VERSION = "0.8.0";
-export { type AST, type ActionContext, type ActionEvent, type ActionEventHandler, type ActionEventType, type ActionResult, type ActionSink, type ActionTracker, type ActionType, type AgentAction, AgentActionEmitter, type AgentConfig, type AgentExecutor, type AgentMapLink, type AgentMapSection, type AgentMapValidation, type AgentProcess, type AgentType, type AgentsMapConfig, type BaseError, type BoundaryDefinition, type BoundaryValidation, type BoundaryValidator, type BoundaryViolation, type BrokenLink, type ChangedFile, ChecklistBuilder, type CircularDependency, type CircularDepsResult, type CodeBlock, type CodeChanges, type CodePattern, type CodeReference, type CodebaseSnapshot, type CommitFormat, type CommitValidation, type ConfigError, type ConfigPattern, ConsoleSink, type ConstraintError, type ContextError, type ContextFilterResult, type Convention, type CoverageOptions, type CoverageReport, type CustomRule, type CustomRuleResult, DEFAULT_STATE, type DeadCodeConfig, type DeadCodeReport, type DeadExport, type DeadFile, type DeadInternal, type DependencyEdge, type DependencyGraph, type DependencyValidation, type DependencyViolation, type DocumentationDrift, type DocumentationFile, type DocumentationGap, type DriftConfig, type DriftReport, EntropyAnalyzer, type EntropyConfig, EntropyConfigSchema, type EntropyError, type EntropyReport, type ExecutorHealth, type Export, type ExportMap, type FailureEntry, FailureEntrySchema, type FeedbackConfig, type FeedbackError$1 as FeedbackError, type FileCategory, FileSink, type Fix, type FixConfig, type FixResult, type FixType, type ForbiddenPattern, type GateConfig, GateConfigSchema, type GateResult, GateResultSchema, type GenerationSection, type GraphCoverageData, type GraphDependencyData, type GraphHarnessCheckData, type GraphImpactData, type Handoff, HandoffSchema, type HarnessState, HarnessStateSchema, type HealthCheckResult, type Import, type InlineReference, type IntegrityReport, type InternalSymbol, type JSDocComment, type LanguageParser, type Layer, type LayerConfig, type LogEntry, type LogFilter, type Metric, NoOpExecutor, NoOpSink, NoOpTelemetryAdapter, type ParseError, type PatternConfig, PatternConfigSchema, type PatternMatch, type PatternReport, type PatternViolation, type PeerReview, type PeerReviewOptions, type PipelineOptions, type PipelineResult, REQUIRED_SECTIONS, type ReachabilityNode, type ReviewChecklist, type ReviewComment, type ReviewContext, type ReviewItem, type RunCIChecksInput, type SelfReviewConfig, type SkillExecutor, type SourceFile, type Span, type SpanEvent, type StepExecutor, type StructureValidation, type Suggestion, type SuggestionReport, type TelemetryAdapter, type TelemetryHealth, type TimeRange, type TokenBudget, type TokenBudgetOverrides, type Trace, type TurnExecutor, TypeScriptParser, type UnusedImport, VERSION, type ValidationError, type WorkflowPhase, analyzeDiff, appendFailure, appendLearning, applyFixes, archiveFailures, buildDependencyGraph, buildSnapshot, checkDocCoverage, configureFeedback, contextBudget, contextFilter, createBoundaryValidator, createError, createFixes, createParseError, createSelfReview, defineLayer, detectCircularDeps, detectCircularDepsInFiles, detectDeadCode, detectDocDrift, detectPatternViolations, executeWorkflow, extractMarkdownLinks, extractSections, generateAgentsMap, generateSuggestions, getActionEmitter, getFeedbackConfig, getPhaseCategories, loadFailures, loadHandoff, loadRelevantLearnings, loadState, logAgentAction, parseDiff, previewFix, requestMultiplePeerReviews, requestPeerReview, resetFeedbackConfig, resolveFileToLayer, runCIChecks, runMechanicalGate, runMultiTurnPipeline, runPipeline, saveHandoff, saveState, trackAction, validateAgentsMap, validateBoundaries, validateCommitMessage, validateConfig, validateDependencies, validateFileStructure, validateKnowledgeMap, validatePatternConfig };
+export { AGENT_DESCRIPTORS, ARCHITECTURE_DESCRIPTOR, type AST, type ActionContext, type ActionEvent, type ActionEventHandler, type ActionEventType, type ActionResult, type ActionSink, type ActionTracker, type ActionType, type AgentAction, AgentActionEmitter, type AgentConfig, type AgentExecutor, type AgentMapLink, type AgentMapSection, type AgentMapValidation, type AgentProcess, type AgentReviewResult, type AgentType, type AgentsMapConfig, BUG_DETECTION_DESCRIPTOR, type BaseError, type Baseline, BaselineManager, type BaselinesFile, type BenchmarkResult, type BenchmarkRunOptions, BenchmarkRunner, type BoundaryDefinition, type BoundaryValidation, type BoundaryValidator, type BoundaryViolation, type BrokenLink, COMPLIANCE_DESCRIPTOR, type ChangeType, type ChangedFile, ChecklistBuilder, type CircularDependency, type CircularDepsResult, type CleanupFinding, type CodeBlock, type CodeChanges, type CodePattern, type CodeReference, type CodebaseSnapshot, type CommentedCodeBlock, type CommitFormat, type CommitHistoryEntry, type CommitValidation, type ComplexityConfig, type ComplexityReport, type ComplexityThresholds, type ComplexityViolation, type ConfigError, type ConfigPattern, type Confirmation, ConfirmationSchema, ConsoleSink, type ConstraintError, type ContextBundle, type ContextError, type ContextFile, type ContextFilterResult, type ContextScopeOptions, type Convention, type CouplingConfig, type CouplingReport, type CouplingThresholds, type CouplingViolation, type CoverageOptions, type CoverageReport, type CriticalPathEntry, CriticalPathResolver, type CriticalPathSet, type CustomRule, type CustomRuleResult, DEFAULT_PROVIDER_TIERS, DEFAULT_SECURITY_CONFIG, DEFAULT_STATE, DEFAULT_STREAM_INDEX, type DeadCodeConfig, type DeadCodeReport, type DeadExport, type DeadFile, type DeadInternal, type DeduplicateFindingsOptions, type DependencyEdge, type DependencyGraph, type DependencyValidation, type DependencyViolation, type DiffInfo, type DocumentationDrift, type DocumentationFile, type DocumentationGap, type DriftConfig, type DriftReport, type EligibilityResult, type EmitInteractionInput, EmitInteractionInputSchema, EntropyAnalyzer, type EntropyConfig, EntropyConfigSchema, type EntropyError, type EntropyReport, ExclusionSet, type ExecutorHealth, type Export, type ExportMap, type FailureEntry, FailureEntrySchema, type FanOutOptions, type FeedbackConfig, type FeedbackError$1 as FeedbackError, type FileCategory, FileSink, type FindingSeverity, type Fix, type FixConfig, type FixResult, type FixType, type ForbiddenImportViolation, type ForbiddenPattern, type GateConfig, GateConfigSchema, type GateResult, GateResultSchema, type GenerationSection, type GitHubInlineComment, type GraphAdapter, type GraphComplexityData, type GraphCouplingData, type GraphCoverageData, type GraphCriticalPathData, type GraphDependencyData, type GraphHarnessCheckData, type GraphImpactData, type Handoff, HandoffSchema, type HarnessState, HarnessStateSchema, type HealthCheckResult, type HotspotContext, type Import, type InlineReference, type IntegrityReport, type InteractionType, InteractionTypeSchema, type InternalSymbol, type JSDocComment, type LanguageParser, type Layer, type LayerConfig, type LogEntry, type LogFilter, type MechanicalCheckOptions, type MechanicalCheckResult, type MechanicalCheckStatus, type MechanicalFinding, type Metric, type ModelProvider, type ModelTier, type ModelTierConfig, NoOpExecutor, NoOpSink, NoOpTelemetryAdapter, type OrphanedDep, type ParseError, type PatternConfig, PatternConfigSchema, type PatternMatch, type PatternReport, type PatternViolation, type PeerReview, type PeerReviewOptions, type PipelineContext, type PipelineFlags, type PipelineOptions, type PipelineResult, type PrMetadata, type PriorReview, type ProviderDefaults, type Question, QuestionSchema, REQUIRED_SECTIONS, type ReachabilityNode, RegressionDetector, type RegressionReport, type RegressionResult, type ReviewAgentDescriptor, type ReviewAssessment, type ReviewChecklist, type ReviewComment, type ReviewContext, type ReviewDomain, type ReviewFinding, type ReviewItem, type ReviewOutputOptions, type ReviewPipelineResult, type ReviewStrength, type RuleOverride, RuleRegistry, type RunCIChecksInput, type RunPipelineOptions, SECURITY_DESCRIPTOR, type SafetyLevel, type ScanResult, type SecurityCategory, type SecurityConfidence, type SecurityConfig, SecurityConfigSchema, type SecurityFinding, type SecurityRule, SecurityScanner, type SecuritySeverity, type SelfReviewConfig, type SizeBudgetConfig, type SizeBudgetReport, type SizeBudgetViolation, type SkillExecutor, type SourceFile, type Span, type SpanEvent, type StepExecutor, type StreamIndex, StreamIndexSchema, type StreamInfo, StreamInfoSchema, type StructureValidation, type Suggestion, type SuggestionReport, type SyncChange, type SyncOptions, type TelemetryAdapter, type TelemetryHealth, type TimeRange, type TokenBudget, type TokenBudgetOverrides, type Trace, type Transition, TransitionSchema, type TurnExecutor, TypeScriptParser, type UnusedImport, type UpdateCheckState, VERSION, type ValidateFindingsOptions, type ValidationError, type WorkflowPhase, analyzeDiff, appendFailure, appendLearning, applyFixes, applyHotspotDowngrade, archiveFailures, archiveStream, buildDependencyGraph, buildExclusionSet, buildSnapshot, checkDocCoverage, checkEligibility, classifyFinding, configureFeedback, contextBudget, contextFilter, createBoundaryValidator, createCommentedCodeFixes, createError, createFixes, createForbiddenImportFixes, createOrphanedDepFixes, createParseError, createSelfReview, createStream, cryptoRules, deduplicateCleanupFindings, deduplicateFindings, defineLayer, deserializationRules, detectChangeType, detectCircularDeps, detectCircularDepsInFiles, detectComplexityViolations, detectCouplingViolations, detectDeadCode, detectDocDrift, detectPatternViolations, detectSizeBudgetViolations, detectStack, determineAssessment, executeWorkflow, expressRules, extractMarkdownLinks, extractSections, fanOutReview, formatFindingBlock, formatGitHubComment, formatGitHubSummary, formatTerminalOutput, generateAgentsMap, generateSuggestions, getActionEmitter, getExitCode, getFeedbackConfig, getPhaseCategories, getStreamForBranch, getUpdateNotification, goRules, injectionRules, isSmallSuggestion, isUpdateCheckEnabled, listStreams, loadFailures, loadHandoff, loadRelevantLearnings, loadState, loadStreamIndex, logAgentAction, migrateToStreams, networkRules, nodeRules, parseDiff, parseRoadmap, parseSecurityConfig, parseSize, pathTraversalRules, previewFix, reactRules, readCheckState, requestMultiplePeerReviews, requestPeerReview, resetFeedbackConfig, resolveFileToLayer, resolveModelTier, resolveRuleSeverity, resolveStreamPath, runArchitectureAgent, runBugDetectionAgent, runCIChecks, runComplianceAgent, runMechanicalChecks, runMechanicalGate, runMultiTurnPipeline, runPipeline, runReviewPipeline, runSecurityAgent, saveHandoff, saveState, saveStreamIndex, scopeContext, secretRules, serializeRoadmap, setActiveStream, shouldRunCheck, spawnBackgroundCheck, syncRoadmap, touchStream, trackAction, validateAgentsMap, validateBoundaries, validateCommitMessage, validateConfig, validateDependencies, validateFileStructure, validateFindings, validateKnowledgeMap, validatePatternConfig, xssRules };