@lannguyensi/harness 0.14.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -0
- package/README.md +20 -2
- package/dist/cli/doctor/format.js +24 -0
- package/dist/cli/doctor/format.js.map +1 -1
- package/dist/cli/doctor/index.d.ts +7 -0
- package/dist/cli/doctor/index.js +10 -0
- package/dist/cli/doctor/index.js.map +1 -1
- package/dist/cli/doctor/rogue-ledger.d.ts +25 -0
- package/dist/cli/doctor/rogue-ledger.js +106 -0
- package/dist/cli/doctor/rogue-ledger.js.map +1 -0
- package/dist/cli/doctor/types.d.ts +10 -1
- package/dist/cli/doctor/types.js.map +1 -1
- package/dist/cli/index.js +177 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/init/composer.d.ts +29 -0
- package/dist/cli/init/composer.js +377 -0
- package/dist/cli/init/composer.js.map +1 -0
- package/dist/cli/init/dependencies.d.ts +25 -0
- package/dist/cli/init/dependencies.js +100 -10
- package/dist/cli/init/dependencies.js.map +1 -1
- package/dist/cli/init/index.d.ts +18 -1
- package/dist/cli/init/index.js +17 -7
- package/dist/cli/init/index.js.map +1 -1
- package/dist/cli/init/interactive.d.ts +31 -2
- package/dist/cli/init/interactive.js +321 -79
- package/dist/cli/init/interactive.js.map +1 -1
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.js +60 -9
- package/dist/cli/init/templates.js.map +1 -1
- package/dist/cli/pack/hook-branch-protection.d.ts +30 -0
- package/dist/cli/pack/hook-branch-protection.js +279 -0
- package/dist/cli/pack/hook-branch-protection.js.map +1 -0
- package/dist/cli/pack/hook-codex-pre-tool-use.js +3 -1
- package/dist/cli/pack/hook-codex-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-pre-tool-use.d.ts +1 -1
- package/dist/cli/pack/hook-pre-tool-use.js +42 -3
- package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/understanding-report-schema-hint.d.ts +13 -0
- package/dist/cli/pack/understanding-report-schema-hint.js +54 -0
- package/dist/cli/pack/understanding-report-schema-hint.js.map +1 -0
- package/dist/cli/session-start/branch-check.d.ts +44 -0
- package/dist/cli/session-start/branch-check.js +165 -0
- package/dist/cli/session-start/branch-check.js.map +1 -0
- package/dist/cli/uninstall/index.d.ts +68 -0
- package/dist/cli/uninstall/index.js +586 -0
- package/dist/cli/uninstall/index.js.map +1 -0
- package/dist/cli/uninstall/snapshot.d.ts +40 -0
- package/dist/cli/uninstall/snapshot.js +34 -0
- package/dist/cli/uninstall/snapshot.js.map +1 -0
- package/dist/cli/validate/checks.d.ts +1 -1
- package/dist/cli/validate/checks.js +1 -7
- package/dist/cli/validate/checks.js.map +1 -1
- package/dist/io/harness-lock.js +1 -9
- package/dist/io/harness-lock.js.map +1 -1
- package/dist/policies/ledger-client.js +3 -9
- package/dist/policies/ledger-client.js.map +1 -1
- package/dist/policies/producers.d.ts +12 -0
- package/dist/policies/producers.js +61 -0
- package/dist/policies/producers.js.map +1 -0
- package/dist/policy-packs/builtin/branch-protection-runtime.d.ts +47 -0
- package/dist/policy-packs/builtin/branch-protection-runtime.js +92 -0
- package/dist/policy-packs/builtin/branch-protection-runtime.js.map +1 -0
- package/dist/policy-packs/builtin/branch-protection.d.ts +9 -0
- package/dist/policy-packs/builtin/branch-protection.js +146 -0
- package/dist/policy-packs/builtin/branch-protection.js.map +1 -0
- package/dist/policy-packs/registry.d.ts +1 -1
- package/dist/policy-packs/registry.js +10 -3
- package/dist/policy-packs/registry.js.map +1 -1
- package/dist/runtime/expand-home.d.ts +14 -0
- package/dist/runtime/expand-home.js +54 -0
- package/dist/runtime/expand-home.js.map +1 -0
- package/dist/runtime/intercept.js +13 -2
- package/dist/runtime/intercept.js.map +1 -1
- package/dist/runtime/ledger-add.js +10 -3
- package/dist/runtime/ledger-add.js.map +1 -1
- package/dist/runtime/ledger-record.js +11 -10
- package/dist/runtime/ledger-record.js.map +1 -1
- package/dist/schema/index.d.ts +281 -101
- package/dist/schema/permission-profiles.d.ts +125 -125
- package/dist/schema/policies.d.ts +261 -0
- package/dist/schema/policies.js +50 -0
- package/dist/schema/policies.js.map +1 -1
- package/package.json +2 -1
|
@@ -19,6 +19,46 @@ export declare const PolicyTriggerSchema: z.ZodObject<{
|
|
|
19
19
|
extract?: Record<string, string> | undefined;
|
|
20
20
|
}>;
|
|
21
21
|
export declare const PolicyEnforcementSchema: z.ZodEnum<["block", "warn"]>;
|
|
22
|
+
export declare const ProducerSchema: z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
23
|
+
kind: z.ZodLiteral<"bash">;
|
|
24
|
+
command: z.ZodString;
|
|
25
|
+
description: z.ZodString;
|
|
26
|
+
}, "strict", z.ZodTypeAny, {
|
|
27
|
+
command: string;
|
|
28
|
+
description: string;
|
|
29
|
+
kind: "bash";
|
|
30
|
+
}, {
|
|
31
|
+
command: string;
|
|
32
|
+
description: string;
|
|
33
|
+
kind: "bash";
|
|
34
|
+
}>, z.ZodObject<{
|
|
35
|
+
kind: z.ZodLiteral<"mcp">;
|
|
36
|
+
verb: z.ZodString;
|
|
37
|
+
example: z.ZodString;
|
|
38
|
+
description: z.ZodString;
|
|
39
|
+
}, "strict", z.ZodTypeAny, {
|
|
40
|
+
description: string;
|
|
41
|
+
kind: "mcp";
|
|
42
|
+
verb: string;
|
|
43
|
+
example: string;
|
|
44
|
+
}, {
|
|
45
|
+
description: string;
|
|
46
|
+
kind: "mcp";
|
|
47
|
+
verb: string;
|
|
48
|
+
example: string;
|
|
49
|
+
}>, z.ZodObject<{
|
|
50
|
+
kind: z.ZodLiteral<"ask">;
|
|
51
|
+
command: z.ZodString;
|
|
52
|
+
description: z.ZodString;
|
|
53
|
+
}, "strict", z.ZodTypeAny, {
|
|
54
|
+
command: string;
|
|
55
|
+
description: string;
|
|
56
|
+
kind: "ask";
|
|
57
|
+
}, {
|
|
58
|
+
command: string;
|
|
59
|
+
description: string;
|
|
60
|
+
kind: "ask";
|
|
61
|
+
}>]>;
|
|
22
62
|
export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
23
63
|
name: z.ZodString;
|
|
24
64
|
description: z.ZodString;
|
|
@@ -108,6 +148,46 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
108
148
|
}>;
|
|
109
149
|
hook: z.ZodString;
|
|
110
150
|
enforcement: z.ZodEnum<["block", "warn"]>;
|
|
151
|
+
producers: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
152
|
+
kind: z.ZodLiteral<"bash">;
|
|
153
|
+
command: z.ZodString;
|
|
154
|
+
description: z.ZodString;
|
|
155
|
+
}, "strict", z.ZodTypeAny, {
|
|
156
|
+
command: string;
|
|
157
|
+
description: string;
|
|
158
|
+
kind: "bash";
|
|
159
|
+
}, {
|
|
160
|
+
command: string;
|
|
161
|
+
description: string;
|
|
162
|
+
kind: "bash";
|
|
163
|
+
}>, z.ZodObject<{
|
|
164
|
+
kind: z.ZodLiteral<"mcp">;
|
|
165
|
+
verb: z.ZodString;
|
|
166
|
+
example: z.ZodString;
|
|
167
|
+
description: z.ZodString;
|
|
168
|
+
}, "strict", z.ZodTypeAny, {
|
|
169
|
+
description: string;
|
|
170
|
+
kind: "mcp";
|
|
171
|
+
verb: string;
|
|
172
|
+
example: string;
|
|
173
|
+
}, {
|
|
174
|
+
description: string;
|
|
175
|
+
kind: "mcp";
|
|
176
|
+
verb: string;
|
|
177
|
+
example: string;
|
|
178
|
+
}>, z.ZodObject<{
|
|
179
|
+
kind: z.ZodLiteral<"ask">;
|
|
180
|
+
command: z.ZodString;
|
|
181
|
+
description: z.ZodString;
|
|
182
|
+
}, "strict", z.ZodTypeAny, {
|
|
183
|
+
command: string;
|
|
184
|
+
description: string;
|
|
185
|
+
kind: "ask";
|
|
186
|
+
}, {
|
|
187
|
+
command: string;
|
|
188
|
+
description: string;
|
|
189
|
+
kind: "ask";
|
|
190
|
+
}>]>, "many">>;
|
|
111
191
|
}, "strict", z.ZodTypeAny, {
|
|
112
192
|
name: string;
|
|
113
193
|
description: string;
|
|
@@ -129,6 +209,20 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
129
209
|
};
|
|
130
210
|
hook: string;
|
|
131
211
|
enforcement: "warn" | "block";
|
|
212
|
+
producers?: ({
|
|
213
|
+
command: string;
|
|
214
|
+
description: string;
|
|
215
|
+
kind: "bash";
|
|
216
|
+
} | {
|
|
217
|
+
description: string;
|
|
218
|
+
kind: "mcp";
|
|
219
|
+
verb: string;
|
|
220
|
+
example: string;
|
|
221
|
+
} | {
|
|
222
|
+
command: string;
|
|
223
|
+
description: string;
|
|
224
|
+
kind: "ask";
|
|
225
|
+
})[] | undefined;
|
|
132
226
|
}, {
|
|
133
227
|
name: string;
|
|
134
228
|
description: string;
|
|
@@ -150,6 +244,20 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
150
244
|
};
|
|
151
245
|
hook: string;
|
|
152
246
|
enforcement: "warn" | "block";
|
|
247
|
+
producers?: ({
|
|
248
|
+
command: string;
|
|
249
|
+
description: string;
|
|
250
|
+
kind: "bash";
|
|
251
|
+
} | {
|
|
252
|
+
description: string;
|
|
253
|
+
kind: "mcp";
|
|
254
|
+
verb: string;
|
|
255
|
+
example: string;
|
|
256
|
+
} | {
|
|
257
|
+
command: string;
|
|
258
|
+
description: string;
|
|
259
|
+
kind: "ask";
|
|
260
|
+
})[] | undefined;
|
|
153
261
|
}>, {
|
|
154
262
|
name: string;
|
|
155
263
|
description: string;
|
|
@@ -171,6 +279,20 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
171
279
|
};
|
|
172
280
|
hook: string;
|
|
173
281
|
enforcement: "warn" | "block";
|
|
282
|
+
producers?: ({
|
|
283
|
+
command: string;
|
|
284
|
+
description: string;
|
|
285
|
+
kind: "bash";
|
|
286
|
+
} | {
|
|
287
|
+
description: string;
|
|
288
|
+
kind: "mcp";
|
|
289
|
+
verb: string;
|
|
290
|
+
example: string;
|
|
291
|
+
} | {
|
|
292
|
+
command: string;
|
|
293
|
+
description: string;
|
|
294
|
+
kind: "ask";
|
|
295
|
+
})[] | undefined;
|
|
174
296
|
}, {
|
|
175
297
|
name: string;
|
|
176
298
|
description: string;
|
|
@@ -192,6 +314,20 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
192
314
|
};
|
|
193
315
|
hook: string;
|
|
194
316
|
enforcement: "warn" | "block";
|
|
317
|
+
producers?: ({
|
|
318
|
+
command: string;
|
|
319
|
+
description: string;
|
|
320
|
+
kind: "bash";
|
|
321
|
+
} | {
|
|
322
|
+
description: string;
|
|
323
|
+
kind: "mcp";
|
|
324
|
+
verb: string;
|
|
325
|
+
example: string;
|
|
326
|
+
} | {
|
|
327
|
+
command: string;
|
|
328
|
+
description: string;
|
|
329
|
+
kind: "ask";
|
|
330
|
+
})[] | undefined;
|
|
195
331
|
}>;
|
|
196
332
|
export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodObject<{
|
|
197
333
|
name: z.ZodString;
|
|
@@ -282,6 +418,46 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
282
418
|
}>;
|
|
283
419
|
hook: z.ZodString;
|
|
284
420
|
enforcement: z.ZodEnum<["block", "warn"]>;
|
|
421
|
+
producers: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
422
|
+
kind: z.ZodLiteral<"bash">;
|
|
423
|
+
command: z.ZodString;
|
|
424
|
+
description: z.ZodString;
|
|
425
|
+
}, "strict", z.ZodTypeAny, {
|
|
426
|
+
command: string;
|
|
427
|
+
description: string;
|
|
428
|
+
kind: "bash";
|
|
429
|
+
}, {
|
|
430
|
+
command: string;
|
|
431
|
+
description: string;
|
|
432
|
+
kind: "bash";
|
|
433
|
+
}>, z.ZodObject<{
|
|
434
|
+
kind: z.ZodLiteral<"mcp">;
|
|
435
|
+
verb: z.ZodString;
|
|
436
|
+
example: z.ZodString;
|
|
437
|
+
description: z.ZodString;
|
|
438
|
+
}, "strict", z.ZodTypeAny, {
|
|
439
|
+
description: string;
|
|
440
|
+
kind: "mcp";
|
|
441
|
+
verb: string;
|
|
442
|
+
example: string;
|
|
443
|
+
}, {
|
|
444
|
+
description: string;
|
|
445
|
+
kind: "mcp";
|
|
446
|
+
verb: string;
|
|
447
|
+
example: string;
|
|
448
|
+
}>, z.ZodObject<{
|
|
449
|
+
kind: z.ZodLiteral<"ask">;
|
|
450
|
+
command: z.ZodString;
|
|
451
|
+
description: z.ZodString;
|
|
452
|
+
}, "strict", z.ZodTypeAny, {
|
|
453
|
+
command: string;
|
|
454
|
+
description: string;
|
|
455
|
+
kind: "ask";
|
|
456
|
+
}, {
|
|
457
|
+
command: string;
|
|
458
|
+
description: string;
|
|
459
|
+
kind: "ask";
|
|
460
|
+
}>]>, "many">>;
|
|
285
461
|
}, "strict", z.ZodTypeAny, {
|
|
286
462
|
name: string;
|
|
287
463
|
description: string;
|
|
@@ -303,6 +479,20 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
303
479
|
};
|
|
304
480
|
hook: string;
|
|
305
481
|
enforcement: "warn" | "block";
|
|
482
|
+
producers?: ({
|
|
483
|
+
command: string;
|
|
484
|
+
description: string;
|
|
485
|
+
kind: "bash";
|
|
486
|
+
} | {
|
|
487
|
+
description: string;
|
|
488
|
+
kind: "mcp";
|
|
489
|
+
verb: string;
|
|
490
|
+
example: string;
|
|
491
|
+
} | {
|
|
492
|
+
command: string;
|
|
493
|
+
description: string;
|
|
494
|
+
kind: "ask";
|
|
495
|
+
})[] | undefined;
|
|
306
496
|
}, {
|
|
307
497
|
name: string;
|
|
308
498
|
description: string;
|
|
@@ -324,6 +514,20 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
324
514
|
};
|
|
325
515
|
hook: string;
|
|
326
516
|
enforcement: "warn" | "block";
|
|
517
|
+
producers?: ({
|
|
518
|
+
command: string;
|
|
519
|
+
description: string;
|
|
520
|
+
kind: "bash";
|
|
521
|
+
} | {
|
|
522
|
+
description: string;
|
|
523
|
+
kind: "mcp";
|
|
524
|
+
verb: string;
|
|
525
|
+
example: string;
|
|
526
|
+
} | {
|
|
527
|
+
command: string;
|
|
528
|
+
description: string;
|
|
529
|
+
kind: "ask";
|
|
530
|
+
})[] | undefined;
|
|
327
531
|
}>, {
|
|
328
532
|
name: string;
|
|
329
533
|
description: string;
|
|
@@ -345,6 +549,20 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
345
549
|
};
|
|
346
550
|
hook: string;
|
|
347
551
|
enforcement: "warn" | "block";
|
|
552
|
+
producers?: ({
|
|
553
|
+
command: string;
|
|
554
|
+
description: string;
|
|
555
|
+
kind: "bash";
|
|
556
|
+
} | {
|
|
557
|
+
description: string;
|
|
558
|
+
kind: "mcp";
|
|
559
|
+
verb: string;
|
|
560
|
+
example: string;
|
|
561
|
+
} | {
|
|
562
|
+
command: string;
|
|
563
|
+
description: string;
|
|
564
|
+
kind: "ask";
|
|
565
|
+
})[] | undefined;
|
|
348
566
|
}, {
|
|
349
567
|
name: string;
|
|
350
568
|
description: string;
|
|
@@ -366,6 +584,20 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
366
584
|
};
|
|
367
585
|
hook: string;
|
|
368
586
|
enforcement: "warn" | "block";
|
|
587
|
+
producers?: ({
|
|
588
|
+
command: string;
|
|
589
|
+
description: string;
|
|
590
|
+
kind: "bash";
|
|
591
|
+
} | {
|
|
592
|
+
description: string;
|
|
593
|
+
kind: "mcp";
|
|
594
|
+
verb: string;
|
|
595
|
+
example: string;
|
|
596
|
+
} | {
|
|
597
|
+
command: string;
|
|
598
|
+
description: string;
|
|
599
|
+
kind: "ask";
|
|
600
|
+
})[] | undefined;
|
|
369
601
|
}>, "many">, {
|
|
370
602
|
name: string;
|
|
371
603
|
description: string;
|
|
@@ -387,6 +619,20 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
387
619
|
};
|
|
388
620
|
hook: string;
|
|
389
621
|
enforcement: "warn" | "block";
|
|
622
|
+
producers?: ({
|
|
623
|
+
command: string;
|
|
624
|
+
description: string;
|
|
625
|
+
kind: "bash";
|
|
626
|
+
} | {
|
|
627
|
+
description: string;
|
|
628
|
+
kind: "mcp";
|
|
629
|
+
verb: string;
|
|
630
|
+
example: string;
|
|
631
|
+
} | {
|
|
632
|
+
command: string;
|
|
633
|
+
description: string;
|
|
634
|
+
kind: "ask";
|
|
635
|
+
})[] | undefined;
|
|
390
636
|
}[], {
|
|
391
637
|
name: string;
|
|
392
638
|
description: string;
|
|
@@ -408,5 +654,20 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
408
654
|
};
|
|
409
655
|
hook: string;
|
|
410
656
|
enforcement: "warn" | "block";
|
|
657
|
+
producers?: ({
|
|
658
|
+
command: string;
|
|
659
|
+
description: string;
|
|
660
|
+
kind: "bash";
|
|
661
|
+
} | {
|
|
662
|
+
description: string;
|
|
663
|
+
kind: "mcp";
|
|
664
|
+
verb: string;
|
|
665
|
+
example: string;
|
|
666
|
+
} | {
|
|
667
|
+
command: string;
|
|
668
|
+
description: string;
|
|
669
|
+
kind: "ask";
|
|
670
|
+
})[] | undefined;
|
|
411
671
|
}[]>;
|
|
412
672
|
export type Policy = z.infer<typeof PolicySchema>;
|
|
673
|
+
export type Producer = z.infer<typeof ProducerSchema>;
|
package/dist/schema/policies.js
CHANGED
|
@@ -12,6 +12,45 @@ export const PolicyTriggerSchema = z
|
|
|
12
12
|
})
|
|
13
13
|
.strict();
|
|
14
14
|
export const PolicyEnforcementSchema = z.enum(["block", "warn"]);
|
|
15
|
+
// `producers:` is the structured remediation hint the policy engine
|
|
16
|
+
// appends to the deny envelope. Each entry tells the agent ONE concrete
|
|
17
|
+
// way to produce the ledger evidence that would unblock the gate.
|
|
18
|
+
// Three kinds today:
|
|
19
|
+
// bash — shell command the agent can run (gated by the Bash hook).
|
|
20
|
+
// mcp — MCP tool call (NOT gated by the Bash hook; the ungated
|
|
21
|
+
// recovery path for lockout scenarios — see [[feedback_understanding_gate_lockout_recovery]]).
|
|
22
|
+
// ask — bare bash command the harness pre-tool-use hook escapes
|
|
23
|
+
// via ask-path semantics (e.g. `harness approve understanding`).
|
|
24
|
+
// Operator's "go" on the prompt IS the approval.
|
|
25
|
+
//
|
|
26
|
+
// At least one `mcp` producer is required when the field is set, so an
|
|
27
|
+
// agent that gets blocked by an unrelated gate (e.g. understanding-gate
|
|
28
|
+
// has Bash locked down entirely) still has an ungated recovery path
|
|
29
|
+
// (PR agent-tasks/3804b785).
|
|
30
|
+
export const ProducerSchema = z.discriminatedUnion("kind", [
|
|
31
|
+
z
|
|
32
|
+
.object({
|
|
33
|
+
kind: z.literal("bash"),
|
|
34
|
+
command: z.string().min(1),
|
|
35
|
+
description: z.string().min(1),
|
|
36
|
+
})
|
|
37
|
+
.strict(),
|
|
38
|
+
z
|
|
39
|
+
.object({
|
|
40
|
+
kind: z.literal("mcp"),
|
|
41
|
+
verb: z.string().min(1),
|
|
42
|
+
example: z.string().min(1),
|
|
43
|
+
description: z.string().min(1),
|
|
44
|
+
})
|
|
45
|
+
.strict(),
|
|
46
|
+
z
|
|
47
|
+
.object({
|
|
48
|
+
kind: z.literal("ask"),
|
|
49
|
+
command: z.string().min(1),
|
|
50
|
+
description: z.string().min(1),
|
|
51
|
+
})
|
|
52
|
+
.strict(),
|
|
53
|
+
]);
|
|
15
54
|
export const PolicySchema = z
|
|
16
55
|
.object({
|
|
17
56
|
name: z.string().min(1),
|
|
@@ -20,6 +59,7 @@ export const PolicySchema = z
|
|
|
20
59
|
requires: RequiresSchema,
|
|
21
60
|
hook: z.string().min(1),
|
|
22
61
|
enforcement: PolicyEnforcementSchema,
|
|
62
|
+
producers: z.array(ProducerSchema).min(1).optional(),
|
|
23
63
|
})
|
|
24
64
|
.strict()
|
|
25
65
|
.superRefine((policy, ctx) => {
|
|
@@ -36,6 +76,16 @@ export const PolicySchema = z
|
|
|
36
76
|
});
|
|
37
77
|
}
|
|
38
78
|
}
|
|
79
|
+
if (policy.producers !== undefined) {
|
|
80
|
+
const hasMcp = policy.producers.some((p) => p.kind === "mcp");
|
|
81
|
+
if (!hasMcp) {
|
|
82
|
+
ctx.addIssue({
|
|
83
|
+
code: z.ZodIssueCode.custom,
|
|
84
|
+
path: ["producers"],
|
|
85
|
+
message: "at least one producer with kind:mcp is required so agents have an ungated recovery path when the Bash hook is locked down",
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
}
|
|
39
89
|
});
|
|
40
90
|
export const PoliciesSchema = z.array(PolicySchema).superRefine((policies, ctx) => {
|
|
41
91
|
const seen = new Set();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policies.js","sourceRoot":"","sources":["../../src/schema/policies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEvF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,KAAK,EAAE,eAAe;IACtB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAEjE,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,OAAO,EAAE,mBAAmB;IAC5B,QAAQ,EAAE,cAAc;IACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,uBAAuB;
|
|
1
|
+
{"version":3,"file":"policies.js","sourceRoot":"","sources":["../../src/schema/policies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEvF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,KAAK,EAAE,eAAe;IACtB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAEjE,oEAAoE;AACpE,wEAAwE;AACxE,kEAAkE;AAClE,qBAAqB;AACrB,qEAAqE;AACrE,kEAAkE;AAClE,wGAAwG;AACxG,mEAAmE;AACnE,0EAA0E;AAC1E,0DAA0D;AAC1D,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,oEAAoE;AACpE,6BAA6B;AAC7B,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACzD,CAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,MAAM,EAAE;IACX,CAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,MAAM,EAAE;IACX,CAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,MAAM,EAAE;CACZ,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,OAAO,EAAE,mBAAmB;IAC5B,QAAQ,EAAE,cAAc;IACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,uBAAuB;IACpC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC3B,MAAM,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IACpE,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,iBAAiB,CAAC,CAAC,CAAC;YAAE,SAAS;QACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;gBAChC,OAAO,EAAE,qCAAqC,CAAC,sDAAsD;aACtG,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,WAAW,CAAC;gBACnB,OAAO,EACL,2HAA2H;aAC9H,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE;IAChF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC;gBACjB,OAAO,EAAE,0BAA0B,CAAC,CAAC,IAAI,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lannguyensi/harness",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.16.0",
|
|
4
4
|
"description": "Declarative control plane for agent harnesses — one YAML for grounding, tools, memory, and hooks.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"homepage": "https://github.com/LanNguyenSi/harness",
|
|
@@ -37,6 +37,7 @@
|
|
|
37
37
|
"test:watch": "vitest",
|
|
38
38
|
"test:cov": "vitest run --coverage",
|
|
39
39
|
"typecheck": "tsc --noEmit",
|
|
40
|
+
"check:ug-schema-drift": "node scripts/check-ug-schema-drift.mjs",
|
|
40
41
|
"prepublishOnly": "npm run build"
|
|
41
42
|
},
|
|
42
43
|
"dependencies": {
|