@lannguyensi/harness 0.17.0 → 0.17.1

package/CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 
 ## [Unreleased]
 
+## [0.17.1] - 2026-05-17
+
+**Headline: Solo + Team templates ship `ux:` defaults for parity with Full + Custom.** v0.17.0 wired `ux:` into `init --template full` and `init --interactive` Custom branch, but the Solo and Team profiles in `src/cli/init/profiles.ts` were missed, so wizard users picking either of those got the new release without the UX fix. This patch closes the gap: Solo's understanding-before-execution pack and Team's pack + review-before-merge policy now ship the same plain-language `{ cannot, required, run }` defaults. Existing installs still need to opt in by re-running `init --force` or hand-editing their manifest. Backing task: agent-tasks/60bc93e5.
+
+### Changed
+
+- `src/cli/init/profiles.ts`: Solo and Team templates emit `ux:` defaults matching the Full + Custom shape (agent-tasks/60bc93e5).
+
 ## [0.17.0] - 2026-05-17
 
 **Headline: agent-facing policy block messages stop leaking engine vocabulary.** A new optional `ux: { cannot, required[], run[] }` field on every policy and on the understanding-before-execution pack config replaces deny envelopes like `no matching ledger entry for tag preflight:harness` with a plain-language three-section message:

package/dist/cli/init/profiles.d.ts

@@ -1,2 +1,2 @@
-export declare const SOLO_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template solo`.\n#\n# Single-operator profile: memory-router for cross-conversation memory\n# routing + understanding-before-execution policy pack to force an\n# explicit interpretation confirmation before any write-capable tool\n# fires. No agent-tasks loop (use --template team if you want PR\n# review-gating).\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n";
-export declare const TEAM_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template team`.\n#\n# Solo profile + agent-tasks MCP + the review-before-merge policy. Block\n# pull_requests_merge MCP calls unless a ledger entry tagged\n# review:<pr-number> exists for the current grounding session, the\n# standard team workflow where every PR gets a review-subagent pass\n# before it can land.\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  mcp:\n    - name: agent-tasks\n      # Zero-setup entry: `@agent-tasks/mcp-bridge` exposes the\n      # `agent-tasks-mcp-bridge` binary on PATH after\n      # `npm i -g @agent-tasks/mcp-bridge`. The bridge owns token\n      # storage (OS keychain or file fallback) and defaults the base\n      # URL to https://agent-tasks.opentriologue.ai, so no env is\n      # required here. Override with `AGENT_TASKS_BASE_URL` /\n      # `AGENT_TASKS_TOKEN` if you self-host or want explicit creds.\n      command: [agent-tasks-mcp-bridge]\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      # `grounding-mcp` bin is published in `@lannguyensi/grounding-mcp`.\n      # `harness init` offers to `npm i -g` it for you. No env is set:\n      # the bundled default resolves to `~/.evidence-ledger/ledger.db`\n      # via os.homedir() at startup. Passing a literal tilde in env\n      # bypasses shell expansion and creates rogue cwd-relative DB files\n      # (see agent-tasks/42d224a6 incident).\n      command: [grounding-mcp]\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    # The built-in `harness policy intercept` CLI verb is the generic\n    # deny-on-missing-evidence hook entrypoint. It reads the tool event\n    # JSON on stdin, evaluates all policies whose triggers match, emits\n    # Claude Code's deny envelope on block. Using it here removes the\n    # need to ship a per-policy shell script under ~/.claude/hooks/ for\n    # the team setup; operators with custom logic can swap in their own\n    # script path.\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n";
+export declare const SOLO_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template solo`.\n#\n# Single-operator profile: memory-router for cross-conversation memory\n# routing + understanding-before-execution policy pack to force an\n# explicit interpretation confirmation before any write-capable tool\n# fires. No agent-tasks loop (use --template team if you want PR\n# review-gating).\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # ux (agent-tasks/60bc93e5): replaces the legacy engine-vocabulary\n      # deny envelope with the plain-language { cannot, required, run }\n      # shape. Engine details still land in stderr for operator audit;\n      # the agent only sees this.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n";
+export declare const TEAM_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template team`.\n#\n# Solo profile + agent-tasks MCP + the review-before-merge policy. Block\n# pull_requests_merge MCP calls unless a ledger entry tagged\n# review:<pr-number> exists for the current grounding session, the\n# standard team workflow where every PR gets a review-subagent pass\n# before it can land.\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  mcp:\n    - name: agent-tasks\n      # Zero-setup entry: `@agent-tasks/mcp-bridge` exposes the\n      # `agent-tasks-mcp-bridge` binary on PATH after\n      # `npm i -g @agent-tasks/mcp-bridge`. The bridge owns token\n      # storage (OS keychain or file fallback) and defaults the base\n      # URL to https://agent-tasks.opentriologue.ai, so no env is\n      # required here. Override with `AGENT_TASKS_BASE_URL` /\n      # `AGENT_TASKS_TOKEN` if you self-host or want explicit creds.\n      command: [agent-tasks-mcp-bridge]\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      # `grounding-mcp` bin is published in `@lannguyensi/grounding-mcp`.\n      # `harness init` offers to `npm i -g` it for you. No env is set:\n      # the bundled default resolves to `~/.evidence-ledger/ledger.db`\n      # via os.homedir() at startup. Passing a literal tilde in env\n      # bypasses shell expansion and creates rogue cwd-relative DB files\n      # (see agent-tasks/42d224a6 incident).\n      command: [grounding-mcp]\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    # The built-in `harness policy intercept` CLI verb is the generic\n    # deny-on-missing-evidence hook entrypoint. It reads the tool event\n    # JSON on stdin, evaluates all policies whose triggers match, emits\n    # Claude Code's deny envelope on block. Using it here removes the\n    # need to ship a per-policy shell script under ~/.claude/hooks/ for\n    # the team setup; operators with custom logic can swap in their own\n    # script path.\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n    ux:\n      cannot: \"You cannot merge PR #${PR_NUMBER} yet.\"\n      required:\n        - \"a recorded review of PR #${PR_NUMBER}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\" }'\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # ux (agent-tasks/60bc93e5): same shape as Solo's pack ux.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n";

package/dist/cli/init/profiles.js

@@ -68,6 +68,17 @@ policy_packs:
     description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.
     config:
       mode: grill_me
+      # ux (agent-tasks/60bc93e5): replaces the legacy engine-vocabulary
+      # deny envelope with the plain-language { cannot, required, run }
+      # shape. Engine details still land in stderr for operator audit;
+      # the agent only sees this.
+      ux:
+        cannot: "You cannot use write-capable tools yet."
+        required:
+          - "an approved Understanding Report for this session"
+        run:
+          - "Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan"
+          - "Run \`harness approve understanding\` and approve the prompt"
 `;
 export const TEAM_TEMPLATE = `# ~/.claude/harness.yaml
 #
@@ -166,6 +177,12 @@ policies:
       ledger_tag: "review:\${PR_NUMBER}"
     hook: require-review-evidence
     enforcement: block
+    ux:
+      cannot: "You cannot merge PR #\${PR_NUMBER} yet."
+      required:
+        - "a recorded review of PR #\${PR_NUMBER}"
+      run:
+        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "review:\${PR_NUMBER} — <verdict + key findings + nits>" }'
 
 policy_packs:
   - name: understanding-before-execution
@@ -174,5 +191,13 @@ policy_packs:
     description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.
     config:
       mode: grill_me
+      # ux (agent-tasks/60bc93e5): same shape as Solo's pack ux.
+      ux:
+        cannot: "You cannot use write-capable tools yet."
+        required:
+          - "an approved Understanding Report for this session"
+        run:
+          - "Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan"
+          - "Run \`harness approve understanding\` and approve the prompt"
 `;
 //# sourceMappingURL=profiles.js.map

package/dist/cli/init/profiles.js.map

@@ -1 +1 @@
-{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../src/cli/init/profiles.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,uEAAuE;AACvE,yCAAyC;AACzC,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,kEAAkE;AAClE,kEAAkE;AAClE,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,kEAAkE;AAClE,gDAAgD;AAChD,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AAExE,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmD5B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyG5B,CAAC"}
+{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../src/cli/init/profiles.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,uEAAuE;AACvE,yCAAyC;AACzC,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,kEAAkE;AAClE,kEAAkE;AAClE,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,kEAAkE;AAClE,gDAAgD;AAChD,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AAExE,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8D5B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuH5B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lannguyensi/harness",
-  "version": "0.17.0",
+  "version": "0.17.1",
   "description": "Declarative control plane for agent harnesses — one YAML for grounding, tools, memory, and hooks.",
   "license": "MIT",
   "homepage": "https://github.com/LanNguyenSi/harness",