@lannguyensi/harness 0.23.1 → 0.23.2

package/CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 
 ## [Unreleased]
 
+## [0.23.2] - 2026-05-18
+
+**Headline: policy-gate hint clarification + smoke flake.** Three PRs all merged today. PR #206 + PR #207 close the silent-fail trap on ledger_add hints in policy `ux.run` and `producers[].example`: the prior form named the required content tag but NOT the `sessionId` parameter, so an operator binding `sessionId` to the tag UUID (the natural assumption since the tag literally contains the task / PR number / branch) saw the same opaque rejection repeated. The two PRs sweep both rendering surfaces plus the operator-facing doc-prose. PR #208 bumps a flaky smoke-test wall-clock assertion (4500ms to 7000ms) that under CI load caused `npm test` to occasionally fail and confused downstream `preflight run .` into a false `npm-test: fail` blocker. **Operator action**: re-run `harness apply` (or `harness init --force`) to regenerate `settings.json` with the updated policy hints.
+
+### Fixed
+
+- **Flaky `smoke.test.ts` SIGKILL escalation upper bound bumped from 4500ms to 7000ms** (agent-tasks/595ba01e, PR #208). The "escalates to SIGKILL when the child traps SIGTERM" test asserted wall-clock elapsed `< 4500ms` (200ms budget + 2000ms grace + epsilon), but under CI load the actual escalation was observed at ~4756ms, causing the test to flake roughly once per ~20 full-suite runs. Downstream impact was particularly bad: when this flake fired during `npm test`, `preflight run .` reported `npm-test: fail` and the pre-push gate blocked. Bumped the bound to 7000ms with an explaining comment naming the observed worst-case + headroom rationale. Regression-detection floor preserved (a real 6s+ cleanup bug still trips the assertion). If the flake reoccurs at the new bound, the follow-up direction is a deterministic refactor (fake timers + stubbed SIGTERM dance) per the task's Option B.
+- **Policy `producers[].example` strings + doc-prose snippets now name the `sessionId` parameter** (agent-tasks/76f46488, PR #207). Sweep of the fallback surfaces PR #206 left behind. `producers[].example` feeds the engine-vocabulary deny envelope when an operator strips `ux:` from their manifest, so the same silent-fail trap was reachable one fallback away. Updated 8 `producers[].example` sites in `src/cli/init/templates.ts` plus 8 mirrors each in `docs/examples/full-manifest.yaml` and `full-manifest.expected.yaml`. Two operator-facing doc-prose examples in `docs/for-humans.md` and `docs/writing-custom-policies.md` also updated so the inline ux pattern in the authoring guide matches the rendered output. New pin-test in `tests/cli/init-composer.test.ts` parses FULL_TEMPLATE and asserts every `producers[].example` for `mcp__agent-grounding__ledger_add` includes `sessionId:"${SESSION_ID}"` (asserts >=8 so a dropped site fails the test). Operator action: same as #206, re-run `harness apply` to regenerate `settings.json` with the updated hints.
+- **Policy `ux.run` examples for `mcp__agent-grounding__ledger_add` now name the `sessionId` parameter** (agent-tasks/426e7049, PR #206). When a policy gate (`review-before-merge`, `review-before-merge-bash`, `review-subagent-before-pr-create`, `review-subagent-before-pr-create-bash`, `dogfood-before-release`) blocked an MCP/Bash call, the rendered hint named the required content tag but NOT which `sessionId` to pass. The runtime gate evaluates against the current Claude session id, so an operator who bound `sessionId` to the tag UUID (the natural assumption, since the tag literally contains the task / PR number) saw the same opaque rejection repeated. Now all four `ux.run` lines emit `mcp__agent-grounding__ledger_add { sessionId: "${SESSION_ID}", type: "fact", content: "..." }` so the binding is explicit. **Operator action**: re-run `harness apply` (or `harness init --force`) to regenerate `settings.json` with the updated hints; existing operators see no functional change in gate behaviour, only clearer hints on the next block. New pin-test in `tests/cli/init-composer.test.ts` asserts every ledger-add-producing policy includes the sessionId in its example.
+
 ## [0.23.1] - 2026-05-18
 
 **Headline: memory-router wiring hotfix.** Same-day patch on v0.23.0. The Full profile's `memory.router` declaration was never translated into a UserPromptSubmit hook by `harness apply` — operators saw the wizard report `memory-router-user-prompt-submit (already installed)` but the binary never actually fired because `settings.json` / `config.toml` only got the understanding-gate hook. PR #203 closes the wiring gap on both runtimes; PR #204 is the defence pair that reserves the `memory:` hook-name prefix at schema validation time so the synthetic projection can't silently collide with an operator-declared hook of the same name. **Operator action**: re-run `harness apply` (or `harness init --force`) to pick up the wiring; the synthetic hook fires alongside the gate.

package/dist/cli/init/composer.js

@@ -159,7 +159,7 @@ const POLICY = {
             cannot: "You cannot merge PR #${PR_NUMBER} yet.",
             required: ["a recorded review of PR #${PR_NUMBER}"],
             run: [
-                'mcp__agent-grounding__ledger_add { type: "fact", content: "review:${PR_NUMBER} — <verdict + key findings + nits>" }',
+                'mcp__agent-grounding__ledger_add { sessionId: "${SESSION_ID}", type: "fact", content: "review:${PR_NUMBER} — <verdict + key findings + nits>" }',
             ],
         },
     },
@@ -195,7 +195,7 @@ const POLICY = {
             cannot: "You cannot open a pull request for task ${TASK_ID} yet.",
             required: ["a completed review-subagent pass on this task"],
             run: [
-                'mcp__agent-grounding__ledger_add { type: "fact", content: "review-subagent:${TASK_ID} — <verdict + key findings + nits>" }',
+                'mcp__agent-grounding__ledger_add { sessionId: "${SESSION_ID}", type: "fact", content: "review-subagent:${TASK_ID} — <verdict + key findings + nits>" }',
             ],
         },
     },
@@ -240,7 +240,7 @@ const POLICY = {
             cannot: "You cannot publish a release yet.",
             required: ["an end-to-end dogfood run in this session"],
             run: [
-                'mcp__agent-grounding__ledger_add { type: "fact", content: "dogfood:${SESSION_ID} — <end-to-end smoke summary>" }',
+                'mcp__agent-grounding__ledger_add { sessionId: "${SESSION_ID}", type: "fact", content: "dogfood:${SESSION_ID} — <end-to-end smoke summary>" }',
             ],
         },
     },

package/dist/cli/init/composer.js.map

@@ -1 +1 @@
-{"version":3,"file":"composer.js","sourceRoot":"","sources":["../../../src/cli/init/composer.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,qEAAqE;AACrE,kEAAkE;AAClE,WAAW;AACX,EAAE;AACF,+DAA+D;AAC/D,4DAA4D;AAC5D,gEAAgE;AAChE,iEAAiE;AACjE,wDAAwD;AACxD,2DAA2D;AAC3D,qEAAqE;AACrE,uEAAuE;AACvE,gCAAgC;AAChC,EAAE;AACF,kEAAkE;AAClE,6DAA6D;AAC7D,wEAAwE;AACxE,yDAAyD;AACzD,kBAAkB;AAElB,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAsBjC,MAAM,CAAC,MAAM,gBAAgB,GAAmD;IAC9E;QACE,GAAG,EAAE,gCAAgC;QACrC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,wGAAwG;KAC3G;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EACT,2SAA2S;KAC9S;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAkD;IAC5E;QACE,GAAG,EAAE,aAAa;QAClB,KAAK,EAAE,aAAa;QACpB,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,GAAG,EAAE,eAAe;QACpB,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,GAAG,EAAE,eAAe;QACpB,KAAK,EAAE,6DAA6D;QACpE,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,KAAK,EAAE,qEAAqE;QAC5E,WAAW,EACT,8JAA8J;KACjK;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAqD;IACnF;QACE,GAAG,EAAE,qBAAqB;QAC1B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EACT,8FAA8F;KACjG;IACD;QACE,GAAG,EAAE,gCAAgC;QACrC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;KAC5G;IACD;QACE,GAAG,EAAE,kCAAkC;QACvC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,sGAAsG;KACzG;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,mGAAmG;KACtG;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,gHAAgH;KACnH;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,KAAK,EAAE,uEAAuE;QAC9E,WAAW,EACT,oGAAoG;KACvG;CACF,CAAC;AAuDF,MAAM,eAAe,GAAsC;IACzD,qBAAqB,EAAE;QACrB,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,gCAAgC,EAAE;QAChC,IAAI,EAAE,4BAA4B;QAClC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,MAAM;QACb,UAAU,EACR,oFAAoF;QACtF,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,kCAAkC,EAAE;QAClC,IAAI,EAAE,kCAAkC;QACxC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,wCAAwC;QAC/C,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,iCAAiC;QACvC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,MAAM;QACb,UAAU,EAAE,gEAAgE;QAC5E,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,0BAA0B;QAChC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,MAAM;QACb,UAAU,EACR,+EAA+E;QACjF,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,uEAAuE;IACvE,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,oDAAoD;IACpD,wBAAwB,EAAE;QACxB,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;CACF,CAAC;AAEF,MAAM,MAAM,GAAwC;IAClD,qBAAqB,EAAE;QACrB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EACT,0FAA0F;QAC5F,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,uCAAuC;YAC9C,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,EAAE;SAC5C;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,qBAAqB,EAAE;QAC/C,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,wCAAwC;YAChD,QAAQ,EAAE,CAAC,uCAAuC,CAAC;YACnD,GAAG,EAAE;gBACH,qHAAqH;aACtH;SACF;KACF;IACD,gCAAgC,EAAE;QAChC,IAAI,EAAE,gCAAgC;QACtC,WAAW,EACT,wIAAwI;QAC1I,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,MAAM;YACb,UAAU,EACR,oFAAoF;SACvF;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE;QAC3D,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,6CAA6C;YACrD,QAAQ,EAAE,CAAC,+BAA+B,CAAC;YAC3C,GAAG,EAAE,CAAC,mBAAmB,CAAC;SAC3B;KACF;IACD,kCAAkC,EAAE;QAClC,IAAI,EAAE,kCAAkC;QACxC,WAAW,EACT,qKAAqK;QACvK,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,wCAAwC;YAC/C,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,4BAA4B,EAAE;QACtD,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,yDAAyD;YACjE,QAAQ,EAAE,CAAC,+CAA+C,CAAC;YAC3D,GAAG,EAAE;gBACH,4HAA4H;aAC7H;SACF;KACF;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EACT,+JAA+J;QACjK,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,MAAM;YACb,UAAU,EAAE,gEAAgE;SAC7E;QACD,QAAQ,EAAE;YACR,UAAU,EAAE,qBAAqB;YACjC,MAAM,EAAE,KAAK;YACb,+DAA+D;YAC/D,gEAAgE;YAChE,uDAAuD;YACvD,OAAO,EAAE,IAAI;SACd;QACD,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,uCAAuC;YAC/C,QAAQ,EAAE;gBACR,iNAAiN;aAClN;YACD,GAAG,EAAE,CAAC,mBAAmB,CAAC;SAC3B;KACF;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,uEAAuE;QACpF,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,MAAM;YACb,UAAU,EACR,+EAA+E;SAClF;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;QAChE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,mCAAmC;YAC3C,QAAQ,EAAE,CAAC,2CAA2C,CAAC;YACvD,GAAG,EAAE;gBACH,kHAAkH;aACnH;SACF;KACF;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,uCAAuC;YAC9C,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,EAAE;SAC5C;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,qBAAqB,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;QAClE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,MAAM;QACnB,8DAA8D;QAC9D,gEAAgE;QAChE,yBAAyB;KAC1B;CACF,CAAC;AAWF,MAAM,SAAS,GAA6D;IAC1E,aAAa,EAAE;QACb,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,CAAC,wBAAwB,CAAC;QACnC,WAAW,EAAE,OAAO;QACpB,MAAM,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,IAAI,EAAE;QACnD,OAAO,EAAE,IAAI;KACd;IACD,eAAe,EAAE;QACf,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,CAAC,eAAe,CAAC;QAC1B,WAAW,EAAE,OAAO;QACpB,MAAM,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,IAAI,EAAE;QACnD,OAAO,EAAE,IAAI;KACd;IACD,qEAAqE;IACrE,mEAAmE;IACnE,qEAAqE;IACrE,oEAAoE;IACpE,mEAAmE;IACnE,uEAAuE;IACvE,iEAAiE;IACjE,gEAAgE;IAChE,oDAAoD;IACpD,iBAAiB,EAAE;QACjB,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,CAAC,iBAAiB,EAAE,KAAK,CAAC;QACnC,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,MAAM,MAAM,GAAG;IACb,0BAA0B;IAC1B,GAAG;IACH,kEAAkE;IAClE,GAAG;IACH,mEAAmE;IACnE,+CAA+C;IAC/C,EAAE;CACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,UAAU,aAAa,CAAC,GAAoB;IAChD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEjC,uEAAuE;IACvE,oEAAoE;IACpE,sEAAsE;IACtE,kEAAkE;IAClE,qEAAqE;IACrE,6DAA6D;IAC7D,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/E,QAAQ,CAAC,IAAI,CACX,uJAAuJ,CACxJ,CAAC;IACJ,CAAC;IACD,IACE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,kCAAkC,CAAC;QACzD,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAC1B,CAAC;QACD,QAAQ,CAAC,IAAI,CACX,oKAAoK,CACrK,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAClF,QAAQ,CAAC,IAAI,CACX,0JAA0J,CAC3J,CAAC;IACJ,CAAC;IACD,uEAAuE;IACvE,sEAAsE;IACtE,qEAAqE;IACrE,sEAAsE;IACtE,cAAc;IACd,IACE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,gCAAgC,CAAC;QACvD,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAC5B,CAAC;QACD,QAAQ,CAAC,IAAI,CACX,8PAA8P,CAC/P,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACnF,QAAQ,CAAC,IAAI,CACX,uPAAuP,CACxP,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACpF,QAAQ,CAAC,IAAI,CACX,oOAAoO,CACrO,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CACX,oRAAoR,CACrR,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAA4B;QACxC,OAAO,EAAE,CAAC;QACV,SAAS,EAAE;YACT,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,oBAAoB,EAAE;YAC9D,eAAe,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE,cAAc,EAAE,EAAE,EAAE;SAC9E;QACD,KAAK,EAAE;YACL,OAAO,EAAE;gBACP,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC;aACzF;SACF;QACD,MAAM,EAAE;YACN,WAAW,EAAE;gBACX,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,IAAI,qCAAqC,EAAE,KAAK,EAAE,SAAS,EAAE;aACnF;YACD,SAAS,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE;YACvD,MAAM,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE;SAC7D;KACF,CAAC;IAEF,kEAAkE;IAClE,iEAAiE;IACjE,+DAA+D;IAC/D,eAAe;IACf,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI;SACxB,MAAM,CAAC,CAAC,CAAC,EAA+C,EAAE,CAAC,CAAC,KAAK,eAAe,CAAC;SACjF,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,KAAiC,CAAC,GAAG,GAAG,UAAU,CAAC;IAC/D,CAAC;IAED,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,MAAkC,CAAC,MAAM,GAAG;YACpD,OAAO,EAAE,CAAC,kCAAkC,CAAC;YAC7C,WAAW,EAAE,OAAO;YACpB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,oEAAoE;QACpE,6DAA6D;QAC7D,oEAAoE;QACpE,oEAAoE;QACpE,sBAAsB;QACtB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;QACvC,MAAM,KAAK,GAAe,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YAC7B,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;gBAAE,SAAS;YACvC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QACD,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1C,gEAAgE;YAChE,IAAI,CAAC,KAAK,gCAAgC,EAAE,CAAC;gBAC3C,OAAO;oBACL,IAAI,EAAE,gCAAgC;oBACtC,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,IAAI;oBACb,WAAW,EACT,4HAA4H;oBAC9H,MAAM,EAAE;wBACN,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE;4BACT;gCACE,IAAI,EAAE,KAAK;gCACX,OAAO,EAAE,+BAA+B;gCACxC,WAAW,EACT,sLAAsL;6BACzL;4BACD;gCACE,IAAI,EAAE,MAAM;gCACZ,OAAO,EAAE,+BAA+B;gCACxC,WAAW,EACT,mLAAmL;6BACtL;yBACF;wBACD,EAAE,EAAE;4BACF,MAAM,EAAE,yCAAyC;4BACjD,QAAQ,EAAE,CAAC,mDAAmD,CAAC;4BAC/D,GAAG,EAAE;gCACH,0LAA0L;gCAC1L,4DAA4D;6BAC7D;yBACF;wBACD,sDAAsD;wBACtD,oDAAoD;wBACpD,uDAAuD;wBACvD,kBAAkB,EAAE;4BAClB,oBAAoB,EAAE;gCACpB,+BAA+B;gCAC/B,gCAAgC;gCAChC,uCAAuC;gCACvC,oCAAoC;6BACrC;4BACD,OAAO,EAAE,IAAI;yBACd;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,KAAK,mBAAmB,EAAE,CAAC;gBAC9B,OAAO;oBACL,IAAI,EAAE,mBAAmB;oBACzB,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,IAAI;oBACb,WAAW,EACT,mIAAmI;oBACrI,MAAM,EAAE;wBACN,EAAE,EAAE;4BACF,MAAM,EAAE,0DAA0D;4BAClE,QAAQ,EAAE;gCACR,yEAAyE;6BAC1E;4BACD,GAAG,EAAE;gCACH,kCAAkC;gCAClC,oCAAoC;6BACrC;yBACF;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,MAAM,KAAK,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC"}
+{"version":3,"file":"composer.js","sourceRoot":"","sources":["../../../src/cli/init/composer.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,qEAAqE;AACrE,kEAAkE;AAClE,WAAW;AACX,EAAE;AACF,+DAA+D;AAC/D,4DAA4D;AAC5D,gEAAgE;AAChE,iEAAiE;AACjE,wDAAwD;AACxD,2DAA2D;AAC3D,qEAAqE;AACrE,uEAAuE;AACvE,gCAAgC;AAChC,EAAE;AACF,kEAAkE;AAClE,6DAA6D;AAC7D,wEAAwE;AACxE,yDAAyD;AACzD,kBAAkB;AAElB,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAsBjC,MAAM,CAAC,MAAM,gBAAgB,GAAmD;IAC9E;QACE,GAAG,EAAE,gCAAgC;QACrC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,wGAAwG;KAC3G;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EACT,2SAA2S;KAC9S;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAkD;IAC5E;QACE,GAAG,EAAE,aAAa;QAClB,KAAK,EAAE,aAAa;QACpB,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,GAAG,EAAE,eAAe;QACpB,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,GAAG,EAAE,eAAe;QACpB,KAAK,EAAE,6DAA6D;QACpE,WAAW,EAAE,yDAAyD;KACvE;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,KAAK,EAAE,qEAAqE;QAC5E,WAAW,EACT,8JAA8J;KACjK;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAqD;IACnF;QACE,GAAG,EAAE,qBAAqB;QAC1B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EACT,8FAA8F;KACjG;IACD;QACE,GAAG,EAAE,gCAAgC;QACrC,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;KAC5G;IACD;QACE,GAAG,EAAE,kCAAkC;QACvC,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,sGAAsG;KACzG;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EACT,mGAAmG;KACtG;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,gHAAgH;KACnH;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,KAAK,EAAE,uEAAuE;QAC9E,WAAW,EACT,oGAAoG;KACvG;CACF,CAAC;AAuDF,MAAM,eAAe,GAAsC;IACzD,qBAAqB,EAAE;QACrB,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,gCAAgC,EAAE;QAChC,IAAI,EAAE,4BAA4B;QAClC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,MAAM;QACb,UAAU,EACR,oFAAoF;QACtF,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,kCAAkC,EAAE;QAClC,IAAI,EAAE,kCAAkC;QACxC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,wCAAwC;QAC/C,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,iCAAiC;QACvC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,MAAM;QACb,UAAU,EAAE,gEAAgE;QAC5E,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,0BAA0B;QAChC,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,MAAM;QACb,UAAU,EACR,+EAA+E;QACjF,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;IACD,uEAAuE;IACvE,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,oDAAoD;IACpD,wBAAwB,EAAE;QACxB,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,YAAY;QACnB,KAAK,EAAE,uCAAuC;QAC9C,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,IAAI;KAChB;CACF,CAAC;AAEF,MAAM,MAAM,GAAwC;IAClD,qBAAqB,EAAE;QACrB,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EACT,0FAA0F;QAC5F,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,uCAAuC;YAC9C,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,EAAE;SAC5C;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,qBAAqB,EAAE;QAC/C,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,wCAAwC;YAChD,QAAQ,EAAE,CAAC,uCAAuC,CAAC;YACnD,GAAG,EAAE;gBACH,iJAAiJ;aAClJ;SACF;KACF;IACD,gCAAgC,EAAE;QAChC,IAAI,EAAE,gCAAgC;QACtC,WAAW,EACT,wIAAwI;QAC1I,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,MAAM;YACb,UAAU,EACR,oFAAoF;SACvF;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,EAAE,IAAI,EAAE;QAC3D,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,6CAA6C;YACrD,QAAQ,EAAE,CAAC,+BAA+B,CAAC;YAC3C,GAAG,EAAE,CAAC,mBAAmB,CAAC;SAC3B;KACF;IACD,kCAAkC,EAAE;QAClC,IAAI,EAAE,kCAAkC;QACxC,WAAW,EACT,qKAAqK;QACvK,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,wCAAwC;YAC/C,OAAO,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE;SACxC;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,4BAA4B,EAAE;QACtD,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,yDAAyD;YACjE,QAAQ,EAAE,CAAC,+CAA+C,CAAC;YAC3D,GAAG,EAAE;gBACH,wJAAwJ;aACzJ;SACF;KACF;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EACT,+JAA+J;QACjK,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,MAAM;YACb,UAAU,EAAE,gEAAgE;SAC7E;QACD,QAAQ,EAAE;YACR,UAAU,EAAE,qBAAqB;YACjC,MAAM,EAAE,KAAK;YACb,+DAA+D;YAC/D,gEAAgE;YAChE,uDAAuD;YACvD,OAAO,EAAE,IAAI;SACd;QACD,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,uCAAuC;YAC/C,QAAQ,EAAE;gBACR,iNAAiN;aAClN;YACD,GAAG,EAAE,CAAC,mBAAmB,CAAC;SAC3B;KACF;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,uEAAuE;QACpF,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,MAAM;YACb,UAAU,EACR,+EAA+E;SAClF;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,uBAAuB,EAAE,MAAM,EAAE,KAAK,EAAE;QAChE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,OAAO;QACpB,EAAE,EAAE;YACF,MAAM,EAAE,mCAAmC;YAC3C,QAAQ,EAAE,CAAC,2CAA2C,CAAC;YACvD,GAAG,EAAE;gBACH,8IAA8I;aAC/I;SACF;KACF;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE;YACP,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,uCAAuC;YAC9C,OAAO,EAAE,EAAE,SAAS,EAAE,mBAAmB,EAAE;SAC5C;QACD,QAAQ,EAAE,EAAE,UAAU,EAAE,qBAAqB,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;QAClE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,MAAM;QACnB,8DAA8D;QAC9D,gEAAgE;QAChE,yBAAyB;KAC1B;CACF,CAAC;AAWF,MAAM,SAAS,GAA6D;IAC1E,aAAa,EAAE;QACb,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,CAAC,wBAAwB,CAAC;QACnC,WAAW,EAAE,OAAO;QACpB,MAAM,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,IAAI,EAAE;QACnD,OAAO,EAAE,IAAI;KACd;IACD,eAAe,EAAE;QACf,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,CAAC,eAAe,CAAC;QAC1B,WAAW,EAAE,OAAO;QACpB,MAAM,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,EAAE,IAAI,EAAE;QACnD,OAAO,EAAE,IAAI;KACd;IACD,qEAAqE;IACrE,mEAAmE;IACnE,qEAAqE;IACrE,oEAAoE;IACpE,mEAAmE;IACnE,uEAAuE;IACvE,iEAAiE;IACjE,gEAAgE;IAChE,oDAAoD;IACpD,iBAAiB,EAAE;QACjB,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,CAAC,iBAAiB,EAAE,KAAK,CAAC;QACnC,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF,MAAM,MAAM,GAAG;IACb,0BAA0B;IAC1B,GAAG;IACH,kEAAkE;IAClE,GAAG;IACH,mEAAmE;IACnE,+CAA+C;IAC/C,EAAE;CACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,UAAU,aAAa,CAAC,GAAoB;IAChD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEjC,uEAAuE;IACvE,oEAAoE;IACpE,sEAAsE;IACtE,kEAAkE;IAClE,qEAAqE;IACrE,6DAA6D;IAC7D,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/E,QAAQ,CAAC,IAAI,CACX,uJAAuJ,CACxJ,CAAC;IACJ,CAAC;IACD,IACE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,kCAAkC,CAAC;QACzD,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAC1B,CAAC;QACD,QAAQ,CAAC,IAAI,CACX,oKAAoK,CACrK,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAClF,QAAQ,CAAC,IAAI,CACX,0JAA0J,CAC3J,CAAC;IACJ,CAAC;IACD,uEAAuE;IACvE,sEAAsE;IACtE,qEAAqE;IACrE,sEAAsE;IACtE,cAAc;IACd,IACE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,gCAAgC,CAAC;QACvD,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAC5B,CAAC;QACD,QAAQ,CAAC,IAAI,CACX,8PAA8P,CAC/P,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACnF,QAAQ,CAAC,IAAI,CACX,uPAAuP,CACxP,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACpF,QAAQ,CAAC,IAAI,CACX,oOAAoO,CACrO,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CACX,oRAAoR,CACrR,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAA4B;QACxC,OAAO,EAAE,CAAC;QACV,SAAS,EAAE;YACT,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,oBAAoB,EAAE;YAC9D,eAAe,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE,cAAc,EAAE,EAAE,EAAE;SAC9E;QACD,KAAK,EAAE;YACL,OAAO,EAAE;gBACP,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC;aACzF;SACF;QACD,MAAM,EAAE;YACN,WAAW,EAAE;gBACX,EAAE,IAAI,EAAE,GAAG,CAAC,SAAS,IAAI,qCAAqC,EAAE,KAAK,EAAE,SAAS,EAAE;aACnF;YACD,SAAS,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE;YACvD,MAAM,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE;SAC7D;KACF,CAAC;IAEF,kEAAkE;IAClE,iEAAiE;IACjE,+DAA+D;IAC/D,eAAe;IACf,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI;SACxB,MAAM,CAAC,CAAC,CAAC,EAA+C,EAAE,CAAC,CAAC,KAAK,eAAe,CAAC;SACjF,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,KAAiC,CAAC,GAAG,GAAG,UAAU,CAAC;IAC/D,CAAC;IAED,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,MAAkC,CAAC,MAAM,GAAG;YACpD,OAAO,EAAE,CAAC,kCAAkC,CAAC;YAC7C,WAAW,EAAE,OAAO;YACpB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,oEAAoE;QACpE,6DAA6D;QAC7D,oEAAoE;QACpE,oEAAoE;QACpE,sBAAsB;QACtB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;QACvC,MAAM,KAAK,GAAe,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YAC7B,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;gBAAE,SAAS;YACvC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QACD,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;QACvB,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1C,gEAAgE;YAChE,IAAI,CAAC,KAAK,gCAAgC,EAAE,CAAC;gBAC3C,OAAO;oBACL,IAAI,EAAE,gCAAgC;oBACtC,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,IAAI;oBACb,WAAW,EACT,4HAA4H;oBAC9H,MAAM,EAAE;wBACN,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE;4BACT;gCACE,IAAI,EAAE,KAAK;gCACX,OAAO,EAAE,+BAA+B;gCACxC,WAAW,EACT,sLAAsL;6BACzL;4BACD;gCACE,IAAI,EAAE,MAAM;gCACZ,OAAO,EAAE,+BAA+B;gCACxC,WAAW,EACT,mLAAmL;6BACtL;yBACF;wBACD,EAAE,EAAE;4BACF,MAAM,EAAE,yCAAyC;4BACjD,QAAQ,EAAE,CAAC,mDAAmD,CAAC;4BAC/D,GAAG,EAAE;gCACH,0LAA0L;gCAC1L,4DAA4D;6BAC7D;yBACF;wBACD,sDAAsD;wBACtD,oDAAoD;wBACpD,uDAAuD;wBACvD,kBAAkB,EAAE;4BAClB,oBAAoB,EAAE;gCACpB,+BAA+B;gCAC/B,gCAAgC;gCAChC,uCAAuC;gCACvC,oCAAoC;6BACrC;4BACD,OAAO,EAAE,IAAI;yBACd;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,KAAK,mBAAmB,EAAE,CAAC;gBAC9B,OAAO;oBACL,IAAI,EAAE,mBAAmB;oBACzB,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,IAAI;oBACb,WAAW,EACT,mIAAmI;oBACrI,MAAM,EAAE;wBACN,EAAE,EAAE;4BACF,MAAM,EAAE,0DAA0D;4BAClE,QAAQ,EAAE;gCACR,yEAAyE;6BAC1E;4BACD,GAAG,EAAE;gCACH,kCAAkC;gCAClC,oCAAoC;6BACrC;yBACF;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,MAAM,KAAK,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC"}

package/dist/cli/init/profiles.d.ts

@@ -1,2 +1,2 @@
 export declare const SOLO_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template solo`.\n#\n# Single-operator profile: memory-router for cross-conversation memory\n# routing + understanding-before-execution policy pack to force an\n# explicit interpretation confirmation before any write-capable tool\n# fires. No agent-tasks loop (use --template team if you want PR\n# review-gating).\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # ux (agent-tasks/60bc93e5): replaces the legacy engine-vocabulary\n      # deny envelope with the plain-language { cannot, required, run }\n      # shape. Engine details still land in stderr for operator audit;\n      # the agent only sees this.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n      # approval_lifecycle (agent-tasks/d8ee60ca + harness/f54e0ecb,\n      # v0.18.0+): expire the approval marker on task-completion\n      # boundaries. Solo wires no agent-tasks MCP, so\n      # `expire_on_tool_match` would be dead weight; we list Bash\n      # boundaries instead (PR merges via gh-cli, pushes to the\n      # protected branch). Operators on other CLIs override this list\n      # with their own regexes. `max_age` is the safety net for\n      # sessions that never hit a listed command. Opt out entirely\n      # with `approval_lifecycle: { mode: session }`.\n      approval_lifecycle:\n        expire_on_bash_match:\n          - '^gh pr (merge|close)\\b'\n          - '^git push origin (master|main)\\b'\n        max_age: 1h\n";
-export declare const TEAM_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template team`.\n#\n# Solo profile + agent-tasks MCP + the review-before-merge policy. Block\n# pull_requests_merge MCP calls unless a ledger entry tagged\n# review:<pr-number> exists for the current grounding session, the\n# standard team workflow where every PR gets a review-subagent pass\n# before it can land.\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  mcp:\n    - name: agent-tasks\n      # Zero-setup entry: `@agent-tasks/mcp-bridge` exposes the\n      # `agent-tasks-mcp-bridge` binary on PATH after\n      # `npm i -g @agent-tasks/mcp-bridge`. The bridge owns token\n      # storage (OS keychain or file fallback) and defaults the base\n      # URL to https://agent-tasks.opentriologue.ai, so no env is\n      # required here. Override with `AGENT_TASKS_BASE_URL` /\n      # `AGENT_TASKS_TOKEN` if you self-host or want explicit creds.\n      command: [agent-tasks-mcp-bridge]\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      # `grounding-mcp` bin is published in `@lannguyensi/grounding-mcp`.\n      # `harness init` offers to `npm i -g` it for you. No env is set:\n      # the bundled default resolves to `~/.evidence-ledger/ledger.db`\n      # via os.homedir() at startup. Passing a literal tilde in env\n      # bypasses shell expansion and creates rogue cwd-relative DB files\n      # (see agent-tasks/42d224a6 incident).\n      command: [grounding-mcp]\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    # The built-in `harness policy intercept` CLI verb is the generic\n    # deny-on-missing-evidence hook entrypoint. It reads the tool event\n    # JSON on stdin, evaluates all policies whose triggers match, emits\n    # Claude Code's deny envelope on block. Using it here removes the\n    # need to ship a per-policy shell script under ~/.claude/hooks/ for\n    # the team setup; operators with custom logic can swap in their own\n    # script path.\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n    ux:\n      cannot: \"You cannot merge PR #${PR_NUMBER} yet.\"\n      required:\n        - \"a recorded review of PR #${PR_NUMBER}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\" }'\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # ux (agent-tasks/60bc93e5): same shape as Solo's pack ux.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n      # approval_lifecycle (agent-tasks/d8ee60ca + harness/f54e0ecb,\n      # v0.18.0+): expire the approval marker on task-completion\n      # boundaries. Team wires agent-tasks, so the MCP task verbs are\n      # the primary boundary; the Bash list catches operators who use\n      # gh-cli in parallel (hybrid workflow). `max_age` is the safety\n      # net. Opt out entirely with\n      # `approval_lifecycle: { mode: session }`.\n      approval_lifecycle:\n        expire_on_tool_match:\n          - mcp__agent-tasks__task_finish\n          - mcp__agent-tasks__task_abandon\n          - mcp__agent-tasks__pull_requests_merge\n          - mcp__agent-tasks__tasks_transition\n        expire_on_bash_match:\n          - '^gh pr (merge|close)\\b'\n          - '^git push origin (master|main)\\b'\n        max_age: 4h\n";
+export declare const TEAM_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template team`.\n#\n# Solo profile + agent-tasks MCP + the review-before-merge policy. Block\n# pull_requests_merge MCP calls unless a ledger entry tagged\n# review:<pr-number> exists for the current grounding session, the\n# standard team workflow where every PR gets a review-subagent pass\n# before it can land.\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  mcp:\n    - name: agent-tasks\n      # Zero-setup entry: `@agent-tasks/mcp-bridge` exposes the\n      # `agent-tasks-mcp-bridge` binary on PATH after\n      # `npm i -g @agent-tasks/mcp-bridge`. The bridge owns token\n      # storage (OS keychain or file fallback) and defaults the base\n      # URL to https://agent-tasks.opentriologue.ai, so no env is\n      # required here. Override with `AGENT_TASKS_BASE_URL` /\n      # `AGENT_TASKS_TOKEN` if you self-host or want explicit creds.\n      command: [agent-tasks-mcp-bridge]\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      # `grounding-mcp` bin is published in `@lannguyensi/grounding-mcp`.\n      # `harness init` offers to `npm i -g` it for you. No env is set:\n      # the bundled default resolves to `~/.evidence-ledger/ledger.db`\n      # via os.homedir() at startup. Passing a literal tilde in env\n      # bypasses shell expansion and creates rogue cwd-relative DB files\n      # (see agent-tasks/42d224a6 incident).\n      command: [grounding-mcp]\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # `memory-router-user-prompt-submit` is the published bin from\n    # `@lannguyensi/memory-router`. `harness init` offers to\n    # `npm i -g` it for you; doctor expects it on PATH.\n    command: [memory-router-user-prompt-submit]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    # The built-in `harness policy intercept` CLI verb is the generic\n    # deny-on-missing-evidence hook entrypoint. It reads the tool event\n    # JSON on stdin, evaluates all policies whose triggers match, emits\n    # Claude Code's deny envelope on block. Using it here removes the\n    # need to ship a per-policy shell script under ~/.claude/hooks/ for\n    # the team setup; operators with custom logic can swap in their own\n    # script path.\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n    ux:\n      cannot: \"You cannot merge PR #${PR_NUMBER} yet.\"\n      required:\n        - \"a recorded review of PR #${PR_NUMBER}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { sessionId: \"${SESSION_ID}\", type: \"fact\", content: \"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\" }'\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # ux (agent-tasks/60bc93e5): same shape as Solo's pack ux.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n      # approval_lifecycle (agent-tasks/d8ee60ca + harness/f54e0ecb,\n      # v0.18.0+): expire the approval marker on task-completion\n      # boundaries. Team wires agent-tasks, so the MCP task verbs are\n      # the primary boundary; the Bash list catches operators who use\n      # gh-cli in parallel (hybrid workflow). `max_age` is the safety\n      # net. Opt out entirely with\n      # `approval_lifecycle: { mode: session }`.\n      approval_lifecycle:\n        expire_on_tool_match:\n          - mcp__agent-tasks__task_finish\n          - mcp__agent-tasks__task_abandon\n          - mcp__agent-tasks__pull_requests_merge\n          - mcp__agent-tasks__tasks_transition\n        expire_on_bash_match:\n          - '^gh pr (merge|close)\\b'\n          - '^git push origin (master|main)\\b'\n        max_age: 4h\n";

package/dist/cli/init/profiles.js

@@ -196,7 +196,7 @@ policies:
       required:
         - "a recorded review of PR #\${PR_NUMBER}"
       run:
-        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "review:\${PR_NUMBER} — <verdict + key findings + nits>" }'
+        - 'mcp__agent-grounding__ledger_add { sessionId: "\${SESSION_ID}", type: "fact", content: "review:\${PR_NUMBER} — <verdict + key findings + nits>" }'
 
 policy_packs:
   - name: understanding-before-execution

package/dist/cli/init/templates.d.ts

@@ -1,4 +1,4 @@
 export declare const MINIMAL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template minimal`.\n#\n# This is the empty-but-valid manifest. Run `harness validate` to confirm it\n# parses, then add entries under the five top-level keys:\n#\n#   grounding:  evidence-ledger + claim-gate config (see docs/ARCHITECTURE.md \u00A72)\n#   tools:      mcp / cli / skills / builtin inventory   (\u00A73)\n#   memory:     directories, retention, scopes           (\u00A74)\n#   hooks:      event-bound shell commands               (\u00A75)\n#   policies:   named rules that bind hooks to triggers  (\u00A76)\n#\n# Phase 2 verbs to add entries safely: `harness add mcp <name> ...`,\n# `harness add cli`, `harness add hook`, `harness add skill`.\n# Per-machine overrides live at ~/.claude/machines/<discriminator>.harness.overrides.yaml\n# (ARCHITECTURE.md \u00A78) for paths that vary per host.\n#\n# Docs: https://github.com/LanNguyenSi/harness\n\nversion: 1\n";
-export declare const FULL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template full`. The reference manifest:\n# every example policy from docs/examples/full-manifest.yaml wired through\n# the generic `harness policy intercept` engine, so no external shell\n# scripts under ~/.claude/hooks/ are required.\n#\n# Canonical source for the policy + policy_packs sections is\n# docs/examples/full-manifest.yaml. A parity vitest\n# (tests/cli/init-full-template-parity.test.ts) fails the build if the\n# two diverge on policy names or load-bearing fields.\n#\n# What you still need on PATH (the wizard offers to `npm i -g` these on\n# init): agent-tasks-mcp-bridge, grounding-mcp, memory-router-*,\n# understanding-gate-claude-*.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n  policies_source: ~/.claude/harness.d/policies/claim-gate.yaml\n\ntools:\n  mcp:\n    # codebase-oracle (the Pandora RAG MCP server) is intentionally NOT\n    # in the Full default. It is published as\n    # `@lannguyensi/codebase-oracle` and works fine standalone, but it\n    # is an opinionated workflow add-on (multi-repo semantic search)\n    # rather than infrastructure harness itself assumes. Operators who\n    # want it wire it explicitly:\n    #   npm i -g @lannguyensi/codebase-oracle\n    #   harness add mcp codebase-oracle --command codebase-oracle,mcp\n    # Set ORACLE_SCAN_ROOT (absolute path; tilde is not expanded by the\n    # MCP env block) and OPENAI_API_KEY (or switch providers via\n    # ORACLE_LLM_PROVIDER) before the first call.\n    - name: agent-tasks\n      # Zero-setup entry: `@agent-tasks/mcp-bridge` exposes the\n      # `agent-tasks-mcp-bridge` binary on PATH. The bridge owns token\n      # storage and defaults to the hosted backend; override with\n      # `AGENT_TASKS_BASE_URL` / `AGENT_TASKS_TOKEN` for self-hosted.\n      # `min_version` floor: 0.6.0 added the `--version` short-circuit\n      # the doctor probe needs (PR agent-tasks/240, release-cut PR 241).\n      # Bump the floor whenever a fix you depend on lands; loose floors\n      # are fine, the point is the drift signal not pinning a specific cut.\n      command: [agent-tasks-mcp-bridge]\n      min_version: \"0.6.0\"\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      # Published bin from `@lannguyensi/grounding-mcp`. No env is set:\n      # the bundled default resolves to `~/.evidence-ledger/ledger.db`\n      # via os.homedir() at startup. Passing a literal tilde in env\n      # bypasses shell expansion and creates rogue cwd-relative DB files\n      # (see agent-tasks/42d224a6 incident). `min_version` floor: 0.2.0\n      # added the `--version` short-circuit the doctor probe needs (PR\n      # agent-grounding/76, release-cut PR 77).\n      command: [grounding-mcp]\n      min_version: \"0.2.0\"\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n\n  cli:\n    - name: gh\n      binary: gh\n      required: true\n\n  skills:\n    enabled:\n      - simplify\n      - init\n      - review\n      - security-review\n    source_dirs:\n      - ~/.claude/skills\n\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # Published bin from `@lannguyensi/memory-router`.\n    # `min_version` floor: 0.3.0 added the `--version` short-circuit\n    # the doctor probe needs (PR agent-memory/40, release-cut PR 41).\n    command: [memory-router-user-prompt-submit]\n    min_version: \"0.3.0\"\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\n# All PreToolUse hooks share the generic `harness policy intercept` CLI\n# entrypoint. The engine reads the tool event on stdin, evaluates whichever\n# policy below has a matching trigger (`match` + optional `bash_match`),\n# and emits Claude Code's deny envelope when the required ledger tag is\n# absent. No external shell scripts are required.\n#\n# The `git-preflight` SessionStart hook is the producer side of the\n# `preflight-before-*` policies: `harness session-start preflight` runs\n# agent-preflight against the session cwd and, on a ready:true result,\n# records `preflight:${REPO}` to the evidence ledger. It needs the\n# `preflight` binary on PATH (`npm i -g @lannguyensi/agent-preflight`); when\n# that is absent the hook logs to stderr and exits 0, so the session is\n# never broken \u2014 the preflight gates just stay closed until a tag is\n# produced some other way.\nhooks:\n  - name: git-preflight\n    event: SessionStart\n    command: harness session-start preflight\n    blocking: false\n    # 70s budget gives the wrapped preflight (default 60s) headroom plus\n    # ledger-write time. Was 30s through v0.17.4, but a healthy preflight\n    # on a medium-size repo takes ~28s and the old 25s wrapper ceiling\n    # blew through it. Bumped together with DEFAULT_PREFLIGHT_TIMEOUT_MS\n    # (agent-tasks/7265599e).\n    budget_ms: 70000\n    # Floor at agent-preflight 0.1.1, the release that distinguishes\n    # \"tool not installed\" (e.g. an npm script invoking eslint that is\n    # not in devDependencies) from real lint/test/typecheck failures.\n    # Stale 0.1.0 installs silently emit false-positive blockers that\n    # keep the preflight-before-* policies closed forever. version_command\n    # points at the source-of-truth preflight binary, not at the\n    # `harness session-start preflight` wrapper.\n    min_version: \"0.1.1\"\n    version_command: [\"preflight\", \"--version\"]\n\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  # Tool-agnostic parallel of require-review-evidence for operators on the\n  # gh-cli workflow (`gh pr merge`) instead of agent-tasks MCP. Same generic\n  # `harness policy intercept` entrypoint; the matching review-before-merge-bash\n  # policy below picks up the trigger. A PolicyTrigger can only AND-match one\n  # surface (MCP tool-name OR Bash command), so two parallel definitions are\n  # the minimum-scope way to cover both PR surfaces without bumping the schema.\n  - name: require-review-evidence-bash\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr merge\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-dogfood-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*(npm publish\\b|git( -C \\S+)* tag v)'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* (status|log|diff|branch)\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 1000\n\n  - name: require-review-subagent-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_create\"\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  # Bash-surface parallel of require-review-subagent-evidence for operators\n  # who open PRs with `gh pr create` instead of agent-tasks MCP. The matching\n  # review-subagent-before-pr-create-bash policy below tags by branch\n  # (`review-subagent:${BRANCH}`) because no task UUID is in `gh pr create`\n  # arguments; the working branch is the closest stable handle for \"the\n  # PR-in-progress\" at this point in the cycle.\n  - name: require-review-subagent-evidence-bash\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr create\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-push-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* push\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 1000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: Spawn a review subagent against the PR diff, capture its verdict, then persist a ledger entry tagged with the PR number. The content should be self-contained enough for an auditor to read without re-opening the chat.\n    ux:\n      cannot: \"You cannot merge PR #${PR_NUMBER} yet.\"\n      required:\n        - \"a recorded review of PR #${PR_NUMBER}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\" }'\n\n  # Bash-surface parallel of review-before-merge for operators on the gh-cli\n  # workflow. Two scope notes:\n  #   1. Tag shape: `review:${BRANCH}` instead of `review:${PR_NUMBER}`. The\n  #      `gh pr merge` invocation can target the PR by number, by URL, or by\n  #      the current branch (default), and PR_NUMBER is not extractable from\n  #      `tool_input.command` with today's JSONPath-only extract DSL. BRANCH\n  #      is the stable identifier the producer can record at review time.\n  #   2. This sits ALONGSIDE review-before-merge \u2014 not as a replacement. An\n  #      operator using both surfaces (e.g. agent-tasks MCP for most repos\n  #      + gh-cli for a quick hotfix) will have both gates active, each with\n  #      its own tag shape, which is semantically honest.\n  - name: review-before-merge-bash\n    description: Block `gh pr merge` unless a ledger entry tagged review:<branch> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr merge\\b'\n    requires:\n      ledger_tag: \"review:${BRANCH}\"\n    hook: require-review-evidence-bash\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"review:${BRANCH} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: Spawn a review subagent against the branch diff, capture its verdict, then persist a ledger entry tagged with the branch name. Mirror of the review-before-merge producer for the gh-cli surface.\n    ux:\n      cannot: \"You cannot merge the PR for branch ${BRANCH} via `gh pr merge` yet.\"\n      required:\n        - \"a recorded review of the PR for branch ${BRANCH}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"review:${BRANCH} \u2014 <verdict + key findings + nits>\" }'\n\n  - name: dogfood-before-release\n    description: Block npm publish / git tag v* without a recent dogfood ledger entry.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*(npm publish\\b|git( -C \\S+)* tag v)'\n    requires:\n      ledger_tag: \"dogfood:${SESSION_ID}\"\n      within: 24h\n    hook: require-dogfood-evidence\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"dogfood:${SESSION_ID} \u2014 <end-to-end smoke summary against the live system>\", source:\"manual smoke test\"}'\n        description: Before tagging or publishing, run the release path end-to-end against the live system (not just unit tests) and persist the result as a session-tagged ledger entry. Document what you exercised (install, CLI happy path, MCP handshake, etc.) so a future auditor can tell whether the smoke covered the change.\n    ux:\n      cannot: \"You cannot publish a release yet.\"\n      required:\n        - \"an end-to-end dogfood run in this session\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"dogfood:${SESSION_ID} \u2014 <end-to-end smoke summary>\" }'\n\n  - name: two-reviewers-required\n    description: At least two distinct reviewer ledger entries must exist for the PR.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n      count:\n        min: 2\n    hook: require-review-evidence\n    enforcement: warn\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review (reviewer 2)\"}'\n        description: Same shape as review-before-merge but TWO DISTINCT reviewer entries must exist before the gate is satisfied (count.min 2). Distinguish reviewers by source so the count is honest. Warn-level enforcement, so the agent CAN merge with one reviewer but should consider spawning a second for load-bearing changes.\n\n  - name: preflight-before-investigation\n    description: Block investigative git reads (status/log/diff/branch) when agent-preflight has not run recently with ready:true for the current repo.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* (status|log|diff|branch)\\b'\n    requires:\n      ledger_tag: \"preflight:${REPO}\"\n      within: 1h\n    hook: require-preflight-evidence\n    enforcement: block\n    producers:\n      - kind: bash\n        command: harness session-start preflight\n        description: Runs agent-preflight against the current cwd; on ready:true, records preflight:${REPO} to the ledger. Standard producer.\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"preflight:${REPO}\", source:\"manual\"}'\n        description: Direct ledger write. Use when the Bash hook is locked down (e.g. understanding-gate active) or when the standard producer is unavailable.\n    ux:\n      cannot: \"You cannot investigate this repository yet.\"\n      required:\n        - \"verified repository preflight\"\n      run:\n        - \"harness preflight\"\n\n  - name: review-subagent-before-pr-create\n    description: Block agent-tasks PR creation unless a review-subagent ledger entry tagged for this task already exists. Forces the rigorous review BEFORE the PR opens, not after.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_create\"\n      extract:\n        TASK_ID: \"toolArgs.taskId\"\n    requires:\n      ledger_tag: \"review-subagent:${TASK_ID}\"\n    hook: require-review-subagent-evidence\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"review-subagent:${TASK_ID} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: After running a review subagent against the staged diff, persist its verdict + load-bearing findings as a ledger entry tagged with the task UUID. The content should be self-contained enough to audit later without re-reading the chat.\n    ux:\n      cannot: \"You cannot open a pull request for task ${TASK_ID} yet.\"\n      required:\n        - \"a completed review-subagent pass on this task\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"review-subagent:${TASK_ID} \u2014 <verdict + key findings + nits>\" }'\n\n  # Bash-surface parallel of review-subagent-before-pr-create. Tag shape is\n  # `review-subagent:${BRANCH}` because TASK_ID is an agent-tasks-only\n  # concept; for the gh-cli workflow the working branch is the closest stable\n  # handle for \"the PR-in-progress\" at this point. Same rationale as\n  # review-before-merge-bash: sits alongside the MCP variant, not as a\n  # replacement.\n  - name: review-subagent-before-pr-create-bash\n    description: Block `gh pr create` unless a review-subagent ledger entry tagged review-subagent:<branch> exists for this session. Forces the rigorous review BEFORE the PR opens.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr create\\b'\n    requires:\n      ledger_tag: \"review-subagent:${BRANCH}\"\n    hook: require-review-subagent-evidence-bash\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"review-subagent:${BRANCH} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: After running a review subagent against the staged diff for the working branch, persist its verdict + load-bearing findings as a ledger entry tagged with the branch name. Mirror of the review-subagent-before-pr-create producer for the gh-cli surface.\n    ux:\n      cannot: \"You cannot open a pull request for branch ${BRANCH} via `gh pr create` yet.\"\n      required:\n        - \"a completed review-subagent pass on branch ${BRANCH}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { type: \"fact\", content: \"review-subagent:${BRANCH} \u2014 <verdict + key findings + nits>\" }'\n\n  - name: preflight-before-push\n    description: Block git push unless a fresh preflight ledger entry exists for the current branch. Catches the stale-checkout class of incident at the last reversible step.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* push\\b'\n    requires:\n      ledger_tag: \"preflight:${BRANCH}\"\n      within: 10m\n      # at_head:true lets a preflight at the current HEAD satisfy the\n      # gate at any age (the standard producer writes head:<sha> into\n      # the tag content). The 10m window remains the freshness ceiling\n      # for the head-mismatch case (operator switched branch, preflight\n      # predates HEAD shift, runtime couldn't resolve a sha).\n      at_head: true\n    hook: require-preflight-push-evidence\n    enforcement: block\n    producers:\n      - kind: bash\n        command: harness session-start preflight\n        description: Runs agent-preflight against the current cwd; on ready:true, records preflight:${BRANCH} ready:true confidence:<n> head:<sha> to the ledger. Standard producer.\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{type:\"fact\", content:\"preflight:${BRANCH} head:<full-sha> \u2014 <summary of what is on the branch + smoke results>\", source:\"manual\"}'\n        description: Direct ledger write. Include head:<full-sha> if you want the entry to count under at_head; the branch is the WIP review surface and the content should summarise what is staged + the smoke evidence so a reviewer can audit later without re-reading the chat.\n    ux:\n      cannot: \"You cannot push branch ${BRANCH} yet.\"\n      required:\n        - \"a preflight for ${BRANCH} at the current HEAD (any age) OR any preflight within the last 10 minutes. Re-run `harness preflight` if you committed since the last preflight AND it has been more than 10 minutes.\"\n      run:\n        - \"harness preflight\"\n\n# Full inherits the Solo/Team understanding-gate stack: the Stop hook\n# persists each Understanding Report and the PreToolUse pre-tool-use\n# blocker refuses Edit/Write/Bash until the report is approved. Drop\n# this block if you want the reference policies above without the\n# baseline gate.\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # Producers (agent-tasks/25bced52): rendered into the gate's deny\n      # envelope by the same engine as policy producers. Constraint at\n      # this layer: at-least-one `ask`. Post-v0.14.0 the gate signal\n      # is a filesystem marker and the mcp ledger_add path no longer\n      # satisfies the gate; the canonical unblock surface is the\n      # operator-approval prompt.\n      producers:\n        - kind: ask\n          command: harness approve understanding\n          description: \"Bare command, no pipes or chaining. The hook recognises it via isEscapeCommand and emits permissionDecision:ask; the operator's go on that prompt IS the gate approval. Golden path.\"\n        - kind: bash\n          command: harness approve understanding\n          description: Same command from any un-hooked terminal (operator only, not reachable from inside the gated session). Writes the canonical marker at harness.generated/.approvals/${SESSION_ID}.\n      # ux (agent-tasks/e48e3b45): replaces the legacy engine-vocabulary\n      # deny envelope with the plain-language { cannot, required, run }\n      # shape. Engine details (the BLOCK reason naming session id /\n      # marker / report state) still land in stderr for operator audit;\n      # the agent only sees this.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n      # approval_lifecycle (agent-tasks/d8ee60ca + harness/f54e0ecb,\n      # v0.18.0+): expire the approval marker on task-completion\n      # boundaries so a multi-task session re-prompts for an\n      # Understanding Report between tasks. Without this the legacy\n      # \"one approval per session\" contract lets a stale interpretation\n      # drive the next task's edits.\n      #\n      # Full ships both boundary kinds: the agent-tasks MCP verbs for\n      # operators on that workflow, plus a Bash regex list for hybrid\n      # operators who also use gh-cli for PR mechanics. `max_age` is\n      # the safety net. Operators who prefer the legacy per-session\n      # behaviour opt out with `approval_lifecycle: { mode: session }`.\n      # Operators on other task systems override the matchers.\n      approval_lifecycle:\n        expire_on_tool_match:\n          - mcp__agent-tasks__task_finish\n          - mcp__agent-tasks__task_abandon\n          - mcp__agent-tasks__pull_requests_merge\n          - mcp__agent-tasks__tasks_transition\n        expire_on_bash_match:\n          - '^gh pr (merge|close)\\b'\n          - '^git push origin (master|main)\\b'\n        max_age: 4h\n\n  # branch-protection (agent-tasks/2fdc5bbe, default-enabled since v0.17.2):\n  # blocks Write/Edit (claude-code) or apply_patch (codex) on protected\n  # branches (default: master, main, develop). Complements\n  # preflight-before-push, which fires at the LAST reversible step;\n  # branch-protection fires at the FIRST source mutation, catching the\n  # \"forgot to branch off master\" pattern earlier in the cycle.\n  #\n  # Two satisfying signals: a fresh `branch:non-protected:<branch>` tag\n  # from the SessionStart producer (`harness session-start branch-check`),\n  # or a `branch-protection-ack:<reason>` override the operator writes\n  # via mcp__agent-grounding__ledger_add for deliberate protected-branch\n  # edits (version bumps, CI workflow patches, hotfixes).\n  #\n  # Fails closed (any load / parse / ledger error refuses). Disable by\n  # setting `enabled: false` or removing this entry if your workflow\n  # routinely edits master directly. Override the protected list via\n  # `config.protected_branches`. Full reference:\n  # docs/policy-packs/branch-protection.md.\n  - name: branch-protection\n    source: builtin\n    enabled: true\n    description: Block Write/Edit on protected branches (master, main, develop) at the first source mutation.\n    config:\n      # ux (agent-tasks/9806d4f8): replaces the legacy\n      # \"branch-protection: refusing ...\" envelope with the\n      # plain-language { cannot, required, run } shape. Engine details\n      # (the BLOCK reason naming session id / freshness window) stay\n      # on stderr for operator audit.\n      ux:\n        cannot: \"You cannot edit files on protected branch ${BRANCH} yet.\"\n        required:\n          - \"a checkout of a non-protected branch (current `${BRANCH}` is protected)\"\n        run:\n          - \"git checkout -b feat/<your-task>\"\n          - \"harness session-start branch-check\"\n";
+export declare const FULL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template full`. The reference manifest:\n# every example policy from docs/examples/full-manifest.yaml wired through\n# the generic `harness policy intercept` engine, so no external shell\n# scripts under ~/.claude/hooks/ are required.\n#\n# Canonical source for the policy + policy_packs sections is\n# docs/examples/full-manifest.yaml. A parity vitest\n# (tests/cli/init-full-template-parity.test.ts) fails the build if the\n# two diverge on policy names or load-bearing fields.\n#\n# What you still need on PATH (the wizard offers to `npm i -g` these on\n# init): agent-tasks-mcp-bridge, grounding-mcp, memory-router-*,\n# understanding-gate-claude-*.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n  policies_source: ~/.claude/harness.d/policies/claim-gate.yaml\n\ntools:\n  mcp:\n    # codebase-oracle (the Pandora RAG MCP server) is intentionally NOT\n    # in the Full default. It is published as\n    # `@lannguyensi/codebase-oracle` and works fine standalone, but it\n    # is an opinionated workflow add-on (multi-repo semantic search)\n    # rather than infrastructure harness itself assumes. Operators who\n    # want it wire it explicitly:\n    #   npm i -g @lannguyensi/codebase-oracle\n    #   harness add mcp codebase-oracle --command codebase-oracle,mcp\n    # Set ORACLE_SCAN_ROOT (absolute path; tilde is not expanded by the\n    # MCP env block) and OPENAI_API_KEY (or switch providers via\n    # ORACLE_LLM_PROVIDER) before the first call.\n    - name: agent-tasks\n      # Zero-setup entry: `@agent-tasks/mcp-bridge` exposes the\n      # `agent-tasks-mcp-bridge` binary on PATH. The bridge owns token\n      # storage and defaults to the hosted backend; override with\n      # `AGENT_TASKS_BASE_URL` / `AGENT_TASKS_TOKEN` for self-hosted.\n      # `min_version` floor: 0.6.0 added the `--version` short-circuit\n      # the doctor probe needs (PR agent-tasks/240, release-cut PR 241).\n      # Bump the floor whenever a fix you depend on lands; loose floors\n      # are fine, the point is the drift signal not pinning a specific cut.\n      command: [agent-tasks-mcp-bridge]\n      min_version: \"0.6.0\"\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      # Published bin from `@lannguyensi/grounding-mcp`. No env is set:\n      # the bundled default resolves to `~/.evidence-ledger/ledger.db`\n      # via os.homedir() at startup. Passing a literal tilde in env\n      # bypasses shell expansion and creates rogue cwd-relative DB files\n      # (see agent-tasks/42d224a6 incident). `min_version` floor: 0.2.0\n      # added the `--version` short-circuit the doctor probe needs (PR\n      # agent-grounding/76, release-cut PR 77).\n      command: [grounding-mcp]\n      min_version: \"0.2.0\"\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n\n  cli:\n    - name: gh\n      binary: gh\n      required: true\n\n  skills:\n    enabled:\n      - simplify\n      - init\n      - review\n      - security-review\n    source_dirs:\n      - ~/.claude/skills\n\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    # Published bin from `@lannguyensi/memory-router`.\n    # `min_version` floor: 0.3.0 added the `--version` short-circuit\n    # the doctor probe needs (PR agent-memory/40, release-cut PR 41).\n    command: [memory-router-user-prompt-submit]\n    min_version: \"0.3.0\"\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\n# All PreToolUse hooks share the generic `harness policy intercept` CLI\n# entrypoint. The engine reads the tool event on stdin, evaluates whichever\n# policy below has a matching trigger (`match` + optional `bash_match`),\n# and emits Claude Code's deny envelope when the required ledger tag is\n# absent. No external shell scripts are required.\n#\n# The `git-preflight` SessionStart hook is the producer side of the\n# `preflight-before-*` policies: `harness session-start preflight` runs\n# agent-preflight against the session cwd and, on a ready:true result,\n# records `preflight:${REPO}` to the evidence ledger. It needs the\n# `preflight` binary on PATH (`npm i -g @lannguyensi/agent-preflight`); when\n# that is absent the hook logs to stderr and exits 0, so the session is\n# never broken \u2014 the preflight gates just stay closed until a tag is\n# produced some other way.\nhooks:\n  - name: git-preflight\n    event: SessionStart\n    command: harness session-start preflight\n    blocking: false\n    # 70s budget gives the wrapped preflight (default 60s) headroom plus\n    # ledger-write time. Was 30s through v0.17.4, but a healthy preflight\n    # on a medium-size repo takes ~28s and the old 25s wrapper ceiling\n    # blew through it. Bumped together with DEFAULT_PREFLIGHT_TIMEOUT_MS\n    # (agent-tasks/7265599e).\n    budget_ms: 70000\n    # Floor at agent-preflight 0.1.1, the release that distinguishes\n    # \"tool not installed\" (e.g. an npm script invoking eslint that is\n    # not in devDependencies) from real lint/test/typecheck failures.\n    # Stale 0.1.0 installs silently emit false-positive blockers that\n    # keep the preflight-before-* policies closed forever. version_command\n    # points at the source-of-truth preflight binary, not at the\n    # `harness session-start preflight` wrapper.\n    min_version: \"0.1.1\"\n    version_command: [\"preflight\", \"--version\"]\n\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  # Tool-agnostic parallel of require-review-evidence for operators on the\n  # gh-cli workflow (`gh pr merge`) instead of agent-tasks MCP. Same generic\n  # `harness policy intercept` entrypoint; the matching review-before-merge-bash\n  # policy below picks up the trigger. A PolicyTrigger can only AND-match one\n  # surface (MCP tool-name OR Bash command), so two parallel definitions are\n  # the minimum-scope way to cover both PR surfaces without bumping the schema.\n  - name: require-review-evidence-bash\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr merge\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-dogfood-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*(npm publish\\b|git( -C \\S+)* tag v)'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* (status|log|diff|branch)\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 1000\n\n  - name: require-review-subagent-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_create\"\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  # Bash-surface parallel of require-review-subagent-evidence for operators\n  # who open PRs with `gh pr create` instead of agent-tasks MCP. The matching\n  # review-subagent-before-pr-create-bash policy below tags by branch\n  # (`review-subagent:${BRANCH}`) because no task UUID is in `gh pr create`\n  # arguments; the working branch is the closest stable handle for \"the\n  # PR-in-progress\" at this point in the cycle.\n  - name: require-review-subagent-evidence-bash\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr create\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-push-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* push\\b'\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 1000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: Spawn a review subagent against the PR diff, capture its verdict, then persist a ledger entry tagged with the PR number. The content should be self-contained enough for an auditor to read without re-opening the chat.\n    ux:\n      cannot: \"You cannot merge PR #${PR_NUMBER} yet.\"\n      required:\n        - \"a recorded review of PR #${PR_NUMBER}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { sessionId: \"${SESSION_ID}\", type: \"fact\", content: \"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\" }'\n\n  # Bash-surface parallel of review-before-merge for operators on the gh-cli\n  # workflow. Two scope notes:\n  #   1. Tag shape: `review:${BRANCH}` instead of `review:${PR_NUMBER}`. The\n  #      `gh pr merge` invocation can target the PR by number, by URL, or by\n  #      the current branch (default), and PR_NUMBER is not extractable from\n  #      `tool_input.command` with today's JSONPath-only extract DSL. BRANCH\n  #      is the stable identifier the producer can record at review time.\n  #   2. This sits ALONGSIDE review-before-merge \u2014 not as a replacement. An\n  #      operator using both surfaces (e.g. agent-tasks MCP for most repos\n  #      + gh-cli for a quick hotfix) will have both gates active, each with\n  #      its own tag shape, which is semantically honest.\n  - name: review-before-merge-bash\n    description: Block `gh pr merge` unless a ledger entry tagged review:<branch> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr merge\\b'\n    requires:\n      ledger_tag: \"review:${BRANCH}\"\n    hook: require-review-evidence-bash\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"review:${BRANCH} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: Spawn a review subagent against the branch diff, capture its verdict, then persist a ledger entry tagged with the branch name. Mirror of the review-before-merge producer for the gh-cli surface.\n    ux:\n      cannot: \"You cannot merge the PR for branch ${BRANCH} via `gh pr merge` yet.\"\n      required:\n        - \"a recorded review of the PR for branch ${BRANCH}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { sessionId: \"${SESSION_ID}\", type: \"fact\", content: \"review:${BRANCH} \u2014 <verdict + key findings + nits>\" }'\n\n  - name: dogfood-before-release\n    description: Block npm publish / git tag v* without a recent dogfood ledger entry.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*(npm publish\\b|git( -C \\S+)* tag v)'\n    requires:\n      ledger_tag: \"dogfood:${SESSION_ID}\"\n      within: 24h\n    hook: require-dogfood-evidence\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"dogfood:${SESSION_ID} \u2014 <end-to-end smoke summary against the live system>\", source:\"manual smoke test\"}'\n        description: Before tagging or publishing, run the release path end-to-end against the live system (not just unit tests) and persist the result as a session-tagged ledger entry. Document what you exercised (install, CLI happy path, MCP handshake, etc.) so a future auditor can tell whether the smoke covered the change.\n    ux:\n      cannot: \"You cannot publish a release yet.\"\n      required:\n        - \"an end-to-end dogfood run in this session\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { sessionId: \"${SESSION_ID}\", type: \"fact\", content: \"dogfood:${SESSION_ID} \u2014 <end-to-end smoke summary>\" }'\n\n  - name: two-reviewers-required\n    description: At least two distinct reviewer ledger entries must exist for the PR.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n      count:\n        min: 2\n    hook: require-review-evidence\n    enforcement: warn\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"review:${PR_NUMBER} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review (reviewer 2)\"}'\n        description: Same shape as review-before-merge but TWO DISTINCT reviewer entries must exist before the gate is satisfied (count.min 2). Distinguish reviewers by source so the count is honest. Warn-level enforcement, so the agent CAN merge with one reviewer but should consider spawning a second for load-bearing changes.\n\n  - name: preflight-before-investigation\n    description: Block investigative git reads (status/log/diff/branch) when agent-preflight has not run recently with ready:true for the current repo.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* (status|log|diff|branch)\\b'\n    requires:\n      ledger_tag: \"preflight:${REPO}\"\n      within: 1h\n    hook: require-preflight-evidence\n    enforcement: block\n    producers:\n      - kind: bash\n        command: harness session-start preflight\n        description: Runs agent-preflight against the current cwd; on ready:true, records preflight:${REPO} to the ledger. Standard producer.\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"preflight:${REPO}\", source:\"manual\"}'\n        description: Direct ledger write. Use when the Bash hook is locked down (e.g. understanding-gate active) or when the standard producer is unavailable.\n    ux:\n      cannot: \"You cannot investigate this repository yet.\"\n      required:\n        - \"verified repository preflight\"\n      run:\n        - \"harness preflight\"\n\n  - name: review-subagent-before-pr-create\n    description: Block agent-tasks PR creation unless a review-subagent ledger entry tagged for this task already exists. Forces the rigorous review BEFORE the PR opens, not after.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_create\"\n      extract:\n        TASK_ID: \"toolArgs.taskId\"\n    requires:\n      ledger_tag: \"review-subagent:${TASK_ID}\"\n    hook: require-review-subagent-evidence\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"review-subagent:${TASK_ID} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: After running a review subagent against the staged diff, persist its verdict + load-bearing findings as a ledger entry tagged with the task UUID. The content should be self-contained enough to audit later without re-reading the chat.\n    ux:\n      cannot: \"You cannot open a pull request for task ${TASK_ID} yet.\"\n      required:\n        - \"a completed review-subagent pass on this task\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { sessionId: \"${SESSION_ID}\", type: \"fact\", content: \"review-subagent:${TASK_ID} \u2014 <verdict + key findings + nits>\" }'\n\n  # Bash-surface parallel of review-subagent-before-pr-create. Tag shape is\n  # `review-subagent:${BRANCH}` because TASK_ID is an agent-tasks-only\n  # concept; for the gh-cli workflow the working branch is the closest stable\n  # handle for \"the PR-in-progress\" at this point. Same rationale as\n  # review-before-merge-bash: sits alongside the MCP variant, not as a\n  # replacement.\n  - name: review-subagent-before-pr-create-bash\n    description: Block `gh pr create` unless a review-subagent ledger entry tagged review-subagent:<branch> exists for this session. Forces the rigorous review BEFORE the PR opens.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*gh pr create\\b'\n    requires:\n      ledger_tag: \"review-subagent:${BRANCH}\"\n    hook: require-review-subagent-evidence-bash\n    enforcement: block\n    producers:\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"review-subagent:${BRANCH} \u2014 <verdict + key findings + nits>\", source:\"Agent(general-purpose) review\"}'\n        description: After running a review subagent against the staged diff for the working branch, persist its verdict + load-bearing findings as a ledger entry tagged with the branch name. Mirror of the review-subagent-before-pr-create producer for the gh-cli surface.\n    ux:\n      cannot: \"You cannot open a pull request for branch ${BRANCH} via `gh pr create` yet.\"\n      required:\n        - \"a completed review-subagent pass on branch ${BRANCH}\"\n      run:\n        - 'mcp__agent-grounding__ledger_add { sessionId: \"${SESSION_ID}\", type: \"fact\", content: \"review-subagent:${BRANCH} \u2014 <verdict + key findings + nits>\" }'\n\n  - name: preflight-before-push\n    description: Block git push unless a fresh preflight ledger entry exists for the current branch. Catches the stale-checkout class of incident at the last reversible step.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: '(^|\\n|;|\\||&&|\\()\\s*(\\w+=\\S+\\s+)*git( -C \\S+)* push\\b'\n    requires:\n      ledger_tag: \"preflight:${BRANCH}\"\n      within: 10m\n      # at_head:true lets a preflight at the current HEAD satisfy the\n      # gate at any age (the standard producer writes head:<sha> into\n      # the tag content). The 10m window remains the freshness ceiling\n      # for the head-mismatch case (operator switched branch, preflight\n      # predates HEAD shift, runtime couldn't resolve a sha).\n      at_head: true\n    hook: require-preflight-push-evidence\n    enforcement: block\n    producers:\n      - kind: bash\n        command: harness session-start preflight\n        description: Runs agent-preflight against the current cwd; on ready:true, records preflight:${BRANCH} ready:true confidence:<n> head:<sha> to the ledger. Standard producer.\n      - kind: mcp\n        verb: mcp__agent-grounding__ledger_add\n        example: '{sessionId:\"${SESSION_ID}\", type:\"fact\", content:\"preflight:${BRANCH} head:<full-sha> \u2014 <summary of what is on the branch + smoke results>\", source:\"manual\"}'\n        description: Direct ledger write. Include head:<full-sha> if you want the entry to count under at_head; the branch is the WIP review surface and the content should summarise what is staged + the smoke evidence so a reviewer can audit later without re-reading the chat.\n    ux:\n      cannot: \"You cannot push branch ${BRANCH} yet.\"\n      required:\n        - \"a preflight for ${BRANCH} at the current HEAD (any age) OR any preflight within the last 10 minutes. Re-run `harness preflight` if you committed since the last preflight AND it has been more than 10 minutes.\"\n      run:\n        - \"harness preflight\"\n\n# Full inherits the Solo/Team understanding-gate stack: the Stop hook\n# persists each Understanding Report and the PreToolUse pre-tool-use\n# blocker refuses Edit/Write/Bash until the report is approved. Drop\n# this block if you want the reference policies above without the\n# baseline gate.\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n      # Producers (agent-tasks/25bced52): rendered into the gate's deny\n      # envelope by the same engine as policy producers. Constraint at\n      # this layer: at-least-one `ask`. Post-v0.14.0 the gate signal\n      # is a filesystem marker and the mcp ledger_add path no longer\n      # satisfies the gate; the canonical unblock surface is the\n      # operator-approval prompt.\n      producers:\n        - kind: ask\n          command: harness approve understanding\n          description: \"Bare command, no pipes or chaining. The hook recognises it via isEscapeCommand and emits permissionDecision:ask; the operator's go on that prompt IS the gate approval. Golden path.\"\n        - kind: bash\n          command: harness approve understanding\n          description: Same command from any un-hooked terminal (operator only, not reachable from inside the gated session). Writes the canonical marker at harness.generated/.approvals/${SESSION_ID}.\n      # ux (agent-tasks/e48e3b45): replaces the legacy engine-vocabulary\n      # deny envelope with the plain-language { cannot, required, run }\n      # shape. Engine details (the BLOCK reason naming session id /\n      # marker / report state) still land in stderr for operator audit;\n      # the agent only sees this.\n      ux:\n        cannot: \"You cannot use write-capable tools yet.\"\n        required:\n          - \"an approved Understanding Report for this session\"\n        run:\n          - \"Write an Understanding Report covering: Current Understanding, Intended Outcome, Derived Todos, Acceptance Criteria, Assumptions, Open Questions, Out Of Scope, Risks, Verification Plan\"\n          - \"Run `harness approve understanding` and approve the prompt\"\n      # approval_lifecycle (agent-tasks/d8ee60ca + harness/f54e0ecb,\n      # v0.18.0+): expire the approval marker on task-completion\n      # boundaries so a multi-task session re-prompts for an\n      # Understanding Report between tasks. Without this the legacy\n      # \"one approval per session\" contract lets a stale interpretation\n      # drive the next task's edits.\n      #\n      # Full ships both boundary kinds: the agent-tasks MCP verbs for\n      # operators on that workflow, plus a Bash regex list for hybrid\n      # operators who also use gh-cli for PR mechanics. `max_age` is\n      # the safety net. Operators who prefer the legacy per-session\n      # behaviour opt out with `approval_lifecycle: { mode: session }`.\n      # Operators on other task systems override the matchers.\n      approval_lifecycle:\n        expire_on_tool_match:\n          - mcp__agent-tasks__task_finish\n          - mcp__agent-tasks__task_abandon\n          - mcp__agent-tasks__pull_requests_merge\n          - mcp__agent-tasks__tasks_transition\n        expire_on_bash_match:\n          - '^gh pr (merge|close)\\b'\n          - '^git push origin (master|main)\\b'\n        max_age: 4h\n\n  # branch-protection (agent-tasks/2fdc5bbe, default-enabled since v0.17.2):\n  # blocks Write/Edit (claude-code) or apply_patch (codex) on protected\n  # branches (default: master, main, develop). Complements\n  # preflight-before-push, which fires at the LAST reversible step;\n  # branch-protection fires at the FIRST source mutation, catching the\n  # \"forgot to branch off master\" pattern earlier in the cycle.\n  #\n  # Two satisfying signals: a fresh `branch:non-protected:<branch>` tag\n  # from the SessionStart producer (`harness session-start branch-check`),\n  # or a `branch-protection-ack:<reason>` override the operator writes\n  # via mcp__agent-grounding__ledger_add for deliberate protected-branch\n  # edits (version bumps, CI workflow patches, hotfixes).\n  #\n  # Fails closed (any load / parse / ledger error refuses). Disable by\n  # setting `enabled: false` or removing this entry if your workflow\n  # routinely edits master directly. Override the protected list via\n  # `config.protected_branches`. Full reference:\n  # docs/policy-packs/branch-protection.md.\n  - name: branch-protection\n    source: builtin\n    enabled: true\n    description: Block Write/Edit on protected branches (master, main, develop) at the first source mutation.\n    config:\n      # ux (agent-tasks/9806d4f8): replaces the legacy\n      # \"branch-protection: refusing ...\" envelope with the\n      # plain-language { cannot, required, run } shape. Engine details\n      # (the BLOCK reason naming session id / freshness window) stay\n      # on stderr for operator audit.\n      ux:\n        cannot: \"You cannot edit files on protected branch ${BRANCH} yet.\"\n        required:\n          - \"a checkout of a non-protected branch (current `${BRANCH}` is protected)\"\n        run:\n          - \"git checkout -b feat/<your-task>\"\n          - \"harness session-start branch-check\"\n";
 export type TemplateName = "minimal" | "full" | "solo" | "team";
 export declare function getTemplate(name: TemplateName): string;

package/dist/cli/init/templates.js

@@ -241,14 +241,14 @@ policies:
     producers:
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"review:\${PR_NUMBER} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"review:\${PR_NUMBER} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
         description: Spawn a review subagent against the PR diff, capture its verdict, then persist a ledger entry tagged with the PR number. The content should be self-contained enough for an auditor to read without re-opening the chat.
     ux:
       cannot: "You cannot merge PR #\${PR_NUMBER} yet."
       required:
         - "a recorded review of PR #\${PR_NUMBER}"
       run:
-        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "review:\${PR_NUMBER} — <verdict + key findings + nits>" }'
+        - 'mcp__agent-grounding__ledger_add { sessionId: "\${SESSION_ID}", type: "fact", content: "review:\${PR_NUMBER} — <verdict + key findings + nits>" }'
 
   # Bash-surface parallel of review-before-merge for operators on the gh-cli
   # workflow. Two scope notes:
@@ -274,14 +274,14 @@ policies:
     producers:
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"review:\${BRANCH} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"review:\${BRANCH} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
         description: Spawn a review subagent against the branch diff, capture its verdict, then persist a ledger entry tagged with the branch name. Mirror of the review-before-merge producer for the gh-cli surface.
     ux:
       cannot: "You cannot merge the PR for branch \${BRANCH} via \`gh pr merge\` yet."
       required:
         - "a recorded review of the PR for branch \${BRANCH}"
       run:
-        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "review:\${BRANCH} — <verdict + key findings + nits>" }'
+        - 'mcp__agent-grounding__ledger_add { sessionId: "\${SESSION_ID}", type: "fact", content: "review:\${BRANCH} — <verdict + key findings + nits>" }'
 
   - name: dogfood-before-release
     description: Block npm publish / git tag v* without a recent dogfood ledger entry.
@@ -297,14 +297,14 @@ policies:
     producers:
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"dogfood:\${SESSION_ID} — <end-to-end smoke summary against the live system>", source:"manual smoke test"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"dogfood:\${SESSION_ID} — <end-to-end smoke summary against the live system>", source:"manual smoke test"}'
         description: Before tagging or publishing, run the release path end-to-end against the live system (not just unit tests) and persist the result as a session-tagged ledger entry. Document what you exercised (install, CLI happy path, MCP handshake, etc.) so a future auditor can tell whether the smoke covered the change.
     ux:
       cannot: "You cannot publish a release yet."
       required:
         - "an end-to-end dogfood run in this session"
       run:
-        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "dogfood:\${SESSION_ID} — <end-to-end smoke summary>" }'
+        - 'mcp__agent-grounding__ledger_add { sessionId: "\${SESSION_ID}", type: "fact", content: "dogfood:\${SESSION_ID} — <end-to-end smoke summary>" }'
 
   - name: two-reviewers-required
     description: At least two distinct reviewer ledger entries must exist for the PR.
@@ -322,7 +322,7 @@ policies:
     producers:
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"review:\${PR_NUMBER} — <verdict + key findings + nits>", source:"Agent(general-purpose) review (reviewer 2)"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"review:\${PR_NUMBER} — <verdict + key findings + nits>", source:"Agent(general-purpose) review (reviewer 2)"}'
         description: Same shape as review-before-merge but TWO DISTINCT reviewer entries must exist before the gate is satisfied (count.min 2). Distinguish reviewers by source so the count is honest. Warn-level enforcement, so the agent CAN merge with one reviewer but should consider spawning a second for load-bearing changes.
 
   - name: preflight-before-investigation
@@ -342,7 +342,7 @@ policies:
         description: Runs agent-preflight against the current cwd; on ready:true, records preflight:\${REPO} to the ledger. Standard producer.
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"preflight:\${REPO}", source:"manual"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"preflight:\${REPO}", source:"manual"}'
         description: Direct ledger write. Use when the Bash hook is locked down (e.g. understanding-gate active) or when the standard producer is unavailable.
     ux:
       cannot: "You cannot investigate this repository yet."
@@ -365,14 +365,14 @@ policies:
     producers:
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"review-subagent:\${TASK_ID} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"review-subagent:\${TASK_ID} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
         description: After running a review subagent against the staged diff, persist its verdict + load-bearing findings as a ledger entry tagged with the task UUID. The content should be self-contained enough to audit later without re-reading the chat.
     ux:
       cannot: "You cannot open a pull request for task \${TASK_ID} yet."
       required:
         - "a completed review-subagent pass on this task"
       run:
-        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "review-subagent:\${TASK_ID} — <verdict + key findings + nits>" }'
+        - 'mcp__agent-grounding__ledger_add { sessionId: "\${SESSION_ID}", type: "fact", content: "review-subagent:\${TASK_ID} — <verdict + key findings + nits>" }'
 
   # Bash-surface parallel of review-subagent-before-pr-create. Tag shape is
   # \`review-subagent:\${BRANCH}\` because TASK_ID is an agent-tasks-only
@@ -393,14 +393,14 @@ policies:
     producers:
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"review-subagent:\${BRANCH} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"review-subagent:\${BRANCH} — <verdict + key findings + nits>", source:"Agent(general-purpose) review"}'
         description: After running a review subagent against the staged diff for the working branch, persist its verdict + load-bearing findings as a ledger entry tagged with the branch name. Mirror of the review-subagent-before-pr-create producer for the gh-cli surface.
     ux:
       cannot: "You cannot open a pull request for branch \${BRANCH} via \`gh pr create\` yet."
       required:
         - "a completed review-subagent pass on branch \${BRANCH}"
       run:
-        - 'mcp__agent-grounding__ledger_add { type: "fact", content: "review-subagent:\${BRANCH} — <verdict + key findings + nits>" }'
+        - 'mcp__agent-grounding__ledger_add { sessionId: "\${SESSION_ID}", type: "fact", content: "review-subagent:\${BRANCH} — <verdict + key findings + nits>" }'
 
   - name: preflight-before-push
     description: Block git push unless a fresh preflight ledger entry exists for the current branch. Catches the stale-checkout class of incident at the last reversible step.
@@ -425,7 +425,7 @@ policies:
         description: Runs agent-preflight against the current cwd; on ready:true, records preflight:\${BRANCH} ready:true confidence:<n> head:<sha> to the ledger. Standard producer.
       - kind: mcp
         verb: mcp__agent-grounding__ledger_add
-        example: '{type:"fact", content:"preflight:\${BRANCH} head:<full-sha> — <summary of what is on the branch + smoke results>", source:"manual"}'
+        example: '{sessionId:"\${SESSION_ID}", type:"fact", content:"preflight:\${BRANCH} head:<full-sha> — <summary of what is on the branch + smoke results>", source:"manual"}'
         description: Direct ledger write. Include head:<full-sha> if you want the entry to count under at_head; the branch is the WIP review surface and the content should summarise what is staged + the smoke evidence so a reviewer can audit later without re-reading the chat.
     ux:
       cannot: "You cannot push branch \${BRANCH} yet."

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lannguyensi/harness",
-  "version": "0.23.1",
+  "version": "0.23.2",
   "description": "Declarative control plane for agent harnesses — one YAML for grounding, tools, memory, and hooks.",
   "license": "MIT",
   "homepage": "https://github.com/LanNguyenSi/harness",