@lannguyensi/harness 0.34.0 → 0.36.0

package/dist/{cli/pack → runtime}/read-only-bash.js

@@ -1,5 +1,10 @@
-// Read-only Bash command classifier for the understanding-gate
-// PreToolUse blocker.
+// Read-only Bash command classifier, shared by two gates that must not
+// fail-close on a command that mutates nothing: the understanding-gate
+// PreToolUse blocker (allows a provably read-only Bash command without
+// an approved report) and the Risk Classifier's read-only floor
+// (classifies one as `low` instead of fail-closed unclassified). Lives
+// in runtime/ so both the cli/pack hooks and the runtime classifier
+// import it without a cli -> runtime layering inversion.
 //
 // The pack's hook matcher `Edit|Write|Bash` is too broad on its own:
 // `Bash` covers commands like `git status`, `gh pr view`, `ls`, `cat`
@@ -24,25 +29,57 @@
 //   this without a separate write-binary deny list (the meta-chars
 //   are how a write would be smuggled into a "read-only" command in
 //   the first place).
+// - Some bins are not admitted to the simple unconditional allowlist
+//   because they can write via their own flags or operands without any
+//   shell metacharacter. `find` is the canonical example (guarded by
+//   `FIND_WRITE_FLAGS`). `sort`, `tree`, and `file` receive the same
+//   per-bin write-flag guard: their read forms are classified read-only
+//   when none of their write flags appear in the token list. `uniq`,
+//   `date`, and `hostname` are excluded entirely because their write
+//   vectors are positional operands or cluster-ambiguous flag chars
+//   that cannot be detected cleanly (see `SIMPLE_READ_ONLY_BINS`).
 //
-// This module is the canonical home for the classification. The
-// harness pack hook is the superset blocker today, so the classifier
-// lives here rather than in the @lannguyensi/understanding-gate
-// package. If the package adds a parallel classifier in the future,
-// it should mirror this allowlist verbatim, not diverge.
+// This module is the canonical home for the classification within
+// harness. If the @lannguyensi/understanding-gate package adds a
+// parallel classifier in the future, it should mirror this allowlist
+// verbatim, not diverge.
 /**
  * Single-token read-only binaries. Each accepts arguments without
  * changing classification: `ls -la /tmp` is still read-only.
+ *
+ * Deliberately EXCLUDED because their write vector is not a clean flag:
+ *
+ * `uniq`: a second positional operand is the output file. Detecting a
+ * write requires positional-operand counting, which is out of scope for
+ * a token-scan classifier.
+ *
+ * `date`: `-s` sets the system clock, but the `-s` character appears
+ * inside getopt clusters shared with benign flags (`-Iseconds` is parsed
+ * by GNU date as `-I FMT=seconds`, not `-I -s econds`). A char-in-
+ * cluster check would produce false positives on read-only date forms,
+ * and false negatives on combined forms like `-us`.
+ *
+ * `hostname`: `hostname NAME` sets the hostname via a positional operand,
+ * not a flag. Detecting the write requires positional-operand counting.
+ *
+ * `sort`, `tree`, and `file` are NOT in this set but each gets a per-bin
+ * write-flag guard below (like `find`): each has an enumerable set of
+ * write/exec flags detectable by scanning tokens without counting
+ * positional operands. The guard must cover EVERY write/exec vector, not
+ * just output redirection: sort guards `-o` / `--output` (output),
+ * `--compress-program` (runs an arbitrary program on spill files), and
+ * `-T` / `--temporary-directory` (scratch write); tree guards `-o` /
+ * `--output`; file guards `-C` / `--compile`.
  */
 const SIMPLE_READ_ONLY_BINS = new Set([
     "ls", "cat", "pwd", "which", "type",
     "grep", "rg", "wc",
-    "head", "tail", "file", "stat", "tree", "du", "df",
-    "ps", "whoami", "id", "date", "echo", "printenv",
-    "true", "false", "uptime", "hostname", "uname", "tty",
+    "head", "tail", "stat", "du", "df",
+    "ps", "whoami", "id", "echo", "printenv",
+    "true", "false", "uptime", "uname", "tty",
     "basename", "dirname", "realpath", "readlink",
     "less", "more", "cmp", "diff", "comm",
-    "sort", "uniq", "cut", "tr", "tac", "rev",
+    "cut", "tr", "tac", "rev",
 ]);
 /**
  * `find` flags that make `find` itself a write tool, regardless of
@@ -181,6 +218,72 @@ export function isReadOnlyBashCommand(command) {
         return false;
     return classifyTokens(trimmed.split(/\s+/));
 }
+/**
+ * Returns true when a token is the output-redirect write flag shared by
+ * `sort` and `tree`: `-o` / `--output`. Cluster detection: in a cluster
+ * like `-rno`, getopt assigns the cluster remainder (or the next argv
+ * token when nothing follows within the cluster) as the output-file
+ * path, so any short cluster containing lowercase `o` after the leading
+ * dash is a write vector. Conservative: a filename token like `foo.txt`
+ * does not start with `-` and is therefore never matched.
+ */
+function isOutputWriteToken(t) {
+    if (t === "--output" || t.startsWith("--output="))
+        return true;
+    // Short flag or cluster: single leading '-' (not '--'), containing
+    // lowercase 'o'. Catches -o, -oFILE, -no, -rno, -rnofoo, etc.
+    return t.startsWith("-") && !t.startsWith("--") && t.slice(1).includes("o");
+}
+/**
+ * Returns true when a token is a write flag for `tree`. tree's only
+ * file-writing vector is the output redirect `-o` / `--output`; it has
+ * no exec or temp-dir flags, so this delegates to `isOutputWriteToken`.
+ */
+function isTreeWriteToken(t) {
+    return isOutputWriteToken(t);
+}
+/**
+ * Returns true when a token is a write OR exec flag for `sort`.
+ *
+ * sort's write surface is larger than output redirection, and the guard
+ * MUST enumerate all of it, not just `-o`. An output-only guard silently
+ * laundered `--compress-program`, which makes sort spawn an arbitrary
+ * program on its spill temp files (an arbitrary-code-execution vector
+ * with no shell metacharacter). The vectors:
+ *   - output:     `-o` / `--output` (see `isOutputWriteToken`).
+ *   - exec:       `--compress-program=PROG` runs PROG on spill files.
+ *   - temp write: `--temporary-directory=DIR` / `-T DIR` writes scratch
+ *                 files to a caller-chosen path.
+ * Short `-T` is detected like `-o`: any short cluster containing `o`
+ * (output) or uppercase `T` (temp dir) is a write vector. This can
+ * over-block a few benign size values (e.g. `-S2T`); over-blocking a
+ * read is acceptable, under-blocking a write is not.
+ */
+function isSortWriteToken(t) {
+    if (t === "--compress-program" || t.startsWith("--compress-program="))
+        return true;
+    if (t === "--temporary-directory" || t.startsWith("--temporary-directory="))
+        return true;
+    if (t === "--output" || t.startsWith("--output="))
+        return true;
+    // Short flag or cluster: '-' (not '--') containing 'o' (output) or
+    // uppercase 'T' (temp dir).
+    return t.startsWith("-") && !t.startsWith("--") && /[oT]/.test(t.slice(1));
+}
+/**
+ * Returns true when a token is a write flag for `file`.
+ * `-C` / `--compile` writes a compiled magic-cache file (`<name>.mgc`).
+ * Lowercase `-c` checks the magic file without writing; only uppercase
+ * `C` triggers a write. Cluster detection: `-bC`, `-Cb`, and `-bCx`
+ * all contain uppercase `C` after the leading dash and are write vectors.
+ */
+function isFileWriteToken(t) {
+    if (t === "--compile" || t.startsWith("--compile="))
+        return true;
+    // Short flag or cluster: single leading '-' (not '--'), containing
+    // uppercase 'C'. Lowercase 'c' is intentionally not matched.
+    return t.startsWith("-") && !t.startsWith("--") && t.slice(1).includes("C");
+}
 /**
  * Classify an already-tokenized, metachar-cleared argv. Factored out
  * of `isReadOnlyBashCommand` so the command-runner special cases
@@ -276,6 +379,30 @@ function classifyTokens(tokens) {
     if (bin === "find") {
         return !tokens.slice(1).some((t) => FIND_WRITE_FLAGS.has(t));
     }
+    // `sort` is read-only ONLY when none of its argv tokens are write or
+    // exec flags: `-o`/`--output` (file output), `--compress-program`
+    // (runs an arbitrary program on spill files), and
+    // `-T`/`--temporary-directory` (scratch write). See `isSortWriteToken`
+    // for the exact detection rules and why the enumeration must cover the
+    // exec vector, not just output redirection.
+    if (bin === "sort") {
+        return !tokens.slice(1).some(isSortWriteToken);
+    }
+    // `tree` is read-only ONLY when none of its argv tokens are output
+    // write flags: `-o FILE` / `--output=FILE` / `--output FILE`, or a
+    // short-flag cluster containing lowercase `o` (e.g. `-rno`). tree has
+    // no exec or temp-dir flags. See `isTreeWriteToken`.
+    if (bin === "tree") {
+        return !tokens.slice(1).some(isTreeWriteToken);
+    }
+    // `file` is read-only ONLY when none of its argv tokens are compile
+    // flags. `-C` / `--compile` writes a compiled magic-cache file;
+    // lowercase `-c` is benign (magic-file check). Any short cluster
+    // containing uppercase `C` (e.g. `-bC`) is a write vector. See
+    // `isFileWriteToken` for the exact detection rules.
+    if (bin === "file") {
+        return !tokens.slice(1).some(isFileWriteToken);
+    }
     // `<bin> --version` / `<bin> --help` shape. Checked BEFORE the
     // per-binary branches so that `git --version`, `gh --version`,
     // `harness --version` all pass through this shape rather than

package/dist/runtime/read-only-bash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-only-bash.js","sourceRoot":"","sources":["../../src/runtime/read-only-bash.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,uEAAuE;AACvE,uEAAuE;AACvE,gEAAgE;AAChE,uEAAuE;AACvE,oEAAoE;AACpE,yDAAyD;AACzD,EAAE;AACF,qEAAqE;AACrE,sEAAsE;AACtE,sEAAsE;AACtE,oEAAoE;AACpE,qEAAqE;AACrE,mEAAmE;AACnE,QAAQ;AACR,EAAE;AACF,mBAAmB;AACnB,oEAAoE;AACpE,kEAAkE;AAClE,sEAAsE;AACtE,iEAAiE;AACjE,qEAAqE;AACrE,qEAAqE;AACrE,kEAAkE;AAClE,4DAA4D;AAC5D,sEAAsE;AACtE,mEAAmE;AACnE,sEAAsE;AACtE,mEAAmE;AACnE,oEAAoE;AACpE,sBAAsB;AACtB,qEAAqE;AACrE,uEAAuE;AACvE,qEAAqE;AACrE,qEAAqE;AACrE,wEAAwE;AACxE,qEAAqE;AACrE,qEAAqE;AACrE,oEAAoE;AACpE,mEAAmE;AACnE,EAAE;AACF,kEAAkE;AAClE,iEAAiE;AACjE,qEAAqE;AACrE,yBAAyB;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,qBAAqB,GAAwB,IAAI,GAAG,CAAC;IACzD,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM;IACnC,MAAM,EAAE,IAAI,EAAE,IAAI;IAClB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI;IAClC,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU;IACxC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK;IACzC,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IAC7C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACrC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;CAC1B,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;IACpD,SAAS;IACT,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ;IACpC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM;CAC1C,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IACrD,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,IAAI;CACxC,CAAC,CAAC;AACH,mEAAmE;AACnE,MAAM,eAAe,GAAwB,IAAI,GAAG,CAAC;IACnD,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;CAChB,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,sBAAsB,GAAG,+BAA+B,CAAC;AAE/D;;;;;GAKG;AAEH;;;;;;GAMG;AACH,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IACtD,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK;IAChD,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS;IACrD,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU;IACxD,QAAQ,EAAE,UAAU,EAAE,kBAAkB,EAAE,cAAc;IACxD,UAAU,EAAE,YAAY,EAAE,UAAU;CACrC,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IACtD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;CAC3C,CAAC,CAAC;AACH,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IACtD,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS;IAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU;CACtC,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IAC1D,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS;IACxD,MAAM,EAAE,QAAQ,EAAE,OAAO;CAC1B,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,qBAAqB,GAAwB,IAAI,GAAG,CAAC;IACzD,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI;CACxC,CAAC,CAAC;AAEH;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,OAAO,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAEjC,mEAAmE;IACnE,gEAAgE;IAChE,gEAAgE;IAChE,0DAA0D;IAC1D,gEAAgE;IAChE,kDAAkD;IAClD,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzC,OAAO,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,CAAS;IACnC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/D,mEAAmE;IACnE,8DAA8D;IAC9D,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,CAAS;IACjC,OAAO,kBAAkB,CAAC,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,CAAC,KAAK,oBAAoB,IAAI,CAAC,CAAC,UAAU,CAAC,qBAAqB,CAAC;QAAE,OAAO,IAAI,CAAC;IACnF,IAAI,CAAC,KAAK,uBAAuB,IAAI,CAAC,CAAC,UAAU,CAAC,wBAAwB,CAAC;QAAE,OAAO,IAAI,CAAC;IACzF,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/D,mEAAmE;IACnE,4BAA4B;IAC5B,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;;GAMG;AACH,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,mEAAmE;IACnE,6DAA6D;IAC7D,OAAO,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,MAAyB;IAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,qEAAqE;IACrE,mEAAmE;IACnE,mEAAmE;IACnE,oEAAoE;IACpE,kEAAkE;IAClE,6DAA6D;IAC7D,iDAAiD;IACjD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI;gBAAE,MAAM;YAC/D,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,UAAU,GAAG,IAAI,CAAC;QACxC,CAAC;QACD,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,UAAU;YAAE,OAAO,IAAI,CAAC;QAC5B,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,CAAC,iBAAiB;QACtD,OAAO,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,mEAAmE;IACnE,+DAA+D;IAC/D,gEAAgE;IAChE,oEAAoE;IACpE,qEAAqE;IACrE,mCAAmC;IACnC,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,KAAK,SAAS;gBAAE,MAAM;YAC3B,iEAAiE;YACjE,kDAAkD;YAClD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACjD,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,MAAM;YAAC,CAAC;YAClC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACjD,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACnD,gEAAgE;YAChE,yBAAyB;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAChE,4DAA4D;YAC5D,kBAAkB;YAClB,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC5C,+DAA+D;YAC/D,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACnF,MAAM;QACR,CAAC;QACD,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,CAAC,gCAAgC;QACrE,OAAO,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,kEAAkE;IAClE,iEAAiE;IACjE,gEAAgE;IAChE,+DAA+D;IAC/D,gEAAgE;IAChE,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,qEAAqE;IACrE,kEAAkE;IAClE,kDAAkD;IAClD,uEAAuE;IACvE,uEAAuE;IACvE,4CAA4C;IAC5C,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACjD,CAAC;IAED,mEAAmE;IACnE,mEAAmE;IACnE,sEAAsE;IACtE,qDAAqD;IACrD,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACjD,CAAC;IAED,oEAAoE;IACpE,gEAAgE;IAChE,iEAAiE;IACjE,+DAA+D;IAC/D,oDAAoD;IACpD,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACjD,CAAC;IAED,+DAA+D;IAC/D,+DAA+D;IAC/D,8DAA8D;IAC9D,2DAA2D;IAC3D,wDAAwD;IACxD,8DAA8D;IAC9D,kEAAkE;IAClE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvE,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEtD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAE9D,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/runtime/reject-malformed-session-id.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Reject sessionIds that would escape their intended namespace via path
+ * traversal or directory separators. The value lands in a path.join verbatim;
+ * an accidental `..` or `/` would otherwise reach a sibling directory. This is
+ * defensive (session ids come from the Claude Code runtime, not direct user
+ * input) but pins the trust boundary.
+ */
+export declare function rejectMalformedSessionId(sessionId: string): void;

package/dist/runtime/reject-malformed-session-id.js

@@ -0,0 +1,16 @@
+/**
+ * Reject sessionIds that would escape their intended namespace via path
+ * traversal or directory separators. The value lands in a path.join verbatim;
+ * an accidental `..` or `/` would otherwise reach a sibling directory. This is
+ * defensive (session ids come from the Claude Code runtime, not direct user
+ * input) but pins the trust boundary.
+ */
+export function rejectMalformedSessionId(sessionId) {
+    if (sessionId.trim().length === 0) {
+        throw new Error("sessionId is empty or blank");
+    }
+    if (sessionId.includes("/") || sessionId.includes("\\") || sessionId.includes("..")) {
+        throw new Error(`sessionId contains path-separator or traversal characters: ${JSON.stringify(sessionId)}`);
+    }
+}
+//# sourceMappingURL=reject-malformed-session-id.js.map

package/dist/runtime/reject-malformed-session-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reject-malformed-session-id.js","sourceRoot":"","sources":["../../src/runtime/reject-malformed-session-id.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CAAC,SAAiB;IACxD,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpF,MAAM,IAAI,KAAK,CACb,8DAA8D,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAC1F,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/runtime/risk-classifier.js

@@ -5,9 +5,9 @@
 // Gate stage that reads the `risk:` schema vocabulary shipped in
 // Phase 7 #1.
 //
-// STATUS: invoked by `harness test-risk` (Phase 7 #3). NOT yet consumed
-// by `harness policy intercept` — wiring the runtime through the
-// classifier is Phase 7 #5. See docs/risk-gate.md and docs/ROADMAP.md.
+// STATUS: consumed by `harness policy intercept` (Phase 7 #5) and by the
+// `harness test-risk` debug verb (Phase 7 #3). See docs/risk-gate.md and
+// docs/ROADMAP.md.
 //
 // "Unknown is not safe": an envelope no pattern matches yields a
 // profile with `classified: false` and `severity: null`, deliberately
@@ -25,6 +25,7 @@
 // (design phase B).
 import { RiskSeveritySchema } from "../schema/index.js";
 import { expandToolNameAliases, extractShellCommand } from "./tool-name-aliases.js";
+import { isReadOnlyBashCommand } from "./read-only-bash.js";
 // Ordered severity scale: a value's index here is the comparison key
 // for "highest matched severity wins". Sourced from the schema enum so
 // a future reordering there flows through unchanged.
@@ -170,19 +171,45 @@ export function classifyRisk(envelope, classifiers) {
                 `severity ${pat.severity}, categories [${pat.categories.join(", ")}]`);
         }
     }
-    // Built-in benign-harness floor (see BENIGN_HARNESS_COMMAND above).
-    // Folded in AFTER the operator loop so it composes by the same
-    // highest-severity-wins rule: it only raises an otherwise-unclassified
-    // action up to `low`, and never sinks an operator match (a dangerous
-    // tail in `harness preflight && rm -rf /var` keeps the higher
-    // severity). Gated on a real shell command so a non-shell tool whose
-    // serialized input happens to start with "harness" cannot match.
+    // Built-in benign floors (the harness meta-command floor and the
+    // read-only-command floor). Folded in AFTER the operator loop so they
+    // compose by the same highest-severity-wins rule: each only raises an
+    // otherwise-unclassified action up to `low`, and never sinks an
+    // operator match (a dangerous tail in `harness preflight && rm -rf
+    // /var` keeps the higher severity, and a chained command is not
+    // read-only). Both are gated on a real shell command so a non-shell
+    // tool whose serialized input happens to look benign cannot match.
     const shellCommand = extractShellCommand({ raw_input: envelope.raw_input });
-    if (shellCommand !== null && BENIGN_HARNESS_COMMAND.test(subject)) {
+    if (shellCommand !== null) {
         const lowIdx = SEVERITY_ORDER.indexOf("low");
         if (lowIdx > severityIdx) {
-            severityIdx = lowIdx;
-            reasons.push("built-in: benign harness meta-command recognized (severity low)");
+            if (BENIGN_HARNESS_COMMAND.test(subject)) {
+                // harness's own benign meta-commands (head-anchored; see
+                // BENIGN_HARNESS_COMMAND). Broader than the read-only floor: it
+                // also floors gate-PRODUCER commands like `harness preflight`
+                // and `harness approve`, which the understanding-gate read-only
+                // classifier deliberately excludes.
+                severityIdx = lowIdx;
+                reasons.push("built-in: benign harness meta-command recognized (severity low)");
+            }
+            else if (isReadOnlyBashCommand(shellCommand)) {
+                // Any provably read-only command (`git status`, `grep`, `cat`,
+                // ...). Without this floor, "unknown is not safe" treats it as
+                // risk-bearing and a prod-scoped `risk.severity_at_least` policy
+                // denies harmless reads on a main / release branch (the recurring
+                // release-cut false-positive). The shared classifier already
+                // rejects any chaining / redirection / substitution, so a metachar
+                // command can never reach this floor.
+                //
+                // Pass the UNCAPPED shellCommand, not the 16 KiB-capped `subject`:
+                // isReadOnlyBashCommand scans the whole string for write
+                // metacharacters, so a tail truncated by the cap (e.g. a hidden
+                // `; rm -rf /` past 16 KiB) must not be able to launder a write
+                // behind a read-only head. The classifier's checks are linear-time,
+                // so the uncapped scan carries no ReDoS risk.
+                severityIdx = lowIdx;
+                reasons.push("built-in: provably read-only command recognized (severity low)");
+            }
         }
     }
     if (severityIdx === -1) {

package/dist/runtime/risk-classifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"risk-classifier.js","sourceRoot":"","sources":["../../src/runtime/risk-classifier.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,EAAE;AACF,kEAAkE;AAClE,qEAAqE;AACrE,iEAAiE;AACjE,cAAc;AACd,EAAE;AACF,wEAAwE;AACxE,iEAAiE;AACjE,uEAAuE;AACvE,EAAE;AACF,iEAAiE;AACjE,sEAAsE;AACtE,oEAAoE;AACpE,uEAAuE;AACvE,sEAAsE;AACtE,YAAY;AACZ,EAAE;AACF,wEAAwE;AACxE,yEAAyE;AACzE,qEAAqE;AACrE,iEAAiE;AACjE,EAAE;AACF,yEAAyE;AACzE,oBAAoB;AAOpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAEpF,qEAAqE;AACrE,uEAAuE;AACvE,qDAAqD;AACrD,MAAM,cAAc,GAA4B,kBAAkB,CAAC,OAAO,CAAC;AAE3E,uEAAuE;AACvE,mEAAmE;AACnE,mEAAmE;AACnE,qEAAqE;AACrE,oEAAoE;AACpE,uEAAuE;AACvE,wDAAwD;AACxD,MAAM,uBAAuB,GAA8B,IAAI,GAAG,CAChE,CAAC,qBAAqB,EAAE,WAAW,EAAE,aAAa,CAAC,CACpD,CAAC;AAEF,yCAAyC;AACzC,EAAE;AACF,yEAAyE;AACzE,iEAAiE;AACjE,uEAAuE;AACvE,iEAAiE;AACjE,uEAAuE;AACvE,gEAAgE;AAChE,yEAAyE;AACzE,wEAAwE;AACxE,uEAAuE;AACvE,mCAAmC;AACnC,EAAE;AACF,+DAA+D;AAC/D,4DAA4D;AAC5D,sEAAsE;AACtE,wEAAwE;AACxE,wEAAwE;AACxE,yEAAyE;AACzE,uEAAuE;AACvE,wEAAwE;AACxE,yEAAyE;AACzE,0DAA0D;AAC1D,MAAM,0BAA0B,GAAsB;IACpD,WAAW;IACX,eAAe;IACf,SAAS;IACT,QAAQ;IACR,UAAU;IACV,UAAU;IACV,MAAM;IACN,MAAM;IACN,SAAS;IACT,gBAAgB;IAChB,gBAAgB;IAChB,WAAW;IACX,aAAa;IACb,OAAO;IACP,gBAAgB;IAChB,SAAS;IACT,QAAQ;IACR,MAAM;CACP,CAAC;AAEF,MAAM,sBAAsB,GAAG,IAAI,MAAM,CACvC,sBAAsB,0BAA0B,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CACjE,CAAC;AA+BF,wEAAwE;AACxE,wEAAwE;AACxE,yEAAyE;AACzE,sEAAsE;AACtE,yEAAyE;AACzE,qEAAqE;AACrE,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,yEAAyE;AACzE,0DAA0D;AAC1D,0EAA0E;AAC1E,EAAE;AACF,sEAAsE;AACtE,sEAAsE;AACtE,sEAAsE;AACtE,uEAAuE;AACvE,oEAAoE;AACpE,MAAM,kBAAkB,GAAG,EAAE,GAAG,IAAI,CAAC;AAErC;;;;;;;GAOG;AACH,SAAS,UAAU,CAAC,QAAwB;IAC1C,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACxC,OAAO,OAAO,CAAC,MAAM,GAAG,kBAAkB;QACxC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC;QACtC,CAAC,CAAC,OAAO,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,QAAwB;IAC7C,MAAM,OAAO,GAAG,mBAAmB,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IACvE,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,OAAO,CAAC;IACrC,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC;IAC/B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACjD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,SAAS,iBAAiB,CACxB,UAA0B,EAC1B,QAAwB;IAExB,OAAO,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,QAAwB,EACxB,WAAsC;IAEtC,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAgB,CAAC;IAC3C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;IAErB,KAAK,MAAM,UAAU,IAAI,UAAU,EAAE,CAAC;QACpC,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,EAAU,CAAC;YACf,IAAI,CAAC;gBACH,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;gBAChE,2DAA2D;gBAC3D,SAAS;YACX,CAAC;YACD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,SAAS;YAChC,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU;gBAAE,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjD,IAAI,GAAG,GAAG,WAAW;gBAAE,WAAW,GAAG,GAAG,CAAC;YACzC,OAAO,CAAC,IAAI,CACV,eAAe,UAAU,CAAC,IAAI,cAAc,GAAG,CAAC,OAAO,aAAa;gBAClE,YAAY,GAAG,CAAC,QAAQ,iBAAiB,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,+DAA+D;IAC/D,uEAAuE;IACvE,qEAAqE;IACrE,8DAA8D;IAC9D,qEAAqE;IACrE,iEAAiE;IACjE,MAAM,YAAY,GAAG,mBAAmB,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5E,IAAI,YAAY,KAAK,IAAI,IAAI,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClE,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,MAAM,GAAG,WAAW,EAAE,CAAC;YACzB,WAAW,GAAG,MAAM,CAAC;YACrB,OAAO,CAAC,IAAI,CACV,iEAAiE,CAClE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,UAAU,CAAC,MAAM,KAAK,CAAC;oBACrB,CAAC,CAAC,4CAA4C,QAAQ,CAAC,IAAI,GAAG;oBAC9D,CAAC,CAAC,sDAAsD,QAAQ,CAAC,IAAI,GAAG;aAC3E;SACF,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,cAAc,CAAC,WAAW,CAAE;QACtC,UAAU,EAAE,gBAAgB;QAC5B,UAAU,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACzE,UAAU,EAAE,MAAM;QAClB,OAAO;KACR,CAAC;AACJ,CAAC"}
+{"version":3,"file":"risk-classifier.js","sourceRoot":"","sources":["../../src/runtime/risk-classifier.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,EAAE;AACF,kEAAkE;AAClE,qEAAqE;AACrE,iEAAiE;AACjE,cAAc;AACd,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,mBAAmB;AACnB,EAAE;AACF,iEAAiE;AACjE,sEAAsE;AACtE,oEAAoE;AACpE,uEAAuE;AACvE,sEAAsE;AACtE,YAAY;AACZ,EAAE;AACF,wEAAwE;AACxE,yEAAyE;AACzE,qEAAqE;AACrE,iEAAiE;AACjE,EAAE;AACF,yEAAyE;AACzE,oBAAoB;AAOpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AACpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAE5D,qEAAqE;AACrE,uEAAuE;AACvE,qDAAqD;AACrD,MAAM,cAAc,GAA4B,kBAAkB,CAAC,OAAO,CAAC;AAE3E,uEAAuE;AACvE,mEAAmE;AACnE,mEAAmE;AACnE,qEAAqE;AACrE,oEAAoE;AACpE,uEAAuE;AACvE,wDAAwD;AACxD,MAAM,uBAAuB,GAA8B,IAAI,GAAG,CAChE,CAAC,qBAAqB,EAAE,WAAW,EAAE,aAAa,CAAC,CACpD,CAAC;AAEF,yCAAyC;AACzC,EAAE;AACF,yEAAyE;AACzE,iEAAiE;AACjE,uEAAuE;AACvE,iEAAiE;AACjE,uEAAuE;AACvE,gEAAgE;AAChE,yEAAyE;AACzE,wEAAwE;AACxE,uEAAuE;AACvE,mCAAmC;AACnC,EAAE;AACF,+DAA+D;AAC/D,4DAA4D;AAC5D,sEAAsE;AACtE,wEAAwE;AACxE,wEAAwE;AACxE,yEAAyE;AACzE,uEAAuE;AACvE,wEAAwE;AACxE,yEAAyE;AACzE,0DAA0D;AAC1D,MAAM,0BAA0B,GAAsB;IACpD,WAAW;IACX,eAAe;IACf,SAAS;IACT,QAAQ;IACR,UAAU;IACV,UAAU;IACV,MAAM;IACN,MAAM;IACN,SAAS;IACT,gBAAgB;IAChB,gBAAgB;IAChB,WAAW;IACX,aAAa;IACb,OAAO;IACP,gBAAgB;IAChB,SAAS;IACT,QAAQ;IACR,MAAM;CACP,CAAC;AAEF,MAAM,sBAAsB,GAAG,IAAI,MAAM,CACvC,sBAAsB,0BAA0B,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CACjE,CAAC;AA+BF,wEAAwE;AACxE,wEAAwE;AACxE,yEAAyE;AACzE,sEAAsE;AACtE,yEAAyE;AACzE,qEAAqE;AACrE,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,yEAAyE;AACzE,0DAA0D;AAC1D,0EAA0E;AAC1E,EAAE;AACF,sEAAsE;AACtE,sEAAsE;AACtE,sEAAsE;AACtE,uEAAuE;AACvE,oEAAoE;AACpE,MAAM,kBAAkB,GAAG,EAAE,GAAG,IAAI,CAAC;AAErC;;;;;;;GAOG;AACH,SAAS,UAAU,CAAC,QAAwB;IAC1C,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACxC,OAAO,OAAO,CAAC,MAAM,GAAG,kBAAkB;QACxC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC;QACtC,CAAC,CAAC,OAAO,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,QAAwB;IAC7C,MAAM,OAAO,GAAG,mBAAmB,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IACvE,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,OAAO,CAAC;IACrC,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC;IAC/B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACjD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,SAAS,iBAAiB,CACxB,UAA0B,EAC1B,QAAwB;IAExB,OAAO,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,QAAwB,EACxB,WAAsC;IAEtC,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAgB,CAAC;IAC3C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;IAErB,KAAK,MAAM,UAAU,IAAI,UAAU,EAAE,CAAC;QACpC,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,EAAU,CAAC;YACf,IAAI,CAAC;gBACH,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;gBAChE,2DAA2D;gBAC3D,SAAS;YACX,CAAC;YACD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,SAAS;YAChC,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU;gBAAE,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjD,IAAI,GAAG,GAAG,WAAW;gBAAE,WAAW,GAAG,GAAG,CAAC;YACzC,OAAO,CAAC,IAAI,CACV,eAAe,UAAU,CAAC,IAAI,cAAc,GAAG,CAAC,OAAO,aAAa;gBAClE,YAAY,GAAG,CAAC,QAAQ,iBAAiB,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,sEAAsE;IACtE,sEAAsE;IACtE,gEAAgE;IAChE,mEAAmE;IACnE,gEAAgE;IAChE,oEAAoE;IACpE,mEAAmE;IACnE,MAAM,YAAY,GAAG,mBAAmB,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5E,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,MAAM,GAAG,WAAW,EAAE,CAAC;YACzB,IAAI,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzC,yDAAyD;gBACzD,gEAAgE;gBAChE,8DAA8D;gBAC9D,gEAAgE;gBAChE,oCAAoC;gBACpC,WAAW,GAAG,MAAM,CAAC;gBACrB,OAAO,CAAC,IAAI,CACV,iEAAiE,CAClE,CAAC;YACJ,CAAC;iBAAM,IAAI,qBAAqB,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/C,+DAA+D;gBAC/D,+DAA+D;gBAC/D,iEAAiE;gBACjE,kEAAkE;gBAClE,6DAA6D;gBAC7D,mEAAmE;gBACnE,sCAAsC;gBACtC,EAAE;gBACF,mEAAmE;gBACnE,yDAAyD;gBACzD,gEAAgE;gBAChE,gEAAgE;gBAChE,oEAAoE;gBACpE,8CAA8C;gBAC9C,WAAW,GAAG,MAAM,CAAC;gBACrB,OAAO,CAAC,IAAI,CACV,gEAAgE,CACjE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,UAAU,CAAC,MAAM,KAAK,CAAC;oBACrB,CAAC,CAAC,4CAA4C,QAAQ,CAAC,IAAI,GAAG;oBAC9D,CAAC,CAAC,sDAAsD,QAAQ,CAAC,IAAI,GAAG;aAC3E;SACF,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ,EAAE,cAAc,CAAC,WAAW,CAAE;QACtC,UAAU,EAAE,gBAAgB;QAC5B,UAAU,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACzE,UAAU,EAAE,MAAM;QAClB,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/runtime/session-id.d.ts

@@ -48,3 +48,66 @@ export interface ResolveReadSessionOptions extends DiscoverSessionOptions {
  * per-hook-event filesystem scan would be wasteful.
  */
 export declare function resolveReadSessionId(explicit?: string, opts?: ResolveReadSessionOptions): string;
+/** Session-id source for the `harness approve` verbs. */
+export type ApprovalSessionSource = "flag" | "env-claude-code" | "env-claude" | "env-codex" | "pending-approval" | "newest-report";
+export interface ResolveApprovalSessionIdOptions {
+    /** Explicit --session flag value. Empty string is treated as absent. */
+    session?: string;
+    /** Path to the harness.generated/ directory; used to read .pending-approval. */
+    generatedDir: string;
+    /**
+     * Optional 6th-tier callback. When provided and reached, it is called
+     * once and should return the session id plus the file path of the
+     * freshest qualifying persisted report, or null when none qualifies.
+     * Only `approve understanding` supplies this; `approve risk` and
+     * `approve branch-protection` omit it (they produce no persisted reports).
+     */
+    newestReportFallback?: () => {
+        sessionId: string;
+        filePath: string;
+    } | null;
+    /**
+     * Test seam: override the .pending-approval reader. Defaults to
+     * `readPendingApproval` from pending-approval.ts. Verb-level tests use
+     * real tmp directories and do not need this; unit tests for the resolver
+     * itself use it to avoid creating directories.
+     */
+    readPending?: (dir: string) => string | null;
+}
+export interface ResolveApprovalSessionIdResult {
+    /**
+     * The resolved session id, or an empty string when no tier matched.
+     * Callers MUST check for the empty string and throw a verb-specific
+     * error. The empty-string path is intentional: it lets callers produce
+     * messages that name their own gate hook, approve subcommand, and
+     * recovery steps without the resolver needing to know about them.
+     */
+    sessionId: string;
+    /**
+     * Where the session id came from. When `sessionId` is empty this field
+     * is meaningless (callers throw before returning it to the operator).
+     */
+    sessionSource: ApprovalSessionSource;
+    /**
+     * Set only when `sessionSource === "newest-report"`. The absolute path
+     * of the persisted report whose `sessionId` field was adopted. Surfaced
+     * in the `approve understanding` CLI warning so the operator can verify
+     * the report belongs to their live session.
+     */
+    newestReportPath?: string;
+}
+/**
+ * Shared session-id resolver for the `harness approve` verbs.
+ *
+ * Precedence:
+ *   1. explicit --session flag
+ *   2. $CLAUDE_CODE_SESSION_ID (the var Claude Code exports into the agent shell)
+ *   3. $CLAUDE_SESSION_ID (legacy / docs name; kept for older operator recipes)
+ *   4. $CODEX_SESSION_ID (set inside a live Codex session)
+ *   5. .pending-approval staging file (written by the gate hook or preflight)
+ *   6. newestReportFallback() result -- only understanding.ts uses this tier
+ *
+ * Returns `{ sessionId: "" }` when no tier resolves. The caller is
+ * responsible for throwing a verb-specific HarnessExitError in that case.
+ */
+export declare function resolveApprovalSessionId(opts: ResolveApprovalSessionIdOptions): ResolveApprovalSessionIdResult;

package/dist/runtime/session-id.js

@@ -33,6 +33,7 @@
 import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
+import { readPendingApproval } from "./pending-approval.js";
 const FALLBACK = "default";
 /**
  * Resolve the active grounding session id (WRITE path).
@@ -137,4 +138,56 @@ export function resolveReadSessionId(explicit, opts = {}) {
         return discovered;
     return FALLBACK;
 }
+/**
+ * Shared session-id resolver for the `harness approve` verbs.
+ *
+ * Precedence:
+ *   1. explicit --session flag
+ *   2. $CLAUDE_CODE_SESSION_ID (the var Claude Code exports into the agent shell)
+ *   3. $CLAUDE_SESSION_ID (legacy / docs name; kept for older operator recipes)
+ *   4. $CODEX_SESSION_ID (set inside a live Codex session)
+ *   5. .pending-approval staging file (written by the gate hook or preflight)
+ *   6. newestReportFallback() result -- only understanding.ts uses this tier
+ *
+ * Returns `{ sessionId: "" }` when no tier resolves. The caller is
+ * responsible for throwing a verb-specific HarnessExitError in that case.
+ */
+export function resolveApprovalSessionId(opts) {
+    const readPending = opts.readPending ?? readPendingApproval;
+    if (typeof opts.session === "string" && opts.session.length > 0) {
+        return { sessionId: opts.session, sessionSource: "flag" };
+    }
+    if (typeof process.env.CLAUDE_CODE_SESSION_ID === "string" &&
+        process.env.CLAUDE_CODE_SESSION_ID.length > 0) {
+        return {
+            sessionId: process.env.CLAUDE_CODE_SESSION_ID,
+            sessionSource: "env-claude-code",
+        };
+    }
+    if (typeof process.env.CLAUDE_SESSION_ID === "string" &&
+        process.env.CLAUDE_SESSION_ID.length > 0) {
+        return { sessionId: process.env.CLAUDE_SESSION_ID, sessionSource: "env-claude" };
+    }
+    if (typeof process.env.CODEX_SESSION_ID === "string" &&
+        process.env.CODEX_SESSION_ID.length > 0) {
+        return { sessionId: process.env.CODEX_SESSION_ID, sessionSource: "env-codex" };
+    }
+    const staged = readPending(opts.generatedDir);
+    if (staged !== null) {
+        return { sessionId: staged, sessionSource: "pending-approval" };
+    }
+    if (opts.newestReportFallback !== undefined) {
+        const newest = opts.newestReportFallback();
+        if (newest !== null) {
+            return {
+                sessionId: newest.sessionId,
+                sessionSource: "newest-report",
+                newestReportPath: newest.filePath,
+            };
+        }
+    }
+    // Nothing resolved. Callers check sessionId === "" and throw their own
+    // verb-specific error messages.
+    return { sessionId: "", sessionSource: "flag" };
+}
 //# sourceMappingURL=session-id.js.map

package/dist/runtime/session-id.js.map

@@ -1 +1 @@
-{"version":3,"file":"session-id.js","sourceRoot":"","sources":["../../src/runtime/session-id.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,uEAAuE;AACvE,iEAAiE;AACjE,qEAAqE;AACrE,8DAA8D;AAC9D,wEAAwE;AACxE,iEAAiE;AACjE,oEAAoE;AACpE,aAAa;AACb,EAAE;AACF,uEAAuE;AACvE,mEAAmE;AACnE,sBAAsB;AACtB,yDAAyD;AACzD,4EAA4E;AAC5E,kDAAkD;AAClD,2BAA2B;AAC3B,EAAE;AACF,oEAAoE;AACpE,mEAAmE;AACnE,uEAAuE;AACvE,wEAAwE;AACxE,mEAAmE;AACnE,sEAAsE;AACtE,qEAAqE;AACrE,qEAAqE;AACrE,sCAAsC;AACtC,EAAE;AACF,4EAA4E;AAC5E,+DAA+D;AAC/D,uEAAuE;AAEvE,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,MAAM,QAAQ,GAAG,SAAS,CAAC;AAE3B;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAiB;IAChD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACzE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACnD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACtE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1D,OAAO,QAAQ,CAAC;AAClB,CAAC;AASD,uEAAuE;AACvE,yEAAyE;AACzE,MAAM,qBAAqB,GACzB,0EAA0E,CAAC;AAE7E;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAA+B,EAAE;IAEjC,MAAM,YAAY,GAChB,IAAI,CAAC,YAAY;QACjB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACjE,IAAI,WAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,WAAW,GAAG,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,GAA2C,IAAI,CAAC;IAC1D,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QACjD,IAAI,KAAe,CAAC;QACpB,IAAI,CAAC;YACH,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,wCAAwC;QACpD,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9D,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;gBAChD,MAAM,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,OAAO,EAAE,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;AAC5C,CAAC;AAWD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAAiB,EACjB,OAAkC,EAAE;IAEpC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACzE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACnD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACtE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,uBAAuB,CAAC;IAC1D,MAAM,UAAU,GAAG,QAAQ,CAAC;QAC1B,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;KAC7D,CAAC,CAAC;IACH,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC/E,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"session-id.js","sourceRoot":"","sources":["../../src/runtime/session-id.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,uEAAuE;AACvE,iEAAiE;AACjE,qEAAqE;AACrE,8DAA8D;AAC9D,wEAAwE;AACxE,iEAAiE;AACjE,oEAAoE;AACpE,aAAa;AACb,EAAE;AACF,uEAAuE;AACvE,mEAAmE;AACnE,sBAAsB;AACtB,yDAAyD;AACzD,4EAA4E;AAC5E,kDAAkD;AAClD,2BAA2B;AAC3B,EAAE;AACF,oEAAoE;AACpE,mEAAmE;AACnE,uEAAuE;AACvE,wEAAwE;AACxE,mEAAmE;AACnE,sEAAsE;AACtE,qEAAqE;AACrE,qEAAqE;AACrE,sCAAsC;AACtC,EAAE;AACF,4EAA4E;AAC5E,+DAA+D;AAC/D,uEAAuE;AAEvE,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,QAAQ,GAAG,SAAS,CAAC;AAE3B;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAiB;IAChD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACzE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACnD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACtE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1D,OAAO,QAAQ,CAAC;AAClB,CAAC;AASD,uEAAuE;AACvE,yEAAyE;AACzE,MAAM,qBAAqB,GACzB,0EAA0E,CAAC;AAE7E;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAA+B,EAAE;IAEjC,MAAM,YAAY,GAChB,IAAI,CAAC,YAAY;QACjB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACjE,IAAI,WAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,WAAW,GAAG,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAM,GAA2C,IAAI,CAAC;IAC1D,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QACjD,IAAI,KAAe,CAAC;QACpB,IAAI,CAAC;YACH,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,wCAAwC;QACpD,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9D,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;gBAChD,MAAM,GAAG,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,OAAO,EAAE,CAAC;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;AAC5C,CAAC;AAWD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAAiB,EACjB,OAAkC,EAAE;IAEpC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACzE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACnD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACtE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,uBAAuB,CAAC;IAC1D,MAAM,UAAU,GAAG,QAAQ,CAAC;QAC1B,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;KAC7D,CAAC,CAAC;IACH,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC/E,OAAO,QAAQ,CAAC;AAClB,CAAC;AAqED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAAqC;IAErC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,mBAAmB,CAAC;IAE5D,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;IAC5D,CAAC;IACD,IACE,OAAO,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,QAAQ;QACtD,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAC7C,CAAC;QACD,OAAO;YACL,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;YAC7C,aAAa,EAAE,iBAAiB;SACjC,CAAC;IACJ,CAAC;IACD,IACE,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,QAAQ;QACjD,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EACxC,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;IACnF,CAAC;IACD,IACE,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,QAAQ;QAChD,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EACvC,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;IACjF,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC3C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO;gBACL,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,aAAa,EAAE,eAAe;gBAC9B,gBAAgB,EAAE,MAAM,CAAC,QAAQ;aAClC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,gCAAgC;IAChC,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;AAClD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lannguyensi/harness",
-  "version": "0.34.0",
+  "version": "0.36.0",
   "description": "Declarative control plane for agent harnesses — one YAML for grounding, tools, memory, and hooks.",
   "license": "MIT",
   "homepage": "https://github.com/LanNguyenSi/harness",
@@ -58,7 +58,7 @@
     "@types/node": "^22.0.0",
     "@types/proper-lockfile": "^4.1.4",
     "@vitest/coverage-v8": "^4.1.4",
-    "tsx": "^4.19.0",
+    "tsx": "^4.22.4",
     "typescript": "^5.7.0",
     "vitest": "^4.1.4"
   },

package/dist/cli/pack/read-only-bash.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"read-only-bash.js","sourceRoot":"","sources":["../../../src/cli/pack/read-only-bash.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,sBAAsB;AACtB,EAAE;AACF,qEAAqE;AACrE,sEAAsE;AACtE,sEAAsE;AACtE,oEAAoE;AACpE,qEAAqE;AACrE,mEAAmE;AACnE,QAAQ;AACR,EAAE;AACF,mBAAmB;AACnB,oEAAoE;AACpE,kEAAkE;AAClE,sEAAsE;AACtE,iEAAiE;AACjE,qEAAqE;AACrE,qEAAqE;AACrE,kEAAkE;AAClE,4DAA4D;AAC5D,sEAAsE;AACtE,mEAAmE;AACnE,sEAAsE;AACtE,mEAAmE;AACnE,oEAAoE;AACpE,sBAAsB;AACtB,EAAE;AACF,gEAAgE;AAChE,qEAAqE;AACrE,gEAAgE;AAChE,oEAAoE;AACpE,yDAAyD;AAEzD;;;GAGG;AACH,MAAM,qBAAqB,GAAwB,IAAI,GAAG,CAAC;IACzD,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM;IACnC,MAAM,EAAE,IAAI,EAAE,IAAI;IAClB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI;IAClD,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU;IAChD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK;IACrD,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU;IAC7C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACrC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK;CAC1C,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;IACpD,SAAS;IACT,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ;IACpC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM;CAC1C,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IACrD,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,IAAI;CACxC,CAAC,CAAC;AACH,mEAAmE;AACnE,MAAM,eAAe,GAAwB,IAAI,GAAG,CAAC;IACnD,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,SAAS;CAChB,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,sBAAsB,GAAG,+BAA+B,CAAC;AAE/D;;;;;GAKG;AAEH;;;;;;GAMG;AACH,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IACtD,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK;IAChD,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS;IACrD,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU;IACxD,QAAQ,EAAE,UAAU,EAAE,kBAAkB,EAAE,cAAc;IACxD,UAAU,EAAE,YAAY,EAAE,UAAU;CACrC,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IACtD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;CAC3C,CAAC,CAAC;AACH,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IACtD,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS;IAC3C,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU;CACtC,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IAC1D,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS;IACxD,MAAM,EAAE,QAAQ,EAAE,OAAO;CAC1B,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,qBAAqB,GAAwB,IAAI,GAAG,CAAC;IACzD,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI;CACxC,CAAC,CAAC;AAEH;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,OAAO,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAEjC,mEAAmE;IACnE,gEAAgE;IAChE,gEAAgE;IAChE,0DAA0D;IAC1D,gEAAgE;IAChE,kDAAkD;IAClD,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzC,OAAO,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,MAAyB;IAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE5B,IAAI,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,qEAAqE;IACrE,mEAAmE;IACnE,mEAAmE;IACnE,oEAAoE;IACpE,kEAAkE;IAClE,6DAA6D;IAC7D,iDAAiD;IACjD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI;gBAAE,MAAM;YAC/D,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,UAAU,GAAG,IAAI,CAAC;QACxC,CAAC;QACD,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,UAAU;YAAE,OAAO,IAAI,CAAC;QAC5B,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,CAAC,iBAAiB;QACtD,OAAO,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,mEAAmE;IACnE,+DAA+D;IAC/D,gEAAgE;IAChE,oEAAoE;IACpE,qEAAqE;IACrE,mCAAmC;IACnC,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,KAAK,SAAS;gBAAE,MAAM;YAC3B,iEAAiE;YACjE,kDAAkD;YAClD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACjD,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,MAAM;YAAC,CAAC;YAClC,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACjD,IAAI,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACnD,gEAAgE;YAChE,yBAAyB;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAChE,4DAA4D;YAC5D,kBAAkB;YAClB,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YAC5C,+DAA+D;YAC/D,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACnF,MAAM;QACR,CAAC;QACD,IAAI,CAAC,IAAI,MAAM,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,CAAC,gCAAgC;QACrE,OAAO,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,kEAAkE;IAClE,iEAAiE;IACjE,gEAAgE;IAChE,+DAA+D;IAC/D,gEAAgE;IAChE,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,+DAA+D;IAC/D,+DAA+D;IAC/D,8DAA8D;IAC9D,2DAA2D;IAC3D,wDAAwD;IACxD,8DAA8D;IAC9D,kEAAkE;IAClE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvE,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAEtD,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAE9D,OAAO,KAAK,CAAC;AACf,CAAC"}