npm - @lannguyensi/harness - Versions diffs - 0.5.0 - Mend

@lannguyensi/harness 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

package/CHANGELOG.md +552 -0
package/LICENSE +21 -0
package/README.md +154 -0
package/dist/cli/add/index.d.ts +14 -0
package/dist/cli/add/index.js +71 -0
package/dist/cli/add/index.js.map +1 -0
package/dist/cli/add/mutate.d.ts +39 -0
package/dist/cli/add/mutate.js +36 -0
package/dist/cli/add/mutate.js.map +1 -0
package/dist/cli/adopt/derive.d.ts +38 -0
package/dist/cli/adopt/derive.js +94 -0
package/dist/cli/adopt/derive.js.map +1 -0
package/dist/cli/adopt/index.d.ts +20 -0
package/dist/cli/adopt/index.js +156 -0
package/dist/cli/adopt/index.js.map +1 -0
package/dist/cli/apply/apply.d.ts +49 -0
package/dist/cli/apply/apply.js +333 -0
package/dist/cli/apply/apply.js.map +1 -0
package/dist/cli/apply/generate-memory-index.d.ts +17 -0
package/dist/cli/apply/generate-memory-index.js +167 -0
package/dist/cli/apply/generate-memory-index.js.map +1 -0
package/dist/cli/apply/generate-settings.d.ts +15 -0
package/dist/cli/apply/generate-settings.js +87 -0
package/dist/cli/apply/generate-settings.js.map +1 -0
package/dist/cli/apply/index.d.ts +1 -0
package/dist/cli/apply/index.js +2 -0
package/dist/cli/apply/index.js.map +1 -0
package/dist/cli/audit.d.ts +36 -0
package/dist/cli/audit.js +121 -0
package/dist/cli/audit.js.map +1 -0
package/dist/cli/describe.d.ts +13 -0
package/dist/cli/describe.js +26 -0
package/dist/cli/describe.js.map +1 -0
package/dist/cli/diff/engine.d.ts +21 -0
package/dist/cli/diff/engine.js +161 -0
package/dist/cli/diff/engine.js.map +1 -0
package/dist/cli/diff/git.d.ts +6 -0
package/dist/cli/diff/git.js +32 -0
package/dist/cli/diff/git.js.map +1 -0
package/dist/cli/diff/index.d.ts +15 -0
package/dist/cli/diff/index.js +39 -0
package/dist/cli/diff/index.js.map +1 -0
package/dist/cli/diff/since-apply.d.ts +57 -0
package/dist/cli/diff/since-apply.js +255 -0
package/dist/cli/diff/since-apply.js.map +1 -0
package/dist/cli/doctor/format.d.ts +2 -0
package/dist/cli/doctor/format.js +126 -0
package/dist/cli/doctor/format.js.map +1 -0
package/dist/cli/doctor/index.d.ts +14 -0
package/dist/cli/doctor/index.js +281 -0
package/dist/cli/doctor/index.js.map +1 -0
package/dist/cli/doctor/types.d.ts +46 -0
package/dist/cli/doctor/types.js +2 -0
package/dist/cli/doctor/types.js.map +1 -0
package/dist/cli/dry-run.d.ts +46 -0
package/dist/cli/dry-run.js +168 -0
package/dist/cli/dry-run.js.map +1 -0
package/dist/cli/exit-codes.d.ts +10 -0
package/dist/cli/exit-codes.js +15 -0
package/dist/cli/exit-codes.js.map +1 -0
package/dist/cli/explain.d.ts +14 -0
package/dist/cli/explain.js +97 -0
package/dist/cli/explain.js.map +1 -0
package/dist/cli/export.d.ts +31 -0
package/dist/cli/export.js +84 -0
package/dist/cli/export.js.map +1 -0
package/dist/cli/index.d.ts +8 -0
package/dist/cli/index.js +549 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/init/index.d.ts +17 -0
package/dist/cli/init/index.js +57 -0
package/dist/cli/init/index.js.map +1 -0
package/dist/cli/init/templates.d.ts +4 -0
package/dist/cli/init/templates.js +175 -0
package/dist/cli/init/templates.js.map +1 -0
package/dist/cli/list.d.ts +12 -0
package/dist/cli/list.js +118 -0
package/dist/cli/list.js.map +1 -0
package/dist/cli/loader.d.ts +24 -0
package/dist/cli/loader.js +74 -0
package/dist/cli/loader.js.map +1 -0
package/dist/cli/main.d.ts +2 -0
package/dist/cli/main.js +6 -0
package/dist/cli/main.js.map +1 -0
package/dist/cli/policy/intercept.d.ts +34 -0
package/dist/cli/policy/intercept.js +172 -0
package/dist/cli/policy/intercept.js.map +1 -0
package/dist/cli/remove/index.d.ts +18 -0
package/dist/cli/remove/index.js +95 -0
package/dist/cli/remove/index.js.map +1 -0
package/dist/cli/remove/mutate.d.ts +9 -0
package/dist/cli/remove/mutate.js +68 -0
package/dist/cli/remove/mutate.js.map +1 -0
package/dist/cli/validate/checks.d.ts +23 -0
package/dist/cli/validate/checks.js +253 -0
package/dist/cli/validate/checks.js.map +1 -0
package/dist/cli/validate/index.d.ts +18 -0
package/dist/cli/validate/index.js +50 -0
package/dist/cli/validate/index.js.map +1 -0
package/dist/cli/validate/types.d.ts +7 -0
package/dist/cli/validate/types.js +5 -0
package/dist/cli/validate/types.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.js +16 -0
package/dist/index.js.map +1 -0
package/dist/io/atomic-write.d.ts +8 -0
package/dist/io/atomic-write.js +30 -0
package/dist/io/atomic-write.js.map +1 -0
package/dist/io/harness-lock.d.ts +33 -0
package/dist/io/harness-lock.js +260 -0
package/dist/io/harness-lock.js.map +1 -0
package/dist/io/last-apply.d.ts +20 -0
package/dist/io/last-apply.js +123 -0
package/dist/io/last-apply.js.map +1 -0
package/dist/io/lock.d.ts +11 -0
package/dist/io/lock.js +33 -0
package/dist/io/lock.js.map +1 -0
package/dist/io/patch.d.ts +10 -0
package/dist/io/patch.js +8 -0
package/dist/io/patch.js.map +1 -0
package/dist/io/restart-hints.d.ts +5 -0
package/dist/io/restart-hints.js +59 -0
package/dist/io/restart-hints.js.map +1 -0
package/dist/io/three-state.d.ts +7 -0
package/dist/io/three-state.js +20 -0
package/dist/io/three-state.js.map +1 -0
package/dist/io/validate-before-write.d.ts +12 -0
package/dist/io/validate-before-write.js +23 -0
package/dist/io/validate-before-write.js.map +1 -0
package/dist/overrides/index.d.ts +2 -0
package/dist/overrides/index.js +3 -0
package/dist/overrides/index.js.map +1 -0
package/dist/overrides/machines.d.ts +12 -0
package/dist/overrides/machines.js +46 -0
package/dist/overrides/machines.js.map +1 -0
package/dist/overrides/merge.d.ts +6 -0
package/dist/overrides/merge.js +173 -0
package/dist/overrides/merge.js.map +1 -0
package/dist/policies/duration.d.ts +5 -0
package/dist/policies/duration.js +50 -0
package/dist/policies/duration.js.map +1 -0
package/dist/policies/extract.d.ts +50 -0
package/dist/policies/extract.js +190 -0
package/dist/policies/extract.js.map +1 -0
package/dist/policies/index.d.ts +5 -0
package/dist/policies/index.js +6 -0
package/dist/policies/index.js.map +1 -0
package/dist/policies/ledger-client.d.ts +39 -0
package/dist/policies/ledger-client.js +378 -0
package/dist/policies/ledger-client.js.map +1 -0
package/dist/policies/requires.d.ts +44 -0
package/dist/policies/requires.js +146 -0
package/dist/policies/requires.js.map +1 -0
package/dist/policies/timestamp.d.ts +14 -0
package/dist/policies/timestamp.js +36 -0
package/dist/policies/timestamp.js.map +1 -0
package/dist/probes/mcp.d.ts +29 -0
package/dist/probes/mcp.js +226 -0
package/dist/probes/mcp.js.map +1 -0
package/dist/probes/memory.d.ts +24 -0
package/dist/probes/memory.js +89 -0
package/dist/probes/memory.js.map +1 -0
package/dist/runtime/index.d.ts +3 -0
package/dist/runtime/index.js +4 -0
package/dist/runtime/index.js.map +1 -0
package/dist/runtime/intercept.d.ts +53 -0
package/dist/runtime/intercept.js +181 -0
package/dist/runtime/intercept.js.map +1 -0
package/dist/runtime/ledger-record.d.ts +43 -0
package/dist/runtime/ledger-record.js +239 -0
package/dist/runtime/ledger-record.js.map +1 -0
package/dist/runtime/session-id.d.ts +10 -0
package/dist/runtime/session-id.js +37 -0
package/dist/runtime/session-id.js.map +1 -0
package/dist/schema/extract.d.ts +5 -0
package/dist/schema/extract.js +23 -0
package/dist/schema/extract.js.map +1 -0
package/dist/schema/grounding.d.ts +65 -0
package/dist/schema/grounding.js +21 -0
package/dist/schema/grounding.js.map +1 -0
package/dist/schema/hooks.d.ts +86 -0
package/dist/schema/hooks.js +42 -0
package/dist/schema/hooks.js.map +1 -0
package/dist/schema/index.d.ts +961 -0
package/dist/schema/index.js +55 -0
package/dist/schema/index.js.map +1 -0
package/dist/schema/memory.d.ts +131 -0
package/dist/schema/memory.js +38 -0
package/dist/schema/memory.js.map +1 -0
package/dist/schema/policies.d.ts +412 -0
package/dist/schema/policies.js +53 -0
package/dist/schema/policies.js.map +1 -0
package/dist/schema/requires.d.ts +115 -0
package/dist/schema/requires.js +57 -0
package/dist/schema/requires.js.map +1 -0
package/dist/schema/tools.d.ts +283 -0
package/dist/schema/tools.js +66 -0
package/dist/schema/tools.js.map +1 -0
package/package.json +63 -0

package/dist/cli/policy/intercept.js ADDED Viewed

@@ -0,0 +1,172 @@
+// Phase 4 #5 — `harness policy intercept` CLI entrypoint.
+//
+// Wired by Claude Code's settings.json (regenerated by `harness apply`) as
+// the PreToolUse hook. Reads the event JSON from stdin, runs the runtime
+// interceptor, writes Claude Code's deny JSON to stdout on block.
+import { queryLedgerByTag, } from "../../policies/index.js";
+import { intercept, recordPolicyDecision, } from "../../runtime/index.js";
+import { loadManifest } from "../loader.js";
+async function readStdin(stream) {
+    return new Promise((resolve, reject) => {
+        let data = "";
+        stream.setEncoding("utf8");
+        stream.on("data", (chunk) => {
+            data += chunk;
+        });
+        stream.on("end", () => resolve(data));
+        stream.on("error", (err) => reject(err));
+    });
+}
+function findGroundingMcp(manifest) {
+    return manifest.tools.mcp.find((m) => m.name === "grounding-mcp") ?? null;
+}
+/**
+ * Phase 5 #3 — render a deny / warn-degraded decision as a stderr
+ * diagnostic block. Multiline, indented; each block is bounded by the
+ * policy name so concurrent fires (rare but possible) stay readable.
+ */
+function formatDecisionDiagnostic(decision) {
+    const header = `harness policy intercept: ${decision.policyName}: ${decision.outcome}${decision.outcome === "warn-degraded" ? " (ledger unreachable)" : ""}`;
+    const lines = [header];
+    lines.push(`  ledger_tag: ${decision.ledgerTag}`);
+    if (decision.requiresEval !== undefined) {
+        lines.push(`  matched: ${decision.requiresEval.matchedCount}`);
+    }
+    lines.push(`  reason: ${decision.reason}`);
+    const extractKeys = Object.keys(decision.extractValues);
+    if (extractKeys.length > 0) {
+        lines.push("  extract:");
+        for (const k of extractKeys.sort()) {
+            lines.push(`    ${k}=${decision.extractValues[k]}`);
+        }
+    }
+    return `${lines.join("\n")}\n`;
+}
+function isVerboseEnabled(opts) {
+    if (opts.verbose === true)
+        return true;
+    if (opts.verbose === false)
+        return false;
+    const env = process.env.HARNESS_POLICY_VERBOSE;
+    if (typeof env !== "string")
+        return false;
+    if (env.length === 0)
+        return false;
+    // Accept anything truthy except literal disable-words (case-insensitive).
+    return !/^(0|false|no|off)$/i.test(env.trim());
+}
+function realLedgerClient(server, opts) {
+    const command = Array.isArray(server.command)
+        ? server.command
+        : server.command.trim().split(/\s+/);
+    const env = server.env ?? undefined;
+    const timeoutMs = opts.ledgerTimeoutMs ?? server.health?.timeout_ms ?? 5_000;
+    return {
+        async query(_tag, sessionId) {
+            return queryLedgerByTag({
+                mcpCommand: command,
+                ...(env && { mcpEnv: env }),
+                sessionId,
+                timeoutMs,
+            });
+        },
+        async record(decision, sessionId) {
+            await recordPolicyDecision(decision, sessionId, {
+                mcpCommand: command,
+                ...(env && { mcpEnv: env }),
+                timeoutMs,
+            });
+        },
+    };
+}
+function degradedLedgerClient(reason) {
+    return {
+        async query() {
+            return { kind: "degraded", reason };
+        },
+        async record() {
+            /* no-op when ledger is unavailable */
+        },
+    };
+}
+export async function runInterceptCli(opts = {}) {
+    const stdin = opts.stdin ?? process.stdin;
+    const stdout = opts.stdout ?? process.stdout;
+    const stderr = opts.stderr ?? process.stderr;
+    const verbose = isVerboseEnabled(opts);
+    const raw = await readStdin(stdin);
+    let event;
+    try {
+        event = JSON.parse(raw.trim() || "{}");
+    }
+    catch (err) {
+        process.stderr.write(`harness policy intercept: malformed event JSON: ${err.message}\n`);
+        return { exitCode: 0, decisions: [], blocked: false };
+    }
+    let manifest;
+    try {
+        manifest = opts.manifest ?? loadManifest(opts).manifest;
+    }
+    catch (err) {
+        process.stderr.write(`harness policy intercept: manifest load failed: ${err.message}\n`);
+        return { exitCode: 0, decisions: [], blocked: false };
+    }
+    let ledger;
+    if (opts.ledger) {
+        ledger = opts.ledger;
+    }
+    else {
+        const server = findGroundingMcp(manifest);
+        ledger = server
+            ? realLedgerClient(server, opts)
+            : degradedLedgerClient("grounding-mcp not declared in manifest");
+    }
+    // For the SESSION_ID builtin we keep the empty-string fallback rather
+    // than routing through resolveSessionId (which lands on "default").
+    // Routing through "default" would silently bake the literal string
+    // into ledger_tag templates like `dogfood:${SESSION_ID}` →
+    // `dogfood:default`, which would substring-match anything in the
+    // shared "default" session — a worse failure mode than the current
+    // empty substitution. The empty path produces tags like `dogfood:`
+    // (substituteTemplate treats the registered "" value as a successful
+    // substitution since the key is hasOwnProperty-present, so this is
+    // NOT marked warn-degraded by the requires evaluator); the ledger
+    // query for that fire also lands on the resolveSessionId-derived
+    // session, so the asymmetry is acceptable in practice. Do NOT
+    // "simplify" by routing this through resolveSessionId.
+    // The env fallback is still applied so a Claude-Code-driven hook with
+    // a stripped event can pick up the active session.
+    const eventSessionId = typeof event.session_id === "string" ? event.session_id : undefined;
+    const builtinSessionId = eventSessionId ?? process.env.CLAUDE_SESSION_ID ?? "";
+    const builtins = {
+        SESSION_ID: builtinSessionId,
+        REPO: process.env.HARNESS_REPO ?? "",
+        BRANCH: process.env.HARNESS_BRANCH ?? "",
+        TOOL_NAME: typeof event.tool_name === "string" ? event.tool_name : "",
+        CWD: typeof event.cwd === "string" ? event.cwd : process.cwd(),
+    };
+    const result = await intercept({
+        manifest,
+        event,
+        ledger,
+        builtins,
+        ...(opts.ledgerTimeoutMs !== undefined && { ledgerTimeoutMs: opts.ledgerTimeoutMs }),
+        ...(opts.now && { now: opts.now }),
+    });
+    if (result.blockJson) {
+        stdout.write(`${JSON.stringify(result.blockJson)}\n`);
+    }
+    if (verbose) {
+        for (const decision of result.decisions) {
+            if (decision.outcome === "allow")
+                continue;
+            stderr.write(formatDecisionDiagnostic(decision));
+        }
+    }
+    return {
+        exitCode: 0,
+        decisions: result.decisions,
+        blocked: result.blockJson !== null,
+    };
+}
+//# sourceMappingURL=intercept.js.map

package/dist/cli/policy/intercept.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"intercept.js","sourceRoot":"","sources":["../../../src/cli/policy/intercept.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,2EAA2E;AAC3E,yEAAyE;AACzE,kEAAkE;AAElE,OAAO,EACL,gBAAgB,GAGjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,SAAS,EACT,oBAAoB,GAIrB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAgChE,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,QAAwB;IACxD,MAAM,MAAM,GAAG,6BAA6B,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,OAAO,GAClF,QAAQ,CAAC,OAAO,KAAK,eAAe,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,EACnE,EAAE,CAAC;IACH,MAAM,KAAK,GAAa,CAAC,MAAM,CAAC,CAAC;IACjC,KAAK,CAAC,IAAI,CAAC,iBAAiB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAyB;IACjD,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACvC,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAC/C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,0EAA0E;IAC1E,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAiB,EAAE,IAAyB;IACpE,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS;YACzB,OAAO,gBAAgB,CAAC;gBACtB,UAAU,EAAE,OAAO;gBACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;gBAC3B,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS;YAC9B,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE;gBAC9C,UAAU,EAAE,OAAO;gBACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;gBAC3B,SAAS;aACV,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IAC1C,OAAO;QACL,KAAK,CAAC,KAAK;YACT,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,MAAM;YACV,sCAAsC;QACxC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA4B,EAAE;IAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAgB,CAAC;IACrB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAc,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mDAAoD,GAAa,CAAC,OAAO,IAAI,CAC9E,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mDAAoD,GAAa,CAAC,OAAO,IAAI,CAC9E,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,MAAoB,CAAC;IACzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,GAAG,MAAM;YACb,CAAC,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YAChC,CAAC,CAAC,oBAAoB,CAAC,wCAAwC,CAAC,CAAC;IACrE,CAAC;IAED,sEAAsE;IACtE,oEAAoE;IACpE,mEAAmE;IACnE,2DAA2D;IAC3D,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,qEAAqE;IACrE,mEAAmE;IACnE,kEAAkE;IAClE,iEAAiE;IACjE,8DAA8D;IAC9D,uDAAuD;IACvD,sEAAsE;IACtE,mDAAmD;IACnD,MAAM,cAAc,GAAG,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3F,MAAM,gBAAgB,GAAG,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAC/E,MAAM,QAAQ,GAAG;QACf,UAAU,EAAE,gBAAgB;QAC5B,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE;QACpC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE;QACxC,SAAS,EAAE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACrE,GAAG,EAAE,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;KAC/D,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;QAC7B,QAAQ;QACR,KAAK;QACL,MAAM;QACN,QAAQ;QACR,GAAG,CAAC,IAAI,CAAC,eAAe,KAAK,SAAS,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC;QACpF,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO;gBAAE,SAAS;YAC3C,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,SAAS,KAAK,IAAI;KACnC,CAAC;AACJ,CAAC"}

package/dist/cli/remove/index.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { type RemoveType } from "./mutate.js";
+export interface RemoveOptions {
+    configPath?: string;
+    homeDir?: string;
+    dryRun?: boolean;
+    force?: boolean;
+}
+export interface RemoveResult {
+    path: string;
+    type: RemoveType;
+    name: string;
+    diff: string;
+    applied: boolean;
+    forcedReferences: string[];
+}
+export declare function remove(type: RemoveType, name: string, opts?: RemoveOptions): Promise<RemoveResult>;
+export declare const KNOWN_REMOVE_TYPES: RemoveType[];
+export declare function isRemoveType(s: string): s is RemoveType;

package/dist/cli/remove/index.js ADDED Viewed

@@ -0,0 +1,95 @@
+import * as fs from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+import { parse as parseYaml } from "yaml";
+import { atomicWriteFile } from "../../io/atomic-write.js";
+import { withFileLock } from "../../io/lock.js";
+import { unifiedDiff } from "../../io/patch.js";
+import { formatValidationErrors, validateBeforeWrite, } from "../../io/validate-before-write.js";
+import { EX_FAIL, EX_NOINPUT, HarnessExitError } from "../exit-codes.js";
+import { applyRemove, planRemove } from "./mutate.js";
+const DEFAULT_BASENAME = "harness.yaml";
+const LOCK_BASENAME = ".harness.lock";
+function resolveTargetPath(opts) {
+    if (opts.configPath)
+        return path.resolve(opts.configPath);
+    return path.join(opts.homeDir ?? path.join(os.homedir(), ".claude"), DEFAULT_BASENAME);
+}
+function formatNameList(names) {
+    if (names.length === 0)
+        return "(none declared)";
+    return names.map((n) => `  - ${n}`).join("\n");
+}
+export async function remove(type, name, opts = {}) {
+    const target = resolveTargetPath(opts);
+    if (!fs.existsSync(target)) {
+        throw new HarnessExitError(`harness manifest not found at ${target}; run \`harness init\` first`, EX_NOINPUT);
+    }
+    const original = fs.readFileSync(target, "utf8");
+    const plan = planRemove(original, type, name);
+    if (!plan.found) {
+        throw new HarnessExitError(`${type} entry "${name}" not found. Available ${type} entries:\n${formatNameList(plan.availableNames)}`, EX_FAIL);
+    }
+    if (plan.referencingPolicies.length > 0 && !opts.force) {
+        const refList = plan.referencingPolicies.map((p) => `"${p}"`).join(", ");
+        const verb = plan.referencingPolicies.length === 1 ? "policy" : "policies";
+        throw new HarnessExitError(`${verb} ${refList} reference${plan.referencingPolicies.length === 1 ? "s" : ""} this hook; remove the ${verb} first or pass --force`, EX_FAIL);
+    }
+    const proposed = applyRemove(original, type, name);
+    const diff = unifiedDiff({
+        fileName: path.basename(target),
+        oldText: original,
+        newText: proposed,
+        oldHeader: "current",
+        newHeader: "proposed",
+    });
+    // Schema gate. With --force on a referenced hook, the resulting manifest
+    // contains a dangling policy.hook reference, which the schema rejects.
+    // That refusal is the contract: --force does not let you ship a broken
+    // manifest, it just tells remove to skip the human-readable hook-reference
+    // pre-check. The actual safety net is the schema, which still fires.
+    const schemaResult = validateBeforeWrite(parseYaml(proposed));
+    if (!schemaResult.ok) {
+        throw new HarnessExitError(`proposed manifest fails schema validation:\n${formatValidationErrors(schemaResult.errors)}`, EX_FAIL);
+    }
+    if (opts.dryRun) {
+        // forcedReferences is informational on dry-run: it shows the user which
+        // policies would have been overridden if the schema gate did not refuse.
+        // On the write path below it is always [] because --force on a referenced
+        // hook never reaches that point — the schema rejects the dangling reference.
+        return {
+            path: target,
+            type,
+            name,
+            diff,
+            applied: false,
+            forcedReferences: opts.force ? plan.referencingPolicies : [],
+        };
+    }
+    const lockPath = path.join(path.dirname(target), LOCK_BASENAME);
+    await withFileLock(lockPath, () => {
+        const current = fs.readFileSync(target, "utf8");
+        const next = applyRemove(current, type, name);
+        const recheck = validateBeforeWrite(parseYaml(next));
+        if (!recheck.ok) {
+            throw new HarnessExitError(`proposed manifest fails schema validation after lock acquisition:\n${formatValidationErrors(recheck.errors)}`, EX_FAIL);
+        }
+        atomicWriteFile(target, next);
+    });
+    return {
+        path: target,
+        type,
+        name,
+        diff,
+        applied: true,
+        // Always [] on the write path — schema gate rejects --force on a referenced
+        // hook, so the only way to reach here with --force is when there are no
+        // referencing policies to begin with.
+        forcedReferences: [],
+    };
+}
+export const KNOWN_REMOVE_TYPES = ["mcp", "cli", "skill", "hook"];
+export function isRemoveType(s) {
+    return KNOWN_REMOVE_TYPES.includes(s);
+}
+//# sourceMappingURL=index.js.map

package/dist/cli/remove/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/cli/remove/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAmB,MAAM,aAAa,CAAC;AAkBvE,MAAM,gBAAgB,GAAG,cAAc,CAAC;AACxC,MAAM,aAAa,GAAG,eAAe,CAAC;AAEtC,SAAS,iBAAiB,CAAC,IAAmB;IAC5C,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,EAAE,gBAAgB,CAAC,CAAC;AACzF,CAAC;AAED,SAAS,cAAc,CAAC,KAAe;IACrC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,iBAAiB,CAAC;IACjD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,IAAgB,EAChB,IAAY,EACZ,OAAsB,EAAE;IAExB,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,gBAAgB,CACxB,iCAAiC,MAAM,8BAA8B,EACrE,UAAU,CACX,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE9C,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,IAAI,gBAAgB,CACxB,GAAG,IAAI,WAAW,IAAI,0BAA0B,IAAI,cAAc,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,EACvG,OAAO,CACR,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;QAC3E,MAAM,IAAI,gBAAgB,CACxB,GAAG,IAAI,IAAI,OAAO,aAAa,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,0BAA0B,IAAI,wBAAwB,EACrI,OAAO,CACR,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,WAAW,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC/B,OAAO,EAAE,QAAQ;QACjB,OAAO,EAAE,QAAQ;QACjB,SAAS,EAAE,SAAS;QACpB,SAAS,EAAE,UAAU;KACtB,CAAC,CAAC;IAEH,yEAAyE;IACzE,uEAAuE;IACvE,uEAAuE;IACvE,2EAA2E;IAC3E,qEAAqE;IACrE,MAAM,YAAY,GAAG,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9D,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,MAAM,IAAI,gBAAgB,CACxB,+CAA+C,sBAAsB,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,EAC5F,OAAO,CACR,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,6EAA6E;QAC7E,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,IAAI;YACJ,IAAI;YACJ,IAAI;YACJ,OAAO,EAAE,KAAK;YACd,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE;SAC7D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC;IAChE,MAAM,YAAY,CAAC,QAAQ,EAAE,GAAG,EAAE;QAChC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,mBAAmB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,gBAAgB,CACxB,sEAAsE,sBAAsB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAC9G,OAAO,CACR,CAAC;QACJ,CAAC;QACD,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,IAAI;QACJ,IAAI;QACJ,IAAI;QACJ,OAAO,EAAE,IAAI;QACb,4EAA4E;QAC5E,wEAAwE;QACxE,sCAAsC;QACtC,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;AAEhF,MAAM,UAAU,YAAY,CAAC,CAAS;IACpC,OAAQ,kBAA+B,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC"}

package/dist/cli/remove/mutate.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export type RemoveType = "mcp" | "cli" | "skill" | "hook";
+export interface RemovePlan {
+    found: boolean;
+    availableNames: string[];
+    /** For type=hook only: the policies that reference this hook. */
+    referencingPolicies: string[];
+}
+export declare function planRemove(yamlText: string, type: RemoveType, name: string): RemovePlan;
+export declare function applyRemove(yamlText: string, type: RemoveType, name: string): string;

package/dist/cli/remove/mutate.js ADDED Viewed

@@ -0,0 +1,68 @@
+import { isMap, isScalar, isSeq, parseDocument } from "yaml";
+const TYPE_TO_PATH = {
+    mcp: ["tools", "mcp"],
+    cli: ["tools", "cli"],
+    skill: ["tools", "skills", "enabled"],
+    hook: ["hooks"],
+};
+export function planRemove(yamlText, type, name) {
+    const doc = parseDocument(yamlText);
+    const list = doc.getIn(TYPE_TO_PATH[type]);
+    const availableNames = listEntryNames(list, type);
+    const found = availableNames.includes(name);
+    const referencingPolicies = type === "hook" ? findPoliciesReferencingHook(doc, name) : [];
+    return { found, availableNames, referencingPolicies };
+}
+export function applyRemove(yamlText, type, name) {
+    const doc = parseDocument(yamlText);
+    const list = doc.getIn(TYPE_TO_PATH[type]);
+    if (!isSeq(list)) {
+        throw new Error(`expected a YAML sequence at ${TYPE_TO_PATH[type].join(".")}, found none`);
+    }
+    const idx = list.items.findIndex((item) => entryNameOf(item, type) === name);
+    if (idx < 0) {
+        throw new Error(`${type} entry "${name}" not found`);
+    }
+    list.items.splice(idx, 1);
+    return doc.toString({ flowCollectionPadding: false, lineWidth: 0 });
+}
+function listEntryNames(list, type) {
+    if (!isSeq(list))
+        return [];
+    return list.items
+        .map((item) => entryNameOf(item, type))
+        .filter((s) => typeof s === "string");
+}
+function entryNameOf(item, type) {
+    if (type === "skill") {
+        if (isScalar(item) && typeof item.value === "string")
+            return item.value;
+        if (typeof item === "string")
+            return item;
+        return undefined;
+    }
+    if (isMap(item)) {
+        const n = item.get("name");
+        if (typeof n === "string")
+            return n;
+    }
+    return undefined;
+}
+function findPoliciesReferencingHook(doc, hookName) {
+    const policies = doc.get("policies");
+    if (!isSeq(policies))
+        return [];
+    const refs = [];
+    for (const item of policies.items) {
+        if (!isMap(item))
+            continue;
+        const hook = item.get("hook");
+        if (typeof hook === "string" && hook === hookName) {
+            const name = item.get("name");
+            if (typeof name === "string")
+                refs.push(name);
+        }
+    }
+    return refs;
+}
+//# sourceMappingURL=mutate.js.map

package/dist/cli/remove/mutate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mutate.js","sourceRoot":"","sources":["../../../src/cli/remove/mutate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAiB,MAAM,MAAM,CAAC;AAI5E,MAAM,YAAY,GAA0C;IAC1D,GAAG,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC;IACrB,GAAG,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC;IACrB,KAAK,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,CAAC;IACrC,IAAI,EAAE,CAAC,OAAO,CAAC;CAChB,CAAC;AASF,MAAM,UAAU,UAAU,CACxB,QAAgB,EAChB,IAAgB,EAChB,IAAY;IAEZ,MAAM,GAAG,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,mBAAmB,GACvB,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,2BAA2B,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAChE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,mBAAmB,EAAE,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,QAAgB,EAChB,IAAgB,EAChB,IAAY;IAEZ,MAAM,GAAG,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,+BAA+B,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC;IAC7E,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,WAAW,IAAI,aAAa,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC1B,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,qBAAqB,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,cAAc,CAAC,IAAa,EAAE,IAAgB;IACrD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IAC5B,OAAO,IAAI,CAAC,KAAK;SACd,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;SACtC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,IAAa,EAAE,IAAgB;IAClD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC;QACxE,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAChB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,2BAA2B,CAClC,GAAoB,EACpB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/cli/validate/checks.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { Manifest } from "../../schema/index.js";
+import type { Diagnostic } from "./types.js";
+export interface CheckOptions {
+    homeDir?: string;
+    pathEnv?: string;
+    builtinRuntimeProbe?: () => string[];
+    versionProbe?: (cmd: string[]) => string | null;
+}
+declare function expandHome(p: string, home: string): string;
+declare function isRootedPath(p: string): boolean;
+declare function firstToken(command: string): string;
+declare function resolveOnPath(binary: string, pathEnv: string): string | null;
+declare function compareVersions(actual: string, required: string): number;
+export declare function runAssetChecks(manifest: Manifest, opts?: CheckOptions): Diagnostic[];
+export declare const __testables: {
+    expandHome: typeof expandHome;
+    isRootedPath: typeof isRootedPath;
+    firstToken: typeof firstToken;
+    compareVersions: typeof compareVersions;
+    resolveOnPath: typeof resolveOnPath;
+    DEFAULT_RUNTIME_BUILTINS: string[];
+};
+export {};

package/dist/cli/validate/checks.js ADDED Viewed

@@ -0,0 +1,253 @@
+import * as fs from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+const DEFAULT_RUNTIME_BUILTINS = [
+    "Read",
+    "Edit",
+    "Write",
+    "Bash",
+    "Agent",
+    "Skill",
+    "TaskCreate",
+    "Glob",
+    "Grep",
+];
+function expandHome(p, home) {
+    if (p === "~")
+        return home;
+    if (p.startsWith("~/"))
+        return path.join(home, p.slice(2));
+    return p;
+}
+function isRootedPath(p) {
+    return path.isAbsolute(p) || p === "~" || p.startsWith("~/");
+}
+function firstToken(command) {
+    return command.trim().split(/\s+/)[0] ?? "";
+}
+function isExecutable(filePath) {
+    try {
+        fs.accessSync(filePath, fs.constants.X_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function statOrNull(filePath) {
+    try {
+        return fs.statSync(filePath);
+    }
+    catch {
+        return null;
+    }
+}
+function resolveOnPath(binary, pathEnv) {
+    if (binary.includes(path.sep) || path.isAbsolute(binary))
+        return null;
+    const segments = pathEnv.split(path.delimiter).filter(Boolean);
+    for (const seg of segments) {
+        const candidate = path.join(seg, binary);
+        if (fs.existsSync(candidate) && isExecutable(candidate))
+            return candidate;
+    }
+    return null;
+}
+const SEMVER_RE = /(\d+(?:\.\d+){0,3})/;
+function compareVersions(actual, required) {
+    const a = actual.split(".").map((n) => Number.parseInt(n, 10));
+    const r = required.split(".").map((n) => Number.parseInt(n, 10));
+    const len = Math.max(a.length, r.length);
+    for (let i = 0; i < len; i++) {
+        const ai = a[i] ?? 0;
+        const ri = r[i] ?? 0;
+        if (Number.isNaN(ai) || Number.isNaN(ri))
+            return 0;
+        if (ai > ri)
+            return 1;
+        if (ai < ri)
+            return -1;
+    }
+    return 0;
+}
+function checkMcp(manifest, home) {
+    const diags = [];
+    manifest.tools.mcp.forEach((mcp) => {
+        const cmdArr = Array.isArray(mcp.command) ? mcp.command : mcp.command.trim().split(/\s+/);
+        const first = cmdArr[0] ?? "";
+        if (!isRootedPath(first))
+            return;
+        const resolved = expandHome(first, home);
+        const stat = statOrNull(resolved);
+        if (!stat) {
+            diags.push({
+                severity: "error",
+                path: `tools.mcp[${mcp.name}].command`,
+                message: `path does not exist: ${resolved}`,
+            });
+        }
+    });
+    return diags;
+}
+function checkCli(manifest, opts) {
+    const diags = [];
+    const pathEnv = opts.pathEnv ?? process.env.PATH ?? "";
+    const versionProbe = opts.versionProbe ?? (() => null);
+    manifest.tools.cli.forEach((cli) => {
+        let resolved;
+        if (path.isAbsolute(cli.binary)) {
+            resolved = fs.existsSync(cli.binary) && isExecutable(cli.binary) ? cli.binary : null;
+        }
+        else {
+            resolved = resolveOnPath(cli.binary, pathEnv);
+        }
+        if (!resolved) {
+            diags.push({
+                severity: cli.required ? "error" : "warning",
+                path: `tools.cli[${cli.name}].binary`,
+                message: cli.required
+                    ? `required binary not found: ${cli.binary}`
+                    : `binary not found on PATH: ${cli.binary}`,
+            });
+            return;
+        }
+        if (!cli.min_version)
+            return;
+        const versionCommand = cli.version_command ?? [resolved, "--version"];
+        const stdout = versionProbe(versionCommand);
+        if (stdout === null) {
+            diags.push({
+                severity: "warning",
+                path: `tools.cli[${cli.name}].min_version`,
+                message: `version probe failed for ${versionCommand.join(" ")}`,
+            });
+            return;
+        }
+        const match = stdout.match(SEMVER_RE);
+        if (!match || !match[1]) {
+            diags.push({
+                severity: "warning",
+                path: `tools.cli[${cli.name}].min_version`,
+                message: `could not parse a version from "${stdout.trim()}"`,
+            });
+            return;
+        }
+        if (compareVersions(match[1], cli.min_version) < 0) {
+            diags.push({
+                severity: "error",
+                path: `tools.cli[${cli.name}].min_version`,
+                message: `installed version ${match[1]} is less than required ${cli.min_version}`,
+            });
+        }
+    });
+    return diags;
+}
+function checkSkills(manifest, home) {
+    const diags = [];
+    const required = manifest.tools.skills.required ?? [];
+    if (required.length === 0)
+        return diags;
+    for (const skillName of required) {
+        let found = false;
+        for (const dir of manifest.tools.skills.source_dirs) {
+            const expanded = expandHome(dir, home);
+            const candidate = path.join(expanded, skillName, "SKILL.md");
+            if (fs.existsSync(candidate)) {
+                found = true;
+                break;
+            }
+        }
+        if (!found) {
+            diags.push({
+                severity: "error",
+                path: `tools.skills.required[${skillName}]`,
+                message: `SKILL.md not found in any tools.skills.source_dirs entry`,
+            });
+        }
+    }
+    return diags;
+}
+function checkHooks(manifest, home) {
+    const diags = [];
+    manifest.hooks.forEach((hook) => {
+        const first = firstToken(hook.command);
+        if (!isRootedPath(first))
+            return;
+        const resolved = expandHome(first, home);
+        const stat = statOrNull(resolved);
+        if (!stat) {
+            diags.push({
+                severity: "error",
+                path: `hooks[${hook.name}].command`,
+                message: `path does not exist: ${resolved}`,
+            });
+            return;
+        }
+        if (!stat.isFile()) {
+            diags.push({
+                severity: "error",
+                path: `hooks[${hook.name}].command`,
+                message: `not a regular file: ${resolved}`,
+            });
+            return;
+        }
+        if (!isExecutable(resolved)) {
+            diags.push({
+                severity: "error",
+                path: `hooks[${hook.name}].command`,
+                message: `not executable (chmod +x): ${resolved}`,
+            });
+        }
+    });
+    return diags;
+}
+function checkBuiltinDrift(manifest, opts) {
+    const probe = opts.builtinRuntimeProbe ?? (() => DEFAULT_RUNTIME_BUILTINS);
+    const runtime = probe();
+    const known = new Set(manifest.tools.builtin.known);
+    const diags = [];
+    for (const r of runtime) {
+        if (!known.has(r)) {
+            diags.push({
+                severity: "warning",
+                path: `tools.builtin.known`,
+                message: `runtime advertises built-in "${r}" but the manifest does not list it`,
+            });
+        }
+    }
+    return diags;
+}
+function checkPolicyGroundingMcp(manifest) {
+    if (manifest.policies.length === 0)
+        return [];
+    const wired = manifest.tools.mcp.some((m) => m.name === "grounding-mcp");
+    if (wired)
+        return [];
+    return [
+        {
+            severity: "warning",
+            path: "policies",
+            message: "policies declared but grounding-mcp not wired: every policy will fire in degraded warn-mode at runtime; see docs/ARCHITECTURE.md §6",
+        },
+    ];
+}
+export function runAssetChecks(manifest, opts = {}) {
+    const home = opts.homeDir ?? os.homedir();
+    return [
+        ...checkMcp(manifest, home),
+        ...checkCli(manifest, opts),
+        ...checkSkills(manifest, home),
+        ...checkHooks(manifest, home),
+        ...checkBuiltinDrift(manifest, opts),
+        ...checkPolicyGroundingMcp(manifest),
+    ];
+}
+export const __testables = {
+    expandHome,
+    isRootedPath,
+    firstToken,
+    compareVersions,
+    resolveOnPath,
+    DEFAULT_RUNTIME_BUILTINS,
+};
+//# sourceMappingURL=checks.js.map