@lannguyensi/harness 0.5.0

package/dist/cli/init/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/cli/init/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EACL,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,WAAW,EAAqB,MAAM,gBAAgB,CAAC;AAiBhE,MAAM,gBAAgB,GAAG,cAAc,CAAC;AACxC,MAAM,aAAa,GAAG,eAAe,CAAC;AAEtC,SAAS,WAAW,CAAC,IAAiB;IACpC,OAAO,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAiB;IAC1C,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAoB,EAAE;IAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAiB,IAAI,CAAC,QAAQ,IAAI,SAAS,CAAC;IAC1D,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IAEtC,2EAA2E;IAC3E,uEAAuE;IACvE,MAAM,UAAU,GAAG,mBAAmB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;QACnB,MAAM,IAAI,gBAAgB,CACxB,aAAa,QAAQ,yBAAyB,sBAAsB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,EACzF,WAAW,CACZ,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC;IAChE,yEAAyE;IACzE,2DAA2D;IAC3D,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,MAAM,YAAY,CAAC,QAAQ,EAAE,GAAG,EAAE;QAChC,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAC1B,MAAM,IAAI,gBAAgB,CACxB,sCAAsC,MAAM,6BAA6B,EACzE,OAAO,CACR,CAAC;QACJ,CAAC;QACD,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,qCAAqC,MAAM,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9E,MAAM,MAAM,GAAG;QACb,+BAA+B,MAAM,eAAe,QAAQ,GAAG;QAC/D,EAAE;QACF,aAAa;QACb,+BAA+B,MAAM,EAAE;QACvC,+BAA+B,MAAM,EAAE;QACvC,+BAA+B,MAAM,EAAE;QACvC,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAEnE,MAAM,UAAU,UAAU,CAAC,CAAS;IAClC,OAAQ,eAA4B,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC"}

package/dist/cli/init/templates.d.ts

@@ -0,0 +1,4 @@
+export declare const MINIMAL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template minimal`.\n#\n# This is the empty-but-valid manifest. Run `harness validate` to confirm it\n# parses, then add entries under the five top-level keys:\n#\n#   grounding:  evidence-ledger + claim-gate config (see docs/ARCHITECTURE.md \u00A72)\n#   tools:      mcp / cli / skills / builtin inventory   (\u00A73)\n#   memory:     directories, retention, scopes           (\u00A74)\n#   hooks:      event-bound shell commands               (\u00A75)\n#   policies:   named rules that bind hooks to triggers  (\u00A76)\n#\n# Phase 2 verbs to add entries safely: `harness add mcp <name> ...`,\n# `harness add cli`, `harness add hook`, `harness add skill`.\n# Per-machine overrides live at ~/.claude/machines/<discriminator>.harness.overrides.yaml\n# (ARCHITECTURE.md \u00A78) for paths that vary per host.\n#\n# Docs: https://github.com/LanNguyenSi/harness\n\nversion: 1\n";
+export declare const FULL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template full`. Mirrors the example manifest\n# from docs/ARCHITECTURE.md Appendix A. Paths under `command:` reference the\n# developer machine that authored Appendix A \u2014 adapt them to your host (or\n# move host-specific paths to ~/.claude/machines/<hostname>.harness.overrides.yaml\n# per ARCHITECTURE.md \u00A78) before running `harness validate`.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n  policies_source: ~/.claude/harness.d/policies/claim-gate.yaml\n\ntools:\n  mcp:\n    - name: codebase-oracle\n      command: [npx, tsx, ~/git/pandora/codebase-oracle/src/mcp-server.ts]\n      health:\n        verb: oracle_list_repos\n        timeout_ms: 5000\n      enabled: true\n    - name: agent-tasks\n      command: [node, ~/git/pandora/agent-tasks/mcp-server/dist/server.js]\n      env:\n        AGENT_TASKS_URL: https://agent-tasks.opentriologue.ai\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      command: [node, ~/git/pandora/agent-grounding/packages/grounding-mcp/dist/server.js]\n      env:\n        EVIDENCE_LEDGER_DB: ~/.evidence-ledger/ledger.db\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n\n  cli:\n    - name: git-batch\n      binary: git-batch\n      min_version: \"0.2.0\"\n      required: true\n    - name: gh\n      binary: gh\n      required: true\n    - name: ledger\n      binary: ledger\n      required: false\n\n  skills:\n    enabled:\n      - simplify\n      - init\n      - review\n      - security-review\n    source_dirs:\n      - ~/.claude/skills\n\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: git-preflight\n    event: SessionStart\n    command: ~/.claude/hooks/git-preflight.sh\n    blocking: false\n    budget_ms: 30000\n    description: \"Run agent-preflight on session start; record ready + confidence into the ledger as preflight:${REPO}.\"\n\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    command: ~/.claude/hooks/require-review-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-dogfood-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    command: ~/.claude/hooks/require-dogfood-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: \"^git (status|log|diff|branch)\"\n    command: ~/.claude/hooks/require-preflight-evidence.sh\n    blocking: hard\n    budget_ms: 1000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n\n  - name: dogfood-before-release\n    description: Block npm publish / git tag v* without a recent dogfood ledger entry.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^(npm publish|git tag v.*)\"\n    requires:\n      ledger_tag: \"dogfood:${SESSION_ID}\"\n      within: 24h\n    hook: require-dogfood-evidence\n    enforcement: block\n\n  - name: preflight-before-investigation\n    description: Block investigative git reads (status/log/diff/branch) when agent-preflight has not run recently with ready:true for the current repo.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^git (status|log|diff|branch)\"\n    requires:\n      ledger_tag: \"preflight:${REPO}\"\n      within: 1h\n    hook: require-preflight-evidence\n    enforcement: block\n";
+export type TemplateName = "minimal" | "full";
+export declare function getTemplate(name: TemplateName): string;

package/dist/cli/init/templates.js

@@ -0,0 +1,175 @@
+export const MINIMAL_TEMPLATE = `# ~/.claude/harness.yaml
+#
+# Bootstrapped by \`harness init --template minimal\`.
+#
+# This is the empty-but-valid manifest. Run \`harness validate\` to confirm it
+# parses, then add entries under the five top-level keys:
+#
+#   grounding:  evidence-ledger + claim-gate config (see docs/ARCHITECTURE.md §2)
+#   tools:      mcp / cli / skills / builtin inventory   (§3)
+#   memory:     directories, retention, scopes           (§4)
+#   hooks:      event-bound shell commands               (§5)
+#   policies:   named rules that bind hooks to triggers  (§6)
+#
+# Phase 2 verbs to add entries safely: \`harness add mcp <name> ...\`,
+# \`harness add cli\`, \`harness add hook\`, \`harness add skill\`.
+# Per-machine overrides live at ~/.claude/machines/<discriminator>.harness.overrides.yaml
+# (ARCHITECTURE.md §8) for paths that vary per host.
+#
+# Docs: https://github.com/LanNguyenSi/harness
+
+version: 1
+`;
+export const FULL_TEMPLATE = `# ~/.claude/harness.yaml
+#
+# Bootstrapped by \`harness init --template full\`. Mirrors the example manifest
+# from docs/ARCHITECTURE.md Appendix A. Paths under \`command:\` reference the
+# developer machine that authored Appendix A — adapt them to your host (or
+# move host-specific paths to ~/.claude/machines/<hostname>.harness.overrides.yaml
+# per ARCHITECTURE.md §8) before running \`harness validate\`.
+
+version: 1
+
+grounding:
+  session:
+    auto_start: true
+    id_format: "gs-{repo}-{rand:8}"
+  evidence_ledger:
+    path: ~/.evidence-ledger/ledger.db
+    retention_days: 90
+  policies_source: ~/.claude/harness.d/policies/claim-gate.yaml
+
+tools:
+  mcp:
+    - name: codebase-oracle
+      command: [npx, tsx, ~/git/pandora/codebase-oracle/src/mcp-server.ts]
+      health:
+        verb: oracle_list_repos
+        timeout_ms: 5000
+      enabled: true
+    - name: agent-tasks
+      command: [node, ~/git/pandora/agent-tasks/mcp-server/dist/server.js]
+      env:
+        AGENT_TASKS_URL: https://agent-tasks.opentriologue.ai
+      health:
+        verb: projects_list
+        timeout_ms: 5000
+      enabled: true
+    - name: grounding-mcp
+      command: [node, ~/git/pandora/agent-grounding/packages/grounding-mcp/dist/server.js]
+      env:
+        EVIDENCE_LEDGER_DB: ~/.evidence-ledger/ledger.db
+      health:
+        verb: ledger_status
+        timeout_ms: 5000
+      enabled: true
+
+  cli:
+    - name: git-batch
+      binary: git-batch
+      min_version: "0.2.0"
+      required: true
+    - name: gh
+      binary: gh
+      required: true
+    - name: ledger
+      binary: ledger
+      required: false
+
+  skills:
+    enabled:
+      - simplify
+      - init
+      - review
+      - security-review
+    source_dirs:
+      - ~/.claude/skills
+
+  builtin:
+    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate]
+
+memory:
+  directories:
+    - path: ~/.claude/projects/{project}/memory
+      scope: project
+  router:
+    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]
+    enabled: true
+  retention:
+    staleness_days: 180
+    broken_refs: warn
+  scopes:
+    default: project
+    allowed: [project, user]
+
+hooks:
+  - name: git-preflight
+    event: SessionStart
+    command: ~/.claude/hooks/git-preflight.sh
+    blocking: false
+    budget_ms: 30000
+    description: "Run agent-preflight on session start; record ready + confidence into the ledger as preflight:\${REPO}."
+
+  - name: require-review-evidence
+    event: PreToolUse
+    match: "mcp__agent-tasks__pull_requests_merge"
+    command: ~/.claude/hooks/require-review-evidence.sh
+    blocking: hard
+    budget_ms: 2000
+
+  - name: require-dogfood-evidence
+    event: PreToolUse
+    match: "Bash"
+    command: ~/.claude/hooks/require-dogfood-evidence.sh
+    blocking: hard
+    budget_ms: 2000
+
+  - name: require-preflight-evidence
+    event: PreToolUse
+    match: "Bash"
+    bash_match: "^git (status|log|diff|branch)"
+    command: ~/.claude/hooks/require-preflight-evidence.sh
+    blocking: hard
+    budget_ms: 1000
+
+policies:
+  - name: review-before-merge
+    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.
+    trigger:
+      event: PreToolUse
+      match: "mcp__agent-tasks__pull_requests_merge"
+      extract:
+        PR_NUMBER: "toolArgs.prNumber"
+    requires:
+      ledger_tag: "review:\${PR_NUMBER}"
+    hook: require-review-evidence
+    enforcement: block
+
+  - name: dogfood-before-release
+    description: Block npm publish / git tag v* without a recent dogfood ledger entry.
+    trigger:
+      event: PreToolUse
+      match: "Bash"
+      bash_match: "^(npm publish|git tag v.*)"
+    requires:
+      ledger_tag: "dogfood:\${SESSION_ID}"
+      within: 24h
+    hook: require-dogfood-evidence
+    enforcement: block
+
+  - name: preflight-before-investigation
+    description: Block investigative git reads (status/log/diff/branch) when agent-preflight has not run recently with ready:true for the current repo.
+    trigger:
+      event: PreToolUse
+      match: "Bash"
+      bash_match: "^git (status|log|diff|branch)"
+    requires:
+      ledger_tag: "preflight:\${REPO}"
+      within: 1h
+    hook: require-preflight-evidence
+    enforcement: block
+`;
+export function getTemplate(name) {
+    return name === "full" ? FULL_TEMPLATE : MINIMAL_TEMPLATE;
+}
+//# sourceMappingURL=templates.js.map

package/dist/cli/init/templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/cli/init/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;CAqB/B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoJ5B,CAAC;AAIF,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC5C,OAAO,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAC5D,CAAC"}

package/dist/cli/list.d.ts

@@ -0,0 +1,12 @@
+import { type LoaderOptions } from "./loader.js";
+export type ListCategory = "mcp" | "cli" | "skills" | "memories" | "hooks" | "policies";
+export declare function isListCategory(s: string): s is ListCategory;
+export interface ListOptions extends LoaderOptions {
+    filter?: string;
+    json?: boolean;
+}
+export interface ListResult {
+    output: string;
+    rows: Record<string, unknown>[];
+}
+export declare function list(category: ListCategory, opts?: ListOptions): ListResult;

package/dist/cli/list.js

@@ -0,0 +1,118 @@
+import { inspectMemory } from "../probes/memory.js";
+import { loadManifest } from "./loader.js";
+const CATEGORIES = [
+    "mcp",
+    "cli",
+    "skills",
+    "memories",
+    "hooks",
+    "policies",
+];
+export function isListCategory(s) {
+    return CATEGORIES.includes(s);
+}
+function applyFilter(rows, filter) {
+    if (!filter)
+        return rows;
+    const needle = filter.toLowerCase();
+    return rows.filter((r) => {
+        const haystack = (r.name ?? r.path ?? "").toString().toLowerCase();
+        return haystack.includes(needle);
+    });
+}
+function buildMcpRows(manifest) {
+    return manifest.tools.mcp.map((m) => ({
+        name: m.name,
+        enabled: m.enabled !== false,
+        health_verb: m.health?.verb ?? null,
+        timeout_ms: m.health?.timeout_ms ?? null,
+        command: Array.isArray(m.command) ? m.command.join(" ") : m.command,
+    }));
+}
+function buildCliRows(manifest) {
+    return manifest.tools.cli.map((c) => ({
+        name: c.name,
+        binary: c.binary,
+        required: !!c.required,
+        min_version: c.min_version ?? null,
+    }));
+}
+function buildSkillRows(manifest) {
+    const required = new Set(manifest.tools.skills.required ?? []);
+    return manifest.tools.skills.enabled.map((name) => ({
+        name,
+        required: required.has(name),
+    }));
+}
+function buildMemoryRows(manifest, opts) {
+    const report = inspectMemory(manifest, {
+        homeDir: opts.homeDir,
+        project: opts.project,
+    });
+    const out = [];
+    for (const dir of report.directories) {
+        out.push({
+            path: dir.path,
+            scope: dir.scope,
+            exists: dir.exists,
+            stale_count: report.staleMemories.filter((s) => s.path.startsWith(dir.path)).length,
+        });
+    }
+    return out;
+}
+function buildHookRows(manifest) {
+    return manifest.hooks.map((h) => ({
+        name: h.name,
+        event: h.event,
+        blocking: h.blocking === false ? "false" : h.blocking,
+        match: h.match ?? null,
+        command: h.command,
+    }));
+}
+function buildPolicyRows(manifest) {
+    return manifest.policies.map((p) => ({
+        name: p.name,
+        enforcement: p.enforcement,
+        event: p.trigger.event,
+        hook: p.hook,
+        requires_tag: p.requires.ledger_tag,
+    }));
+}
+function buildRows(category, manifest, opts) {
+    switch (category) {
+        case "mcp":
+            return buildMcpRows(manifest);
+        case "cli":
+            return buildCliRows(manifest);
+        case "skills":
+            return buildSkillRows(manifest);
+        case "memories":
+            return buildMemoryRows(manifest, opts);
+        case "hooks":
+            return buildHookRows(manifest);
+        case "policies":
+            return buildPolicyRows(manifest);
+    }
+}
+function renderText(rows) {
+    if (rows.length === 0)
+        return "(no entries)\n";
+    const headers = Object.keys(rows[0]);
+    const widths = headers.map((h) => Math.max(h.length, ...rows.map((r) => String(r[h] ?? "").length)));
+    const pad = (s, w) => s.padEnd(w, " ");
+    const lines = [];
+    lines.push(headers.map((h, i) => pad(h, widths[i])).join("  "));
+    lines.push(headers.map((_, i) => "-".repeat(widths[i])).join("  "));
+    for (const row of rows) {
+        lines.push(headers.map((h, i) => pad(String(row[h] ?? ""), widths[i])).join("  "));
+    }
+    return `${lines.join("\n")}\n`;
+}
+export function list(category, opts = {}) {
+    const { manifest } = loadManifest(opts);
+    const all = buildRows(category, manifest, opts);
+    const rows = applyFilter(all, opts.filter);
+    const output = opts.json ? `${JSON.stringify(rows, null, 2)}\n` : renderText(rows);
+    return { output, rows };
+}
+//# sourceMappingURL=list.js.map

package/dist/cli/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/cli/list.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,OAAO,EAAE,YAAY,EAAsB,MAAM,aAAa,CAAC;AAI/D,MAAM,UAAU,GAA4B;IAC1C,KAAK;IACL,KAAK;IACL,QAAQ;IACR,UAAU;IACV,OAAO;IACP,UAAU;CACX,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,OAAQ,UAAgC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACvD,CAAC;AAYD,SAAS,WAAW,CAClB,IAAS,EACT,MAA0B;IAE1B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACvB,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,WAAW,EAAE,CAAC;QACnE,OAAO,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,QAAkB;IACtC,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,OAAO,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK;QAC5B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,IAAI,IAAI;QACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,UAAU,IAAI,IAAI;QACxC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO;KACpE,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,YAAY,CAAC,QAAkB;IACtC,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ;QACtB,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,IAAI;KACnC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,QAAkB;IACxC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAC/D,OAAO,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAClD,IAAI;QACJ,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;KAC7B,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,QAAkB,EAAE,IAAiB;IAC5D,MAAM,MAAM,GAAG,aAAa,CAAC,QAAQ,EAAE;QACrC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC,CAAC;IACH,MAAM,GAAG,GAA8B,EAAE,CAAC;IAC1C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACrC,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;SACpF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,QAAkB;IACvC,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,QAAQ,EAAE,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ;QACrD,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,IAAI;QACtB,OAAO,EAAE,CAAC,CAAC,OAAO;KACnB,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,QAAkB;IACzC,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK;QACtB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,UAAU;KACpC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,SAAS,CAAC,QAAsB,EAAE,QAAkB,EAAE,IAAiB;IAC9E,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK;YACR,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;QAChC,KAAK,KAAK;YACR,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;QAChC,KAAK,QAAQ;YACX,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC;QAClC,KAAK,UAAU;YACb,OAAO,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACzC,KAAK,OAAO;YACV,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAC;QACjC,KAAK,UAAU;YACb,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,IAA+B;IACjD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/B,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAClE,CAAC;IACF,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACxE,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,QAAsB,EAAE,OAAoB,EAAE;IACjE,MAAM,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACnF,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC"}

package/dist/cli/loader.d.ts

@@ -0,0 +1,24 @@
+import { type DiscriminatorOptions } from "../overrides/machines.js";
+import { type Manifest } from "../schema/index.js";
+export interface LoaderOptions {
+    configPath?: string;
+    project?: string;
+    homeDir?: string;
+    discriminator?: DiscriminatorOptions;
+}
+export interface ResolvedPaths {
+    base: string;
+    machineLayers: string[];
+    projectLayer: string | null;
+}
+export interface LoadedManifest {
+    manifest: Manifest;
+    resolved: ResolvedPaths;
+}
+export interface LoadedRaw {
+    mergedRaw: unknown;
+    resolved: ResolvedPaths;
+}
+export declare function resolvePaths(opts?: LoaderOptions): ResolvedPaths;
+export declare function loadMergedRaw(opts?: LoaderOptions): LoadedRaw;
+export declare function loadManifest(opts?: LoaderOptions): LoadedManifest;

package/dist/cli/loader.js

@@ -0,0 +1,74 @@
+import * as fs from "node:fs";
+import * as os from "node:os";
+import * as path from "node:path";
+import { parse as parseYaml } from "yaml";
+import { applyLayers } from "../overrides/merge.js";
+import { machineOverrideCandidates, resolveMachineDiscriminators, } from "../overrides/machines.js";
+import { ManifestParseError, parseManifest } from "../schema/index.js";
+import { EX_NOINPUT, HarnessExitError } from "./exit-codes.js";
+const DEFAULT_BASENAME = "harness.yaml";
+function defaultHome(opts) {
+    return opts.homeDir ?? path.join(os.homedir(), ".claude");
+}
+export function resolvePaths(opts = {}) {
+    const home = defaultHome(opts);
+    const base = opts.configPath ?? path.join(home, DEFAULT_BASENAME);
+    const machinesDir = path.join(home, "machines");
+    const candidates = machineOverrideCandidates(resolveMachineDiscriminators(opts.discriminator ?? {}));
+    const machineLayers = [];
+    for (const c of candidates) {
+        const candidatePath = path.join(machinesDir, `${c}.harness.overrides.yaml`);
+        if (fs.existsSync(candidatePath))
+            machineLayers.push(candidatePath);
+    }
+    let projectLayer = null;
+    if (opts.project) {
+        const projectPath = path.join(home, "projects", opts.project, "harness.overrides.yaml");
+        if (fs.existsSync(projectPath))
+            projectLayer = projectPath;
+    }
+    return { base, machineLayers, projectLayer };
+}
+function readYamlFile(filePath, label) {
+    let raw;
+    try {
+        raw = fs.readFileSync(filePath, "utf8");
+    }
+    catch (err) {
+        if (err.code === "ENOENT") {
+            throw new HarnessExitError(`${label} not found: ${filePath}`, EX_NOINPUT);
+        }
+        throw new HarnessExitError(`${label} could not be read: ${err.message}`, EX_NOINPUT);
+    }
+    try {
+        return parseYaml(raw);
+    }
+    catch (err) {
+        throw new HarnessExitError(`${label} is not valid YAML (${filePath}): ${err.message}`, EX_NOINPUT);
+    }
+}
+export function loadMergedRaw(opts = {}) {
+    const resolved = resolvePaths(opts);
+    const baseRaw = readYamlFile(resolved.base, "manifest");
+    const machineLayers = resolved.machineLayers.map((p, i) => readYamlFile(p, `machine override layer ${i + 1}`));
+    const projectLayer = resolved.projectLayer
+        ? readYamlFile(resolved.projectLayer, "project override layer")
+        : undefined;
+    const mergedRaw = applyLayers(baseRaw, ...machineLayers, projectLayer);
+    return { mergedRaw, resolved };
+}
+export function loadManifest(opts = {}) {
+    const { mergedRaw, resolved } = loadMergedRaw(opts);
+    let manifest;
+    try {
+        manifest = parseManifest(mergedRaw);
+    }
+    catch (err) {
+        if (err instanceof ManifestParseError) {
+            throw new HarnessExitError(err.message, EX_NOINPUT);
+        }
+        throw err;
+    }
+    return { manifest, resolved };
+}
+//# sourceMappingURL=loader.js.map

package/dist/cli/loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/cli/loader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,yBAAyB,EACzB,4BAA4B,GAE7B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAiB,MAAM,oBAAoB,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAyB/D,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAExC,SAAS,WAAW,CAAC,IAAmB;IACtC,OAAO,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAsB,EAAE;IACnD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG,yBAAyB,CAC1C,4BAA4B,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CACvD,CAAC;IACF,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAC5E,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAC3B,IAAI,EACJ,UAAU,EACV,IAAI,CAAC,OAAO,EACZ,wBAAwB,CACzB,CAAC;QACF,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,YAAY,GAAG,WAAW,CAAC;IAC7D,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB,EAAE,KAAa;IACnD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAI,gBAAgB,CACxB,GAAG,KAAK,eAAe,QAAQ,EAAE,EACjC,UAAU,CACX,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,gBAAgB,CACxB,GAAG,KAAK,uBAAwB,GAAa,CAAC,OAAO,EAAE,EACvD,UAAU,CACX,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,gBAAgB,CACxB,GAAG,KAAK,uBAAuB,QAAQ,MAAO,GAAa,CAAC,OAAO,EAAE,EACrE,UAAU,CACX,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAsB,EAAE;IACpD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAEpC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACxD,YAAY,CAAC,CAAC,EAAE,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC,CACnD,CAAC;IACF,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY;QACxC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,YAAY,EAAE,wBAAwB,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,EAAE,GAAG,aAAa,EAAE,YAAY,CAAC,CAAC;IACvE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAsB,EAAE;IACnD,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACpD,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,kBAAkB,EAAE,CAAC;YACtC,MAAM,IAAI,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC"}

package/dist/cli/main.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli/main.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import { run } from "./index.js";
+run().then((code) => {
+    process.exit(code);
+});
+//# sourceMappingURL=main.js.map

package/dist/cli/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AAEjC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;IAClB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC,CAAC,CAAC"}

package/dist/cli/policy/intercept.d.ts

@@ -0,0 +1,34 @@
+import { type LedgerEntry } from "../../policies/index.js";
+import { type LedgerClient, type PolicyDecision } from "../../runtime/index.js";
+import type { Manifest } from "../../schema/index.js";
+import { type LoaderOptions } from "../loader.js";
+export interface InterceptCliOptions extends LoaderOptions {
+    /** Defaults to process.stdin. */
+    stdin?: NodeJS.ReadableStream;
+    /** Defaults to process.stdout. */
+    stdout?: NodeJS.WritableStream;
+    /** Defaults to process.stderr. */
+    stderr?: NodeJS.WritableStream;
+    /** Override timeout per ledger call. */
+    ledgerTimeoutMs?: number;
+    /** Override "now" for deterministic tests. */
+    now?: Date;
+    /** Inject a fake ledger client (tests). */
+    ledger?: LedgerClient;
+    /** Inject the resolved manifest (tests). */
+    manifest?: Manifest;
+    /**
+     * When true (or `HARNESS_POLICY_VERBOSE` env is truthy), emit a
+     * human-readable diagnostic block to stderr for each non-allow
+     * decision. stdout is unaffected, so Claude Code's deny JSON contract
+     * is preserved. Phase 5 #3 — opt-in only.
+     */
+    verbose?: boolean;
+}
+export interface InterceptCliResult {
+    exitCode: number;
+    decisions: PolicyDecision[];
+    blocked: boolean;
+}
+export declare function runInterceptCli(opts?: InterceptCliOptions): Promise<InterceptCliResult>;
+export type { LedgerEntry };