@lannguyensi/harness 0.7.0 → 0.8.0

package/dist/schema/permission-profiles.js

@@ -0,0 +1,60 @@
+// Phase 6 #5 — permission-profile schema.
+//
+// A permission profile is a named bundle of action-keyed permission rules
+// that policy packs can declare. Action keys are abstract (read / edit /
+// bash / commit / push / pr / deploy) so a single profile can target
+// multiple agent runtimes; the runtime adapter translates them to the
+// actual tool patterns at apply time.
+//
+// `requires:` on a profile action is reserved for future runtime-aware
+// gating (Phase 6 #5 follow-up): when present, it composes with the
+// existing `policies:` evaluator. v1 parses it through the schema
+// without firing it at runtime; that wiring lands in a sister sub-task.
+import { z } from "zod";
+import { RequiresSchema } from "./requires.js";
+export const PERMISSION_ACTION_KEYS = [
+    "read",
+    "edit",
+    "bash",
+    "commit",
+    "push",
+    "pr",
+    "deploy",
+];
+export const PermissionAllowSchema = z.enum([
+    "true",
+    "false",
+    "ask",
+    "limited",
+    "ask_or_deny",
+]);
+export const PermissionRuleSchema = z
+    .object({
+    allow: z.union([z.boolean(), PermissionAllowSchema]).transform((v) => {
+        if (v === true)
+            return "true";
+        if (v === false)
+            return "false";
+        return v;
+    }),
+    mode: z.string().min(1).optional(),
+    requires: RequiresSchema.optional(),
+})
+    .strict();
+const ActionMap = z.object({
+    read: PermissionRuleSchema.optional(),
+    edit: PermissionRuleSchema.optional(),
+    bash: PermissionRuleSchema.optional(),
+    commit: PermissionRuleSchema.optional(),
+    push: PermissionRuleSchema.optional(),
+    pr: PermissionRuleSchema.optional(),
+    deploy: PermissionRuleSchema.optional(),
+}).strict();
+export const PermissionProfileSchema = z
+    .object({
+    description: z.string().min(1).optional(),
+    actions: ActionMap.default({}),
+})
+    .strict();
+export const PermissionProfilesSchema = z.record(z.string().min(1), PermissionProfileSchema);
+//# sourceMappingURL=permission-profiles.js.map

package/dist/schema/permission-profiles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-profiles.js","sourceRoot":"","sources":["../../src/schema/permission-profiles.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,qEAAqE;AACrE,sEAAsE;AACtE,sCAAsC;AACtC,EAAE;AACF,uEAAuE;AACvE,oEAAoE;AACpE,kEAAkE;AAClE,wEAAwE;AAExE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,MAAM;IACN,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,IAAI;IACJ,QAAQ;CACA,CAAC;AAGX,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC1C,MAAM;IACN,OAAO;IACP,KAAK;IACL,SAAS;IACT,aAAa;CACd,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE;QACnE,IAAI,CAAC,KAAK,IAAI;YAAE,OAAO,MAAyB,CAAC;QACjD,IAAI,CAAC,KAAK,KAAK;YAAE,OAAO,OAA0B,CAAC;QACnD,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;IACF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;CACpC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IACzB,IAAI,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IACrC,IAAI,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IACrC,IAAI,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IACrC,MAAM,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IACvC,IAAI,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IACrC,EAAE,EAAE,oBAAoB,CAAC,QAAQ,EAAE;IACnC,MAAM,EAAE,oBAAoB,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC;KACrC,MAAM,CAAC;IACN,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzC,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;CAC/B,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAC9C,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EACjB,uBAAuB,CACxB,CAAC"}

package/dist/schema/policy-packs.d.ts

@@ -0,0 +1,52 @@
+import { z } from "zod";
+export declare const PolicyPackSchema: z.ZodObject<{
+    name: z.ZodString;
+    source: z.ZodDefault<z.ZodString>;
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    description: z.ZodOptional<z.ZodString>;
+    config: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strict", z.ZodTypeAny, {
+    name: string;
+    enabled: boolean;
+    source: string;
+    config: Record<string, unknown>;
+    description?: string | undefined;
+}, {
+    name: string;
+    description?: string | undefined;
+    enabled?: boolean | undefined;
+    source?: string | undefined;
+    config?: Record<string, unknown> | undefined;
+}>;
+export declare const PolicyPacksSchema: z.ZodEffects<z.ZodArray<z.ZodObject<{
+    name: z.ZodString;
+    source: z.ZodDefault<z.ZodString>;
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    description: z.ZodOptional<z.ZodString>;
+    config: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strict", z.ZodTypeAny, {
+    name: string;
+    enabled: boolean;
+    source: string;
+    config: Record<string, unknown>;
+    description?: string | undefined;
+}, {
+    name: string;
+    description?: string | undefined;
+    enabled?: boolean | undefined;
+    source?: string | undefined;
+    config?: Record<string, unknown> | undefined;
+}>, "many">, {
+    name: string;
+    enabled: boolean;
+    source: string;
+    config: Record<string, unknown>;
+    description?: string | undefined;
+}[], {
+    name: string;
+    description?: string | undefined;
+    enabled?: boolean | undefined;
+    source?: string | undefined;
+    config?: Record<string, unknown> | undefined;
+}[]>;
+export type PolicyPack = z.infer<typeof PolicyPackSchema>;

package/dist/schema/policy-packs.js

@@ -0,0 +1,35 @@
+import { z } from "zod";
+// Pack `name` is consumed as a path component when `harness pack remove
+// --force` cleans up `harness.generated/policy-packs/<name>/`, so it must
+// not contain `/`, `..`, or anything else that would escape the policy-
+// packs subtree. Constrain to alphanumeric + dash + underscore + dot,
+// must start with an alphanumeric. This matches the canonical builtin
+// (`understanding-before-execution`) and is friendly to future names like
+// `safe-shell.v2`.
+const PACK_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9._-]*$/;
+export const PolicyPackSchema = z
+    .object({
+    name: z
+        .string()
+        .min(1)
+        .regex(PACK_NAME_RE, "policy_pack name must start with an alphanumeric and contain only [A-Za-z0-9._-]; path separators are rejected"),
+    source: z.string().min(1).default("builtin"),
+    enabled: z.boolean().default(true),
+    description: z.string().min(1).optional(),
+    config: z.record(z.string().min(1), z.unknown()).default({}),
+})
+    .strict();
+export const PolicyPacksSchema = z.array(PolicyPackSchema).superRefine((packs, ctx) => {
+    const seen = new Set();
+    packs.forEach((pack, i) => {
+        if (seen.has(pack.name)) {
+            ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: [i, "name"],
+                message: `duplicate policy_pack name: ${pack.name}`,
+            });
+        }
+        seen.add(pack.name);
+    });
+});
+//# sourceMappingURL=policy-packs.js.map

package/dist/schema/policy-packs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-packs.js","sourceRoot":"","sources":["../../src/schema/policy-packs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,wEAAwE;AACxE,0EAA0E;AAC1E,wEAAwE;AACxE,sEAAsE;AACtE,sEAAsE;AACtE,0EAA0E;AAC1E,mBAAmB;AACnB,MAAM,YAAY,GAAG,8BAA8B,CAAC;AAEpD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC;KAC9B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC;SACJ,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,KAAK,CACJ,YAAY,EACZ,gHAAgH,CACjH;IACH,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC5C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CAC7D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IACpF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC;gBACjB,OAAO,EAAE,+BAA+B,IAAI,CAAC,IAAI,EAAE;aACpD,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/schema/tools.d.ts

@@ -51,16 +51,16 @@ export declare const CliToolSchema: z.ZodObject<{
     required: z.ZodDefault<z.ZodBoolean>;
 }, "strict", z.ZodTypeAny, {
     name: string;
-    binary: string;
     required: boolean;
+    binary: string;
     min_version?: string | undefined;
     version_command?: string[] | undefined;
 }, {
     name: string;
     binary: string;
+    required?: boolean | undefined;
     min_version?: string | undefined;
     version_command?: string[] | undefined;
-    required?: boolean | undefined;
 }>;
 export declare const SkillsSchema: z.ZodEffects<z.ZodObject<{
     enabled: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
@@ -133,16 +133,16 @@ export declare const ToolsSchema: z.ZodEffects<z.ZodObject<{
         required: z.ZodDefault<z.ZodBoolean>;
     }, "strict", z.ZodTypeAny, {
         name: string;
-        binary: string;
         required: boolean;
+        binary: string;
         min_version?: string | undefined;
         version_command?: string[] | undefined;
     }, {
         name: string;
         binary: string;
+        required?: boolean | undefined;
         min_version?: string | undefined;
         version_command?: string[] | undefined;
-        required?: boolean | undefined;
     }>, "many">>;
     skills: z.ZodDefault<z.ZodEffects<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
@@ -188,8 +188,8 @@ export declare const ToolsSchema: z.ZodEffects<z.ZodObject<{
     }[];
     cli: {
         name: string;
-        binary: string;
         required: boolean;
+        binary: string;
         min_version?: string | undefined;
         version_command?: string[] | undefined;
     }[];
@@ -215,9 +215,9 @@ export declare const ToolsSchema: z.ZodEffects<z.ZodObject<{
     cli?: {
         name: string;
         binary: string;
+        required?: boolean | undefined;
         min_version?: string | undefined;
         version_command?: string[] | undefined;
-        required?: boolean | undefined;
     }[] | undefined;
     skills?: {
         enabled?: string[] | undefined;
@@ -240,8 +240,8 @@ export declare const ToolsSchema: z.ZodEffects<z.ZodObject<{
     }[];
     cli: {
         name: string;
-        binary: string;
         required: boolean;
+        binary: string;
         min_version?: string | undefined;
         version_command?: string[] | undefined;
     }[];
@@ -267,9 +267,9 @@ export declare const ToolsSchema: z.ZodEffects<z.ZodObject<{
     cli?: {
         name: string;
         binary: string;
+        required?: boolean | undefined;
         min_version?: string | undefined;
         version_command?: string[] | undefined;
-        required?: boolean | undefined;
     }[] | undefined;
     skills?: {
         enabled?: string[] | undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lannguyensi/harness",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Declarative control plane for agent harnesses — one YAML for grounding, tools, memory, and hooks.",
   "license": "MIT",
   "homepage": "https://github.com/LanNguyenSi/harness",