@lannguyensi/harness 0.8.1 → 0.9.1

package/dist/cli/init/interactive.d.ts

@@ -0,0 +1,30 @@
+import { select, confirm, input } from "@inquirer/prompts";
+import { type InitResult } from "./index.js";
+export type ProfileChoice = "solo" | "team" | "custom";
+export interface InteractivePrompts {
+    select: typeof select;
+    confirm: typeof confirm;
+    input: typeof input;
+}
+export interface RunInteractiveOptions {
+    /** Override homedir for detection + write target. */
+    homeDir?: string;
+    /** Dependency-injection seam for tests. */
+    prompts?: InteractivePrompts;
+    stdout?: (s: string) => void;
+    stderr?: (s: string) => void;
+    /** Force-confirm overwrite of existing manifest. Real users go through
+     * the prompt; tests can pre-set this. */
+    forceOverwrite?: boolean;
+}
+export interface InteractiveResult {
+    /** True if the operator (or a Ctrl-C / decline) bailed out. No write happened. */
+    aborted: boolean;
+    /** The init result, if a write happened. */
+    init?: InitResult;
+    /** The profile the operator chose, if not aborted. */
+    profile?: ProfileChoice;
+    /** Whether `harness validate` reported zero errors after the write. */
+    validateClean?: boolean;
+}
+export declare function runInteractive(opts?: RunInteractiveOptions): Promise<InteractiveResult>;

package/dist/cli/init/interactive.js

@@ -0,0 +1,178 @@
+// Interactive wizard for `harness init --interactive` (task c5287b80,
+// PR split 3/3). Sequential Q&A via `@inquirer/prompts`. Composes the
+// detection module (PR 1) and the profile templates (PR 2).
+//
+// Design notes:
+//
+// - Prompts are dependency-injected via the InteractivePrompts shape so
+//   tests can drive the wizard with synchronous mock answers. The
+//   default values come from the @inquirer/prompts package.
+// - Ctrl-C from inquirer surfaces as an `ExitPromptError` with a name
+//   matching `/ExitPrompt|aborted/i`. The wizard catches it, prints an
+//   abort line to stderr, and returns `aborted:true` WITHOUT calling
+//   `init()`. No partial manifest is ever written.
+// - The wizard never invokes `harness apply` itself. It prints the
+//   suggested command and lets the operator decide. This is a
+//   deliberate scope-cut for v1 (per the task description's
+//   out-of-scope list).
+// - Acceptance criterion "fresh ~/.claude/ produces a valid harness.yaml":
+//   we delegate writing to the existing `init()` so the same atomic
+//   write + file-lock + post-write validate path is reused. The wizard
+//   is essentially a UI for picking the `--template` value.
+import { select, confirm, input } from "@inquirer/prompts";
+import * as path from "node:path";
+import { EX_FAIL, HarnessExitError } from "../exit-codes.js";
+import { detect } from "./detect.js";
+import { init } from "./index.js";
+import { validate } from "../validate/index.js";
+const DEFAULT_PROMPTS = { select, confirm, input };
+function isAbortError(err) {
+    if (!(err instanceof Error))
+        return false;
+    return /ExitPrompt|aborted|cancel/i.test(err.name) || /force.?closed/i.test(err.message);
+}
+function summariseDetection(d) {
+    const lines = ["Environment probe:"];
+    for (const r of d.runtimes) {
+        const status = r.homeExists ? (r.settingsExists ? "configured" : "home only") : "not found";
+        lines.push(`  ${r.name.padEnd(12)} ${status} (${r.home})`);
+    }
+    lines.push(`  manifest    ${d.manifest.exists ? "present" : "absent"} (${d.manifest.path})`);
+    if (d.mcpServers.length > 0) {
+        lines.push(`  MCP wired   ${d.mcpServers.map((s) => s.name).join(", ")}`);
+    }
+    else {
+        lines.push(`  MCP wired   (none detected in Claude settings.json)`);
+    }
+    lines.push(`  harness     v${d.harness.version}`);
+    return lines.join("\n");
+}
+function profileNeedsAgentTasks(profile) {
+    return profile === "team";
+}
+function detectionHasAgentTasks(d) {
+    return d.mcpServers.some((s) => s.name === "agent-tasks");
+}
+export async function runInteractive(opts = {}) {
+    const prompts = opts.prompts ?? DEFAULT_PROMPTS;
+    const stderr = opts.stderr ?? ((s) => process.stderr.write(s));
+    const stdout = opts.stdout ?? ((s) => process.stdout.write(s));
+    let detection;
+    try {
+        detection = await detect({ ...(opts.homeDir !== undefined && { homeDir: opts.homeDir }) });
+    }
+    catch (err) {
+        throw new HarnessExitError(`detection failed before wizard could start: ${err.message}`, EX_FAIL);
+    }
+    stderr(`${summariseDetection(detection)}\n\n`);
+    try {
+        if (detection.manifest.exists && !opts.forceOverwrite) {
+            const overwrite = await prompts.confirm({
+                message: `A manifest already exists at ${detection.manifest.path}. Overwrite it?`,
+                default: false,
+            });
+            if (!overwrite) {
+                stderr("Aborted: existing manifest left untouched.\n");
+                return { aborted: true };
+            }
+        }
+        const profile = (await prompts.select({
+            message: "Pick a setup profile",
+            choices: [
+                {
+                    name: "Solo  (memory-router + understanding-before-execution)",
+                    value: "solo",
+                    description: "Single-operator baseline. No agent-tasks loop, no merge gate.",
+                },
+                {
+                    name: "Team  (Solo + agent-tasks MCP + review-before-merge policy)",
+                    value: "team",
+                    description: "Adds the merge gate that blocks PR merges without a review ledger entry.",
+                },
+                {
+                    name: "Custom (advanced, bail out and hand-edit)",
+                    value: "custom",
+                    description: "Print the install layout and exit. Run `harness init --template full` to get the full reference manifest and edit it directly.",
+                },
+            ],
+        }));
+        if (profile === "custom") {
+            stderr([
+                "Custom profile selected. The interactive wizard does not yet build",
+                "manifests à la carte. Run `harness init --template full` to land",
+                "the full Appendix A manifest, then hand-edit it. Detection results",
+                "above tell you what the harness already sees in your environment.",
+                "",
+            ].join("\n"));
+            return { aborted: true, profile };
+        }
+        if (profileNeedsAgentTasks(profile) && !detectionHasAgentTasks(detection)) {
+            const proceed = await prompts.confirm({
+                message: "The Team profile wires the agent-tasks MCP, but no agent-tasks server is wired in Claude's settings.json yet. The hooks will still be written, but you will need to wire agent-tasks (or run `harness apply`) before they fire. Proceed?",
+                default: true,
+            });
+            if (!proceed) {
+                stderr("Aborted: Team profile declined because agent-tasks is not yet wired.\n");
+                return { aborted: true, profile };
+            }
+        }
+        const defaultMemoryDir = path.join(detection.runtimes[0]?.home ?? "~/.claude", "projects", "{project}", "memory");
+        const memoryDir = await prompts.input({
+            message: "Memory directory pattern (use {project} for the per-project slug)",
+            default: defaultMemoryDir,
+        });
+        if (memoryDir.trim() === "") {
+            stderr("Aborted: memory directory left empty.\n");
+            return { aborted: true, profile };
+        }
+        const confirmWrite = await prompts.confirm({
+            message: `Write harness.yaml to ${detection.manifest.path}?`,
+            default: true,
+        });
+        if (!confirmWrite) {
+            stderr("Aborted: declined to write manifest.\n");
+            return { aborted: true, profile };
+        }
+        // `custom` was handled above with an early return, so the remaining
+        // value is one of the two real TemplateName entries.
+        //
+        // Path semantics are deliberately split: detect() treats `homeDir`
+        // as the user's $HOME and synthesizes `.claude` from it, while
+        // init() treats `homeDir` as the .claude directory itself. Bridge
+        // by passing the .claude path explicitly when the caller overrides
+        // homeDir (test scenarios). When unset, both fall back to their own
+        // defaults from os.homedir().
+        const initOpts = {
+            template: profile,
+            force: detection.manifest.exists,
+        };
+        if (opts.homeDir !== undefined) {
+            initOpts.homeDir = path.join(opts.homeDir, ".claude");
+        }
+        const initResult = await init(initOpts);
+        if (initResult.stderr)
+            stderr(initResult.stderr);
+        stdout(initResult.stdout);
+        const v = validate({ configPath: initResult.path });
+        const validateClean = v.errorCount === 0;
+        stderr(`\nharness validate: ${v.errorCount} error(s), ${v.warningCount} warning(s)\n`);
+        for (const d of v.diagnostics) {
+            stderr(`  [${d.severity}] ${d.path}: ${d.message}\n`);
+        }
+        if (validateClean) {
+            stderr(`\nNext: \`harness apply --runtime claude-code\` to wire ~/.claude/settings.json. The wizard does not run apply for you; review the generated manifest first.\n`);
+        }
+        else {
+            stderr(`\nValidate reported errors. Fix the manifest before running \`harness apply\`.\n`);
+        }
+        return { aborted: false, profile, init: initResult, validateClean };
+    }
+    catch (err) {
+        if (isAbortError(err)) {
+            stderr("Aborted: Ctrl-C received during prompt; no manifest written.\n");
+            return { aborted: true };
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=interactive.js.map

package/dist/cli/init/interactive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive.js","sourceRoot":"","sources":["../../../src/cli/init/interactive.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,sEAAsE;AACtE,4DAA4D;AAC5D,EAAE;AACF,gBAAgB;AAChB,EAAE;AACF,wEAAwE;AACxE,kEAAkE;AAClE,4DAA4D;AAC5D,sEAAsE;AACtE,uEAAuE;AACvE,qEAAqE;AACrE,mDAAmD;AACnD,mEAAmE;AACnE,8DAA8D;AAC9D,4DAA4D;AAC5D,wBAAwB;AACxB,2EAA2E;AAC3E,oEAAoE;AACpE,uEAAuE;AACvE,4DAA4D;AAE5D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAwB,MAAM,aAAa,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAmB,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAiChD,MAAM,eAAe,GAAuB,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAEvE,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,4BAA4B,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAkB;IAC5C,MAAM,KAAK,GAAa,CAAC,oBAAoB,CAAC,CAAC;IAC/C,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QAC5F,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7F,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;IACtE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAsB;IACpD,OAAO,OAAO,KAAK,MAAM,CAAC;AAC5B,CAAC;AAED,SAAS,sBAAsB,CAAC,CAAkB;IAChD,OAAO,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAA8B,EAAE;IAEhC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvE,IAAI,SAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,MAAM,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC7F,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,gBAAgB,CACxB,+CAAgD,GAAa,CAAC,OAAO,EAAE,EACvE,OAAO,CACR,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE/C,IAAI,CAAC;QACH,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACtD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC;gBACtC,OAAO,EAAE,gCAAgC,SAAS,CAAC,QAAQ,CAAC,IAAI,iBAAiB;gBACjF,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YACH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,CAAC,8CAA8C,CAAC,CAAC;gBACvD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC;YACpC,OAAO,EAAE,sBAAsB;YAC/B,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,wDAAwD;oBAC9D,KAAK,EAAE,MAAM;oBACb,WAAW,EAAE,+DAA+D;iBAC7E;gBACD;oBACE,IAAI,EAAE,6DAA6D;oBACnE,KAAK,EAAE,MAAM;oBACb,WAAW,EAAE,0EAA0E;iBACxF;gBACD;oBACE,IAAI,EAAE,2CAA2C;oBACjD,KAAK,EAAE,QAAQ;oBACf,WAAW,EACT,gIAAgI;iBACnI;aACF;SACF,CAAC,CAAkB,CAAC;QAErB,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzB,MAAM,CACJ;gBACE,oEAAoE;gBACpE,kEAAkE;gBAClE,oEAAoE;gBACpE,mEAAmE;gBACnE,EAAE;aACH,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;QAED,IAAI,sBAAsB,CAAC,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC;gBACpC,OAAO,EACL,0OAA0O;gBAC5O,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,CAAC,wEAAwE,CAAC,CAAC;gBACjF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YACpC,CAAC;QACH,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAClH,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;YACpC,OAAO,EAAE,mEAAmE;YAC5E,OAAO,EAAE,gBAAgB;SAC1B,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC5B,MAAM,CAAC,yCAAyC,CAAC,CAAC;YAClD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC;YACzC,OAAO,EAAE,yBAAyB,SAAS,CAAC,QAAQ,CAAC,IAAI,GAAG;YAC5D,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,CAAC,wCAAwC,CAAC,CAAC;YACjD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;QAED,oEAAoE;QACpE,qDAAqD;QACrD,EAAE;QACF,mEAAmE;QACnE,+DAA+D;QAC/D,kEAAkE;QAClE,mEAAmE;QACnE,oEAAoE;QACpE,8BAA8B;QAC9B,MAAM,QAAQ,GAAoE;YAChF,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,SAAS,CAAC,QAAQ,CAAC,MAAM;SACjC,CAAC;QACF,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/B,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;QAExC,IAAI,UAAU,CAAC,MAAM;YAAE,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAE1B,MAAM,CAAC,GAAG,QAAQ,CAAC,EAAE,UAAU,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QACpD,MAAM,aAAa,GAAG,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC;QACzC,MAAM,CACJ,uBAAuB,CAAC,CAAC,UAAU,cAAc,CAAC,CAAC,YAAY,eAAe,CAC/E,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,CACJ,gKAAgK,CACjK,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CACJ,kFAAkF,CACnF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,CAAC,gEAAgE,CAAC,CAAC;YACzE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/cli/init/profiles.d.ts

@@ -0,0 +1,2 @@
+export declare const SOLO_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template solo`.\n#\n# Single-operator profile: memory-router for cross-conversation memory\n# routing + understanding-before-execution policy pack to force an\n# explicit interpretation confirmation before any write-capable tool\n# fires. No agent-tasks loop (use --template team if you want PR\n# review-gating).\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n";
+export declare const TEAM_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template team`.\n#\n# Solo profile + agent-tasks MCP + the review-before-merge policy. Block\n# pull_requests_merge MCP calls unless a ledger entry tagged\n# review:<pr-number> exists for the current grounding session, the\n# standard team workflow where every PR gets a review-subagent pass\n# before it can land.\n#\n# Adapt the paths under `command:` to your install layout, or move\n# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n\ntools:\n  mcp:\n    - name: agent-tasks\n      command: [node, ~/git/pandora/agent-tasks/mcp-server/dist/server.js]\n      env:\n        AGENT_TASKS_URL: https://agent-tasks.opentriologue.ai\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      command: [node, ~/git/pandora/agent-grounding/packages/grounding-mcp/dist/server.js]\n      env:\n        EVIDENCE_LEDGER_DB: ~/.evidence-ledger/ledger.db\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    # The built-in `harness policy intercept` CLI verb is the generic\n    # deny-on-missing-evidence hook entrypoint. It reads the tool event\n    # JSON on stdin, evaluates all policies whose triggers match, emits\n    # Claude Code's deny envelope on block. Using it here removes the\n    # need to ship a per-policy shell script under ~/.claude/hooks/ for\n    # the team setup; operators with custom logic can swap in their own\n    # script path.\n    command: harness policy intercept\n    blocking: hard\n    budget_ms: 2000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n\npolicy_packs:\n  - name: understanding-before-execution\n    source: builtin\n    enabled: true\n    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.\n    config:\n      mode: grill_me\n";

package/dist/cli/init/profiles.js

@@ -0,0 +1,163 @@
+// Profile templates for `harness init` (task c5287b80, PR split 2/3).
+//
+// Two opinionated starting manifests that go beyond the bare `minimal`
+// template but stay smaller than `full`:
+//
+//   solo: memory-router + understanding-before-execution policy pack.
+//         Single-operator setup that wires the recurring "make me
+//         defend my interpretation before I touch anything write-
+//         capable" gate without dragging in the agent-tasks loop.
+//
+//   team: solo + agent-tasks MCP server + review-before-merge policy.
+//           Adds the merge gate that requires a ledger entry tagged
+//           review:<pr-number> for the current session before the
+//           pull_requests_merge MCP verb fires.
+//
+// Both manifests are validate-clean against the v1 schema. They use the
+// same path layouts as the existing FULL template (`~/git/pandora/...`,
+// `~/.claude/...`); operators on a different layout should override via
+// `~/.claude/machines/<host>.harness.overrides.yaml` (ARCHITECTURE §8).
+export const SOLO_TEMPLATE = `# ~/.claude/harness.yaml
+#
+# Bootstrapped by \`harness init --template solo\`.
+#
+# Single-operator profile: memory-router for cross-conversation memory
+# routing + understanding-before-execution policy pack to force an
+# explicit interpretation confirmation before any write-capable tool
+# fires. No agent-tasks loop (use --template team if you want PR
+# review-gating).
+#
+# Adapt the paths under \`command:\` to your install layout, or move
+# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.
+
+version: 1
+
+grounding:
+  session:
+    auto_start: true
+    id_format: "gs-{repo}-{rand:8}"
+  evidence_ledger:
+    path: ~/.evidence-ledger/ledger.db
+    retention_days: 90
+
+tools:
+  builtin:
+    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]
+
+memory:
+  directories:
+    - path: ~/.claude/projects/{project}/memory
+      scope: project
+  router:
+    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]
+    enabled: true
+  retention:
+    staleness_days: 180
+    broken_refs: warn
+  scopes:
+    default: project
+    allowed: [project, user]
+
+policy_packs:
+  - name: understanding-before-execution
+    source: builtin
+    enabled: true
+    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.
+    config:
+      mode: grill_me
+`;
+export const TEAM_TEMPLATE = `# ~/.claude/harness.yaml
+#
+# Bootstrapped by \`harness init --template team\`.
+#
+# Solo profile + agent-tasks MCP + the review-before-merge policy. Block
+# pull_requests_merge MCP calls unless a ledger entry tagged
+# review:<pr-number> exists for the current grounding session, the
+# standard team workflow where every PR gets a review-subagent pass
+# before it can land.
+#
+# Adapt the paths under \`command:\` to your install layout, or move
+# host-specific paths to ~/.claude/machines/<host>.harness.overrides.yaml.
+
+version: 1
+
+grounding:
+  session:
+    auto_start: true
+    id_format: "gs-{repo}-{rand:8}"
+  evidence_ledger:
+    path: ~/.evidence-ledger/ledger.db
+    retention_days: 90
+
+tools:
+  mcp:
+    - name: agent-tasks
+      command: [node, ~/git/pandora/agent-tasks/mcp-server/dist/server.js]
+      env:
+        AGENT_TASKS_URL: https://agent-tasks.opentriologue.ai
+      health:
+        verb: projects_list
+        timeout_ms: 5000
+      enabled: true
+    - name: grounding-mcp
+      command: [node, ~/git/pandora/agent-grounding/packages/grounding-mcp/dist/server.js]
+      env:
+        EVIDENCE_LEDGER_DB: ~/.evidence-ledger/ledger.db
+      health:
+        verb: ledger_status
+        timeout_ms: 5000
+      enabled: true
+  builtin:
+    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate, Glob, Grep]
+
+memory:
+  directories:
+    - path: ~/.claude/projects/{project}/memory
+      scope: project
+  router:
+    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]
+    enabled: true
+  retention:
+    staleness_days: 180
+    broken_refs: warn
+  scopes:
+    default: project
+    allowed: [project, user]
+
+hooks:
+  - name: require-review-evidence
+    event: PreToolUse
+    match: "mcp__agent-tasks__pull_requests_merge"
+    # The built-in \`harness policy intercept\` CLI verb is the generic
+    # deny-on-missing-evidence hook entrypoint. It reads the tool event
+    # JSON on stdin, evaluates all policies whose triggers match, emits
+    # Claude Code's deny envelope on block. Using it here removes the
+    # need to ship a per-policy shell script under ~/.claude/hooks/ for
+    # the team setup; operators with custom logic can swap in their own
+    # script path.
+    command: harness policy intercept
+    blocking: hard
+    budget_ms: 2000
+
+policies:
+  - name: review-before-merge
+    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.
+    trigger:
+      event: PreToolUse
+      match: "mcp__agent-tasks__pull_requests_merge"
+      extract:
+        PR_NUMBER: "toolArgs.prNumber"
+    requires:
+      ledger_tag: "review:\${PR_NUMBER}"
+    hook: require-review-evidence
+    enforcement: block
+
+policy_packs:
+  - name: understanding-before-execution
+    source: builtin
+    enabled: true
+    description: Force agents to expose their task interpretation and wait for explicit human approval before any write-capable tool fires.
+    config:
+      mode: grill_me
+`;
+//# sourceMappingURL=profiles.js.map

package/dist/cli/init/profiles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../src/cli/init/profiles.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,EAAE;AACF,uEAAuE;AACvE,yCAAyC;AACzC,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,kEAAkE;AAClE,kEAAkE;AAClE,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,kEAAkE;AAClE,gDAAgD;AAChD,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AACxE,wEAAwE;AAExE,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgD5B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6F5B,CAAC"}

package/dist/cli/init/templates.d.ts

@@ -1,4 +1,4 @@
 export declare const MINIMAL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template minimal`.\n#\n# This is the empty-but-valid manifest. Run `harness validate` to confirm it\n# parses, then add entries under the five top-level keys:\n#\n#   grounding:  evidence-ledger + claim-gate config (see docs/ARCHITECTURE.md \u00A72)\n#   tools:      mcp / cli / skills / builtin inventory   (\u00A73)\n#   memory:     directories, retention, scopes           (\u00A74)\n#   hooks:      event-bound shell commands               (\u00A75)\n#   policies:   named rules that bind hooks to triggers  (\u00A76)\n#\n# Phase 2 verbs to add entries safely: `harness add mcp <name> ...`,\n# `harness add cli`, `harness add hook`, `harness add skill`.\n# Per-machine overrides live at ~/.claude/machines/<discriminator>.harness.overrides.yaml\n# (ARCHITECTURE.md \u00A78) for paths that vary per host.\n#\n# Docs: https://github.com/LanNguyenSi/harness\n\nversion: 1\n";
-export declare const FULL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template full`. Mirrors the example manifest\n# from docs/ARCHITECTURE.md Appendix A. Paths under `command:` reference the\n# developer machine that authored Appendix A \u2014 adapt them to your host (or\n# move host-specific paths to ~/.claude/machines/<hostname>.harness.overrides.yaml\n# per ARCHITECTURE.md \u00A78) before running `harness validate`.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n  policies_source: ~/.claude/harness.d/policies/claim-gate.yaml\n\ntools:\n  mcp:\n    - name: codebase-oracle\n      command: [npx, tsx, ~/git/pandora/codebase-oracle/src/mcp-server.ts]\n      health:\n        verb: oracle_list_repos\n        timeout_ms: 5000\n      enabled: true\n    - name: agent-tasks\n      command: [node, ~/git/pandora/agent-tasks/mcp-server/dist/server.js]\n      env:\n        AGENT_TASKS_URL: https://agent-tasks.opentriologue.ai\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      command: [node, ~/git/pandora/agent-grounding/packages/grounding-mcp/dist/server.js]\n      env:\n        EVIDENCE_LEDGER_DB: ~/.evidence-ledger/ledger.db\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n\n  cli:\n    - name: git-batch\n      binary: git-batch\n      min_version: \"0.2.0\"\n      required: true\n    - name: gh\n      binary: gh\n      required: true\n    - name: ledger\n      binary: ledger\n      required: false\n\n  skills:\n    enabled:\n      - simplify\n      - init\n      - review\n      - security-review\n    source_dirs:\n      - ~/.claude/skills\n\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: git-preflight\n    event: SessionStart\n    command: ~/.claude/hooks/git-preflight.sh\n    blocking: false\n    budget_ms: 30000\n    description: \"Run agent-preflight on session start; record ready + confidence into the ledger as preflight:${REPO}.\"\n\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    command: ~/.claude/hooks/require-review-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-dogfood-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    command: ~/.claude/hooks/require-dogfood-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: \"^git (status|log|diff|branch)\"\n    command: ~/.claude/hooks/require-preflight-evidence.sh\n    blocking: hard\n    budget_ms: 1000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n\n  - name: dogfood-before-release\n    description: Block npm publish / git tag v* without a recent dogfood ledger entry.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^(npm publish|git tag v.*)\"\n    requires:\n      ledger_tag: \"dogfood:${SESSION_ID}\"\n      within: 24h\n    hook: require-dogfood-evidence\n    enforcement: block\n\n  - name: preflight-before-investigation\n    description: Block investigative git reads (status/log/diff/branch) when agent-preflight has not run recently with ready:true for the current repo.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^git (status|log|diff|branch)\"\n    requires:\n      ledger_tag: \"preflight:${REPO}\"\n      within: 1h\n    hook: require-preflight-evidence\n    enforcement: block\n";
-export type TemplateName = "minimal" | "full";
+export declare const FULL_TEMPLATE = "# ~/.claude/harness.yaml\n#\n# Bootstrapped by `harness init --template full`. Mirrors the example manifest\n# from docs/ARCHITECTURE.md Appendix A. Paths under `command:` reference the\n# developer machine that authored Appendix A \u2014 adapt them to your host (or\n# move host-specific paths to ~/.claude/machines/<hostname>.harness.overrides.yaml\n# per ARCHITECTURE.md \u00A78) before running `harness validate`.\n\nversion: 1\n\ngrounding:\n  session:\n    auto_start: true\n    id_format: \"gs-{repo}-{rand:8}\"\n  evidence_ledger:\n    path: ~/.evidence-ledger/ledger.db\n    retention_days: 90\n  policies_source: ~/.claude/harness.d/policies/claim-gate.yaml\n\ntools:\n  mcp:\n    - name: codebase-oracle\n      command: [npx, tsx, ~/git/pandora/codebase-oracle/src/mcp-server.ts]\n      health:\n        verb: oracle_list_repos\n        timeout_ms: 5000\n      enabled: true\n    - name: agent-tasks\n      command: [node, ~/git/pandora/agent-tasks/mcp-server/dist/server.js]\n      env:\n        AGENT_TASKS_URL: https://agent-tasks.opentriologue.ai\n      health:\n        verb: projects_list\n        timeout_ms: 5000\n      enabled: true\n    - name: grounding-mcp\n      command: [node, ~/git/pandora/agent-grounding/packages/grounding-mcp/dist/server.js]\n      env:\n        EVIDENCE_LEDGER_DB: ~/.evidence-ledger/ledger.db\n      health:\n        verb: ledger_status\n        timeout_ms: 5000\n      enabled: true\n\n  cli:\n    - name: git-batch\n      binary: git-batch\n      min_version: \"0.2.0\"\n      required: true\n    - name: gh\n      binary: gh\n      required: true\n    - name: ledger\n      binary: ledger\n      required: false\n\n  skills:\n    enabled:\n      - simplify\n      - init\n      - review\n      - security-review\n    source_dirs:\n      - ~/.claude/skills\n\n  builtin:\n    known: [Read, Edit, Write, Bash, Agent, Skill, TaskCreate]\n\nmemory:\n  directories:\n    - path: ~/.claude/projects/{project}/memory\n      scope: project\n  router:\n    command: [node, ~/git/pandora/agent-memory/packages/memory-router/dist/hooks/user-prompt-submit.js]\n    enabled: true\n  retention:\n    staleness_days: 180\n    broken_refs: warn\n  scopes:\n    default: project\n    allowed: [project, user]\n\nhooks:\n  - name: git-preflight\n    event: SessionStart\n    command: ~/.claude/hooks/git-preflight.sh\n    blocking: false\n    budget_ms: 30000\n    description: \"Run agent-preflight on session start; record ready + confidence into the ledger as preflight:${REPO}.\"\n\n  - name: require-review-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_merge\"\n    command: ~/.claude/hooks/require-review-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-dogfood-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    command: ~/.claude/hooks/require-dogfood-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: \"^git (status|log|diff|branch)\"\n    command: ~/.claude/hooks/require-preflight-evidence.sh\n    blocking: hard\n    budget_ms: 1000\n\n  - name: require-review-subagent-evidence\n    event: PreToolUse\n    match: \"mcp__agent-tasks__pull_requests_create\"\n    command: ~/.claude/hooks/require-review-subagent-evidence.sh\n    blocking: hard\n    budget_ms: 2000\n\n  - name: require-preflight-push-evidence\n    event: PreToolUse\n    match: \"Bash\"\n    bash_match: \"^git push\"\n    command: ~/.claude/hooks/require-preflight-push-evidence.sh\n    blocking: hard\n    budget_ms: 1000\n\npolicies:\n  - name: review-before-merge\n    description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_merge\"\n      extract:\n        PR_NUMBER: \"toolArgs.prNumber\"\n    requires:\n      ledger_tag: \"review:${PR_NUMBER}\"\n    hook: require-review-evidence\n    enforcement: block\n\n  - name: dogfood-before-release\n    description: Block npm publish / git tag v* without a recent dogfood ledger entry.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^(npm publish|git tag v.*)\"\n    requires:\n      ledger_tag: \"dogfood:${SESSION_ID}\"\n      within: 24h\n    hook: require-dogfood-evidence\n    enforcement: block\n\n  - name: preflight-before-investigation\n    description: Block investigative git reads (status/log/diff/branch) when agent-preflight has not run recently with ready:true for the current repo.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^git (status|log|diff|branch)\"\n    requires:\n      ledger_tag: \"preflight:${REPO}\"\n      within: 1h\n    hook: require-preflight-evidence\n    enforcement: block\n\n  - name: review-subagent-before-pr-create\n    description: Block agent-tasks PR creation unless a review-subagent ledger entry tagged for this task already exists. Forces the rigorous review BEFORE the PR opens, not after.\n    trigger:\n      event: PreToolUse\n      match: \"mcp__agent-tasks__pull_requests_create\"\n      extract:\n        TASK_ID: \"toolArgs.taskId\"\n    requires:\n      ledger_tag: \"review-subagent:${TASK_ID}\"\n    hook: require-review-subagent-evidence\n    enforcement: block\n\n  - name: preflight-before-push\n    description: Block git push unless a fresh preflight ledger entry exists for the current branch. Catches the stale-checkout class of incident at the last reversible step.\n    trigger:\n      event: PreToolUse\n      match: \"Bash\"\n      bash_match: \"^git push\"\n    requires:\n      ledger_tag: \"preflight:${BRANCH}\"\n      within: 10m\n    hook: require-preflight-push-evidence\n    enforcement: block\n";
+export type TemplateName = "minimal" | "full" | "solo" | "team";
 export declare function getTemplate(name: TemplateName): string;

package/dist/cli/init/templates.js

@@ -132,6 +132,21 @@ hooks:
     blocking: hard
     budget_ms: 1000
 
+  - name: require-review-subagent-evidence
+    event: PreToolUse
+    match: "mcp__agent-tasks__pull_requests_create"
+    command: ~/.claude/hooks/require-review-subagent-evidence.sh
+    blocking: hard
+    budget_ms: 2000
+
+  - name: require-preflight-push-evidence
+    event: PreToolUse
+    match: "Bash"
+    bash_match: "^git push"
+    command: ~/.claude/hooks/require-preflight-push-evidence.sh
+    blocking: hard
+    budget_ms: 1000
+
 policies:
   - name: review-before-merge
     description: Block PR merges unless a ledger entry tagged review:<pr-number> exists for this session.
@@ -168,8 +183,42 @@ policies:
       within: 1h
     hook: require-preflight-evidence
     enforcement: block
+
+  - name: review-subagent-before-pr-create
+    description: Block agent-tasks PR creation unless a review-subagent ledger entry tagged for this task already exists. Forces the rigorous review BEFORE the PR opens, not after.
+    trigger:
+      event: PreToolUse
+      match: "mcp__agent-tasks__pull_requests_create"
+      extract:
+        TASK_ID: "toolArgs.taskId"
+    requires:
+      ledger_tag: "review-subagent:\${TASK_ID}"
+    hook: require-review-subagent-evidence
+    enforcement: block
+
+  - name: preflight-before-push
+    description: Block git push unless a fresh preflight ledger entry exists for the current branch. Catches the stale-checkout class of incident at the last reversible step.
+    trigger:
+      event: PreToolUse
+      match: "Bash"
+      bash_match: "^git push"
+    requires:
+      ledger_tag: "preflight:\${BRANCH}"
+      within: 10m
+    hook: require-preflight-push-evidence
+    enforcement: block
 `;
+import { SOLO_TEMPLATE, TEAM_TEMPLATE } from "./profiles.js";
 export function getTemplate(name) {
-    return name === "full" ? FULL_TEMPLATE : MINIMAL_TEMPLATE;
+    switch (name) {
+        case "full":
+            return FULL_TEMPLATE;
+        case "solo":
+            return SOLO_TEMPLATE;
+        case "team":
+            return TEAM_TEMPLATE;
+        case "minimal":
+            return MINIMAL_TEMPLATE;
+    }
 }
 //# sourceMappingURL=templates.js.map

package/dist/cli/init/templates.js.map

@@ -1 +1 @@
-{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/cli/init/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;CAqB/B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoJ5B,CAAC;AAIF,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC5C,OAAO,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC;AAC5D,CAAC"}
+{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/cli/init/templates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;CAqB/B,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2L5B,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAI7D,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC5C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,aAAa,CAAC;QACvB,KAAK,SAAS;YACZ,OAAO,gBAAgB,CAAC;IAC5B,CAAC;AACH,CAAC"}

package/dist/cli/pack/hook-pre-tool-use.js

@@ -38,10 +38,23 @@ async function readStdin(stream) {
 function findGroundingMcp(manifest) {
     return manifest.tools.mcp.find((m) => m.name === "grounding-mcp") ?? null;
 }
+// The Claude Code "block" envelope. Mirrors the runtime/intercept.ts
+// shape (PR #81): `decision: "block"` keeps legacy 2.0.x CLIs blocking,
+// `hookSpecificOutput.permissionDecision: "deny"` is the Claude Code
+// 2.1+ documented contract for PreToolUse. This hook is always wired to
+// PreToolUse (the pack contributes only a PreToolUse hook), so the
+// envelope is unconditional here — no event-kind branch like
+// runtime/intercept.ts needs.
 function blockJson(toolName, reason) {
+    const reasonText = `Understanding Gate: ${reason}. Tool: ${toolName}. Run \`harness approve understanding\` once you have produced and confirmed an Understanding Report.`;
     return JSON.stringify({
         decision: "block",
-        reason: `Understanding Gate: ${reason}. Tool: ${toolName}. Run \`harness approve understanding\` once you have produced and confirmed an Understanding Report.`,
+        reason: reasonText,
+        hookSpecificOutput: {
+            hookEventName: "PreToolUse",
+            permissionDecision: "deny",
+            permissionDecisionReason: reasonText,
+        },
     });
 }
 async function checkLedger(manifest, sessionId, opts) {

package/dist/cli/pack/hook-pre-tool-use.js.map

@@ -1 +1 @@
-{"version":3,"file":"hook-pre-tool-use.js","sourceRoot":"","sources":["../../../src/cli/pack/hook-pre-tool-use.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,EAAE;AACF,yDAAyD;AACzD,wEAAwE;AACxE,qEAAqE;AACrE,kEAAkE;AAClE,yEAAyE;AACzE,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,sEAAsE;AACtE,oEAAoE;AACpE,sEAAsE;AACtE,sEAAsE;AACtE,sEAAsE;AACtE,EAAE;AACF,iEAAiE;AACjE,wEAAwE;AACxE,qEAAqE;AACrE,oEAAoE;AACpE,qEAAqE;AACrE,iEAAiE;AAEjE,OAAO,EACL,gBAAgB,GAEjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,GAEnB,MAAM,sEAAsE,CAAC;AAE9E,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAEhE,MAAM,SAAS,GAAG,gCAAgC,CAAC;AAkCnD,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB,EAAE,MAAc;IACjD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,QAAQ,EAAE,OAAO;QACjB,MAAM,EAAE,uBAAuB,MAAM,WAAW,QAAQ,uGAAuG;KAChK,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,QAAkB,EAClB,SAAiB,EACjB,IAA+B;IAE/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACjD,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;QAC5E,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC/C,CAAC;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;IAC9E,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,UAAU,EAAE,OAAO;QACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC3B,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;IAC1E,CAAC;IACD,OAAO,kBAAkB,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAkC,EAAE;IAEpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC;IAExC,mEAAmE;IACnE,oCAAoC;IACpC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK,GAAkB,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAkB,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;IAED,MAAM,SAAS,GACb,CAAC,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,EAAE,CAAC;IACL,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;IAErF,sEAAsE;IACtE,oDAAoD;IACpD,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,4CAChB,GAAa,CAAC,OACjB,cAAc,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,4DAA4D;IAC5D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,UAAU,GAAG,4BAA4B,QAAQ,uCAAuC,CAAC;QAC/F,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,4BAA4B,QAAQ,+BAA+B,CAAC;QACvF,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,UAAU,GACd,yFAAyF,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC5D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,UAAU,GAAG,sBAAsB,MAAM,CAAC,MAAM,aAAa,CAAC;QACpE,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;YAC1E,UAAU;SACX,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC1D,MAAM,MAAM,GAAG,oBAAoB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,sBAAsB,MAAM,CAAC,MAAM,aAAa,CAAC;QACpE,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;YACpF,UAAU;SACX,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;IACpD,MAAM,UAAU,GAAG,8BAA8B,MAAM,EAAE,CAAC;IAC1D,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;IAChC,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,mDAAmD,CAAC,IAAI,CAAC,CAAC;IAC9F,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,IAAI;QACb,aAAa,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;QAClE,UAAU;KACX,CAAC;AACJ,CAAC"}
+{"version":3,"file":"hook-pre-tool-use.js","sourceRoot":"","sources":["../../../src/cli/pack/hook-pre-tool-use.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,EAAE;AACF,yDAAyD;AACzD,wEAAwE;AACxE,qEAAqE;AACrE,kEAAkE;AAClE,yEAAyE;AACzE,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,sEAAsE;AACtE,oEAAoE;AACpE,sEAAsE;AACtE,sEAAsE;AACtE,sEAAsE;AACtE,EAAE;AACF,iEAAiE;AACjE,wEAAwE;AACxE,qEAAqE;AACrE,oEAAoE;AACpE,qEAAqE;AACrE,iEAAiE;AAEjE,OAAO,EACL,gBAAgB,GAEjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,GAEnB,MAAM,sEAAsE,CAAC;AAE9E,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAEhE,MAAM,SAAS,GAAG,gCAAgC,CAAC;AAkCnD,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,qEAAqE;AACrE,wEAAwE;AACxE,qEAAqE;AACrE,wEAAwE;AACxE,mEAAmE;AACnE,6DAA6D;AAC7D,8BAA8B;AAC9B,SAAS,SAAS,CAAC,QAAgB,EAAE,MAAc;IACjD,MAAM,UAAU,GAAG,uBAAuB,MAAM,WAAW,QAAQ,uGAAuG,CAAC;IAC3K,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,QAAQ,EAAE,OAAO;QACjB,MAAM,EAAE,UAAU;QAClB,kBAAkB,EAAE;YAClB,aAAa,EAAE,YAAY;YAC3B,kBAAkB,EAAE,MAAM;YAC1B,wBAAwB,EAAE,UAAU;SACrC;KACF,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,QAAkB,EAClB,SAAiB,EACjB,IAA+B;IAE/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACjD,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;QAC5E,CAAC;QACD,OAAO,kBAAkB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC/C,CAAC;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wCAAwC,EAAE,CAAC;IAC9E,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;QACpC,UAAU,EAAE,OAAO;QACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC3B,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;IAC1E,CAAC;IACD,OAAO,kBAAkB,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAkC,EAAE;IAEpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC;IAExC,mEAAmE;IACnE,oCAAoC;IACpC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK,GAAkB,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAkB,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;IAED,MAAM,SAAS,GACb,CAAC,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,EAAE,CAAC;IACL,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;IAErF,sEAAsE;IACtE,oDAAoD;IACpD,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,4CAChB,GAAa,CAAC,OACjB,cAAc,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,4DAA4D;IAC5D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,UAAU,GAAG,4BAA4B,QAAQ,uCAAuC,CAAC;QAC/F,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,4BAA4B,QAAQ,+BAA+B,CAAC;QACvF,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;QACrB,MAAM,UAAU,GACd,yFAAyF,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE;YACrE,UAAU;SACX,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAC5D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,UAAU,GAAG,sBAAsB,MAAM,CAAC,MAAM,aAAa,CAAC;QACpE,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;YAC1E,UAAU;SACX,CAAC;IACJ,CAAC;IAED,8BAA8B;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC1D,MAAM,MAAM,GAAG,oBAAoB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,sBAAsB,MAAM,CAAC,MAAM,aAAa,CAAC;QACpE,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;QAChC,OAAO;YACL,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;YACpF,UAAU;SACX,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;IACpD,MAAM,UAAU,GAAG,8BAA8B,MAAM,EAAE,CAAC;IAC1D,MAAM,CAAC,KAAK,CAAC,GAAG,UAAU,IAAI,CAAC,CAAC;IAChC,MAAM,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,mDAAmD,CAAC,IAAI,CAAC,CAAC;IAC9F,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,IAAI;QACb,aAAa,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE;QAClE,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/cli/smoke/assertions.d.ts

@@ -0,0 +1,39 @@
+import type { HookPair, StreamSummary } from "./stream-parser.js";
+export type ExpectDecision = "allow" | "deny" | "warn";
+export interface SmokeExpectations {
+    /** Hook names or events that MUST have fired. */
+    expectHooks?: string[];
+    /** Hook names or events that MUST NOT have fired. */
+    expectNoHooks?: string[];
+    /** Terminal `result.is_error` is true iff this matches `expect-exit != 0`. */
+    expectExit?: number;
+    /** Last policy-intercept decision must match. */
+    expectDecision?: ExpectDecision;
+}
+export interface AssertionFailure {
+    kind: "expect-hook" | "expect-no-hook" | "expect-exit" | "expect-decision";
+    expected: string;
+    actual: string;
+    detail: string;
+}
+/**
+ * Classify the policy decision emitted by `harness policy intercept`.
+ *
+ * The intercept CLI contract (PR #81): on `deny`, stdout carries the
+ * Claude Code 2.1+ envelope (`decision:"block"` AND
+ * `hookSpecificOutput.permissionDecision:"deny"`). On `allow`, stdout
+ * is empty. On `warn-degraded`, stdout is empty AND stderr carries the
+ * Phase 5 #3 diagnostic line (`warn-degraded (ledger unreachable)`)
+ * when HARNESS_POLICY_VERBOSE is on. `harness smoke` sets that env var
+ * unconditionally when spawning claude, so the warn branch is
+ * observable.
+ *
+ * Order of detection: deny first (any hook stdout containing the
+ * envelope), then warn (any hook stderr containing the diagnostic),
+ * then allow if at least one policy-shaped hook fired without a deny
+ * stdout, else `null` (no policy hook in the stream, so the assertion
+ * is N/A and must be reported as a miss).
+ */
+export declare function classifyDecision(hooks: HookPair[]): ExpectDecision | null;
+export declare function evaluateExpectations(summary: StreamSummary, expectations: SmokeExpectations): AssertionFailure[];
+export declare function formatFailures(failures: AssertionFailure[]): string;