@oscharko-dev/keiko 0.1.0-beta.0

package/dist/harness/patcher.js

@@ -0,0 +1,49 @@
+// Handlers for the patch-proposal, verification, and reporting states. The harness NEVER
+// applies a patch: the diff is emitted as a patch:proposed event and carried on the run
+// result. Nothing here touches the file system (ADR-0004 D8, dry-run by default).
+import { HARNESS_CODES, toFailure } from "./errors.js";
+const encoder = new TextEncoder();
+function patchByteLength(diff) {
+    return encoder.encode(diff).length;
+}
+export function handlePatchProposal(ctx) {
+    const diff = ctx.lastResponse?.content ?? "";
+    const bytes = patchByteLength(diff);
+    if (bytes > ctx.limits.maxPatchBytes) {
+        ctx.failure = toFailure(HARNESS_CODES.LIMIT_PATCH_SIZE, `patch ${String(bytes)} bytes exceeds limit ${String(ctx.limits.maxPatchBytes)}`);
+        return { to: "limit-exceeded", reason: "maxPatchBytes exceeded" };
+    }
+    ctx.patchDiff = diff;
+    ctx.emitter.emit({
+        type: "patch:proposed",
+        targetFile: ctx.plan.targetFile,
+        patchBytes: bytes,
+        diff,
+    });
+    return { to: "verification", reason: "patch assembled and proposed (not applied)" };
+}
+// Wave-1 verification is a structural check: a proposed patch must be non-empty. Real test/
+// command verification arrives with the tool execution layer (issue #6).
+export function handleVerification(ctx) {
+    const passed = (ctx.patchDiff ?? "").trim().length > 0;
+    ctx.emitter.emit({
+        type: "verification:result",
+        passed,
+        detail: passed ? "non-empty patch produced" : "empty patch",
+    });
+    if (passed) {
+        return { to: "reporting", reason: "verification passed" };
+    }
+    ctx.counters.failureAttempts += 1;
+    if (ctx.counters.failureAttempts >= ctx.limits.maxFailureAttempts) {
+        ctx.failure = toFailure(HARNESS_CODES.LIMIT_FAILURE_ATTEMPTS, "verification kept failing");
+        return { to: "limit-exceeded", reason: "maxFailureAttempts exceeded after verification" };
+    }
+    return { to: "planning", reason: "verification failed; re-planning" };
+}
+// Records the final report on the context. The run:completed event is emitted by the loop
+// once the terminal `completed` state is reached, so it is the last event in the stream.
+export function handleReporting(ctx) {
+    ctx.report = ctx.lastResponse?.content ?? "no model output";
+    return { to: "completed", reason: "report generated" };
+}

package/dist/harness/planner.d.ts

@@ -0,0 +1,3 @@
+import { type RunContext, type StateStep } from "./context.js";
+export declare function handlePlanning(ctx: RunContext): StateStep;
+export declare function handleContextSelection(ctx: RunContext): StateStep;

package/dist/harness/planner.js

@@ -0,0 +1,21 @@
+// Handlers for the planning and context-selection states. Planning emits the task
+// rationale as a reasoning:trace. Context-selection finalises the message array and
+// enforces maxContextBytes before any model call (ADR-0004 D3 enforcement point).
+import { HARNESS_CODES, toFailure } from "./errors.js";
+import { contextBytes } from "./context.js";
+export function handlePlanning(ctx) {
+    ctx.emitter.emit({
+        type: "reasoning:trace",
+        phase: "planning",
+        rationale: ctx.plan.rationale,
+    });
+    return { to: "context-selection", reason: "plan constructed" };
+}
+export function handleContextSelection(ctx) {
+    const bytes = contextBytes(ctx.messages);
+    if (bytes > ctx.limits.maxContextBytes) {
+        ctx.failure = toFailure(HARNESS_CODES.LIMIT_CONTEXT_SIZE, `context ${String(bytes)} bytes exceeds limit ${String(ctx.limits.maxContextBytes)}`);
+        return { to: "limit-exceeded", reason: "maxContextBytes exceeded" };
+    }
+    return { to: "model-call", reason: "context assembled within byte budget" };
+}

package/dist/harness/ports.d.ts

@@ -0,0 +1,61 @@
+import type { GatewayRequest, NormalizedResponse, ToolDefinition } from "../gateway/types.js";
+import type { HarnessEvent, HarnessLimits, TaskInput, TaskType } from "./types.js";
+export interface ModelPort {
+    readonly call: (request: GatewayRequest, signal: AbortSignal) => Promise<NormalizedResponse>;
+}
+export interface ToolCallRequest {
+    readonly toolCallId: string;
+    readonly toolName: string;
+    readonly arguments: Record<string, unknown>;
+    readonly signal: AbortSignal;
+}
+export type ToolCallMetadata = {
+    readonly kind: "command";
+    readonly executable: string;
+    readonly argCount: number;
+    readonly exitCode: number | null;
+    readonly timedOut: boolean;
+    readonly sandbox: {
+        readonly envAllowlist: readonly string[];
+        readonly network: "inherit" | "none";
+        readonly maxOutputBytes: number;
+        readonly timeoutMs: number;
+        readonly terminationGraceMs: number;
+        readonly cwdRequested: boolean;
+    };
+} | {
+    readonly kind: "patch-apply";
+    readonly changedFiles: number;
+    readonly created: number;
+    readonly deleted: number;
+};
+export interface ToolCallResult {
+    readonly toolCallId: string;
+    readonly output: string;
+    readonly durationMs: number;
+    readonly commandExecuted?: boolean | undefined;
+    readonly metadata?: ToolCallMetadata | undefined;
+}
+export interface ToolPort {
+    readonly execute: (request: ToolCallRequest) => Promise<ToolCallResult>;
+    readonly listTools: () => readonly ToolDefinition[];
+}
+export interface EventSink {
+    readonly emit: (event: HarnessEvent) => void;
+    readonly retainsRawContent?: boolean | undefined;
+}
+export interface IdSource {
+    readonly newRunId: () => string;
+}
+export interface FingerprintInput {
+    readonly taskType: TaskType;
+    readonly taskInput: TaskInput;
+    readonly limits: HarnessLimits;
+    readonly modelId: string;
+    readonly workingDirectory: string;
+    readonly dryRun: boolean;
+    readonly harnessVersion: string;
+}
+export interface Fingerprinter {
+    readonly compute: (input: FingerprintInput) => string;
+}

package/dist/harness/ports.js

@@ -0,0 +1,4 @@
+// Hexagonal port interfaces. The harness (high-level policy) depends only on these
+// abstractions, never on the concrete Gateway, file system, or terminal. Issues #6,
+// #10, and #13 each plug in their own implementations without touching the harness.
+export {};

package/dist/harness/session.d.ts

@@ -0,0 +1,25 @@
+import type { Clock } from "../gateway/types.js";
+import type { EventSink, Fingerprinter, IdSource, ModelPort, ToolPort } from "./ports.js";
+import { type HarnessLimits, type RunResult, type TaskInput } from "./types.js";
+export declare const HARNESS_VERSION = "0.1.0-beta.0";
+export interface AgentConfig {
+    readonly model: string;
+    readonly workingDirectory: string;
+    readonly limits?: Partial<HarnessLimits> | undefined;
+    readonly dryRun?: boolean | undefined;
+}
+export interface HarnessDeps {
+    readonly model: ModelPort;
+    readonly tools: ToolPort;
+    readonly sink: EventSink;
+    readonly clock?: Clock | undefined;
+    readonly idSource?: IdSource | undefined;
+    readonly fingerprinter?: Fingerprinter | undefined;
+}
+export interface AgentSession {
+    readonly runId: string;
+    readonly fingerprint: string;
+    readonly result: Promise<RunResult>;
+    readonly cancel: (reason?: string) => void;
+}
+export declare function createSession(task: TaskInput, config: AgentConfig, deps: HarnessDeps): AgentSession;

package/dist/harness/session.js

@@ -0,0 +1,116 @@
+// The public session/run API. createSession() builds the run context, kicks off the loop
+// asynchronously, and exposes the run id, config fingerprint, a result Promise, and a
+// cancel() that aborts the single per-run AbortController (ADR-0004 D4, D9).
+import { systemClock } from "../gateway/resilience.js";
+import { newCounters } from "./context.js";
+import { Emitter } from "./emitter.js";
+import { HARNESS_CODES, toFailure } from "./errors.js";
+import { defaultFingerprinter, defaultIdSource } from "./fingerprint.js";
+import { runLoop } from "./loop.js";
+import { MemoryEventSink } from "./sinks.js";
+import { resolveTaskPlan } from "./tasks/policy.js";
+import { DEFAULT_LIMITS, } from "./types.js";
+export const HARNESS_VERSION = "0.1.0-beta.0";
+function resolveLimits(config) {
+    return { ...DEFAULT_LIMITS, ...config.limits };
+}
+function resolveDryRun(config) {
+    return config.dryRun ?? true;
+}
+function buildResult(ctx, outcome, sink, identity) {
+    return {
+        runId: identity.runId,
+        fingerprint: identity.fingerprint,
+        outcome,
+        taskType: ctx.taskType,
+        ...(ctx.report === undefined ? {} : { report: ctx.report }),
+        ...(ctx.patchDiff === undefined ? {} : { patchDiff: ctx.patchDiff }),
+        ...(ctx.failure === undefined ? {} : { failure: ctx.failure }),
+        startedAt: ctx.startedAt,
+        finishedAt: ctx.clock.now(),
+        events: sink.events(),
+    };
+}
+function buildContext(task, config, deps, signal, runId, fingerprint) {
+    const clock = deps.clock ?? systemClock;
+    const memory = new MemoryEventSink();
+    const plan = resolveTaskPlan(task);
+    const ctx = {
+        model: deps.model,
+        tools: deps.tools,
+        emitter: new Emitter([memory, deps.sink], clock, runId, fingerprint),
+        clock,
+        signal,
+        limits: resolveLimits(config),
+        modelId: config.model,
+        taskType: task.taskType,
+        plan,
+        startedAt: clock.now(),
+        counters: newCounters(),
+        messages: [...plan.messages],
+        lastResponse: undefined,
+        patchDiff: undefined,
+        report: undefined,
+        failure: undefined,
+        cancelReason: undefined,
+        cancelledAtState: undefined,
+    };
+    return { ctx, memory };
+}
+function armWallTimeDeadline(ctx, controller, clock) {
+    let cleared = false;
+    const deadlineController = new AbortController();
+    void clock
+        .sleep(ctx.limits.maxWallTimeMs, deadlineController.signal)
+        .then(() => {
+        if (cleared || controller.signal.aborted) {
+            return;
+        }
+        ctx.failure = toFailure(HARNESS_CODES.LIMIT_WALL_TIME, "wall-time budget exhausted");
+        ctx.cancelReason = "maxWallTimeMs exceeded";
+        controller.abort("maxWallTimeMs exceeded");
+    })
+        .catch(() => undefined);
+    return () => {
+        cleared = true;
+        deadlineController.abort("run finished");
+    };
+}
+export function createSession(task, config, deps) {
+    const limits = resolveLimits(config);
+    const dryRun = resolveDryRun(config);
+    const runId = (deps.idSource ?? defaultIdSource).newRunId();
+    const fingerprint = (deps.fingerprinter ?? defaultFingerprinter).compute({
+        taskType: task.taskType,
+        taskInput: task,
+        limits,
+        modelId: config.model,
+        workingDirectory: config.workingDirectory,
+        dryRun,
+        harnessVersion: HARNESS_VERSION,
+    });
+    const controller = new AbortController();
+    const { ctx, memory } = buildContext(task, config, deps, controller.signal, runId, fingerprint);
+    const clearDeadline = armWallTimeDeadline(ctx, controller, ctx.clock);
+    ctx.emitter.emit({
+        type: "run:started",
+        taskType: task.taskType,
+        modelId: config.model,
+        limits,
+    });
+    // Defer the loop to a microtask so a cancel() issued synchronously after createSession is
+    // observed at the loop's first abort check, before any model or tool call is made.
+    const result = Promise.resolve()
+        .then(() => runLoop(ctx))
+        .finally(clearDeadline)
+        .then((outcome) => buildResult(ctx, outcome, memory, { runId, fingerprint }));
+    return {
+        runId,
+        fingerprint,
+        result,
+        cancel: (reason) => {
+            ctx.cancelReason = reason;
+            controller.abort(reason);
+        },
+    };
+}

package/dist/harness/sinks.d.ts

@@ -0,0 +1,30 @@
+import type { EventSink } from "./ports.js";
+import type { HarnessEvent, RunManifest } from "./types.js";
+export interface EventWriter {
+    readonly out: (text: string) => void;
+    readonly err: (text: string) => void;
+}
+export interface ManifestSeed {
+    readonly runId: string;
+    readonly fingerprint: string;
+    readonly harnessVersion: string;
+    readonly taskType: RunManifest["taskType"];
+    readonly taskInput: RunManifest["taskInput"];
+    readonly limits: RunManifest["limits"];
+    readonly modelId: string;
+    readonly workingDirectory: string;
+    readonly dryRun: boolean;
+    readonly startedAt: string;
+}
+export declare class MemoryEventSink implements EventSink {
+    readonly retainsRawContent = true;
+    private readonly collected;
+    emit(event: HarnessEvent): void;
+    events(): readonly HarnessEvent[];
+    collectManifest(seed: ManifestSeed): RunManifest;
+}
+export declare class CliEventSink implements EventSink {
+    private readonly io;
+    constructor(io: EventWriter);
+    emit(event: HarnessEvent): void;
+}

package/dist/harness/sinks.js

@@ -0,0 +1,72 @@
+// Event sinks. MemoryEventSink collects events in order for tests and for assembling
+// the replay manifest (issue #10 persists it). CliEventSink renders a one-line summary
+// per event for the CLI; it NEVER prints SENSITIVE fields verbatim (rationale,
+// modelResponse, diff) — only safe metadata and byte counts (ADR-0004 D6).
+export class MemoryEventSink {
+    // The in-memory collector retains SENSITIVE fields verbatim so the manifest is a faithful
+    // replay record. The audit ledger (issue #10) applies its own redaction before persistence.
+    retainsRawContent = true;
+    collected = [];
+    emit(event) {
+        this.collected.push(event);
+    }
+    events() {
+        return this.collected;
+    }
+    collectManifest(seed) {
+        return { ...seed, events: this.collected };
+    }
+}
+// Per-variant one-line summary. SENSITIVE fields (rationale, modelResponse, diff) are
+// never included — only safe metadata and byte counts. The handler map keeps cyclomatic
+// complexity bounded (one entry per event type, no growing switch).
+const SUMMARISERS = {
+    "run:started": (e) => `task=${e.taskType} model=${e.modelId}`,
+    "state:transition": (e) => `${e.from} -> ${e.to} (${e.reason})`,
+    "model:call:started": (e) => `model=${e.modelId} messages=${String(e.messageCount)} bytes=${String(e.contextBytes)}`,
+    "model:call:completed": (e) => `model=${e.modelId} finish=${e.finishReason} tools=${String(e.toolCallCount)}`,
+    "model:call:failed": (e) => `model=${e.modelId} code=${e.errorCode}`,
+    "tool:call:started": (e) => `tool=${e.toolName} id=${e.toolCallId}`,
+    "tool:call:completed": (e) => `tool=${e.toolName} id=${e.toolCallId}`,
+    "tool:call:failed": (e) => `tool=${e.toolName} code=${e.errorCode}`,
+    "sandbox:configured": (e) => `env=${e.envAllowlist.join(",")} network=${e.network} timeoutMs=${String(e.timeoutMs)} maxOutputBytes=${String(e.maxOutputBytes)} cwdRequested=${String(e.cwdRequested)}`,
+    "command:executed": (e) => `exec=${e.executable} args=${String(e.argCount)} exit=${String(e.exitCode)} timedOut=${String(e.timedOut)}`,
+    "patch:applied": (e) => `changed=${String(e.changedFiles)} created=${String(e.created)} deleted=${String(e.deleted)}`,
+    "reasoning:trace": (e) => `phase=${e.phase} (rationale redacted)`,
+    "patch:proposed": (e) => `file=${e.targetFile} bytes=${String(e.patchBytes)} (diff redacted)`,
+    "verification:result": (e) => `passed=${String(e.passed)}`,
+    "run:completed": () => "completed",
+    "run:cancelled": (e) => `cancelled at ${e.atState}${e.reason === undefined ? "" : ` (${e.reason})`}`,
+    "run:failed": (e) => `${e.failure.category}: ${e.failure.message}`,
+    // ADR-0017 — browser-tool events. originOnly is the scheme+authority only; never a path/query.
+    "browser:session-opened": (e) => `session=${e.sessionId} port=${String(e.cdpPort)} target=${e.targetId}`,
+    "browser:navigated": (e) => `session=${e.sessionId} origin=${e.originOnly} status=${String(e.httpStatus)}`,
+    "browser:screenshot-captured": (e) => `session=${e.sessionId} seq=${String(e.captureSeq)} persisted=${String(e.persisted)}`,
+    "browser:page-content-captured": (e) => `session=${e.sessionId} seq=${String(e.captureSeq)} bytes=${String(e.byteLength)}`,
+    "browser:session-closed": (e) => `session=${e.sessionId} reason=${e.reason}`,
+    "browser:trust-warning": (e) => `session=${e.sessionId} warning=${e.warning}`,
+    "browser:error": (e) => `session=${e.sessionId} code=${e.code}`,
+};
+function summarise(event) {
+    const handler = SUMMARISERS[event.type];
+    return handler(event);
+}
+function isFailureEvent(event) {
+    return (event.type === "run:failed" ||
+        event.type === "model:call:failed" ||
+        event.type === "tool:call:failed");
+}
+export class CliEventSink {
+    io;
+    constructor(io) {
+        this.io = io;
+    }
+    emit(event) {
+        const line = `[${String(event.seq)}] ${event.type} ${summarise(event)}\n`;
+        if (isFailureEvent(event)) {
+            this.io.err(line);
+            return;
+        }
+        this.io.out(line);
+    }
+}

package/dist/harness/tasks/explain-plan.d.ts

@@ -0,0 +1,3 @@
+import type { ExplainPlanInput } from "../types.js";
+import type { TaskPlan } from "./policy.js";
+export declare function buildExplainPlan(input: ExplainPlanInput): TaskPlan;

package/dist/harness/tasks/explain-plan.js

@@ -0,0 +1,29 @@
+// explain-plan: a read-only task. The harness must never enter tool-call, patch-proposal,
+// or verification for this task type — enforced here by setting all `allows*` flags false.
+// State path: intake -> planning -> context-selection -> model-call -> reporting -> completed.
+const SYSTEM_PROMPT = "You are a senior engineer. Explain only the provided file excerpt and the user's question. " +
+    "Do not infer APIs, constants, or behavior that are not present in the excerpt. If the excerpt " +
+    "is missing or insufficient, say that explicitly. Do not propose code edits; this is a " +
+    "read-only explanation task.";
+function contextBlock(input) {
+    return input.context === undefined
+        ? "\n\nFile excerpt: not available. State that limitation before answering."
+        : `\n\nFile excerpt:\n${input.context}`;
+}
+export function buildExplainPlan(input) {
+    const question = input.question === undefined
+        ? `Explain how the file at ${input.filePath} works.`
+        : `Regarding ${input.filePath}: ${input.question}`;
+    const messages = [
+        { role: "system", content: SYSTEM_PROMPT },
+        { role: "user", content: `${question}${contextBlock(input)}` },
+    ];
+    return {
+        allowsTools: false,
+        allowsPatch: false,
+        allowsVerification: false,
+        targetFile: input.filePath,
+        messages,
+        rationale: `explain-plan over ${input.filePath} (read-only)`,
+    };
+}

package/dist/harness/tasks/generate-unit-tests.d.ts

@@ -0,0 +1,3 @@
+import type { GenerateUnitTestsInput } from "../types.js";
+import type { TaskPlan } from "./policy.js";
+export declare function buildGenerateUnitTests(input: GenerateUnitTestsInput): TaskPlan;

package/dist/harness/tasks/generate-unit-tests.js

@@ -0,0 +1,28 @@
+// generate-unit-tests: proposes a test patch for a target file. The harness may reach
+// patch-proposal and verification, but NEVER applies the patch (dry-run by default).
+// Tool use is not part of this task path. State path:
+// intake -> planning -> context-selection -> model-call -> patch-proposal -> verification
+//        -> reporting -> completed (verification may loop back to model-call).
+const SYSTEM_PROMPT = "You are a senior engineer writing rigorous unit tests. Produce a unified diff that " +
+    "adds tests for the target. Cover edge cases (null, empty, boundary, error paths). " +
+    "Output only the diff.";
+function userMessage(input) {
+    const target = input.targetFunction === undefined
+        ? `Write unit tests for the public API in ${input.filePath}.`
+        : `Write unit tests for the function ${input.targetFunction} in ${input.filePath}.`;
+    return input.context === undefined ? target : `${target}\n\nContext: ${input.context}`;
+}
+export function buildGenerateUnitTests(input) {
+    const messages = [
+        { role: "system", content: SYSTEM_PROMPT },
+        { role: "user", content: userMessage(input) },
+    ];
+    return {
+        allowsTools: false,
+        allowsPatch: true,
+        allowsVerification: true,
+        targetFile: input.filePath,
+        messages,
+        rationale: `generate-unit-tests for ${input.filePath}`,
+    };
+}

package/dist/harness/tasks/investigate-bug.d.ts

@@ -0,0 +1,3 @@
+import type { InvestigateBugInput } from "../types.js";
+import type { TaskPlan } from "./policy.js";
+export declare function buildInvestigateBug(input: InvestigateBugInput): TaskPlan;

package/dist/harness/tasks/investigate-bug.js

@@ -0,0 +1,31 @@
+// investigate-bug: the model may request tool calls to inspect the repo before proposing
+// a fix patch. The harness may reach tool-call, patch-proposal, and verification, but NEVER
+// applies the patch. State path:
+// intake -> planning -> context-selection -> model-call [-> tool-call]* -> patch-proposal
+//        -> verification -> reporting -> completed.
+const SYSTEM_PROMPT = "You are a senior engineer investigating a defect. Use the available read-only tools to " +
+    "gather evidence, then propose a minimal fix as a unified diff. Output only the diff once " +
+    "you have enough evidence.";
+const UNSPECIFIED_TARGET = "<unspecified>";
+function userMessage(input) {
+    const files = input.filePaths === undefined || input.filePaths.length === 0
+        ? ""
+        : `\n\nSuspected files: ${input.filePaths.join(", ")}`;
+    const context = input.context === undefined ? "" : `\n\nContext: ${input.context}`;
+    return `Investigate this bug: ${input.description}${files}${context}`;
+}
+export function buildInvestigateBug(input) {
+    const target = input.filePaths?.[0] ?? UNSPECIFIED_TARGET;
+    const messages = [
+        { role: "system", content: SYSTEM_PROMPT },
+        { role: "user", content: userMessage(input) },
+    ];
+    return {
+        allowsTools: true,
+        allowsPatch: true,
+        allowsVerification: true,
+        targetFile: target,
+        messages,
+        rationale: `investigate-bug: ${input.description.slice(0, 40)}`,
+    };
+}

package/dist/harness/tasks/policy.d.ts

@@ -0,0 +1,11 @@
+import type { ChatMessage } from "../../gateway/types.js";
+import type { TaskInput } from "../types.js";
+export interface TaskPlan {
+    readonly allowsTools: boolean;
+    readonly allowsPatch: boolean;
+    readonly allowsVerification: boolean;
+    readonly targetFile: string;
+    readonly messages: readonly ChatMessage[];
+    readonly rationale: string;
+}
+export declare function resolveTaskPlan(task: TaskInput): TaskPlan;

package/dist/harness/tasks/policy.js

@@ -0,0 +1,22 @@
+// Shared task abstraction. Each Wave-1 task type provides a TaskPlan describing the
+// initial model messages, the patch target, and the state-path capabilities the loop is
+// allowed to enter. The loop reads `allows*` flags to route — read-only enforcement for
+// explain-plan is a property of the task, not of configuration (ADR-0004 D8).
+import { buildExplainPlan } from "./explain-plan.js";
+import { buildGenerateUnitTests } from "./generate-unit-tests.js";
+import { buildInvestigateBug } from "./investigate-bug.js";
+import { buildVerify } from "./verify.js";
+// Routes a validated TaskInput to its task-specific plan. The discriminated union makes
+// this total: adding a TaskType without a branch is a compile error.
+export function resolveTaskPlan(task) {
+    switch (task.taskType) {
+        case "generate-unit-tests":
+            return buildGenerateUnitTests(task.input);
+        case "investigate-bug":
+            return buildInvestigateBug(task.input);
+        case "explain-plan":
+            return buildExplainPlan(task.input);
+        case "verify":
+            return buildVerify(task.input);
+    }
+}

package/dist/harness/tasks/verify.d.ts

@@ -0,0 +1,3 @@
+import type { VerifyInput } from "../types.js";
+import type { TaskPlan } from "./policy.js";
+export declare function buildVerify(input: VerifyInput): TaskPlan;

package/dist/harness/tasks/verify.js

@@ -0,0 +1,16 @@
+// verify: a deterministic repository-gate task. The harness loop is NOT entered for this task —
+// the BFF run engine invokes the verification orchestrator directly (it spawns lint/test/build
+// rather than calling a model). This plan exists so the task-policy switch remains total and so
+// the discriminated union can carry a verify variant alongside the model-driven tasks. All
+// `allows*` flags are false: there is no model call, no tool call, no patch proposal.
+export function buildVerify(input) {
+    const messages = [];
+    return {
+        allowsTools: false,
+        allowsPatch: false,
+        allowsVerification: false,
+        targetFile: input.workspaceRoot,
+        messages,
+        rationale: `verify gates over ${input.workspaceRoot} (deterministic, no model call)`,
+    };
+}