@zhijiewang/openharness 2.8.0 → 2.10.0

package/dist/commands/skills.js

@@ -1,9 +1,38 @@
 /**
- * Skill management commands — /skill-create, /skill-delete, /skill-edit, /skill-search, /skill-install
+ * Skill management commands — /skills, /skill-create, /skill-delete, /skill-edit, /skill-search, /skill-install
  */
 import { existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
+import { discoverSkills } from "../harness/plugins.js";
 export function registerSkillCommands(register) {
+    register("skills", "List all available skills", () => {
+        const skills = discoverSkills();
+        if (skills.length === 0) {
+            return {
+                output: "No skills found. Create .oh/skills/*.md to add one, or run /skill-search to browse the registry.",
+                handled: true,
+            };
+        }
+        // Group by source for readability
+        const lines = ["Available skills:"];
+        const sourceLabel = {
+            project: "[project]",
+            global: "[global]",
+            plugin: "[plugin]",
+        };
+        // Sort: bundled-style (project, no path under .oh) first, then by source then name
+        const sorted = [...skills].sort((a, b) => {
+            if (a.source !== b.source)
+                return a.source.localeCompare(b.source);
+            return a.name.localeCompare(b.name);
+        });
+        for (const s of sorted) {
+            const tag = sourceLabel[s.source] ?? `[${s.source}]`;
+            const desc = s.description ? `: ${s.description}` : "";
+            lines.push(`  - ${s.name} ${tag}${desc}`);
+        }
+        return { output: lines.join("\n"), handled: true };
+    });
     register("skill-create", "Create a new skill file", (args) => {
         const name = args.trim();
         if (!name)
@@ -92,10 +121,21 @@ How to confirm the skill worked correctly.
         });
         return { output: "Searching skills registry...", handled: true };
     });
-    register("skill-install", "Install a skill from the registry", (args) => {
-        const name = args.trim();
+    register("skill-install", "Install a skill from the registry. Use --accept-license=<SPDX> for non-permissive licenses.", (args) => {
+        // Parse: <name> [--accept-license=<SPDX>]
+        const tokens = args.trim().split(/\s+/).filter(Boolean);
+        if (tokens.length === 0)
+            return { output: "Usage: /skill-install <name> [--accept-license=<SPDX>]", handled: true };
+        let name = "";
+        let acceptLicense;
+        for (const tok of tokens) {
+            if (tok.startsWith("--accept-license="))
+                acceptLicense = tok.slice("--accept-license=".length);
+            else if (!name)
+                name = tok;
+        }
         if (!name)
-            return { output: "Usage: /skill-install <name>", handled: true };
+            return { output: "Usage: /skill-install <name> [--accept-license=<SPDX>]", handled: true };
         import("../harness/skill-registry.js").then(async ({ fetchRegistry, installSkill }) => {
             try {
                 const registry = await fetchRegistry();
@@ -104,8 +144,13 @@ How to confirm the skill worked correctly.
                     console.log(`Skill "${name}" not found in registry. Try /skill-search first.`);
                     return;
                 }
-                const path = await installSkill(skill);
-                console.log(`Installed skill "${skill.name}" to ${path}`);
+                const result = await installSkill(skill, { acceptLicense });
+                if (result.ok) {
+                    console.log(`Installed skill "${skill.name}" to ${result.filePath}`);
+                }
+                else {
+                    console.log(result.message);
+                }
             }
             catch (err) {
                 console.log(`Installation failed: ${err.message}`);

package/dist/components/App.js

@@ -2,7 +2,7 @@ import { jsx as _jsx } from "react/jsx-runtime";
 import { useMemo } from "react";
 import { getCompanionSystemPrompt, loadCompanionRuntime } from "../cybergotchi/config.js";
 import { readOhConfig } from "../harness/config.js";
-import { loadMemories, memoriesToPrompt } from "../harness/memory.js";
+import { claudeMdToPrompt, loadClaudeMdHierarchy, loadMemories, memoriesToPrompt } from "../harness/memory.js";
 import { detectProject, projectContextToPrompt } from "../harness/onboarding.js";
 import { discoverSkills, skillsToPrompt } from "../harness/plugins.js";
 import { loadRulesAsPrompt } from "../harness/rules.js";
@@ -59,6 +59,12 @@ export default function App({ provider, tools, permissionMode, systemPrompt, mod
         const rulesPrompt = loadRulesAsPrompt();
         if (rulesPrompt)
             parts.push(rulesPrompt);
+        // CLAUDE.md: hierarchical project instructions (Anthropic convention).
+        // Additive with OH's own memory system — both layers inject into the prompt.
+        const claudeMd = loadClaudeMdHierarchy();
+        const claudeMdPrompt = claudeMdToPrompt(claudeMd);
+        if (claudeMdPrompt)
+            parts.push(claudeMdPrompt);
         // Auto-memory: load saved learnings into context
         const memories = loadMemories();
         const memoryPrompt = memoriesToPrompt(memories);

package/dist/harness/config.d.ts

@@ -16,6 +16,19 @@ export type HookDef = {
     prompt?: string;
     match?: string;
     timeout?: number;
+    /**
+     * When true (and this hook has a `command`), OH sends a JSON envelope
+     * `{event, ...context}` on stdin and parses a JSON response from stdout.
+     * Response shape (Claude Code compatible):
+     *   { "decision": "allow" | "deny",
+     *     "reason"?: string,
+     *     "hookSpecificOutput"?: {...} }
+     *
+     * When false (default), OH passes context via `OH_EVENT` / `OH_TOOL_NAME`
+     * env vars and gates on the command's exit code (0 = allow). The env-var
+     * mode remains the default for backward compatibility.
+     */
+    jsonIO?: boolean;
 };
 export type HooksConfig = {
     sessionStart?: HookDef[];
@@ -98,6 +111,17 @@ export type OhConfig = {
         rateLimit?: number;
         allowedTools?: string[];
     };
+    /**
+     * Environment variables injected into child processes spawned by the harness —
+     * Bash/Monitor/PowerShell tool executions and MCP server subprocesses. Useful
+     * for passing API keys to MCP servers without embedding them in the server's
+     * `env` field (which is per-server) or requiring the user to export them in
+     * their shell. Claude Code convention: same shape as `settings.json.env`.
+     *
+     * Implementation: read by `safeEnv()` in `src/utils/safe-env.ts` — every
+     * call-site that already uses `safeEnv()` picks this up automatically.
+     */
+    env?: Record<string, string>;
 };
 /** Clear cached config (call after writes or to force re-read) */
 export declare function invalidateConfigCache(): void;

package/dist/harness/hooks.d.ts

@@ -9,6 +9,7 @@
  * - http: POST JSON to URL, expect { allowed: true/false }
  * - prompt: LLM yes/no check via provider.complete()
  */
+import type { HookDef } from "./config.js";
 export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification";
 export type HookContext = {
     toolName?: string;
@@ -32,6 +33,19 @@ export type HookContext = {
 };
 /** Clear hook cache (call after config changes) */
 export declare function invalidateHookCache(): void;
+/**
+ * Evaluate a hook matcher against the current tool name.
+ *
+ * Supported forms (Claude Code compatible):
+ *  - No matcher → always matches.
+ *  - `/pattern/flags` → treated as a regex. Flags optional.
+ *  - `mcp__server__tool` → literal match is a substring check (works for the
+ *    standard `mcp__<server>__<tool>` naming convention).
+ *  - `prefix*` or glob-ish → simple wildcard translated to regex.
+ *  - Anything else → case-sensitive substring (legacy behavior — back-compat).
+ */
+/** @internal Exposed for testing. */
+export declare function matchesHook(def: HookDef, ctx: HookContext): boolean;
 /**
  * Emit a hook event. For preToolUse, returns false if any hook blocks the call.
  *

package/dist/harness/hooks.js

@@ -58,11 +58,54 @@ function buildEnv(event, ctx) {
         env.OH_MESSAGE = ctx.message;
     return env;
 }
-function matchesHook(def, ctx) {
-    if (def.match && ctx.toolName && !ctx.toolName.includes(def.match)) {
-        return false;
+/**
+ * Evaluate a hook matcher against the current tool name.
+ *
+ * Supported forms (Claude Code compatible):
+ *  - No matcher → always matches.
+ *  - `/pattern/flags` → treated as a regex. Flags optional.
+ *  - `mcp__server__tool` → literal match is a substring check (works for the
+ *    standard `mcp__<server>__<tool>` naming convention).
+ *  - `prefix*` or glob-ish → simple wildcard translated to regex.
+ *  - Anything else → case-sensitive substring (legacy behavior — back-compat).
+ */
+/** @internal Exposed for testing. */
+export function matchesHook(def, ctx) {
+    if (!def.match)
+        return true;
+    if (!ctx.toolName)
+        return true;
+    const match = def.match;
+    // /regex/flags form
+    if (match.length > 2 && match.startsWith("/")) {
+        const lastSlash = match.lastIndexOf("/");
+        if (lastSlash > 0) {
+            try {
+                const pattern = match.slice(1, lastSlash);
+                const flags = match.slice(lastSlash + 1);
+                return new RegExp(pattern, flags).test(ctx.toolName);
+            }
+            catch {
+                return false;
+            }
+        }
     }
-    return true;
+    // Simple glob: asterisks translated to `.*`, anchored. Only activates if the
+    // match contains an asterisk — otherwise treat as substring for back-compat.
+    if (match.includes("*")) {
+        const escaped = match
+            .split("*")
+            .map((part) => part.replace(/[.+?^${}()|[\]\\]/g, "\\$&"))
+            .join(".*");
+        try {
+            return new RegExp(`^${escaped}$`).test(ctx.toolName);
+        }
+        catch {
+            return false;
+        }
+    }
+    // Legacy substring match
+    return ctx.toolName.includes(match);
 }
 // ── Hook Executors ──
 /** Run a command hook. Returns exit code (0 = success/allowed). */
@@ -98,6 +141,86 @@ function runCommandHookAsync(command, env, timeoutMs = 10_000) {
         });
     });
 }
+/**
+ * Run a JSON-mode command hook (Claude Code convention).
+ *
+ * Sends `{event, ...context}` as JSON on stdin. Parses stdout as JSON
+ * `{ decision: "allow" | "deny", reason?: string, hookSpecificOutput?: any }`.
+ *
+ * Gating logic:
+ *   - `decision: "deny"` → blocks (returns false).
+ *   - `decision: "allow"` or omitted decision → allow (returns true).
+ *   - Non-zero exit code → block.
+ *   - Invalid/empty JSON on stdout → fall back to exit code (0 = allow).
+ *   - Timeout or spawn error → block.
+ */
+function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
+    return new Promise((resolve) => {
+        const proc = spawn(command, {
+            shell: true,
+            timeout: timeoutMs,
+            stdio: ["pipe", "pipe", "pipe"],
+            env,
+        });
+        let settled = false;
+        let stdoutBuf = "";
+        const timer = setTimeout(() => {
+            if (!settled) {
+                settled = true;
+                proc.kill();
+                resolve(false);
+            }
+        }, timeoutMs);
+        proc.stdout?.on("data", (chunk) => {
+            stdoutBuf += chunk.toString();
+        });
+        // Write the event + context JSON envelope to stdin then close it so the
+        // hook knows there's no more input coming.
+        try {
+            const payload = JSON.stringify({ event, ...ctx });
+            proc.stdin?.end(payload);
+        }
+        catch {
+            /* stdin already closed — ignore */
+        }
+        proc.on("close", (code) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            // Non-zero exit is always a block, regardless of stdout.
+            if ((code ?? 1) !== 0) {
+                resolve(false);
+                return;
+            }
+            // Empty stdout → treat exit code as the signal (allow for exit 0).
+            if (!stdoutBuf.trim()) {
+                resolve(true);
+                return;
+            }
+            try {
+                const parsed = JSON.parse(stdoutBuf);
+                if (parsed.decision === "deny") {
+                    resolve(false);
+                }
+                else {
+                    resolve(true); // "allow" or omitted → allow
+                }
+            }
+            catch {
+                // Malformed JSON with a zero exit — fail closed conservatively.
+                resolve(false);
+            }
+        });
+        proc.on("error", () => {
+            if (!settled) {
+                settled = true;
+                clearTimeout(timer);
+                resolve(false);
+            }
+        });
+    });
+}
 /** Run an HTTP hook. POSTs context as JSON, expects { allowed: true/false }. */
 async function runHttpHook(url, event, ctx, timeoutMs = 10_000) {
     try {
@@ -118,15 +241,63 @@ async function runHttpHook(url, event, ctx, timeoutMs = 10_000) {
     }
 }
 /**
- * Run a prompt hook. Uses LLM to make a yes/no decision.
+ * Run a prompt hook. Uses an LLM to make a yes/no allow/deny decision.
+ *
+ * The hook's `prompt:` field is the question posed to the model along with
+ * the event context. The response is parsed case-insensitively: responses
+ * starting with YES / ALLOW / TRUE / PASS / APPROVE allow; anything else
+ * (including explicit NO, DENY, errors, timeouts, empty) blocks.
+ *
+ * Fail-closed semantics: if the provider isn't reachable or the response
+ * can't be parsed, the hook denies. This matches command hooks (non-zero
+ * exit = deny) and HTTP hooks (network error = deny).
  *
- * Currently a stub — prompt hooks always allow because the hook system
- * runs outside the query loop and has no access to a Provider instance.
- * Full implementation requires passing a Provider via HookContext so the
- * hook can call provider.complete() with the prompt text.
+ * Provider selection: reads `.oh/config.yaml` to get the configured provider
+ * and model. A separate provider instance is created per call — no caching,
+ * since hooks are rare and cold-start cost is negligible compared to the
+ * LLM call itself.
  */
-async function runPromptHook(_promptText, _ctx) {
-    return true;
+async function runPromptHook(promptText, ctx, timeoutMs = 10_000) {
+    try {
+        const cfg = readOhConfig();
+        if (!cfg)
+            return false; // no config → no provider → fail closed
+        const { createProvider } = (await import("../providers/index.js"));
+        const modelArg = cfg.model ? `${cfg.provider}/${cfg.model}` : cfg.provider;
+        const overrides = {};
+        if (cfg.apiKey)
+            overrides.apiKey = cfg.apiKey;
+        if (cfg.baseUrl)
+            overrides.baseUrl = cfg.baseUrl;
+        const { provider, model } = await createProvider(modelArg, overrides);
+        const systemPrompt = "You are a policy gate. Read the question and the event context. Answer with a single word: YES to allow, NO to deny. Do not explain unless asked.";
+        const userContent = [
+            `Question: ${promptText}`,
+            "",
+            "Event context:",
+            JSON.stringify({ event: ctx }, null, 2),
+            "",
+            "Answer (YES or NO):",
+        ].join("\n");
+        const { createUserMessage } = (await import("../types/message.js"));
+        const messages = [createUserMessage(userContent)];
+        // Race the completion against a hard timeout so a hung provider doesn't
+        // block the agent loop indefinitely.
+        const completion = await Promise.race([
+            provider.complete(messages, systemPrompt, undefined, model),
+            new Promise((resolve) => setTimeout(() => resolve(null), timeoutMs)),
+        ]);
+        if (!completion)
+            return false; // timeout → deny
+        const text = (completion.content ?? "").trim().toUpperCase();
+        if (!text)
+            return false;
+        // Accept multiple allow synonyms; default to deny on anything else.
+        return /^(YES|ALLOW|TRUE|PASS|APPROVE)\b/.test(text);
+    }
+    catch {
+        return false; // any error path → deny
+    }
 }
 // ── Hook Execution ──
 /** Execute a single hook definition. Returns true if allowed. */
@@ -134,6 +305,12 @@ async function executeHookDef(def, event, ctx) {
     const timeout = def.timeout ?? 10_000;
     if (def.command) {
         const env = buildEnv(event, ctx);
+        // JSON-mode (Claude Code convention): send `{event, ...ctx}` on stdin,
+        // parse `{decision}` from stdout. Env-var mode (legacy default): gate on
+        // exit code.
+        if (def.jsonIO) {
+            return runJsonIoHookAsync(def.command, env, event, ctx, timeout);
+        }
         const code = await runCommandHookAsync(def.command, env, timeout);
         return code === 0;
     }
@@ -163,14 +340,31 @@ export function emitHook(event, ctx = {}) {
             if (!matchesHook(def, ctx))
                 continue;
             if (def.command) {
+                const input = def.jsonIO ? JSON.stringify({ event, ...ctx }) : undefined;
                 const result = spawnSync(def.command, {
                     shell: true,
                     timeout: def.timeout ?? 10_000,
                     stdio: "pipe",
                     env,
+                    input,
                 });
                 if (result.status !== 0 || result.error)
                     return false;
+                // JSON mode: parse stdout for {decision: "deny"} → block. Allow on empty
+                // stdout (exit-code already gated above). Malformed JSON fails closed.
+                if (def.jsonIO) {
+                    const out = result.stdout?.toString() ?? "";
+                    if (out.trim()) {
+                        try {
+                            const parsed = JSON.parse(out);
+                            if (parsed.decision === "deny")
+                                return false;
+                        }
+                        catch {
+                            return false;
+                        }
+                    }
+                }
             }
             // HTTP and prompt hooks for preToolUse are handled in emitHookAsync
         }

package/dist/harness/marketplace.d.ts

@@ -36,8 +36,76 @@ export type InstalledPlugin = {
     marketplace: string;
     installedAt: number;
     cachePath: string;
+    /** Optional fields populated from `.claude-plugin/plugin.json` if present */
+    description?: string;
+    author?: string;
+    license?: string;
+    homepage?: string;
+    keywords?: string[];
+};
+/** Claude Code plugin manifest (`.claude-plugin/plugin.json`).
+ * Required: name, description. All other fields optional.
+ */
+export type CcPluginManifest = {
+    name: string;
+    description: string;
+    version?: string;
+    author?: {
+        name?: string;
+        email?: string;
+    } | string;
+    homepage?: string;
+    repository?: string;
+    license?: string;
+    keywords?: string[];
+};
+/** Parse a `.claude-plugin/plugin.json` file at the given plugin root, or null if missing/invalid. */
+export declare function parseCcPluginManifest(pluginRoot: string): CcPluginManifest | null;
+/** Claude Code marketplace.json format — superset of OH's marketplace.json with source-typed entries. */
+export type CcMarketplacePluginSource = string | {
+    source: "github";
+    repo: string;
+    ref?: string;
+} | {
+    source: "url";
+    url: string;
+} | {
+    source: "npm";
+    package: string;
+    version?: string;
+};
+export type CcMarketplaceEntry = {
+    name: string;
+    description?: string;
+    version?: string;
+    author?: {
+        name?: string;
+        email?: string;
+    } | string;
+    source: CcMarketplacePluginSource;
 };
-/** Add a marketplace from a URL, GitHub repo, or local path */
+export type CcMarketplace = {
+    name: string;
+    description?: string;
+    owner?: {
+        name?: string;
+        email?: string;
+    };
+    plugins: CcMarketplaceEntry[];
+};
+/** Convert a CcMarketplace to OH's internal Marketplace type (lossy: dropped fields like `owner` are not stored). */
+export declare function ccMarketplaceToOh(cc: CcMarketplace): Marketplace;
+/** Parse marketplace JSON text. Tries CC format (.claude-plugin/marketplace.json shape) first, falls back to OH-native. */
+export declare function parseMarketplaceJson(text: string): Marketplace | null;
+/** Discover plugin-shipped MCP servers from `cachePath/.mcp.json`. Returns raw object for the runtime to merge. */
+export declare function getPluginMcpServers(cachePath: string): Record<string, unknown> | null;
+/** Discover plugin-shipped hooks from `cachePath/hooks/hooks.json`. Returns raw config for the runtime to register. */
+export declare function getPluginHooks(cachePath: string): Record<string, unknown> | null;
+/** Discover plugin-shipped LSP servers from `cachePath/.lsp.json`. Returns raw config for the runtime to register. */
+export declare function getPluginLspServers(cachePath: string): Record<string, unknown> | null;
+/** Add a marketplace from a URL, GitHub repo, or local path.
+ * Probes for both OH-native `marketplace.json` and Claude Code `.claude-plugin/marketplace.json`.
+ */
 export declare function addMarketplace(nameOrUrl: string): Marketplace | null;
 /** Remove a marketplace */
 export declare function removeMarketplace(name: string): boolean;
@@ -51,7 +119,14 @@ export declare function searchMarketplace(query: string): Array<MarketplaceEntry
 export declare function installPlugin(pluginName: string, marketplaceName?: string): InstalledPlugin | null;
 /** Uninstall a plugin */
 export declare function uninstallPlugin(name: string): boolean;
-/** Get all installed plugins */
+/** Get all installed plugins.
+ * Sources merged in priority order:
+ * 1. installed.json (plugins installed via /plugin install or addMarketplace flow)
+ * 2. CC-style plugins discovered in PLUGIN_CACHE_DIR via .claude-plugin/plugin.json
+ *    (covers plugins manually dropped in the cache, or installed by parallel tooling)
+ * Plugins from #1 are enriched with manifest data if their cachePath has one.
+ * De-duplication is by cachePath.
+ */
 export declare function getInstalledPlugins(): InstalledPlugin[];
 /** Format marketplace entries for display */
 export declare function formatMarketplaceSearch(results: Array<MarketplaceEntry & {