coding-agent-harness 1.0.7 → 1.1.0

package/dist/lib/preset-registry.mjs

@@ -1,18 +1,19 @@
-// @ts-nocheck
 // Preset manifest parsing stays behavior-first until preset package domain types are modeled.
 import fs from "node:fs";
 import path from "node:path";
 import os from "node:os";
 import crypto from "node:crypto";
 import zlib from "node:zlib";
-import { builtinPresetRoot, projectPresetRoot, repoRoot, toPosix, userPresetRoot, userPresetRootForHome } from "./core-shared.mjs";
+import { builtinPresetRoot, projectPresetRoot, readJsonSafe, repoRoot, renderHarnessTemplate, toPosix, validateHarnessPathTemplateTokens, userPresetRoot, userPresetRootForHome } from "./core-shared.mjs";
 const allowedEntrypoints = new Set(["newTask", "plan", "scaffold", "check"]);
 const allowedEntrypointTypes = new Set(["template", "script", "check"]);
+const allowedActionTypes = new Set(["script"]);
 const allowedEvidenceTypes = new Set(["text", "json", "input-json", "preset-audit", "preset-manifest", "write-scope", "migration-verify", "migration-ledger", "dashboard-hash", "target-git-status", "target-commit", "harness-version", "generated-at"]);
 const allowedNewTaskTemplateKeys = new Set(["taskPlanAppend", "executionStrategyAppend", "visualMapAppend", "findingsSeed", "reviewSeed", "prompt"]);
 const maxPresetArchiveBytes = 25 * 1024 * 1024;
 const maxPresetArchiveUncompressedBytes = 50 * 1024 * 1024;
 const maxPresetArchiveEntries = 500;
+const presetScriptTrustFile = ".harness-preset-trust.json";
 export function listPresetPackages({ targetInput = "", home = "" } = {}) {
     return listPresetPackageLayers({ targetInput, home }).filter((preset) => preset.effective);
 }
@@ -47,25 +48,29 @@ export function readPresetPackage(id, { targetInput = "", home = "" } = {}) {
     assertPresetManifestFile(path.dirname(manifestPath), manifestPath);
     const raw = fs.readFileSync(manifestPath, "utf8");
     const manifest = parseSimpleYaml(raw);
-    const preset = normalizePresetManifest(manifest, { id: normalizedId, manifestPath, raw, source: found.source });
+    const source = found?.source || "local";
+    const preset = normalizePresetManifest(manifest, { id: normalizedId, manifestPath, raw, source });
     const report = validatePresetPackage(preset);
     if (report.failures.length)
         throw new Error(`Invalid preset package ${normalizedId}: ${report.failures.join("; ")}`);
     return preset;
 }
 export function inspectPresetPackage(id, { targetInput = "", home = "" } = {}) {
-    const preset = fs.existsSync(path.join(path.resolve(id || ""), "preset.yaml")) ? readPresetPackageFromPath(path.resolve(id)) : readPresetPackage(id, { targetInput, home });
+    const localPath = path.resolve(id || "");
+    const preset = fs.existsSync(path.join(localPath, "preset.yaml")) ? readPresetPackageFromPath(localPath) : readPresetPackage(id, { targetInput, home });
     return publicPresetShape(preset);
 }
 export function checkPresetPackage(id, { targetInput = "", home = "" } = {}) {
-    const preset = fs.existsSync(path.join(path.resolve(id || ""), "preset.yaml")) ? readPresetPackageFromPath(path.resolve(id)) : readPresetPackage(id, { targetInput, home });
+    const localPath = path.resolve(id || "");
+    const preset = fs.existsSync(path.join(localPath, "preset.yaml")) ? readPresetPackageFromPath(localPath) : readPresetPackage(id, { targetInput, home });
+    const scriptPolicy = buildPresetScriptPolicy(preset);
     const report = validatePresetPackage(preset);
     return {
         id: preset.id,
         version: preset.version,
         status: report.failures.length === 0 ? "pass" : "fail",
         failures: report.failures,
-        warnings: report.warnings,
+        warnings: [...report.warnings, ...scriptPolicy.warnings],
         manifestPath: preset.manifestRelativePath,
         source: preset.source,
         inputs: preset.inputs,
@@ -74,6 +79,8 @@ export function checkPresetPackage(id, { targetInput = "", home = "" } = {}) {
         resources: preset.resources,
         context: preset.context,
         entrypoints: preset.entrypoints,
+        actions: preset.actions,
+        scriptPolicy,
         writeScopes: preset.writeScopes,
     };
 }
@@ -83,7 +90,8 @@ function readPresetPackageFromPath(directory, source = "local") {
     assertPresetManifestFile(directory, manifestPath);
     const raw = fs.readFileSync(manifestPath, "utf8");
     const manifest = parseSimpleYaml(raw);
-    return normalizePresetManifest(manifest, { id: normalizePresetId(manifest.id || path.basename(directory)), manifestPath, raw, source });
+    const manifestRecord = asRecord(manifest);
+    return normalizePresetManifest(manifest, { id: normalizePresetId(String(manifestRecord.id || path.basename(directory))), manifestPath, raw, source });
 }
 function assertPresetDirectory(directory) {
     if (!fs.existsSync(directory))
@@ -107,7 +115,7 @@ function assertPresetManifestFile(directory, manifestPath) {
     if (!isInside(realRoot, realPath))
         throw new Error(`Preset manifest real path escapes preset package: ${displayManifestPath(manifestPath)}`);
 }
-export function installPresetPackage(source, { force = false, scope = "user", targetInput = ".", home = "" } = {}) {
+export function installPresetPackage(source, { force = false, scope = "user", targetInput = ".", home = "", allowScripts = false } = {}) {
     if (!source)
         throw new Error("Missing preset source");
     const resolvedSource = resolveInstallSource(source);
@@ -117,6 +125,10 @@ export function installPresetPackage(source, { force = false, scope = "user", ta
         const stagedReport = validatePresetPackage(stagedPreset);
         if (stagedReport.failures.length)
             throw new Error(`Invalid preset package ${stagedPreset.id}: ${stagedReport.failures.join("; ")}`);
+        const scriptPolicy = buildPresetScriptPolicy(stagedPreset);
+        if (resolvedSource.source !== "builtin" && scriptPolicy.requiresTrustedSource && !allowScripts) {
+            throw new Error(`Preset ${stagedPreset.id} declares script entrypoints or actions and requires explicit trust. Re-run with --allow-scripts if you trust this preset source.`);
+        }
         const id = stagedPreset.id;
         if (!id)
             throw new Error("Preset manifest missing id");
@@ -136,6 +148,9 @@ export function installPresetPackage(source, { force = false, scope = "user", ta
                 throw new Error(`Invalid preset package ${id}: ${tempReport.failures.join("; ")}`);
             fs.rmSync(destination, { recursive: true, force: true });
             fs.renameSync(tempDestination, destination);
+            if (scriptPolicy.requiresTrustedSource && allowScripts) {
+                writePresetScriptTrustMarker(destination, stagedPreset, scriptPolicy.scriptCommands);
+            }
             const preset = readPresetPackage(id, scope === "project" ? { targetInput, home } : { home });
             return {
                 installed: true,
@@ -144,6 +159,10 @@ export function installPresetPackage(source, { force = false, scope = "user", ta
                 source: preset.source,
                 destination: toPosix(destination),
                 manifestPath: preset.manifestRelativePath,
+                scriptPolicy: {
+                    ...buildPresetScriptPolicy(preset),
+                    trusted: presetScriptTrustValid(preset),
+                },
             };
         }
         catch (error) {
@@ -171,7 +190,7 @@ export function listBundledPresetIds() {
     return fs.readdirSync(builtinPresetRoot, { withFileTypes: true })
         .filter((entry) => entry.isDirectory())
         .map((entry) => tryNormalizePresetId(entry.name))
-        .filter(Boolean)
+        .filter((id) => Boolean(id))
         .filter((id) => fs.existsSync(path.join(builtinPresetRoot, id, "preset.yaml")))
         .sort();
 }
@@ -204,6 +223,44 @@ export function seedBundledPresets({ force = false, scope = "user", targetInput
         skipped: presets.filter((preset) => preset.action === "skip-existing").length,
     };
 }
+export function auditBundledPresetDrift({ scope = "user", targetInput = ".", home = "" } = {}) {
+    const targetRoot = scope === "project" ? projectPresetRoot(targetInput) : userPresetRootForHome(home);
+    const presets = listBundledPresetIds().map((id) => {
+        const builtin = readPresetPackageFromPath(path.join(builtinPresetRoot, id), "builtin");
+        const installedPath = path.join(targetRoot, id, "preset.yaml");
+        const installed = fs.existsSync(installedPath) ? readPresetPackageFromPath(path.dirname(installedPath), scope) : null;
+        const sameHash = Boolean(installed && installed.manifestSha256 === builtin.manifestSha256);
+        const sameVersion = Boolean(installed && installed.version === builtin.version);
+        const sameVersionDifferentHash = Boolean(installed && sameVersion && !sameHash);
+        const action = !installed
+            ? "install-available"
+            : sameHash
+                ? "up-to-date"
+                : installed.source === "project" || installed.source === "user"
+                    ? "manual-review"
+                    : "upgrade-available";
+        return {
+            id,
+            scope,
+            source: installed ? installed.source : "missing",
+            effective: installed ? true : false,
+            builtinVersion: builtin.version,
+            installedVersion: installed?.version || null,
+            builtinSha256: builtin.manifestSha256,
+            installedSha256: installed?.manifestSha256 || null,
+            sameVersionDifferentHash,
+            upgradeAction: action,
+            installedPath: installed ? installed.manifestRelativePath : toPosix(installedPath),
+        };
+    });
+    return {
+        operation: "preset-audit",
+        scope,
+        target: toPosix(targetRoot),
+        presets,
+        stale: presets.filter((preset) => preset.upgradeAction !== "up-to-date").length,
+    };
+}
 export function validatePresetPackage(preset) {
     const failures = [];
     const warnings = [];
@@ -228,7 +285,8 @@ export function validatePresetPackage(preset) {
     if (preset.evidence?.files && (Array.isArray(preset.evidence.files) || typeof preset.evidence.files !== "object")) {
         failures.push("evidence.files must be a mapping");
     }
-    for (const [name, evidence] of Object.entries(preset.evidence?.files || {})) {
+    const evidenceFiles = typeof preset.evidence?.files === "object" && preset.evidence.files !== null ? preset.evidence.files : {};
+    for (const [name, evidence] of Object.entries(evidenceFiles)) {
         if (!evidence || typeof evidence !== "object" || Array.isArray(evidence)) {
             failures.push(`evidence file ${name} must be a mapping`);
             continue;
@@ -255,9 +313,13 @@ export function validatePresetPackage(preset) {
         if (!entrypoint.writes.length)
             failures.push(`${name} missing write scope manifest`);
         for (const writeScope of entrypoint.writes) {
+            failures.push(...validateHarnessPathTemplateTokens(writeScope, `${name} write scope`));
             if (!preset.writeScopes.some((scope) => scope.path === writeScope)) {
                 failures.push(`${name} writes undeclared scope: ${writeScope}`);
             }
+            if (name === "newTask" && !newTaskWriteScopeAllowed(writeScope)) {
+                failures.push("newTask entrypoint writes must stay under coding-agent-harness/planning/**");
+            }
         }
         if (["script", "check"].includes(entrypoint.type)) {
             const entryPath = path.join(preset.directory, entrypoint.command || "");
@@ -265,10 +327,56 @@ export function validatePresetPackage(preset) {
                 failures.push(`${name} missing command`);
             else if (!isInside(preset.directory, entryPath))
                 failures.push(`${name} command escapes preset package`);
-            else
+            else {
                 validatePresetPackageFile(preset, entrypoint.command, `${name} command`, failures);
+                warnOnRuntimePathLiterals(entryPath, `${name} command`, warnings);
+            }
+        }
+        for (const readScope of entrypoint.reads || [])
+            failures.push(...validateHarnessPathTemplateTokens(readScope, `${name} read scope`));
+    }
+    for (const [name, action] of Object.entries(preset.actions || {})) {
+        if (!/^[a-z0-9][a-z0-9-]{0,79}$/.test(name))
+            failures.push(`unsupported action id: ${name}`);
+        if (!allowedActionTypes.has(action.type))
+            failures.push(`${name} action has unsupported type: ${action.type || "(missing)"}`);
+        if (action.taskRequired !== true)
+            failures.push(`${name} action must set taskRequired: true`);
+        if (!action.writes.length)
+            failures.push(`${name} action missing write scope manifest`);
+        for (const [inputName, input] of Object.entries(action.inputs || {})) {
+            if (!["text", "flag", "json-file"].includes(input.type))
+                failures.push(`${name}.${inputName} has unsupported input type: ${input.type || "(missing)"}`);
+            if (!input.flag)
+                failures.push(`${name}.${inputName} input missing CLI flag`);
+            else if (!input.flag.startsWith("--"))
+                failures.push(`${name}.${inputName} input flag must start with --`);
+        }
+        for (const writeScope of action.writes) {
+            failures.push(...validateActionPathTemplateTokens(writeScope, `${name} action write scope`));
+            if (isBroadTaskRootScope(writeScope))
+                failures.push(`${name} action writes must be task-local; avoid broad task-root scope: ${writeScope}`);
+            if (!usesTaskLocalPath(writeScope))
+                warnings.push(`${name} action write scope is not task-local: ${writeScope}`);
+        }
+        for (const readScope of action.reads || [])
+            failures.push(...validateActionPathTemplateTokens(readScope, `${name} action read scope`));
+        if (action.type === "script") {
+            const actionPath = path.join(preset.directory, action.command || "");
+            if (!action.command)
+                failures.push(`${name} action missing command`);
+            else if (!action.command.endsWith(".mjs"))
+                failures.push(`${name} action command must be a .mjs file: ${action.command}`);
+            else if (!isInside(preset.directory, actionPath))
+                failures.push(`${name} action command escapes preset package`);
+            else {
+                validatePresetPackageFile(preset, action.command, `${name} action command`, failures);
+                warnOnRuntimePathLiterals(actionPath, `${name} action command`, warnings);
+            }
         }
     }
+    for (const scope of preset.writeScopes)
+        failures.push(...validateHarnessPathTemplateTokens(scope.path, `${scope.name || "write scope"} path`));
     for (const [templateKey, templatePath] of Object.entries(preset.newTaskTemplates)) {
         if (!allowedNewTaskTemplateKeys.has(templateKey)) {
             failures.push(`unsupported newTask template: ${templateKey}`);
@@ -282,7 +390,7 @@ export function validatePresetPackage(preset) {
     }
     return { failures, warnings };
 }
-export function buildPresetAudit(preset, { taskId = "", targetRoot = "", entrypoint = "newTask", writeScopes = [] } = {}) {
+export function buildPresetAudit(preset, { taskId = "", targetRoot = "", entrypoint = "newTask", writeScopes = [], resolvedInputs = {} } = {}) {
     const entrypoints = {
         [entrypoint]: preset.entrypoints[entrypoint],
     };
@@ -292,13 +400,64 @@ export function buildPresetAudit(preset, { taskId = "", targetRoot = "", entrypo
         version: preset.version,
         manifestPath: preset.manifestRelativePath,
         manifestSha256: preset.manifestSha256,
+        scriptSha256s: preset.scriptSha256s,
         entrypoints,
         writeScopes: scopes,
+        resolvedInputs,
         taskId,
         targetRoot,
         generatedAt: new Date().toISOString(),
     };
 }
+export function buildPresetScriptPolicy(preset) {
+    const scriptCommands = [
+        ...Object.entries(preset.entrypoints || {})
+            .filter(([, entrypoint]) => entrypoint.type === "script")
+            .map(([name, entrypoint]) => `entrypoint:${name}:${entrypoint.command}`),
+        ...Object.entries(preset.actions || {})
+            .filter(([, action]) => action.type === "script")
+            .map(([name, action]) => `action:${name}:${action.command}`),
+    ];
+    const unsupportedCommands = Object.entries(preset.actions || {})
+        .filter(([, action]) => action.type === "script" && !String(action.command || "").endsWith(".mjs"))
+        .map(([name, action]) => `action:${name}:${action.command || "(missing)"}`);
+    const requiresTrustedSource = scriptCommands.length > 0 && preset.source !== "builtin";
+    return {
+        hasScripts: scriptCommands.length > 0,
+        scriptCommands,
+        scriptSha256s: preset.scriptSha256s,
+        riskLevel: scriptCommands.length > 0 ? "trusted-code" : "none",
+        requiresTrustedSource,
+        unsupportedCommands,
+        warnings: requiresTrustedSource
+            ? ["Script entrypoints and actions execute trusted local Node.js code; use --allow-scripts only for sources you trust."]
+            : [],
+    };
+}
+export function presetScriptTrustValid(preset) {
+    if (preset.source === "builtin")
+        return true;
+    const trustPath = path.join(preset.directory, presetScriptTrustFile);
+    const trust = asRecord(readJsonSafe(trustPath, {}));
+    const trustedScriptSha256s = asRecord(trust.scriptSha256s);
+    return (trust.schemaVersion === "preset-script-trust/v1" &&
+        trust.preset === preset.id &&
+        trust.manifestSha256 === preset.manifestSha256 &&
+        recordsEqual(trustedScriptSha256s, preset.scriptSha256s) &&
+        trust.trusted === true);
+}
+function writePresetScriptTrustMarker(destination, preset, scriptCommands) {
+    fs.writeFileSync(path.join(destination, presetScriptTrustFile), `${JSON.stringify({
+        schemaVersion: "preset-script-trust/v1",
+        preset: preset.id,
+        version: preset.version,
+        manifestSha256: preset.manifestSha256,
+        scriptCommands,
+        scriptSha256s: preset.scriptSha256s,
+        trusted: true,
+        trustedAt: new Date().toISOString(),
+    }, null, 2)}\n`);
+}
 export function renderPresetTemplate(preset, templatePath, values) {
     if (!templatePath)
         return "";
@@ -306,10 +465,7 @@ export function renderPresetTemplate(preset, templatePath, values) {
     if (!isInside(preset.directory, absolute))
         throw new Error(`Preset template escapes package: ${templatePath}`);
     const content = fs.readFileSync(absolute, "utf8");
-    return content.replace(/\{\{\s*([A-Za-z0-9_.-]+)\s*\}\}/g, (_match, key) => {
-        const value = getValue(values, key);
-        return value == null ? "" : String(value);
-    });
+    return renderHarnessTemplate(content, values, { missing: "empty" });
 }
 function normalizePresetId(id) {
     const normalized = String(id || "").trim().toLowerCase().replaceAll("_", "-");
@@ -346,74 +502,140 @@ function projectPresetDestination(id, targetInput) {
 }
 function normalizePresetManifest(manifest, { id, manifestPath, raw, source }) {
     const directory = path.dirname(manifestPath);
-    const entrypoints = normalizeEntryPoints(manifest.entrypoints || {});
-    const writeScopes = Object.entries(manifest.writeScopes || {}).map(([name, value]) => ({
-        name,
-        path: String(value.path || value || "").trim(),
-        access: String(value.access || "write").trim(),
-    })).filter((scope) => scope.path);
+    const manifestRecord = asRecord(manifest);
+    const entrypoints = normalizeEntryPoints(asRecord(manifestRecord.entrypoints));
+    const actions = normalizeActions(asRecord(manifestRecord.actions));
+    const writeScopes = Object.entries(asRecord(manifestRecord.writeScopes)).map(([name, value]) => {
+        const scope = asRecord(value);
+        return {
+            name,
+            path: String(scope.path || value || "").trim(),
+            access: String(scope.access || "write").trim(),
+        };
+    }).filter((scope) => scope.path);
+    const task = asRecord(manifestRecord.task);
+    const entrypointRecord = asRecord(manifestRecord.entrypoints);
+    const newTask = asRecord(entrypointRecord.newTask);
     return {
-        id: normalizePresetId(manifest.id || id),
-        version: Number.parseInt(manifest.version, 10),
-        purpose: String(manifest.purpose || ""),
-        compatibleBudgets: asArray(manifest.compatibleBudgets),
-        localeSupport: asArray(manifest.localeSupport),
-        task: manifest.task || {},
-        inputs: normalizeInputs(manifest.inputs || {}),
-        templateValues: normalizeTemplateValues(manifest.templateValues || {}),
-        metadata: normalizeTemplateValues(manifest.metadata || {}),
-        resources: normalizeResources(manifest.resources || {}),
-        context: normalizeContext(manifest.context || {}),
+        id: normalizePresetId(String(manifestRecord.id || id)),
+        version: Number.parseInt(String(manifestRecord.version || ""), 10),
+        purpose: String(manifestRecord.purpose || ""),
+        compatibleBudgets: asArray(manifestRecord.compatibleBudgets),
+        localeSupport: asArray(manifestRecord.localeSupport),
+        task,
+        inputs: normalizeInputs(asRecord(manifestRecord.inputs)),
+        templateValues: normalizeTemplateValues(asRecord(manifestRecord.templateValues)),
+        metadata: normalizeTemplateValues(asRecord(manifestRecord.metadata)),
+        resources: normalizeResources(asRecord(manifestRecord.resources)),
+        context: normalizeContext(asRecord(manifestRecord.context)),
         entrypoints,
-        workbench: manifest.workbench || {},
-        evidence: manifest.evidence || {},
-        review: manifest.review || {},
+        actions,
+        workbench: asRecord(manifestRecord.workbench),
+        evidence: asEvidence(asRecord(manifestRecord.evidence)),
+        review: asRecord(manifestRecord.review),
         audit: {
-            manifestRequired: asBoolean(manifest.audit?.manifestRequired),
-            evidenceFiles: asArray(manifest.audit?.evidenceFiles),
+            manifestRequired: asBoolean(asRecord(manifestRecord.audit).manifestRequired),
+            evidenceFiles: asArray(asRecord(manifestRecord.audit).evidenceFiles),
         },
         writeScopes,
-        newTaskTemplates: manifest.entrypoints?.newTask?.templates || {},
+        newTaskTemplates: stringRecord(newTask.templates),
         directory,
         source,
         manifestPath,
         manifestRelativePath: displayManifestPath(manifestPath),
         manifestSha256: crypto.createHash("sha256").update(raw).digest("hex"),
+        scriptSha256s: collectPresetScriptSha256s({ directory, entrypoints, actions }),
     };
 }
+function collectPresetScriptSha256s({ directory, entrypoints, actions }) {
+    const scripts = {};
+    for (const [name, entrypoint] of Object.entries(entrypoints || {})) {
+        if (entrypoint.type !== "script")
+            continue;
+        const command = String(entrypoint.command || "");
+        if (!command)
+            continue;
+        const absolute = path.join(directory, command);
+        if (isInside(directory, absolute) && fs.existsSync(absolute) && fs.lstatSync(absolute).isFile()) {
+            scripts[`entrypoint:${name}:${command}`] = sha256File(absolute);
+        }
+    }
+    for (const [name, action] of Object.entries(actions || {})) {
+        if (action.type !== "script")
+            continue;
+        const command = String(action.command || "");
+        if (!command)
+            continue;
+        const absolute = path.join(directory, command);
+        if (isInside(directory, absolute) && fs.existsSync(absolute) && fs.lstatSync(absolute).isFile()) {
+            scripts[`action:${name}:${command}`] = sha256File(absolute);
+        }
+    }
+    return scripts;
+}
+function sha256File(filePath) {
+    return crypto.createHash("sha256").update(fs.readFileSync(filePath)).digest("hex");
+}
+function recordsEqual(left, right) {
+    const leftEntries = Object.entries(left).map(([key, value]) => [key, String(value)]).sort(([a], [b]) => a.localeCompare(b));
+    const rightEntries = Object.entries(right).map(([key, value]) => [key, String(value)]).sort(([a], [b]) => a.localeCompare(b));
+    return JSON.stringify(leftEntries) === JSON.stringify(rightEntries);
+}
+function asRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value) ? value : {};
+}
+function stringRecord(value) {
+    return Object.fromEntries(Object.entries(asRecord(value)).map(([key, item]) => [key, String(item || "")]));
+}
+function asEvidence(value) {
+    if (value.files === undefined)
+        return value;
+    if (typeof value.files !== "object" || value.files === null || Array.isArray(value.files))
+        return value;
+    const rawFiles = asRecord(value.files);
+    const files = Object.fromEntries(Object.entries(rawFiles).map(([name, item]) => {
+        const record = asRecord(item);
+        return [name, {
+                path: record.path === undefined ? undefined : String(record.path),
+                type: record.type === undefined ? undefined : String(record.type),
+                value: record.value === undefined ? undefined : String(record.value),
+            }];
+    }));
+    return { ...value, files };
+}
 function normalizeInputs(rawInputs) {
     return Object.fromEntries(Object.entries(rawInputs || {}).map(([name, value]) => [name, {
-            type: String(value.type || "text").trim(),
-            flag: String(value.flag || "").trim(),
-            required: asBoolean(value.required),
-            default: value.default,
-            validateOperation: String(value.validateOperation || "").trim(),
-            rejectPlanOnly: asBoolean(value.rejectPlanOnly),
-            requireTarget: asBoolean(value.requireTarget),
-            targetFromSession: asBoolean(value.targetFromSession),
+            type: String(asRecord(value).type || "text").trim(),
+            flag: String(asRecord(value).flag || "").trim(),
+            required: asBoolean(asRecord(value).required),
+            default: asRecord(value).default,
+            validateOperation: String(asRecord(value).validateOperation || "").trim(),
+            rejectPlanOnly: asBoolean(asRecord(value).rejectPlanOnly),
+            requireTarget: asBoolean(asRecord(value).requireTarget),
+            targetFromSession: asBoolean(asRecord(value).targetFromSession),
         }]));
 }
 function normalizeTemplateValues(rawValues) {
-    return Object.fromEntries(Object.entries(rawValues || {}).map(([name, value]) => [name, typeof value === "object" && value !== null ? value : { value }]));
+    return Object.fromEntries(Object.entries(rawValues || {}).map(([name, value]) => [name, typeof value === "object" && value !== null ? asRecord(value) : { value }]));
 }
 function normalizeResources(rawResources) {
     return {
-        references: normalizeResourceGroup(rawResources.references || {}),
-        artifacts: normalizeResourceGroup(rawResources.artifacts || {}),
+        references: normalizeResourceGroup(asRecord(rawResources.references)),
+        artifacts: normalizeResourceGroup(asRecord(rawResources.artifacts)),
     };
 }
 function normalizeResourceGroup(rawGroup) {
     return Object.fromEntries(Object.entries(rawGroup || {}).map(([name, value]) => [name, {
             name,
-            path: String(value.path || "").trim(),
-            source: String(value.source || "").trim(),
-            template: String(value.template || "").trim(),
+            path: String(asRecord(value).path || "").trim(),
+            source: String(asRecord(value).source || "").trim(),
+            template: String(asRecord(value).template || "").trim(),
             index: {
-                id: String(value.index?.id || "").trim(),
-                type: String(value.index?.type || "").trim(),
-                summary: String(value.index?.summary || "").trim(),
-                usedBy: String(value.index?.usedBy || "").trim(),
-                producedBy: String(value.index?.producedBy || "").trim(),
+                id: String(asRecord(asRecord(value).index).id || "").trim(),
+                type: String(asRecord(asRecord(value).index).type || "").trim(),
+                summary: String(asRecord(asRecord(value).index).summary || "").trim(),
+                usedBy: String(asRecord(asRecord(value).index).usedBy || "").trim(),
+                producedBy: String(asRecord(asRecord(value).index).producedBy || "").trim(),
             },
         }]));
 }
@@ -425,13 +647,30 @@ function normalizeContext(rawContext) {
 function normalizeEntryPoints(rawEntryPoints) {
     const result = {};
     for (const [name, value] of Object.entries(rawEntryPoints || {})) {
+        const entrypoint = asRecord(value);
         result[name] = {
-            type: String(value.type || "").trim(),
-            command: value.command ? String(value.command).trim() : "",
-            templates: value.templates || {},
-            writes: asArray(value.writes),
-            reads: asArray(value.reads),
-            audit: asBoolean(value.audit),
+            type: String(entrypoint.type || "").trim(),
+            command: entrypoint.command ? String(entrypoint.command).trim() : "",
+            templates: stringRecord(entrypoint.templates),
+            writes: asArray(entrypoint.writes),
+            reads: asArray(entrypoint.reads),
+            audit: asBoolean(entrypoint.audit),
+        };
+    }
+    return result;
+}
+function normalizeActions(rawActions) {
+    const result = {};
+    for (const [name, value] of Object.entries(rawActions || {})) {
+        const action = asRecord(value);
+        result[name] = {
+            type: String(action.type || "").trim(),
+            command: action.command ? String(action.command).trim() : "",
+            taskRequired: asBoolean(action.taskRequired),
+            inputs: normalizeInputs(asRecord(action.inputs)),
+            writes: asArray(action.writes),
+            reads: asArray(action.reads),
+            audit: asBoolean(action.audit),
         };
     }
     return result;
@@ -445,6 +684,7 @@ function publicPresetShape(preset) {
         localeSupport: preset.localeSupport,
         task: preset.task,
         entrypoints: preset.entrypoints,
+        actions: preset.actions,
         workbench: preset.workbench,
         evidence: preset.evidence,
         review: preset.review,
@@ -458,6 +698,7 @@ function publicPresetShape(preset) {
         source: preset.source,
         manifestPath: preset.manifestRelativePath,
         manifestSha256: preset.manifestSha256,
+        scriptPolicy: buildPresetScriptPolicy(preset),
     };
 }
 function validateResourceCollection(preset, label, groupName, requiredPrefix, resourcePaths, failures) {
@@ -487,13 +728,14 @@ function validateResourceCollection(preset, label, groupName, requiredPrefix, re
         if (resource.source && resource.template)
             failures.push(`${label} resource ${name} cannot declare both source and template`);
         for (const field of ["source", "template"]) {
-            if (!resource[field])
+            const declaredPath = resource[field];
+            if (!declaredPath)
                 continue;
-            const resourcePath = path.join(preset.directory, resource[field]);
+            const resourcePath = path.join(preset.directory, declaredPath);
             if (!isInside(preset.directory, resourcePath))
                 failures.push(`${label} resource ${name} ${field} escapes preset package`);
             else
-                validatePresetPackageFile(preset, resource[field], `${label} resource ${name} ${field}`, failures);
+                validatePresetPackageFile(preset, declaredPath, `${label} resource ${name} ${field}`, failures);
         }
         const id = resource.index?.id || "";
         if (!id)
@@ -526,6 +768,57 @@ function validateAuditEvidenceFiles(preset, failures) {
         }
     }
 }
+function validateActionPathTemplateTokens(content, label) {
+    const failures = validateHarnessPathTemplateTokens(content, label);
+    const allowedTaskTokens = new Set([
+        "task.paths.dir",
+        "task.paths.taskPlan",
+        "task.paths.progress",
+        "task.paths.artifacts",
+        "task.paths.artifactsIndex",
+        "task.paths.visualMap",
+    ]);
+    for (const match of String(content || "").matchAll(/\{\{\s*([A-Za-z0-9_.-]+)\s*\}\}/g)) {
+        const key = match[1];
+        if (key.startsWith("paths."))
+            continue;
+        if (key.startsWith("task.") && !allowedTaskTokens.has(key))
+            failures.push(`${label} uses unknown task token: ${key}`);
+    }
+    return failures;
+}
+function isBroadTaskRootScope(scope) {
+    const normalized = toPosix(path.normalize(String(scope || "")));
+    return normalized === "{{paths.tasksRoot}}/**" ||
+        normalized === "coding-agent-harness/planning/tasks/**" ||
+        normalized === ["docs", "09-PLANNING", "TASKS", "**"].join("/");
+}
+function usesTaskLocalPath(scope) {
+    return String(scope || "").includes("{{task.paths.");
+}
+function newTaskWriteScopeAllowed(writeScope) {
+    const normalized = toPosix(path.normalize(String(writeScope || "")));
+    const legacyPlanningScope = ["docs", "09-PLANNING"].join("/");
+    return (normalized === "coding-agent-harness/planning/**" ||
+        normalized.startsWith("coding-agent-harness/planning/") ||
+        normalized === "{{paths.planningRoot}}/**" ||
+        normalized.startsWith("{{paths.planningRoot}}/") ||
+        normalized === "{{paths.tasksRoot}}/**" ||
+        normalized.startsWith("{{paths.tasksRoot}}/") ||
+        normalized === "{{paths.modulesRoot}}/**" ||
+        normalized.startsWith("{{paths.modulesRoot}}/") ||
+        normalized === `${legacyPlanningScope}/**` ||
+        normalized.startsWith(`${legacyPlanningScope}/`));
+}
+function warnOnRuntimePathLiterals(filePath, label, warnings) {
+    if (!fs.existsSync(filePath) || !fs.statSync(filePath).isFile())
+        return;
+    const content = fs.readFileSync(filePath, "utf8");
+    const runtimeLiteralPattern = /coding-agent-harness\/(?:planning|governance|context)\//;
+    if (runtimeLiteralPattern.test(content) && !content.includes("context.paths") && !content.includes("context.absolutePaths")) {
+        warnings.push(`${label} contains default harness path literals; prefer context.paths from the preset runner`);
+    }
+}
 function validatePresetPackageFile(preset, relativePath, label, failures) {
     const filePath = path.join(preset.directory, relativePath || "");
     if (!isInside(preset.directory, filePath)) {
@@ -556,7 +849,8 @@ export function parseSimpleYaml(source) {
     for (const rawLine of String(source).split(/\r?\n/)) {
         if (!rawLine.trim() || rawLine.trimStart().startsWith("#"))
             continue;
-        const indent = rawLine.match(/^\s*/)[0].length;
+        const indentMatch = rawLine.match(/^\s*/);
+        const indent = indentMatch ? indentMatch[0].length : 0;
         const line = rawLine.trim();
         const match = line.match(/^([A-Za-z0-9_-]+):(?:\s*(.*))?$/);
         if (!match)
@@ -568,7 +862,7 @@ export function parseSimpleYaml(source) {
         const rawValue = match[2] || "";
         if (!rawValue) {
             parent[key] = {};
-            stack.push({ indent, object: parent[key] });
+            stack.push({ indent, object: asRecord(parent[key]) });
         }
         else {
             parent[key] = parseYamlScalar(rawValue);
@@ -615,7 +909,14 @@ function hasMarkdownTableDelimiter(value) {
     return /[|\r\n]/.test(String(value || ""));
 }
 function getValue(values, key) {
-    return String(key).split(".").reduce((cursor, part) => (cursor && Object.prototype.hasOwnProperty.call(cursor, part) ? cursor[part] : undefined), values);
+    let cursor = values;
+    for (const part of String(key).split(".")) {
+        if (!cursor || typeof cursor !== "object" || Array.isArray(cursor))
+            return undefined;
+        const record = cursor;
+        cursor = Object.prototype.hasOwnProperty.call(record, part) ? record[part] : undefined;
+    }
+    return cursor;
 }
 function displayManifestPath(manifestPath) {
     const relative = path.relative(repoRoot, manifestPath);
@@ -650,7 +951,7 @@ function presetSearchRoots({ targetInput = "", home = "" } = {}) {
 function resolveInstallSource(source) {
     const localPath = path.resolve(source);
     if (fs.existsSync(path.join(localPath, "preset.yaml")))
-        return { path: localPath, cleanup: () => { } };
+        return { path: localPath, source: "local", cleanup: () => { } };
     if (fs.existsSync(localPath) && fs.statSync(localPath).isFile()) {
         if (!localPath.toLowerCase().endsWith(".zip"))
             throw new Error(`Preset source file must be a .zip archive: ${toPosix(localPath)}`);
@@ -658,7 +959,7 @@ function resolveInstallSource(source) {
     }
     const builtinPath = path.join(builtinPresetRoot, normalizePresetId(source));
     if (fs.existsSync(path.join(builtinPath, "preset.yaml")))
-        return { path: builtinPath, cleanup: () => { } };
+        return { path: builtinPath, source: "builtin", cleanup: () => { } };
     throw new Error(`Preset source not found: ${source}`);
 }
 function resolveZipInstallSource(sourcePath) {
@@ -667,6 +968,7 @@ function resolveZipInstallSource(sourcePath) {
         extractPresetZip(sourcePath, tempRoot);
         return {
             path: presetRootFromExtractedArchive(tempRoot),
+            source: "archive",
             cleanup: () => fs.rmSync(tempRoot, { recursive: true, force: true }),
         };
     }