coding-agent-harness 1.0.8 → 1.1.0

package/dist/lib/preset-runner.mjs

@@ -1,21 +1,21 @@
-// @ts-nocheck
 // Generic preset entrypoint runner. Domain logic belongs in preset packages.
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import crypto from "node:crypto";
 import { spawnSync } from "node:child_process";
-import { normalizeTarget, readFileSafe, readJsonSafe, sanitizeDeep, toPosix, walkFiles, } from "./core-shared.mjs";
+import { absoluteHarnessPathContext, harnessPathContext, normalizeTarget, readFileSafe, readJsonSafe, renderHarnessTemplate, sanitizeDeep, toPosix, walkFiles, } from "./core-shared.mjs";
 import { beginGovernanceSync, commitGovernanceSync, releaseGovernanceSync } from "./governance-sync.mjs";
 import { parseTaskMetadata } from "./task-metadata.mjs";
 import { taskIdForDirectory } from "./task-scanner.mjs";
 import { resolveTaskDirectory } from "./task-lifecycle.mjs";
-import { evaluateTemplateValues, assertPresetWriteScope } from "./preset-engine.mjs";
-import { buildPresetAudit, readPresetPackage } from "./preset-registry.mjs";
+import { evaluateTemplateValues, assertPresetWriteScope, resolvePresetScopes } from "./preset-engine.mjs";
+import { buildPresetAudit, buildPresetScriptPolicy, presetScriptTrustValid, readPresetPackage } from "./preset-registry.mjs";
 const materializationSchemaVersion = "preset-materialization/v1";
 const maxMaterializedFileBytes = 10 * 1024 * 1024;
 const maxMaterializedWrites = 500;
-export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", targetInput = ".", json = false } = {}) {
+export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", targetInput = ".", json = false, allowScripts = false, useCurrentPreset = false, reason = "" } = {}) {
+    void json;
     const target = normalizeTarget(targetInput);
     const preset = readPresetPackage(presetId, { targetInput });
     const entrypoint = preset.entrypoints?.[entrypointName];
@@ -23,6 +23,10 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
         throw new Error(`Preset ${preset.id} does not declare entrypoint: ${entrypointName}`);
     if (!["script", "check"].includes(entrypoint.type))
         throw new Error(`Preset entrypoint ${entrypointName} is not runnable by preset run`);
+    const scriptPolicy = buildPresetScriptPolicy(preset);
+    if (scriptPolicy.requiresTrustedSource && !allowScripts && !presetScriptTrustValid(preset)) {
+        throw new Error(`Preset entrypoint ${preset.id}.${entrypointName} executes trusted local code. Re-run with --allow-scripts if you trust this preset source.`);
+    }
     if (!taskRef)
         throw new Error("preset run requires --task <task-id>");
     const taskDir = resolveTaskDirectory(target, taskRef);
@@ -31,8 +35,11 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
     if (metadata.preset !== preset.id)
         throw new Error(`Task ${taskRef} was created by preset ${metadata.preset || "none"}, not ${preset.id}`);
     const taskId = taskIdForDirectory(target, taskDir);
-    const resolvedInputs = readResolvedInputs(target, metadata);
-    const values = evaluateTemplateValues(preset, resolvedInputs, { taskId, taskTitle: taskId, moduleKey: "" });
+    const audit = readPresetAudit(target, metadata);
+    const presetDrift = assessPresetDrift(audit, preset, { useCurrentPreset, reason });
+    const resolvedInputs = asRecord(audit.resolvedInputs);
+    const values = evaluateTemplateValues(preset, resolvedInputs, { taskId, taskTitle: taskId, moduleKey: "", target });
+    const resolvedScopes = resolvePresetScopes(preset, target);
     const outputRoot = fs.mkdtempSync(path.join(os.tmpdir(), `harness-preset-${preset.id}-${entrypointName}-`));
     const manifestPath = path.join(outputRoot, "materialization-manifest.json");
     const contextPath = path.join(outputRoot, "preset-context.json");
@@ -50,15 +57,20 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
             },
             targetRoot: target.projectRoot,
             targetRootPolicy: "read-only; direct target mutation before manifest materialization is a hard failure",
+            runtime: {
+                coreModule: new URL("./harness-core.mjs", import.meta.url).href,
+            },
             outputRoot,
             materializationManifestPath: manifestPath,
+            paths: harnessPathContext(target),
+            absolutePaths: absoluteHarnessPathContext(target),
             inputs: sanitizeDeep(resolvedInputs),
             values: sanitizeDeep(values),
             audit: buildPresetAudit(preset, {
                 taskId,
                 targetRoot: target.projectRoot,
                 entrypoint: entrypointName,
-                writeScopes: entrypoint.writes,
+                writeScopes: resolvedScopes.entrypoints[entrypointName] || entrypoint.writes,
                 resolvedInputs,
             }),
         };
@@ -67,10 +79,7 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
         const script = spawnSync(process.execPath, [commandPath], {
             cwd: outputRoot,
             encoding: "utf8",
-            env: {
-                ...process.env,
-                HARNESS_PRESET_CONTEXT: contextPath,
-            },
+            env: presetScriptEnv(contextPath),
             timeout: 120000,
             maxBuffer: 10 * 1024 * 1024,
         });
@@ -82,7 +91,7 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
         const afterScriptSnapshot = targetSnapshot(target.projectRoot);
         assertSnapshotsEqual(beforeSnapshot, afterScriptSnapshot, "Preset script mutated target before materialization");
         const manifest = readMaterializationManifest(manifestPath);
-        const materialization = validateMaterializationManifest(preset, entrypoint, manifest, { outputRoot, targetRoot: target.projectRoot });
+        const materialization = validateMaterializationManifest(preset, entrypoint, manifest, { outputRoot, target, entrypointName });
         const governanceContext = beginGovernanceSync(target, {
             operation: `preset-run ${preset.id}.${entrypointName}`,
             allowDirtyWorktree: true,
@@ -105,6 +114,7 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
                     sha256: item.sha256,
                 })),
                 governance: { commit },
+                presetDrift,
             };
         }
         finally {
@@ -115,19 +125,253 @@ export function runPresetEntrypoint(presetId, entrypointName, { taskRef = "", ta
         fs.rmSync(outputRoot, { recursive: true, force: true });
     }
 }
-function readResolvedInputs(target, metadata) {
-    const evidenceBundle = String(metadata.evidenceBundle || "").replace(/^TARGET:/, "").replace(/^\/+/, "");
+export function runPresetAction(presetId, actionName, { taskRef = "", targetInput = ".", json = false, actionArgs = [], allowScripts = false, useCurrentPreset = false, reason = "" } = {}) {
+    void json;
+    const target = normalizeTarget(targetInput);
+    const preset = readPresetPackage(presetId, { targetInput });
+    const action = preset.actions?.[actionName];
+    if (!action)
+        throw new Error(`Preset ${preset.id} does not declare action: ${actionName}`);
+    if (action.type !== "script")
+        throw new Error(`Preset action ${actionName} is not runnable by preset action`);
+    if (action.taskRequired !== true)
+        throw new Error(`Preset action ${preset.id}.${actionName} requires taskRequired: true`);
+    if (!taskRef)
+        throw new Error("preset action requires --task <task-id>");
+    const scriptPolicy = buildPresetScriptPolicy(preset);
+    if (scriptPolicy.requiresTrustedSource && !allowScripts && !presetScriptTrustValid(preset)) {
+        throw new Error(`Preset action ${preset.id}.${actionName} executes trusted local code. Re-run with --allow-scripts if you trust this preset source.`);
+    }
+    const taskDir = resolveTaskDirectory(target, taskRef);
+    const taskPlan = readFileSafe(path.join(taskDir, "task_plan.md"));
+    const metadata = parseTaskMetadata(taskPlan);
+    if (metadata.preset !== preset.id)
+        throw new Error(`Task ${taskRef} was created by preset ${metadata.preset || "none"}, not ${preset.id}`);
+    const taskId = taskIdForDirectory(target, taskDir);
+    const taskPaths = taskPathContext(target, taskDir);
+    const actionInputs = resolveActionInputs(action, actionArgs);
+    const audit = readPresetAudit(target, metadata);
+    const presetDrift = assessPresetDrift(audit, preset, { useCurrentPreset, reason });
+    const creationInputs = asRecord(audit.resolvedInputs);
+    const values = evaluateTemplateValues(preset, creationInputs, { taskId, taskTitle: taskId, moduleKey: "", target });
+    const actionWriteScopes = resolveActionScopes(action.writes, { target, taskPaths, label: `${actionName} action write scope` });
+    const outputRoot = fs.mkdtempSync(path.join(os.tmpdir(), `harness-preset-${preset.id}-${actionName}-`));
+    const manifestPath = path.join(outputRoot, "materialization-manifest.json");
+    const contextPath = path.join(outputRoot, "preset-action-context.json");
+    let governanceContext = null;
+    try {
+        governanceContext = beginGovernanceSync(target, {
+            operation: `preset-action ${preset.id}.${actionName}`,
+            allowDirtyWorktree: true,
+            allowedRelativePaths: concreteActionWriteScopes(actionWriteScopes),
+        });
+        const beforeSnapshot = targetSnapshot(target.projectRoot);
+        const context = {
+            schemaVersion: "preset-action-context/v1",
+            preset: { id: preset.id, version: preset.version, source: preset.source, manifestSha256: preset.manifestSha256 },
+            action: { id: actionName, type: action.type },
+            task: {
+                id: taskId,
+                ref: taskRef,
+                dir: taskPaths.dir,
+                taskPlanPath: taskPaths.taskPlan,
+                paths: taskPaths,
+            },
+            targetRoot: target.projectRoot,
+            targetRootPolicy: "read-only; direct target mutation before manifest materialization is a hard failure",
+            outputRoot,
+            materializationManifestPath: manifestPath,
+            paths: harnessPathContext(target),
+            inputs: sanitizeDeep(actionInputs),
+            creationInputs: sanitizeDeep(creationInputs),
+            values: sanitizeDeep(values),
+            audit: buildPresetAudit(preset, {
+                taskId,
+                targetRoot: target.projectRoot,
+                entrypoint: `action:${actionName}`,
+                writeScopes: actionWriteScopes,
+                resolvedInputs: actionInputs,
+            }),
+            presetDrift,
+        };
+        fs.writeFileSync(contextPath, `${JSON.stringify(context, null, 2)}\n`);
+        const commandPath = path.join(preset.directory, action.command || "");
+        const script = spawnSync(process.execPath, [commandPath], {
+            cwd: outputRoot,
+            encoding: "utf8",
+            env: presetScriptEnv(contextPath),
+            timeout: 120000,
+            maxBuffer: 128 * 1024,
+        });
+        if (script.error)
+            throw script.error;
+        if (script.status !== 0) {
+            throw new Error(`Preset action ${preset.id}.${actionName} failed with ${script.status}\n${boundedScriptOutput(script.stderr || script.stdout || "")}`.trim());
+        }
+        const afterScriptSnapshot = targetSnapshot(target.projectRoot);
+        assertSnapshotsEqual(beforeSnapshot, afterScriptSnapshot, "Preset script mutated target before materialization");
+        const manifest = readMaterializationManifest(manifestPath);
+        const materialization = validateMaterializationManifest(preset, {
+            type: action.type,
+            command: action.command,
+            templates: {},
+            writes: actionWriteScopes,
+            reads: action.reads,
+            audit: action.audit,
+        }, manifest, { outputRoot, target, entrypointName: actionName });
+        materializeWrites(target.projectRoot, materialization);
+        const commit = commitGovernanceSync(governanceContext, materialization.map((item) => item.destination), {
+            message: `chore(harness): run preset action ${preset.id} ${actionName}`,
+        });
+        return {
+            preset: preset.id,
+            action: actionName,
+            source: preset.source,
+            manifestSha256: preset.manifestSha256,
+            taskId,
+            status: manifest.status || "ok",
+            materialized: materialization.map((item) => ({
+                source: item.source,
+                destination: item.destination,
+                type: item.type,
+                sha256: item.sha256,
+            })),
+            governance: { commit },
+            presetDrift,
+        };
+    }
+    finally {
+        if (governanceContext)
+            releaseGovernanceSync(governanceContext);
+        fs.rmSync(outputRoot, { recursive: true, force: true });
+    }
+}
+function readPresetAudit(target, metadata) {
+    const evidenceBundle = normalizeTargetRelativePath(metadata.evidenceBundle || "", "Preset evidence bundle");
     if (!evidenceBundle)
         return {};
     const auditPath = path.join(target.projectRoot, evidenceBundle, "preset-audit.json");
-    const audit = readJsonSafe(auditPath, {});
-    return audit.resolvedInputs || {};
+    const audit = asRecord(readJsonSafe(auditPath, {}));
+    return audit;
+}
+function assessPresetDrift(audit, preset, { useCurrentPreset = false, reason = "" } = {}) {
+    const recorded = String(audit.manifestSha256 || "");
+    const current = String(preset.manifestSha256 || "");
+    if (!recorded || !current || recorded === current) {
+        return { detected: false, accepted: false, recordedManifestSha256: recorded, currentManifestSha256: current, reason: "" };
+    }
+    const normalizedReason = String(reason || "").trim();
+    if (!useCurrentPreset || !normalizedReason) {
+        throw new Error(`Preset manifest hash drift detected for ${preset.id}: recorded ${recorded}, current ${current}. Re-run with --use-current-preset --reason <why-current-semantics-are-intended>, or create a new task with the current preset.`);
+    }
+    return { detected: true, accepted: true, recordedManifestSha256: recorded, currentManifestSha256: current, reason: normalizedReason };
+}
+function resolveActionInputs(action, cliArgs) {
+    const remaining = [...cliArgs];
+    const inputs = {};
+    for (const [name, declaration] of Object.entries(action.inputs || {})) {
+        inputs[name] = resolveActionInputValue(name, declaration, remaining);
+    }
+    if (remaining.length > 0)
+        throw new Error(`Unknown action argument: ${remaining[0]}`);
+    return inputs;
+}
+function resolveActionInputValue(name, declaration, remaining) {
+    const flag = declaration.flag || name;
+    const index = remaining.indexOf(flag);
+    if (declaration.type === "flag") {
+        if (index >= 0) {
+            remaining.splice(index, 1);
+            return true;
+        }
+        return Boolean(declaration.default);
+    }
+    if (index < 0) {
+        if (declaration.required)
+            throw new Error(`Missing required action input ${flag}`);
+        return declaration.default ?? "";
+    }
+    const value = remaining[index + 1] || "";
+    if (!value || value.startsWith("--"))
+        throw new Error(`Missing value for action input ${flag}`);
+    remaining.splice(index, 2);
+    if (String(value).includes("\0"))
+        throw new Error(`Action input ${flag} contains NUL byte`);
+    if (declaration.type === "text") {
+        if (String(value).length > 4096)
+            throw new Error(`Action input ${flag} exceeds text length limit`);
+        return String(value);
+    }
+    if (declaration.type === "json-file") {
+        const filePath = path.resolve(String(value));
+        if (!fs.existsSync(filePath))
+            throw new Error(`Action input file not found for ${flag}: ${value}`);
+        const stat = fs.statSync(filePath);
+        if (!stat.isFile())
+            throw new Error(`Action input file must be a file for ${flag}: ${value}`);
+        if (stat.size > 1024 * 1024)
+            throw new Error(`Action input file exceeds size limit for ${flag}: ${value}`);
+        let readError = null;
+        const parsed = readJsonSafe(filePath, null, { onError: (error) => { readError = error; } });
+        if (!isRecord(parsed))
+            throw new Error(`Invalid action JSON input ${flag}: ${errorMessage(readError)}`);
+        return parsed;
+    }
+    throw new Error(`Unsupported action input type for ${flag}: ${declaration.type}`);
+}
+function taskPathContext(target, taskDir) {
+    const dir = toPosix(path.relative(target.projectRoot, taskDir));
+    return {
+        dir,
+        taskPlan: toPosix(path.join(dir, "task_plan.md")),
+        progress: toPosix(path.join(dir, "progress.md")),
+        artifacts: toPosix(path.join(dir, "artifacts")),
+        artifactsIndex: toPosix(path.join(dir, "artifacts/INDEX.md")),
+        visualMap: toPosix(path.join(dir, "visual_map.md")),
+    };
+}
+function resolveActionScopes(scopes, { target, taskPaths, label }) {
+    return (scopes || []).map((scope) => {
+        const rendered = renderHarnessTemplate(String(scope || ""), { paths: harnessPathContext(target), task: { paths: taskPaths } }, { strict: true });
+        const normalized = toPosix(path.normalize(rendered));
+        if (!rendered.trim() || path.isAbsolute(rendered) || normalized === "." || normalized === ".." || normalized.startsWith("../") || normalized.includes("/../")) {
+            throw new Error(`${label} escapes target root: ${scope}`);
+        }
+        return normalized;
+    });
+}
+function concreteActionWriteScopes(scopes) {
+    return scopes.filter((scope) => !scope.endsWith("/**"));
+}
+function presetScriptEnv(contextPath) {
+    const env = { HARNESS_PRESET_CONTEXT: contextPath };
+    for (const key of ["PATH", "TMPDIR", "TEMP", "TMP", "SystemRoot", "ComSpec"]) {
+        if (process.env[key])
+            env[key] = process.env[key];
+    }
+    return env;
+}
+function normalizeTargetRelativePath(value, label) {
+    const raw = String(value || "").replace(/^TARGET:/, "").replace(/^\/+/, "").trim();
+    if (!raw)
+        return "";
+    const normalized = toPosix(path.normalize(raw));
+    if (path.isAbsolute(raw) || normalized === "." || normalized === ".." || normalized.startsWith("../") || normalized.includes("/../")) {
+        throw new Error(`${label} escapes target root: ${raw}`);
+    }
+    return normalized;
+}
+function boundedScriptOutput(output) {
+    const redacted = String(output || "")
+        .replace(/(api[_-]?key|token|secret|password)=\S+/gi, "$1=[redacted]")
+        .replace(/\/Users\/[^/\s]+/g, "/Users/[redacted]");
+    return redacted.length > 4096 ? `${redacted.slice(0, 4096)}\n[output truncated]` : redacted;
 }
 function readMaterializationManifest(manifestPath) {
     if (!fs.existsSync(manifestPath))
         throw new Error("Preset entrypoint did not emit materialization manifest");
     const manifest = readJsonSafe(manifestPath, null);
-    if (!manifest || typeof manifest !== "object" || Array.isArray(manifest))
+    if (!isRecord(manifest))
         throw new Error("Invalid preset materialization manifest");
     if (manifest.schemaVersion !== materializationSchemaVersion)
         throw new Error(`Invalid preset materialization schema: ${manifest.schemaVersion || "(missing)"}`);
@@ -135,9 +379,15 @@ function readMaterializationManifest(manifestPath) {
         throw new Error("Preset materialization manifest writes must be an array");
     if (manifest.writes.length > maxMaterializedWrites)
         throw new Error(`Preset materialization manifest has too many writes: ${manifest.writes.length}`);
-    return manifest;
+    return {
+        schemaVersion: String(manifest.schemaVersion),
+        writes: manifest.writes.map((write) => asRecord(write)),
+        status: manifest.status === undefined ? undefined : String(manifest.status),
+        publicRedactionReport: isRecord(manifest.publicRedactionReport) ? { source: String(manifest.publicRedactionReport.source || "") } : undefined,
+    };
 }
-function validateMaterializationManifest(preset, entrypoint, manifest, { outputRoot, targetRoot }) {
+function validateMaterializationManifest(preset, entrypoint, manifest, { outputRoot, target, entrypointName }) {
+    const targetRoot = target.projectRoot;
     const seenDestinations = new Set();
     const writes = manifest.writes.map((write, index) => {
         const source = normalizeManifestRelativePath(write.source, "Manifest source");
@@ -145,7 +395,10 @@ function validateMaterializationManifest(preset, entrypoint, manifest, { outputR
         if (seenDestinations.has(destination))
             throw new Error(`Duplicate materialization destination: ${destination}`);
         seenDestinations.add(destination);
-        assertEntrypointWriteScope(preset, entrypoint, destination);
+        assertEntrypointWriteScope(preset, entrypoint, destination, target, entrypointName);
+        if (entrypointName && preset.actions?.[entrypointName] && isDefaultTaskGovernanceFile(destination)) {
+            throw new Error(`Preset action ${entrypointName} cannot write task governance file by default: ${destination}`);
+        }
         const sourcePath = path.join(outputRoot, source);
         assertOutputSource(outputRoot, sourcePath, source);
         const stat = fs.lstatSync(sourcePath);
@@ -200,9 +453,10 @@ function assertDestinationParent(targetRoot, destination) {
             throw new Error(`Manifest destination parent escapes target root: ${destination}`);
     }
 }
-function assertEntrypointWriteScope(preset, entrypoint, destination) {
-    assertPresetWriteScope(preset, destination);
-    if (!entrypoint.writes.some((scope) => matchesScope(scope, destination))) {
+function assertEntrypointWriteScope(preset, entrypoint, destination, target, entrypointName) {
+    assertPresetWriteScope(preset, destination, target);
+    const resolved = resolvePresetScopes(preset, target).entrypoints[entrypointName] || entrypoint.writes;
+    if (!resolved.some((scope) => matchesScope(scope, destination))) {
         throw new Error(`Preset write scope violation for ${destination}`);
     }
 }
@@ -214,6 +468,9 @@ function matchesScope(scope, relativePath) {
     }
     return relativePath === normalizedScope;
 }
+function isDefaultTaskGovernanceFile(destination) {
+    return /(^|\/)(review|brief|task_plan)\.md$/.test(destination);
+}
 function enforcePublicRedaction(manifest, writes, { outputRoot }) {
     const publicWrites = writes.filter((write) => write.visibility === "public" || write.destination.startsWith("docs-release/"));
     if (publicWrites.length === 0)
@@ -221,8 +478,8 @@ function enforcePublicRedaction(manifest, writes, { outputRoot }) {
     const reportSource = normalizeManifestRelativePath(manifest.publicRedactionReport?.source || "", "Public redaction report source");
     const reportPath = path.join(outputRoot, reportSource);
     assertOutputSource(outputRoot, reportPath, reportSource);
-    const report = readJsonSafe(reportPath, null);
-    if (!report || report.status !== "pass")
+    const report = asRecord(readJsonSafe(reportPath, null));
+    if (report.status !== "pass")
         throw new Error("Public materialization requires a passing public redaction report");
 }
 function materializeWrites(targetRoot, writes) {
@@ -292,3 +549,12 @@ function isInside(root, candidate) {
     const relative = path.relative(root, candidate);
     return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
 }
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function asRecord(value) {
+    return isRecord(value) ? value : {};
+}
+function errorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}

package/dist/lib/review-confirm-git-gate.mjs

@@ -33,34 +33,41 @@ export function prepareReviewConfirmGitGate(projectRoot, allowedFilesAbs) {
     const gitRoot = root;
     const allowedPaths = allowedFilesAbs.map((filePath) => toPosix(path.relative(gitRoot, path.resolve(filePath))));
     assertAllowedPaths(allowedPaths);
-    assertCleanWorkingTree(gitRoot);
+    const baselineEntries = statusEntries(gitRoot);
+    assertOwnedPathsClean(allowedPaths, baselineEntries);
     assertCommitIdentity(gitRoot);
-    return { gitRoot, allowedPaths };
+    return {
+        gitRoot,
+        allowedPaths,
+        baselineOutsideEntries: outsideEntries(baselineEntries, allowedPaths),
+    };
 }
 export function commitReviewConfirmationGate(gate, { taskId, reviewPath, writeFinalAudit, message = "" }) {
     const subjectSuffix = taskId.replace(/[^A-Za-z0-9._/-]+/g, "-");
-    assertOnlyAllowedChanged(gate.gitRoot, gate.allowedPaths);
+    assertOutsideStatusUnchanged(gate.gitRoot, gate.allowedPaths, gate.baselineOutsideEntries);
     git(gate.gitRoot, ["add", "--", ...gate.allowedPaths]);
-    assertOnlyAllowedStaged(gate.gitRoot, gate.allowedPaths);
-    const confirmCommit = commit(gate.gitRoot, `chore: confirm review ${subjectSuffix}`, {
+    assertOutsideStatusUnchanged(gate.gitRoot, gate.allowedPaths, gate.baselineOutsideEntries);
+    const confirmCommit = commitOnly(gate.gitRoot, `chore: confirm review ${subjectSuffix}`, gate.allowedPaths, {
         recovery: [
             "Review confirmation files were written but not committed.",
-            `Inspect and either fix hooks then run: git add -- ${gate.allowedPaths.join(" ")} && git commit`,
+            `Inspect and either fix hooks then run: git add -- ${gate.allowedPaths.join(" ")} && git commit --only -- ${gate.allowedPaths.join(" ")}`,
             "Or manually revert the written review confirmation files if the confirmation should not proceed.",
         ],
     });
+    assertOwnedPathsClean(gate.allowedPaths, statusEntries(gate.gitRoot));
     writeFinalAudit(confirmCommit);
     const reviewRelativePath = toPosix(path.relative(gate.gitRoot, path.resolve(reviewPath)));
     git(gate.gitRoot, ["add", "--", reviewRelativePath]);
-    assertOnlyAllowedStaged(gate.gitRoot, gate.allowedPaths);
-    const auditCommit = commit(gate.gitRoot, `chore: record review confirmation audit ${subjectSuffix}`, {
+    assertOutsideStatusUnchanged(gate.gitRoot, gate.allowedPaths, gate.baselineOutsideEntries);
+    const auditCommit = commitOnly(gate.gitRoot, `chore: record review confirmation audit ${subjectSuffix}`, gate.allowedPaths, {
         recovery: [
             "The confirmation commit was created, but final audit metadata could not be committed.",
             `Confirmation commit SHA: ${confirmCommit}`,
-            `Fix hooks, then stage ${reviewRelativePath} and commit the audit metadata.`,
+            `Fix hooks, then stage ${reviewRelativePath} and commit --only -- ${reviewRelativePath}.`,
         ],
     });
-    assertCleanWorkingTree(gate.gitRoot);
+    assertOwnedPathsClean(gate.allowedPaths, statusEntries(gate.gitRoot));
+    assertOutsideStatusUnchanged(gate.gitRoot, gate.allowedPaths, gate.baselineOutsideEntries);
     return {
         commitSha: confirmCommit,
         auditCommitSha: auditCommit,
@@ -99,7 +106,8 @@ export function validateReviewConfirmationGitAudit({ projectRoot, taskId, review
         addIssue("git-audit-commit-not-reachable");
     const subject = git(root, ["show", "-s", "--format=%s", fullCommitSha], { allowFailure: true }).stdout.trim();
     const expectedSubject = `chore: confirm review ${String(taskId || "").replace(/[^A-Za-z0-9._/-]+/g, "-")}`;
-    if (subject !== expectedSubject)
+    const batchSubject = subject === "chore: confirm selected reviews";
+    if (subject !== expectedSubject && !batchSubject)
         addIssue("git-audit-subject-mismatch");
     const changedPaths = git(root, ["diff-tree", "--no-commit-id", "--name-only", "-r", fullCommitSha], { allowFailure: true }).stdout
         .split(/\r?\n/)
@@ -108,7 +116,13 @@ export function validateReviewConfirmationGitAudit({ projectRoot, taskId, review
         .sort();
     if (expectedPaths.length === 0)
         addIssue("git-audit-allowlist-missing");
-    if (changedPaths.join("\n") !== expectedPaths.join("\n"))
+    if (batchSubject) {
+        const expectedIncluded = expectedPaths.every((expectedPath) => changedPaths.includes(expectedPath));
+        const batchPathsAllowed = changedPaths.every((changedPath) => /(^|\/)coding-agent-harness\/planning\/(?:tasks|modules)\/.+\/INDEX\.md$/.test(changedPath));
+        if (!expectedIncluded || !batchPathsAllowed)
+            addIssue("git-audit-allowlist-mismatch");
+    }
+    else if (changedPaths.join("\n") !== expectedPaths.join("\n"))
         addIssue("git-audit-allowlist-mismatch");
     return {
         valid: issues.length === 0,
@@ -134,13 +148,7 @@ function assertAllowedPaths(paths) {
     const disallowed = paths.filter((relativePath) => {
         if (!relativePath || relativePath.startsWith("../") || path.isAbsolute(relativePath))
             return true;
-        if (relativePath === "AGENTS.md" || relativePath === "CLAUDE.md")
-            return true;
-        if (relativePath === "docs" || relativePath.startsWith("docs/"))
-            return false;
-        if (relativePath === ".harness-private" || relativePath.startsWith(".harness-private/"))
-            return true;
-        return false;
+        return !/(^|\/)coding-agent-harness\/planning\/(?:tasks|modules)\/.+\/INDEX\.md$/.test(relativePath);
     });
     if (disallowed.length > 0) {
         throw new ReviewConfirmGitGateError("Review confirmation write allowlist contains forbidden paths.", {
@@ -163,6 +171,41 @@ function assertCleanWorkingTree(gitRoot) {
         });
     }
 }
+function assertOwnedPathsClean(allowedPaths, entries) {
+    const ownedDirty = entries.filter((entry) => allowedPaths.includes(entry.path));
+    if (ownedDirty.length > 0) {
+        throw new ReviewConfirmGitGateError("Review confirmation owned path is already dirty; refusing to overwrite existing task confirmation state.", {
+            code: "git-owned-path-dirty",
+            details: { entries: ownedDirty, allowedPaths },
+            recovery: [
+                "Commit or resolve the existing task INDEX.md edits before retrying review-confirm.",
+                "Unrelated dirty files may remain; only the review-confirm owned paths must be clean.",
+            ],
+        });
+    }
+}
+function outsideEntries(entries, allowedPaths) {
+    return entries.filter((entry) => !allowedPaths.includes(entry.path));
+}
+function assertOutsideStatusUnchanged(gitRoot, allowedPaths, baselineOutsideEntries) {
+    const currentOutside = outsideEntries(statusEntries(gitRoot), allowedPaths);
+    if (statusSignature(currentOutside) !== statusSignature(baselineOutsideEntries)) {
+        throw new ReviewConfirmGitGateError("Review confirmation changed files outside the write allowlist.", {
+            code: "git-outside-status-changed",
+            details: { before: baselineOutsideEntries, after: currentOutside, allowedPaths },
+            recovery: [
+                "Inspect the extra files and do not commit them through review-confirm.",
+                "Revert only unintended review-confirm side effects, then retry.",
+            ],
+        });
+    }
+}
+function statusSignature(entries) {
+    return entries
+        .map((entry) => `${entry.index}${entry.worktree} ${entry.path}`)
+        .sort()
+        .join("\n");
+}
 function assertCommitIdentity(gitRoot) {
     const name = git(gitRoot, ["config", "--get", "user.name"], { allowFailure: true }).stdout.trim();
     const email = git(gitRoot, ["config", "--get", "user.email"], { allowFailure: true }).stdout.trim();
@@ -214,6 +257,17 @@ function commit(gitRoot, message, { recovery }) {
     }
     return git(gitRoot, ["rev-parse", "HEAD"]).stdout.trim();
 }
+function commitOnly(gitRoot, message, paths, { recovery }) {
+    const result = git(gitRoot, ["commit", "--only", "-m", message, "--", ...paths], { allowFailure: true });
+    if (result.status !== 0) {
+        throw new ReviewConfirmGitGateError("Git commit failed during review confirmation auto-commit.", {
+            code: "git-commit-failed",
+            details: { stdout: result.stdout.trim(), stderr: result.stderr.trim() },
+            recovery,
+        });
+    }
+    return git(gitRoot, ["rev-parse", "HEAD"]).stdout.trim();
+}
 function statusEntries(gitRoot) {
     const output = git(gitRoot, ["status", "--porcelain=v1", "--untracked-files=all"]).stdout;
     return output.split(/\r?\n/).filter(Boolean).map((line) => ({

package/dist/lib/status-builder.mjs

@@ -1,24 +1,25 @@
-// @ts-nocheck
 import path from "node:path";
 import { normalizeTarget, toPosix } from "./core-shared.mjs";
 import { capabilityDefinitions, readCapabilityRegistry } from "./capability-registry.mjs";
 import { summarizeGitState } from "./git-status-summary.mjs";
-import { collectTasks, taskCutoverCounters } from "./task-scanner.mjs";
+import { createScannerTaskRepository, taskCutoverCounters } from "./task-repository.mjs";
+import { readHarnessModules } from "./module-registry.mjs";
+const taskCutoverCountersForStatus = taskCutoverCounters;
 export function buildStatusData(targetInput, options = {}) {
-    const target = targetInput?.projectRoot ? targetInput : normalizeTarget(targetInput);
+    const target = hasProjectRoot(targetInput) ? targetInput : normalizeTarget(targetInput);
     const validationMode = options.validationMode || "data-only";
     const gitState = options.gitState || summarizeGitState(target);
-    const registry = options.capabilityState?.registry || readCapabilityRegistry(target);
+    const registry = (options.capabilityState?.registry || readCapabilityRegistry(target));
     const detected = options.capabilityState?.detected || [];
     const capabilityWarnings = options.capabilityState?.warnings || [];
     const failures = [...(options.failures || [])];
     const warnings = [...(options.warnings || [])];
     const legacy = options.legacy || { status: "skipped", code: 0, stdout: "", stderr: "" };
-    const tasks = options.tasks || collectTasks(target, {
+    const tasks = options.tasks || createScannerTaskRepository(target, {
         requireGeneratedScaffoldProvenance: options.requireGeneratedScaffoldProvenance === true,
-        taskPlanPaths: options.taskPlanPaths,
         closeoutContent: options.closeoutContent,
-    });
+    }).list();
+    const modules = harnessModulesForStatus(target);
     const briefReady = tasks.filter((task) => task.briefSource === "standalone").length;
     const briefMissing = tasks.length - briefReady;
     const capabilityNames = new Map(registry.capabilities.map((capability) => [capability.name, capability]));
@@ -26,7 +27,7 @@ export function buildStatusData(targetInput, options = {}) {
         if (!capabilityNames.has(capability))
             capabilityNames.set(capability, { name: capability, state: "configured" });
     }
-    const cutoverCounters = taskCutoverCounters(tasks);
+    const cutoverCounters = taskCutoverCountersForStatus(tasks);
     const fullCutoverEligible = validationMode === "validated" &&
         failures.length === 0 &&
         warnings.length === 0 &&
@@ -54,6 +55,7 @@ export function buildStatusData(targetInput, options = {}) {
         git: gitState.summary,
         summary: {
             tasks: tasks.length,
+            modules: modules.length,
             briefCoverage: {
                 ready: briefReady,
                 missing: briefMissing,
@@ -81,7 +83,20 @@ export function buildStatusData(targetInput, options = {}) {
             warnings: capabilityWarnings.filter((warning) => warning.includes(capability.name)),
         })),
         tasks,
+        modules,
         handoffs: tasks.flatMap((task) => task.handoffs || []),
         recentActivity: tasks.slice(0, 8).map((task) => ({ at: new Date().toISOString(), type: "task", summary: task.title })),
     };
 }
+function harnessModulesForStatus(target) {
+    try {
+        const registry = readHarnessModules(target);
+        return Object.entries(registry.items || {}).map(([key, module]) => ({ key, ...module }));
+    }
+    catch {
+        return [];
+    }
+}
+function hasProjectRoot(value) {
+    return Boolean(value && typeof value === "object" && "projectRoot" in value);
+}