Agent Skills › ruvnet/metaharness

ruvnet/metaharness

GitHub

对比两个脚手架 harness 的差异,检查清单元数据、主机适配器及文件指纹。支持文本与 ADR-031 JSON 格式输出,适用于分支合并前差异分析或 CI 自动化验证,自动脱敏敏感信息。

11 个 Skill 459

安装全部 Skills

npx skills add ruvnet/metaharness --all -g -y
更多选项

预览集合内 Skills

npx skills add ruvnet/metaharness --list

集合内 Skills (11)

对比两个脚手架 harness 的差异,检查清单元数据、主机适配器及文件指纹。支持文本与 ADR-031 JSON 格式输出,适用于分支合并前差异分析或 CI 自动化验证,自动脱敏敏感信息。
需要比较两个项目目录或模板的 scaffold 差异 CI/CD 流程中验证候选构建与基线是否一致 检查 fork 后的代码变更细节
.claude-plugin/skills/compare-harnesses/SKILL.md
npx skills add ruvnet/metaharness --skill compare-harnesses -g -y
SKILL.md
Frontmatter
{
    "name": "compare-harnesses",
    "description": "Diff two scaffolded harnesses (ADR-031). Reports manifest meta drift + host list + per-file fingerprint changes (added\/removed\/changed). Exits 0 IDENTICAL, 1 DRIFT, 2 missing manifest. Use --bundle for the ADR-031 schema-1 JSON envelope."
}

compare-harnesses

Codex skill: diff two scaffolded harnesses — the ADR-031 Bundle JSON Pattern surfaced through Codex (iter 105 → iter 109).

What it does

Two-harness diff. Useful when you've forked an upstream template, when a support ticket says "mine and theirs scaffolded different things", or when a CI script wants a byte-equality check between a candidate scaffold and a known-good baseline.

Reports three sections:

  1. Manifest meta — same name? same kernel? same surface?
  2. Hosts — which host adapters each side ships (claude-code / codex / pi-dev / hermes / openclaw / rvm)
  3. Files — added / removed / changed (per-file SHA-256 fingerprints; the cheapest possible byte-equality test)
Verdict Exit Meaning
IDENTICAL 0 meta + hosts + every file fingerprint matches
DRIFT 1 at least one of meta / hosts / files differs
no-manifest-in-a 2 a/.harness/manifest.json missing
no-manifest-in-b 2 b/.harness/manifest.json missing
no-manifest-in-either 2 both sides missing manifest

Usage from Codex

/compare-harnesses a=./my-fork b=./upstream
/compare-harnesses a=./my-fork b=./upstream bundle=true

Equivalent CLI

harness compare ./my-fork ./upstream                  # text output
harness compare ./my-fork ./upstream --bundle         # ADR-031 schema-1 JSON

The --bundle form (ADR-031) emits a schema-1 JSON envelope so CI scripts can json-parse the verdict without re-parsing human text. The envelope shape is shared with harness diag --bundle, harness export-config, and harness audit --bundle:

{
  "schema": 1,
  "generatedAt": "2026-06-15T...",
  "a": "/path/to/a",
  "b": "/path/to/b",
  "meta": { "sameKernel": true, "sameSurface": true, "sameName": false },
  "hosts": { "a": ["claude-code"], "b": ["claude-code", "codex"], "verdict": "PASS" | "FAIL" },
  "files": { "added": [...], "removed": [...], "changed": [...] },
  "identical": false,
  "exitCode": 1
}

Errors are bundle-formed too ({ "schema": 1, "error": "no-manifest-in-a" }), so a CI script never has to dual-parse text + JSON. Object keys matching secret|token|key|password|passphrase are redacted via the canonical ADR-031 sanitisation regex before emission — safe to paste into a public GitHub issue.

Sample output (text mode)

harness compare — diffing /tmp/a /tmp/b

  name:              A=cmp-a   B=cmp-b   FAIL
  kernel:            A=0.1.0   B=0.1.0   PASS
  surface:           A=cli     B=cli     PASS
  hosts:             A=[claude-code] B=[claude-code,codex] FAIL

  added:             3 files
    + src/agents/codex-tester.ts
    + src/agents/codex-reviewer.ts
    + .codex/config.toml
  removed:           0 files
  changed:           1 file
    ~ .harness/manifest.json

DRIFT (exit 1)

When to use it

  • You forked the project's upstream template, edited it, and want to know exactly what diverged before sending a PR upstream.
  • A user files a "this doesn't work" bug; you run harness compare their-zip yours-zip --bundle > diff.json and attach the bundle to the issue.
  • CI is the canonical place: a nightly job runs compare between today's scaffold output and a frozen baseline, fails the run on DRIFT.

Related skills

  • diag-harness — single-harness kernel-version skew check (iter 66)
  • validate-harness — release-readiness umbrella (iter 20)
  • verify-witness — Ed25519 witness signature verification (iter 8)

See also

用于快速搭建可发布的AI Agent Harness,支持Claude Code、Codex等多宿主。通过交互式配置选择模板、内存后端及路由策略,自动生成包含CLI、MCP注册及市场标识的npm包结构,并提供升级与签名证明功能。
创建自定义Agent Harness 构建垂直领域AI助手 生成npm可发布Agent插件 scaffold a harness
.claude-plugin/skills/create-harness/SKILL.md
npx skills add ruvnet/metaharness --skill create-harness -g -y
SKILL.md
Frontmatter
{
    "name": "create-harness",
    "description": "Scaffold your own focused AI agent harness — pick host (Claude Code, Codex, pi.dev, Hermes), template, agents, skills, and ship a npm-publishable harness with its own npx CLI. Use when a user asks to \"create my own agent harness\", \"scaffold a harness\", \"make a custom Claude Code plugin like ruflo\", or \"build a vertical AI assistant for X\"."
}

create-harness

This skill scaffolds an AI agent harness — your own focused, branded harness with its own npx <name> CLI, MCP server registration, memory namespace, learning loop, and marketplace identity.

When to use this skill

Use this skill when the user wants any of:

  • A custom MCP-server-backed AI assistant (legal, trading, support, ops, …)
  • A Claude Code plugin that bundles their own agents/skills/prompts
  • A Codex skill that wraps a kernel + tools
  • A pi.dev extension or Hermes agent runtime config
  • A standalone npm package they can npm publish under their own scope

How to invoke

/create-harness

The skill asks for:

  1. Harness name (kebab-case, e.g. legal-redline)
  2. Description (one line)
  3. Host(s) — Claude Code, Codex, pi.dev, Hermes (multi-select)
  4. Templateminimal (default), vertical:trading, vertical:support, vertical:devops, vertical:legal, vertical:research, or eject-from-ruflo
  5. Memory backend — AgentDB (default), SQLite-only, in-memory
  6. Routing strategy — 3-tier (default) or single-tier
  7. Marketplace — independent (no ruflo branding) or powered-by

Under the hood

Calls npx create-agent-harness <name> with the user's choices, copies the chosen template into the current directory, runs the post-generation smoke test, and emits a .harness/manifest.json so future updates can harness upgrade cleanly (copier-style regenerate-diff-merge).

Outputs

File Purpose
package.json The harness's npm package, ready to npm publish
bin/<name>.js The CLI binary your users invoke
.claude/settings.json (if Claude Code host) MCP + hooks wiring
.codex/config.toml (if Codex host) MCP table in TOML
AGENTS.md + SYSTEM.md (if pi.dev host) Pi extension instructions
cli-config.yaml (if Hermes host) Hermes runtime config
.harness/manifest.json Generator state — drives drift detection (ADR-008)
witness.json Ed25519-signed provenance manifest (ADR-011)

After scaffolding

The user can:

cd <name>
npm install
npm test
npm publish              # ship their harness to npm
# their users: npx <name> init

Notes for the model

  • This is a deterministic operation — defer to create-agent-harness for the actual file creation, do NOT generate harness file contents yourself
  • The witness manifest is required — do not skip it
  • If the user asks for "ruflo for X" or "my own ruflo", recommend vertical:<X> templates first and offer minimal as the fallback
  • Multi-host is supported but increases the harness's surface area — recommend single-host for first-time users unless they explicitly need multi-host
检测本地 @metaharness/kernel 版本与脚手架 manifest 是否一致,判断兼容性及退出状态码。支持指定路径、CI 机器可读输出及自动脱敏的故障排查 Bundle 功能。
克隆他人 harness 后首次检查兼容性 升级 kernel 包后验证一致性 harness doctor 报错怀疑版本偏差时 CI 流程中其他命令执行前进行快速失败检查
.claude-plugin/skills/diag-harness/SKILL.md
npx skills add ruvnet/metaharness --skill diag-harness -g -y
SKILL.md
Frontmatter
{
    "name": "diag-harness",
    "description": "Kernel-version skew check (ADR-027). Reports manifest surface + manifest kernel + installed kernel + verdict (match\/patch-diff\/minor-diff\/major-diff). Exits 1 on minor\/major skew with a copy-pasteable `npm install @metaharness\/kernel@X.Y.Z` next step. Exits 2 if no .harness\/manifest.json at path."
}

diag-harness

Codex skill: kernel-version skew check for a scaffolded harness — the ADR-027 diagnostic UX loop.

What it does

Single-question check: does my local @metaharness/kernel match what this harness was scaffolded against? That's the cross-machine compatibility question almost every "this harness doesn't work" support ticket turns out to be.

Reads .harness/manifest.json:

Field Source Meaning
meta.surface iter 56 Which surface produced the harness (cli or web-ui)
meta.kernel_version iter 58 The @metaharness/kernel version stamped at scaffold time

Resolves the local @metaharness/kernel via createRequire rooted at the harness's own package.json (real Node resolution). Computes the skew verdict and prints a copy-pasteable next step.

Verdict Exit Message
match 0 PASS kernel versions match exactly
patch-diff 0 WARN patch-level skew (usually safe; may include bugfixes)
minor-diff 1 WARN minor-level skew (new kernel features may be missing) + Run: npm install @metaharness/kernel@X.Y.Z
major-diff 1 FAIL MAJOR skew — APIs may have changed; expect breakage + Run: npm install @metaharness/kernel@X.Y.Z
no .harness/manifest.json at path 2 FAIL no .harness/manifest.json found at this path

Usage from Codex

/diag-harness                           # cwd
/diag-harness path=./my-harness

Equivalent CLI

harness diag                            # cwd
harness diag ./my-harness               # explicit path
harness diag ./my-harness --json        # machine-readable for CI
harness diag ./my-harness --bundle      # support-ticket JSON (iter 90)

The --bundle form (iter 90) emits a single JSON snapshot of the diag report + sanitised manifest + @metaharness/* deps + Node/platform info — everything a maintainer needs to triage a bug report. Object keys matching secret|token|key|password|api_key are redacted so the bundle is safe to paste into a public GitHub issue.

Sample output

harness diag — checking /tmp/my-harness

  surface:              cli
  manifest kernel:      0.1.0
  installed kernel:     0.1.0

  PASS kernel versions match exactly

When to run

  • After cloning someone else's harness — first thing
  • After bumping @metaharness/kernel in a harness's package.json
  • When harness doctor fails with cryptic shape errors (skew is the usual cause)
  • In CI before any other harness subcommand — fail fast

Lifecycle position

scaffold (create-agent-harness)
    ↓
 your code lives in the harness
    ↓
 diag (this skill)           <- before anything else, check compatibility
    ↓
 doctor / validate / sign / publish

Related

  • ADR-027 — CLI ↔ Web-UI integration (the parity contract diag enforces)
  • iter 56 — manifest.meta.surface added
  • iter 58 — manifest.meta.kernel_version stamped at scaffold time
  • iter 66 — harness diag subcommand
通过一条命令从18个预发布包快速生成AI Agent工作区,支持9种主机集成和10种垂直领域,无需记忆复杂参数。
需要快速搭建AI Agent基础框架 希望基于特定主机或垂直场景初始化项目
.claude-plugin/skills/example-harness/SKILL.md
npx skills add ruvnet/metaharness --skill example-harness -g -y
SKILL.md
Frontmatter
{
    "name": "example-harness",
    "description": "Scaffold a ready-made AI agent harness in one command from the 19 published @metaharness\/* example packages — 9 host integrations (Claude Code, Codex, Hermes, pi.dev, OpenClaw, RVM, Copilot, OpenCode, GitHub Actions) + 10 vertical pods (devops, research, trading, support, legal, coding, education, sales, gaming, repo-maintainer)."
}

example-harness

One-command scaffolding from the 18 published @metaharness/* example packages — the fastest path from a use-case to a working harness, no template/host flags to remember.

Where create-harness walks the full wizard, this skill maps a use-case straight onto a published npm wrapper. Each wrapper shells out to metaharness@latest with the correct --template + --host flags, so the result is byte-identical to the full CLI invocation.

Install

mkdir -p ~/.codex/skills/example-harness
curl -fsSL https://raw.githubusercontent.com/ruvnet/agent-harness-generator/main/.codex/skills/example-harness/skill.toml \
  -o ~/.codex/skills/example-harness/skill.toml

No MCP server needed — the wrapper packages run via npx.

Use

/example-harness

Codex prompts for the package + a directory name, then runs:

npx --yes @metaharness/<package>@latest <name>

The 18 packages

Host integrations (scaffold a workspace wired for one runtime)

Package Scaffolds
@metaharness/claude-code Claude Code workspace + plugin
@metaharness/codex OpenAI Codex
@metaharness/hermes Hermes cli-config
@metaharness/pi-dev pi.dev AGENTS.md
@metaharness/openclaw OpenClaw .openclaw/
@metaharness/rvm RVM deployment partition
@metaharness/copilot VSCode / Copilot mcp.json
@metaharness/opencode OpenCode .opencode/
@metaharness/github-actions GitHub Actions CI/CD (non-interactive)

Vertical workflows (ready-made multi-agent pods)

Package Scaffolds
@metaharness/devops incident response
@metaharness/research multi-source dossier
@metaharness/trading quant trading (paper-by-default)
@metaharness/support customer support
@metaharness/legal contract redline (drafts only)
@metaharness/coding engineering pod
@metaharness/education tutor pod
@metaharness/sales sales pipeline pod
@metaharness/gaming game-design pod
@metaharness/repo-maintainer OSS repo maintainer

After scaffolding

cd <name> && npm install
npx harness doctor      # health-check
npx harness validate    # full umbrella gate

Every scaffold ships a .claude-plugin/plugin.json, so it also loads as a Claude Code plugin: claude -p --plugin-dir <name> "...".

Per-package deep-dive gists: see examples-packages/GISTS.md.

列出 create-agent-harness 支持的所有脚手架模板及其详情,包括 minimal、各类垂直领域模板及迁移工具。适用于用户查询可用模板、支持的垂直领域或可生成的项目结构等场景。
询问有哪些可用的模板 查询 harness generator 支持哪些垂直领域 展示可以生成的项目结构
.claude-plugin/skills/list-templates/SKILL.md
npx skills add ruvnet/metaharness --skill list-templates -g -y
SKILL.md
Frontmatter
{
    "name": "list-templates",
    "description": "List the available harness templates and what each one ships with. Use when the user asks \"what templates are available\", \"what verticals does the harness generator support\", or \"show me what I can scaffold\"."
}

list-templates

Lists every harness template create-agent-harness can scaffold from.

Templates today (Iter 2)

Template Status Agents Skills MCP servers Best for
minimal Iter 2 (this iter) 0 0 1 (kernel) First-time users, learning the system
vertical:trading Iter 6 5 4 2 (kernel + market-data) Trading bots, backtesting
vertical:devops Iter 6 4 6 3 (kernel + alerts + runbook) Incident response, on-call
vertical:legal Iter 6 3 5 2 (kernel + citation-search) Contract review, redline
vertical:support Iter 6 4 4 2 (kernel + ticket-routing) Customer support, escalation
vertical:research Iter 6 6 5 3 (kernel + web-search + dossier) Multi-source research dossiers
eject-from-ruflo Iter 4 Convert an existing ruflo install into your own harness

Hosts each template supports

Template Claude Code Codex pi.dev Hermes
minimal
vertical:*
eject-from-ruflo (one-way) (one-way) (one-way)

Roadmap

  • Vertical packs ship as separate npm packages (@metaharness/vertical-trading, etc.) so each pack can be owned by a domain expert
  • See ADR-013
生成并验证OIA v0.1架构对齐的静态清单文件,声明9层架构、6个横向跨度及相邻标准支持情况,支持写入、校验和干跑模式。
需要评估系统与OIA v0.1参考架构的对齐程度 生成或验证.harness/oia-manifest.json文件
.claude-plugin/skills/oia-manifest/SKILL.md
npx skills add ruvnet/metaharness --skill oia-manifest -g -y
SKILL.md
Frontmatter
{
    "name": "oia-manifest",
    "description": "Emit .harness\/oia-manifest.json declaring layer alignment with the OIA v0.1 9-layer reference architecture. Self-describes the harness's MCP wiring, witness signing, audit log, identity posture (always 'none' at v0.1). --check verifies an existing manifest, --dry-run prints without writing, --json emits to stdout."
}

oia-manifest

Codex skill: emit/validate the OIA cross-cutting manifest layer (ADR-034, iter 121 → iter 122).

What it does

Emits .harness/oia-manifest.json — the harness's self-assessment against the Open Intelligence Architecture (OIA) v0.1 9-layer reference model published by the Agentics Foundation at https://oia.agentics.org.

The manifest declares:

  • 9 layer alignments — L1 physicalCompute → L9 humanAndBrowserInterface, each full / partial / none / not-applicable
  • 6 horizontal spans — security · observability · identity · governance · policyEnforcement · interoperability, each full / partial / none with an implementation reference (file path or ADR number)
  • 4 adjacent standardsmcp, a2a, acp, agentProtocol with current mode + wiring notes
  • discoveryEndpoint + registryUrl (both null at v0.1; OIA has no registry yet)

Why a manifest, not a host adapter?

OIA at v0.1 has no runtime and no wire protocol — it's a vendor-neutral vocabulary for assessing system alignment. The right plug-in shape is a static cross-cutting manifest (ADR-034 Decision: Option B). It plugs in ABOVE the host adapter contract and BELOW the MCP policy gate.

Usage from Codex

/oia-manifest path=./my-harness
/oia-manifest path=./my-harness check=true
/oia-manifest path=./my-harness dry-run=true

Equivalent CLI

harness oia-manifest ./my-harness                # write .harness/oia-manifest.json
harness oia-manifest ./my-harness --check        # validate existing manifest
harness oia-manifest ./my-harness --dry-run      # stdout, no file write
harness oia-manifest ./my-harness --json         # stdout JSON

Verdict + exit codes (--check)

Verdict Exit Meaning
PASS 0 manifest shape ok, oiaVersion echoed
DRIFT 1 shape mismatch — per-field reasons surfaced
FAIL no manifest 2 .harness/oia-manifest.json missing

Sample manifest (excerpt)

{
  "schema": 1,
  "oiaVersion": "0.1",
  "harnessId": "my-bot@0.1.0",
  "layerAlignment": {
    "L4_toolsAndIntegrations": "full",
    "L7_governanceAndPolicy": "full"
  },
  "horizontalSpans": {
    "identity": { "status": "none", "implementation": null },
    "security": { "status": "full", "implementation": "mcp-policy.json + ADR-022" }
  },
  "adjacentStandards": {
    "mcp": { "mode": "local", "policyPath": ".harness/mcp-policy.json" }
  },
  "discoveryEndpoint": null,
  "registryUrl": null
}

Pre-emptive composition rule (ADR-034 §120)

If a future OIA identity primitive ever wants to widen an MCP permission, the composition is denied at the policy gate. The mcp-policy.json default-deny posture is not negotiable for external identity claims.

Related skills

  • validate-harness (iter 22) — release-readiness umbrella
  • threat-model (iter 114) — MCP threat-model for PR/compliance review
  • diag-harness (iter 70) — kernel-version skew check

See also

用于自动化发布生成的 harness 到 npm。执行构建、运行冒烟测试、签署 witness manifest 并验证,最后通过 provenance 方式发布包,支持干跑模式。
用户需要发布新版本的 harness 包 用户请求执行完整的发布流水线包括签名和验证
.claude-plugin/skills/publish-harness/SKILL.md
npx skills add ruvnet/metaharness --skill publish-harness -g -y
SKILL.md
Frontmatter
{
    "name": "publish-harness",
    "description": "Publish a generated harness to npm — runs the smoke test, signs the witness manifest, and dispatches `npm publish --provenance` from your tagged release."
}

publish-harness

Codex skill that runs the full smoke-test → witness-sign → npm publish pipeline for a generated harness.

What it does

  1. Builds the harness with npm run build
  2. Runs npm test to confirm green tests
  3. Calls harness sign to produce a fresh witness manifest (requires WITNESS_SIGNING_KEY env)
  4. Confirms harness verify accepts the freshly signed manifest
  5. Either:
    • dry_run=true (default): runs npm publish --dry-run and reports tarball stats
    • dry_run=false: runs the real npm publish --provenance --access public

Usage from Codex

/publish-harness path=./my-harness
/publish-harness path=./my-harness dry_run=false

Equivalent CLI

cd ./my-harness
npm run build
npm test
harness sign
harness verify
npm publish --provenance --access public

Required env

  • WITNESS_SIGNING_KEY — 64-hex-char ed25519 seed (fetch from GCP Secret Manager via harness secrets fetch WITNESS_SIGNING_KEY)
  • NPM_TOKEN — npm registry credential (Codex skill assumes the host has it set, or fetches via harness secrets fetch NPM_TOKEN)

See also

  • validate-harness — release-readiness gate (run this FIRST)
  • harness-secrets — manage GCP-stored signing/publishing tokens
为本地仓库生成7部分就绪度评分卡,评估代理拓扑、MCP风险及测试信心。通过退出码判定状态,支持JSON和Bundle格式输出,用于脚手架前检查或CI门禁。
评估本地仓库是否准备好接入Harness 在CI中检查PR的发布就绪度和风险 生成标准化的仓库就绪快照
.claude-plugin/skills/repo-genome/SKILL.md
npx skills add ruvnet/metaharness --skill repo-genome -g -y
SKILL.md
Frontmatter
{
    "name": "repo-genome",
    "description": "7-section readiness scorecard for a LOCAL repo. Reports repo type + agent topology + MCP risk + test confidence + release readiness + recommended harness plan + scorecard. Exit 0 ready, 1 needs-work, 2 blocked. --json for the 6-field scorecard, --bundle for the ADR-031 schema-1 envelope."
}

repo-genome

Codex skill: 7-section readiness scorecard for a local repo — the ADR-031 Bundle JSON Pattern surfaced through Codex (iter 110 → 114).

What it does

Answers a different question than analyze-repo:

  • analyze-repo — "which archetype / template / agents fit this repo?"
  • repo-genome — "is this repo READY for that harness, and what's the risk?"

Produces a 7-section report:

  1. Repo profile — type, languages, build/test commands, ci presence
  2. Agent topology — recommended roles (maintainer / tester / security / release)
  3. MCP risk model — surface + numeric risk + policy posture
  4. Test confidence — how strong are the test signals
  5. Release readiness — buildable / testable / ci-wired
  6. Recommended harness plan — template, archetype, hosts, agents, skills
  7. Scorecard — risk_score, publish_readiness, test_confidence

LOCAL-only, deterministic, never executes repo code. Same invariant as analyze-repo (inherited via the shared inventory/profile pipeline).

Verdict Exit Meaning
ready 0 publish_readiness >= 0.75 && risk_score < 0.35
needs-work 1 somewhere in the middle
blocked 2 risk_score >= 0.7

Usage from Codex

/repo-genome path=./my-repo
/repo-genome path=./my-repo bundle=true
/repo-genome path=./my-repo out=./harness-genome.json

Equivalent CLI

harness genome ./my-repo                          # text report
harness genome ./my-repo --json                   # 6-field scorecard JSON
harness genome ./my-repo --bundle                 # ADR-031 schema-1 envelope
harness genome ./my-repo --out harness-genome.json # write scorecard to file

Sample 6-field output (--json)

{
  "repo_type": "rust_node_polyglot_mcp_ci",
  "agent_topology": ["maintainer", "tester", "security", "release"],
  "risk_score": 0.31,
  "mcp_surface": "local_default_deny",
  "test_confidence": 0.86,
  "publish_readiness": 0.78
}

When to use it

  • Before scaffolding a harness — run genome first, decide whether the repo is ready or needs cleanup
  • In CI on incoming PRs — post the genome report as a check; alert when risk_score crosses a threshold
  • For support tickets — --bundle emits the full readiness snapshot sanitised for safe sharing

Related skills

  • repo-analyze (iter — proposed) — the archetype-and-plan recommendation
  • compare-harnesses (iter 109) — diff two scaffolded harnesses
  • diag-harness (iter 70) — kernel-version skew check
  • score-harness (iter 114) — post-scaffold harness scorecard

See also

用于检测并应用脚手架Harness与最新模板间的差异。自动计算新增、移除及变更文件,支持安全应用无冲突修改,并通过Git标记或.rej文件处理用户编辑产生的冲突,默认仅执行干运行。
需要更新已定制化的脚手架代码以同步上游模板变更 检查项目文件与生成模板之间的漂移情况
.claude-plugin/skills/upgrade-harness/SKILL.md
npx skills add ruvnet/metaharness --skill upgrade-harness -g -y
SKILL.md
Frontmatter
{
    "name": "upgrade-harness",
    "description": "Drift detection + apply for a scaffolded harness. Re-renders the template with the same vars, computes added\/removed\/changed file plan, and applies with Git-style conflict markers or .rej files. Default is dry-run."
}

upgrade-harness

Codex skill: drift detection + apply for a scaffolded harness.

What it does

Re-renders the template that produced the harness against the current generator version, using the same vars the original scaffold used. Computes a 3-bucket plan:

Bucket Meaning
added upstream template now has files the harness doesn't
removed upstream template no longer has files the harness does
changed upstream and harness differ; sub-classified clean vs conflict

A clean change means the harness's version equals the original generation — apply safely. A conflict means the user edited the file post-scaffold; the apply step writes either Git-style inline markers or a .rej sidecar for manual merge.

Usage from Codex

/upgrade-harness                                       # dry-run on cwd
/upgrade-harness path=./my-harness
/upgrade-harness path=./my-harness apply=true
/upgrade-harness path=./my-harness apply=true conflict=rej

Equivalent CLI

harness upgrade ./my-harness                           # dry-run
harness upgrade ./my-harness --apply                   # apply, inline conflicts
harness upgrade ./my-harness --apply --conflict=rej    # apply, .rej sidecars

Lifecycle position

scaffold (create-agent-harness)
    ↓
 edit (you)
    ↓
 upgrade (this skill)   <- catches up to the latest template
    ↓
 sign / verify / publish

Exit codes

Code Meaning
0 No drift OR clean apply (no conflicts)
1 Unresolved conflicts after apply, OR not a generated harness, OR template missing
2 Bad --conflict= value

CI workflows can gate on exit 1 to flag unresolved conflicts.

一键执行5项发布就绪检查:doctor、verify、path-guard、mcp配置及GCP密钥验证,任一失败则退出。
用户请求验证harness的发布准备状态 需要运行完整的发布前检查清单
.claude-plugin/skills/validate-harness/SKILL.md
npx skills add ruvnet/metaharness --skill validate-harness -g -y
SKILL.md
Frontmatter
{
    "name": "validate-harness",
    "description": "Release-readiness umbrella check for a scaffolded harness — runs doctor, witness verify, hardcoded-path scan, MCP server config, and GCP Secret Manager validation in one shot. Exits non-zero if any sub-check fails."
}

validate-harness

Codex skill that runs the 5 release-readiness gates from harness validate.

What it checks

# Check What it does
1 doctor File shape + manifest sha256 + at-least-one host artifact
2 verify Witness manifest signature (Ed25519) — skipped if no witness yet
3 path-guard Scans your TS/JS/Rust files for hardcoded /tmp/, C:\, /Users/, /home/ — the original Windows /tmp bug regression class
4 mcp .mcp/servers.json entries have name + command
5 secrets gcloud auth list + project + NPM_TOKEN exist in GCP Secret Manager

Each check reports PASS / FAIL / WARN with a one-line detail. Exits 1 if any FAIL.

Usage from Codex

/validate-harness
/validate-harness path=./my-harness
/validate-harness path=./my-harness skip_gcp=true
/validate-harness secret=NPM_TOKEN_DEV

Equivalent CLI

harness validate ./my-harness --skip-gcp --secret=NPM_TOKEN_DEV

Why this exists

Before iter 20, you needed to remember to run harness doctor, harness verify, harness secrets check, and node scripts/path-guard.mjs separately. This is the single release-readiness gate.

验证脚手架 harness 的 Ed25519 witness 签名,快速确认发布者身份。专用于 CI、联邦握手及多签流程,比完整校验更轻量。支持严格模式与非严格模式,返回 VALID/INVALID 结果。
需要快速验证文件集签名完整性时 CI 流水线仅需检查签名而非完整发布就绪状态时 多个 harness 联邦前需进行快速签名握手时
.claude-plugin/skills/verify-witness/SKILL.md
npx skills add ruvnet/metaharness --skill verify-witness -g -y
SKILL.md
Frontmatter
{
    "name": "verify-witness",
    "description": "Verify the Ed25519 witness manifest of a scaffolded harness. Fast yes\/no signature check that proves the publisher signed this exact file set — separate from the full release-readiness umbrella in validate-harness."
}

verify-witness

Codex skill: Ed25519 witness manifest verification for a scaffolded harness.

What it does

Reads .harness/witness.json, validates the Ed25519 signature against the embedded public key, and reports VALID / INVALID with a one-line reason.

Distinct from validate-harness:

  • validate-harness is the umbrella — doctor + verify + path-guard + mcp + secrets
  • verify-witness is only the signature check — fast yes/no for CI / federation handshakes / multi-signer workflows

Usage from Codex

/verify-witness
/verify-witness path=./my-harness
/verify-witness path=./my-harness strict=false

Equivalent CLI

harness verify ./my-harness

Why it's separate from validate-harness

When two harnesses federate (iter 9), they need to confirm each other's witness signatures BEFORE doing the full release-readiness check. Splitting this surface lets federation peers run a fast signature handshake without paying for the full validate sweep.

Also: CI workflows that only care about signature integrity (e.g. mirroring a published harness to a private registry) can call this skill instead of the heavier umbrella.

What's checked

Check Detail
File present .harness/witness.json exists
Manifest shape All required fields (harness, version, entries, public_key, signature)
Signature Ed25519 verify against the embedded public key
Strict mode If strict=true and no witness, exit non-zero. If false, soft-skip with PASS

Exit 0 = signature VALID. Exit 1 = INVALID / missing (strict mode).

首页 - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-13 19:51
浙ICP备14020137号-1 $访客地图$