feat(harness): manifest-driven compile-harness deploy engine (ENGINE-001)#172
Merged
Conversation
…001) Compile enforced vault patterns into marker-delimited override blocks in AGENTS.md and ai/claude/CLAUDE.md, guarded by an offline drift check. Rules enforced in agent instruction files now have a vault source of truth, a committed source-of-record, and a verification that runs with no vault present (#156 regression class). - scripts/compile-harness.sh: --refresh (vault section -> harness/enforced/ <id>.md -> injected marker region, with per-file line caps) and --check (offline render + diff against each target, no vault access) - harness/manifest.json + harness/enforced/: three rules (no-attribution, english-only, no-phase-references) mapped to AGENTS.md + ai/claude/CLAUDE.md - scripts/healthcheck.sh: check_harness assertion (offline) - setup-linux.sh: runs --refresh during deploy; committed blocks are the fallback when the vault is absent - ai/claude/CLAUDE.md line cap raised 80 -> 100 to fit the generated block - tests/compile-harness.bats: 12 tests covering AC1-AC7 Spec: specs/ENGINE-001-deploy-engine-core/ (HARNESS-001 epic, #162).
mlorentedev
added a commit
that referenced
this pull request
May 30, 2026
mlorentedev
added a commit
that referenced
this pull request
May 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Engine core of the HARNESS-001 epic (#162): a manifest-driven deploy engine that compiles enforced vault patterns into marker-delimited "Overrides of Harness Defaults" blocks inside the agent instruction files (
AGENTS.md,ai/claude/CLAUDE.md), guarded by an offline drift check.Closes the #156 regression class: a rule enforced in agent files had no vault source of truth, so a harness default (e.g.
Co-Authored-Byon commits) could silently win at runtime. Now every enforced rule has a vault source, a committed source-of-record (harness/enforced/<id>.md), and a--checkthat runs with no vault present.How
scripts/compile-harness.sh--refresh(needs the vault): extracts each manifest section by anchor → writesharness/enforced/<id>.md→ injects one marker-delimited region per target, ordered by the manifest, carrying asha256prefix + SSOT pointer. Asserts per-file line caps.--check(offline): renders from the committed records and diffs each target's managed region; non-zero exit on any drift. No vault access.harness/manifest.json+harness/enforced/: three rules (no-attribution, english-only, no-phase-references) mapped toAGENTS.md+ai/claude/CLAUDE.md.scripts/healthcheck.sh:check_harnessassertion calling--check(offline, runs on a vault-less machine).setup-linux.sh: runs--refreshduring deploy; committed blocks are the fallback when the vault is absent.ai/claude/CLAUDE.mdline cap raised 80 → 100 to fit the generated block (justified inline intests/opencode.bats).Verification
bats tests/compile-harness.bats→ 12/12 green (AC1–AC7 + help/unknown-arg + healthcheck/setup wiring).shellcheck scripts/compile-harness.shclean;bash -n+zsh -npass.--checkreports no drift on the real repo;--refreshagainst the vault is idempotent (byte-identical re-run).specs/ENGINE-001-deploy-engine-core/features.json: 7 features, one executable verification per AC.Scope
Spec:
specs/ENGINE-001-deploy-engine-core/. Out of scope, sequenced in the umbrella (#162): Windowscompile-harness.ps1+ Pester, agents beyond Claude/AGENTS, and the rule-discovery consumers.