harness-secrets
This skill provides three modes for managing GCP Secret Manager integration in CI/CD pipelines. The "check" mode validates GCP setup and authentication prerequisites before publishing. The "fetch" mode retrieves secret values for pipeline use. The "validate-token" mode confirms an NPM token is active by running npm whoami without executing a full publish. Use this to rotate short-lived credentials at publish time and verify token validity before release.
git clone --depth 1 https://github.com/ruvnet/agent-harness-generator /tmp/harness-secrets && cp -r /tmp/harness-secrets/.claude-plugin/skills/harness-secrets ~/.claude/skills/harness-secretsSKILL.md
# harness-secrets > Codex skill for GCP Secret Manager — check / fetch / validate-token. ## Modes ### check Validates the full GCP setup (`gcloud` on PATH, active project, auth principal, secret exists, WIF pool present). Use this when bootstrapping a new GCP project for publish. ``` /harness-secrets mode=check /harness-secrets mode=check secret=NPM_TOKEN_DEV /harness-secrets mode=check project=my-gcp-project secret=NPM_TOKEN ``` ### fetch Fetches a secret value to stdout. Use in pipelines: ``` /harness-secrets mode=fetch secret=NPM_TOKEN /harness-secrets mode=fetch secret=GH_TOKEN version=3 ``` ### validate-token Fetches `NPM_TOKEN` and runs `npm whoami` against the registry. No publish — just confirms the token isn't revoked. Use this BEFORE you tag a release. ``` /harness-secrets mode=validate-token /harness-secrets mode=validate-token secret=NPM_TOKEN_STAGING ``` ## Equivalent CLI ```bash harness secrets check --secret=NPM_TOKEN harness secrets fetch NPM_TOKEN --version=3 harness secrets validate-token ``` ## Why this exists So you can refresh + verify the publish-time GCP secret WITHOUT triggering a real publish.
Diff two scaffolded harnesses (ADR-031). Reports manifest meta drift + host list + per-file fingerprint changes (added/removed/changed). Exits 0 IDENTICAL, 1 DRIFT, 2 missing manifest. Use --bundle for the ADR-031 schema-1 JSON envelope.
Scaffold your own focused AI agent harness — pick host (Claude Code, Codex, pi.dev, Hermes), template, agents, skills, and ship a npm-publishable harness with its own npx CLI. Use when a user asks to "create my own agent harness", "scaffold a harness", "make a custom Claude Code plugin like ruflo", or "build a vertical AI assistant for X".
Kernel-version skew check (ADR-027). Reports manifest surface + manifest kernel + installed kernel + verdict (match/patch-diff/minor-diff/major-diff). Exits 1 on minor/major skew with a copy-pasteable `npm install @metaharness/kernel@X.Y.Z` next step. Exits 2 if no .harness/manifest.json at path.
Scaffold a ready-made AI agent harness in one command from the 19 published @metaharness/* example packages — 9 host integrations (Claude Code, Codex, Hermes, pi.dev, OpenClaw, RVM, Copilot, OpenCode, GitHub Actions) + 10 vertical pods (devops, research, trading, support, legal, coding, education, sales, gaming, repo-maintainer).
List the available harness templates and what each one ships with. Use when the user asks "what templates are available", "what verticals does the harness generator support", or "show me what I can scaffold".
Emit .harness/oia-manifest.json declaring layer alignment with the OIA v0.1 9-layer reference architecture. Self-describes the harness's MCP wiring, witness signing, audit log, identity posture (always 'none' at v0.1). --check verifies an existing manifest, --dry-run prints without writing, --json emits to stdout.
Publish a generated harness to npm — runs the smoke test, signs the witness manifest, and dispatches `npm publish --provenance` from your tagged release.
7-section readiness scorecard for a LOCAL repo. Reports repo type + agent topology + MCP risk + test confidence + release readiness + recommended harness plan + scorecard. Exit 0 ready, 1 needs-work, 2 blocked. --json for the 6-field scorecard, --bundle for the ADR-031 schema-1 envelope.