publish-harness
The publish-harness skill automates the complete npm release pipeline for a generated harness, executing a build, smoke test, witness manifest signing, verification, and npm publish with provenance. Use this after validating release readiness with validate-harness and only when you have the required WITNESS_SIGNING_KEY and NPM_TOKEN environment variables configured, supporting both dry-run and production publishing modes.
git clone --depth 1 https://github.com/ruvnet/agent-harness-generator /tmp/publish-harness && cp -r /tmp/publish-harness/.claude-plugin/skills/publish-harness ~/.claude/skills/publish-harnessSKILL.md
# publish-harness > Codex skill that runs the full smoke-test → witness-sign → npm publish pipeline for a generated harness. ## What it does 1. Builds the harness with `npm run build` 2. Runs `npm test` to confirm green tests 3. Calls `harness sign` to produce a fresh witness manifest (requires `WITNESS_SIGNING_KEY` env) 4. Confirms `harness verify` accepts the freshly signed manifest 5. Either: - `dry_run=true` (default): runs `npm publish --dry-run` and reports tarball stats - `dry_run=false`: runs the real `npm publish --provenance --access public` ## Usage from Codex ``` /publish-harness path=./my-harness /publish-harness path=./my-harness dry_run=false ``` ## Equivalent CLI ```bash cd ./my-harness npm run build npm test harness sign harness verify npm publish --provenance --access public ``` ## Required env - `WITNESS_SIGNING_KEY` — 64-hex-char ed25519 seed (fetch from GCP Secret Manager via `harness secrets fetch WITNESS_SIGNING_KEY`) - `NPM_TOKEN` — npm registry credential (Codex skill assumes the host has it set, or fetches via `harness secrets fetch NPM_TOKEN`) ## See also - `validate-harness` — release-readiness gate (run this FIRST) - `harness-secrets` — manage GCP-stored signing/publishing tokens
Diff two scaffolded harnesses (ADR-031). Reports manifest meta drift + host list + per-file fingerprint changes (added/removed/changed). Exits 0 IDENTICAL, 1 DRIFT, 2 missing manifest. Use --bundle for the ADR-031 schema-1 JSON envelope.
Scaffold your own focused AI agent harness — pick host (Claude Code, Codex, pi.dev, Hermes), template, agents, skills, and ship a npm-publishable harness with its own npx CLI. Use when a user asks to "create my own agent harness", "scaffold a harness", "make a custom Claude Code plugin like ruflo", or "build a vertical AI assistant for X".
Kernel-version skew check (ADR-027). Reports manifest surface + manifest kernel + installed kernel + verdict (match/patch-diff/minor-diff/major-diff). Exits 1 on minor/major skew with a copy-pasteable `npm install @metaharness/kernel@X.Y.Z` next step. Exits 2 if no .harness/manifest.json at path.
Scaffold a ready-made AI agent harness in one command from the 19 published @metaharness/* example packages — 9 host integrations (Claude Code, Codex, Hermes, pi.dev, OpenClaw, RVM, Copilot, OpenCode, GitHub Actions) + 10 vertical pods (devops, research, trading, support, legal, coding, education, sales, gaming, repo-maintainer).
GCP Secret Manager integration: validate setup, fetch values, or confirm an NPM_TOKEN is non-revoked via `npm whoami`. Used for publish-time token rotation without long-lived keys in CI.
List the available harness templates and what each one ships with. Use when the user asks "what templates are available", "what verticals does the harness generator support", or "show me what I can scaffold".
Emit .harness/oia-manifest.json declaring layer alignment with the OIA v0.1 9-layer reference architecture. Self-describes the harness's MCP wiring, witness signing, audit log, identity posture (always 'none' at v0.1). --check verifies an existing manifest, --dry-run prints without writing, --json emits to stdout.
7-section readiness scorecard for a LOCAL repo. Reports repo type + agent topology + MCP risk + test confidence + release readiness + recommended harness plan + scorecard. Exit 0 ready, 1 needs-work, 2 blocked. --json for the 6-field scorecard, --bundle for the ADR-031 schema-1 envelope.