feat(agentic-harness): mandatory pre-write change-manifest approval (v0.3.0)#10
Conversation
…v0.3.0) harness-setup gains Step 2b: before creating, updating, or deleting anything — and before installing or uninstalling any tool — it presents an explicit change manifest (every agent, skill, orchestrator, pointer, and tool action) and writes nothing until the user formally approves the list. Mandatory on every path (new build, extend, apply-review-context, sync). Distinct from the Step 0 plan confirmation (approach, pre-design) and the per-tool acceptance (selection): this is the final go on the concrete artifact list. Tool registration/install/uninstall is deferred to after the manifest approval; tool-discovery.md and maintenance.md are aligned, and the deliverable checklist gains the manifest-approval precondition. Minor bump to 0.3.0 (plugin.json, marketplace.json, repo README) with a changelog entry.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d8f35a2864
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | create / update / remove | `.claude/skills/{name}/` (one row per skill) | | ||
| | create / update | `.claude/skills/{domain}-orchestrator/` | | ||
| | update | `CLAUDE.md` (harness pointer + change-history row) | | ||
| | install / uninstall | `{role} -> {tool}` (only if tool discovery or maintenance proposed it) | |
There was a problem hiding this comment.
For standalone tool discovery, the new flow now requires a tools-only manifest before writing, but this table only lists install / uninstall tool actions. When a user accepts a tool that is already available locally, the only write is updating .claude/skills/{domain}-orchestrator/references/tools.md, and this row gives the agent no manifest item to present for that registry write. That undermines the new pre-write approval gate for the accepted-tool registration path; include the registry update/create target explicitly in the manifest.
Useful? React with 👍 / 👎.
1 participant
Summary
Adds a mandatory pre-write approval gate to
harness-setup. Before creating, updating, or deleting anything — and before installing or uninstalling any tool — the skill now presents an explicit change manifest (every agent, skill, orchestrator, pointer, and tool action) and writes nothing until the user formally approves the list. Required on every path: new build, extend, apply-review-context, sync.Why
The skill had two checkpoints, but neither was a final, concrete pre-write sign-off:
So once design was settled, the skill flowed straight into writing with no consolidated "here's exactly what I'll touch — approve first." That gate is now mandatory.
Changes
SKILL.md— new Step 2b: Approve the change manifest (between design and the first write); a cross-reference from Step 0 so the approach-confirmation and the manifest-approval aren't conflated; Step 1b point 3 defers tool registration/install to after the manifest; deliverable checklist gains the manifest-approval precondition as its first item.references/tool-discovery.md— registration/install/uninstall is a write, carried out only after the manifest is approved; standalone tool runs present a tools-only manifest first.references/maintenance.md— the operations workflow and tool-retirement route their changes through the Step 2b manifest.The existing safeguards are unchanged: tool research is still always offered and run only on a yes, and individual tools are still adopted only by per-tool acceptance. Step 2b is the final consolidated go before execution.
Test plan
bash tests/ci/run-structural-tests.sh→ "All test suites passed"~~tokens, no marketing words, no angle brackets in descriptions; references resolve; shared docs cited via${CLAUDE_PLUGIN_ROOT}/shared/...0.2.0 → 0.3.0acrossplugin.json,marketplace.json, repo README row; changelog entry added