harness

Harness service — deterministic validation gating for autonomous actions. Pure validation functions, no OTP supervision. Gated actions include memory writes, file writes, shell commands, and tool calls from Pulse/Reflection/Cron.

Policies are driven by the [harness] config section in agent.toml.

Values

scan_content

</>

pub fn scan_content(content: String) -> Result(Nil, String)

service

</>

pub fn service() -> shapes.Service

Service shape — supervised: False (pure validation, no process needed).

validate_file_write

</>

pub fn validate_file_write(path: String) -> Result(Nil, String)

Gate a file write from an autonomous agent.

validate_memory_write

</>

pub fn validate_memory_write(
  content: String,
) -> Result(Nil, String)

Gate a memory write from an autonomous agent. Checks the harness is enabled and memory writes are allowed, then scans for injection/exfiltration patterns.

validate_shell_command

</>

pub fn validate_shell_command(
  command: String,
) -> Result(Nil, String)

Gate a shell command from an autonomous agent.

validate_tool_call

</>

pub fn validate_tool_call(
  tool_name: String,
) -> Result(Nil, String)

Gate a tool call by name. Only whitelisted tools are allowed.