Initial public commit

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bb-connor

.github/workflows/ci.yml

@@ -0,0 +1,76 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  self-test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - name: Checkout chio-test-harness
+        uses: actions/checkout@v4
+        with:
+          path: chio-test-harness
+
+      - name: Checkout arc (chio source)
+        uses: actions/checkout@v4
+        with:
+          # Placeholder: replace owner/arc once the GitHub org is live.
+          repository: owner/arc
+          path: arc
+          ref: main
+
+      - name: Setup chio
+        uses: owner/chio-ci-actions/setup-chio@v0.1.0
+        with:
+          mode: build
+          arc-path: arc
+
+      - name: Install hello-mcp deps
+        working-directory: chio-test-harness/hello-mcp
+        run: bun install --frozen-lockfile
+
+      - name: Start daemons
+        working-directory: chio-test-harness
+        run: bash bin/start.sh
+
+      - name: Verify READY (idempotent re-invoke)
+        working-directory: chio-test-harness
+        run: |
+          out="$(bash bin/start.sh)"
+          echo "${out}"
+          grep -q READY <<<"${out}" || exit 1
+
+      - name: Probe env.sh
+        working-directory: chio-test-harness
+        run: |
+          # shellcheck disable=SC1091
+          source bin/env.sh
+          : "${CHIO_TRUST_URL:?}"
+          : "${CHIO_MCP_URL:?}"
+          : "${CHIO_TOKEN:?}"
+          : "${CHIO_POLICY:?}"
+          echo "harness env OK: trust=${CHIO_TRUST_URL} mcp=${CHIO_MCP_URL}"
+
+      - name: Health check
+        working-directory: chio-test-harness
+        run: |
+          curl -fsS "http://127.0.0.1:8940/health" >/dev/null
+          echo "trust plane healthy"
+
+      - name: Stop daemons
+        if: always()
+        working-directory: chio-test-harness
+        run: bash bin/stop.sh || true
+
+      - name: Upload var/ on failure
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: harness-var
+          path: chio-test-harness/var
+          if-no-files-found: ignore

.github/workflows/release.yml

@@ -0,0 +1,78 @@
+name: release
+
+# SLSA L3 + Sigstore provenance + reproducible build for @chio/test-harness.
+#
+# chio-test-harness ships the daemon-boot scripts + hello-mcp reference mcp.
+# The published npm tarball is built from a synthesised top-level package
+# that vendors `bin/`, `hello-mcp/` (without node_modules), `policy/`,
+# LICENSE and README.
+#
+# Secrets referenced:
+#   NPM_TOKEN  — npm publish auth (skip if using npm Trusted Publishers).
+#
+# Placeholders:
+#   owner/chio-ci-actions — swap to your GH org before pushing.
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        required: false
+        default: "v0.0.0-dev"
+      dry-run:
+        required: false
+        default: "true"
+
+permissions:
+  contents: read
+  id-token: write
+  attestations: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    outputs:
+      artifact-name: ${{ steps.hash.outputs.artifact-name }}
+      hashes: ${{ steps.hash.outputs.hashes }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build + pack + publish
+        id: publish
+        uses: owner/chio-ci-actions/publish-chio@v0.1.0
+        with:
+          artifact-type: npm
+          package-name: "@chio/test-harness"
+          tag: ${{ github.event.inputs.tag || github.ref_name }}
+          dry-run: ${{ github.event.inputs.dry-run || 'false' }}
+          # No TypeScript build; harness is plain bash + a tiny MCP.
+          build-command: "bash scripts/prep-release.sh"
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Compute subjects for SLSA generator
+        id: hash
+        run: |
+          set -euo pipefail
+          name="$(basename "${{ steps.publish.outputs.artifact-path }}")"
+          sha="${{ steps.publish.outputs.artifact-sha256 }}"
+          echo "hashes=$(printf '%s  %s\n' "$sha" "$name" | base64 -w0)" >> "$GITHUB_OUTPUT"
+          echo "artifact-name=$name" >> "$GITHUB_OUTPUT"
+
+  provenance:
+    needs: [build]
+    permissions:
+      id-token: write
+      contents: read
+      actions: read
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    with:
+      base64-subjects: ${{ needs.build.outputs.hashes }}
+      upload-assets: true
+      provenance-name: "${{ needs.build.outputs.artifact-name }}.intoto.jsonl"

.gitignore

@@ -0,0 +1,3 @@
+var/
+node_modules/
+*.log

COMMITS.md

@@ -0,0 +1,119 @@
+# COMMITS.md — chio-test-harness
+
+Reusable live-daemon fixture. Consumed by `@chio/bridge` live tests and
+by every plugin's smoke script (ST.2.x). No mocks — boots real
+`chio trust serve` + `chio mcp serve-http` subprocesses. Target first
+ship tag: `v0.1.0`.
+
+---
+
+## 1. chore: scaffold harness with bin scripts and gitignore
+
+**Body.** Initial scaffold — `LICENSE`, `.gitignore` (excludes `var/`
+runtime state), the `bin/` skeleton. No package.json — harness is
+bash-first so smoke tests in any language can source it. Wave 1.
+
+**Files.**
+
+- `LICENSE`
+- `.gitignore`
+- `bin/` directory layout (empty placeholders committed as part of the
+  next commit; included here only as the directory reservation).
+
+---
+
+## 2. feat: add start, stop, wait-ready, env scripts backed by real chio
+
+**Body.** `bin/start.sh` idempotently boots `chio trust serve`
+(127.0.0.1:8940) + `chio mcp serve-http` (127.0.0.1:8931), waits for
+`/health` to go 200 on both. `bin/stop.sh` kills both by pid-file,
+retains logs in `var/`. `bin/wait-ready.sh` polls until both services
+respond. `bin/env.sh` exports the `CHIO_*` env vars every downstream
+smoke script reads. Wave 1.
+
+**Files.**
+
+- `bin/start.sh`
+- `bin/stop.sh`
+- `bin/wait-ready.sh`
+- `bin/env.sh`
+
+---
+
+## 3. feat: add canonical policy fixtures and hello-mcp subprocess
+
+**Body.** Three HushSpec 0.1.0 policies (`canonical.yaml`,
+`tiny-budget.yaml`, `extensions.yaml`) covering the happy path, a
+velocity-capped variant, and the `extensions.chio.*` passthrough
+path. `hello-mcp/server.mjs` is a stdio MCP server exposing `echo`,
+`delete_file`, and `paid_action` — the minimum toolset needed to
+exercise allow / deny-by-forbidden-path / deny-by-budget. MCP SDK
+pinned to `0.6.0` to work around the `capabilities.sampling.tools`
+forward-compat bug on `0.7.x`. Wave 1.
+
+**Files.**
+
+- `policy/canonical.yaml`
+- `policy/tiny-budget.yaml`
+- `policy/extensions.yaml`
+- `hello-mcp/server.mjs`
+- `hello-mcp/package.json`
+- `hello-mcp/bun.lock`
+
+---
+
+## 4. feat: prefer chio over legacy arc binary during harness bootstrap
+
+**Body.** Harness resolves the runtime binary in this order:
+explicit `CHIO_BIN`, sibling `chio` next to `CHIO_ARC_BIN`,
+`../arc/target/release/chio` fallback, then `chio` on `PATH`.
+Mirrors the ladder `@chio/bridge` uses, so harness + bridge never
+diverge on which runtime they boot. Wave 5.0.1.
+
+**Files.**
+
+- `bin/env.sh` — `CHIO_BIN` resolution block.
+- `bin/start.sh` — uses `$CHIO_BIN` to launch trust + edge.
+
+---
+
+## 5. ci: smoke-test the harness against a real chio build
+
+**Body.** GitHub Actions workflow: check out arc, run
+`setup-chio@v0.1.0`, start the harness, hit `/health` on both
+endpoints, run a minimal `chio check` allow/deny round-trip, tear
+down. Typecheck is non-blocking per Wave 5.1. Wave 5.1.
+
+**Files.**
+
+- `.github/workflows/ci.yml`
+
+---
+
+## 6. ci: add SLSA L3 release workflow for harness tarball
+
+**Body.** Tag-triggered workflow that packages `bin/`, `policy/`,
+and `hello-mcp/package.json` as a GitHub Release asset, signs it
+with Sigstore keyless, and attaches a generic SLSA L3 provenance
+statement. Harness isn't on npm — it's consumed via
+`actions/checkout` from downstream CI. Wave 5.5.
+
+**Files.**
+
+- `.github/workflows/release.yml`
+- `scripts/verify-release.sh` — verifies the release asset sha256
+  matches the attestation subject.
+
+---
+
+## 7. docs: README with usage, caveats, and smoke assertions
+
+**Body.** Documents the prereqs, the six smoke assertions every
+ST.2.x plugin must cover, the MCP SDK 0.6.0 pin rationale, and the
+two canonical-policy caveats (`human_in_loop.approve_above` and
+`rules.velocity.max_spend_per_window` — both require grant shapes
+`chio check`'s synthetic grant doesn't provide). Wave 5.2.
+
+**Files.**
+
+- `README.md`

LICENSE

@@ -0,0 +1,15 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.