feat(harness): --harness selection + verified AuthModes (phase 3) #17

Merged
pti merged 1 commit from feat-harness-registry-p3 into main 2026-07-07 16:59:48 +02:00
Owner

Phase 3 of design/harness-descriptor.md — harness selection + real auth verification.

What

  • wraptool up --harness <name> (default claude) picks which harness the guix container is wired for; bringUpGuixContainer writes that harness's config via harness.Write.
  • AuthModes verified against each tool's docs (not guessed):
    • agy, claude, cursor, gemini, opencode, windsurf → all take headers: {Authorization: "Bearer …"} on a remote server → AuthHeader (shared bearer() helper).
    • roo → accepts a headers object but a known bug drops it on SSE (Roo-Code#2480) → stays AuthUnverified; a token fails loudly instead of a silent 401.
    • pinot a descriptor yet — I couldn't identify which tool "pi" is or its config schema. One registry row once you point me at it.

Verified e2e

  • up --harness opencodeopencode.json with mcp/type:remote/headers.Authorization: Bearer ….
  • up --harness roo → fails loud with the AuthUnverified error.

Full go test ./... + golangci-lint clean.

Note on pi

What is pi? (tool name / repo / where it reads MCP config) — I'll add the descriptor.

🤖 Generated with Claude Code

Phase 3 of `design/harness-descriptor.md` — harness selection + real auth verification. ## What - **`wraptool up --harness <name>`** (default `claude`) picks which harness the guix container is wired for; `bringUpGuixContainer` writes that harness's config via `harness.Write`. - **AuthModes verified against each tool's docs** (not guessed): - `agy`, `claude`, `cursor`, `gemini`, `opencode`, `windsurf` → all take `headers: {Authorization: "Bearer …"}` on a remote server → **AuthHeader** (shared `bearer()` helper). - `roo` → accepts a headers object but a **known bug drops it on SSE** ([Roo-Code#2480](https://github.com/RooCodeInc/Roo-Code/issues/2480)) → stays **AuthUnverified**; a token fails loudly instead of a silent 401. - `pi` → **not a descriptor yet** — I couldn't identify which tool "pi" is or its config schema. One registry row once you point me at it. ## Verified e2e - `up --harness opencode` → `opencode.json` with `mcp`/`type:remote`/`headers.Authorization: Bearer …`. - `up --harness roo` → fails loud with the AuthUnverified error. Full `go test ./...` + golangci-lint clean. ## Note on `pi` What is `pi`? (tool name / repo / where it reads MCP config) — I'll add the descriptor. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
feat(harness): --harness selection + verified AuthModes (phase 3)
All checks were successful
Lint / lint (pull_request) Successful in 15s
7cab72706e
Phase 3 of design/harness-descriptor.md. `wraptool up --harness <name>` (default
claude) selects which harness the guix container is wired for; the container
path writes that harness's config via harness.Write.

Auth verified per each tool's docs and set: agy, claude, cursor, gemini,
opencode, windsurf all accept `headers: {Authorization: "Bearer …"}` on a remote
server → AuthHeader (a shared bearer() helper adds the header when a token is
set). roo accepts the header but a known bug drops it on SSE
(RooCodeInc/Roo-Code#2480), so it stays AuthUnverified — a token fails loudly
rather than 401ing silently. `pi` is not yet a descriptor (tool/schema unknown).

Verified e2e: `up --harness opencode` writes opencode.json with the Bearer
header; `up --harness roo` fails loud. Full go test ./... + golangci-lint clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
pti merged commit 87c3de196c into main 2026-07-07 16:59:48 +02:00
pti deleted branch feat-harness-registry-p3 2026-07-07 16:59:48 +02:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pti/wraptool!17
No description provided.