# harness - Doramagic AI Context Pack

> Positioning: a pre-install experience and judgment asset. It helps the host AI get off to a good start, but it does not mean the project has already been installed, run, or validated.

## Sufficiency Principle

- **Sufficiency over compression**: The AI Context Pack should be sufficient for the host AI to understand the project's value, capability boundaries, entrypoints, risks, and evidence sources before starting work; it may be layered, but it does not aim for the shortest possible summary.
- **Compression policy**: Compress only noise and duplication, never context that affects judgment or the quality of the work.

## How the Host AI Should Use This

You are reading the AI Context Pack that Doramagic compiled for harness. Treat it as pre-work context: help the user understand who it fits, what it can do, how to start, what must be verified after install, and where the risks are. Do not claim that you have already installed, run, or executed the target project.

## Claim Consumption Rules

- **Fact source**: Repo Evidence + Claim/Evidence Graph; the Human Wiki only supplies salience, terminology, and narrative structure.
- **Minimum status for a fact**: `supported`
- `supported`: May be used as a project fact, but the answer must cite the claim_id and evidence path.
- `weak`: Usable only as a low-confidence lead; the user must be asked to keep verifying.
- `inferred`: Usable only for risk notes or open questions; must not be packaged as a project fact.
- `unverified`: Must not be used as fact; state clearly that evidence is insufficient.
- `contradicted`: Must show the conflicting sources and must not force a single version on the user's behalf.

## Who It Fits Best

- **Users who want to understand an open-source project's value and boundaries before installing**: Current evidence comes mainly from project documentation. Evidence: `README.md` Claim: `clm_0002` supported 0.86

## What It Can Do

- **Command-Line Startup or Install Flow** (Verify after install): The project documentation contains runnable commands; real use requires running them in a local or host environment. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`, `app/gitspace/orchestrator/utils/script_templates/install_vscode_web.sh`, `app/gitspace/orchestrator/utils/script_templates/setup_jetbrains_ide.sh` Claim: `clm_0001` unverified 0.25

## How to Start

- `curl -fsSL https://deb.nodesource.com/setup_18.x | bash -` Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh` Claim: `clm_0003` unverified 0.25
- `npm install -g @anthropic-ai/claude-code` Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh` Claim: `clm_0004` unverified 0.25
- `curl -fsSL https://code-server.dev/install.sh | sh` Evidence: `app/gitspace/orchestrator/utils/script_templates/install_vscode_web.sh` Claim: `clm_0005` unverified 0.25
- `curl --no-progress-meter -L -o "$TMP_DOWNLOAD_DIR/$TARBALL_NAME" "$ideDownloadUrl"` Evidence: `app/gitspace/orchestrator/utils/script_templates/setup_jetbrains_ide.sh` Claim: `clm_0006` unverified 0.25

## Continue-or-Stop Decision Card

- **Current recommendation**: Sandbox trial only
- **Why**: The project has signals of install commands, host configuration, or local writes; do not go straight into your primary environment—trial it in isolation first.

### 30-Second Read

- **What to do now**: Sandbox trial only
- **Minimum safe next step**: Run Prompt Preview first; if you still want to install, trial only in an isolated environment
- **Do not trust yet**: Real output quality cannot be trusted before install.
- **Continuing will touch**: Command execution, Host AI configuration, Local environment or project files

### What You Can Trust Now

- **Target-audience signal: Users who want to understand an open-source project's value and boundaries before installing** (supported): Backed by a supported claim or project evidence, but that still is not the same as real install results. Evidence: `README.md` Claim: `clm_0002` supported 0.86

### What You Cannot Trust Yet

- **Real output quality cannot be trusted before install.** (unverified): Prompt Preview can only show how it guides you; it cannot prove result quality in the real project.
- **Host AI version compatibility cannot be trusted before install.** (unverified): Host loading rules and version differences across Claude, Cursor, Codex, Gemini, and others must be verified in a real environment.
- **That it will not pollute your existing host AI's behavior cannot be trusted directly.** (inferred): Skill, plugin, and AGENTS/CLAUDE/GEMINI instructions may change the host AI's default behavior. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`
- **Safe rollback cannot be assumed by default.** (unverified): Unless the project clearly provides uninstall and recovery instructions, verify in an isolated environment first.
- **After a real install, is it compatible with the user's current host AI version?** (unverified): Compatibility can only be verified in the actual host environment.
- **Does the project's output quality meet the user's specific task?** (unverified): The pre-install preview can only show flow and boundaries; it cannot replace real evaluation.
- **Do the install commands require network access, permissions, or global writes?** (unverified): This affects install risk in both enterprise and personal environments. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`

### What Continuing Will Touch

- **Command execution**: Package managers, network downloads, the local plugin directory, project config, or the user's home directory. Why: Running the very first command can already change your environment; decide whether it is worth running first. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`, `app/gitspace/orchestrator/utils/script_templates/install_vscode_web.sh`, `app/gitspace/orchestrator/utils/script_templates/setup_jetbrains_ide.sh`
- **Host AI configuration**: The plugin, Skill, or rule-loading config of hosts like Claude/Codex/Cursor/Gemini/OpenCode. Why: Host configuration changes how the AI works afterward and may conflict with the user's existing rules. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`
- **Local environment or project files**: Install results, plugin caches, project config, or local dependency directories. Why: The write scope and rollback path cannot be proven before install and need isolated verification. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`, `app/gitspace/orchestrator/utils/script_templates/install_vscode_web.sh`, `app/gitspace/orchestrator/utils/script_templates/setup_jetbrains_ide.sh`
- **Host AI context**: The AI Context Pack, Prompt Preview, Skill routing, risk rules, and project facts. Why: Importing context affects the host AI's later judgment, so avoid packaging unverified items as facts.

### Minimum Safe Next Steps

- **Run Prompt Preview first**: Use a pre-install interactive trial to judge whether the way of working fits; it needs no authorization or environment change. (applies when: Applies to any project, especially when output quality is unknown.)
- **Trial-install only in an isolated directory or a test account**: Avoid letting install commands pollute your primary host AI, real projects, or home directory. (applies when: When there are signals of command execution, plugin config, or local writes.)
- **Back up your host AI configuration first**: Skill, plugin, and rule files may change the default behavior of Claude/Cursor/Codex. (applies when: When there is a plugin manifest, a Skill, or a host rule entrypoint.)
- **After install, verify just one minimal task**: Verify loading, compatibility, output quality, and rollback first, then decide whether to use it deeply. (applies when: When moving from a trial into a real workflow.)

### Exit Plan

- **Preserve the pre-install state**: Record the original host config and project state so you can later judge whether it is recoverable.
- **Be ready to remove the host plugin / Skill / rule entrypoint**: If behavior is off after the trial install, you can restore the host AI to its pre-trial state.
- **Record the install commands and written paths**: Without clear uninstall instructions, you at least need to know which directories or configs to clean up manually.
- **If there is no rollback path, do not enter your primary environment**: No rollback is a blocker before continuing; do not proceed on trust or luck.

## What Can Only Be Previewed

- Explain who the project fits and what it can do
- Demonstrate a typical conversation flow based on project docs
- Help the user decide whether it is worth installing or researching further

## What Must Be Verified After Install

- Actually installing the Skill, plugin, or CLI
- Running scripts, modifying local files, or accessing external services
- Verifying real output quality, performance, and compatibility

## Boundary & Risk Decision Card

- **Mistaking the pre-install preview for a real run**: The user may overestimate how much configuration, permission, and compatibility verification the project has already done. Mitigation: Clearly separate prompt_preview_can_do from runtime_required. Claim: `clm_0007` inferred 0.45
- **Command execution will modify the local environment**: Install commands may write to the user's home directory, the host plugin directory, or project configuration. Mitigation: Run in an isolated environment or a test account first. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`, `app/gitspace/orchestrator/utils/script_templates/install_vscode_web.sh`, `app/gitspace/orchestrator/utils/script_templates/setup_jetbrains_ide.sh` Claim: `clm_0008` inferred 0.45
- **To confirm**: After a real install, is it compatible with the user's current host AI version?. Why: Compatibility can only be verified in the actual host environment.
- **To confirm**: Does the project's output quality meet the user's specific task?. Why: The pre-install preview can only show flow and boundaries; it cannot replace real evaluation.
- **To confirm**: Do the install commands require network access, permissions, or global writes?. Why: This affects install risk in both enterprise and personal environments.

## Pre-Work Working Context

### Loading Order

- First read how_to_use.host_ai_instruction to establish the boundaries of this pre-install judgment asset.
- Read claim_graph_summary to confirm facts come from the Claim/Evidence Graph, not the Human Wiki narrative.
- Then read intended_users, capabilities, and quick_start_candidates to judge whether the user is a match.
- When you need to carry out a concrete task, check role_skill_index first, then evidence_index.
- For real install, file modification, network access, performance, or compatibility questions, turn to risk_card and boundaries.runtime_required.

### Task Routes

- **Command-Line Startup or Install Flow**: State that this is an after-install capability first, then give a pre-install checklist. Boundary: Must be verified after a real install or run. Evidence: `app/gitspace/orchestrator/utils/script_templates/install_claude_code.sh`, `app/gitspace/orchestrator/utils/script_templates/install_vscode_web.sh`, `app/gitspace/orchestrator/utils/script_templates/setup_jetbrains_ide.sh`

### Context Scale

- Total files: 6086
- Important-file coverage: 40/6086
- Evidence index entries: 80
- Role / Skill entries: 10

### Handling Insufficient Evidence

- **missing_evidence**: State that evidence is insufficient and ask the user for the target file, a README section, or after-install verification records; do not fill in facts.
- **out_of_scope_request**: State that the task is beyond the current AI Context Pack's evidence scope and suggest the user check the Human Manual or verify after a real install.
- **runtime_request**: Provide a pre-install checklist and command sources, but do not run commands for the user or claim they have been run.
- **source_conflict**: Show the conflicting sources side by side, mark them as unverified, and do not force a single version.

## Prompt Recipes

### Fit assessment

- Goal: Judge whether this project fits the user's current task.
- Expected output: A fit conclusion, key reasons, evidence citations, what can be previewed before install, what must be verified after install, and a next-step recommendation.

```text
Based on the AI Context Pack for harness, ask me 3 necessary questions first, then judge whether it fits my task. The answer must cover: who it fits, what it can do, what it cannot do, whether it is worth installing, and where the evidence comes from. Every project fact must cite evidence_refs, source_paths, or a claim_id.
```

### Pre-install experience

- Goal: Let the user feel the core workflow before installing, while avoiding packaging the preview as real capability or a marketing promise.
- Expected output: An experience script with boundary labels, an after-install verification checklist, and a cautious recommendation; with no real-run promises or strong marketing language.

```text
Treat harness as a pre-install experience asset, not an already-installed tool or a real runtime environment.

Output exactly four parts:
1. Ask me 3 necessary questions first.
2. Give an "experience script": use the three labels [Previewable before install], [Must verify after install], and [Insufficient evidence] to show how it might guide the workflow.
3. Give an after-install verification checklist: list which capabilities can only be confirmed after a real install, real host loading, and a real project run.
4. Give a cautious recommendation: only "worth researching/trialing further", "add information before deciding", or "not recommended to continue"; do not endorse the project.

Hard boundaries:
- Do not claim you have installed, run, executed tests, modified files, or produced real results.
- Do not write promise-like phrasing such as "auto-adapts", "guarantees passing", "perfect fit", or "strongly recommend installing".
- If you describe how it works after install, you must use a conditional such as "if installed successfully and the host loads the Skill correctly, it might...".
- The experience script may only be written as "example lines / hypothetical flow": use "might ask / might suggest / might show", not "has written, has generated, has passed, is running, is generating".
- Prompt Preview does not hand out install commands; if the user is ready to trial, only prompt them to read Quick Start and the Risk Card first and to verify in an isolated environment.
- Every project fact must come from a supported claim, evidence_refs, or source_paths; inferred/unverified items can only be risks or open questions.

```

### Role / Skill selection

- Goal: Pick the best-matching asset from the project's roles or Skills.
- Expected output: A list of candidate roles or Skills, each with an applicable scenario, evidence paths, risk boundary, and whether after-install verification is needed.

```text
Read role_skill_index and recommend 3-5 of the most relevant roles or Skills for my target task. For each recommendation, state the applicable scenario, likely output, risk boundary, and evidence_refs.
```

### Risk pre-check

- Goal: Identify environment, permission, rule-conflict, and quality risks before installing or adopting.
- Expected output: A checklist of environment, permission, dependency, license, host-conflict, quality risk, and unknown items.

```text
Based on risk_card, boundaries, and quick_start_candidates, give me a pre-install risk pre-check list. Do not run commands for me; only explain what I should check, why, and what impact a failure would have.
```

### Host AI kickoff instruction

- Goal: Turn the project context into a host AI instruction for the start of a conversation.
- Expected output: A pre-work instruction with clear boundaries and clear evidence citations, suitable to copy to a host AI.

```text
Based on the AI Context Pack for harness, generate a pre-work instruction I can paste to my host AI. This instruction must obey not_runtime=true and must not claim the project has been installed, run, or produced real results.
```

## Role / Skill Index

- Indexed 10 role / Skill / project-doc entries.

- **Harness** (project_doc): Harness Harness Open Source is an open source development platform packed with the power of code hosting, automated DevOps pipelines, hosted development environments Gitspaces , and artifact registries. Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `README.md`
- **A collection of .gitignore templates** (project_doc): A collection of .gitignore templates Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `resources/gitignore/README.md`
- **Backfil license headers** (project_doc): Backfil license headers The script in this folder can be used to backfill license headers on existing files. To run the script, execute: Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `scripts/license/README.md`
- **Snapshot Tests for Registry Metadata Controllers** (project_doc): Snapshot Tests for Registry Metadata Controllers Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `registry/app/api/controller/metadata/testdata/README.md`
- **Cargo Tests** (project_doc): This directory contains tests for the Cargo package manager. Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `registry/tests/cargo/README.md`
- **Go Tests** (project_doc): This directory contains tests for the Go package manager. Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `registry/tests/gopkg/README.md`
- **Gitness Maven Registry Conformance Tests** (project_doc): Gitness Maven Registry Conformance Tests Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `registry/tests/maven/README.md`
- **NPM Registry Conformance Tests** (project_doc): This directory contains comprehensive conformance tests for the NPM package registry implementation in Gitness. The tests verify that the NPM registry API behaves correctly according to NPM registry specifications. Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `registry/tests/npm/README.md`
- **Contributing to Harness** (project_doc): Thank you for your interest in open source contributions to Harness. Harness uses GitHub to manage open source reviews of pull requests. Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `CONTRIBUTING.md`
- **Contributing guidelines** (project_doc): We’d love you to help us improve this project. To help us keep this collection high quality, we request that contributions adhere to the following guidelines. Activation hint: Reference this when the user needs to understand the project's structure, install path, or boundaries. Evidence: `resources/gitignore/CONTRIBUTING.md`

## Evidence Index

- Indexed 80 evidence entries.

- **Harness** (documentation): Harness Harness Open Source is an open source development platform packed with the power of code hosting, automated DevOps pipelines, hosted development environments Gitspaces , and artifact registries. Evidence: `README.md`
- **A collection of .gitignore templates** (documentation): A collection of .gitignore templates Evidence: `resources/gitignore/README.md`
- **Backfil license headers** (documentation): Backfil license headers The script in this folder can be used to backfill license headers on existing files. To run the script, execute: Evidence: `scripts/license/README.md`
- **Snapshot Tests for Registry Metadata Controllers** (documentation): Snapshot Tests for Registry Metadata Controllers Evidence: `registry/app/api/controller/metadata/testdata/README.md`
- **Cargo Tests** (documentation): This directory contains tests for the Cargo package manager. Evidence: `registry/tests/cargo/README.md`
- **Go Tests** (documentation): This directory contains tests for the Go package manager. Evidence: `registry/tests/gopkg/README.md`
- **Gitness Maven Registry Conformance Tests** (documentation): Gitness Maven Registry Conformance Tests Evidence: `registry/tests/maven/README.md`
- **NPM Registry Conformance Tests** (documentation): This directory contains comprehensive conformance tests for the NPM package registry implementation in Gitness. The tests verify that the NPM registry API behaves correctly according to NPM registry specifications. Evidence: `registry/tests/npm/README.md`
- **Package** (package_manifest): { "name": "codeui", "description": "Harness Code UI", "version": "0.0.1", "author": "Harness Inc", "license": "Harness Inc", "private": true, "homepage": "http://app.harness.io/", "repository": { "type": "git", "url": "https://github.com/harness/gitness.git" }, "bugs": { "url": "https://github.com/harness/gitness/issues" }, "keywords": , "scripts": { "prepare": "cd .. && husky install web/.husky", "webpack": "NODE ENV=development webpack serve --config config/webpack.dev.js", "webpack:cde": "NODE ENV=development MODULE=cde webpack serve --config src/cde-gitness/config/webpack.dev.js", "typed-scss": "typed-scss-modules src --watch", "dev": "run-p webpack typed-scss", "dev:cde": "MODULE=cde r… Evidence: `web/package.json`
- **Contributing to Harness** (documentation): Thank you for your interest in open source contributions to Harness. Harness uses GitHub to manage open source reviews of pull requests. Evidence: `CONTRIBUTING.md`
- **Package** (package_manifest): { "name": "cypress-tests", "private": "true", "scripts": { "cypress:open": "cypress open", "serve": "node server.js", "serve:ar": "node dist/server/index.js", "build:ar": "tsc", "dev": "nodemon --watch 'server/ / .ts' --exec 'ts-node' server/index.ts" }, "main": "index.js", "dependencies": { "@testing-library/cypress": "^8.0.3", "child process": "^1.0.2", "cypress": "^11.1.0", "express": "^4.19.2", "typescript": "^4.8.4", "wait-on": "^6.0.1" }, "devDependencies": { "@types/express": "^4.17.21", "@types/node": "^20.14.10", "nodemon": "^3.1.4", "ts-node": "^10.9.2" } } Evidence: `web/cypress/package.json`
- **Contributing guidelines** (documentation): We’d love you to help us improve this project. To help us keep this collection high quality, we request that contributions adhere to the following guidelines. Evidence: `resources/gitignore/CONTRIBUTING.md`
- **License** (source_file): Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ Evidence: `LICENSE`
- **License** (source_file): The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights defined below upon the creator and subsequent owner s each and all, an "owner" of an original work of authorship and/or a database each, a "Work" . Evidence: `resources/gitignore/LICENSE`
- **Middleware** (source_file): package audit ⋮---- import "context" "net" "net/http" "strings" ⋮---- "context" "net" "net/http" "strings" ⋮---- var trueClientIP = http.CanonicalHeaderKey "True-Client-IP" ⋮---- func Middleware func next http.Handler http.Handler ⋮---- func RealIP r http.Request string ⋮---- var ip string Evidence: `audit/middleware.go`
- **Cli** (source_file): package cli ⋮---- import "os" "github.com/harness/gitness/cli/operations/hooks" "github.com/harness/gitness/git/hook" ⋮---- "os" ⋮---- "github.com/harness/gitness/cli/operations/hooks" "github.com/harness/gitness/git/hook" ⋮---- func GetArguments string Evidence: `cli/cli.go`
- **Kuberesolver** (source_file): package git ⋮---- import "github.com/sercand/kuberesolver/v5" ⋮---- "github.com/sercand/kuberesolver/v5" ⋮---- func init Evidence: `git/kuberesolver.go`
- **Auxilary Server** (source_file): package http ⋮---- import "context" "golang.org/x/sync/errgroup" ⋮---- "context" ⋮---- "golang.org/x/sync/errgroup" ⋮---- type ListenAndServeServer interface { ListenAndServe errgroup.Group, ShutdownFunction } ⋮---- type NoOpListenAndServeServer struct{} ⋮---- func NoOpListenAndServeServer ListenAndServe errgroup.Group, ShutdownFunction Evidence: `http/auxilary_server.go`
- **Server** (source_file): package http ⋮---- import "context" "crypto/tls" "crypto/x509" "fmt" "net/http" "os" "strings" "time" "golang.org/x/crypto/acme/autocert" "golang.org/x/sync/errgroup" ⋮---- "context" "crypto/tls" "crypto/x509" "fmt" "net/http" "os" "strings" "time" ⋮---- "golang.org/x/crypto/acme/autocert" "golang.org/x/sync/errgroup" ⋮---- const DefaultReadHeaderTimeout = 2 time.Second ⋮---- type Config struct { Acme bool Host string Port int Cert string Key string AcmeHost string ReadHeaderTimeout time.Duration } ⋮---- type Server struct { config Config handler http.Handler } ⋮---- type ShutdownFunction func context.Context error ⋮---- func NewServer config Config, handler http.Handler Server ⋮---- func s… Evidence: `http/server.go`
- **Docker Client Factory** (source_file): package infraprovider ⋮---- import "context" "fmt" "net/http" "path/filepath" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" "github.com/docker/docker/client" "github.com/docker/go-connections/tlsconfig" ⋮---- "context" "fmt" "net/http" "path/filepath" ⋮---- "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "github.com/docker/docker/client" "github.com/docker/go-connections/tlsconfig" ⋮---- type DockerClientFactory struct { config DockerConfig } ⋮---- func NewDockerClientFactory config DockerConfig DockerClientFactory ⋮---- func d DockerClientFactory NewDockerClient context.Context, infra types.Infrastructure, client.Client, error ⋮… Evidence: `infraprovider/docker_client_factory.go`
- **Infra Provider Factory** (source_file): package infraprovider ⋮---- import "fmt" "github.com/harness/gitness/types/enum" ⋮---- "fmt" ⋮---- "github.com/harness/gitness/types/enum" ⋮---- type Factory interface { GetInfraProvider providerType enum.InfraProviderType InfraProvider, error } ⋮---- type factory struct { providers map enum.InfraProviderType InfraProvider } ⋮---- func NewFactory dockerProvider DockerProvider Factory ⋮---- func f factory GetInfraProvider providerType enum.InfraProviderType InfraProvider, error Evidence: `infraprovider/infra_provider_factory.go`
- **Scheduler** (source_file): package job ⋮---- import "context" "errors" "fmt" "runtime/debug" "sync" "time" "github.com/harness/gitness/lock" "github.com/harness/gitness/pubsub" "github.com/harness/gitness/store" "github.com/gorhill/cronexpr" "github.com/rs/zerolog/log" ⋮---- "context" "errors" "fmt" "runtime/debug" "sync" "time" ⋮---- "github.com/harness/gitness/lock" "github.com/harness/gitness/pubsub" "github.com/harness/gitness/store" ⋮---- "github.com/gorhill/cronexpr" "github.com/rs/zerolog/log" ⋮---- type Scheduler struct { store Store executor Executor mxManager lock.MutexManager pubsubService pubsub.PubSub instanceID string maxRunning int retentionTime time.Duration signal chan time.Time done chan struct{} ⋮-… Evidence: `job/scheduler.go`
- **Middleware** (source_file): package ssh ⋮---- import "runtime/debug" "time" "github.com/harness/gitness/app/api/request" "github.com/gliderlabs/ssh" "github.com/rs/zerolog" "github.com/rs/zerolog/log" ⋮---- "runtime/debug" "time" ⋮---- "github.com/harness/gitness/app/api/request" ⋮---- "github.com/gliderlabs/ssh" "github.com/rs/zerolog" "github.com/rs/zerolog/log" ⋮---- type Middleware func ssh.Handler ssh.Handler ⋮---- func ChainMiddleware handler ssh.Handler, middlewares ...Middleware ssh.Handler ⋮---- func PanicRecoverMiddleware next ssh.Handler ssh.Handler ⋮---- func HLogAccessLogHandler next ssh.Handler ssh.Handler ⋮---- func HLogRequestIDHandler next ssh.Handler ssh.Handler ⋮---- type PublicKeyMiddleware func ne… Evidence: `ssh/middleware.go`
- **Server** (source_file): package ssh ⋮---- import "context" "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/json" "encoding/pem" "fmt" "io" "io/fs" "net" "os" "path/filepath" "strconv" "strings" "time" "github.com/harness/gitness/app/api/controller/lfs" "github.com/harness/gitness/app/api/controller/repo" "github.com/harness/gitness/app/api/request" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/services/publickey" "github.com/harness/gitness/app/services/publickey/keyssh" "github.com/harness/gitness/errors" "github.com/harness/gitness/git/api" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" "github.com/gliderlabs/ssh" "github.com/rs/zerolog/log" gossh "golang.or… Evidence: `ssh/server.go`
- **Ai Agent Auth** (source_file): package types ⋮---- import "github.com/harness/gitness/types/enum" ⋮---- type AIAgentAuth struct { AuthType enum.AIAgentAuth json:"type" APIKey APIKey json:"api key,omitempty" } ⋮---- type APIKey struct { Value MaskSecret json:"value" } Evidence: `types/ai_agent_auth.go`
- **Authz** (source_file): package types ⋮---- import "github.com/harness/gitness/types/enum" ⋮---- type PermissionCheck struct { Scope Scope Resource Resource Permission enum.Permission } ⋮---- type Resource struct { Type enum.ResourceType Identifier string } ⋮---- type Scope struct { SpacePath string Repo string } Evidence: `types/authz.go`
- **Connector Auth** (source_file): package types ⋮---- import "fmt" "github.com/harness/gitness/types/enum" ⋮---- "fmt" ⋮---- "github.com/harness/gitness/types/enum" ⋮---- type ConnectorAuth struct { AuthType enum.ConnectorAuthType json:"type" Basic BasicAuthCreds json:"basic,omitempty" Bearer BearerTokenCreds json:"bearer,omitempty" } ⋮---- type BasicAuthCreds struct { Username string json:"username" Password SecretRef json:"password" } ⋮---- type BearerTokenCreds struct { Token SecretRef json:"token" } ⋮---- func c ConnectorAuth Validate error Evidence: `types/connector_auth.go`
- **Gitspace** (source_file): package types ⋮---- import "fmt" "github.com/harness/gitness/types/enum" ⋮---- "fmt" ⋮---- "github.com/harness/gitness/types/enum" ⋮---- const emptyGitspaceInstanceState = "" ⋮---- type GitspaceConfig struct { ID int64 json:"-" Identifier string json:"identifier" Name string json:"name" IDE enum.IDEType json:"ide" State enum.GitspaceStateType json:"state" SpaceID int64 json:"-" IsDeleted bool json:"-" IsMarkedForDeletion bool json:"-" IsMarkedForReset bool json:"is marked for reset" IsMarkedForInfraReset bool json:"is marked for infra reset" GitspaceInstance GitspaceInstance json:"instance" SpacePath string json:"space path" Created int64 json:"created" Updated int64 json:"updated" SSHToken… Evidence: `types/gitspace.go`
- **Trigger** (source_file): package types ⋮---- import "encoding/json" "github.com/harness/gitness/types/enum" ⋮---- "encoding/json" ⋮---- "github.com/harness/gitness/types/enum" ⋮---- type Trigger struct { ID int64 json:"-" Description string json:"description" Type string json:"trigger type" PipelineID int64 json:"pipeline id" Secret string json:"-" RepoID int64 json:"repo id" CreatedBy int64 json:"created by" Disabled bool json:"disabled" Actions enum.TriggerAction json:"actions" Identifier string json:"identifier" Created int64 json:"created" Updated int64 json:"updated" Version int64 json:"-" } ⋮---- func s Trigger MarshalJSON byte, error ⋮---- type alias Trigger Evidence: `types/trigger.go`
- **Webhook** (source_file): package types ⋮---- import "encoding/json" "slices" "github.com/harness/gitness/types/enum" ⋮---- "encoding/json" "slices" ⋮---- "github.com/harness/gitness/types/enum" ⋮---- type Webhook struct { ID int64 json:"id" yaml:"id" Version int64 json:"version" yaml:"-" ParentID int64 json:"parent id" yaml:"-" ParentType enum.WebhookParent json:"parent type" yaml:"-" CreatedBy int64 json:"created by" yaml:"created by" Created int64 json:"created" yaml:"created" Updated int64 json:"updated" yaml:"updated" Type enum.WebhookType json:"-" Scope int64 json:"scope" Identifier string json:"identifier" DisplayName string json:"display name" yaml:"display name" Description string json:"description" yaml:"d… Evidence: `types/webhook.go`
- **Auth** (source_file): package auth ⋮---- import "context" "fmt" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/paths" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" "github.com/pkg/errors" "github.com/rs/zerolog/log" ⋮---- "context" "fmt" ⋮---- "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/paths" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "github.com/pkg/errors" "github.com/rs/zerolog/log" ⋮---- var ErrUnauthorized = errors.New "unauthori… Evidence: `app/api/auth/auth.go`
- **Gitspace** (source_file): package auth ⋮---- import "context" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" ⋮---- "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- func CheckGitspace ctx context.Context, authorizer authz.Authorizer, session auth.Session, parentPath, identifier string, permission enum.Permission, error Evidence: `app/api/auth/gitspace.go`
- **Infraprovider** (source_file): package auth ⋮---- import "context" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" ⋮---- "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- func CheckInfraProvider ctx context.Context, authorizer authz.Authorizer, session auth.Session, parentPath, identifier string, permission enum.Permission, error Evidence: `app/api/auth/infraprovider.go`
- **Controller** (source_file): package check ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller/space" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" checkevents "github.com/harness/gitness/app/events/check" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/sse" "github.com/harness/gitness/app/store" "github.com/harness/gitness/git" "github.com/harness/gitness/store/database/dbtx" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" "fmt" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "gi… Evidence: `app/api/controller/check/controller.go`
- **Controller** (source_file): package connector ⋮---- import "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/connector" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/connector" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" ⋮---- type Controller struct { connectorStore store.ConnectorStore connectorService connector.Service spaceFinder refcache.SpaceFinder authorizer authz.Authorizer } ⋮---- func NewController authorizer authz.Authorizer, connectorStore store.ConnectorStore, connectorService connector.Service, spaceFinder refc… Evidence: `app/api/controller/connector/controller.go`
- **Controller** (source_file): package execution ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/pipeline/canceler" "github.com/harness/gitness/app/pipeline/commit" "github.com/harness/gitness/app/pipeline/triggerer" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/store/database/dbtx" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" "fmt" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/a… Evidence: `app/api/controller/execution/controller.go`
- **Controller** (source_file): package githook ⋮---- import "context" "fmt" "github.com/harness/gitness/app/api/controller/limiter" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" gitevents "github.com/harness/gitness/app/events/git" repoevents "github.com/harness/gitness/app/events/repo" "github.com/harness/gitness/app/services/mergequeue" "github.com/harness/gitness/app/services/protection" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/services/settings" "github.com/harness/gitness/app/services/usergroup" "github.com/harness/gitness/app/sse" "github.com/harness/gitness/app/store" "github.com/harness/git… Evidence: `app/api/controller/githook/controller.go`
- **Controller** (source_file): package gitspace ⋮---- import "github.com/harness/gitness/app/api/controller/limiter" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/gitspace/logutil" "github.com/harness/gitness/app/gitspace/scm" "github.com/harness/gitness/app/services/gitspace" "github.com/harness/gitness/app/services/gitspacesettings" "github.com/harness/gitness/app/services/infraprovider" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/store/database/dbtx" ⋮---- "github.com/harness/gitness/app/api/controller/limiter" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/gitspace/logutil" "github.com/… Evidence: `app/api/controller/gitspace/controller.go`
- **Controller** (source_file): package infraprovider ⋮---- import "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/infraprovider" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/types/enum" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/infraprovider" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/types/enum" ⋮---- const NoResourceIdentifier = "" ⋮---- type ConfigInput struct { Identifier string json:"identifier" yaml:"identifier" SpaceRef string json:"space ref" yaml:"space ref" Name string json:"name" yaml:"name" Type enum.InfraProviderType json:"type" yaml:"type" Metadata map s… Evidence: `app/api/controller/infraprovider/controller.go`
- **Controller** (source_file): package keywordsearch ⋮---- import "github.com/harness/gitness/app/api/controller/repo" "github.com/harness/gitness/app/api/controller/space" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/keywordsearch" ⋮---- "github.com/harness/gitness/app/api/controller/repo" "github.com/harness/gitness/app/api/controller/space" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/keywordsearch" ⋮---- type Controller struct { authorizer authz.Authorizer repoCtrl repo.Controller searcher keywordsearch.Searcher spaceCtrl space.Controller } ⋮---- func NewController authorizer authz.Authorizer, searcher keywordsearch.Searcher, repoCtrl rep… Evidence: `app/api/controller/keywordsearch/controller.go`
- **Controller** (source_file): package lfs ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/services/remoteauth" "github.com/harness/gitness/app/services/settings" "github.com/harness/gitness/app/store" "github.com/harness/gitness/app/url" "github.com/harness/gitness/blob" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" "fmt" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/usererror" "github.com/ha… Evidence: `app/api/controller/lfs/controller.go`
- **Gitspace** (source_file): package limiter ⋮---- import "context" "github.com/harness/gitness/types/enum" ⋮---- "context" ⋮---- "github.com/harness/gitness/types/enum" ⋮---- type Gitspace interface { Usage ctx context.Context, spaceID int64, infraProviderType enum.InfraProviderType error } ⋮---- var Gitspace = UnlimitedUsage nil ⋮---- type UnlimitedUsage struct { } ⋮---- func NewUnlimitedUsage Gitspace ⋮---- func UnlimitedUsage Usage context.Context, int64, enum.InfraProviderType error Evidence: `app/api/controller/limiter/gitspace.go`
- **Controller** (source_file): package logs ⋮---- import "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/livelog" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/livelog" ⋮---- type Controller struct { authorizer authz.Authorizer executionStore store.ExecutionStore pipelineStore store.PipelineStore stageStore store.StageStore stepStore store.StepStore logStore store.LogStore logStream livelog.LogStream repoFinder refcache.RepoFinder } ⋮---- func NewController authorizer authz.Authorizer, exe… Evidence: `app/api/controller/logs/controller.go`
- **Controller** (source_file): package migrate ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller/limiter" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" repoevents "github.com/harness/gitness/app/events/repo" "github.com/harness/gitness/app/services/migrate" "github.com/harness/gitness/app/services/publicaccess" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/app/url" "github.com/harness/gitness/audit" "github.com/harness/gitness/git" "github.com/harness/gitness/store/database/dbtx" "github.com/ha… Evidence: `app/api/controller/migrate/controller.go`
- **Controller** (source_file): package pipeline ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" events "github.com/harness/gitness/app/events/pipeline" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" "fmt" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" events "github.com/harness/gitness/app/events/pipeline" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/s… Evidence: `app/api/controller/pipeline/controller.go`
- **Controller** (source_file): package plugin ⋮---- import "github.com/harness/gitness/app/store" ⋮---- "github.com/harness/gitness/app/store" ⋮---- type Controller struct { pluginStore store.PluginStore } ⋮---- func NewController pluginStore store.PluginStore, Controller Evidence: `app/api/controller/plugin/controller.go`
- **Controller** (source_file): package principal ⋮---- import "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/store" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/store" ⋮---- type Controller struct { principalStore store.PrincipalStore authorizer authz.Authorizer } ⋮---- func newController principalStore store.PrincipalStore, authorizer authz.Authorizer Controller Evidence: `app/api/controller/principal/controller.go`
- **Controller** (source_file): package pullreq ⋮---- import "context" "fmt" "unicode/utf8" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" pullreqevents "github.com/harness/gitness/app/events/pullreq" "github.com/harness/gitness/app/services/automerge" "github.com/harness/gitness/app/services/codecomments" "github.com/harness/gitness/app/services/codeowners" "github.com/harness/gitness/app/services/dotrange" "github.com/harness/gitness/app/services/instrument" "github.com/harness/gitness/app/services/label" locker "github.com/harness/gitness/app/services/locker" "github.com/harness/gitness/ap… Evidence: `app/api/controller/pullreq/controller.go`
- **Controller** (source_file): package repo ⋮---- import "context" "encoding/json" "fmt" "strconv" "strings" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller/lfs" "github.com/harness/gitness/app/api/controller/limiter" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" repoevents "github.com/harness/gitness/app/events/repo" "github.com/harness/gitness/app/services/autolink" "github.com/harness/gitness/app/services/codeowners" "github.com/harness/gitness/app/services/dotrange" "github.com/harness/gitness/app/services/importer" "github.com/harness/gitness/app/services/instrument" "github.com/harness… Evidence: `app/api/controller/repo/controller.go`
- **Linked Register Webhook** (source_file): package repo ⋮---- import "context" stderrors "errors" "fmt" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/paths" "github.com/harness/gitness/app/services/importer" "github.com/harness/gitness/errors" "github.com/harness/gitness/types/enum" ⋮---- "context" stderrors "errors" "fmt" ⋮---- "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/paths" "github.com/harness/gitness/app/services/importer" "github.com/harness/gitness/errors" "github.com/harness/gitness/types/enum" ⋮---- func webhookRegistrationUserError err error error ⋮---- func c Controller LinkedReg… Evidence: `app/api/controller/repo/linked_register_webhook.go`
- **Controller** (source_file): package reposettings ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller/repo" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/services/settings" "github.com/harness/gitness/audit" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" "fmt" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller/repo" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/service… Evidence: `app/api/controller/reposettings/controller.go`
- **Controller** (source_file): package secret ⋮---- import "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/encrypt" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/encrypt" ⋮---- type Controller struct { encrypter encrypt.Encrypter secretStore store.SecretStore authorizer authz.Authorizer spaceFinder refcache.SpaceFinder } ⋮---- func NewController authorizer authz.Authorizer, encrypter encrypt.Encrypter, secretStore store.SecretStore, spaceFinder refcache.SpaceFinder, Controller Evidence: `app/api/controller/secret/controller.go`
- **Controller** (source_file): package service ⋮---- import "context" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/check" ⋮---- "context" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/check" ⋮---- type Controller struct { principalUIDCheck check.PrincipalUID authorizer authz.Authorizer principalStore store.PrincipalStore } ⋮---- func NewController principalUIDCheck check.PrincipalUID, authorizer authz.Authorizer, principalStore store.PrincipalStore Controller ⋮---- func findServiceFromUID ctx context.Conte… Evidence: `app/api/controller/service/controller.go`
- **Controller** (source_file): package serviceaccount ⋮---- import "context" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/check" ⋮---- "context" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/check" ⋮---- type Controller struct { principalUIDCheck check.PrincipalUID authorizer authz.Authorizer principalStore store.PrincipalStore spaceStore store.SpaceStore repoStore store.RepoStore tokenStore store.TokenStore } ⋮---- func NewController principalUIDCheck check.PrincipalUID, authorizer authz.Authorizer, princ… Evidence: `app/api/controller/serviceaccount/controller.go`
- **Controller** (source_file): package space ⋮---- import "context" "encoding/json" "fmt" "strconv" "strings" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/controller/limiter" "github.com/harness/gitness/app/api/controller/repo" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/autolink" "github.com/harness/gitness/app/services/exporter" "github.com/harness/gitness/app/services/gitspace" "github.com/harness/gitness/app/services/importer" "github.com/harness/gitness/app/services/infraprovider" "github.com/harness/gitness/app/services/instrument" "github.com/harness… Evidence: `app/api/controller/space/controller.go`
- **Controller** (source_file): package system ⋮---- import "context" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" ⋮---- "context" ⋮---- "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" ⋮---- type Controller struct { principalStore store.PrincipalStore config types.Config } ⋮---- func NewController principalStore store.PrincipalStore, config types.Config Controller ⋮---- func c Controller IsUserSignupAllowed ctx context.Context bool, error Evidence: `app/api/controller/system/controller.go`
- **Controller** (source_file): package template ⋮---- import "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" ⋮---- "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" ⋮---- type Controller struct { templateStore store.TemplateStore authorizer authz.Authorizer spaceFinder refcache.SpaceFinder } ⋮---- func NewController authorizer authz.Authorizer, templateStore store.TemplateStore, spaceFinder refcache.SpaceFinder, Controller Evidence: `app/api/controller/template/controller.go`
- **Controller** (source_file): package trigger ⋮---- import "context" "fmt" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- "context" "fmt" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" ⋮---- type Controller struct { a… Evidence: `app/api/controller/trigger/controller.go`
- **Controller** (source_file): package upload ⋮---- import "bufio" "context" "fmt" "io" "strings" apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/auth/authz" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/blob" "github.com/harness/gitness/errors" "github.com/harness/gitness/types" "github.com/harness/gitness/types/enum" "github.com/gabriel-vasile/mimetype" ⋮---- "bufio" "context" "fmt" "io" "strings" ⋮---- apiauth "github.com/harness/gitness/app/api/auth" "github.com/harness/gitness/app/api/usererror" "github.com/harness/gitness/app/auth" "github.com/harness/gitness/app/au… Evidence: `app/api/controller/upload/controller.go`
- **Controller** (source_file): package user ⋮---- import "context" "github.com/harness/gitness/app/auth/authz" userevents "github.com/harness/gitness/app/events/user" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/store/database/dbtx" "github.com/harness/gitness/types" "github.com/harness/gitness/types/check" "github.com/harness/gitness/types/enum" "golang.org/x/crypto/bcrypt" ⋮---- "context" ⋮---- "github.com/harness/gitness/app/auth/authz" userevents "github.com/harness/gitness/app/events/user" "github.com/harness/gitness/app/services/refcache" "github.com/harness/gitness/app/store" "github.com/harness/gitness/store/database/dbtx" "github.com/harnes… Evidence: `app/api/controller/user/controller.go`
- The remaining 20 evidence entries are in `AI_CONTEXT_PACK.json` or `EVIDENCE_INDEX.json`.

## Rules the Host AI Must Follow

- **Treat this asset as pre-work context, not a runtime environment.**: The AI Context Pack contains only an evidence-backed understanding of the project, not the project's executable state. Evidence: `README.md`, `resources/gitignore/README.md`, `scripts/license/README.md`
- **When answering the user, distinguish what can be previewed from what can only be verified after install.**: The consumer value of the pre-install experience comes from reducing bad installs and misjudgments, not from pretending to be a real run. Evidence: `README.md`, `resources/gitignore/README.md`, `scripts/license/README.md`

## Questions the User Should Answer First

- Which host AI or local environment do you plan to use it in?
- Do you just want to experience the workflow first, or are you ready to actually install?
- What matters most to you: install cost, output quality, or conflicts with your existing rules?

## Acceptance Checks

- Every capability claim can be traced back to a file path in evidence_refs.
- AI_CONTEXT_PACK.md does not package previews as a real run.
- The user can understand who it fits, what it can do, how to start, and the risk boundaries within 3 minutes.

---

## Doramagic Context Augmentation

The following sections strengthen the repository context for a host AI. Human Manual data is a reading route, and pitfall notes become operating constraints.

## Human Manual Outline

Usage rule: this is only a reading route and salience signal, not factual authority. Concrete claims must still return to repo evidence or Claim Graph.

Host AI hard rules:
- Do not treat page titles, section order, summaries, or importance values as factual project evidence.
- When explaining the Human Manual outline, state that it is only a reading route or salience signal.
- Capability, installation, compatibility, runtime state, and risk claims must cite repo evidence, source paths, or Claim Graph.

- **Overview, Setup, and Running Harness Locally**: importance `high`
  - source_paths: README.md, Makefile, .local.env, Dockerfile, cmd/gitness/main.go
- **System Architecture, Auth, and Code Hosting (Repos, PRs, Webhooks)**: importance `high`
  - source_paths: app/router/api_router.go, app/auth/authn/authenticator.go, app/auth/authz/authz.go, app/api/auth/auth.go, app/api/controller/repo/controller.go
- **CI/CD Pipelines: Execution, Runners, and Triggers**: importance `high`
  - source_paths: app/pipeline/runner/runner.go, app/pipeline/scheduler/scheduler.go, app/pipeline/manager/manager.go, app/pipeline/converter/jsonnet/jsonnet.go, app/pipeline/converter/starlark/starlark.go
- **Gitspaces (Cloud Dev Environments) & Artifact Registry**: importance `medium`
  - source_paths: app/gitspace/orchestrator/container/container_orchestrator.go, app/gitspace/orchestrator/ide/factory.go, app/gitspace/orchestrator/runarg/resolver.go, app/services/gitspace/gitspace.go, app/services/infraprovider/infraprovider.go

## Repo Inspection Evidence

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `553b0e1d34a3daca90b535cde97657b4fa524b88`
- inspected_files: `Dockerfile`, `README.md`

Host AI hard rules:
- Without repo_clone_verified=true, do not claim that the source code has been read.
- Without repo_inspection_verified=true, do not write README, docs, or package-file conclusions as facts.
- Without quick_start_verified=true, do not claim that the Quick Start path has run successfully.

## Doramagic Pitfall Constraints

These rules come from Doramagic discovery, validation, or compilation findings. The host AI must treat them as operating constraints, not background notes.

### Constraint 1: Capability evidence risk requires verification

- Trigger: README/documentation is current enough for a first validation pass.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/harness/harness
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 2: Security or permission risk requires verification

- Trigger: no_demo
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/harness/harness
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 3: Security or permission risk requires verification

- Trigger: no_demo
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/harness/harness
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 4: Maintenance risk requires verification

- Trigger: issue_or_pr_quality=unknown。
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/harness/harness
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.
