Turn Claude Code into a disciplined development partner.
A Claude Code plugin for autonomous Plan → Work → Review workflows, backed by two Go-native guardrail engines that block dangerous operations and credential leaks at runtime.
- A shared plan drives the work — every task in
.claude/harness/plans.jsonhas acceptance criteria; agents follow the plan instead of improvising - Two Go-native guardrails — operation guard (
R01–R13) blocks dangerous tool calls; content guard (PII Guard) blocks credential leaks - Rerunnable validation — consistency checks, plugin validation, and migration-residue scans gate every change
Requirements: Claude Code v2.1+ · Go 1.22+ runtime
# Run inside Claude Code (user scope recommended — applies across all your projects)
/plugin marketplace add tim-hub/powerball-harness
/plugin install harness@powerball-harness-marketplaceFirst-time setup only: run
/harness-setupto createCLAUDE.md,.claude/harness/plans.json, andsettings.json. Existing projects with these files can skip it.
| Command | What it does |
|---|---|
/harness-setup |
Project initialization (creates CLAUDE.md and .claude/harness/plans.json) |
/harness-plan |
Ideas → .claude/harness/plans.json with acceptance criteria |
/harness-work |
Implementation — auto-selects solo (1 task) / parallel (2–3) / breezing (4+) |
/harness-review |
4-perspective code review (security, performance, quality, a11y) |
/maintenance |
Housekeeping — log pruning, stale-state cleanup, orphaned worktrees |
Run everything after plan approval:
/harness-work allFull skill catalog, lifecycle diagrams, and agent roles: harness/README.md.
13 declarative rules in go/internal/guardrail/, evaluated in priority order on every tool call:
| Rule | Protected | Action |
|---|---|---|
| R01 | sudo commands |
Deny |
| R02 | .git/, .env, secrets |
Deny write |
| R03 | Shell writes to protected files | Deny |
| R04 | Writes outside project | Ask |
| R05 | rm -rf |
Ask |
| R06 | git push --force |
Deny |
| R07–R09 | Mode-specific and secret-read guards | Context-aware |
| R10 | --no-verify, --no-gpg-sign |
Deny |
| R11 | git reset --hard main/master |
Deny |
| R12 | Direct push to main / master |
Warn |
| R13 | Protected file edits | Warn |
| Post | it.skip, assertion tampering |
Warning |
| Perm | git status, npm test |
Auto-allow |
Runtime hook behavior: docs/hardening-parity.md · Engine internals: go/README.md.
A second guardrail engine in go/internal/piiguard/ — 45 rules (15 built-in + 30 from an embedded coding-only catalog) that block AWS / OpenAI / Anthropic / Google / GitHub / Stripe / HuggingFace API keys, JWT and Bearer tokens, PEM private keys, generic api_key = "..." assignments, and email addresses. Wired into three hooks:
| Hook event | Action on detection |
|---|---|
UserPromptSubmit |
Hard block ({decision: "block"} + exit 1) |
PreToolUse (Write|Edit|MultiEdit|Bash|Read) |
permissionDecision: deny |
PostToolUse (Bash|Read) |
Inject redacted view via additionalContext |
Disable globally with HARNESS_PIIGUARD_DISABLED=1 or per-rule with HARNESS_PIIGUARD_DISABLED_RULES=id1,id2.
Harness can delegate implementation and review tasks to OpenAI Codex CLI as a parallel execution engine, running the same Harness skills inside Codex. Prerequisites: Node.js 20+, npm install -g @openai/codex, and the openai/codex-plugin-cc Claude Code plugin installed (/plugin install openai/codex-plugin-cc). Run /harness-setup codex once to copy skills and config into .codex/ — after that. Full invocation policy: harness/rules/codex-cli-only.md.
Two papers directly shaped this project's design — see docs/credits-and-references.md for summaries and links.
After /harness-setup, your project will have a .claude/ folder. Some paths are tracked in git; others are generated at runtime and git-ignored. Full layout: docs/credits-and-references.md#claude-folder-layout.
Committed (you should check these in): agents/, harness/plans.json, memory/, rules/, skills/, settings.json
Git-ignored (generated): sessions/, logs/, state/, worktrees/
- Changelog
- Credits & References
- Claude Code Compatibility
- Guardrail Rules
- harness-work all examples
- Harness Plugin Workflow Diagrams · Skill Catalog · Hooks
| Issue | Fix |
|---|---|
| Hook errors on every prompt | Run /harness-setup binary to re-download the platform binary |
| Commands not found | Run /harness-setup first |
| Plugin not loading | rm -rf ~/.claude/plugins/cache/powerball-harness-marketplace/ and restart |
/plugin uninstall powerball-harnessProject files (.claude/harness/plans.json, CLAUDE.md) remain unchanged.
Issues and PRs welcome. See CONTRIBUTING.md.
Credits and academic references: docs/credits-and-references.md.
MIT — Full License