Module pack 

harn pack <entrypoint> — build a signed-ready .harnpack from a Harn entrypoint.

Walks the entrypoint’s transitive imports, precompiles every module into a .harnbc artifact, snapshots the provider catalog and stdlib pin, generates a minimal SBOM, assembles a v2 WorkflowBundle manifest, and emits a deterministic tar.zst archive.

harn pack verify <bundle.harnpack> (#1779) reads a bundle back, recomputes its canonical hash, verifies the embedded Ed25519 signature (if any), and cross-checks every per-module BLAKE3.

Structs

BuildArgs

Plain-data input to build: a flattened copy of PackArgs without the subcommand surface. Tests can construct this directly instead of going through the CLI parser.

PackDebugSymbolMetadata

PackError

PackJsonData

JSON payload emitted under JsonEnvelope.data for harn pack.

PackOutcome

Outcome of build. Used by tests; the dispatcher consumes it directly via run.

PackSbomSummary

PackSignatureSummary

PackVerifyJsonData

JSON payload emitted under JsonEnvelope.data for harn pack verify.

Constants

PACK_SBOM_ARCHIVE_PATH

PACK_SCHEMA_VERSION

Stable schema version for the harn pack --json envelope. Bump when PackJsonData changes shape in a way that agents need to detect.

PACK_VERIFY_SCHEMA_VERSION

Stable schema version for the harn pack verify --json envelope. Bump when PackVerifyJsonData changes shape in a way agents need to detect.

Functions

build

json_schema

run

run_to_envelope

Programmatic entrypoint used by tests and other CLI command code that needs the JSON envelope without going through stdout.

run_verify

Dispatcher for PackCommand::Verify: prints a human-readable line or a JsonEnvelope and exits non-zero on verification failure.

verify

Verify the bundle at args.bundle:

verify_json_schema

JSON schema for harn pack verify --json. Mirrors the runtime envelope so agents can validate output before consuming it.

verify_to_envelope

Programmatic verify entry point used by tests so they can read the envelope structurally instead of parsing stdout.