Feat/realistic project validation

docs/zh/harness/USAGE.md

@@ -66,3 +66,22 @@ make harness-validate
 ```
 
 这是开发检查，不是普通用户工作流的一部分。
+
+## Trust model — a governance contract, not a sandbox
+
+本地边界由协议和工程闸门执行（identity stamping、scope clamping、fail-closed
+config、durable audit），**不是** OS 级隔离：同一用户下的恶意进程仍然可以读取本地文件。
+各层实际承诺如下：
+
+- **T0（始终）：** governance contract；wire 只接收 observations，kernel 是唯一 writer，
+  每个 decision 都可归因。
+- **T1（当前）：** 本地加固；私有 state tree（`.mnemon/harness`、其 `local`/
+  `channel` 目录以及两个 credentials 目录）保持 owner-only（0700，setup rerun 会修正）；
+  token 为 0600；`local run` 默认拒绝非 loopback listen address，除非显式传入
+  `--allow-nonloopback`；`mnemon-harness token rotate --principal <p>` 会强制轮转 bearer
+  token（撤销即轮转；token 启动时加载，因此需要重启 `local run` 生效）。
+- **T2（remote phase）：** authn/authz、transport encryption 和 audit 是 remote
+  coordination plane 的 admission 条件，而不是事后补丁。
+- **T3（ecosystem phase）：** signature chains 和 sandboxed rules。
+
+OS/process 级隔离明确**不属于** T0/T1 承诺。

harness/cmd/mnemon-harness/acceptance.go

@@ -96,27 +96,33 @@ type r1CodexAcceptanceOptions struct {
 }
 
 type r1CodexAcceptanceReport struct {
-	SchemaVersion     int                         `json:"schema_version"`
-	Status            string                      `json:"status"`
-	StartedAt         string                      `json:"started_at"`
-	FinishedAt        string                      `json:"finished_at"`
-	RunRoot           string                      `json:"run_root"`
-	ReportPath        string                      `json:"report_path"`
-	Topology          *r1AcceptanceTopologyReport `json:"topology,omitempty"`
-	LocalAddr         string                      `json:"local_addr"`
-	AgentTurns        bool                        `json:"agent_turns"`
-	Starter           string                      `json:"starter,omitempty"`
-	Assignee          string                      `json:"assignee,omitempty"`
-	Agents            []r1CodexAgentReport        `json:"agents"`
-	Sync              *r1CodexSyncReport          `json:"sync,omitempty"`
-	Scenarios         []r1TaskSimScenarioReport   `json:"scenarios,omitempty"`
-	LedgerCounts      map[string]int              `json:"ledger_counts,omitempty"`
-	DerivedEventAudit map[string]int              `json:"derived_event_audit,omitempty"`
-	Observability     *acceptanceObserveReport    `json:"observability,omitempty"`
-	Assertions        []r1AcceptanceAssertion     `json:"assertions"`
-	Errors            []string                    `json:"errors,omitempty"`
-	Artifacts         map[string]string           `json:"artifacts,omitempty"`
-	Raw               map[string]json.RawMessage  `json:"raw,omitempty"`
+	SchemaVersion     int                          `json:"schema_version"`
+	Status            string                       `json:"status"`
+	StartedAt         string                       `json:"started_at"`
+	FinishedAt        string                       `json:"finished_at"`
+	RunRoot           string                       `json:"run_root"`
+	ReportPath        string                       `json:"report_path"`
+	Scenario          string                       `json:"scenario,omitempty"`
+	Seed              int64                        `json:"seed,omitempty"`
+	Topology          *r1AcceptanceTopologyReport  `json:"topology,omitempty"`
+	LocalAddr         string                       `json:"local_addr"`
+	AgentTurns        bool                         `json:"agent_turns"`
+	Starter           string                       `json:"starter,omitempty"`
+	Entrypoint        string                       `json:"entrypoint,omitempty"`
+	Assignee          string                       `json:"assignee,omitempty"`
+	Agents            []r1CodexAgentReport         `json:"agents"`
+	Sync              *r1CodexSyncReport           `json:"sync,omitempty"`
+	Scenarios         []r1TaskSimScenarioReport    `json:"scenarios,omitempty"`
+	RunnerContract    *r1RunnerContractReport      `json:"runner_contract,omitempty"`
+	Participants      []r1ClusterParticipantReport `json:"participants,omitempty"`
+	Findings          []r1ClusterFindingReport     `json:"findings,omitempty"`
+	LedgerCounts      map[string]int               `json:"ledger_counts,omitempty"`
+	DerivedEventAudit map[string]int               `json:"derived_event_audit,omitempty"`
+	Observability     *acceptanceObserveReport     `json:"observability,omitempty"`
+	Assertions        []r1AcceptanceAssertion      `json:"assertions"`
+	Errors            []string                     `json:"errors,omitempty"`
+	Artifacts         map[string]string            `json:"artifacts,omitempty"`
+	Raw               map[string]json.RawMessage   `json:"raw,omitempty"`
 }
 
 type r1AcceptanceTopologyReport struct {
@@ -438,7 +444,7 @@ func setupR1CodexAgents(runRoot, binDir, controlURL string, count int, sourceCod
 			workspace: workspace,
 			codexHome: codexHome,
 			token:     token,
-			env:       acceptanceEnv(binDir, codexHome),
+			env:       acceptanceEnv(binDir, codexHome, runRoot),
 		})
 	}
 	return agents, loaded, nil
@@ -508,10 +514,21 @@ func copyRegularFile(src, dst string, mode os.FileMode) error {
 	return out.Close()
 }
 
-func acceptanceEnv(binDir, codexHome string) []string {
+func acceptanceEnv(binDir, codexHome string, gitCeilingDirs ...string) []string {
 	env := os.Environ()
 	env = setEnv(env, "CODEX_HOME", codexHome)
 	env = setEnv(env, "PATH", binDir+string(os.PathListSeparator)+os.Getenv("PATH"))
+	if len(gitCeilingDirs) > 0 {
+		var dirs []string
+		for _, dir := range gitCeilingDirs {
+			if dir != "" {
+				dirs = append(dirs, dir)
+			}
+		}
+		if len(dirs) > 0 {
+			env = setEnv(env, "GIT_CEILING_DIRECTORIES", strings.Join(dirs, string(os.PathListSeparator)))
+		}
+	}
 	return env
 }
 
@@ -933,6 +950,7 @@ func startR1SyncHub(runRoot string, count int) (r1SyncHub, error) {
 	}
 	scopes := []contract.ResourceRef{
 		{Kind: "agent_profile", ID: "project"},
+		{Kind: "project_intent", ID: "project"},
 		{Kind: "teamwork_signal", ID: "project"},
 		{Kind: "assignment", ID: "project"},
 		{Kind: "progress_digest", ID: "project"},
@@ -1020,6 +1038,7 @@ func r1SyncEventSubjectsOnlyAccepted(labels []string) bool {
 		"agent_profile:project":   true,
 		"assignment:project":      true,
 		"progress_digest:project": true,
+		"project_intent:project":  true,
 		"teamwork_signal:project": true,
 	}
 	for _, label := range labels {
@@ -1087,7 +1106,7 @@ func setupR1CodexSyncAgents(ctx context.Context, runRoot, binDir string, hub r1S
 				workspace: workspace,
 				codexHome: codexHome,
 				token:     token,
-				env:       acceptanceEnv(binDir, codexHome),
+				env:       acceptanceEnv(binDir, codexHome, runRoot),
 			},
 			localURL:         localURL,
 			replicaPrincipal: hub.Principals[i-1],
@@ -1206,6 +1225,7 @@ func waitForLedgerCount(controlURL string, agent r1CodexAgent, kind string, want
 func countR1Ledger(controlURL string, agent r1CodexAgent) map[string]int {
 	out := map[string]int{
 		"agent_profile":      0,
+		"project_intent":     0,
 		"teamwork_signal":    0,
 		"assignment":         0,
 		"progress_digest":    0,