Skip to content

FORK_NOTICE.md

Latest commit

 

History

History
61 lines (47 loc) · 2.6 KB

FORK_NOTICE.md

File metadata and controls

61 lines (47 loc) · 2.6 KB

Fork notice

prowlr-cli is a downstream rebrand of HKUDS/OpenHarness (MIT).

Upstream license (MIT) preserved in LICENSE. All upstream copyright retained. This fork adds bug-bounty-specific middleware, a bundled Prowlr plugin, and cost/scope guardrails. It does not claim ownership of the underlying OpenHarness/ohmo design.

To pull upstream fixes: git fetch upstream && git merge upstream/main

The origin remote is intentionally unset so accidental pushes are impossible. To publish, add an origin explicitly: git remote add origin <your-url>.

Plugin discovery layout

OpenHarness discovers plugins from two default roots:

  • ~/.openharness/plugins/ (user scope)
  • <cwd>/.openharness/plugins/ (project scope)

Additional roots can be passed via --plugin-dir <path> on the oh/ohmo/prowlr CLI, or via extra_plugin_roots in the runtime API. For the v0 fork layout we place a symlink at plugins/prowlr-bug-bounty -> /home/anon/claude-bug-bounty; load it with prowlr --plugin-dir ./plugins ... (or symlink/copy into ~/.openharness/plugins/ for auto-discovery).

Hook API shape used by this fork

Upstream's hook model is declarative (see src/openharness/hooks/schemas.py): each hook entry in a plugin's hooks.json is one of command, prompt, http, or agent. The command type shells out to a user-supplied process and the stdout is the hook output. Python-native hook objects are not part of the public API at the fork point.

The four stub files under plugins/prowlr-hooks/ are therefore CLI-shaped Python modules intended to be wired as type: command hooks (command: python /home/anon/prowlr-cli/plugins/prowlr-hooks/<file>.py). A hooks.json descriptor has not been committed in v0 so the hook bodies can be reshaped once the real call signatures are pinned down.

Unknowns

  • Whether upstream plans to expose a Python hook entry point; if so, these stubs will need to match that signature instead of argv/stdin.
  • The exact JSON payload shape passed to a type: command hook (stdin vs env vs argv) is not documented at this SHA; see src/openharness/hooks/executor.py before filling in bodies.
  • Whether --plugin-dir accepts a parent that contains .claude-plugin/plugin.json directly, or expects a parent root containing one or more plugin subdirs. The symlink layout assumes the latter.
  • Status-line plugin surface (for cost_meter.py) is not documented in the README at this SHA; may require a different event than the four declared in hooks/events.py.