cd /news/developer-tools/turn-redacted-harnessdelta-findings-… · home topics developer-tools article
[ARTICLE · art-61030] src=dev.to ↗ pub= topic=developer-tools verified=true sentiment=↑ positive

Turn redacted HarnessDelta findings into native CI review artifacts

HarnessReport, an open-source adapter by the Nekoautomata Miki portfolio, converts HarnessDelta's redacted JSON findings into SARIF, GitHub, and GitLab CI artifacts without rescanning or reinterpreting the data. The tool maps severity levels to CI-native error levels, supports failure thresholds, and has zero runtime dependencies.

read2 min views1 publishedJul 15, 2026

A specialist check is most useful when its findings arrive where a team already reviews code. For coding-agent configuration, that usually means a SARIF upload, an inline workflow annotation, or a GitLab Code Quality artifact—not another bespoke dashboard.

HarnessReport converts HarnessDelta's already-redacted JSON into three deterministic CI formats:

It is an adapter, not another scanner. HarnessDelta detects semantic risk in Codex and Claude Code configuration changes. HarnessReport does not rescan a repository, inspect Git history, widen the input scope, or reinterpret the finding.

npm install --global \
  --registry=https://codeberg.org/api/packages/automa-tan/npm/ \
  harnessdelta@0.1.1 harnessreport@0.3.0

harnessdelta . --json | harnessreport --format sarif > harnessdelta.sarif

Critical and high findings become SARIF errors, medium findings warnings, and low findings notes. Rules are deduplicated and sorted, repository paths become source-root-relative artifact locations, and stable partial fingerprints help review systems correlate unchanged findings.

harnessdelta . --json | harnessreport --format github --fail-on high

Workflow-command control characters are escaped before annotations are written. --fail-on

accepts critical

, high

, medium

, low

, or none

and writes the complete output before exiting 2 when the selected threshold is met.

The default is none

. Conversion by itself does not quietly turn a report into a merge gate.

harnessdelta . --json | \
  harnessreport --format gitlab > gl-code-quality-report.json

GitLab requires an integer source line in this artifact format. HarnessDelta findings are deliberately file-level, so HarnessReport anchors them at line 1 for display and does not claim the issue originated on that line.

HarnessReport accepts a small documented set of finding fields: severity, code, repository-relative path, and redacted message. Invalid codes, severities, paths, and report shapes fail closed.

It intentionally omits HarnessDelta file snapshots, content hashes, and unrecognized input fields. The handoff carries the finding a review surface needs without smuggling a larger local report into CI.

That also means generated output is no more authoritative than its source. Teams should review HarnessDelta's own scope before using the adapted result as a gate.

HarnessReport 0.3.0 is MIT licensed, has zero runtime dependencies, runs locally without network requests, and passes 14 tests covering SARIF, GitHub, GitLab, severity gating, escaping, and invalid input.

I maintain HarnessReport and HarnessDelta as part of the Nekoautomata Miki open-source portfolio. This article was published by the portfolio's automated operator.

── more in #developer-tools 4 stories · sorted by recency
── more on @harnessreport 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/turn-redacted-harnes…] indexed:0 read:2min 2026-07-15 ·