Name the seven categories of harness from Module 0.2. Terminal · Platform · Meta-harness · Orchestration framework · Hardened fork · Academic · SDK/runtime. harness-engineering::m0.2::recall "A harness behind a messaging gateway (Slack/Telegram/Teams), with channel-aware tools and per-channel trust. Which category?" Platform harness. (OpenClaw, Hermes, Microsoft Scout.) harness-engineering::m0.2::application "A plugin/config layer that inherits a base harness's loop and contributes routing + subagent hierarchy. Which category?" Meta-harness. (oh-my-opencode, oh-my-pi, RyanAlberts pack.) harness-engineering::m0.2::application "A fork whose ENTIRE contribution is a governance layer added outside the agent's reach. Everything else inherited. Which category?" Hardened fork. (NemoClaw, Microsoft Scout.) harness-engineering::m0.2::application For a HARDENED FORK, where does the interesting engineering live? Only in the governance layer. Everything else is inherited from the parent — you can skip ~90% of the code. Studying the fork in isolation loses the design intent. harness-engineering::m0.2::analysis For a PLATFORM HARNESS, where does the interesting engineering live? The cross-channel trust architecture — how untrusted content from many channels is (or isn't) bounded before reaching the model. harness-engineering::m0.2::analysis For an SDK/runtime, what is YOUR role vs the SDK's? YOU are the harness author. The SDK gives you primitives (loop, tool, sandbox). The harness is what you build WITH it. harness-engineering::m0.2::analysis "A feature list tells you what a harness DOES. A lineage map tells you what?" What a harness DISAGREES WITH. The diff between parent and child reveals design intent — "the parent got X wrong." Far more honest than a feature list. harness-engineering::m0.2::recall "NemoClaw is a fork of OpenClaw. Microsoft Scout is also a fork of OpenClaw. What does the existence of BOTH forks tell you about OpenClaw?" Whatever OpenClaw got right, it got something wrong enough to generate two independent governance-focused forks. The forks are evidence of a real architectural deficiency (trust boundaries), not just variant packaging. harness-engineering::m0.2::analysis "Is Hermes a fork of OpenClaw?" No. Hermes is a COMPETITOR, not a fork. It ships `hermes claw migrate` — a migration tool FROM OpenClaw — but does not inherit OpenClaw's code. harness-engineering::m0.2::recall OpenClaw vs Hermes — name each one's OPPOSITE bet. OpenClaw = breadth (40+ channels, enterprise adoption). Hermes = depth (layered persistent memory, self-evolving skills). Mirror-image optimizations. harness-engineering::m0.2::recall "OpenClaw has 368k stars; Hermes has 33k. Is OpenClaw 'ahead'?" No. Stars measure attention, not architecture. They made opposite bets (breadth vs depth). Ranking one above the other mistakes a design decision for a quality score — same trap as Module 0.1's thickness spectrum. harness-engineering::m0.2::analysis State the precise architectural contribution shared by NemoClaw and Microsoft Scout. Governance lives BENEATH the agent, OUTSIDE its reach. Policy is enforced by a layer the agent cannot reach (NeMo Guardrails evaluate every model call externally; OpenShell sandboxes the agent never touches). harness-engineering::m0.2::recall "Why does putting enforcement OUTSIDE the agent's reach matter? State it precisely." If the agent can REACH the enforcement layer, a compromised agent can DISABLE it. A prompt-injected agent in a conventional harness can be told to ignore its permission flags. Inside NemoClaw, it cannot reach the guardrail to disable it. harness-engineering::m0.2::analysis A conventional harness puts safety INSIDE the agent's process. Give an example of such an "inside" safety mechanism that an agent could subvert. Permission flags read by the agent · sandbox boundaries shared with the agent's environment · prompt-level safety instructions the agent reads. All reachable → all disable-able. harness-engineering::m0.2::application "What is the single most important question Course 2 asks when attacking a harness, per Module 0.2?" "Where does enforcement live, and can the agent reach it?" harness-engineering::m0.2::recall In the meta-harness routing workflow (n8n), what is the meta-harness's contribution vs the sub-harnesses'? Meta-harness contributes: classify → dispatch → aggregate (the routing ring). The sub-harnesses (recon/review/CTF) are INHERITED, off-the-shelf — the meta-harness routes between them, does not replace them. harness-engineering::m0.2::analysis "Module 0.2 says 'priority is not quality.' What does that mean?" A 🟡 (monitor) harness may be excellent at what it does. It is 🟡 because it is not architecturally DISTINCTIVE enough to warrant a dedicated deep-dive, not because it is inferior. Don't confuse "essential for the course" with "best in class." harness-engineering::m0.2::analysis Name three anti-patterns in reading the ecosystem. (1) Ranking by stars (attention ≠ architecture). (2) Treating categories as quality tiers (taxonomy is descriptive, not prescriptive). (3) Studying forks without the parent (a fork's meaning is its diff from the parent). harness-engineering::m0.2::recall "You're asked to evaluate NemoClaw for a client. You've never read OpenClaw. What's the problem?" You cannot understand NemoClaw without OpenClaw — NemoClaw's entire meaning is its diff from OpenClaw (the governance layer added outside the agent). Studying it in isolation reduces it to a feature list and loses the design intent. harness-engineering::m0.2::application oh-my-opencode layers Sisyphus, Prometheus, and Atlas on top of what base? OpenCode. oh-my-opencode is a meta-harness; it does not replace OpenCode — it extends it with planning hierarchy and subagent taxonomy. harness-engineering::m0.2::recall "Name three places the classify→dispatch→aggregate meta-harness pattern recurs across the courses." oh-my-opencode (Module 0.2 case study) · the CSI meta-harness (Course 2 + Fleet Engineering) · Capstone F fleet control plane. One workflow shape, three courses. harness-engineering::m0.2::application Microsoft Scout extends NemoClaw's governance pattern with what additional primitive? Entra-based identity — every agent action attributable to a non-human principal with scoped credentials. Returns in Fleet Module F06 and Course 2 OWASP ASI03 (Identity & Privilege Abuse). harness-engineering::m0.2::recall