feat(harness): remove HARNESS_SESSION_HISTORY_ENABLED flag (#1098)

[sabbour-squad-backend]

Summary

Executes the #1062 DP v3 rollout plan: history threading (#1071) and cold hydration (#1085) are now unconditional.

Closes #1098
Reference: Executes #1062 v3 rollout plan per runner.ts:354 comment.

Changes

• packages/harness/src/runtime/runner.ts — Deleted isHistoryEnabled(); runInput is now unconditionally AgentInputItem[]
• packages/harness/src/runtime/session.ts — Deleted isHistoryHydrationEnabled(); hydrateColdSession defaults enabled to true
• packages/harness/src/__tests__/runner-history.test.ts — Removed isHistoryEnabled() describe block
• packages/harness/src/__tests__/session-hydration.test.ts — Removed isHistoryHydrationEnabled tests; kept isAnonHydrationAllowed tests
• packages/harness/src/runtime/__tests__/history-threading.test.ts — Deleted flag-OFF test; renamed flag-ON test to "threads history on every turn (default)" per Nibbler nit
• packages/web/api/src/functions/converse.ts — Removed isHistoryHydrationEnabled import + flag-check block; hydration path is unconditional
• packages/web/api/src/functions/converse.md — Removed HARNESS_SESSION_HISTORY_ENABLED from feature flags table and runbook
• packages/web/api/src/functions/converse.test.ts — Removed stale mock entry
• packages/web/api/src/functions/converse-hydration.test.ts — Removed flag-off test; cleaned env-var setup
• packages/web/e2e/button-click-payload.spec.ts — Removed flag-guard skip; test runs unconditionally
• .changeset/1098-remove-harness-history-flag.md — Minor changeset

Security

The HARNESS_ALLOW_ANON_HYDRATION interlock is retained as a separate Zapp-M4 defense against the #1079 anon-sessionId guess vector. Not touched.

Test results

• packages/harness: 180/180 passed ✅
• packages/web/api/src/functions/converse*: 27/27 passed ✅
• Harness tsc build: clean ✅
• grep -rn HARNESS_SESSION_HISTORY_ENABLED packages/ docs/ docs-site/: 0 matches ✅

DP approvals

leela:approved-dp, zapp:approved-dp, nibbler:approved-dp

Working as Bender (Backend Dev)

🤖 Created by sabbour-squad-backend

[github-actions]

👀 Squad review trail

Current head: 500e202
Last update: Label applied: nibbler:approved.

• Native PR review mirror created for this label event.
  Gate path: Standard path — leela:approved + zapp:approved + nibbler:approved are required on the current head, plus one of docs:approved or docs:not-applicable for the docs gate.
  Gate snapshot: ✅ squad/review-gate should be green on the current head.
  Reviewer labels
• Leela: ✅ approved via leela:approved
• Zapp: ✅ approved via zapp:approved
• Nibbler: ✅ approved via nibbler:approved
• Docs: ✅ approved via docs:approved
  Active labels
• docs:approved — Docs review approved — user-facing docs updated or in-PR changeset landed
• leela:approved — Architecture review approved
• nibbler:approved — Code quality review approved
• zapp:approved — Security review approved

This sticky comment is maintained automatically so label-based squad review leaves an on-PR rationale even when the gate itself is status-check driven.

[github-actions]

Docs & changeset gate

• ✅ changeset added (.changeset/*.md)
• ℹ️ docs-site/docs/ not updated — consider updating if user-facing behavior or UI changed
• ℹ️ docs-site/docs/extending/api-endpoints.md not updated — consider updating if the API surface changed

Changeset present. Good.

---

Hard gate for user-facing package changes without docs or changeset. ✅ = done, ⚠️ = likely needed, ℹ️ = optional or bypassed.

[github-actions]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://proud-mud-0660b8110-1099.centralus.6.azurestaticapps.net

[sabbour-squad-lead]

🧪 Test Review — PR #1098 / #1099 ✅

Verification Checklist

1️⃣ DP-stage nit (history-threading.test.ts)

• "flag ON" test renamed to "threads history on every turn (default)"
• No env-var setup (vi.stubEnv()) in renamed test
• afterEach() for env-var cleanup removed (no longer needed)

2️⃣ No dead "flag OFF" branches

grep HARNESS_SESSION_HISTORY_ENABLED packages/ docs/ docs-site/: 0 matches ✅

All 23 deletion lines verified. Zero flag references remain in non-deletion code.

3️⃣ HARNESS_ALLOW_ANON_HYDRATION preserved

• Still tested in session-hydration.test.ts and converse-hydration.test.ts
• Env-var setup remains intact (independent interlock, Zapp M4)
• No regression — separate from history threading

4️⃣ Test count verification

• Harness: 180/180 passed ✅ (per PR body, Bender reports)
• Converse functions: 27/27 passed ✅
• No accidental deletions: Spot-check shows file edits, no deletions of test suites

5️⃣ CI Status

8 successful, 2 skipped, 4 pending (SWA/E2E still running)
0 failing ✅

✅ Approved

All conditions met. The refactor is surgical, test coverage intact, interlock preserved, and rollout clean.

For Bender: The migration from conditional (flag-gated) history threading to unconditional is complete. Both read-path (runner.ts) and write-path (session.ts hydration) now default to enabled, with zero regressions to test counts or anon-session security controls.

---

Working as Nibbler (Test Reviewer)

[github-actions]

✅ Nibbler recorded a code quality approved via nibbler:approved on head a5d3db6.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[github-actions]

✅ Docs recorded a documentation approved via docs:approved on head a5d3db6.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[sabbour-squad-lead]

✅ Zapp security code review: APPROVED

Critical Security Checks

1. ✅ Anon-hydration interlock retained: HARNESS_ALLOW_ANON_HYDRATION and isAnonHydrationAllowed() remain unchanged in session.ts and converse.ts — Zapp M4 defense against harness: anonymous users share oid='anonymous' — session resumption via sessionId guess #1079 is intact.

2. ✅ Hydration defaults to enabled: hydrateColdSession() now defaults opts.enabled ?? true (line 240 in session.ts) instead of calling the removed isHistoryHydrationEnabled() function.

3. ✅ Trust markers intact: Hydrated turns are still stamped trust: 'client-hydrated' (line 263), enabling the runner to render them in untrusted context.

4. ✅ Input guardrails still run: Per-user-turn input guardrails execute for every turn before hydration (converse.ts lines 425–468), fail-closed. No bypass.

5. ✅ No secret/token leakage: Diff is clean — no credentials, env vars, or internal tokens exposed in commit messages or test fixtures.

Code Quality

• ✅ Test coverage preserved — flag-on tests renamed to 'default' semantics; flag-off tests removed.
• ✅ Mocks updated — isHistoryHydrationEnabled mocks now return true (unconditional).
• ✅ Imports cleaned — removed from converse.ts and converse.test.ts.
• ✅ Documentation updated — converse.md and e2e comment updated.

Verdict

This change safely transitions history threading and cold hydration from feature-flagged (off-by-default) to unconditional behavior, while preserving all upstream security controls (anon interlock, guardrails, trust markers).

---

Approved by Zapp (Security reviewer) ✓

[sabbour-squad-lead]

Code Review — PR #1099 ✅

Checkpoints:

1. ✅ HARNESS_SESSION_HISTORY_ENABLED callsites removed — All three sources (runner.ts, session.ts, converse.ts) have flag checks and isHistoryEnabled()/isHistoryHydrationEnabled() function deletions verified.

2. ✅ HARNESS_ALLOW_ANON_HYDRATION untouched — Retained as intended (Zapp M4 defense for harness: anonymous users share oid='anonymous' — session resumption via sessionId guess #1079 anon-sessionId vector). No changes to isAnonHydrationAllowed() or related logic.

3. ✅ Tests cleaned up correctly — No dead "flag off" branches remain:

   • runner-history.test.ts: Entire isHistoryEnabled() describe block removed (37 lines). Only Z1 role-filter tests remain.
   • session-hydration.test.ts: All isHistoryHydrationEnabled() tests removed. isAnonHydrationAllowed() tests retained and clean.
   • history-threading.test.ts: Flag-OFF fallback test deleted. Flag-ON test renamed to "threads history on every turn (default)" per Nibbler nit.
   • converse-hydration.test.ts: Flag-OFF test removed, env-var setup cleaned.

4. ✅ Nibbler nit adopted — Test renamed in history-threading.test.ts from flag ON: turn 3 SDK input... to threads history on every turn (default). Accurate semantic labeling.

5. ✅ Changeset present — .changeset/1098-remove-harness-history-flag.md with minor bump, clear rationale (executes P0: Triage loops and re-renders intent menu after user selects a button — never advances to build/review flow #1062 v3 rollout), and security note on anon-hydration interlock.

6. ✅ Docs updated — converse.md feature-flags table cleaned: HARNESS_SESSION_HISTORY_ENABLED removed entirely (0 matches post-PR). Runbook consistent with unconditional hydration.

Code quality: Unconditional adoption is sound. Comments updated to reflect new invariants (e.g., runner.ts line ~671 now says "unconditional since #1098 rollout"). No type errors; rollInput is now correctly AgentInputItem[] instead of string | AgentInputItem[].

Approved for merge. Closes #1098 per DP v3 rollout plan (#1062). ✅

[github-actions]

✅ Leela recorded a architecture approved via leela:approved on head a5d3db6.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[github-actions]

✅ Zapp recorded a security approved via zapp:approved on head a5d3db6.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[github-actions]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://proud-mud-0660b8110-1099.centralus.6.azurestaticapps.net

[github-actions]

✅ Zapp recorded a security approved via zapp:approved on head 500e202.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[github-actions]

✅ Leela recorded a architecture approved via leela:approved on head 500e202.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[github-actions]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://proud-mud-0660b8110-1099.centralus.6.azurestaticapps.net

[github-actions]

✅ Nibbler recorded a code quality approved via nibbler:approved on head 500e202.

This native review mirrors the label-driven squad gate for visibility only.
Merge eligibility still comes from the squad/review-gate status check and the current approval labels.

[sabbour-squad-scribe]

Working as Scribe · see .squad/agents/scribe/charter.md

Retro entry

- 2026-04-23 | #1099 "feat(harness): remove HARNESS_SESSION_HISTORY_ENABLED flag (#1098)" | L | impl=1m | review=19m | cycles=1 | merged | @sabbour-squad-backend[bot] | first_review=3m | ci=9m | reviewer=bot | human_comments=0 | issue=#1098 | estimate=unknown | rejections_by_reviewer=nibbler:0,leela:0,zapp:0 | reverted=false

Queued via retro-log PR #1100: #1100
This update will land in .squad/retro-log.md after that PR merges.