sneakoscope 0.7.0 → 0.7.1

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "Sneakoscope Codex: database-safe Codex CLI/App harness with Team, Goal, AutoResearch, TriWiki, and Honest Mode.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/main.mjs

@@ -14,7 +14,7 @@ import { containsUserQuestion, noQuestionContinuationReason } from '../core/no-q
 import { evaluateDoneGate, defaultDoneGate } from '../core/hproof.mjs';
 import { emitHook } from '../core/hooks-runtime.mjs';
 import { storageReport, enforceRetention, pruneWikiArtifacts } from '../core/retention.mjs';
-import { classifySql, classifyCommand, checkDbOperation, handleMadSksUserConfirmation } from '../core/db-safety.mjs';
+import { classifySql, classifyCommand, checkDbOperation, handleMadSksUserConfirmation, loadDbSafetyPolicy, scanDbSafety } from '../core/db-safety.mjs';
 import { checkHarnessModification, harnessGuardStatus, isHarnessSourceProject } from '../core/harness-guard.mjs';
 import { formatHarnessConflictReport, llmHarnessCleanupPrompt, scanHarnessConflicts } from '../core/harness-conflicts.mjs';
 import { context7Docs, context7Resolve, context7Text, context7Tools } from '../core/context7-client.mjs';
@@ -1711,10 +1711,11 @@ async function doctor(args) {
   let conflictScan = await scanHarnessConflicts(root);
   let repairApplied = false;
   let globalSkillsRepair = null;
+  const globalCommand = await globalSksCommand();
   if (flag(args, '--fix') && !conflictScan.hard_block) {
-    const fixScope = requestedScope || 'global';
     const existingManifest = await readJson(path.join(root, '.sneakoscope', 'manifest.json'), null);
-    await initProject(root, { installScope: fixScope, globalCommand: await globalSksCommand(), localOnly: flag(args, '--local-only') || Boolean(existingManifest?.git?.local_only), force: true, repair: true });
+    const fixScope = requestedScope || normalizeInstallScope(existingManifest?.installation?.scope || 'global');
+    await initProject(root, { installScope: fixScope, globalCommand, localOnly: flag(args, '--local-only') || Boolean(existingManifest?.git?.local_only), force: true, repair: true });
     if (!flag(args, '--local-only')) globalSkillsRepair = await ensureGlobalCodexSkillsDuringInstall({ force: true });
     repairApplied = true;
     conflictScan = await scanHarnessConflicts(root);
@@ -1726,7 +1727,7 @@ async function doctor(args) {
   const pkgBytes = await dirSize(packageRoot()).catch(() => 0);
   const manifest = await readJson(path.join(root, '.sneakoscope', 'manifest.json'), null);
   const installScope = requestedScope || normalizeInstallScope(manifest?.installation?.scope || 'global');
-  const install = await installStatus(root, installScope);
+  const install = await installStatus(root, installScope, { globalCommand });
   const dbPolicyExists = await exists(path.join(root, '.sneakoscope', 'db-safety.json'));
   const dbScan = await scanDbSafety(root).catch((err) => ({ ok: false, findings: [{ id: 'db_safety_scan_failed', severity: 'high', reason: err.message }] }));
   const context7Status = await checkContext7(root);
@@ -1868,7 +1869,10 @@ async function installStatus(root, scope, opts = {}) {
   const discoveredGlobalBin = await discoverGlobalSksCommand();
   const configuredGlobalBin = await configuredSksBin(opts.globalCommand);
   const globalBin = configuredGlobalBin || discoveredGlobalBin;
-  const commandPrefix = sksCommandPrefix(scope, { globalCommand: globalBin || undefined });
+  const sourceProject = await isHarnessSourceProject(root).catch(() => false);
+  const sourceBin = path.join(root, 'bin', 'sks.mjs');
+  const sourceBinExists = sourceProject && await exists(sourceBin);
+  const commandPrefix = sourceBinExists ? 'node ./bin/sks.mjs' : sksCommandPrefix(scope, { globalCommand: globalBin || undefined });
   const projectBin = path.join(root, 'node_modules', 'sneakoscope', 'bin', 'sks.mjs');
   const projectBinExists = await exists(projectBin);
   return {
@@ -1877,7 +1881,9 @@ async function installStatus(root, scope, opts = {}) {
     command_prefix: commandPrefix,
     global_bin: globalBin,
     project_bin: projectBin,
-    ok: scope === 'project' ? projectBinExists : Boolean(globalBin)
+    source_project: sourceProject,
+    source_bin: sourceBinExists ? sourceBin : null,
+    ok: sourceBinExists || (scope === 'project' ? projectBinExists : Boolean(globalBin))
   };
 }
 
@@ -2038,18 +2044,47 @@ async function selftest() {
   const guardStatus = await harnessGuardStatus(tmp);
   if (!guardStatus.ok || !guardStatus.locked || guardStatus.source_exception) throw new Error('selftest failed: harness guard not locked in installed project');
   const repairTmp = tmpdir();
-  await initProject(repairTmp, {});
+  await writeJsonAtomic(path.join(repairTmp, 'package.json'), { name: 'sneakoscope', version: '0.0.0', type: 'module' });
+  await ensureDir(path.join(repairTmp, 'bin'));
+  await writeTextAtomic(path.join(repairTmp, 'bin', 'sks.mjs'), '#!/usr/bin/env node\n');
+  await ensureDir(path.join(repairTmp, 'src', 'core'));
+  await writeTextAtomic(path.join(repairTmp, 'src', 'core', 'init.mjs'), '// source-project marker\n');
+  await writeTextAtomic(path.join(repairTmp, 'src', 'core', 'hooks-runtime.mjs'), '// source-project marker\n');
+  await initProject(repairTmp, { installScope: 'project', localOnly: true });
   await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'team', 'SKILL.md'), 'tampered\n');
   await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'agent-team', 'SKILL.md'), '---\nname: agent-team\ndescription: Fallback Codex App picker alias for $Team.\n---\n');
   await ensureDir(path.join(repairTmp, '.agents', 'skills', 'custom-keep'));
   await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'custom-keep', 'SKILL.md'), '---\nname: custom-keep\ndescription: User custom skill, not generated by SKS.\n---\n');
   await writeTextAtomic(path.join(repairTmp, '.codex', 'skills', 'team', 'SKILL.md'), 'legacy mirror\n');
-  await initProject(repairTmp, { force: true, repair: true });
+  await writeTextAtomic(path.join(repairTmp, '.codex', 'hooks.json'), '{ "hooks": { "Stop": [{ "hooks": [{ "type": "command", "command": "tampered hook" }] }] } }\n');
+  await writeTextAtomic(path.join(repairTmp, '.codex', 'SNEAKOSCOPE.md'), 'tampered quick reference\n');
+  await writeJsonAtomic(path.join(repairTmp, '.sneakoscope', 'policy.json'), { broken: true });
+  const existingAgentsMd = await safeReadText(path.join(repairTmp, 'AGENTS.md'));
+  await writeTextAtomic(path.join(repairTmp, 'AGENTS.md'), existingAgentsMd.replace(/<!-- BEGIN Sneakoscope Codex GX MANAGED BLOCK -->[\s\S]*?<!-- END Sneakoscope Codex GX MANAGED BLOCK -->\n?/, '<!-- BEGIN Sneakoscope Codex GX MANAGED BLOCK -->\ntampered managed block\n<!-- END Sneakoscope Codex GX MANAGED BLOCK -->\n'));
+  const doctorRepair = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'doctor', '--fix', '--local-only', '--json'], {
+    cwd: repairTmp,
+    env: { HOME: path.join(repairTmp, 'home'), SKS_DISABLE_UPDATE_CHECK: '1' },
+    timeoutMs: 30000,
+    maxOutputBytes: 1024 * 1024
+  });
+  if (doctorRepair.code !== 0) throw new Error(`selftest failed: doctor --fix exited ${doctorRepair.code}: ${doctorRepair.stderr}`);
+  const doctorRepairJson = JSON.parse(doctorRepair.stdout || '{}');
+  if (!doctorRepairJson.repair?.applied || doctorRepairJson.install?.scope !== 'project' || !doctorRepairJson.install?.ok || !doctorRepairJson.install?.source_project) throw new Error('selftest failed: doctor --fix did not preserve project source install scope');
+  const repairedManifest = await readJson(path.join(repairTmp, '.sneakoscope', 'manifest.json'));
+  if (repairedManifest.installation?.scope !== 'project' || repairedManifest.installation?.hook_command_prefix !== 'node ./bin/sks.mjs') throw new Error('selftest failed: doctor --fix rewrote project source install scope to the wrong command prefix');
   const repairedTeamSkill = await safeReadText(path.join(repairTmp, '.agents', 'skills', 'team', 'SKILL.md'));
   if (!repairedTeamSkill.includes('SKS Team orchestration') || repairedTeamSkill.includes('tampered')) throw new Error('selftest failed: doctor repair did not regenerate team skill');
   if (await exists(path.join(repairTmp, '.agents', 'skills', 'agent-team', 'SKILL.md'))) throw new Error('selftest failed: doctor repair did not remove deprecated agent-team alias skill');
   if (!(await exists(path.join(repairTmp, '.agents', 'skills', 'custom-keep', 'SKILL.md')))) throw new Error('selftest failed: doctor repair removed a user-owned custom skill');
   if (await exists(path.join(repairTmp, '.codex', 'skills', 'team', 'SKILL.md'))) throw new Error('selftest failed: doctor repair did not remove legacy .codex/skills');
+  const repairedQuickReference = await safeReadText(path.join(repairTmp, '.codex', 'SNEAKOSCOPE.md'));
+  if (!repairedQuickReference.includes('Install scope: `project`') || repairedQuickReference.includes('tampered')) throw new Error('selftest failed: doctor --fix did not regenerate quick reference');
+  const repairedHooks = await safeReadText(path.join(repairTmp, '.codex', 'hooks.json'));
+  if (!repairedHooks.includes('node ./bin/sks.mjs hook stop') || repairedHooks.includes('tampered hook')) throw new Error('selftest failed: doctor --fix did not regenerate Codex hooks');
+  const repairedPolicy = await readJson(path.join(repairTmp, '.sneakoscope', 'policy.json'));
+  if (repairedPolicy.broken || repairedPolicy.installation?.scope !== 'project' || !repairedPolicy.prompt_pipeline?.dollar_commands?.includes('$Team')) throw new Error('selftest failed: doctor --fix did not regenerate policy');
+  const repairedAgentsMd = await safeReadText(path.join(repairTmp, 'AGENTS.md'));
+  if (!repairedAgentsMd.includes('Do not create unrequested fallback implementation code') || repairedAgentsMd.includes('tampered managed block')) throw new Error('selftest failed: doctor --fix did not repair AGENTS managed block');
   const conflictTmp = tmpdir();
   await ensureDir(path.join(conflictTmp, '.omx'));
   const conflictScan = await scanHarnessConflicts(conflictTmp, { home: path.join(conflictTmp, 'home') });

package/src/core/fsx.mjs

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 
-export const PACKAGE_VERSION = '0.7.0';
+export const PACKAGE_VERSION = '0.7.1';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;