sneakoscope 2.0.10 → 2.0.11

package/dist/core/commands/naruto-command.js

@@ -1,6 +1,6 @@
 import path from 'node:path';
 import { createMission, findLatestMission, loadMission } from '../mission.js';
-import { readJson, sksRoot, writeJsonAtomic } from '../fsx.js';
+import { nowIso, readJson, sksRoot, writeJsonAtomic } from '../fsx.js';
 import { runNativeAgentOrchestrator } from '../agents/agent-orchestrator.js';
 import { classifyOllamaWorkerSlice } from '../agents/agent-runner-ollama.js';
 import { buildNarutoCloneRoster, systemSafeNarutoConcurrency } from '../agents/agent-roster.js';
@@ -12,6 +12,8 @@ import { buildNarutoRoleDistribution } from '../naruto/naruto-role-policy.js';
 import { decideNarutoConcurrency } from '../naruto/naruto-concurrency-governor.js';
 import { runNarutoActivePool, runNarutoRealActivePool } from '../naruto/naruto-active-pool.js';
 import { collectActualNarutoWorker, spawnActualNarutoWorker } from '../naruto/naruto-real-worker-runtime.js';
+import { allocateNarutoTasksToWorkers } from '../naruto/naruto-allocation-policy.js';
+import { rebalanceNarutoReadyWork } from '../naruto/naruto-rebalance-policy.js';
 import { buildNarutoVerificationDag } from '../naruto/naruto-verification-dag.js';
 import { buildNarutoGptFinalPack } from '../naruto/naruto-gpt-final-pack.js';
 import { planNarutoZellijDashboard } from '../zellij/zellij-naruto-dashboard.js';
@@ -103,6 +105,50 @@ async function narutoRun(parsed) {
         worktreePolicy
     });
     const roleDistribution = buildNarutoRoleDistribution(workGraph.work_items, { readonly: parsed.readonly });
+    const allocationWorkers = buildNarutoAllocationWorkers(workGraph, roleDistribution, roster);
+    const allocationAssignments = allocateNarutoTasksToWorkers(workGraph.work_items, allocationWorkers);
+    const allocationPolicy = {
+        schema: 'sks.naruto-allocation-policy.v1',
+        generated_at: nowIso(),
+        ok: allocationWorkers.length > 0 && allocationAssignments.length === workGraph.work_items.length,
+        scoring_model: {
+            same_primary_role: 18,
+            declared_role: 12,
+            same_path_lane: 12,
+            overlap_each: 4,
+            assigned_task_penalty_each: -4,
+            write_conflict_penalty: -20,
+            dependency_incomplete: '-Infinity'
+        },
+        workers: allocationWorkers,
+        assignments: allocationAssignments.map((row) => ({
+            task_id: row.id,
+            owner: row.owner,
+            score: Number.isFinite(row.allocation_score) ? row.allocation_score : '-Infinity',
+            reason: row.allocation_reason,
+            role: row.required_role,
+            kind: row.kind,
+            paths: row.hints.paths,
+            domains: row.hints.domains,
+            write_paths: row.hints.writePaths
+        })),
+        blockers: allocationWorkers.length ? [] : ['naruto_allocation_workers_missing']
+    };
+    const rebalanceDecisions = rebalanceNarutoReadyWork({
+        tasks: workGraph.work_items.map((item) => ({ ...item, owner: null, status: 'pending' })),
+        workers: allocationWorkers.map((worker) => ({ ...worker, alive: true, state: 'idle' })),
+        completedTaskIds: [],
+        reclaimedTaskIds: []
+    });
+    const rebalancePolicy = {
+        schema: 'sks.naruto-rebalance-policy.v1',
+        generated_at: nowIso(),
+        ok: true,
+        trigger: 'idle_worker_ready_queue',
+        decisions: rebalanceDecisions,
+        blocked_by_dependency_count: workGraph.work_items.filter((item) => item.dependencies.length > 0).length,
+        blockers: []
+    };
     const governor = decideNarutoConcurrency({
         requestedClones: roster.agent_count,
         totalWorkItems: workGraph.total_work_items,
@@ -113,24 +159,38 @@ async function narutoRun(parsed) {
     const activeSlots = Math.max(1, Math.min(roster.agent_count, parsed.concurrency || Math.max(governor.safe_active_workers, backendMinimum), safe.cap));
     const zellijVisiblePanes = Math.max(1, Math.min(activeSlots, governor.safe_zellij_visible_panes));
     const activePool = await runNarutoActivePool({ graph: workGraph, governor: { ...governor, safe_active_workers: activeSlots } });
-    const realRuntimeWorktreePolicy = schedulerBackend === 'fake'
-        ? {
+    const realRuntimeSmokeGraph = buildNarutoWorkGraph({
+        prompt: parsed.prompt,
+        requestedClones: Math.min(2, roster.agent_count),
+        totalWorkItems: Math.min(2, workGraph.total_work_items),
+        readonly: true,
+        writeCapable: false,
+        leaseBasePath: patchEnvelopeBasePath,
+        maxActiveWorkers: Math.min(2, activeSlots),
+        worktreePolicy: {
             mode: 'patch-envelope-only',
             required: false,
             main_repo_root: worktreePolicy.main_repo_root,
             worktree_root: null,
-            fallback_reason: 'fake_backend_fixture_skips_real_worktree_cleanup'
+            fallback_reason: 'pre_run_smoke_never_owns_production_runtime'
         }
-        : worktreePolicy;
+    });
+    const realRuntimeWorktreePolicy = {
+        mode: 'patch-envelope-only',
+        required: false,
+        main_repo_root: worktreePolicy.main_repo_root,
+        worktree_root: null,
+        fallback_reason: 'pre_run_smoke_never_owns_production_runtime'
+    };
     const realActivePool = await runNarutoRealActivePool({
-        graph: workGraph,
-        governor: { ...governor, safe_active_workers: activeSlots },
+        graph: realRuntimeSmokeGraph,
+        governor: { ...governor, safe_active_workers: Math.min(2, activeSlots), safe_zellij_visible_panes: Math.min(1, zellijVisiblePanes) },
         spawnWorker: async (item, placement) => spawnActualNarutoWorker({
             root,
             missionId: mission.id,
             item,
             placement,
-            backend: schedulerBackend,
+            backend: 'fake',
             worktreePolicy: realRuntimeWorktreePolicy,
             zellijSessionName: `sks-${mission.id}`,
             visiblePaneCap: zellijVisiblePanes
@@ -139,6 +199,12 @@ async function narutoRun(parsed) {
         enqueueVerification: async () => undefined,
         updateDashboard: async () => undefined
     });
+    const realActivePoolSmoke = {
+        ...realActivePool,
+        runtime_source_of_truth: 'pre_run_smoke_only',
+        production_runtime_source_of_truth: 'agent-orchestrator-scheduler',
+        smoke_graph_total_work_items: realRuntimeSmokeGraph.total_work_items
+    };
     const verificationDag = buildNarutoVerificationDag(workGraph, { cwd: root });
     const gptFinalPack = buildNarutoGptFinalPack({
         missionId: mission.id,
@@ -162,7 +228,9 @@ async function narutoRun(parsed) {
         roleDistribution,
         governor,
         activePool,
-        realActivePool,
+        realActivePool: realActivePoolSmoke,
+        allocationPolicy,
+        rebalancePolicy,
         verificationDag,
         gptFinalPack,
         zellijDashboard,
@@ -254,6 +322,8 @@ async function narutoRun(parsed) {
         max_clones: MAX_NARUTO_AGENT_COUNT,
         concurrency: result.target_active_slots ?? activeSlots,
         target_active_slots: result.target_active_slots ?? activeSlots,
+        runtime_source_of_truth: 'agent-orchestrator-scheduler',
+        pre_run_real_active_pool_source: 'smoke_only',
         concurrency_capped: clones > (result.target_active_slots ?? activeSlots),
         system: { cores: safe.cores, free_gb: safe.free_gb, safe_concurrency: safe.cap, heavy_backend: safe.heavy },
         work_graph: {
@@ -267,6 +337,8 @@ async function narutoRun(parsed) {
         },
         git_worktree: gitWorktreeCapability,
         role_distribution: roleDistribution,
+        allocation_policy: allocationPolicy,
+        rebalance_policy: rebalancePolicy,
         concurrency_governor: governor,
         active_pool: {
             ok: activePool.ok,
@@ -274,16 +346,18 @@ async function narutoRun(parsed) {
             refill_events: activePool.refill_events,
             completed_count: activePool.completed_count,
             real_runtime: {
-                ok: realActivePool.ok,
-                active_cap: realActivePool.active_cap,
-                max_observed_active_workers: realActivePool.max_observed_active_workers,
-                average_active_workers: realActivePool.average_active_workers,
-                active_pool_utilization: realActivePool.active_pool_utilization,
-                refill_latency_ms_p95: realActivePool.refill_latency_ms_p95,
-                visible_workers: realActivePool.visible_workers,
-                headless_workers: realActivePool.headless_workers,
-                worker_lifecycle_count: realActivePool.worker_lifecycle.length,
-                worker_lifecycle_sample: realActivePool.worker_lifecycle.slice(0, 5)
+                ok: realActivePoolSmoke.ok,
+                runtime_source_of_truth: realActivePoolSmoke.runtime_source_of_truth,
+                production_runtime_source_of_truth: realActivePoolSmoke.production_runtime_source_of_truth,
+                active_cap: realActivePoolSmoke.active_cap,
+                max_observed_active_workers: realActivePoolSmoke.max_observed_active_workers,
+                average_active_workers: realActivePoolSmoke.average_active_workers,
+                active_pool_utilization: realActivePoolSmoke.active_pool_utilization,
+                refill_latency_ms_p95: realActivePoolSmoke.refill_latency_ms_p95,
+                visible_workers: realActivePoolSmoke.visible_workers,
+                headless_workers: realActivePoolSmoke.headless_workers,
+                worker_lifecycle_count: realActivePoolSmoke.worker_lifecycle.length,
+                worker_lifecycle_sample: realActivePoolSmoke.worker_lifecycle.slice(0, 5)
             }
         },
         local_worker: localWorkerSummary,
@@ -335,6 +409,27 @@ function compactNarutoRunResult(result) {
         }
     };
 }
+function buildNarutoAllocationWorkers(workGraph, roleDistribution, roster) {
+    const workItems = Array.isArray(workGraph?.work_items) ? workGraph.work_items : [];
+    const roleByWorkItem = new Map((roleDistribution?.work_item_roles || []).map((row) => [String(row.work_item_id), String(row.role || '')]));
+    const rosterRows = Array.isArray(roster?.roster) ? roster.roster : [];
+    const count = Math.max(1, Math.min(Number(roster?.agent_count || rosterRows.length || workItems.length || 1), Math.max(1, workItems.length || 1)));
+    return Array.from({ length: count }, (_unused, index) => {
+        const agent = rosterRows[index] || {};
+        const item = workItems[index % Math.max(1, workItems.length)] || {};
+        const role = String(agent.naruto_role || agent.role || roleByWorkItem.get(String(item.id || '')) || item.required_role || 'worker');
+        return {
+            id: String(agent.id || `clone-${String(index + 1).padStart(3, '0')}`),
+            role,
+            lane: narutoAllocationLane(item)
+        };
+    });
+}
+function narutoAllocationLane(item) {
+    const firstPath = String((item?.write_paths || item?.target_paths || item?.readonly_paths || [])[0] || '');
+    const parts = firstPath.replace(/\\/g, '/').split('/').filter(Boolean);
+    return parts.slice(0, Math.min(2, parts.length)).join('/') || null;
+}
 function summarizeNarutoLocalWorkerResult(localWorker, result) {
     const backendCounts = {};
     const rows = Array.isArray(result?.results) ? result.results : [];
@@ -498,6 +593,10 @@ async function writeNarutoArtifacts(ledgerRoot, artifacts) {
     await writeJsonAtomic(path.join(ledgerRoot, 'naruto-active-pool.json'), artifacts.activePool);
     if (artifacts.realActivePool)
         await writeJsonAtomic(path.join(ledgerRoot, 'naruto-real-active-pool.json'), artifacts.realActivePool);
+    if (artifacts.allocationPolicy)
+        await writeJsonAtomic(path.join(ledgerRoot, 'naruto-allocation-policy.json'), artifacts.allocationPolicy);
+    if (artifacts.rebalancePolicy)
+        await writeJsonAtomic(path.join(ledgerRoot, 'naruto-rebalance-policy.json'), artifacts.rebalancePolicy);
     await writeJsonAtomic(path.join(ledgerRoot, 'naruto-verification-dag.json'), artifacts.verificationDag);
     await writeJsonAtomic(path.join(ledgerRoot, 'naruto-gpt-final-pack.json'), artifacts.gptFinalPack);
     await writeJsonAtomic(path.join(ledgerRoot, 'naruto-zellij-dashboard.json'), artifacts.zellijDashboard);

package/dist/core/fsx.js

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 import { fileURLToPath } from 'node:url';
-export const PACKAGE_VERSION = '2.0.10';
+export const PACKAGE_VERSION = '2.0.11';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
 export function nowIso() {

package/dist/core/git/git-worktree-checkpoint.js

@@ -0,0 +1,52 @@
+import { nowIso } from '../fsx.js';
+import { gitBlocker, gitOutputLine, runGitCommand } from './git-worktree-runner.js';
+export async function checkpointWorkerWorktree(input) {
+    const status = await runGitCommand(input.worktreePath, ['status', '--porcelain=v1', '--untracked-files=all']);
+    const names = await runGitCommand(input.worktreePath, ['diff', '--name-only', 'HEAD']);
+    const untracked = await runGitCommand(input.worktreePath, ['ls-files', '--others', '--exclude-standard']);
+    const changedFiles = [...new Set([...lines(names.stdout), ...lines(untracked.stdout), ...statusFiles(status.stdout)])];
+    const blockers = [...(status.ok ? [] : [gitBlocker('git_worktree_status_failed', status)])];
+    const requested = input.mode || 'auto';
+    const commitMode = requested === 'checkpoint-commit' || (requested === 'auto' && changedFiles.length > 1);
+    if (!changedFiles.length || blockers.length) {
+        return report(input, requested, 'noop', null, changedFiles, blockers);
+    }
+    if (!commitMode)
+        return report(input, requested, 'diff-envelope', null, changedFiles, blockers);
+    const add = await runGitCommand(input.worktreePath, ['add', '-A'], { timeoutMs: 30000 });
+    if (!add.ok)
+        blockers.push(gitBlocker('git_worktree_checkpoint_add_failed', add));
+    const commit = blockers.length ? null : await runGitCommand(input.worktreePath, ['commit', '--no-verify', '-m', `sks(worker): checkpoint ${input.workerId}/${input.taskId}`], { timeoutMs: 120000 });
+    if (commit && !commit.ok)
+        blockers.push(gitBlocker('git_worktree_checkpoint_commit_failed', commit));
+    const head = blockers.length ? null : await runGitCommand(input.worktreePath, ['rev-parse', 'HEAD']);
+    const hash = head?.ok ? gitOutputLine(head) : null;
+    return report(input, requested, blockers.length ? 'noop' : 'checkpoint-commit', hash, changedFiles, blockers);
+}
+function report(input, mode, applied, commitHash, changedFiles, blockers) {
+    return {
+        schema: 'sks.git-worktree-checkpoint.v1',
+        ok: blockers.length === 0,
+        generated_at: nowIso(),
+        worktree_path: input.worktreePath,
+        repo_root: input.repoRoot,
+        worker_id: input.workerId,
+        task_id: input.taskId,
+        mode_requested: mode,
+        mode_applied: applied,
+        commit_hash: commitHash,
+        changed_files: changedFiles,
+        blockers
+    };
+}
+function lines(text) {
+    return String(text || '').split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+}
+function statusFiles(text) {
+    return lines(text).map((line) => {
+        const match = line.match(/^.{2}\s+(.*)$/) || line.match(/^\S+\s+(.*)$/);
+        const file = (match?.[1] || line).trim();
+        return file.includes(' -> ') ? file.split(' -> ').pop()?.trim() || file : file;
+    }).filter(Boolean);
+}
+//# sourceMappingURL=git-worktree-checkpoint.js.map

package/dist/core/git/git-worktree-cross-rebase.js

@@ -0,0 +1,54 @@
+import { nowIso } from '../fsx.js';
+import { gitBlocker, gitOutputLine, runGitCommand } from './git-worktree-runner.js';
+export async function crossRebaseIdleWorktrees(input) {
+    const records = [];
+    for (const worker of input.workers) {
+        const before = await runGitCommand(worker.worktree_path, ['rev-parse', 'HEAD']);
+        const beforeHead = before.ok ? gitOutputLine(before) : null;
+        if (!['idle', 'done', 'failed', 'unknown'].includes(worker.state)) {
+            records.push(record(worker, 'skipped', 'worker_not_idle', beforeHead, beforeHead, []));
+            continue;
+        }
+        const status = await runGitCommand(worker.worktree_path, ['status', '--porcelain=v1', '--untracked-files=all']);
+        if (!status.ok) {
+            records.push(record(worker, 'failed', 'status_failed', beforeHead, beforeHead, [gitBlocker('git_worktree_cross_rebase_status_failed', status)]));
+            continue;
+        }
+        if (status.stdout.trim()) {
+            records.push(record(worker, 'skipped', 'dirty_worktree_skipped', beforeHead, beforeHead, []));
+            continue;
+        }
+        const rebase = await runGitCommand(worker.worktree_path, ['rebase', input.integrationHead], { timeoutMs: 120000 });
+        if (!rebase.ok) {
+            await runGitCommand(worker.worktree_path, ['rebase', '--abort'], { timeoutMs: 30000 }).catch(() => null);
+            records.push(record(worker, 'failed', 'rebase_failed', beforeHead, beforeHead, [gitBlocker('git_worktree_cross_rebase_failed', rebase)]));
+            continue;
+        }
+        const after = await runGitCommand(worker.worktree_path, ['rev-parse', 'HEAD']);
+        records.push(record(worker, 'applied', 'rebased_to_integration_head', beforeHead, after.ok ? gitOutputLine(after) : null, []));
+    }
+    const blockers = records.flatMap((row) => row.blockers);
+    return {
+        schema: 'sks.git-worktree-cross-rebase.v1',
+        ok: blockers.length === 0,
+        generated_at: nowIso(),
+        integration_head: input.integrationHead,
+        applied_count: records.filter((row) => row.status === 'applied').length,
+        skipped_count: records.filter((row) => row.status === 'skipped').length,
+        records,
+        blockers
+    };
+}
+function record(worker, status, reason, beforeHead, afterHead, blockers) {
+    return {
+        worker_id: worker.worker_id,
+        worktree_path: worker.worktree_path,
+        state: worker.state,
+        status,
+        reason,
+        before_head: beforeHead,
+        after_head: afterHead,
+        blockers
+    };
+}
+//# sourceMappingURL=git-worktree-cross-rebase.js.map

package/dist/core/git/git-worktree-merge-queue.js

@@ -3,10 +3,35 @@ import { runGitCommand } from './git-worktree-runner.js';
 import { summarizeGitWorktreeConflict } from './git-worktree-conflict-resolver.js';
 export async function applyGitWorktreeMergeQueue(input) {
     const conflicts = [];
+    const strategyResults = [];
     const changedFiles = new Set();
     let appliedCount = 0;
     let skippedCleanCount = 0;
+    let checkpointCommitCount = 0;
+    for (const checkpoint of input.checkpoints || []) {
+        for (const file of checkpoint.changed_files || [])
+            changedFiles.add(file);
+        if (checkpoint.mode_applied !== 'checkpoint-commit' || !checkpoint.commit_hash)
+            continue;
+        checkpointCommitCount += 1;
+        const merged = await applyCheckpointCommit(input.integrationWorktreePath, checkpoint);
+        strategyResults.push(merged);
+        if (merged.ok)
+            appliedCount += 1;
+        else
+            conflicts.push({
+                worker_id: checkpoint.worker_id,
+                changed_files: checkpoint.changed_files,
+                strategy: 'checkpoint-commit',
+                blockers: merged.blockers,
+                conflict_files: merged.conflict_files
+            });
+    }
     for (const diff of input.diffs) {
+        if ((input.checkpoints || []).some((checkpoint) => checkpoint.worker_id === diff.worker_id && checkpoint.mode_applied === 'checkpoint-commit' && checkpoint.commit_hash)) {
+            skippedCleanCount += 1;
+            continue;
+        }
         for (const file of diff.changed_files)
             changedFiles.add(file);
         if (diff.clean || !diff.diff.trim()) {
@@ -46,10 +71,54 @@ export async function applyGitWorktreeMergeQueue(input) {
         generated_at: nowIso(),
         integration_worktree_path: input.integrationWorktreePath,
         applied_count: appliedCount,
+        checkpoint_commit_count: checkpointCommitCount,
         skipped_clean_count: skippedCleanCount,
         conflicts,
+        strategy_results: strategyResults,
         changed_files: [...changedFiles],
         blockers
     };
 }
+async function applyCheckpointCommit(integrationWorktreePath, checkpoint) {
+    const merge = await runGitCommand(integrationWorktreePath, ['merge', '--no-ff', '--no-edit', checkpoint.commit_hash || ''], {
+        timeoutMs: 120000
+    });
+    if (merge.ok) {
+        return {
+            ok: true,
+            worker_id: checkpoint.worker_id,
+            strategy: 'merge',
+            commit_hash: checkpoint.commit_hash,
+            conflict_files: [],
+            blockers: []
+        };
+    }
+    await runGitCommand(integrationWorktreePath, ['merge', '--abort'], { timeoutMs: 30000 }).catch(() => null);
+    const cherryPick = await runGitCommand(integrationWorktreePath, ['cherry-pick', checkpoint.commit_hash || ''], {
+        timeoutMs: 120000
+    });
+    if (cherryPick.ok) {
+        return {
+            ok: true,
+            worker_id: checkpoint.worker_id,
+            strategy: 'cherry-pick',
+            commit_hash: checkpoint.commit_hash,
+            conflict_files: [],
+            blockers: []
+        };
+    }
+    const conflictFiles = await runGitCommand(integrationWorktreePath, ['diff', '--name-only', '--diff-filter=U'], { timeoutMs: 30000 }).catch(() => null);
+    await runGitCommand(integrationWorktreePath, ['cherry-pick', '--abort'], { timeoutMs: 30000 }).catch(() => null);
+    return {
+        ok: false,
+        worker_id: checkpoint.worker_id,
+        strategy: 'merge_then_cherry-pick',
+        commit_hash: checkpoint.commit_hash,
+        conflict_files: String(conflictFiles?.stdout || '').split(/\r?\n/).map((line) => line.trim()).filter(Boolean),
+        blockers: [
+            `git_worktree_checkpoint_merge_failed:${merge.stderr_tail || merge.stdout_tail}`,
+            `git_worktree_checkpoint_cherry_pick_failed:${cherryPick.stderr_tail || cherryPick.stdout_tail}`
+        ]
+    };
+}
 //# sourceMappingURL=git-worktree-merge-queue.js.map

package/dist/core/git/git-worktree-patch-envelope.js

@@ -18,7 +18,14 @@ export function buildGitWorktreePatchEnvelope(input) {
             base_head: input.diff.base_head,
             worktree_head: input.diff.worktree_head,
             changed_files: changedFiles,
-            diff_bytes: input.diff.diff_bytes
+            diff_bytes: input.diff.diff_bytes,
+            checkpoint: input.checkpoint ? {
+                schema: input.checkpoint.schema,
+                mode_applied: input.checkpoint.mode_applied,
+                commit_hash: input.checkpoint.commit_hash,
+                changed_files: input.checkpoint.changed_files,
+                blockers: input.checkpoint.blockers
+            } : null
         },
         operations: [{
                 op: 'git_apply_patch',

package/dist/core/init.js

@@ -237,7 +237,7 @@ function isSksManagedHook(hook) {
     const command = String(hook.command || '');
     return hook.type === 'command' && /\bhook\s+(?:session-start|user-prompt-submit|pre-tool|post-tool|permission-request|pre-compact|post-compact|subagent-start|subagent-stop|stop)\b/.test(command) && /\b(?:sks|sneakoscope|sks\.js)\b/.test(command);
 }
-const AGENTS_BLOCK = "\n# Sneakoscope Codex Managed Rules\n\nThis repository uses Sneakoscope Codex.\n\n## Core Rules\n\n- Codex native `/goal` workflows are the persisted continuation surface; Ralph is removed from the user-facing SKS surface.\n- Keep runtime state bounded: raw logs go to files, prompts get tails/summaries, and `sks gc` may prune stale artifacts.\n- Codex App hooks do not force SKS update prompts during ordinary work. CLI update surfaces (`sks update-check`, `sks update check`, and launch notices) show latest-version guidance, and `sks doctor --fix` runs the guarded global SKS update path.\n- Versioning is explicit: use `sks versioning bump` when preparing release metadata. SKS must not install Git pre-commit hooks.\n- Installed harness files are immutable to LLM edits: `.codex/*`, `.agents/skills/`, `.codex/agents/`, `.sneakoscope/*policy*.json`, `AGENTS.md`, and `node_modules/sneakoscope`. The Sneakoscope engine source repo is the only automatic exception.\n- OMX/DCodex conflicts block setup/doctor. Show `sks conflicts prompt`; cleanup requires explicit human approval.\n- Do not stop at a plan when implementation was requested. Finish, verify, or report the hard blocker.\n- Do not create unrequested fallback implementation code. If the requested path is impossible, block with evidence instead of inventing substitute behavior.\n\n## Routes\n\n- General execution/code-changing prompts default to `$Team`: native agent intake agents, TriWiki refresh/validate, read-only debate, consensus, concrete runtime task graph/inboxes, fresh executor team, minimum five-lane Team review, integration, Honest Mode.\n- `$Computer-Use` / `$CU` is the maximum-speed Codex Computer Use lane for native macOS, desktop-app, OS-settings, and non-web visual tasks only. Web, browser, localhost, website, webapp, and web-based app verification must use the Codex Chrome Extension path first and halt rapidly if the extension is not installed/enabled.\n- `$Goal` is a fast bridge/overlay for Codex native `/goal` create/pause/resume/clear persistence controls; implementation continues through the selected SKS execution route.\n- TriWiki recall must stay bounded. Use `sks wiki sweep` to record demote, soft-forget, archive, delete, promote-to-skill, and promote-to-rule candidates instead of injecting every old claim.\n- Team missions must keep schema-backed evidence current: `work-order-ledger.json`, `effort-decision.json`, `team-dashboard-state.json`, and route-specific visual/dogfood artifacts where applicable. Team completion requires at least five independent reviewer/QA validation lanes before integration or final, even when a prompt requests fewer reviewers. Use `sks validate-artifacts latest` before claiming those artifacts pass.\n- `$DFix` is Direct Fix: only tiny copy/config/docs/labels/spacing/translation/simple mechanical edits, bypassing the main pipeline, Team, TriWiki/TriFix/reflection recording, and persistent route state; it still uses a one-line DFix-specific Honest check before final. Broad implementation stays on `$Team`, while UI design specifics follow the relevant design/UI route rules. `$PPT` is the restrained, information-first HTML/PDF presentation route and must seal delivery context, audience profile, STP, decision context, and 3+ pain-point/solution/aha mappings before design/render work. It must avoid over-designed visuals, carry detail through hierarchy, spacing, alignment, thin rules, source clarity, and subtle accents, preserve editable source HTML under `source-html/`, record `ppt-parallel-report.json`, and clean PPT-only temporary build files before completion. `$Image-UX-Review` / `$UX-Review` is the imagegen/gpt-image-2 UI/UX review route: source screenshots must become generated annotated review images, those generated images must be extracted into issue ledgers, and text-only critique cannot pass the route gate. `$Answer`, `$Help`, and `$Wiki` stay lightweight.\n- For code work, surface route/guard/write scopes first, split independent worker scopes when available, and keep parent-owned integration and verification.\n- Design work reads `design.md` as the only design decision SSOT. If missing, create it through `design-system-builder` from `docs/Design-Sys-Prompt.md`; getdesign.md, getdesign-reference, and curated DESIGN.md examples from https://github.com/VoltAgent/awesome-design-md are source inputs to fuse into that SSOT or route-local style tokens, not parallel design authorities. Image/logo/raster assets use `imagegen`, which must prefer official Codex App built-in image generation via `$imagegen` / `gpt-image-2`; for newest-model image requests prompt explicitly for ChatGPT Images 2.0 / GPT Image 2.0 with `gpt-image-2`. Do not replace required raster evidence with placeholder SVG/HTML/CSS, prose-only reviews, or fabricated files.\n- Research, AutoResearch, performance, token, accuracy, SEO/GEO, or workflow-improvement claims need experiment/eval evidence. Do not claim live model accuracy without a scored dataset.\n- Treat handwritten files above 3000 lines as split-review risks. Run `sks code-structure scan` and prefer extraction before adding substantial logic.\n- Skill dreaming stays lightweight: route use records JSON counters in `.sneakoscope/skills/dream-state.json`, and full skill inventory/recommendation runs only after the configured 10-route-event threshold and cooldown. Reports are recommendation-only; deleting or merging skills needs explicit user approval.\n\n## Evidence And Context\n\n- Context7 is required for external libraries, APIs, MCPs, package managers, SDKs, and generated docs: resolve-library-id then query-docs.\n- When tech stack, framework, package, runtime, or deployment-platform versions change, use Context7 or official vendor web docs, record current syntax/security/limit guidance as high-priority TriWiki claims, then refresh and validate before coding.\n- TriWiki is the context-tracking SSOT for long-running missions, Team handoffs, and context-pressure recovery. Read `.sneakoscope/wiki/context-pack.json` before each stage, use `attention.use_first` for compact high-trust recall, hydrate `attention.hydrate_first` from source before risky or lower-trust decisions, refresh after findings or artifact changes, and validate before handoffs/final claims.\n- Source priority: current code/tests/config, decision contract, vgraph, beta, GX render/snapshot metadata, LLM Wiki coordinate index, then model knowledge only if allowed.\n- Final response before stop: summarize what was done, what changed for the user/repo, what was verified, and what remains unverified or blocked; then run Honest Mode. Say what passed and what was not verified.\n- `$From-Chat-IMG` uses forensic visual effort, not ordinary Team effort. Completion is blocked until source inventory, visual mapping, work-order coverage, scoped dogfood/QA, and post-fix verification artifacts are present and valid.\n\n## Safety\n\n- Database access is high risk. Use read-only inspection by default; live data mutation is out of scope unless a sealed contract allows local or branch-only migration files.\n- MAD and MAD-SKS widen only explicit scoped permissions; they still do not authorize unrequested fallback implementation code.\n- Task completion requires relevant tests or justification, zero unsupported critical claims, accepted visual/wiki drift, and final evidence.\n\n## Codex App\n\nUse `.codex/SNEAKOSCOPE.md`, generated `.agents/skills`, `.codex/hooks.json`, and SKS dollar commands (`$sks`, `$team`, `$computer-use`, `$cu`, `$ppt`, `$image-ux-review`, `$ux-review`, `$goal`, `$dfix`, `$qa-loop`, etc.) as the app control surface.\n";
+const AGENTS_BLOCK = "\n# Sneakoscope Codex Managed Rules\n\nThis repository uses Sneakoscope Codex.\n\n## Core Rules\n\n- Codex native `/goal` workflows are the persisted continuation surface; Ralph is removed from the user-facing SKS surface.\n- Keep runtime state bounded: raw logs go to files, prompts get tails/summaries, and `sks gc` may prune stale artifacts.\n- Codex App hooks, launch paths, and `sks doctor --fix` do not force SKS update prompts during ordinary work. Manual CLI update surfaces (`sks update-check`, `sks update check`, and `sks update now`) remain available when the operator explicitly asks for them.\n- Versioning is explicit: use `sks versioning bump` when preparing release metadata. SKS must not install Git pre-commit hooks.\n- Installed harness files are immutable to LLM edits: `.codex/*`, `.agents/skills/`, `.codex/agents/`, `.sneakoscope/*policy*.json`, `AGENTS.md`, and `node_modules/sneakoscope`. The Sneakoscope engine source repo is the only automatic exception.\n- OMX/DCodex conflicts block setup/doctor. Show `sks conflicts prompt`; cleanup requires explicit human approval.\n- Do not stop at a plan when implementation was requested. Finish, verify, or report the hard blocker.\n- Do not create unrequested fallback implementation code. If the requested path is impossible, block with evidence instead of inventing substitute behavior.\n\n## Routes\n\n- General execution/code-changing prompts default to `$Team`: native agent intake agents, TriWiki refresh/validate, read-only debate, consensus, concrete runtime task graph/inboxes, fresh executor team, minimum five-lane Team review, integration, Honest Mode.\n- `$Computer-Use` / `$CU` is the maximum-speed Codex Computer Use lane for native macOS, desktop-app, OS-settings, and non-web visual tasks only. Web, browser, localhost, website, webapp, and web-based app verification must use the Codex Chrome Extension path first and halt rapidly if the extension is not installed/enabled.\n- `$Goal` is a fast bridge/overlay for Codex native `/goal` create/pause/resume/clear persistence controls; implementation continues through the selected SKS execution route.\n- TriWiki recall must stay bounded. Use `sks wiki sweep` to record demote, soft-forget, archive, delete, promote-to-skill, and promote-to-rule candidates instead of injecting every old claim.\n- Team missions must keep schema-backed evidence current: `work-order-ledger.json`, `effort-decision.json`, `team-dashboard-state.json`, and route-specific visual/dogfood artifacts where applicable. Team completion requires at least five independent reviewer/QA validation lanes before integration or final, even when a prompt requests fewer reviewers. Use `sks validate-artifacts latest` before claiming those artifacts pass.\n- `$DFix` is Direct Fix: only tiny copy/config/docs/labels/spacing/translation/simple mechanical edits, bypassing the main pipeline, Team, TriWiki/TriFix/reflection recording, and persistent route state; it still uses a one-line DFix-specific Honest check before final. Broad implementation stays on `$Team`, while UI design specifics follow the relevant design/UI route rules. `$PPT` is the restrained, information-first HTML/PDF presentation route and must seal delivery context, audience profile, STP, decision context, and 3+ pain-point/solution/aha mappings before design/render work. It must avoid over-designed visuals, carry detail through hierarchy, spacing, alignment, thin rules, source clarity, and subtle accents, preserve editable source HTML under `source-html/`, record `ppt-parallel-report.json`, and clean PPT-only temporary build files before completion. `$Image-UX-Review` / `$UX-Review` is the imagegen/gpt-image-2 UI/UX review route: source screenshots must become generated annotated review images, those generated images must be extracted into issue ledgers, and text-only critique cannot pass the route gate. `$Answer`, `$Help`, and `$Wiki` stay lightweight.\n- For code work, surface route/guard/write scopes first, split independent worker scopes when available, and keep parent-owned integration and verification.\n- Design work reads `design.md` as the only design decision SSOT. If missing, create it through `design-system-builder` from `docs/Design-Sys-Prompt.md`; getdesign.md, getdesign-reference, and curated DESIGN.md examples from https://github.com/VoltAgent/awesome-design-md are source inputs to fuse into that SSOT or route-local style tokens, not parallel design authorities. Image/logo/raster assets use `imagegen`, which must prefer official Codex App built-in image generation via `$imagegen` / `gpt-image-2`; for newest-model image requests prompt explicitly for ChatGPT Images 2.0 / GPT Image 2.0 with `gpt-image-2`. Do not replace required raster evidence with placeholder SVG/HTML/CSS, prose-only reviews, or fabricated files.\n- Research, AutoResearch, performance, token, accuracy, SEO/GEO, or workflow-improvement claims need experiment/eval evidence. Do not claim live model accuracy without a scored dataset.\n- Treat handwritten files above 3000 lines as split-review risks. Run `sks code-structure scan` and prefer extraction before adding substantial logic.\n- Skill dreaming stays lightweight: route use records JSON counters in `.sneakoscope/skills/dream-state.json`, and full skill inventory/recommendation runs only after the configured 10-route-event threshold and cooldown. Reports are recommendation-only; deleting or merging skills needs explicit user approval.\n\n## Evidence And Context\n\n- Context7 is required for external libraries, APIs, MCPs, package managers, SDKs, and generated docs: resolve-library-id then query-docs.\n- When tech stack, framework, package, runtime, or deployment-platform versions change, use Context7 or official vendor web docs, record current syntax/security/limit guidance as high-priority TriWiki claims, then refresh and validate before coding.\n- TriWiki is the context-tracking SSOT for long-running missions, Team handoffs, and context-pressure recovery. Read `.sneakoscope/wiki/context-pack.json` before each stage, use `attention.use_first` for compact high-trust recall, hydrate `attention.hydrate_first` from source before risky or lower-trust decisions, refresh after findings or artifact changes, and validate before handoffs/final claims.\n- Source priority: current code/tests/config, decision contract, vgraph, beta, GX render/snapshot metadata, LLM Wiki coordinate index, then model knowledge only if allowed.\n- Final response before stop: summarize what was done, what changed for the user/repo, what was verified, and what remains unverified or blocked; then run Honest Mode. Say what passed and what was not verified.\n- `$From-Chat-IMG` uses forensic visual effort, not ordinary Team effort. Completion is blocked until source inventory, visual mapping, work-order coverage, scoped dogfood/QA, and post-fix verification artifacts are present and valid.\n\n## Safety\n\n- Database access is high risk. Use read-only inspection by default; live data mutation is out of scope unless a sealed contract allows local or branch-only migration files.\n- MAD and MAD-SKS widen only explicit scoped permissions; they still do not authorize unrequested fallback implementation code.\n- Task completion requires relevant tests or justification, zero unsupported critical claims, accepted visual/wiki drift, and final evidence.\n\n## Codex App\n\nUse `.codex/SNEAKOSCOPE.md`, generated `.agents/skills`, `.codex/hooks.json`, and SKS dollar commands (`$sks`, `$team`, `$computer-use`, `$cu`, `$ppt`, `$image-ux-review`, `$ux-review`, `$goal`, `$dfix`, `$qa-loop`, etc.) as the app control surface.\n";
 function agentsBlockText() {
     return AGENTS_BLOCK;
 }
@@ -1011,7 +1011,7 @@ function codexAppQuickReference(scope, commandPrefix) {
         stackCurrentDocsPolicyText(commandPrefix),
         `Team review: ${MIN_TEAM_REVIEW_POLICY_TEXT}`,
         `Team Zellij view: ${commandPrefix} team "task" prepares live watch/lane commands and reconciles managed Team panes inside the current SKS-owned Zellij session when available; add --no-open-zellij for artifact-only creation. Existing hook-created Team missions can be opened later with ${commandPrefix} team open-zellij latest. The view keeps the main Codex pane alive, adds an overview watch pane plus color-coded split per-agent lanes, and closes only SKS-managed Team panes as agent lanes finish or cleanup is requested; ${commandPrefix} team lane latest --agent native_agent_1 --follow shows one agent's status, assigned runtime tasks, recent agent events, direct messages, and fallback global tail; ${commandPrefix} team message latest --from native_agent_1 --to executor_1 --message "handoff note" mirrors bounded agent communication into transcript/lane panes; ${commandPrefix} team cleanup-zellij latest marks the SKS session record complete and asks managed panes/follow loops to close or show a cleanup summary.`,
-        `Runtime: open Codex App once, then run ${commandPrefix} bootstrap and ${commandPrefix} deps check. Zellij is the interactive lane runtime for ${commandPrefix} --mad and Team lane UI; ${commandPrefix} bootstrap --yes, ${commandPrefix} deps check --yes, and ${commandPrefix} --mad --yes can install or repair Codex CLI/Zellij on macOS/Homebrew. npm postinstall reports missing CLI tools but does not mutate Homebrew/npm globals unless SKS_POSTINSTALL_AUTO_INSTALL_CLI_TOOLS=1 is set. Before launch SKS prints non-blocking latest-version notices for sneakoscope and checks npm @openai/codex@latest, prompting Y/n only when the installed Codex CLI is missing or outdated. ${commandPrefix} doctor --fix runs the guarded global SKS update path before repair. ${commandPrefix} codex-app remote-control wraps the Codex CLI 0.130.0+ headless remote-control entrypoint. ${commandPrefix} team open-zellij latest is the explicit Team lane view command.`,
+        `Runtime: open Codex App once, then run ${commandPrefix} bootstrap and ${commandPrefix} deps check. Zellij is the interactive lane runtime for ${commandPrefix} --mad and Team lane UI; ${commandPrefix} bootstrap --yes, ${commandPrefix} deps check --yes, and ${commandPrefix} --mad --yes can install or repair Codex CLI/Zellij on macOS/Homebrew. npm postinstall reports missing CLI tools but does not mutate Homebrew/npm globals unless SKS_POSTINSTALL_AUTO_INSTALL_CLI_TOOLS=1 is set. Launch paths do not run sneakoscope npm update checks; use ${commandPrefix} update-check or ${commandPrefix} update now explicitly when you want that. Codex CLI latest checks remain dependency-readiness guidance and prompt Y/n only when the installed Codex CLI is missing or outdated. ${commandPrefix} doctor --fix repairs the local SKS/Codex setup without running a global SKS package update. ${commandPrefix} codex-app remote-control wraps the Codex CLI 0.130.0+ headless remote-control entrypoint. ${commandPrefix} team open-zellij latest is the explicit Team lane view command.`,
         `Guard: generated harness files are immutable outside the engine source repo; check ${commandPrefix} guard check; conflicts use ${commandPrefix} conflicts prompt with human approval.`
     ].join('\n') + '\n';
 }

package/dist/core/naruto/naruto-allocation-policy.js

@@ -0,0 +1,99 @@
+import { extractNarutoTaskHints, pathPrefix } from './naruto-task-hints.js';
+export function chooseNarutoTaskOwner(task, workers, currentAssignments = [], leaseState = {}) {
+    if (!workers.length)
+        throw new Error('at least one Naruto worker is required');
+    const hints = extractNarutoTaskHints(task);
+    const activeWritePaths = new Set((leaseState.active_write_paths || []).map(String));
+    const completedTaskIds = new Set((leaseState.completed_task_ids || []).map(String));
+    const writeConflict = hints.writePaths.some((file) => activeWritePaths.has(file));
+    const dependencyIncomplete = task.dependencies.some((dep) => !completedTaskIds.has(dep));
+    const ranked = workers.map((worker, index) => {
+        const assigned = currentAssignments.filter((row) => row.owner === worker.id);
+        const assignedHints = assigned.map((row) => ({
+            role: row.role || null,
+            paths: row.paths || [],
+            domains: row.domains || [],
+            writePaths: row.write_paths || []
+        }));
+        const primaryRole = worker.primary_role || worker.role || null;
+        const declaredRoles = new Set([worker.role, ...(worker.declared_roles || [])].filter(Boolean).map(String));
+        const primaryRoleMatches = Boolean(hints.role && primaryRole === hints.role);
+        const declaredRoleMatches = Boolean(hints.role && declaredRoles.has(hints.role));
+        const assignmentRoleMatches = Boolean(hints.role && assigned.some((row) => row.role === hints.role));
+        const sameLane = samePathLane(hints.paths, assignedHints.flatMap((row) => row.paths));
+        const overlap = overlapCount(hints.paths, assignedHints.flatMap((row) => row.paths))
+            + overlapCount(hints.domains, assignedHints.flatMap((row) => row.domains));
+        const laneMatches = Boolean(worker.lane && hints.paths.some((file) => pathLaneMatches(file, String(worker.lane))));
+        const score = dependencyIncomplete
+            ? Number.NEGATIVE_INFINITY
+            : (primaryRoleMatches ? 18 : 0)
+                + (declaredRoleMatches ? 12 : 0)
+                + (sameLane || laneMatches ? 12 : 0)
+                + (overlap * 4)
+                - (assigned.length * 4)
+                - (writeConflict ? 20 : 0);
+        return { worker, index, assigned, score, overlap, primaryRoleMatches, declaredRoleMatches, assignmentRoleMatches, sameLane: sameLane || laneMatches, writeConflict, dependencyIncomplete };
+    }).sort((left, right) => {
+        if (right.score !== left.score)
+            return right.score - left.score;
+        if (right.overlap !== left.overlap)
+            return right.overlap - left.overlap;
+        if (left.assigned.length !== right.assigned.length)
+            return left.assigned.length - right.assigned.length;
+        return left.index - right.index;
+    });
+    const selected = ranked[0];
+    const reasons = [
+        selected.primaryRoleMatches ? 'same primary role' : null,
+        selected.declaredRoleMatches ? 'same declared role' : null,
+        selected.assignmentRoleMatches ? 'same assigned role history' : null,
+        selected.sameLane ? 'same path/domain lane' : null,
+        selected.overlap ? `overlap:${selected.overlap}` : null,
+        selected.writeConflict ? 'write lease conflict penalty applied' : null,
+        selected.dependencyIncomplete ? 'dependency incomplete' : null,
+        `load:${selected.assigned.length}`
+    ].filter(Boolean);
+    return {
+        owner: selected.worker.id,
+        score: selected.score,
+        reason: reasons.join('; '),
+        hints
+    };
+}
+export function allocateNarutoTasksToWorkers(tasks, workers) {
+    const assignments = [];
+    for (const task of tasks) {
+        const decision = chooseNarutoTaskOwner(task, workers, assignments.map((row) => ({
+            task_id: row.id,
+            owner: row.owner,
+            role: row.required_role,
+            paths: row.hints.paths,
+            domains: row.hints.domains,
+            write_paths: row.hints.writePaths
+        })), {
+            active_write_paths: assignments.flatMap((row) => row.hints.writePaths)
+        });
+        assignments.push({
+            ...task,
+            owner: decision.owner,
+            allocation_reason: decision.reason,
+            allocation_score: decision.score,
+            hints: decision.hints
+        });
+    }
+    return assignments;
+}
+function samePathLane(left, right) {
+    const prefixes = new Set(right.map(pathPrefix).filter(Boolean));
+    return left.some((file) => prefixes.has(pathPrefix(file)));
+}
+function pathLaneMatches(file, lane) {
+    const normalizedLane = lane.replace(/^\.\/+/, '').replace(/\/+$/, '');
+    const normalizedFile = file.replace(/^\.\/+/, '');
+    return pathPrefix(normalizedFile) === normalizedLane || normalizedFile === normalizedLane || normalizedFile.startsWith(`${normalizedLane}/`);
+}
+function overlapCount(left, right) {
+    const rightSet = new Set(right);
+    return left.filter((item) => rightSet.has(item)).length;
+}
+//# sourceMappingURL=naruto-allocation-policy.js.map