npm - sneakoscope - Versions diffs - 2.0.2 → 2.0.5 - Mend

sneakoscope 2.0.2 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/README.md +12 -8
package/crates/sks-core/Cargo.lock +1 -1
package/crates/sks-core/Cargo.toml +1 -1
package/crates/sks-core/src/main.rs +1 -1
package/dist/.sks-build-stamp.json +4 -4
package/dist/bin/sks.js +1 -1
package/dist/build-manifest.json +86 -8
package/dist/commands/doctor.js +14 -0
package/dist/core/agents/agent-orchestrator.js +70 -4
package/dist/core/agents/agent-patch-proof.js +5 -0
package/dist/core/agents/agent-proof-evidence.js +61 -0
package/dist/core/agents/agent-roster.js +35 -6
package/dist/core/agents/agent-schema.js +1 -1
package/dist/core/agents/native-worker-backend-router.js +31 -9
package/dist/core/agents/ollama-worker-config.js +164 -15
package/dist/core/codex/codex-0-137-compat.js +119 -0
package/dist/core/codex-control/codex-control-proof.js +4 -1
package/dist/core/codex-control/codex-fake-sdk-adapter.js +20 -0
package/dist/core/codex-control/codex-output-schemas.js +5 -1
package/dist/core/codex-control/codex-sdk-capability.js +1 -1
package/dist/core/codex-control/codex-task-runner.js +329 -5
package/dist/core/codex-control/gpt-final-arbiter.js +160 -0
package/dist/core/codex-control/gpt-final-context-compressor.js +17 -0
package/dist/core/codex-control/gpt-final-proof-pack.js +120 -0
package/dist/core/codex-control/gpt-final-review-schema.js +71 -0
package/dist/core/codex-control/python-codex-sdk-adapter.js +197 -0
package/dist/core/codex-control/python-codex-sdk-event-translator.js +14 -0
package/dist/core/commands/local-model-command.js +79 -18
package/dist/core/commands/naruto-command.js +195 -12
package/dist/core/commands/run-command.js +6 -2
package/dist/core/doctor/doctor-readiness-matrix.js +34 -0
package/dist/core/feature-fixtures.js +4 -0
package/dist/core/fsx.js +1 -1
package/dist/core/git-simple.js +143 -4
package/dist/core/local-llm/local-collaboration-policy.js +93 -0
package/dist/core/local-llm/local-llm-backpressure.js +20 -0
package/dist/core/local-llm/local-llm-capability.js +29 -0
package/dist/core/local-llm/local-llm-client.js +100 -0
package/dist/core/local-llm/local-llm-config.js +20 -0
package/dist/core/local-llm/local-llm-context-cache.js +21 -0
package/dist/core/local-llm/local-llm-control-adapter.js +101 -0
package/dist/core/local-llm/local-llm-json-repair.js +52 -0
package/dist/core/local-llm/local-llm-metrics.js +42 -0
package/dist/core/local-llm/local-llm-ollama-client.js +67 -0
package/dist/core/local-llm/local-llm-openai-compatible-client.js +30 -0
package/dist/core/local-llm/local-llm-prompt-cache.js +12 -0
package/dist/core/local-llm/local-llm-scheduler.js +29 -0
package/dist/core/local-llm/local-llm-schema-enforcer.js +15 -0
package/dist/core/local-llm/local-llm-smoke.js +83 -0
package/dist/core/local-llm/local-llm-warmup.js +20 -0
package/dist/core/local-llm/local-worker-eligibility.js +27 -0
package/dist/core/naruto/hardware-capacity-probe.js +36 -0
package/dist/core/naruto/naruto-active-pool.js +118 -0
package/dist/core/naruto/naruto-backpressure.js +13 -0
package/dist/core/naruto/naruto-concurrency-governor.js +65 -0
package/dist/core/naruto/naruto-finalizer.js +18 -0
package/dist/core/naruto/naruto-generation-scheduler.js +18 -0
package/dist/core/naruto/naruto-gpt-final-pack.js +49 -0
package/dist/core/naruto/naruto-parallel-patch-apply.js +95 -0
package/dist/core/naruto/naruto-patch-transaction-batch.js +42 -0
package/dist/core/naruto/naruto-role-policy.js +107 -0
package/dist/core/naruto/naruto-verification-dag.js +42 -0
package/dist/core/naruto/naruto-verification-pool.js +18 -0
package/dist/core/naruto/naruto-work-graph.js +198 -0
package/dist/core/naruto/naruto-work-item.js +40 -0
package/dist/core/naruto/naruto-work-stealing.js +11 -0
package/dist/core/naruto/resource-pressure-monitor.js +32 -0
package/dist/core/pipeline/final-gpt-patch-stage.js +31 -0
package/dist/core/pipeline/final-gpt-review-stage.js +5 -0
package/dist/core/pipeline/finalize-pipeline-result.js +58 -0
package/dist/core/pipeline/gpt-final-required.js +12 -0
package/dist/core/prompt/prompt-placeholder-guard.js +30 -0
package/dist/core/router/capability-card.js +13 -0
package/dist/core/router/route-cache.js +3 -0
package/dist/core/router/ultra-router.js +2 -1
package/dist/core/routes.js +4 -4
package/dist/core/safety/mutation-guard.js +2 -0
package/dist/core/update-check.js +60 -25
package/dist/core/version.js +1 -1
package/dist/core/zellij/zellij-lane-runtime.js +2 -2
package/dist/core/zellij/zellij-naruto-dashboard.js +36 -0
package/dist/core/zellij/zellij-worker-pane-manager.js +4 -4
package/dist/scripts/blackbox-command-import-smoke.js +10 -1
package/dist/scripts/check-package-boundary.js +12 -3
package/dist/scripts/codex-0-137-compat-check.js +27 -0
package/dist/scripts/codex-environment-scoped-approvals-check.js +10 -0
package/dist/scripts/codex-plugin-list-json-check.js +8 -0
package/dist/scripts/codex-sdk-team-naruto-agent-pipeline-check.js +2 -1
package/dist/scripts/codex-thread-runtime-choice-check.js +10 -0
package/dist/scripts/gpt-final-arbiter-check.js +63 -0
package/dist/scripts/gpt-final-arbiter-performance-check.js +36 -0
package/dist/scripts/local-collab-all-pipelines-final-gpt-check.js +21 -0
package/dist/scripts/local-collab-gpt-final-availability-check.js +58 -0
package/dist/scripts/local-collab-no-local-only-final-check.js +27 -0
package/dist/scripts/local-collab-policy-check.js +17 -0
package/dist/scripts/local-llm-all-pipelines-check.js +11 -0
package/dist/scripts/local-llm-cache-performance-check.js +10 -0
package/dist/scripts/local-llm-capability-check.js +14 -0
package/dist/scripts/local-llm-smoke-check.js +23 -0
package/dist/scripts/local-llm-structured-output-check.js +11 -0
package/dist/scripts/local-llm-throughput-check.js +10 -0
package/dist/scripts/local-llm-tool-call-repair-check.js +10 -0
package/dist/scripts/local-llm-warmup-check.js +11 -0
package/dist/scripts/naruto-active-pool-check.js +27 -0
package/dist/scripts/naruto-concurrency-governor-check.js +52 -0
package/dist/scripts/naruto-gpt-final-pack-check.js +34 -0
package/dist/scripts/naruto-parallel-patch-apply-check.js +41 -0
package/dist/scripts/naruto-real-local-gpt-final-smoke.js +16 -0
package/dist/scripts/naruto-role-distribution-check.js +23 -0
package/dist/scripts/naruto-shadow-clone-swarm-check.js +6 -0
package/dist/scripts/naruto-verification-pool-check.js +36 -0
package/dist/scripts/naruto-work-graph-check.js +24 -0
package/dist/scripts/naruto-zellij-massive-ui-check.js +23 -0
package/dist/scripts/prompt-placeholder-guard-check.js +33 -0
package/dist/scripts/python-codex-sdk-all-pipelines-check.js +47 -0
package/dist/scripts/python-codex-sdk-capability-check.js +75 -0
package/dist/scripts/python-codex-sdk-sandbox-policy-check.js +10 -0
package/dist/scripts/python-codex-sdk-stream-bridge-check.js +12 -0
package/dist/scripts/release-parallel-check.js +1 -1
package/dist/scripts/release-real-check.js +5 -0
package/dist/scripts/zellij-worker-pane-manager-check.js +1 -1
package/package.json +38 -4
package/schemas/local-llm/local-collaboration-policy.schema.json +57 -0
package/schemas/local-llm/local-model-config.schema.json +74 -0
package/schemas/naruto/naruto-concurrency-governor.schema.json +21 -0
package/schemas/naruto/naruto-work-graph.schema.json +22 -0

package/dist/core/codex-control/codex-task-runner.js CHANGED Viewed

@@ -1,5 +1,6 @@
+import fs from 'node:fs';
 import path from 'node:path';
-import { appendJsonl, ensureDir, nowIso, writeJsonAtomic } from '../fsx.js';
+import { appendJsonl, ensureDir, nowIso, packageRoot, writeJsonAtomic, writeTextAtomic } from '../fsx.js';
 import { validateJsonSchemaRecursive } from '../json-schema-validator.js';
 import { resolveCodexOutputSchema } from './codex-output-schemas.js';
 import { detectCodexSdkCapability } from './codex-sdk-capability.js';
@@ -12,6 +13,9 @@ import { recordCodexThread } from './codex-thread-registry.js';
 import { runWithCodexReliabilityShield } from './codex-reliability-shield.js';
 import { routeCodexTask } from '../router/ultra-router.js';
 import { writeUltraRouterProof } from '../router/router-proof.js';
+import { readLocalModelConfig } from '../agents/ollama-worker-config.js';
+import { runLocalLlmTask } from '../local-llm/local-llm-control-adapter.js';
+import { detectPythonCodexSdkCapability, runPythonCodexSdkTask } from './python-codex-sdk-adapter.js';
 export async function runCodexTask(input) {
     const root = path.resolve(input.mutationLedgerRoot);
     await ensureDir(root);
@@ -19,13 +23,22 @@ export async function runCodexTask(input) {
     const routerDecision = routeCodexTask(input);
     const task = { ...input, tier: input.tier || routerDecision.tier, outputSchema: schema };
     await writeUltraRouterProof(root, { task, decision: routerDecision });
+    const selectedBackend = selectCodexControlBackend(task, routerDecision);
+    if (selectedBackend === 'local-llm')
+        return runLocalControlTask(root, task, schema, routerDecision);
+    if (selectedBackend === 'python-codex-sdk')
+        return runPythonControlTask(root, task, schema, routerDecision);
     const capability = await detectCodexSdkCapability();
     const sandbox = mapCodexSdkSandboxPolicy(task);
     const runtime = codexSdkRuntimePolicies(task);
+    const bundledCodex = resolveBundledCodexBinary();
+    if (bundledCodex && !runtime.env.env.SKS_PYTHON_CODEX_SDK_CODEX_BIN)
+        runtime.env.env.SKS_PYTHON_CODEX_SDK_CODEX_BIN = bundledCodex;
     if (runtime.env.env.HOME)
         await ensureDir(runtime.env.env.HOME);
     if (runtime.env.env.CODEX_HOME)
         await ensureDir(runtime.env.env.CODEX_HOME);
+    await ensurePythonCodexLbConfig(runtime.env.env, runtime.config);
     const fakeAllowed = fakeCodexSdkAllowed();
     const blockers = [
         ...(capability.ok || fakeAllowed ? [] : capability.blockers),
@@ -84,6 +97,7 @@ export async function runCodexTask(input) {
     const result = {
         ok: finalBlockers.length === 0,
         backend: 'codex-sdk',
+        backend_family: fakeAllowed ? 'fake' : 'remote-gpt',
         sdkThreadId: String(adapterResult?.sdkThreadId || ''),
         sdkRunId: adapterResult?.sdkRunId ? String(adapterResult.sdkRunId) : null,
         streamEventCount: events.length,
@@ -99,6 +113,8 @@ export async function runCodexTask(input) {
         translatedEventCount: translatedEvents.length
     };
     await recordCodexThread(root, {
+        backend: result.backend,
+        backend_family: result.backend_family,
         route: task.route,
         mission_id: task.missionId,
         work_item_id: task.workItemId || null,
@@ -126,7 +142,213 @@ export async function runCodexTask(input) {
     });
     return result;
 }
-function normalizeWorkerResult(value, input, blockers, structuredOutputValid) {
+async function runPythonControlTask(root, task, schema, routerDecision) {
+    const capability = await detectPythonCodexSdkCapability();
+    const runtime = codexSdkRuntimePolicies(task);
+    if (runtime.env.env.HOME)
+        await ensureDir(runtime.env.env.HOME);
+    if (runtime.env.env.CODEX_HOME)
+        await ensureDir(runtime.env.env.CODEX_HOME);
+    const fakeAllowed = process.env.SKS_PYTHON_CODEX_SDK_FAKE === '1';
+    const adapterResult = capability.ok || fakeAllowed
+        ? await runPythonCodexSdkTask(task, { env: runtime.env.env, config: runtime.config })
+        : { ok: false, events: [], translatedEvents: [], finalResponse: '', threadId: '', turnId: '', blockers: capability.blockers, capability };
+    const events = Array.isArray(adapterResult.events) ? adapterResult.events : [];
+    const translatedEvents = Array.isArray(adapterResult.translatedEvents) ? adapterResult.translatedEvents : [];
+    for (const event of translatedEvents)
+        await appendJsonl(path.join(root, 'python-codex-sdk-events.jsonl'), event);
+    const structuredOutput = parseStructuredOutput(adapterResult.finalResponse || '');
+    const validation = structuredOutput ? validateJsonSchemaRecursive(structuredOutput, schema) : { ok: false, issues: ['structured_output_missing'] };
+    const finalBlockers = [
+        ...(adapterResult.blockers || []),
+        ...(events.length > 0 ? [] : ['python_codex_sdk_event_stream_missing']),
+        ...(validation.ok ? [] : ['python_codex_sdk_structured_output_invalid', ...validation.issues.map((issue) => `schema:${issue}`)])
+    ];
+    const workerResult = normalizeWorkerResult(structuredOutput, task, finalBlockers, validation.ok, 'python-codex-sdk');
+    const workerResultPath = path.join(root, 'python-codex-sdk-worker-result.json');
+    await writeJsonAtomic(workerResultPath, workerResult);
+    const patchEnvelopePath = Array.isArray(workerResult.patch_envelopes) && workerResult.patch_envelopes.length
+        ? path.join(root, 'python-codex-sdk-patch-envelope.json')
+        : null;
+    if (patchEnvelopePath) {
+        await writeJsonAtomic(patchEnvelopePath, {
+            schema: 'sks.python-codex-sdk-patch-envelope.v1',
+            generated_at: nowIso(),
+            ok: true,
+            envelope_count: workerResult.patch_envelopes.length,
+            envelopes: workerResult.patch_envelopes
+        });
+    }
+    const pythonSdkProofPath = path.join(root, 'python-codex-sdk-proof.json');
+    await writeJsonAtomic(pythonSdkProofPath, {
+        schema: 'sks.python-codex-sdk-proof.v1',
+        generated_at: nowIso(),
+        ok: finalBlockers.length === 0,
+        backend: 'python-codex-sdk',
+        backend_family: fakeAllowed ? 'fake' : 'python-sdk',
+        package_name: capability.package_name,
+        import_name: capability.import_name,
+        python_bin: capability.python_bin,
+        python_version: capability.python_version,
+        sandbox: task.sandboxPolicy,
+        thread_id: adapterResult.threadId || '',
+        turn_id: adapterResult.turnId || '',
+        stream_event_count: events.length,
+        structured_output_valid: validation.ok,
+        worker_result_path: workerResultPath,
+        blockers: finalBlockers
+    });
+    const result = {
+        ok: finalBlockers.length === 0,
+        backend: 'python-codex-sdk',
+        backend_family: fakeAllowed ? 'fake' : 'python-sdk',
+        sdkThreadId: String(adapterResult.threadId || ''),
+        sdkRunId: adapterResult.turnId ? String(adapterResult.turnId) : null,
+        streamEventCount: events.length,
+        structuredOutputValid: validation.ok,
+        workerResultPath,
+        patchEnvelopePath,
+        pythonSdkProofPath,
+        blockers: finalBlockers,
+        reliabilityShield: {},
+        ultraRouterDecision: routerDecision,
+        outputSchemaId: task.outputSchemaId,
+        finalResponse: adapterResult.finalResponse || '',
+        eventTypes: events.map((event) => String(event?.event || event?.type || 'unknown')),
+        translatedEventCount: translatedEvents.length
+    };
+    await recordCodexThread(root, {
+        backend: result.backend,
+        backend_family: result.backend_family,
+        route: task.route,
+        mission_id: task.missionId,
+        work_item_id: task.workItemId || null,
+        slot_id: task.slotId || null,
+        generation_index: task.generationIndex ?? null,
+        session_id: task.sessionId || null,
+        zellij_pane_id: task.zellijPaneId || null,
+        sdk_thread_id: result.sdkThreadId,
+        sdk_run_id: result.sdkRunId,
+        stream_event_count: result.streamEventCount,
+        output_schema_id: task.outputSchemaId,
+        structured_output_valid: result.structuredOutputValid,
+        worker_result_path: result.workerResultPath
+    });
+    await writeCodexControlProof(root, {
+        task,
+        result,
+        capability: capability,
+        sandbox: { ok: true, sandbox_policy: task.sandboxPolicy, python_sandbox: mapPythonSandbox(task.sandboxPolicy), blockers: [] },
+        envProof: { ...runtime.env.proof, python_bin: capability.python_bin, python_version: capability.python_version },
+        config: { ...runtime.config, backend: 'python-codex-sdk', package_name: capability.package_name, import_name: capability.import_name },
+        reliabilityShield: null,
+        routerDecision: routerDecision,
+        translatedEvents
+    });
+    return result;
+}
+async function runLocalControlTask(root, task, schema, routerDecision) {
+    const config = await readLocalModelConfig();
+    const adapterResult = await runLocalLlmTask(task, { config, outputSchema: schema });
+    for (const event of adapterResult.events || [])
+        await appendJsonl(path.join(root, 'local-llm-events.jsonl'), event);
+    const structuredOutput = adapterResult.structuredOutput;
+    const validation = structuredOutput ? validateJsonSchemaRecursive(structuredOutput, schema) : { ok: false, issues: ['structured_output_missing'] };
+    const finalBlockers = [
+        ...(adapterResult.blockers || []),
+        ...(Array.isArray(adapterResult.events) && adapterResult.events.length > 0 ? [] : ['local_llm_event_stream_missing']),
+        ...(validation.ok ? [] : ['local_llm_structured_output_invalid', ...validation.issues.map((issue) => `schema:${issue}`)])
+    ];
+    const workerResult = normalizeWorkerResult(structuredOutput, task, finalBlockers, validation.ok, 'local-llm');
+    const workerResultPath = path.join(root, 'local-llm-worker-result.json');
+    await writeJsonAtomic(workerResultPath, workerResult);
+    const patchEnvelopePath = Array.isArray(workerResult.patch_envelopes) && workerResult.patch_envelopes.length
+        ? path.join(root, 'local-llm-patch-envelope.json')
+        : null;
+    if (patchEnvelopePath) {
+        await writeJsonAtomic(patchEnvelopePath, {
+            schema: 'sks.local-llm-patch-envelope.v1',
+            generated_at: nowIso(),
+            ok: true,
+            envelope_count: workerResult.patch_envelopes.length,
+            envelopes: workerResult.patch_envelopes,
+            requires_gpt_final: true
+        });
+    }
+    const localLlmProofPath = path.join(root, 'local-llm-proof.json');
+    await writeJsonAtomic(localLlmProofPath, adapterResult.proof);
+    const result = {
+        ok: finalBlockers.length === 0,
+        backend: 'local-llm',
+        backend_family: 'local-llm',
+        sdkThreadId: '',
+        sdkRunId: null,
+        streamEventCount: adapterResult.events?.length || 0,
+        structuredOutputValid: validation.ok,
+        workerResultPath,
+        patchEnvelopePath,
+        localLlmProofPath,
+        blockers: finalBlockers,
+        reliabilityShield: {},
+        ultraRouterDecision: routerDecision,
+        outputSchemaId: task.outputSchemaId,
+        finalResponse: adapterResult.finalResponse || '',
+        eventTypes: (adapterResult.events || []).map((event) => String(event?.type || 'unknown')),
+        translatedEventCount: adapterResult.events?.length || 0,
+        localLlmRequestId: adapterResult.requestId
+    };
+    await recordCodexThread(root, {
+        backend: result.backend,
+        backend_family: result.backend_family,
+        route: task.route,
+        mission_id: task.missionId,
+        work_item_id: task.workItemId || null,
+        slot_id: task.slotId || null,
+        generation_index: task.generationIndex ?? null,
+        session_id: task.sessionId || null,
+        zellij_pane_id: task.zellijPaneId || null,
+        sdk_thread_id: null,
+        sdk_run_id: null,
+        local_llm_request_id: adapterResult.requestId,
+        stream_event_count: result.streamEventCount,
+        output_schema_id: task.outputSchemaId,
+        structured_output_valid: result.structuredOutputValid,
+        worker_result_path: result.workerResultPath
+    });
+    await writeCodexControlProof(root, {
+        task,
+        result,
+        capability: config.capability,
+        sandbox: { ok: task.sandboxPolicy !== 'full-access', sandbox_policy: task.sandboxPolicy, blockers: task.sandboxPolicy === 'full-access' ? ['local_llm_full_access_blocked'] : [] },
+        envProof: { provider: config.provider, endpoint: config.base_url },
+        config: { provider: config.provider, model: config.model, endpoint: config.base_url, status: config.status },
+        reliabilityShield: null,
+        routerDecision: routerDecision,
+        translatedEvents: adapterResult.events || []
+    });
+    return result;
+}
+function selectCodexControlBackend(input, routerDecision) {
+    const prefs = Array.isArray(input.backendPreference) ? input.backendPreference : [];
+    for (const pref of prefs) {
+        if (pref === 'python-codex-sdk')
+            return 'python-codex-sdk';
+        if (pref === 'codex-sdk')
+            return 'codex-sdk';
+        if (pref === 'local-llm' && input.tier === 'worker')
+            return 'local-llm';
+    }
+    if (input.localLlmPolicy?.mode === 'disabled')
+        return 'codex-sdk';
+    if (input.allowLocalLlm === true && input.tier === 'worker' && routerDecision?.selected_profile === 'local-llm-worker')
+        return 'local-llm';
+    if (input.allowLocalLlm === true && input.tier === 'worker' && input.localLlmPolicy?.mode === 'local_only')
+        return 'local-llm';
+    if (input.allowLocalLlm === true && input.tier === 'worker' && input.localLlmPolicy?.mode === 'local_preferred')
+        return 'local-llm';
+    return 'codex-sdk';
+}
+function normalizeWorkerResult(value, input, blockers, structuredOutputValid, backend = 'codex-sdk') {
     const status = blockers.length ? 'blocked' : normalizeStatus(value?.status);
     return {
         ...value,
@@ -135,9 +357,9 @@ function normalizeWorkerResult(value, input, blockers, structuredOutputValid) {
         session_id: String(value?.session_id || input.sessionId || input.workItemId || 'codex-sdk-session'),
         persona_id: String(value?.persona_id || value?.agent_id || input.slotId || 'codex-sdk-worker'),
         task_slice_id: String(value?.task_slice_id || input.workItemId || ''),
-        backend: 'codex-sdk',
+        backend,
         status,
-        summary: String(value?.summary || (blockers.length ? 'Codex SDK task blocked.' : 'Codex SDK task completed.')),
+        summary: String(value?.summary || (blockers.length ? `${backend} task blocked.` : `${backend} task completed.`)),
         findings: Array.isArray(value?.findings) ? value.findings : [],
         proposed_changes: Array.isArray(value?.proposed_changes) ? value.proposed_changes : [],
         changed_files: Array.isArray(value?.changed_files) ? value.changed_files : [],
@@ -145,7 +367,7 @@ function normalizeWorkerResult(value, input, blockers, structuredOutputValid) {
         artifacts: Array.isArray(value?.artifacts) ? value.artifacts : [],
         blockers,
         confidence: String(value?.confidence || (structuredOutputValid ? 'verified_partial' : 'blocked')),
-        handoff_notes: String(value?.handoff_notes || 'Codex SDK Control Plane produced this worker result.'),
+        handoff_notes: String(value?.handoff_notes || `${backend} Control Plane produced this worker result.`),
         unverified: Array.isArray(value?.unverified) ? value.unverified : [],
         writes: Array.isArray(value?.writes) ? value.writes : [],
         patch_envelopes: Array.isArray(value?.patch_envelopes) ? value.patch_envelopes : [],
@@ -157,4 +379,106 @@ function normalizeWorkerResult(value, input, blockers, structuredOutputValid) {
 function normalizeStatus(value) {
     return value === 'failed' || value === 'blocked' || value === 'done' ? value : 'done';
 }
+function mapPythonSandbox(value) {
+    if (value === 'workspace-write')
+        return 'workspace_write';
+    if (value === 'full-access')
+        return 'full_access';
+    return 'read_only';
+}
+function parseStructuredOutput(text) {
+    const trimmed = String(text || '').trim();
+    if (!trimmed)
+        return null;
+    try {
+        return JSON.parse(trimmed);
+    }
+    catch {
+        const start = trimmed.indexOf('{');
+        const end = trimmed.lastIndexOf('}');
+        if (start >= 0 && end > start) {
+            try {
+                return JSON.parse(trimmed.slice(start, end + 1));
+            }
+            catch { }
+        }
+        return null;
+    }
+}
+async function ensurePythonCodexLbConfig(env, config) {
+    const codexHome = env.CODEX_HOME;
+    const lbBaseUrl = normalizeCodexLbBaseUrl(env.CODEX_LB_BASE_URL);
+    if (!codexHome || !lbBaseUrl || !env.CODEX_LB_API_KEY)
+        return;
+    const model = String(config.model || env.SKS_CODEX_MODEL || env.CODEX_MODEL || 'gpt-5.5');
+    const text = [
+        `model = ${tomlQuote(model)}`,
+        'model_provider = "codex-lb"',
+        'service_tier = "fast"',
+        'model_reasoning_effort = "minimal"',
+        'approval_policy = "never"',
+        '',
+        '[model_providers.codex-lb]',
+        'name = "OpenAI"',
+        `base_url = ${tomlQuote(lbBaseUrl)}`,
+        'wire_api = "responses"',
+        'env_key = "CODEX_LB_API_KEY"',
+        'supports_websockets = true',
+        'requires_openai_auth = false',
+        ''
+    ].join('\n');
+    await writeTextAtomic(path.join(codexHome, 'config.toml'), text);
+}
+function normalizeCodexLbBaseUrl(value) {
+    let host = String(value || '').trim();
+    if (!host)
+        return '';
+    if (!/^[a-z][a-z0-9+.-]*:\/\//i.test(host))
+        host = `https://${host}`;
+    host = host.replace(/\/+$/, '');
+    return /\/backend-api\/codex$/i.test(host) ? host : `${host}/backend-api/codex`;
+}
+function tomlQuote(value) {
+    return JSON.stringify(value);
+}
+function resolveBundledCodexBinary() {
+    const platform = process.platform;
+    const arch = process.arch;
+    const pkg = platform === 'darwin' && arch === 'arm64'
+        ? '@openai/codex-darwin-arm64'
+        : platform === 'darwin' && arch === 'x64'
+            ? '@openai/codex-darwin-x64'
+            : platform === 'linux' && arch === 'arm64'
+                ? '@openai/codex-linux-arm64'
+                : platform === 'linux' && arch === 'x64'
+                    ? '@openai/codex-linux-x64'
+                    : platform === 'win32' && arch === 'x64'
+                        ? '@openai/codex-win32-x64'
+                        : platform === 'win32' && arch === 'arm64'
+                            ? '@openai/codex-win32-arm64'
+                            : '';
+    if (!pkg)
+        return '';
+    const binary = platform === 'win32' ? 'codex.exe' : 'codex';
+    const candidates = [
+        path.join(packageRoot(), 'node_modules', pkg, 'vendor', nativeTargetTriple(platform, arch), 'bin', binary),
+        path.join(packageRoot(), 'node_modules', pkg, 'vendor', nativeTargetTriple(platform, arch), 'codex', binary)
+    ];
+    return candidates.find((candidate) => fs.existsSync(candidate)) || '';
+}
+function nativeTargetTriple(platform, arch) {
+    if (platform === 'darwin' && arch === 'arm64')
+        return 'aarch64-apple-darwin';
+    if (platform === 'darwin' && arch === 'x64')
+        return 'x86_64-apple-darwin';
+    if (platform === 'linux' && arch === 'arm64')
+        return 'aarch64-unknown-linux-musl';
+    if (platform === 'linux' && arch === 'x64')
+        return 'x86_64-unknown-linux-musl';
+    if (platform === 'win32' && arch === 'arm64')
+        return 'aarch64-pc-windows-msvc';
+    if (platform === 'win32' && arch === 'x64')
+        return 'x86_64-pc-windows-msvc';
+    return '';
+}
 //# sourceMappingURL=codex-task-runner.js.map

package/dist/core/codex-control/gpt-final-arbiter.js ADDED Viewed

@@ -0,0 +1,160 @@
+import path from 'node:path';
+import { nowIso, readJson, writeJsonAtomic } from '../fsx.js';
+import { validateJsonSchemaRecursive } from '../json-schema-validator.js';
+import { evaluateLocalCollaborationFinalGate, resolveLocalCollaborationPolicy } from '../local-llm/local-collaboration-policy.js';
+import { runCodexTask } from './codex-control-plane.js';
+import { GPT_FINAL_ARBITER_INPUT_SCHEMA, GPT_FINAL_ARBITER_RESULT_SCHEMA_ID, gptFinalArbiterResultSchema, normalizeGptFinalArbiterResult } from './gpt-final-review-schema.js';
+import { compressGptFinalContext } from './gpt-final-context-compressor.js';
+export const GPT_FINAL_ARBITER_RUN_SCHEMA = 'sks.gpt-final-arbiter-run.v1';
+export async function runGptFinalArbiter(input, opts = {}) {
+    const started = Date.now();
+    const cwd = path.resolve(opts.cwd || process.cwd());
+    const root = path.resolve(opts.mutationLedgerRoot || path.join(cwd, '.sneakoscope', 'tmp', 'gpt-final-arbiter', safeName(input.mission_id || 'mission')));
+    const policy = resolveLocalCollaborationPolicy({ mode: input.local_mode });
+    const compressed = compressGptFinalContext(input);
+    if (policy.local_only_draft) {
+        return finalize(root, input, policy, compressed, blockedResult('needs_gpt_final_review', 'Local-only draft mode cannot produce final accepted proof.'), started, opts);
+    }
+    if (opts.forceUnavailable || process.env.SKS_GPT_FINAL_ARBITER_UNAVAILABLE === '1') {
+        return finalize(root, input, policy, compressed, blockedResult('gpt_final_arbiter_unavailable', 'GPT final arbiter backend is unavailable.'), started, opts);
+    }
+    let codexTask = null;
+    let parsed = null;
+    try {
+        codexTask = await runCodexTask({
+            route: String(input.route || '$Pipeline'),
+            tier: 'orchestrator',
+            missionId: String(input.mission_id || ''),
+            workItemId: 'gpt-final-arbiter',
+            slotId: 'gpt-final-arbiter',
+            generationIndex: 1,
+            sessionId: `gpt-final-${safeName(input.mission_id || 'mission')}`,
+            cwd,
+            prompt: buildArbiterPrompt(input, compressed),
+            inputFiles: [],
+            inputImages: [],
+            outputSchemaId: GPT_FINAL_ARBITER_RESULT_SCHEMA_ID,
+            outputSchema: gptFinalArbiterResultSchema,
+            sandboxPolicy: 'read-only',
+            requestedScopeContract: {
+                id: `gpt-final:${input.mission_id || 'mission'}`,
+                route: String(input.route || '$Pipeline'),
+                read_only: true,
+                allowed_paths: [],
+                write_paths: [],
+                user_confirmed_full_access: false,
+                mad_sks_authorized: process.env.SKS_MAD_SKS_ACTIVE === '1'
+            },
+            mutationLedgerRoot: root,
+            reliabilityPolicy: {
+                maxEmptyResultRetries: 1,
+                timeoutClass: 'standard'
+            }
+        });
+        parsed = parseFinalResponse(codexTask.finalResponse);
+    }
+    catch (error) {
+        return finalize(root, input, policy, compressed, blockedResult('gpt_final_arbiter_unavailable', error instanceof Error ? error.message : String(error)), started, opts);
+    }
+    const normalized = normalizeGptFinalArbiterResult(parsed);
+    const validation = validateJsonSchemaRecursive(normalized, gptFinalArbiterResultSchema);
+    const taskBlockers = Array.isArray(codexTask?.blockers) ? codexTask.blockers.map(String) : [];
+    const result = {
+        ...normalized,
+        blockers: [
+            ...normalized.blockers,
+            ...(codexTask?.ok === true ? [] : ['gpt_final_arbiter_unavailable']),
+            ...taskBlockers,
+            ...(validation.ok ? [] : ['gpt_final_result_schema_invalid', ...validation.issues.map((issue) => `schema:${issue}`)])
+        ]
+    };
+    return finalize(root, input, policy, compressed, result, started, opts, codexTask);
+}
+function finalize(root, input, policy, compressed, result, started, opts, codexTask) {
+    const latencyMs = Math.max(0, Date.now() - started);
+    const gate = evaluateLocalCollaborationFinalGate({
+        policy,
+        localParticipated: true,
+        gptFinalStatus: result.status,
+        gptFinalAvailable: !result.blockers.includes('gpt_final_arbiter_unavailable'),
+        gptFinalBackend: codexTask ? 'codex-sdk' : null,
+        applyPatches: false
+    });
+    const artifact = {
+        schema: GPT_FINAL_ARBITER_RUN_SCHEMA,
+        generated_at: nowIso(),
+        ok: gate.ok && result.blockers.length === 0,
+        input_schema: input.schema || GPT_FINAL_ARBITER_INPUT_SCHEMA,
+        route: input.route,
+        mission_id: input.mission_id,
+        local_mode: policy.mode,
+        backend: codexTask ? 'codex-sdk' : 'unavailable',
+        backend_family: codexTask ? 'remote-gpt' : 'none',
+        local_outputs_count: Array.isArray(input.local_outputs) ? input.local_outputs.length : 0,
+        proof_pack: compressed.proof_pack,
+        latency_budget: {
+            ...compressed.latency_budget,
+            latency_ms: latencyMs
+        },
+        result,
+        final_gate: gate,
+        codex_task: codexTask ? {
+            ok: codexTask.ok === true,
+            sdk_thread_id: codexTask.sdkThreadId || null,
+            sdk_run_id: codexTask.sdkRunId || null,
+            stream_event_count: codexTask.streamEventCount || 0,
+            structured_output_valid: codexTask.structuredOutputValid === true,
+            worker_result_path: codexTask.workerResultPath || null,
+            blockers: codexTask.blockers || []
+        } : null,
+        blockers: [
+            ...result.blockers,
+            ...gate.blockers,
+            ...compressed.blockers
+        ]
+    };
+    artifact.ok = artifact.blockers.length === 0 && (result.status === 'approved' || result.status === 'modified');
+    if (opts.writeArtifact !== false)
+        return writeArtifact(root, artifact);
+    return artifact;
+}
+async function writeArtifact(root, artifact) {
+    await writeJsonAtomic(path.join(root, 'gpt-final-arbiter.json'), artifact);
+    return artifact;
+}
+function blockedResult(blocker, summary) {
+    return normalizeGptFinalArbiterResult({
+        status: 'needs_more_work',
+        summary,
+        blockers: [blocker],
+        confidence: 'low',
+        required_followup_work: [{ blocker }]
+    });
+}
+function parseFinalResponse(value) {
+    if (typeof value !== 'string')
+        return value || {};
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return {};
+    }
+}
+function buildArbiterPrompt(input, compressed) {
+    return [
+        'You are the GPT Final Arbiter for an SKS local collaboration run.',
+        'Local model outputs are drafts only. Review the proof pack, candidate diff, patch envelopes, verification results, side effects, mutation ledger, and rollback plan.',
+        'Approve or modify only when the candidate is safe and supported. Reject unsafe local patches. Return only the requested structured JSON schema.',
+        JSON.stringify({
+            route: input.route,
+            mission_id: input.mission_id,
+            local_mode: input.local_mode,
+            proof_pack: compressed.proof_pack
+        })
+    ].join('\n');
+}
+function safeName(value) {
+    return String(value || 'unknown').replace(/[^a-zA-Z0-9_.-]+/g, '-').slice(0, 80);
+}
+//# sourceMappingURL=gpt-final-arbiter.js.map

package/dist/core/codex-control/gpt-final-context-compressor.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { buildGptFinalLatencyBudgetReport, buildGptFinalProofPack } from './gpt-final-proof-pack.js';
+export function compressGptFinalContext(input, opts = {}) {
+    const proofPack = buildGptFinalProofPack(input, opts);
+    const latencyBudget = buildGptFinalLatencyBudgetReport({
+        workerCount: proofPack.worker_count,
+        tokenBudgetEstimate: proofPack.token_budget_estimate,
+        latencyMs: opts.latencyMs ?? null
+    });
+    return {
+        schema: 'sks.gpt-final-context-compressor.v1',
+        ok: latencyBudget.ok,
+        proof_pack: proofPack,
+        latency_budget: latencyBudget,
+        blockers: latencyBudget.ok ? [] : ['gpt_final_context_budget_exceeded']
+    };
+}
+//# sourceMappingURL=gpt-final-context-compressor.js.map