sneakoscope 2.0.4 → 2.0.6

package/README.md

@@ -16,10 +16,13 @@ Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-C
 
 ## Current Release
 
-SKS **2.0.4** is a P0 Codex App Fast UI and MAD Zellij worker-pane closure patch on top of the 2.0 execution layer. `sks --mad` now relies on launch-time Fast/high overrides instead of user-level Codex config rewrites, safe Fast UI repair runs through `sks doctor --fix`, provider badges read env/auth/config.toml consistently, and interactive MAD worker panes attach to the real Zellij session as scheduler slots spawn.
+SKS **2.0.6** wires Codex App Product Design into the design pipeline and hardens Naruto read-only routing on top of the 2.0 execution layer. Design routes can now discover, install, verify, and prefer the remote `product-design@openai-curated-remote` plugin, while read-only native worker runs keep write mode off and avoid treating pre-existing dirty files as generated patches.
 
 What changed:
 
+- Product Design plugin readiness now checks both local and remote Codex App catalogs, auto-installs the remote plugin when needed, and records the installed/enabled skill surface.
+- UI/design/PPT runtime routes prefer Product Design for research, ideation, audit, design QA, prototype, URL-to-code, image-to-code, share, and user-context steps.
+- Naruto read-only runs force write mode off, propagate no-patch reasons through worker proof, and skip changed-file lease checks when no write-capable patch envelope exists.
 - `codex-sdk` is the default native agent backend for Team, QA, Research, Naruto, MAD-SKS, and direct agent runs, with every runtime task entering through `runCodexTask`.
 - Codex App UI snapshot, preservation, clobber guard, and doctor repair checks protect host-owned Fast UI/profile settings around `sks --mad`.
 - Provider context resolves `openai`, `codex-lb`, and `codex-app` with badge/fallback surfaces while avoiding private Codex App UI mutation.
@@ -78,7 +81,7 @@ Broader release checks still live behind `npm run release:check`. Detailed relea
   sks xai docs
   ```
 
-- **Quieter update prompts.** The "update available" choice is shown once per conversation and then stays quiet for a short window (default 8 min, `SKS_UPDATE_OFFER_THROTTLE_MS`) instead of repeating on every prompt. The check compares npm latest against source metadata, PATH `sks --version`, and the global npm package, so a completed `npm i -g sneakoscope` clears stale pending/accepted offers.
+- **CLI-only SKS update notices.** Codex App hooks no longer stop normal work to ask for an SKS update. CLI launch surfaces such as `sks --mad` print a non-blocking latest-version notice, `sks update-check` / `sks update check` show the explicit status, and `sks doctor --fix` runs the guarded global SKS update path before repair.
 
 ## Retention And Cleanup
 
@@ -359,7 +362,7 @@ sks --mad --allow-package-install --allow-service-control --allow-network --yes
 
 This syncs existing codex-lb provider auth, creates/uses the `sks-mad-high` xhigh maintenance profile, opens the MAD-SKS permission gate for that Zellij run, starts a same-mission read-only native agent swarm, and launches a Codex CLI layout whose right-side lanes read that MAD ledger. Bare `sks --mad` grants target-project file and shell scope only; add explicit `--allow-*` flags for packages, services, network, Computer Use, browser use, generated assets, file permissions, DB writes, or other high-risk scopes. MAD-SKS is not a DB-only unlock: it is explicit user authorization to widen approved target-project scopes. Catastrophic database wipe/all-row/project-management safeguards remain active, and the pipeline contract still forbids unrequested fallback implementation code.
 
-Before launching, SKS checks npm for a newer `sneakoscope`; answer `y` to update or `n` to continue. Use `--yes` to approve missing dependency installs automatically. Tune MAD swarm startup with `--mad-agents <n>`, `--mad-swarm-work-items <n>`, and `--mad-swarm-backend <backend>`; `--no-mad-swarm` keeps only the cockpit UI if you need a temporary fallback.
+Before launching, SKS checks npm for a newer `sneakoscope` and prints a non-blocking update notice when one is available; use `sks update now` or `sks doctor --fix` when you want SKS to update itself. Use `--yes` to approve missing dependency installs automatically. Tune MAD swarm startup with `--mad-agents <n>`, `--mad-swarm-work-items <n>`, and `--mad-swarm-backend <backend>`; `--no-mad-swarm` keeps only the cockpit UI if you need a temporary fallback.
 
 ### Team Missions
 
@@ -398,9 +401,9 @@ Manual fan-out syntax:
 
 Effort is assigned per agent. Simple read-only/docs slices can run low, ordinary tooling and lease mapping use medium, safety/DB/schema/release lanes use high, and frontier/forensic research can escalate to xhigh. If a lease conflict, schema failure, proof blocker, DB risk, or release risk appears, the parent can escalate that lane while keeping unrelated lanes cheaper and faster.
 
-### Naruto Shadow Clone Swarm (`$Naruto`)
+### Naruto Massive Parallel Work Swarm (`$Naruto`)
 
-`$Naruto` (影分身 / Kage Bunshin no Jutsu) is a high-scale mode of the native agent kernel for broad fan-out work — codebase-wide sweeps, parallel drafting, large audits. It lifts the standard 20-agent ceiling to **up to 100 clone sessions** (only for this route; every other route keeps the 20 cap).
+`$Naruto` (影分身 / Kage Bunshin no Jutsu) is the hardware-safe massive parallel work mode of the native agent kernel. It is not limited to validation. A Naruto run builds a mixed work graph, keeps a safe active worker pool full, and assigns clones to implementation, modification, test generation, verification, research, documentation, conflict resolution, rollback planning, integration support, and GPT final review input work. It lifts the standard 20-agent ceiling to **up to 100 total clone generations** for this route while keeping active workers under the live hardware, lease, memory, terminal UI, file descriptor, local LLM, and remote API caps.
 
 ```sh
 sks naruto run "sweep the codebase for TODO comments and summarize"
@@ -411,9 +414,11 @@ sks naruto status
 
 Aliases: `$ShadowClone`, `$Kagebunshin`, and the CLI flag `sks --naruto`.
 
-- **System-aware concurrency:** `--clones N` is the total work fan-out, but `$Naruto` never spawns the whole count at once. Live concurrency is throttled to a host-safe number derived from CPU cores and free memory (heavier cap for real `codex-sdk` workers, tighter packing for in-process `fake`). So `--clones 100` on a small host still processes all 100 work units while only running a safe handful at a time; the run reports when it throttles. Override with `SKS_NARUTO_MAX_CONCURRENCY=<n>`.
+- **Hardware-safe governor:** `--clones N` is the total work fan-out, but `$Naruto` never spawns the whole count at once. Live concurrency is throttled by current load, memory, file descriptors, Zellij pane budget, local LLM request budget, remote API budget, disk pressure, pending queue, and active lease conflicts.
+- **Dynamic active pool:** completed workers are drained and replaced while runnable work remains, so the active pool does not sit empty between generations.
 - **Dynamic per-clone effort (like Team):** truly simple / no-tool work runs at `low`, any tool use lifts a clone to `medium` (never high/xhigh), and every clone runs in fast service tier.
-- **Safe parallel writes:** clones coordinate through the same lease-based patch-swarm (merge coordinator + conflict rebase + transaction journal) as Team.
+- **Safe parallel writes:** write-capable clones produce patch envelopes for leased files. Non-overlapping envelopes can apply in parallel; overlapping envelopes serialize or route to conflict resolution. Local worker output remains a draft until the GPT final arbiter approves or modifies it.
+- **Massive UI without pane overload:** Zellij shows visible active worker panes up to the UI cap and tracks the remaining active headless workers in the Naruto dashboard.
 
 See [docs/naruto.md](docs/naruto.md) for the full reference.
 
@@ -513,18 +518,20 @@ $DB inspect this migration for destructive risk
 
 ### Optional Local LLM Workers
 
-Local Ollama workers are off by default, so SKS stays GPT-only unless you explicitly enable them. Use the Codex App prompt commands:
+Local model workers are off by default, so SKS stays GPT-only unless you explicitly enable them. Use the Codex App prompt commands:
 
 ```text
 $with-local-llm-on
 $with-local-llm-off
 ```
 
-When enabled, the local model can only help with policy-eligible simple code patch-envelope work or read-only collection. GPT/Codex still owns strategy, planning, design, review, verification, safety, and integration. Check or tune the machine-local setting from the terminal:
+When enabled, SKS auto-detects an installed local model from a running MLX LM server, OpenAI-compatible local server, or Ollama. If no local model is available, activation stays blocked and reports that no local model was found. The local model can only help with policy-eligible simple code patch-envelope work or read-only collection. GPT/Codex still owns strategy, planning, design, review, verification, safety, and integration. Check or tune the machine-local setting from the terminal:
 
 ```sh
 sks with-local-llm status --json
-sks with-local-llm on --model rafw007/qwen36-a3b-claude-coder:q4_K_M
+sks with-local-llm on
+sks with-local-llm on --provider mlx-lm --model mlx-community/Qwen3.6-35B-A3B-4bit --base-url http://127.0.0.1:8080
+sks with-local-llm on --provider ollama --model rafw007/qwen36-a3b-claude-coder:q4_K_M
 sks with-local-llm off
 ```
 
@@ -655,7 +662,7 @@ npm ls -g sneakoscope --depth=0
 sks doctor --fix
 ```
 
-Update prompts compare npm latest against the effective installed version from source metadata, PATH `sks --version`, and global npm package metadata. `sks update now` installs through npm global mode instead of mutating the current project's dependencies. If a global update succeeded but an old shim remains earlier on PATH, `sks doctor --fix` can remove duplicate global installs and refresh the managed setup.
+CLI update checks compare npm latest against the effective installed version from source metadata, PATH `sks --version`, and global npm package metadata. Codex App hooks do not force update choices during ordinary work. `sks update now` installs through npm global mode instead of mutating the current project's dependencies, and `sks doctor --fix` runs that guarded global update path before setup/config repair. If a global update succeeded but an old shim remains earlier on PATH, `sks doctor --fix` can remove duplicate global installs and refresh the managed setup.
 
 ### Zellij is missing
 

package/crates/sks-core/Cargo.lock

@@ -76,7 +76,7 @@ dependencies = [
 
 [[package]]
 name = "sks-core"
-version = "2.0.4"
+version = "2.0.6"
 dependencies = [
  "serde_json",
 ]

package/crates/sks-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sks-core"
-version = "2.0.4"
+version = "2.0.6"
 edition = "2021"
 
 [dependencies]

package/crates/sks-core/src/main.rs

@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
 fn main() {
     let mut args = std::env::args().skip(1);
     match args.next().as_deref() {
-        Some("--version") => println!("sks-rs 2.0.4"),
+        Some("--version") => println!("sks-rs 2.0.6"),
         Some("compact-info") => {
             let mut input = String::new();
             let _ = io::stdin().read_to_string(&mut input);

package/dist/.sks-build-stamp.json

@@ -1,8 +1,8 @@
 {
   "schema": "sks.dist-build-stamp.v1",
   "package_name": "sneakoscope",
-  "package_version": "2.0.4",
-  "source_digest": "bd67ddf989e2e0b702453d422e2cf991e8ca397d3d4afc14fdfa06b4610452c9",
-  "source_file_count": 1879,
-  "built_at_source_time": 1780569940553
+  "package_version": "2.0.6",
+  "source_digest": "3947e39c47a565506e9ffd37568ae889bc7943f6dc342b5c357976b840770f94",
+  "source_file_count": 1953,
+  "built_at_source_time": 1780662014263
 }

package/dist/bin/sks.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const FAST_PACKAGE_VERSION = '2.0.4';
+const FAST_PACKAGE_VERSION = '2.0.6';
 const args = process.argv.slice(2);
 try {
     if (args[0] === '--agent' && args[1] === 'worker') {

package/dist/build-manifest.json

@@ -1,16 +1,16 @@
 {
   "schema": "sks.dist-build.v2",
-  "version": "2.0.4",
-  "package_version": "2.0.4",
+  "version": "2.0.6",
+  "package_version": "2.0.6",
   "typescript": true,
   "mjs_runtime_files": 0,
-  "compiled_file_count": 949,
-  "compiled_js_count": 949,
+  "compiled_file_count": 1019,
+  "compiled_js_count": 1019,
   "compiled_dts_count": 0,
-  "source_digest": "bd67ddf989e2e0b702453d422e2cf991e8ca397d3d4afc14fdfa06b4610452c9",
-  "source_file_count": 1879,
-  "source_files_hash": "c43d09b591370ad58937365d6bbfca2be0b60fcf04a43fdbb9a56d9288752814",
-  "source_list_hash": "c43d09b591370ad58937365d6bbfca2be0b60fcf04a43fdbb9a56d9288752814",
+  "source_digest": "3947e39c47a565506e9ffd37568ae889bc7943f6dc342b5c357976b840770f94",
+  "source_file_count": 1953,
+  "source_files_hash": "5d6f0e4186fc37279e1cf6de0c6b3c7230123c4a588966f8fda2a9324eb75192",
+  "source_list_hash": "5d6f0e4186fc37279e1cf6de0c6b3c7230123c4a588966f8fda2a9324eb75192",
   "src_mjs_runtime_files": 0,
   "dist_stamp_schema": "sks.dist-build-stamp.v1",
   "files": [
@@ -216,6 +216,8 @@
     "core/codex-control/gpt-final-context-compressor.js",
     "core/codex-control/gpt-final-proof-pack.js",
     "core/codex-control/gpt-final-review-schema.js",
+    "core/codex-control/python-codex-sdk-adapter.js",
+    "core/codex-control/python-codex-sdk-event-translator.js",
     "core/codex-control/schemas/agent-worker-result.schema.js",
     "core/codex-exec-output-schema.js",
     "core/codex-hooks/codex-hook-actual-discovery.js",
@@ -237,6 +239,7 @@
     "core/codex/codex-0-134-compat.js",
     "core/codex/codex-0-135-compat.js",
     "core/codex/codex-0-136-compat.js",
+    "core/codex/codex-0-137-compat.js",
     "core/codex/codex-cli-syntax-builder.js",
     "core/codex/codex-config-eperm-repair.js",
     "core/codex/codex-config-readability.js",
@@ -362,7 +365,22 @@
     "core/json-schema-validator.js",
     "core/language-preference.js",
     "core/local-llm/local-collaboration-policy.js",
+    "core/local-llm/local-llm-backpressure.js",
+    "core/local-llm/local-llm-capability.js",
+    "core/local-llm/local-llm-client.js",
     "core/local-llm/local-llm-config.js",
+    "core/local-llm/local-llm-context-cache.js",
+    "core/local-llm/local-llm-control-adapter.js",
+    "core/local-llm/local-llm-json-repair.js",
+    "core/local-llm/local-llm-metrics.js",
+    "core/local-llm/local-llm-ollama-client.js",
+    "core/local-llm/local-llm-openai-compatible-client.js",
+    "core/local-llm/local-llm-prompt-cache.js",
+    "core/local-llm/local-llm-scheduler.js",
+    "core/local-llm/local-llm-schema-enforcer.js",
+    "core/local-llm/local-llm-smoke.js",
+    "core/local-llm/local-llm-warmup.js",
+    "core/local-llm/local-worker-eligibility.js",
     "core/loop-blocker.js",
     "core/mad-sks/audit-ledger.js",
     "core/mad-sks/authorization-manifest.js",
@@ -393,6 +411,22 @@
     "core/mission.js",
     "core/mistake-memory.js",
     "core/mistake-recall.js",
+    "core/naruto/hardware-capacity-probe.js",
+    "core/naruto/naruto-active-pool.js",
+    "core/naruto/naruto-backpressure.js",
+    "core/naruto/naruto-concurrency-governor.js",
+    "core/naruto/naruto-finalizer.js",
+    "core/naruto/naruto-generation-scheduler.js",
+    "core/naruto/naruto-gpt-final-pack.js",
+    "core/naruto/naruto-parallel-patch-apply.js",
+    "core/naruto/naruto-patch-transaction-batch.js",
+    "core/naruto/naruto-role-policy.js",
+    "core/naruto/naruto-verification-dag.js",
+    "core/naruto/naruto-verification-pool.js",
+    "core/naruto/naruto-work-graph.js",
+    "core/naruto/naruto-work-item.js",
+    "core/naruto/naruto-work-stealing.js",
+    "core/naruto/resource-pressure-monitor.js",
     "core/no-question-guard.js",
     "core/openclaw.js",
     "core/perf-bench.js",
@@ -406,6 +440,8 @@
     "core/pipeline/agent-stage-policy.js",
     "core/pipeline/final-gpt-patch-stage.js",
     "core/pipeline/final-gpt-review-stage.js",
+    "core/pipeline/finalize-pipeline-result.js",
+    "core/pipeline/gpt-final-required.js",
     "core/pipeline/pipeline-plan-writer.js",
     "core/pipeline/plan-schema.js",
     "core/pipeline/prompt-context-answer.js",
@@ -437,7 +473,10 @@
     "core/ppt-review/slide-issue-extraction.js",
     "core/ppt.js",
     "core/preflight/parallel-preflight-engine.js",
+    "core/product-design-app-server.js",
+    "core/product-design-plugin.js",
     "core/prompt-context-builder.js",
+    "core/prompt/prompt-placeholder-guard.js",
     "core/proof-field.js",
     "core/proof/auto-finalize.js",
     "core/proof/claim-ledger.js",
@@ -568,6 +607,7 @@
     "core/zellij/zellij-lane-runtime.js",
     "core/zellij/zellij-launcher.js",
     "core/zellij/zellij-layout-builder.js",
+    "core/zellij/zellij-naruto-dashboard.js",
     "core/zellij/zellij-pane-proof.js",
     "core/zellij/zellij-screen-proof.js",
     "core/zellij/zellij-worker-pane-manager.js",
@@ -679,6 +719,7 @@
     "scripts/codex-0-134-runner-truth-check.js",
     "scripts/codex-0-135-compat-check.js",
     "scripts/codex-0-136-compat-check.js",
+    "scripts/codex-0-137-compat-check.js",
     "scripts/codex-app-fast-ui-preservation-check.js",
     "scripts/codex-app-provider-badge-check.js",
     "scripts/codex-app-ui-clobber-guard-check.js",
@@ -696,6 +737,7 @@
     "scripts/codex-control-structured-output-check.js",
     "scripts/codex-control-thread-registry-check.js",
     "scripts/codex-control-tool-call-sequence-repair-check.js",
+    "scripts/codex-environment-scoped-approvals-check.js",
     "scripts/codex-exec-output-schema-actual-syntax-check.js",
     "scripts/codex-fast-mode-profile-propagation-check.js",
     "scripts/codex-history-search-check.js",
@@ -710,6 +752,7 @@
     "scripts/codex-managed-proxy-env-check.js",
     "scripts/codex-output-schema-fixture-check.js",
     "scripts/codex-permission-profiles-check.js",
+    "scripts/codex-plugin-list-json-check.js",
     "scripts/codex-profile-primary-check.js",
     "scripts/codex-project-config-policy-merge-regression.js",
     "scripts/codex-project-config-policy-splitter-check.js",
@@ -731,6 +774,7 @@
     "scripts/codex-sdk-thread-registry-check.js",
     "scripts/codex-sdk-ux-ppt-review-pipeline-check.js",
     "scripts/codex-sdk-zellij-pane-binding-check.js",
+    "scripts/codex-thread-runtime-choice-check.js",
     "scripts/codex-web-adapter-check.js",
     "scripts/computer-use-live-evidence-check.js",
     "scripts/computer-use-live-optional-check.js",
@@ -802,9 +846,18 @@
     "scripts/lib/real-codex-parallel-gate.js",
     "scripts/lib/real-codex-parallel-proof-fixture.js",
     "scripts/lib/valid-png-fixture.js",
+    "scripts/local-collab-all-pipelines-final-gpt-check.js",
     "scripts/local-collab-gpt-final-availability-check.js",
     "scripts/local-collab-no-local-only-final-check.js",
     "scripts/local-collab-policy-check.js",
+    "scripts/local-llm-all-pipelines-check.js",
+    "scripts/local-llm-cache-performance-check.js",
+    "scripts/local-llm-capability-check.js",
+    "scripts/local-llm-smoke-check.js",
+    "scripts/local-llm-structured-output-check.js",
+    "scripts/local-llm-throughput-check.js",
+    "scripts/local-llm-tool-call-repair-check.js",
+    "scripts/local-llm-warmup-check.js",
     "scripts/loop-blocker-check.js",
     "scripts/mad-preflight-blocks-unreadable-config-check.js",
     "scripts/mad-sks-actual-executor-blackbox.js",
@@ -831,7 +884,17 @@
     "scripts/mcp-tool-naming-parity-check.js",
     "scripts/memory-summary-rebuild-check.js",
     "scripts/mutation-callsite-coverage-check.js",
+    "scripts/naruto-active-pool-check.js",
+    "scripts/naruto-concurrency-governor-check.js",
+    "scripts/naruto-gpt-final-pack-check.js",
+    "scripts/naruto-parallel-patch-apply-check.js",
+    "scripts/naruto-readonly-routing-check.js",
+    "scripts/naruto-real-local-gpt-final-smoke.js",
+    "scripts/naruto-role-distribution-check.js",
     "scripts/naruto-shadow-clone-swarm-check.js",
+    "scripts/naruto-verification-pool-check.js",
+    "scripts/naruto-work-graph-check.js",
+    "scripts/naruto-zellij-massive-ui-check.js",
     "scripts/non-recursive-pipeline-check.js",
     "scripts/npm-publish-performance-check.js",
     "scripts/official-docs-compat-report.js",
@@ -856,8 +919,15 @@
     "scripts/prepublish-fast-check.js",
     "scripts/prepublish-release-check-or-fast.js",
     "scripts/priority-full-closure-check.js",
+    "scripts/product-design-auto-install-check.js",
+    "scripts/product-design-plugin-routing-check.js",
+    "scripts/prompt-placeholder-guard-check.js",
     "scripts/provider-badge-context-check.js",
     "scripts/provider-context-config-toml-check.js",
+    "scripts/python-codex-sdk-all-pipelines-check.js",
+    "scripts/python-codex-sdk-capability-check.js",
+    "scripts/python-codex-sdk-sandbox-policy-check.js",
+    "scripts/python-codex-sdk-stream-bridge-check.js",
     "scripts/python-tools-smoke-check.js",
     "scripts/qa-actual-route-backfill-check.js",
     "scripts/qa-backfill-route-blackbox.js",

package/dist/cli/install-helpers.js

@@ -13,6 +13,7 @@ import { context7ConfigToml, DOLLAR_SKILL_NAMES, GETDESIGN_REFERENCE, hasContext
 import { checkZellijCapability } from '../core/zellij/zellij-capability.js';
 import { reconcileCodexAppUpgradeProcesses } from '../core/codex-app.js';
 import { recordCodexLbHealthEvent } from '../core/codex-lb-circuit.js';
+import { runSksUpdateCheck, runSksUpdateNow } from '../core/update-check.js';
 import { loadCodexLbEnv, writeCodexLbKeychain, codexLbMetadataPath } from '../core/codex-lb/codex-lb-env.js';
 import { buildCodexLbSetupPlan, codexLbPersistenceSummary, installCodexLbShellProfileSnippet, selectedCodexLbPersistenceModes } from '../core/codex-lb/codex-lb-setup.js';
 const DEFAULT_CODEX_APP_PLUGINS = [
@@ -2231,6 +2232,28 @@ export async function maybePromptCodexUpdateForLaunch(args = [], opts = {}) {
         return { status: 'skipped_by_user', latest: latest.version || null, current, command, bin: codex.bin || null };
     return installCodexLatest(command, latest.version, current);
 }
+export async function maybePromptSksUpdateForLaunch(args = [], opts = {}) {
+    if (hasFlag(args, '--json') || hasFlag(args, '--skip-sks-update') || process.env.SKS_SKIP_SKS_UPDATE === '1')
+        return { status: 'skipped' };
+    const label = opts.label || 'SKS launch';
+    const check = await runSksUpdateCheck({ timeoutMs: 5000 }).catch((err) => ({
+        ok: false,
+        update_available: false,
+        latest: null,
+        current: PACKAGE_VERSION,
+        command: null,
+        error: err?.message || String(err)
+    }));
+    if (!check.update_available) {
+        return { status: check.error ? 'unavailable' : 'current', latest: check.latest || null, current: check.current || PACKAGE_VERSION, error: check.error || null };
+    }
+    const command = check.command || `sks update now --version ${check.latest}`;
+    if (shouldAutoApproveInstall(args)) {
+        return runSksUpdateNow({ version: check.latest, timeoutMs: 10 * 60 * 1000, maxOutputBytes: 128 * 1024 });
+    }
+    console.log(`SKS update available before ${label}: ${check.current} -> ${check.latest}. Run when ready: ${command}`);
+    return { status: 'available', latest: check.latest || null, current: check.current || PACKAGE_VERSION, command };
+}
 export function shouldAutoApproveInstall(args = [], env = process.env) {
     if (hasFlag(args, '--from-postinstall') && env.SKS_POSTINSTALL_AUTO_INSTALL_CLI_TOOLS !== '1')
         return false;

package/dist/commands/codex-app.js

@@ -1,11 +1,31 @@
 import { flag } from '../cli/args.js';
 import { printJson } from '../cli/output.js';
-import { codexAccessTokenStatus, codexAppIntegrationStatus, codexChromeExtensionStatus, formatCodexAppStatus } from '../core/codex-app.js';
+import { codexAccessTokenStatus, codexAppIntegrationStatus, codexChromeExtensionStatus, codexProductDesignPluginStatus, formatCodexAppStatus, formatCodexProductDesignPluginStatus } from '../core/codex-app.js';
 import { codexAppRemoteControlCommand } from '../cli/codex-app-command.js';
 export async function run(_command, args = []) {
     const action = args[0] || 'check';
     if (action === 'remote-control' || action === 'remote')
         return codexAppRemoteControlCommand(args.slice(1));
+    if (action === 'product-design' || action === 'design-product' || action === 'ensure-product-design') {
+        const checkOnly = flag(args, '--check-only') || flag(args, '--no-install');
+        const status = await codexProductDesignPluginStatus({
+            autoInstallProductDesign: !checkOnly && (action === 'product-design'
+                || action === 'design-product'
+                || action === 'ensure-product-design'
+                || flag(args, '--install')
+                || flag(args, '--auto-install'))
+        });
+        if (flag(args, '--json')) {
+            printJson(status);
+            if (!status.ok)
+                process.exitCode = 1;
+            return;
+        }
+        console.log(formatCodexProductDesignPluginStatus(status));
+        if (!status.ok)
+            process.exitCode = 1;
+        return;
+    }
     if (action === 'chrome-extension' || action === 'chrome') {
         const status = await codexChromeExtensionStatus();
         if (flag(args, '--json')) {
@@ -32,7 +52,9 @@ export async function run(_command, args = []) {
         return;
     }
     if (action === 'check' || action === 'status') {
-        const status = await codexAppIntegrationStatus();
+        const status = await codexAppIntegrationStatus({
+            autoInstallProductDesign: flag(args, '--install-product-design') || flag(args, '--auto-install-product-design')
+        });
         if (flag(args, '--json')) {
             printJson(status);
             if (!status.ok)
@@ -44,7 +66,7 @@ export async function run(_command, args = []) {
             process.exitCode = 1;
         return;
     }
-    console.error('Usage: sks codex-app check|status|chrome-extension|pat status|remote-control [--json]');
+    console.error('Usage: sks codex-app check|status|product-design [--check-only]|ensure-product-design|chrome-extension|pat status|remote-control [--json]');
     process.exitCode = 1;
 }
 //# sourceMappingURL=codex-app.js.map

package/dist/commands/doctor.js

@@ -17,10 +17,24 @@ import { inventoryCodexPermissionProfiles } from '../core/codex/codex-permission
 import { appendMigrationEvents, hashConfigText } from '../core/migration/migration-transaction-journal.js';
 import { repairCodexAppFastUi } from '../core/codex-app/codex-app-fast-ui-repair.js';
 import { resolveProviderContext } from '../core/provider/provider-context.js';
+import { readLocalModelConfig } from '../core/agents/ollama-worker-config.js';
+import { runSksUpdateNow } from '../core/update-check.js';
 export async function run(_command, args = []) {
+    const doctorFix = flag(args, '--fix');
     let setupRepair = null;
+    const sksUpdate = doctorFix
+        ? await runSksUpdateNow({
+            timeoutMs: 10 * 60 * 1000,
+            maxOutputBytes: 128 * 1024
+        }).catch((err) => ({
+            schema: 'sks.update-now.v1',
+            ok: false,
+            status: 'failed',
+            error: err?.message || String(err)
+        }))
+        : null;
     let migrationPreFix = null;
-    if (flag(args, '--fix')) {
+    if (doctorFix) {
         // Snapshot config content before ANY mutation so the migration journal can
         // record real before/after hashes for the whole --fix transaction.
         migrationPreFix = await captureCodexConfigSnapshot();
@@ -96,7 +110,6 @@ export async function run(_command, args = []) {
             model_provider: null
         }
     }));
-    const doctorFix = flag(args, '--fix');
     const explicitCodexAppUiRepair = flag(args, '--repair-codex-app-ui') || flag(args, '--yes');
     const codexAppUiPlan = await repairCodexAppFastUi(root, {
         apply: false,
@@ -136,6 +149,7 @@ export async function run(_command, args = []) {
         }))
         : codexAppUiPlan;
     const zellij = await checkZellijCapability({ root, require: process.env.SKS_REQUIRE_ZELLIJ === '1' });
+    const localModel = await readLocalModelConfig().catch(() => null);
     const permissionProfiles = await inventoryCodexPermissionProfiles(root, { writeReport: true });
     const globalSksInstallCleanup = flag(args, '--fix') && !flag(args, '--local-only')
         ? await cleanDuplicateGlobalSksInstalls({ root, fix: true }).catch((err) => ({ schema: 'sks.global-sks-install-cleanup.v1', ok: false, fix: true, error: err?.message || String(err), blockers: ['global_sks_install_cleanup_exception'] }))
@@ -151,6 +165,7 @@ export async function run(_command, args = []) {
         codex_doctor: codexDoctor,
         require_codex_doctor: flag(args, '--fix') || flag(args, '--require-actual-codex'),
         zellij,
+        local_model: localModel,
         repair: configRepair,
         codex_app_ui: codexAppUi,
         require_codex_cli_config_load: flag(args, '--fix') || flag(args, '--require-actual-codex'),
@@ -162,7 +177,7 @@ export async function run(_command, args = []) {
     const zellijReadiness = buildZellijReadiness(root, zellij, ready);
     const result = {
         schema: 'sks.doctor-status.v1',
-        ok: ready.ready,
+        ok: ready.ready && (!sksUpdate || sksUpdate.ok !== false),
         root,
         node: { ok: Number(process.versions.node.split('.')[0]) >= 20, version: process.version },
         codex,
@@ -175,6 +190,7 @@ export async function run(_command, args = []) {
         codex_doctor: codexDoctor,
         codex_doctor_diff: codexDoctorDiff,
         zellij,
+        local_model: localModel,
         zellij_readiness: zellijReadiness,
         codex_permission_profiles: permissionProfiles,
         imagegen: {
@@ -185,7 +201,7 @@ export async function run(_command, args = []) {
         ready,
         sneakoscope: { ok: await exists(`${root}/.sneakoscope`) },
         package: { bytes: pkgBytes, human: formatBytes(pkgBytes) },
-        repair: { setup: setupRepair, codex_config: configRepair, migration_journal: migrationJournal, global_sks_installs: globalSksInstallCleanup }
+        repair: { sks_update: sksUpdate, setup: setupRepair, codex_config: configRepair, migration_journal: migrationJournal, global_sks_installs: globalSksInstallCleanup }
     };
     if (flag(args, '--json')) {
         printJson(result);
@@ -234,6 +250,16 @@ export async function run(_command, args = []) {
         }
     }
     console.log(`codex-lb:  ${codexLb.ok ? 'ok' : `warning ${codexLb.circuit?.state || 'unknown'}`}`);
+    if (localModel) {
+        console.log('Local LLM:');
+        console.log(`  enabled: ${localModel.enabled ? 'yes' : 'no'}`);
+        console.log(`  status: ${localModel.status}`);
+        console.log(`  provider: ${localModel.provider}`);
+        console.log(`  model: ${localModel.model}`);
+        console.log(`  endpoint: ${localModel.base_url}`);
+        console.log(`  last smoke: ${localModel.last_smoke?.ok ? `ok ${localModel.last_smoke.latency_ms || 0}ms ${localModel.last_smoke.tokens_per_second || 0} tok/s` : 'missing'}`);
+        console.log('  final arbiter: GPT required');
+    }
     console.log(`Permissions: config profile and permission profile are tracked separately (${permissionProfiles.codex_config_profile_field}, ${permissionProfiles.codex_permission_profile_field})`);
     console.log('Ready:');
     console.log(`  cli_ready: ${ready.cli_ready ? 'yes' : 'no'}`);
@@ -251,6 +277,9 @@ export async function run(_command, args = []) {
     if (migrationJournal?.journal_path) {
         console.log(`Migration journal: ${migrationJournal.journal_path} (${migrationJournal.event_count} events, ${migrationJournal.mutations_without_rollback} without rollback)`);
     }
+    if (sksUpdate) {
+        console.log(`SKS update: ${sksUpdate.status}${sksUpdate.latest ? ` latest ${sksUpdate.latest}` : ''}${sksUpdate.error ? ` (${sksUpdate.error})` : ''}`);
+    }
     if (globalSksInstallCleanup) {
         console.log(`Global SKS installs: kept ${globalSksInstallCleanup.kept?.length ?? 0}, removed ${globalSksInstallCleanup.removed?.filter((entry) => entry.ok).length ?? 0}, source repo exempt ${globalSksInstallCleanup.candidates?.filter((entry) => entry.source_repo_exempt).length ?? 0}`);
     }

package/dist/commands/mad-sks.js

@@ -1,9 +1,9 @@
 import { madHighCommand } from '../core/commands/mad-sks-command.js';
-import { ensureMadLaunchDependencies, formatMadLaunchDependencyAction, maybePromptCodexUpdateForLaunch, maybePromptCodexLbSetupForLaunch } from '../cli/install-helpers.js';
+import { ensureMadLaunchDependencies, formatMadLaunchDependencyAction, maybePromptCodexUpdateForLaunch, maybePromptCodexLbSetupForLaunch, maybePromptSksUpdateForLaunch } from '../cli/install-helpers.js';
 import { PACKAGE_VERSION } from '../core/fsx.js';
 export async function run(_command, args = []) {
     return madHighCommand(['--mad-sks', ...args], {
-        maybePromptSksUpdateForLaunch: async () => ({ status: 'skipped' }),
+        maybePromptSksUpdateForLaunch,
         maybePromptCodexUpdateForLaunch,
         ensureMadLaunchDependencies,
         printDepsInstallAction: (action) => console.error(formatMadLaunchDependencyAction(action)),

package/dist/core/agents/agent-orchestrator.js

@@ -117,6 +117,7 @@ export async function runNativeAgentOrchestrator(opts = {}) {
     const strategyCompiled = compileStrategy({
         prompt,
         route,
+        ...(writeCapable ? {} : { writeTargets: [] }),
         agentCount: roster.agent_count,
         visualRequired
     });
@@ -235,12 +236,13 @@ export async function runNativeAgentOrchestrator(opts = {}) {
         rate_limit_delay_ms: backend === 'codex-sdk' ? 250 : 0,
         resource_pressure_warnings: roster.agent_count > roster.concurrency ? ['agents_exceed_concurrency_batches'] : []
     });
+    const effectiveWriteMode = writeCapable ? opts.writeMode || 'off' : 'off';
     const parallelWritePolicy = {
         schema: 'sks.agent-parallel-write-policy.v1',
         generated_at: nowIso(),
         route,
         route_command: routeCommand,
-        write_mode: opts.writeMode || 'off',
+        write_mode: effectiveWriteMode,
         apply_patches: opts.applyPatches === true,
         dry_run_patches: opts.dryRunPatches === true,
         max_write_agents: Number(opts.maxWriteAgents || 0),
@@ -779,7 +781,7 @@ async function runAgentPatchSwarmRuntime(root, ledgerRoot, input) {
     await queueStore.persistSnapshot();
     const journalSummary = await queueStore.journal.writeSummary();
     const proof = buildAgentPatchProof({ ...proofInput, transactionJournal: journalSummary });
-    const zeroPatchBlockers = input.writeCapable && input.parallelWritePolicy?.write_mode === 'parallel' && pendingEntries.length === 0 && input.parallelWritePolicy?.dry_run_patches !== true
+    const zeroPatchBlockers = input.writeCapable && input.parallelWritePolicy?.write_mode === 'parallel' && pendingEntries.length === 0 && input.dryRun !== true && input.parallelWritePolicy?.dry_run_patches !== true
         ? ['write_mode_parallel_zero_patch_envelopes']
         : [];
     const blockers = [
@@ -870,6 +872,8 @@ function normalizeVisualLaneCount(value, fallback, maxAgentCount) {
     return Math.max(1, Math.min(maxAgentCount, Math.floor(raw)));
 }
 function isWriteCapableRun(opts) {
+    if (opts.readonly === true)
+        return false;
     return opts.applyPatches === true || opts.dryRunPatches === true || (opts.writeMode !== undefined && opts.writeMode !== 'off');
 }
 function defaultRouteCommand(route) {
@@ -991,6 +995,7 @@ async function runAgentByBackend(backend, agent, slice, opts) {
             ...sdkWorkerResult,
             backend: 'codex-sdk',
             patch_envelopes: patchEnvelopes,
+            ...(patchEnvelopes.length ? {} : { no_patch_reason: buildDirectNoPatchReason(slice, opts) }),
             codex_child_report: sdkReport,
             codex_sdk_thread: sdkReport,
             model_authored_patch_envelopes: patchEnvelopes.length > 0,
@@ -1027,10 +1032,24 @@ function buildDirectSdkWorkerPrompt(slice) {
         '',
         write.length
             ? `Write-capable slice. Return JSON matching ${CODEX_AGENT_WORKER_RESULT_SCHEMA_ID}; include patch_envelopes for write_paths=${JSON.stringify(write)}. Each patch envelope must include schema, source "model_authored", agent_id, session_id, slot_id, generation_index, task_slice_id, lease_id, allowed_paths, operations, and rationale. Each operation must include op, path, search, replace, content, and diff; use empty strings for operation fields that do not apply.`
-            : `Read-only slice. Return JSON matching ${CODEX_AGENT_WORKER_RESULT_SCHEMA_ID}.`,
+            : `Read-only slice. Return JSON matching ${CODEX_AGENT_WORKER_RESULT_SCHEMA_ID}; do not report pre-existing repository dirtiness as changed_files.`,
         'Required JSON fields: status, summary, findings, changed_files, patch_envelopes, verification, rollback_notes, blockers.'
     ].join('\n');
 }
+function buildDirectNoPatchReason(slice, opts) {
+    const writePathCount = sdkWritePaths(slice, opts).length;
+    return {
+        schema: 'sks.native-cli-worker-no-patch-reason.v1',
+        generated_at: nowIso(),
+        ok: writePathCount === 0,
+        reason: writePathCount ? 'write_capable_task_without_backend_patch_envelope' : 'read_only_or_no_write_paths',
+        route_justification: writePathCount ? 'backend returned no patch envelopes for a write-capable task' : 'task has no write paths',
+        read_only_or_noop_evidence: writePathCount === 0,
+        task_slice_id: slice?.id || null,
+        backend: 'codex-sdk',
+        blockers: writePathCount ? ['write_capable_no_patch_envelope'] : []
+    };
+}
 function sdkWritePaths(slice, opts) {
     return [
         ...(Array.isArray(slice?.write_paths) ? slice.write_paths : []),