sneakoscope 2.0.4 → 2.0.6

package/dist/core/product-design-plugin.js

@@ -0,0 +1,139 @@
+export const PRODUCT_DESIGN_REQUIRED_SKILLS = Object.freeze([
+    'audit',
+    'design-qa',
+    'get-context',
+    'ideate',
+    'image-to-code',
+    'prototype',
+    'research',
+    'share',
+    'url-to-code',
+    'user-context'
+]);
+export const PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS = Object.freeze([
+    'design-artifact-expert',
+    'design-ui-editor',
+    'design-system-builder',
+    'getdesign-reference'
+]);
+export const PRODUCT_DESIGN_PLUGIN = Object.freeze({
+    id: 'product-design@openai-curated-remote',
+    name: 'product-design',
+    marketplace: 'openai-curated-remote',
+    marketplace_kind: 'vertical',
+    remote_plugin_id: 'Plugin_fa77aec24fc08191bc6e57f377126d76',
+    display_name: 'Product Design',
+    app_server: {
+        read_params: {
+            remoteMarketplaceName: 'openai-curated-remote',
+            pluginName: 'Plugin_fa77aec24fc08191bc6e57f377126d76'
+        },
+        install_params: {
+            remoteMarketplaceName: 'openai-curated-remote',
+            pluginName: 'Plugin_fa77aec24fc08191bc6e57f377126d76'
+        },
+        name_lookup_params: {
+            remoteMarketplaceName: 'openai-curated-remote',
+            pluginName: 'product-design'
+        },
+        list_params: {
+            marketplaceKinds: ['vertical']
+        }
+    }
+});
+export const PRODUCT_DESIGN_PIPELINE_STAGES = Object.freeze([
+    {
+        stage: 'context_intake',
+        skills: ['get-context', 'user-context'],
+        routes: ['Team', 'PPT', 'ImageUXReview'],
+        purpose: 'capture product/user/design context before local design.md fallback is hydrated'
+    },
+    {
+        stage: 'research_and_ideation',
+        skills: ['research', 'ideate'],
+        routes: ['Team', 'PPT'],
+        purpose: 'ground competitive, audience, and concept exploration before visual decisions'
+    },
+    {
+        stage: 'artifact_generation',
+        skills: ['prototype', 'image-to-code', 'url-to-code'],
+        routes: ['Team', 'PPT'],
+        purpose: 'turn sealed context, screenshots, images, or URLs into prototype/source direction'
+    },
+    {
+        stage: 'design_review',
+        skills: ['audit', 'design-qa'],
+        routes: ['Team', 'PPT', 'ImageUXReview', 'QALoop'],
+        purpose: 'audit hierarchy, accessibility, responsiveness, polish, and route-specific UX risk'
+    },
+    {
+        stage: 'delivery',
+        skills: ['share'],
+        routes: ['PPT', 'Team'],
+        purpose: 'package or hand off design artifacts when the Codex App plugin exposes sharing'
+    }
+]);
+export function productDesignPluginPolicyText() {
+    const stages = PRODUCT_DESIGN_PIPELINE_STAGES
+        .map((entry) => `${entry.stage}=${entry.skills.join('+')}`)
+        .join('; ');
+    return `Product Design plugin policy: design-related routes must prefer the Codex App Product Design plugin (${PRODUCT_DESIGN_PLUGIN.id}) from the remote vertical marketplace ${PRODUCT_DESIGN_PLUGIN.marketplace}. Discovery must not rely only on \`codex plugin list\`, because vertical marketplace plugins can be omitted from the local/default catalog; when Product Design is not ready, first run the app-server Product Design ensure path: plugin/read with remote plugin id params ${JSON.stringify(PRODUCT_DESIGN_PLUGIN.app_server.read_params)}, plugin/list with ${JSON.stringify(PRODUCT_DESIGN_PLUGIN.app_server.list_params)} if the id must be rediscovered, and plugin/install with ${JSON.stringify(PRODUCT_DESIGN_PLUGIN.app_server.install_params)} before falling back to legacy design.md skills. Expected ready evidence is installed=true, enabled=true, displayName/name Product Design, remotePluginId ${PRODUCT_DESIGN_PLUGIN.remote_plugin_id}, and skills ${PRODUCT_DESIGN_REQUIRED_SKILLS.join(', ')}. Pipeline mapping: ${stages}. Legacy local design helpers (${PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS.join(', ')}) are compatibility fallback only when Product Design auto-install/ensure is unavailable or still fails, or when the route explicitly needs an existing project-local design.md; do not auto-create a heavy design.md as the first design step when Product Design is ready.`;
+}
+export function normalizeProductDesignPluginEvidence(input = {}) {
+    const detail = input?.plugin || input?.data?.plugin || input;
+    const summary = detail?.summary || detail;
+    const skills = Array.isArray(detail?.skills)
+        ? detail.skills.map((skill) => String(skill?.name || skill || '')).filter(Boolean)
+        : [];
+    const id = String(summary?.id || detail?.id || '');
+    const name = String(summary?.name || detail?.name || '');
+    const displayName = String(summary?.displayName || detail?.displayName || summary?.display_name || detail?.display_name || name || '');
+    const marketplaceName = String(detail?.marketplaceName || input?.marketplaceName || summary?.marketplaceName || '');
+    const remotePluginId = String(summary?.remotePluginId || detail?.remotePluginId || summary?.remote_plugin_id || detail?.remote_plugin_id || '');
+    const installed = summary?.installed === true || detail?.installed === true;
+    const enabled = summary?.enabled === true || detail?.enabled === true;
+    const missingSkills = PRODUCT_DESIGN_REQUIRED_SKILLS.filter((skill) => !skills.includes(skill));
+    const identityOk = id === PRODUCT_DESIGN_PLUGIN.id
+        || name === PRODUCT_DESIGN_PLUGIN.name
+        || displayName === PRODUCT_DESIGN_PLUGIN.display_name
+        || remotePluginId === PRODUCT_DESIGN_PLUGIN.remote_plugin_id;
+    const marketplaceOk = !marketplaceName || marketplaceName === PRODUCT_DESIGN_PLUGIN.marketplace;
+    const ok = Boolean(installed && enabled && identityOk && marketplaceOk && missingSkills.length === 0);
+    return {
+        schema: 'sks.product-design-plugin-evidence.v1',
+        ok,
+        id,
+        name,
+        display_name: displayName,
+        marketplace_name: marketplaceName,
+        remote_plugin_id: remotePluginId,
+        installed,
+        enabled,
+        skills,
+        missing_skills: missingSkills,
+        expected: PRODUCT_DESIGN_PLUGIN,
+        blockers: ok ? [] : [
+            ...(!installed ? ['product_design_not_installed'] : []),
+            ...(!enabled ? ['product_design_not_enabled'] : []),
+            ...(!identityOk ? ['product_design_identity_unverified'] : []),
+            ...(!marketplaceOk ? ['product_design_wrong_marketplace'] : []),
+            ...(missingSkills.length ? ['product_design_skills_missing'] : [])
+        ]
+    };
+}
+export function productDesignPluginVisibilityFromCodexPluginList(input = {}) {
+    const text = JSON.stringify(input || {});
+    const listed = text.includes(PRODUCT_DESIGN_PLUGIN.id)
+        || text.includes(PRODUCT_DESIGN_PLUGIN.name)
+        || text.includes(PRODUCT_DESIGN_PLUGIN.remote_plugin_id);
+    return {
+        schema: 'sks.product-design-plugin-list-visibility.v1',
+        listed,
+        detector: 'codex plugin list --json',
+        requires_remote_vertical_lookup: !listed,
+        remote_marketplace: PRODUCT_DESIGN_PLUGIN.marketplace,
+        app_server_read_params: PRODUCT_DESIGN_PLUGIN.app_server.read_params,
+        app_server_list_params: PRODUCT_DESIGN_PLUGIN.app_server.list_params
+    };
+}
+//# sourceMappingURL=product-design-plugin.js.map

package/dist/core/prompt/prompt-placeholder-guard.js

@@ -0,0 +1,30 @@
+const PLACEHOLDER_PATTERNS = [
+    /@filename\b/i,
+    /<file>/i,
+    /\bTODO_PATH\b/i,
+    /\bINSERT_PATH_HERE\b/i,
+    /\/path\/to\/file\b/i
+];
+export function checkPromptPlaceholders(input = {}) {
+    const prompt = String(input.prompt || '');
+    const writeCapable = input.writeCapable === true;
+    const placeholders = PLACEHOLDER_PATTERNS
+        .filter((pattern) => pattern.test(prompt))
+        .map((pattern) => pattern.source);
+    const emptyTargetPaths = writeCapable && (!Array.isArray(input.targetPaths) || input.targetPaths.length === 0);
+    const blockers = writeCapable ? [
+        ...placeholders.map((placeholder) => `unresolved_prompt_placeholder:${placeholder}`),
+        ...(emptyTargetPaths ? ['write_capable_prompt_target_paths_empty'] : [])
+    ] : [];
+    const warnings = writeCapable ? [] : placeholders.map((placeholder) => `readonly_prompt_placeholder_warning:${placeholder}`);
+    return {
+        schema: 'sks.prompt-placeholder-guard.v1',
+        ok: blockers.length === 0,
+        write_capable: writeCapable,
+        placeholders,
+        empty_target_paths: emptyTargetPaths,
+        blockers,
+        warnings
+    };
+}
+//# sourceMappingURL=prompt-placeholder-guard.js.map

package/dist/core/router/capability-card.js

@@ -1,4 +1,17 @@
 export const DEFAULT_CAPABILITY_CARDS = [
+    {
+        id: 'local-llm-worker',
+        tier: 'worker',
+        supports_images: false,
+        supports_write: true,
+        supports_research: false,
+        reliability: 0.78,
+        latency_cost: 1,
+        token_cost: 0,
+        mutation_risk_cost: 2,
+        model_price_cost: 0,
+        queue_pressure_cost: 2
+    },
     {
         id: 'fast-worker',
         tier: 'worker',

package/dist/core/router/route-cache.js

@@ -8,6 +8,9 @@ export function codexRouteCacheKey(input) {
         files: input.inputFiles || [],
         images: (input.inputImages || []).length,
         sandbox: input.sandboxPolicy,
+        allow_local_llm: input.allowLocalLlm === true,
+        backend_preference: input.backendPreference || [],
+        local_llm_policy: input.localLlmPolicy || null,
         write_paths: input.requestedScopeContract?.write_paths || [],
         allowed_paths: input.requestedScopeContract?.allowed_paths || []
     }));

package/dist/core/router/ultra-router.js

@@ -8,7 +8,8 @@ export function routeCodexTask(input, cards = DEFAULT_CAPABILITY_CARDS) {
         return { ...cached, cache_hit: true };
     const classification = classifyCodexTask(input);
     const hardFilters = [];
-    const scored = cards.map((card) => {
+    const availableCards = input.allowLocalLlm === true ? cards : cards.filter((card) => card.id !== 'local-llm-worker');
+    const scored = availableCards.map((card) => {
         const score = scoreCapabilityCard(card, classification);
         if (score === 0)
             hardFilters.push(card.id);

package/dist/core/routes.js

@@ -1,3 +1,5 @@
+import { PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS, PRODUCT_DESIGN_PLUGIN, PRODUCT_DESIGN_REQUIRED_SKILLS, productDesignPluginPolicyText } from './product-design-plugin.js';
+export { productDesignPluginPolicyText };
 const REFLECTION_SKILL_NAME = 'reflection';
 export const SOLUTION_SCOUT_SKILL_NAME = 'solution-scout';
 export const SOLUTION_SCOUT_STAGE_ID = 'solution_scout';
@@ -119,7 +121,7 @@ export const DESIGN_SYSTEM_SSOT = {
     id: 'design-system-ssot',
     authority_file: 'design.md',
     builder_prompt: 'docs/Design-Sys-Prompt.md',
-    rule: 'design.md is the single design decision authority. When it is missing, synthesize it from the builder prompt plus approved source inputs; external references must be fused into design.md or route artifacts and must not become parallel design authorities.'
+    rule: `Product Design plugin (${PRODUCT_DESIGN_PLUGIN.id}) is the primary design authority when available. design.md is a project-local cache/compatibility authority only when already present or when Product Design is unavailable; if fallback is needed, synthesize it from the builder prompt plus approved source inputs and fuse external references into design.md or route artifacts instead of keeping parallel authorities.`
 };
 export const AWESOME_DESIGN_MD_REFERENCE = {
     id: 'awesome-design-md',
@@ -135,6 +137,7 @@ export const PPT_PIPELINE_SKILL_ALLOWLIST = Object.freeze([
     REFLECTION_SKILL_NAME,
     'honest-mode'
 ]);
+export const PRODUCT_DESIGN_PLUGIN_TOOL_ALLOWLIST = PRODUCT_DESIGN_REQUIRED_SKILLS;
 export const PPT_CONDITIONAL_SKILL_ALLOWLIST = Object.freeze([]);
 export const PPT_PIPELINE_MCP_ALLOWLIST = Object.freeze([
     {
@@ -146,13 +149,13 @@ export function pptPipelineAllowlistPolicyText() {
     const conditionalSkills = PPT_CONDITIONAL_SKILL_ALLOWLIST.length
         ? PPT_CONDITIONAL_SKILL_ALLOWLIST.map((entry) => `${entry.skill}=${entry.condition}`).join('; ')
         : 'none';
-    return `PPT pipeline allowlist: during $PPT design/render work, ignore installed skills and MCPs that are not explicitly part of the $PPT pipeline. The purpose is to prevent AI-like generic presentation design: decorative gradients, nested cards, vague SaaS visuals, and style choices not grounded in the audience, source material, getdesign reference, or the project design SSOT. Required skills are ${PPT_PIPELINE_SKILL_ALLOWLIST.join(', ')}. The imagegen skill is required for $PPT so Codex App can invoke official built-in $imagegen/gpt-image-2 for every generated raster asset or generated visual-review image; do not route PPT imagery through direct API fallback. Do not use generic design skills such as design-artifact-expert, design-ui-editor, or design-system-builder for $PPT just because they are installed. $PPT design must use getdesign-reference plus the built-in PPT design implementation pipeline: ${DESIGN_SYSTEM_SSOT.authority_file} when present, ${DESIGN_SYSTEM_SSOT.builder_prompt} as the builder prompt when missing, and route-local ppt-style-tokens.json as the fused design projection. Conditional skills/MCPs are allowed only when their condition is sealed in the contract: ${conditionalSkills}; ${PPT_PIPELINE_MCP_ALLOWLIST.map((entry) => `${entry.mcp}=${entry.condition}`).join('; ')}. Fact, image, and review evidence are first-class artifacts: gather user-provided context and required web/Context7 evidence into ppt-fact-ledger.json, block unsupported critical claims, plan required image resources through ppt-image-asset-ledger.json, then run a bounded review loop recorded in ppt-review-policy.json, ppt-review-ledger.json, and ppt-iteration-report.json. Required raster asset or generated visual-review evidence must come from Codex App $imagegen/gpt-image-2; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. The review loop caps full-deck passes at 2, slide retries at 2, requires P0/P1 issue count to be zero, targets score >= 0.88, and stops when improvement delta is below 0.03 or evidence is missing. For Codex App visual critique, invoke $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) when required; never simulate missing gpt-image-2 output. If required image-review evidence is unavailable, record the blocker instead of passing the gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
+    return `PPT pipeline allowlist: during $PPT design/render work, ignore installed skills and MCPs that are not explicitly part of the $PPT pipeline. The purpose is to prevent AI-like generic presentation design: decorative gradients, nested cards, vague SaaS visuals, and style choices not grounded in the audience, source material, Product Design plugin evidence, getdesign fallback reference, or the project design cache. Required SKS skills are ${PPT_PIPELINE_SKILL_ALLOWLIST.join(', ')}. Product Design plugin tools are allowed and preferred for design work: ${PRODUCT_DESIGN_PLUGIN_TOOL_ALLOWLIST.join(', ')}. Use ${PRODUCT_DESIGN_PLUGIN.id} first for get-context/user-context intake, research/ideate exploration, prototype/image-to-code/url-to-code artifact direction, audit/design-qa review, and share handoff when available. The imagegen skill is required for $PPT so Codex App can invoke official built-in $imagegen/gpt-image-2 for every generated raster asset or generated visual-review image; do not route PPT imagery through direct API fallback. Do not use generic design skills such as ${PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS.join(', ')} for $PPT just because they are installed. $PPT design must use Product Design plugin first; if unavailable, use getdesign-reference plus the built-in PPT design implementation pipeline: existing ${DESIGN_SYSTEM_SSOT.authority_file} when present, ${DESIGN_SYSTEM_SSOT.builder_prompt} as fallback builder prompt when missing, and route-local ppt-style-tokens.json as the fused design projection. Conditional skills/MCPs are allowed only when their condition is sealed in the contract: ${conditionalSkills}; ${PPT_PIPELINE_MCP_ALLOWLIST.map((entry) => `${entry.mcp}=${entry.condition}`).join('; ')}. Fact, image, and review evidence are first-class artifacts: gather user-provided context and required web/Context7 evidence into ppt-fact-ledger.json, block unsupported critical claims, plan required image resources through ppt-image-asset-ledger.json, then run a bounded review loop recorded in ppt-review-policy.json, ppt-review-ledger.json, and ppt-iteration-report.json. Required raster asset or generated visual-review evidence must come from Codex App $imagegen/gpt-image-2; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. The review loop caps full-deck passes at 2, slide retries at 2, requires P0/P1 issue count to be zero, targets score >= 0.88, and stops when improvement delta is below 0.03 or evidence is missing. For Codex App visual critique, invoke $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) when required; never simulate missing gpt-image-2 output. If required image-review evidence is unavailable, record the blocker instead of passing the gate. ${productDesignPluginPolicyText()} ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
 }
 export function getdesignReferencePolicyText() {
-    return `Design SSOT policy: ${DESIGN_SYSTEM_SSOT.authority_file} is the single design decision authority. If it is missing, create or update it through ${DESIGN_SYSTEM_SSOT.builder_prompt}; getdesign.md (${GETDESIGN_REFERENCE.url}), its official docs, and curated DESIGN.md examples at ${AWESOME_DESIGN_MD_REFERENCE.url} are source inputs to fuse into that SSOT or into route-local style tokens, not parallel authorities. Prefer the official Codex skill when available (${GETDESIGN_REFERENCE.codex_skill_install}); otherwise use the generated getdesign-reference skill plus official Web/API/CLI/SDK docs and curated DESIGN.md examples as inputs. Do not claim an official getdesign MCP server is configured unless a current official MCP surface is actually available.`;
+    return `Design authority policy: ${PRODUCT_DESIGN_PLUGIN.id} is the first design surface for Codex App design routes. ${DESIGN_SYSTEM_SSOT.authority_file} is a project-local design cache/compatibility authority when already present or when Product Design is unavailable. If fallback creation is needed, create or update it through ${DESIGN_SYSTEM_SSOT.builder_prompt}; getdesign.md (${GETDESIGN_REFERENCE.url}), its official docs, and curated DESIGN.md examples at ${AWESOME_DESIGN_MD_REFERENCE.url} are source inputs to fuse into that fallback SSOT or into route-local style tokens, not parallel authorities. Prefer Product Design plugin tools for design context, ideation, prototype, audit, and QA; use the generated getdesign-reference skill only as fallback/source grounding. Do not claim an official getdesign MCP server is configured unless a current official MCP surface is actually available. ${productDesignPluginPolicyText()}`;
 }
 export function imageUxReviewPipelinePolicyText() {
-    return `Image UX review pipeline: the core mechanism is not text-only screenshot critique. Capture or receive source UI screenshots; web/browser/webapp capture must pass the Codex Chrome Extension readiness gate first, while Computer Use is only for native Mac/non-web app surfaces. Then use Codex App imagegen/$imagegen with gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) to create new annotated review images from those screenshots as reference inputs. The generated review image must visibly mark numbered callouts, P0/P1/P2/P3 labels, eye-flow, hierarchy, contrast, alignment, density, affordance problems, and a small corrected mini-comp or before/after strip when useful. Then analyze that generated review image with vision/OCR and convert the visible callouts into image-ux-issue-ledger.json rows. Missing generated review images block full Image UX verification, but the route may close as verified_partial/reference-only when source screenshots plus hashes, docs evidence, source Image Voxel anchors, and Honest Mode evidence exist and the gate records that no annotated image, callout extraction, or full UX review evidence exists. Never pass this route from a direct API fallback, hand-written text-only substitute, placeholder asset, or fabricated ledger. ${CODEX_WEB_VERIFICATION_POLICY} ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
+    return `Image UX review pipeline: the core mechanism is not text-only screenshot critique. Capture or receive source UI screenshots; web/browser/webapp capture must pass the Codex Chrome Extension readiness gate first, while Computer Use is only for native Mac/non-web app surfaces. Use Product Design plugin audit/design-qa when available to structure UX issue framing, but still require the imagegen visual evidence route. Then use Codex App imagegen/$imagegen with gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) to create new annotated review images from those screenshots as reference inputs. The generated review image must visibly mark numbered callouts, P0/P1/P2/P3 labels, eye-flow, hierarchy, contrast, alignment, density, affordance problems, and a small corrected mini-comp or before/after strip when useful. Then analyze that generated review image with vision/OCR and convert the visible callouts into image-ux-issue-ledger.json rows. Missing generated review images block full Image UX verification, but the route may close as verified_partial/reference-only when source screenshots plus hashes, docs evidence, source Image Voxel anchors, and Honest Mode evidence exist and the gate records that no annotated image, callout extraction, or full UX review evidence exists. Never pass this route from a direct API fallback, hand-written text-only substitute, placeholder asset, or fabricated ledger. ${productDesignPluginPolicyText()} ${CODEX_WEB_VERIFICATION_POLICY} ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
 }
 export const RECOMMENDED_SKILLS = [
     'reasoning-router',
@@ -162,9 +165,6 @@ export const RECOMMENDED_SKILLS = [
     'seo-geo-optimizer',
     'autoresearch-loop',
     'performance-evaluator',
-    'design-artifact-expert',
-    'design-system-builder',
-    'design-ui-editor',
     'getdesign-reference',
     'imagegen',
     'imagegen-source-scout',
@@ -371,16 +371,16 @@ export const ROUTES = [
         id: 'Naruto',
         command: '$Naruto',
         mode: 'NARUTO',
-        route: 'shadow clone swarm (high-scale parallel agents)',
-        description: 'Shadow Clone Swarm (影分身 / Kage Bunshin no Jutsu): fan out up to 100 parallel clone sessions on the native agent kernel for high-throughput work, with lease-based safe parallel writes, scheduler backfill, and per-clone proof.',
+        route: 'hardware-safe massive parallel work swarm',
+        description: '$Naruto mode launches a hardware-safe massive parallel work swarm. Clones may implement, modify, verify, test, research, document, and resolve conflicts according to role and lease policy; write-capable output is accepted only through patch envelopes, verification DAG, mutation guard, and GPT final arbiter.',
         requiredSkills: ['team', 'pipeline-runner', 'prompt-pipeline', 'honest-mode'],
         dollarAliases: ['$ShadowClone', '$Kagebunshin'],
         appSkillAliases: ['shadow-clone', 'kage-bunshin'],
-        lifecycle: ['clone_roster_build', 'work_partition', 'parallel_clone_scheduling', 'lease_based_write_swarm', 'per_clone_proof', 'session_cleanup', 'honest_mode'],
+        lifecycle: ['clone_roster_build', 'massive_work_graph', 'hardware_safe_governor', 'dynamic_active_pool', 'lease_based_write_swarm', 'parallel_verification_dag', 'gpt_final_arbiter_pack', 'per_clone_proof', 'session_cleanup', 'honest_mode'],
         context7Policy: 'optional',
         reasoningPolicy: 'high',
         stopGate: 'team-gate.json',
-        cliEntrypoint: 'sks naruto run "task" [--clones N] [--backend codex-exec|fake] | sks naruto status',
+        cliEntrypoint: 'sks naruto run "task" [--clones N] [--backend codex-sdk|fake|ollama] [--parallel-write] | sks naruto status',
         examples: ['$Naruto run sweep the codebase for TODO comments with 50 clones', '$ShadowClone --clones 100 fan out and draft tests for every module']
     },
     {
@@ -626,7 +626,7 @@ export const COMMAND_CATALOG = [
     { name: 'update', usage: 'sks update check|now [--version <version>] [--json] [--dry-run]', description: 'Check for SKS updates or install the requested package version through npm global mode.' },
     { name: 'deps', usage: 'sks deps check [--json] [--yes]', description: 'Check Node/npm, Codex CLI, and Zellij readiness; pass --yes to repair missing Codex CLI/Zellij tooling when supported.' },
     { name: 'codex', usage: 'sks codex compatibility|version|doctor|schema [--json]', description: 'Check Codex CLI rust-v0.136.0 compatibility, installed version, 0.136 capabilities, inherited 0.135/0.134/0.133 behavior, and vendored hook schema snapshot freshness.' },
-    { name: 'codex-app', usage: 'sks codex-app [check|chrome-extension|pat status|remote-control]', description: 'Check Codex App install, Codex Chrome Extension web verification readiness, PAT-safe status, first-party MCP/plugin readiness, and Codex CLI 0.130.0+ remote-control availability.' },
+    { name: 'codex-app', usage: 'sks codex-app [check|product-design|product-design --check-only|ensure-product-design|chrome-extension|pat status|remote-control]', description: 'Check Codex App install, Product Design plugin auto-install readiness, Codex Chrome Extension web verification readiness, PAT-safe status, first-party MCP/plugin readiness, and Codex CLI 0.130.0+ remote-control availability.' },
     { name: 'hooks', usage: 'sks hooks explain|status|trust-report|replay|codex-validate|warning-check ... [--json]', description: 'Explain Codex hook events, validate vendored latest 10-event output schemas, replay fixtures, and enforce warning-zero SKS hook policies under the 0.134 compatibility matrix.' },
     { name: 'codex-lb', usage: 'sks codex-lb status|health|metrics|doctor|circuit|repair|setup ...', description: 'Configure, health-check, repair, and record circuit evidence for codex-lb provider auth without confusing ChatGPT OAuth and proxy keys.' },
     { name: 'auth', usage: 'sks auth status|health|repair|setup --host <domain> --api-key <key>', description: 'Shortcut for codex-lb provider auth status, health, repair, and setup commands.' },

package/dist/core/version.js

@@ -1,2 +1,2 @@
-export const PACKAGE_VERSION = '2.0.4';
+export const PACKAGE_VERSION = '2.0.6';
 //# sourceMappingURL=version.js.map

package/dist/core/zellij/zellij-lane-runtime.js

@@ -176,10 +176,10 @@ export function extractZellijPaneIdFromOutput(text) {
     }
     const lines = raw.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
     for (const line of lines.slice().reverse()) {
-        const direct = line.match(/^(?:pane[_ -]?id[:=]\s*)?([0-9]+)$/i);
+        const direct = line.match(/^(?:pane[_ -]?id[:=]\s*)?([0-9]+|terminal_[0-9]+)$/i);
         if (direct?.[1])
             return direct[1];
-        const embedded = line.match(/\bpane[_ -]?id[:=]\s*([0-9]+)\b/i);
+        const embedded = line.match(/\bpane[_ -]?id[:=]\s*([0-9]+|terminal_[0-9]+)\b/i);
         if (embedded?.[1])
             return embedded[1];
     }

package/dist/core/zellij/zellij-naruto-dashboard.js

@@ -0,0 +1,36 @@
+export function planNarutoZellijDashboard(input) {
+    const targetActiveWorkers = Math.max(1, Math.floor(Number(input.targetActiveWorkers || 1)));
+    const visiblePaneCap = Math.max(1, Math.floor(Number(input.visiblePaneCap || 12)));
+    const visibleWorkerPanes = Math.min(targetActiveWorkers, visiblePaneCap);
+    const headlessWorkers = Math.max(0, targetActiveWorkers - visibleWorkerPanes);
+    const backend = input.backend || 'codex-sdk';
+    const roles = input.roles && input.roles.length ? input.roles : ['implementer', 'modifier', 'verifier', 'test_writer'];
+    const paneTitles = Array.from({ length: visibleWorkerPanes }, (_, index) => {
+        const slot = `slot-${String(index + 1).padStart(3, '0')}`;
+        const role = roles[index % roles.length] || 'worker';
+        return `${slot}/gen-1 · ${role} · ${backend} · active`;
+    });
+    const blockers = [
+        ...(visibleWorkerPanes > visiblePaneCap ? ['naruto_zellij_visible_panes_exceed_cap'] : []),
+        ...(headlessWorkers < 0 ? ['naruto_zellij_headless_negative'] : [])
+    ];
+    return {
+        schema: 'sks.zellij-naruto-dashboard.v1',
+        target_active_workers: targetActiveWorkers,
+        visible_pane_cap: visiblePaneCap,
+        visible_worker_panes: visibleWorkerPanes,
+        headless_workers: headlessWorkers,
+        dashboard: {
+            active: targetActiveWorkers,
+            visible: visibleWorkerPanes,
+            headless: headlessWorkers,
+            completed: Math.max(0, Math.floor(Number(input.completed || 0))),
+            failed: Math.max(0, Math.floor(Number(input.failed || 0))),
+            backpressure: input.backpressure || 'normal'
+        },
+        pane_titles: paneTitles,
+        ok: blockers.length === 0,
+        blockers
+    };
+}
+//# sourceMappingURL=zellij-naruto-dashboard.js.map

package/dist/core/zellij/zellij-worker-pane-manager.js

@@ -9,10 +9,10 @@ export const ZELLIJ_WORKER_PANE_EVENT_SCHEMA = 'sks.zellij-worker-pane-event.v1'
 export function buildWorkerPaneName(slotId, generationIndex) {
     return `${slotId}/gen-${Math.max(1, Math.floor(Number(generationIndex) || 1))}`;
 }
-export function buildWorkerPaneTitle(slotId, generationIndex, context, serviceTier) {
+export function buildWorkerPaneTitle(slotId, generationIndex, context, serviceTier, backend, status) {
     const base = buildWorkerPaneName(slotId, generationIndex);
     const normalized = normalizePaneProviderContext(context, serviceTier);
-    return `${base} · codex-sdk · ${providerPaneLabel(normalized)}`;
+    return `${base} · ${backend || 'codex-sdk'} · ${providerPaneLabel(normalized)} · ${status || 'launching'}`;
 }
 export function isRealZellijWorkerPaneIdSource(value) {
     return value === 'zellij_worker_new_pane_stdout' || value === 'zellij_worker_list_panes';
@@ -22,7 +22,7 @@ export function buildWorkerPaneArtifact(input) {
     const paneIdSource = input.paneIdSource || 'zellij_worker_pane_launch_failed';
     const blockers = input.blockers || [];
     const providerContext = normalizePaneProviderContext(input.providerContext, input.serviceTier);
-    const paneTitle = buildWorkerPaneTitle(input.slotId, input.generationIndex, providerContext, input.serviceTier);
+    const paneTitle = buildWorkerPaneTitle(input.slotId, input.generationIndex, providerContext, input.serviceTier, input.backend, input.status || input.statusLabel);
     return {
         schema: ZELLIJ_WORKER_PANE_SCHEMA,
         generated_at: now,
@@ -82,7 +82,7 @@ export async function openWorkerPane(input) {
         timeoutMs: 5000,
         optional: false
     });
-    const paneName = buildWorkerPaneTitle(input.slotId, input.generationIndex, providerContext, input.serviceTier);
+    const paneName = buildWorkerPaneTitle(input.slotId, input.generationIndex, providerContext, input.serviceTier, input.backend, input.statusLabel || 'running');
     let launch = createSession.ok
         ? await runZellij(['--session', input.sessionName, 'action', 'new-pane', '--direction', 'right', '--name', paneName, '--', 'sh', '-lc', input.workerCommand], {
             cwd,

package/dist/scripts/blackbox-command-import-smoke.js

@@ -5,6 +5,7 @@ import os from 'node:os';
 import path from 'node:path';
 import { spawnSync } from 'node:child_process';
 import { pathToFileURL } from 'node:url';
+import { currentDistFreshness } from './lib/ensure-dist-fresh.js';
 const root = process.cwd();
 const npmBin = process.platform === 'win32' ? 'npm.cmd' : 'npm';
 const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'sks-command-import-smoke-'));
@@ -16,7 +17,15 @@ const rows = [];
 fs.mkdirSync(consumer, { recursive: true });
 fs.writeFileSync(path.join(consumer, 'package.json'), `${JSON.stringify({ name: 'sks-command-smoke-consumer', private: true }, null, 2)}\n`);
 try {
-    run('build', npmBin, ['run', 'build'], { cwd: root });
+    if (process.env.SKS_ENSURE_DIST_NO_REBUILD === '1' || process.env.SKS_RELEASE_DIST_FRESHNESS_NO_REBUILD === '1') {
+        const freshness = currentDistFreshness();
+        rows.push({ label: 'dist_freshness', ok: freshness.ok, status: freshness.ok ? 0 : 1, issues: freshness.issues });
+        if (!freshness.ok)
+            failures.push(`dist_not_fresh:${freshness.issues.join(',')}`);
+    }
+    else {
+        run('build', npmBin, ['run', 'build'], { cwd: root });
+    }
     const pack = run('npm_pack', npmBin, ['pack', '--json', '--ignore-scripts', '--pack-destination', tmp, '--registry', 'https://registry.npmjs.org/'], { cwd: root });
     const info = pack.ok ? JSON.parse(pack.stdout || '[]')[0] : null;
     const tarball = info ? path.join(tmp, info.filename) : null;

package/dist/scripts/check-package-boundary.js

@@ -5,12 +5,21 @@ import os from 'node:os';
 import path from 'node:path';
 import { spawnSync } from 'node:child_process';
 import { fileURLToPath } from 'node:url';
+import { currentDistFreshness } from './lib/ensure-dist-fresh.js';
 const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..');
 const npmBin = process.platform === 'win32' ? 'npm.cmd' : 'npm';
 const issues = [];
-const build = spawnSync(npmBin, ['run', 'build'], { cwd: root, encoding: 'utf8', stdio: 'pipe' });
-if (build.status !== 0)
-    issues.push(`build_failed:${tail(build.stderr || build.stdout)}`);
+const noRebuild = process.env.SKS_ENSURE_DIST_NO_REBUILD === '1' || process.env.SKS_RELEASE_DIST_FRESHNESS_NO_REBUILD === '1';
+if (noRebuild) {
+    const freshness = currentDistFreshness();
+    if (!freshness.ok)
+        issues.push(`dist_not_fresh:${freshness.issues.join(',')}`);
+}
+else {
+    const build = spawnSync(npmBin, ['run', 'build'], { cwd: root, encoding: 'utf8', stdio: 'pipe' });
+    if (build.status !== 0)
+        issues.push(`build_failed:${tail(build.stderr || build.stdout)}`);
+}
 const pack = spawnSync(npmBin, ['pack', '--dry-run', '--json', '--ignore-scripts'], {
     cwd: root,
     encoding: 'utf8',

package/dist/scripts/codex-0-137-compat-check.js

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { pathToFileURL } from 'node:url';
+import { ensureDistFresh, root } from './lib/ensure-dist-fresh.js';
+const freshness = ensureDistFresh({ rebuild: true });
+if (!freshness.ok)
+    fail('dist_not_fresh', { freshness });
+const mod = await import(pathToFileURL(path.join(root, 'dist', 'core', 'codex', 'codex-0-137-compat.js')).href);
+const evidence = await mod.collectCodex0137LocalEvidence();
+const matrix = mod.codex0137Matrix({
+    version: evidence.versionText,
+    available: evidence.available,
+    pluginListText: evidence.pluginListText,
+    debugModelsText: evidence.debugModelsText,
+    doctorText: evidence.doctorText,
+    requireReal: process.argv.includes('--require-real') || process.env.SKS_REQUIRE_CODEX_0137 === '1'
+});
+const report = { ...matrix, local_evidence: evidence };
+await fs.mkdir(path.join(root, '.sneakoscope', 'reports'), { recursive: true });
+await fs.writeFile(path.join(root, '.sneakoscope', 'reports', 'codex-0.137-compat.json'), `${JSON.stringify(report, null, 2)}\n`);
+emit(report);
+function emit(report) { console.log(JSON.stringify(report, null, 2)); if (!report.ok)
+    process.exitCode = 1; }
+function fail(blocker, detail) { emit({ schema: 'sks.codex-0.137-compat-check.v1', ok: false, blockers: [blocker], detail }); process.exit(1); }
+//# sourceMappingURL=codex-0-137-compat-check.js.map

package/dist/scripts/codex-environment-scoped-approvals-check.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, readText } from './lib/codex-sdk-gate-lib.js';
+const proof = readText('src/core/codex-control/codex-control-proof.ts');
+const sandbox = readText('src/core/codex-control/codex-sdk-sandbox-policy.ts');
+assertGate(proof.includes('sandbox:'), 'Codex control proof must include sandbox scope');
+assertGate(proof.includes('env:'), 'Codex control proof must include environment proof');
+assertGate(sandbox.includes('mad_sks_authorized') || sandbox.includes('user_confirmed_full_access'), 'Sandbox policy must include scoped authorization signals');
+emitGate('codex:environment-scoped-approvals', { proof: ['sandbox', 'env', 'scoped_authorization'] });
+//# sourceMappingURL=codex-environment-scoped-approvals-check.js.map

package/dist/scripts/codex-plugin-list-json-check.js

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, readText } from './lib/codex-sdk-gate-lib.js';
+const source = readText('src/core/codex/codex-0-137-compat.ts');
+assertGate(source.includes("run(['plugin', 'list', '--json'])"), '0.137 evidence must run codex plugin list --json');
+assertGate(source.includes('looksLikeJson'), '0.137 plugin list JSON parser missing');
+emitGate('codex:plugin-list-json', { detector: 'codex plugin list --json' });
+//# sourceMappingURL=codex-plugin-list-json-check.js.map

package/dist/scripts/codex-thread-runtime-choice-check.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, readText } from './lib/codex-sdk-gate-lib.js';
+const runner = readText('src/core/codex-control/codex-task-runner.ts');
+const registry = readText('src/core/codex-control/codex-thread-registry.ts');
+assertGate(runner.includes('backendPreference'), 'Codex task runner must carry backend/runtime preference');
+assertGate(runner.includes('backend_family'), 'Codex task runner must persist backend family');
+assertGate(registry.includes('recordCodexThread'), 'Codex thread registry missing');
+emitGate('codex:thread-runtime-choice', { runtime_choice: 'backendPreference/backend_family' });
+//# sourceMappingURL=codex-thread-runtime-choice-check.js.map

package/dist/scripts/local-collab-all-pipelines-final-gpt-check.js

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, importDist } from './lib/codex-sdk-gate-lib.js';
+const finalizer = await importDist('core/pipeline/finalize-pipeline-result.js');
+const blocked = await finalizer.finalizePipelineResult({
+    route: '$Team',
+    missionId: 'M-local-final-gpt',
+    localParticipated: true,
+    candidateResults: [{ backend: 'local-llm', summary: 'draft' }],
+    candidatePatchEnvelopes: [],
+    verificationResults: [],
+    sideEffectReport: {},
+    mutationLedger: {},
+    rollbackPlan: {},
+    applyPatches: true,
+    forceGptFinalUnavailable: true
+});
+assertGate(blocked.ok === false, 'local participation without GPT final must block finalization');
+assertGate(blocked.blockers.includes('gpt_final_arbiter_required_not_passed'), 'missing GPT final blocker required');
+emitGate('local-collab:all-pipelines-final-gpt', { final_status: blocked.final_status, blockers: blocked.blockers.length });
+//# sourceMappingURL=local-collab-all-pipelines-final-gpt-check.js.map

package/dist/scripts/local-llm-all-pipelines-check.js

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, readText } from './lib/codex-sdk-gate-lib.js';
+const router = readText('src/core/agents/native-worker-backend-router.ts');
+const control = readText('src/core/codex-control/codex-task-runner.ts');
+const policy = readText('src/core/local-llm/local-worker-eligibility.ts');
+assertGate(router.includes("backend === 'local-llm'"), 'native worker router must support local-llm backend');
+assertGate(control.includes('runLocalLlmTask'), 'Codex Control Plane must call local LLM task adapter');
+assertGate(policy.includes('requires_gpt_final'), 'local worker eligibility must require GPT final');
+emitGate('local-llm:all-pipelines', { local_backend: 'local-llm', requires_gpt_final: true });
+//# sourceMappingURL=local-llm-all-pipelines-check.js.map

package/dist/scripts/local-llm-cache-performance-check.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, importDist } from './lib/codex-sdk-gate-lib.js';
+const cache = await importDist('core/local-llm/local-llm-prompt-cache.js');
+const a = cache.buildLocalLlmPromptCacheRecord({ routeSystemEnvelopeHash: 'a', localWorkerPolicyHash: 'b', coreSkillSnapshotHash: 'c', triwikiContextPackHash: 'd', repoSummaryHash: 'e', capabilityCardHash: 'f' });
+const b = cache.buildLocalLlmPromptCacheRecord({ routeSystemEnvelopeHash: 'a', localWorkerPolicyHash: 'b', coreSkillSnapshotHash: 'c', triwikiContextPackHash: 'd2', repoSummaryHash: 'e', capabilityCardHash: 'f' });
+assertGate(a.cacheable === true, 'prompt cache record should be cacheable when hashes exist');
+assertGate(a.cache_key !== b.cache_key, 'source hash change must invalidate cache');
+emitGate('local-llm:cache-performance', { cacheable: a.cacheable, invalidates_on_hash_change: true });
+//# sourceMappingURL=local-llm-cache-performance-check.js.map

package/dist/scripts/local-llm-capability-check.js

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, importDist, readText } from './lib/codex-sdk-gate-lib.js';
+const mod = await importDist('core/agents/ollama-worker-config.js');
+const schemaText = readText('schemas/local-llm/local-model-config.schema.json');
+const config = mod.normalizeLocalModelConfig({ enabled: true, status: 'enabled_unverified' });
+const mlx = mod.normalizeLocalModelConfig({ enabled: true, provider: 'mlx-lm', model: 'mlx-community/Qwen3.6-35B-A3B-4bit', base_url: 'http://127.0.0.1:8080' });
+assertGate(config.schema === 'sks.local-model-config.v2', 'local model config must use v2 schema');
+assertGate(config.status === 'enabled_unverified', 'enabled without smoke must be enabled_unverified');
+assertGate(mlx.provider === 'mlx-lm' && mlx.base_url === 'http://127.0.0.1:8080', 'local model config must preserve MLX LM provider settings');
+assertGate(schemaText.includes('verified'), 'local model schema must include verified status');
+assertGate(schemaText.includes('mlx-lm'), 'local model schema must allow MLX LM provider');
+emitGate('local-llm:capability', { status: config.status, schema: config.schema, mlx_provider: mlx.provider });
+//# sourceMappingURL=local-llm-capability-check.js.map

package/dist/scripts/local-llm-smoke-check.js

@@ -0,0 +1,23 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, importDist, root } from './lib/codex-sdk-gate-lib.js';
+const cfg = await importDist('core/agents/ollama-worker-config.js');
+const smokeMod = await importDist('core/local-llm/local-llm-smoke.js');
+const config = cfg.normalizeLocalModelConfig({ enabled: true, status: 'enabled_unverified' });
+if (process.env.SKS_REQUIRE_LOCAL_LLM !== '1' && !process.argv.includes('--require-real')) {
+    const skipped = cfg.applyLocalLlmSmokeResult(config, { ok: false, skipped: true, status: 'enabled_unverified', reason: 'release_check_no_real_smoke', schema_valid: false });
+    assertGate(skipped.status === 'enabled_unverified', '--skip-smoke or hermetic mode must not verify local LLM');
+    emitGate('local-llm:smoke', { status: 'hermetic_skip', config_status: skipped.status });
+}
+else {
+    const reportPath = `${root}/.sneakoscope/reports/local-llm-smoke-real.json`;
+    const realConfig = await cfg.readLocalModelConfig();
+    const first = await smokeMod.runLocalLlmGenerationSmoke(realConfig, { reportPath, timeoutMs: 60_000 });
+    const shouldRetry = first.ok !== true && String(first.blockers || []).match(/aborted|timeout|local_llm_generate_failed/i);
+    const smoke = shouldRetry
+        ? await smokeMod.runLocalLlmGenerationSmoke(realConfig, { reportPath, timeoutMs: 90_000 })
+        : first;
+    assertGate(smoke.ok === true && smoke.schema_valid === true, 'real local LLM smoke failed', { smoke, retry_count: shouldRetry ? 1 : 0, first_failure_blockers: first.blockers || [] });
+    emitGate('local-llm:smoke', { status: 'real_verified', latency_ms: smoke.latency_ms, tokens_per_second: smoke.tokens_per_second, retry_count: shouldRetry ? 1 : 0 });
+}
+//# sourceMappingURL=local-llm-smoke-check.js.map

package/dist/scripts/local-llm-structured-output-check.js

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+// @ts-nocheck
+import { assertGate, emitGate, importDist } from './lib/codex-sdk-gate-lib.js';
+const mod = await importDist('core/local-llm/local-llm-schema-enforcer.js');
+const schema = { type: 'object', required: ['status'], properties: { status: { type: 'string' } }, additionalProperties: false };
+const good = mod.enforceLocalLlmJsonSchema('{"status":"ok"}', schema);
+const bad = mod.enforceLocalLlmJsonSchema('plain words', schema);
+assertGate(good.ok === true && good.schema_valid === true, 'valid local JSON should pass');
+assertGate(bad.ok === false, 'natural language local output must not pass');
+emitGate('local-llm:structured-output', { good: good.ok, bad: bad.ok });
+//# sourceMappingURL=local-llm-structured-output-check.js.map