sneakoscope 2.0.5 → 2.0.6

package/dist/core/product-design-app-server.js

@@ -0,0 +1,410 @@
+import { spawn } from 'node:child_process';
+import { EMPTY_CODEX_INFO, getCodexInfo } from './codex-adapter.js';
+import { PRODUCT_DESIGN_PLUGIN, normalizeProductDesignPluginEvidence } from './product-design-plugin.js';
+export const PRODUCT_DESIGN_AUTO_INSTALL_ENV = 'SKS_PRODUCT_DESIGN_AUTO_INSTALL';
+export function productDesignAutoInstallRequested(opts = {}) {
+    const env = opts.env || process.env;
+    return opts.autoInstallProductDesign === true
+        || opts.installProductDesign === true
+        || opts.requireProductDesign === true
+        || opts.designRoute === true
+        || env?.[PRODUCT_DESIGN_AUTO_INSTALL_ENV] === '1'
+        || /^true$/i.test(String(env?.[PRODUCT_DESIGN_AUTO_INSTALL_ENV] || ''));
+}
+export async function ensureProductDesignPluginInstalled(opts = {}) {
+    const autoInstallProductDesign = productDesignAutoInstallRequested(opts);
+    const injectedRequest = opts.request || opts.appServerRequest;
+    if (injectedRequest) {
+        return ensureProductDesignPluginInstalledWithRequest(injectedRequest, {
+            ...opts,
+            autoInstallProductDesign
+        });
+    }
+    const codex = opts.codex || await getCodexInfo().catch(() => EMPTY_CODEX_INFO);
+    if (!codex.bin) {
+        return productDesignAppServerUnavailable('codex_cli_missing', 'Codex CLI missing.', {
+            autoInstallProductDesign
+        });
+    }
+    const client = new CodexAppServerJsonRpcClient({
+        command: codex.bin,
+        args: opts.appServerArgs || ['app-server', '--stdio'],
+        env: opts.env || process.env,
+        timeoutMs: opts.timeoutMs || 20000,
+        cwd: opts.cwd || process.cwd()
+    });
+    try {
+        await client.initialize();
+        const result = await ensureProductDesignPluginInstalledWithRequest((method, params) => client.request(method, params), {
+            ...opts,
+            autoInstallProductDesign
+        });
+        return {
+            ...result,
+            app_server_command: `${codex.bin} ${(opts.appServerArgs || ['app-server', '--stdio']).join(' ')}`
+        };
+    }
+    catch (err) {
+        return productDesignAppServerUnavailable('product_design_app_server_request_failed', err?.message || String(err), {
+            autoInstallProductDesign,
+            stderr: client.stderr.trim()
+        });
+    }
+    finally {
+        await client.close();
+    }
+}
+export async function ensureProductDesignPluginInstalledWithRequest(request, opts = {}) {
+    const autoInstallProductDesign = productDesignAutoInstallRequested(opts);
+    const calls = [];
+    const errors = [];
+    const call = async (method, params) => {
+        calls.push({ method, params });
+        try {
+            return { ok: true, result: await request(method, params) };
+        }
+        catch (err) {
+            const error = err?.message || String(err);
+            errors.push({ method, params, error });
+            return { ok: false, error };
+        }
+    };
+    const before = await readProductDesignFromAppServer(call);
+    if (before.evidence.ok) {
+        return productDesignEnsureReport({
+            ok: true,
+            status: 'ready',
+            autoInstallProductDesign,
+            installAttempted: false,
+            before,
+            after: before,
+            calls,
+            errors,
+            blockers: []
+        });
+    }
+    if (!autoInstallProductDesign) {
+        return productDesignEnsureReport({
+            ok: false,
+            status: 'install_not_requested',
+            autoInstallProductDesign,
+            installAttempted: false,
+            before,
+            after: before,
+            calls,
+            errors,
+            blockers: uniqueStrings([
+                ...before.evidence.blockers,
+                'product_design_auto_install_not_requested'
+            ])
+        });
+    }
+    const install = await call('plugin/install', before.install_params || PRODUCT_DESIGN_PLUGIN.app_server.install_params);
+    const after = await readProductDesignFromAppServer(call, before.read_params || PRODUCT_DESIGN_PLUGIN.app_server.read_params);
+    let installedListEvidence = null;
+    if (!after.evidence.ok) {
+        const installedList = await call('plugin/installed', {});
+        const summary = installedList.ok ? findProductDesignPluginSummaryFromMarketplaces(installedList.result) : null;
+        if (summary) {
+            installedListEvidence = normalizeProductDesignPluginEvidence({
+                plugin: {
+                    marketplaceName: summary.marketplaceName,
+                    summary,
+                    skills: []
+                }
+            });
+        }
+    }
+    const ok = after.evidence.ok;
+    return productDesignEnsureReport({
+        ok,
+        status: ok ? 'installed' : 'install_unverified',
+        autoInstallProductDesign,
+        installAttempted: true,
+        installResponse: summarizeProductDesignInstallResponse(install.result),
+        installError: install.ok ? null : install.error,
+        before,
+        after,
+        installedListEvidence,
+        calls,
+        errors,
+        blockers: ok ? [] : uniqueStrings([
+            ...after.evidence.blockers,
+            ...(installedListEvidence?.blockers || []),
+            ...(install.ok ? ['product_design_plugin_install_unverified'] : ['product_design_plugin_install_failed'])
+        ])
+    });
+}
+export async function readProductDesignFromAppServer(call, preferredReadParams = PRODUCT_DESIGN_PLUGIN.app_server.read_params) {
+    const direct = await call('plugin/read', preferredReadParams);
+    if (direct.ok) {
+        return {
+            read_source: 'plugin/read',
+            read_params: preferredReadParams,
+            install_params: preferredReadParams,
+            evidence: normalizeProductDesignPluginEvidence(direct.result)
+        };
+    }
+    const list = await call('plugin/list', PRODUCT_DESIGN_PLUGIN.app_server.list_params);
+    const summary = list.ok ? findProductDesignPluginSummaryFromMarketplaces(list.result) : null;
+    const discoveredReadParams = summary
+        ? productDesignAppServerReadParamsFromSummary(summary)
+        : PRODUCT_DESIGN_PLUGIN.app_server.read_params;
+    if (summary) {
+        const discoveredRead = await call('plugin/read', discoveredReadParams);
+        if (discoveredRead.ok) {
+            return {
+                read_source: 'plugin/list+plugin/read',
+                read_params: discoveredReadParams,
+                install_params: discoveredReadParams,
+                evidence: normalizeProductDesignPluginEvidence(discoveredRead.result)
+            };
+        }
+    }
+    const evidence = summary
+        ? normalizeProductDesignPluginEvidence({
+            plugin: {
+                marketplaceName: summary.marketplaceName,
+                summary,
+                skills: []
+            }
+        })
+        : normalizeProductDesignPluginEvidence({});
+    return {
+        read_source: summary ? 'plugin/list_summary' : 'plugin/read_failed',
+        read_params: discoveredReadParams,
+        install_params: discoveredReadParams,
+        evidence: {
+            ...evidence,
+            blockers: uniqueStrings([
+                ...evidence.blockers,
+                'product_design_plugin_read_failed'
+            ])
+        }
+    };
+}
+export function findProductDesignPluginSummaryFromMarketplaces(input = {}) {
+    const marketplaces = Array.isArray(input?.marketplaces) ? input.marketplaces : [];
+    for (const marketplace of marketplaces) {
+        const plugins = Array.isArray(marketplace?.plugins) ? marketplace.plugins : [];
+        for (const plugin of plugins) {
+            const remotePluginId = String(plugin?.remotePluginId || plugin?.remote_plugin_id || '');
+            const id = String(plugin?.id || '');
+            const name = String(plugin?.name || '');
+            const displayName = String(plugin?.displayName || plugin?.display_name || plugin?.interface?.displayName || '');
+            const matches = id === PRODUCT_DESIGN_PLUGIN.id
+                || name === PRODUCT_DESIGN_PLUGIN.name
+                || displayName === PRODUCT_DESIGN_PLUGIN.display_name
+                || remotePluginId === PRODUCT_DESIGN_PLUGIN.remote_plugin_id;
+            if (matches) {
+                return {
+                    ...plugin,
+                    displayName,
+                    marketplaceName: plugin?.marketplaceName || marketplace?.name || PRODUCT_DESIGN_PLUGIN.marketplace,
+                    remotePluginId
+                };
+            }
+        }
+    }
+    return null;
+}
+export function productDesignAppServerReadParamsFromSummary(summary = {}) {
+    return {
+        remoteMarketplaceName: summary.marketplaceName || PRODUCT_DESIGN_PLUGIN.marketplace,
+        pluginName: summary.remotePluginId || summary.remote_plugin_id || PRODUCT_DESIGN_PLUGIN.remote_plugin_id
+    };
+}
+function productDesignEnsureReport(input) {
+    const remoteEvidence = input.after?.evidence || input.before?.evidence || normalizeProductDesignPluginEvidence({});
+    return {
+        schema: 'sks.product-design-app-server-ensure.v1',
+        ok: input.ok,
+        checked: true,
+        status: input.status,
+        auto_install_requested: input.autoInstallProductDesign === true,
+        install_attempted: input.installAttempted === true,
+        install_response: input.installResponse || null,
+        install_error: input.installError || null,
+        before_evidence: input.before?.evidence || null,
+        after_evidence: input.after?.evidence || null,
+        installed_list_evidence: input.installedListEvidence || null,
+        remote_evidence: remoteEvidence,
+        read_source: input.after?.read_source || input.before?.read_source || null,
+        read_params: input.after?.read_params || input.before?.read_params || PRODUCT_DESIGN_PLUGIN.app_server.read_params,
+        install_params: input.before?.install_params || PRODUCT_DESIGN_PLUGIN.app_server.install_params,
+        calls: input.calls || [],
+        errors: input.errors || [],
+        blockers: input.blockers || []
+    };
+}
+function productDesignAppServerUnavailable(reason, error, extra = {}) {
+    const evidence = normalizeProductDesignPluginEvidence({});
+    return {
+        schema: 'sks.product-design-app-server-ensure.v1',
+        ok: false,
+        checked: false,
+        status: 'app_server_unavailable',
+        auto_install_requested: extra.autoInstallProductDesign === true,
+        install_attempted: false,
+        install_response: null,
+        install_error: error,
+        before_evidence: evidence,
+        after_evidence: evidence,
+        installed_list_evidence: null,
+        remote_evidence: evidence,
+        read_source: null,
+        read_params: PRODUCT_DESIGN_PLUGIN.app_server.read_params,
+        install_params: PRODUCT_DESIGN_PLUGIN.app_server.install_params,
+        calls: [],
+        errors: [{ reason, error }],
+        stderr: extra.stderr || '',
+        blockers: uniqueStrings([
+            ...evidence.blockers,
+            reason
+        ])
+    };
+}
+function summarizeProductDesignInstallResponse(result = {}) {
+    if (!result)
+        return null;
+    return {
+        auth_policy: result.authPolicy || result.auth_policy || null,
+        apps_needing_auth: Array.isArray(result.appsNeedingAuth)
+            ? result.appsNeedingAuth.map((app) => ({
+                id: app?.id || null,
+                name: app?.name || app?.displayName || app?.display_name || null
+            }))
+            : []
+    };
+}
+function uniqueStrings(values = []) {
+    return Array.from(new Set(values.filter(Boolean).map((value) => String(value))));
+}
+class CodexAppServerJsonRpcClient {
+    command;
+    args;
+    env;
+    cwd;
+    timeoutMs;
+    child;
+    nextId;
+    pending;
+    stdoutBuffer;
+    stderr;
+    constructor(config = {}) {
+        this.command = config.command;
+        this.args = config.args || ['app-server', '--stdio'];
+        this.env = config.env || process.env;
+        this.cwd = config.cwd || process.cwd();
+        this.timeoutMs = Number(config.timeoutMs || 20000);
+        this.child = null;
+        this.nextId = 1;
+        this.pending = new Map();
+        this.stdoutBuffer = '';
+        this.stderr = '';
+    }
+    async initialize() {
+        this.start();
+        const result = await this.request('initialize', {
+            clientInfo: {
+                name: 'sneakoscope-product-design',
+                title: 'Sneakoscope Product Design Installer',
+                version: '1.0.0'
+            },
+            capabilities: {
+                experimentalApi: true,
+                requestAttestation: false,
+                optOutNotificationMethods: []
+            }
+        });
+        this.notify('notifications/initialized', {});
+        return result;
+    }
+    start() {
+        if (this.child)
+            return;
+        this.child = spawn(this.command, this.args, {
+            stdio: ['pipe', 'pipe', 'pipe'],
+            shell: false,
+            env: this.env,
+            cwd: this.cwd
+        });
+        this.child.stdout?.on('data', (chunk) => this.handleStdout(chunk));
+        this.child.stderr?.on('data', (chunk) => {
+            this.stderr += chunk.toString('utf8');
+            if (this.stderr.length > 64 * 1024)
+                this.stderr = this.stderr.slice(-64 * 1024);
+        });
+        this.child.on('error', (err) => this.rejectAll(err));
+        this.child.on('close', (code) => {
+            this.rejectAll(new Error(`Codex app-server exited before response (code ${code ?? 'signal'}). ${this.stderr.trim()}`.trim()));
+        });
+    }
+    request(method, params) {
+        this.start();
+        const id = this.nextId++;
+        const message = { jsonrpc: '2.0', id, method, params };
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                this.pending.delete(id);
+                reject(new Error(`Codex app-server request timed out: ${method}. ${this.stderr.trim()}`.trim()));
+            }, this.timeoutMs);
+            timer.unref?.();
+            this.pending.set(id, { resolve, reject, timer });
+            this.child?.stdin?.write(`${JSON.stringify(message)}\n`);
+        });
+    }
+    notify(method, params) {
+        this.start();
+        this.child?.stdin?.write(`${JSON.stringify({ jsonrpc: '2.0', method, params })}\n`);
+    }
+    handleStdout(chunk) {
+        this.stdoutBuffer += chunk.toString('utf8');
+        const lines = this.stdoutBuffer.split(/\r?\n/);
+        this.stdoutBuffer = lines.pop() || '';
+        for (const line of lines) {
+            if (!line.trim())
+                continue;
+            let message;
+            try {
+                message = JSON.parse(line);
+            }
+            catch {
+                continue;
+            }
+            if (message.id === undefined || !this.pending.has(message.id))
+                continue;
+            const pending = this.pending.get(message.id);
+            if (!pending)
+                continue;
+            this.pending.delete(message.id);
+            clearTimeout(pending.timer);
+            if (message.error)
+                pending.reject(new Error(message.error.message || JSON.stringify(message.error)));
+            else
+                pending.resolve(message.result);
+        }
+    }
+    rejectAll(err) {
+        for (const [id, pending] of this.pending.entries()) {
+            clearTimeout(pending.timer);
+            pending.reject(err);
+            this.pending.delete(id);
+        }
+    }
+    async close() {
+        if (!this.child)
+            return;
+        const child = this.child;
+        this.child = null;
+        try {
+            child.stdin?.end();
+        }
+        catch { }
+        try {
+            child.kill('SIGTERM');
+        }
+        catch { }
+    }
+}
+//# sourceMappingURL=product-design-app-server.js.map

package/dist/core/product-design-plugin.js

@@ -0,0 +1,139 @@
+export const PRODUCT_DESIGN_REQUIRED_SKILLS = Object.freeze([
+    'audit',
+    'design-qa',
+    'get-context',
+    'ideate',
+    'image-to-code',
+    'prototype',
+    'research',
+    'share',
+    'url-to-code',
+    'user-context'
+]);
+export const PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS = Object.freeze([
+    'design-artifact-expert',
+    'design-ui-editor',
+    'design-system-builder',
+    'getdesign-reference'
+]);
+export const PRODUCT_DESIGN_PLUGIN = Object.freeze({
+    id: 'product-design@openai-curated-remote',
+    name: 'product-design',
+    marketplace: 'openai-curated-remote',
+    marketplace_kind: 'vertical',
+    remote_plugin_id: 'Plugin_fa77aec24fc08191bc6e57f377126d76',
+    display_name: 'Product Design',
+    app_server: {
+        read_params: {
+            remoteMarketplaceName: 'openai-curated-remote',
+            pluginName: 'Plugin_fa77aec24fc08191bc6e57f377126d76'
+        },
+        install_params: {
+            remoteMarketplaceName: 'openai-curated-remote',
+            pluginName: 'Plugin_fa77aec24fc08191bc6e57f377126d76'
+        },
+        name_lookup_params: {
+            remoteMarketplaceName: 'openai-curated-remote',
+            pluginName: 'product-design'
+        },
+        list_params: {
+            marketplaceKinds: ['vertical']
+        }
+    }
+});
+export const PRODUCT_DESIGN_PIPELINE_STAGES = Object.freeze([
+    {
+        stage: 'context_intake',
+        skills: ['get-context', 'user-context'],
+        routes: ['Team', 'PPT', 'ImageUXReview'],
+        purpose: 'capture product/user/design context before local design.md fallback is hydrated'
+    },
+    {
+        stage: 'research_and_ideation',
+        skills: ['research', 'ideate'],
+        routes: ['Team', 'PPT'],
+        purpose: 'ground competitive, audience, and concept exploration before visual decisions'
+    },
+    {
+        stage: 'artifact_generation',
+        skills: ['prototype', 'image-to-code', 'url-to-code'],
+        routes: ['Team', 'PPT'],
+        purpose: 'turn sealed context, screenshots, images, or URLs into prototype/source direction'
+    },
+    {
+        stage: 'design_review',
+        skills: ['audit', 'design-qa'],
+        routes: ['Team', 'PPT', 'ImageUXReview', 'QALoop'],
+        purpose: 'audit hierarchy, accessibility, responsiveness, polish, and route-specific UX risk'
+    },
+    {
+        stage: 'delivery',
+        skills: ['share'],
+        routes: ['PPT', 'Team'],
+        purpose: 'package or hand off design artifacts when the Codex App plugin exposes sharing'
+    }
+]);
+export function productDesignPluginPolicyText() {
+    const stages = PRODUCT_DESIGN_PIPELINE_STAGES
+        .map((entry) => `${entry.stage}=${entry.skills.join('+')}`)
+        .join('; ');
+    return `Product Design plugin policy: design-related routes must prefer the Codex App Product Design plugin (${PRODUCT_DESIGN_PLUGIN.id}) from the remote vertical marketplace ${PRODUCT_DESIGN_PLUGIN.marketplace}. Discovery must not rely only on \`codex plugin list\`, because vertical marketplace plugins can be omitted from the local/default catalog; when Product Design is not ready, first run the app-server Product Design ensure path: plugin/read with remote plugin id params ${JSON.stringify(PRODUCT_DESIGN_PLUGIN.app_server.read_params)}, plugin/list with ${JSON.stringify(PRODUCT_DESIGN_PLUGIN.app_server.list_params)} if the id must be rediscovered, and plugin/install with ${JSON.stringify(PRODUCT_DESIGN_PLUGIN.app_server.install_params)} before falling back to legacy design.md skills. Expected ready evidence is installed=true, enabled=true, displayName/name Product Design, remotePluginId ${PRODUCT_DESIGN_PLUGIN.remote_plugin_id}, and skills ${PRODUCT_DESIGN_REQUIRED_SKILLS.join(', ')}. Pipeline mapping: ${stages}. Legacy local design helpers (${PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS.join(', ')}) are compatibility fallback only when Product Design auto-install/ensure is unavailable or still fails, or when the route explicitly needs an existing project-local design.md; do not auto-create a heavy design.md as the first design step when Product Design is ready.`;
+}
+export function normalizeProductDesignPluginEvidence(input = {}) {
+    const detail = input?.plugin || input?.data?.plugin || input;
+    const summary = detail?.summary || detail;
+    const skills = Array.isArray(detail?.skills)
+        ? detail.skills.map((skill) => String(skill?.name || skill || '')).filter(Boolean)
+        : [];
+    const id = String(summary?.id || detail?.id || '');
+    const name = String(summary?.name || detail?.name || '');
+    const displayName = String(summary?.displayName || detail?.displayName || summary?.display_name || detail?.display_name || name || '');
+    const marketplaceName = String(detail?.marketplaceName || input?.marketplaceName || summary?.marketplaceName || '');
+    const remotePluginId = String(summary?.remotePluginId || detail?.remotePluginId || summary?.remote_plugin_id || detail?.remote_plugin_id || '');
+    const installed = summary?.installed === true || detail?.installed === true;
+    const enabled = summary?.enabled === true || detail?.enabled === true;
+    const missingSkills = PRODUCT_DESIGN_REQUIRED_SKILLS.filter((skill) => !skills.includes(skill));
+    const identityOk = id === PRODUCT_DESIGN_PLUGIN.id
+        || name === PRODUCT_DESIGN_PLUGIN.name
+        || displayName === PRODUCT_DESIGN_PLUGIN.display_name
+        || remotePluginId === PRODUCT_DESIGN_PLUGIN.remote_plugin_id;
+    const marketplaceOk = !marketplaceName || marketplaceName === PRODUCT_DESIGN_PLUGIN.marketplace;
+    const ok = Boolean(installed && enabled && identityOk && marketplaceOk && missingSkills.length === 0);
+    return {
+        schema: 'sks.product-design-plugin-evidence.v1',
+        ok,
+        id,
+        name,
+        display_name: displayName,
+        marketplace_name: marketplaceName,
+        remote_plugin_id: remotePluginId,
+        installed,
+        enabled,
+        skills,
+        missing_skills: missingSkills,
+        expected: PRODUCT_DESIGN_PLUGIN,
+        blockers: ok ? [] : [
+            ...(!installed ? ['product_design_not_installed'] : []),
+            ...(!enabled ? ['product_design_not_enabled'] : []),
+            ...(!identityOk ? ['product_design_identity_unverified'] : []),
+            ...(!marketplaceOk ? ['product_design_wrong_marketplace'] : []),
+            ...(missingSkills.length ? ['product_design_skills_missing'] : [])
+        ]
+    };
+}
+export function productDesignPluginVisibilityFromCodexPluginList(input = {}) {
+    const text = JSON.stringify(input || {});
+    const listed = text.includes(PRODUCT_DESIGN_PLUGIN.id)
+        || text.includes(PRODUCT_DESIGN_PLUGIN.name)
+        || text.includes(PRODUCT_DESIGN_PLUGIN.remote_plugin_id);
+    return {
+        schema: 'sks.product-design-plugin-list-visibility.v1',
+        listed,
+        detector: 'codex plugin list --json',
+        requires_remote_vertical_lookup: !listed,
+        remote_marketplace: PRODUCT_DESIGN_PLUGIN.marketplace,
+        app_server_read_params: PRODUCT_DESIGN_PLUGIN.app_server.read_params,
+        app_server_list_params: PRODUCT_DESIGN_PLUGIN.app_server.list_params
+    };
+}
+//# sourceMappingURL=product-design-plugin.js.map

package/dist/core/routes.js

@@ -1,3 +1,5 @@
+import { PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS, PRODUCT_DESIGN_PLUGIN, PRODUCT_DESIGN_REQUIRED_SKILLS, productDesignPluginPolicyText } from './product-design-plugin.js';
+export { productDesignPluginPolicyText };
 const REFLECTION_SKILL_NAME = 'reflection';
 export const SOLUTION_SCOUT_SKILL_NAME = 'solution-scout';
 export const SOLUTION_SCOUT_STAGE_ID = 'solution_scout';
@@ -119,7 +121,7 @@ export const DESIGN_SYSTEM_SSOT = {
     id: 'design-system-ssot',
     authority_file: 'design.md',
     builder_prompt: 'docs/Design-Sys-Prompt.md',
-    rule: 'design.md is the single design decision authority. When it is missing, synthesize it from the builder prompt plus approved source inputs; external references must be fused into design.md or route artifacts and must not become parallel design authorities.'
+    rule: `Product Design plugin (${PRODUCT_DESIGN_PLUGIN.id}) is the primary design authority when available. design.md is a project-local cache/compatibility authority only when already present or when Product Design is unavailable; if fallback is needed, synthesize it from the builder prompt plus approved source inputs and fuse external references into design.md or route artifacts instead of keeping parallel authorities.`
 };
 export const AWESOME_DESIGN_MD_REFERENCE = {
     id: 'awesome-design-md',
@@ -135,6 +137,7 @@ export const PPT_PIPELINE_SKILL_ALLOWLIST = Object.freeze([
     REFLECTION_SKILL_NAME,
     'honest-mode'
 ]);
+export const PRODUCT_DESIGN_PLUGIN_TOOL_ALLOWLIST = PRODUCT_DESIGN_REQUIRED_SKILLS;
 export const PPT_CONDITIONAL_SKILL_ALLOWLIST = Object.freeze([]);
 export const PPT_PIPELINE_MCP_ALLOWLIST = Object.freeze([
     {
@@ -146,13 +149,13 @@ export function pptPipelineAllowlistPolicyText() {
     const conditionalSkills = PPT_CONDITIONAL_SKILL_ALLOWLIST.length
         ? PPT_CONDITIONAL_SKILL_ALLOWLIST.map((entry) => `${entry.skill}=${entry.condition}`).join('; ')
         : 'none';
-    return `PPT pipeline allowlist: during $PPT design/render work, ignore installed skills and MCPs that are not explicitly part of the $PPT pipeline. The purpose is to prevent AI-like generic presentation design: decorative gradients, nested cards, vague SaaS visuals, and style choices not grounded in the audience, source material, getdesign reference, or the project design SSOT. Required skills are ${PPT_PIPELINE_SKILL_ALLOWLIST.join(', ')}. The imagegen skill is required for $PPT so Codex App can invoke official built-in $imagegen/gpt-image-2 for every generated raster asset or generated visual-review image; do not route PPT imagery through direct API fallback. Do not use generic design skills such as design-artifact-expert, design-ui-editor, or design-system-builder for $PPT just because they are installed. $PPT design must use getdesign-reference plus the built-in PPT design implementation pipeline: ${DESIGN_SYSTEM_SSOT.authority_file} when present, ${DESIGN_SYSTEM_SSOT.builder_prompt} as the builder prompt when missing, and route-local ppt-style-tokens.json as the fused design projection. Conditional skills/MCPs are allowed only when their condition is sealed in the contract: ${conditionalSkills}; ${PPT_PIPELINE_MCP_ALLOWLIST.map((entry) => `${entry.mcp}=${entry.condition}`).join('; ')}. Fact, image, and review evidence are first-class artifacts: gather user-provided context and required web/Context7 evidence into ppt-fact-ledger.json, block unsupported critical claims, plan required image resources through ppt-image-asset-ledger.json, then run a bounded review loop recorded in ppt-review-policy.json, ppt-review-ledger.json, and ppt-iteration-report.json. Required raster asset or generated visual-review evidence must come from Codex App $imagegen/gpt-image-2; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. The review loop caps full-deck passes at 2, slide retries at 2, requires P0/P1 issue count to be zero, targets score >= 0.88, and stops when improvement delta is below 0.03 or evidence is missing. For Codex App visual critique, invoke $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) when required; never simulate missing gpt-image-2 output. If required image-review evidence is unavailable, record the blocker instead of passing the gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
+    return `PPT pipeline allowlist: during $PPT design/render work, ignore installed skills and MCPs that are not explicitly part of the $PPT pipeline. The purpose is to prevent AI-like generic presentation design: decorative gradients, nested cards, vague SaaS visuals, and style choices not grounded in the audience, source material, Product Design plugin evidence, getdesign fallback reference, or the project design cache. Required SKS skills are ${PPT_PIPELINE_SKILL_ALLOWLIST.join(', ')}. Product Design plugin tools are allowed and preferred for design work: ${PRODUCT_DESIGN_PLUGIN_TOOL_ALLOWLIST.join(', ')}. Use ${PRODUCT_DESIGN_PLUGIN.id} first for get-context/user-context intake, research/ideate exploration, prototype/image-to-code/url-to-code artifact direction, audit/design-qa review, and share handoff when available. The imagegen skill is required for $PPT so Codex App can invoke official built-in $imagegen/gpt-image-2 for every generated raster asset or generated visual-review image; do not route PPT imagery through direct API fallback. Do not use generic design skills such as ${PRODUCT_DESIGN_LEGACY_DESIGN_FALLBACK_SKILLS.join(', ')} for $PPT just because they are installed. $PPT design must use Product Design plugin first; if unavailable, use getdesign-reference plus the built-in PPT design implementation pipeline: existing ${DESIGN_SYSTEM_SSOT.authority_file} when present, ${DESIGN_SYSTEM_SSOT.builder_prompt} as fallback builder prompt when missing, and route-local ppt-style-tokens.json as the fused design projection. Conditional skills/MCPs are allowed only when their condition is sealed in the contract: ${conditionalSkills}; ${PPT_PIPELINE_MCP_ALLOWLIST.map((entry) => `${entry.mcp}=${entry.condition}`).join('; ')}. Fact, image, and review evidence are first-class artifacts: gather user-provided context and required web/Context7 evidence into ppt-fact-ledger.json, block unsupported critical claims, plan required image resources through ppt-image-asset-ledger.json, then run a bounded review loop recorded in ppt-review-policy.json, ppt-review-ledger.json, and ppt-iteration-report.json. Required raster asset or generated visual-review evidence must come from Codex App $imagegen/gpt-image-2; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. The review loop caps full-deck passes at 2, slide retries at 2, requires P0/P1 issue count to be zero, targets score >= 0.88, and stops when improvement delta is below 0.03 or evidence is missing. For Codex App visual critique, invoke $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) when required; never simulate missing gpt-image-2 output. If required image-review evidence is unavailable, record the blocker instead of passing the gate. ${productDesignPluginPolicyText()} ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
 }
 export function getdesignReferencePolicyText() {
-    return `Design SSOT policy: ${DESIGN_SYSTEM_SSOT.authority_file} is the single design decision authority. If it is missing, create or update it through ${DESIGN_SYSTEM_SSOT.builder_prompt}; getdesign.md (${GETDESIGN_REFERENCE.url}), its official docs, and curated DESIGN.md examples at ${AWESOME_DESIGN_MD_REFERENCE.url} are source inputs to fuse into that SSOT or into route-local style tokens, not parallel authorities. Prefer the official Codex skill when available (${GETDESIGN_REFERENCE.codex_skill_install}); otherwise use the generated getdesign-reference skill plus official Web/API/CLI/SDK docs and curated DESIGN.md examples as inputs. Do not claim an official getdesign MCP server is configured unless a current official MCP surface is actually available.`;
+    return `Design authority policy: ${PRODUCT_DESIGN_PLUGIN.id} is the first design surface for Codex App design routes. ${DESIGN_SYSTEM_SSOT.authority_file} is a project-local design cache/compatibility authority when already present or when Product Design is unavailable. If fallback creation is needed, create or update it through ${DESIGN_SYSTEM_SSOT.builder_prompt}; getdesign.md (${GETDESIGN_REFERENCE.url}), its official docs, and curated DESIGN.md examples at ${AWESOME_DESIGN_MD_REFERENCE.url} are source inputs to fuse into that fallback SSOT or into route-local style tokens, not parallel authorities. Prefer Product Design plugin tools for design context, ideation, prototype, audit, and QA; use the generated getdesign-reference skill only as fallback/source grounding. Do not claim an official getdesign MCP server is configured unless a current official MCP surface is actually available. ${productDesignPluginPolicyText()}`;
 }
 export function imageUxReviewPipelinePolicyText() {
-    return `Image UX review pipeline: the core mechanism is not text-only screenshot critique. Capture or receive source UI screenshots; web/browser/webapp capture must pass the Codex Chrome Extension readiness gate first, while Computer Use is only for native Mac/non-web app surfaces. Then use Codex App imagegen/$imagegen with gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) to create new annotated review images from those screenshots as reference inputs. The generated review image must visibly mark numbered callouts, P0/P1/P2/P3 labels, eye-flow, hierarchy, contrast, alignment, density, affordance problems, and a small corrected mini-comp or before/after strip when useful. Then analyze that generated review image with vision/OCR and convert the visible callouts into image-ux-issue-ledger.json rows. Missing generated review images block full Image UX verification, but the route may close as verified_partial/reference-only when source screenshots plus hashes, docs evidence, source Image Voxel anchors, and Honest Mode evidence exist and the gate records that no annotated image, callout extraction, or full UX review evidence exists. Never pass this route from a direct API fallback, hand-written text-only substitute, placeholder asset, or fabricated ledger. ${CODEX_WEB_VERIFICATION_POLICY} ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
+    return `Image UX review pipeline: the core mechanism is not text-only screenshot critique. Capture or receive source UI screenshots; web/browser/webapp capture must pass the Codex Chrome Extension readiness gate first, while Computer Use is only for native Mac/non-web app surfaces. Use Product Design plugin audit/design-qa when available to structure UX issue framing, but still require the imagegen visual evidence route. Then use Codex App imagegen/$imagegen with gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) to create new annotated review images from those screenshots as reference inputs. The generated review image must visibly mark numbered callouts, P0/P1/P2/P3 labels, eye-flow, hierarchy, contrast, alignment, density, affordance problems, and a small corrected mini-comp or before/after strip when useful. Then analyze that generated review image with vision/OCR and convert the visible callouts into image-ux-issue-ledger.json rows. Missing generated review images block full Image UX verification, but the route may close as verified_partial/reference-only when source screenshots plus hashes, docs evidence, source Image Voxel anchors, and Honest Mode evidence exist and the gate records that no annotated image, callout extraction, or full UX review evidence exists. Never pass this route from a direct API fallback, hand-written text-only substitute, placeholder asset, or fabricated ledger. ${productDesignPluginPolicyText()} ${CODEX_WEB_VERIFICATION_POLICY} ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
 }
 export const RECOMMENDED_SKILLS = [
     'reasoning-router',
@@ -162,9 +165,6 @@ export const RECOMMENDED_SKILLS = [
     'seo-geo-optimizer',
     'autoresearch-loop',
     'performance-evaluator',
-    'design-artifact-expert',
-    'design-system-builder',
-    'design-ui-editor',
     'getdesign-reference',
     'imagegen',
     'imagegen-source-scout',
@@ -626,7 +626,7 @@ export const COMMAND_CATALOG = [
     { name: 'update', usage: 'sks update check|now [--version <version>] [--json] [--dry-run]', description: 'Check for SKS updates or install the requested package version through npm global mode.' },
     { name: 'deps', usage: 'sks deps check [--json] [--yes]', description: 'Check Node/npm, Codex CLI, and Zellij readiness; pass --yes to repair missing Codex CLI/Zellij tooling when supported.' },
     { name: 'codex', usage: 'sks codex compatibility|version|doctor|schema [--json]', description: 'Check Codex CLI rust-v0.136.0 compatibility, installed version, 0.136 capabilities, inherited 0.135/0.134/0.133 behavior, and vendored hook schema snapshot freshness.' },
-    { name: 'codex-app', usage: 'sks codex-app [check|chrome-extension|pat status|remote-control]', description: 'Check Codex App install, Codex Chrome Extension web verification readiness, PAT-safe status, first-party MCP/plugin readiness, and Codex CLI 0.130.0+ remote-control availability.' },
+    { name: 'codex-app', usage: 'sks codex-app [check|product-design|product-design --check-only|ensure-product-design|chrome-extension|pat status|remote-control]', description: 'Check Codex App install, Product Design plugin auto-install readiness, Codex Chrome Extension web verification readiness, PAT-safe status, first-party MCP/plugin readiness, and Codex CLI 0.130.0+ remote-control availability.' },
     { name: 'hooks', usage: 'sks hooks explain|status|trust-report|replay|codex-validate|warning-check ... [--json]', description: 'Explain Codex hook events, validate vendored latest 10-event output schemas, replay fixtures, and enforce warning-zero SKS hook policies under the 0.134 compatibility matrix.' },
     { name: 'codex-lb', usage: 'sks codex-lb status|health|metrics|doctor|circuit|repair|setup ...', description: 'Configure, health-check, repair, and record circuit evidence for codex-lb provider auth without confusing ChatGPT OAuth and proxy keys.' },
     { name: 'auth', usage: 'sks auth status|health|repair|setup --host <domain> --api-key <key>', description: 'Shortcut for codex-lb provider auth status, health, repair, and setup commands.' },

package/dist/core/version.js

@@ -1,2 +1,2 @@
-export const PACKAGE_VERSION = '2.0.5';
+export const PACKAGE_VERSION = '2.0.6';
 //# sourceMappingURL=version.js.map

package/dist/scripts/naruto-active-pool-check.js

@@ -15,13 +15,25 @@ const governor = governorMod.decideNarutoConcurrency({
 const report = activePool.simulateNarutoActivePool({ graph, governor: { ...governor, safe_active_workers: 5 } });
 assertGate(report.ok === true, 'active pool must drain cleanly', report);
 assertGate(report.max_observed_active_workers <= 5, 'active pool must never exceed safe cap', report);
+assertGate(report.max_observed_write_lease_conflicts === 0, 'active pool must never run overlapping write leases concurrently', report);
 assertGate(report.completed_count >= graph.total_work_items, 'active pool must complete all base work items', report);
 assertGate(report.refill_events >= 5, 'active pool must refill slots as work drains', report);
 assertGate(report.duplicate_execution_count === 0, 'active pool must not duplicate work without retry', report);
+const sameLeaseGraph = workGraph.buildNarutoWorkGraph({
+    requestedClones: 10,
+    totalWorkItems: 10,
+    writeCapable: true,
+    targetPaths: ['src/shared-fixture.ts'],
+    maxActiveWorkers: 5
+});
+const sameLeaseReport = activePool.simulateNarutoActivePool({ graph: sameLeaseGraph, governor: { ...governor, safe_active_workers: 5 } });
+assertGate(sameLeaseReport.ok === true, 'same-file work graph must drain without overlapping write leases', sameLeaseReport);
+assertGate(sameLeaseReport.max_observed_write_lease_conflicts === 0, 'same-file write items must be serialized or interleaved with read-only work only', sameLeaseReport);
 emitGate('naruto:active-pool', {
     safe_active_workers: report.safe_active_workers,
     completed_count: report.completed_count,
     refill_events: report.refill_events,
-    max_observed_active_workers: report.max_observed_active_workers
+    max_observed_active_workers: report.max_observed_active_workers,
+    same_lease_max_write_conflicts: sameLeaseReport.max_observed_write_lease_conflicts
 });
 //# sourceMappingURL=naruto-active-pool-check.js.map