sneakoscope 3.1.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/README.md +1 -1
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/.sks-build-stamp.json +4 -4
  6. package/dist/bin/sks.js +1 -1
  7. package/dist/commands/zellij-slot-column-anchor.js +3 -1
  8. package/dist/commands/zellij-slot-pane.js +19 -2
  9. package/dist/core/agents/agent-janitor.js +10 -1
  10. package/dist/core/agents/agent-orchestrator.js +1 -0
  11. package/dist/core/agents/agent-runner-ollama.js +11 -4
  12. package/dist/core/agents/native-cli-session-swarm.js +69 -9
  13. package/dist/core/codex-control/codex-task-runner.js +9 -0
  14. package/dist/core/commands/loop-command.js +54 -13
  15. package/dist/core/commands/naruto-command.js +26 -17
  16. package/dist/core/commands/team-command.js +1 -0
  17. package/dist/core/fsx.js +1 -1
  18. package/dist/core/locks/file-lock.js +88 -0
  19. package/dist/core/loops/loop-artifacts.js +33 -2
  20. package/dist/core/loops/loop-checkpoint.js +22 -0
  21. package/dist/core/loops/loop-finalizer.js +33 -7
  22. package/dist/core/loops/loop-gate-registry.js +96 -0
  23. package/dist/core/loops/loop-gate-runner.js +165 -17
  24. package/dist/core/loops/loop-gpt-final-arbiter.js +61 -0
  25. package/dist/core/loops/loop-integration-merge.js +75 -0
  26. package/dist/core/loops/loop-lease.js +35 -20
  27. package/dist/core/loops/loop-planner.js +36 -5
  28. package/dist/core/loops/loop-runtime-control.js +25 -0
  29. package/dist/core/loops/loop-runtime.js +248 -93
  30. package/dist/core/loops/loop-scheduler.js +12 -3
  31. package/dist/core/loops/loop-worker-prompts.js +43 -0
  32. package/dist/core/loops/loop-worker-runtime.js +275 -0
  33. package/dist/core/loops/loop-worktree-runtime.js +92 -0
  34. package/dist/core/naruto/naruto-finalizer.js +7 -2
  35. package/dist/core/naruto/naruto-loop-mesh.js +7 -1
  36. package/dist/core/proof/proof-schema.js +6 -0
  37. package/dist/core/proof/proof-writer.js +5 -2
  38. package/dist/core/proof/root-cause-policy.js +70 -0
  39. package/dist/core/proof/route-adapter.js +18 -1
  40. package/dist/core/proof/route-proof-gate.js +4 -0
  41. package/dist/core/release/release-gate-batch-runner.js +56 -10
  42. package/dist/core/release/release-gate-cache-v2.js +18 -3
  43. package/dist/core/release/release-gate-dag.js +65 -17
  44. package/dist/core/release/release-gate-node.js +2 -1
  45. package/dist/core/release/release-gate-resource-governor.js +27 -6
  46. package/dist/core/skills/core-skill-meta-update.js +24 -0
  47. package/dist/core/skills/core-skill-reflection.js +94 -0
  48. package/dist/core/skills/core-skill-trainer.js +103 -0
  49. package/dist/core/trust-kernel/completion-contract.js +4 -0
  50. package/dist/core/trust-kernel/route-contract.js +4 -1
  51. package/dist/core/version.js +1 -1
  52. package/dist/core/zellij/zellij-right-column-manager.js +13 -2
  53. package/dist/core/zellij/zellij-slot-column-anchor.js +40 -3
  54. package/dist/core/zellij/zellij-slot-pane-renderer.js +36 -11
  55. package/dist/core/zellij/zellij-slot-telemetry.js +96 -44
  56. package/dist/core/zellij/zellij-worker-pane-manager.js +42 -4
  57. package/dist/scripts/loop-directive-check-lib.js +225 -2
  58. package/dist/scripts/loop-worker-fixture-child.js +53 -0
  59. package/dist/scripts/naruto-real-local-gpt-final-smoke.js +10 -1
  60. package/package.json +5 -2
@@ -4,6 +4,7 @@ import fs from 'node:fs/promises';
4
4
  import os from 'node:os';
5
5
  import path from 'node:path';
6
6
  import { COMMANDS } from '../cli/command-registry.js';
7
+ import { runProcess } from '../core/fsx.js';
7
8
  import { compileGoalToLoopPlan } from '../core/loops/goal-to-loop-compat.js';
8
9
  import { loopGraphProofPath, loopPlanPath, loopProofPath, loopRoot, loopStatePath } from '../core/loops/loop-artifacts.js';
9
10
  import { decomposeRequestIntoLoopDomains } from '../core/loops/loop-decomposer.js';
@@ -29,7 +30,18 @@ export async function runLoopDirectiveCheck(id) {
29
30
  const request = 'fix zellij telemetry, release cache, and codex probe docs';
30
31
  const plan = await planLoopsFromRequest({ root, missionId, request, sourceCommand: 'loop' });
31
32
  const byId = new Map(plan.graph.nodes.map((node) => [node.loop_id, node]));
32
- const result = await runLoopPlan({ root, plan, parallelism: 'extreme', noMutation: id.includes('runtime') ? false : true });
33
+ const realRuntimeMode = process.env.SKS_LOOP_RUNTIME_REAL === '1'
34
+ || id === 'loop:runtime-real-workers'
35
+ || id === 'loop:maker-checker-real'
36
+ || id === 'loop:integration-finalizer-real'
37
+ || id === 'loop:real-maker-checker-blackbox'
38
+ || id === 'naruto:loop-mesh-real-blackbox'
39
+ || id === 'goal:loop-runtime-real-blackbox';
40
+ if (!realRuntimeMode && process.env.SKS_LOOP_RUNTIME_FIXTURE !== '1') {
41
+ process.env.SKS_LOOP_RUNTIME_FIXTURE = '1';
42
+ }
43
+ const fixtureMode = process.env.SKS_LOOP_RUNTIME_FIXTURE === '1' || process.env.SKS_LOOP_GATE_FIXTURE === '1';
44
+ const result = await runLoopPlan({ root, plan, parallelism: 'extreme', noMutation: fixtureMode ? true : !realRuntimeMode });
33
45
  const assertions = [];
34
46
  const assert = (condition, message) => assertions.push({ ok: Boolean(condition), message });
35
47
  assert(validateLoopPlan(plan).ok, 'loop plan validates');
@@ -40,6 +52,9 @@ export async function runLoopDirectiveCheck(id) {
40
52
  }
41
53
  else if (id === 'loop:artifact-paths') {
42
54
  assert(loopRoot(root, missionId).includes('.sneakoscope/missions'), 'artifact root layout matches directive');
55
+ assert(throws(() => loopRoot(root, '../../escape')), 'loop artifact root rejects mission traversal');
56
+ assert(throws(() => loopRoot(root, 'bad/mission')), 'loop artifact root rejects path separators in mission id');
57
+ assert(throws(() => loopStatePath(root, missionId, '../loop-escape')), 'loop node artifact path rejects loop traversal');
43
58
  }
44
59
  else if (id === 'loop:state') {
45
60
  assert(await exists(loopStatePath(root, missionId, 'loop-zellij')), 'loop state exists');
@@ -47,6 +62,8 @@ export async function runLoopDirectiveCheck(id) {
47
62
  else if (id === 'loop:planner') {
48
63
  assert(byId.has('loop-integration'), 'integration loop always created');
49
64
  assert(plan.graph.nodes.length >= 2, 'planner creates action plus integration loops');
65
+ assert(plan.graph.nodes.some((node) => node.route !== '$Integration' && node.maker.worker_count > 2), 'planner scales maker workers above the old hardcoded two');
66
+ assert(plan.graph.nodes.some((node) => node.route !== '$Integration' && node.checker.worker_count > 1), 'planner scales checker reviewers above the old hardcoded one');
50
67
  }
51
68
  else if (id === 'loop:decomposer') {
52
69
  const domains = decomposeRequestIntoLoopDomains(request);
@@ -68,6 +85,118 @@ export async function runLoopDirectiveCheck(id) {
68
85
  assert(result.ok, 'loop runtime produces ok graph result');
69
86
  assert(await exists(loopGraphProofPath(root, missionId)), 'graph proof exists');
70
87
  }
88
+ else if (id === 'loop:fixture-safety') {
89
+ const runtimeSource = await fs.readFile(path.join(process.cwd(), 'src/core/loops/loop-runtime.ts'), 'utf8');
90
+ const workerSource = await fs.readFile(path.join(process.cwd(), 'src/core/loops/loop-worker-runtime.ts'), 'utf8');
91
+ assert(!/noMutation\s*\?\s*\{\s*fixture:\s*true\s*\}/.test(runtimeSource), 'noMutation must not force fixture mode');
92
+ assert(workerSource.includes('loopFixtureAllowed'), 'fixture runtime has an explicit test-context allow guard');
93
+ assert(workerSource.includes('loop_fixture_runtime_forbidden'), 'fixture runtime fails closed outside test context');
94
+ assert(workerSource.includes("process.env.SKS_LOOP_RUNTIME_FIXTURE === '1'"), 'fixture runtime remains opt-in through SKS_LOOP_RUNTIME_FIXTURE');
95
+ assert(!workerSource.includes('visualLaneCount: Math.min(4'), 'zellij visual lane count must use the configurable pane cap');
96
+ const negative = await productionFixtureNegativeCheck();
97
+ assert(negative.code === 0 && negative.stdout.includes('loop_fixture_runtime_forbidden'), 'production fixture request is blocked at runtime');
98
+ }
99
+ else if (id === 'loop:worker-runtime') {
100
+ const proof = await readJson(loopProofPath(root, missionId, 'loop-zellij'));
101
+ assert(proof.maker_result.backend === 'deterministic-fixture' || proof.maker_result.backend === 'native-agent-orchestrator', 'maker backend recorded');
102
+ assert(proof.checker_result.backend === 'deterministic-fixture' || proof.checker_result.backend === 'native-agent-orchestrator', 'checker backend recorded');
103
+ assert(proof.maker_result.runtime_proof_path, 'maker runtime proof path recorded');
104
+ assert(proof.checker_result.runtime_proof_path, 'checker runtime proof path recorded');
105
+ }
106
+ else if (id === 'loop:worker-prompts') {
107
+ const prompts = await import('../core/loops/loop-worker-prompts.js');
108
+ const node = byId.get('loop-zellij');
109
+ assert(prompts.buildLoopMakerPrompt({ plan, node }).includes('Do not mutate outside the owner scope'), 'maker prompt constrains owner scope');
110
+ assert(prompts.buildLoopCheckerPrompt({ plan, node, makerArtifacts: ['maker.json'] }).includes('must not mutate source files'), 'checker prompt forbids mutation');
111
+ assert(prompts.buildLoopCheckerPrompt({ plan, node, makerArtifacts: ['maker.json'] }).includes('fresh session'), 'checker prompt requires fresh session');
112
+ }
113
+ else if (id === 'loop:runtime-real-workers' || id === 'loop:maker-checker-real') {
114
+ const proof = await readJson(loopProofPath(root, missionId, 'loop-zellij'));
115
+ assert(proof.maker_result.artifacts.length > 0, 'maker worker runtime artifacts exist');
116
+ assert(proof.checker_result.artifacts.length > 0, 'checker worker runtime artifacts exist');
117
+ assert(!proof.maker_result.artifacts.includes('fresh-checker-session'), 'placeholder checker string is not used');
118
+ }
119
+ else if (id === 'loop:checker-freshness') {
120
+ const proof = await readJson(loopProofPath(root, missionId, 'loop-zellij'));
121
+ const checker = await readJson(proof.checker_result.checker_findings[0]);
122
+ assert(checker.fresh_session === true, 'checker artifact proves fresh session');
123
+ assert(Array.isArray(checker.reviewed_maker_artifacts), 'checker reviewed maker artifacts');
124
+ assert(proof.checker_result.fresh_session === true, 'loop proof records checker freshness');
125
+ }
126
+ else if (id === 'loop:gate-registry') {
127
+ const registry = await import('../core/loops/loop-gate-registry.js');
128
+ const defs = await registry.listLoopGateDefinitions(process.cwd());
129
+ assert(defs.some((gate) => gate.id === 'gpt:final-arbiter' && gate.source === 'builtin-pseudo'), 'gpt final pseudo gate registered');
130
+ assert(await registry.resolveLoopGate(process.cwd(), 'definitely:unknown') === null, 'unknown gate does not resolve');
131
+ }
132
+ else if (id === 'loop:gate-runner-real' || id === 'loop:gate-artifacts') {
133
+ const proof = await readJson(loopProofPath(root, missionId, 'loop-zellij'));
134
+ assert(proof.gate_result.selected_gates.length > 0, 'gates selected');
135
+ assert(proof.gate_result.passed_gates.length > 0 || proof.gate_result.failed_gates.length > 0, 'gate outcomes recorded');
136
+ assert(await exists(path.join(loopRoot(root, missionId), 'loop-zellij', 'gates')), 'gate artifact directory exists');
137
+ }
138
+ else if (id === 'loop:worktree-runtime') {
139
+ assert(await exists(path.join(loopRoot(root, missionId), 'loop-zellij', 'worktree.json')), 'worktree record exists');
140
+ }
141
+ else if (id === 'loop:worktree-diff-scope') {
142
+ const mod = await import('../core/loops/loop-worktree-runtime.js');
143
+ assert(mod.enforceLoopOwnerScope(['src/core/zellij/zellij-slot-pane-renderer.ts'], byId.get('loop-zellij').owner_scope).length === 0, 'owner-scoped file passes');
144
+ assert(mod.enforceLoopOwnerScope(['README.md'], byId.get('loop-zellij').owner_scope).length > 0, 'outside owner scope blocks');
145
+ }
146
+ else if (id === 'loop:integration-merge') {
147
+ assert(await exists(path.join(loopRoot(root, missionId), 'integration-merge.json')), 'integration merge artifact exists');
148
+ }
149
+ else if (id === 'loop:integration-finalizer-real') {
150
+ const graph = await readJson(loopGraphProofPath(root, missionId));
151
+ assert(graph.integration_merge && typeof graph.integration_merge.ok === 'boolean', 'graph proof includes integration merge');
152
+ }
153
+ else if (id === 'file-lock:atomic') {
154
+ const lock = await import('../core/locks/file-lock.js');
155
+ let count = 0;
156
+ await lock.withFileLock({ lockPath: path.join(root, '.sneakoscope/locks/test.lock'), timeoutMs: 1000, staleMs: 10000 }, async () => { count += 1; });
157
+ assert(count === 1, 'file lock executes critical section');
158
+ }
159
+ else if (id === 'loop:lease-atomic') {
160
+ const node = byId.get('loop-zellij');
161
+ const lease = await acquireLoopLease(root, plan, node);
162
+ assert(lease.status === 'active' || lease.status === 'conflict', 'atomic lease returns status');
163
+ }
164
+ else if (id === 'loop:gpt-final-arbiter' || id === 'loop:integration-gpt-final') {
165
+ const mod = await import('../core/loops/loop-gpt-final-arbiter.js');
166
+ const arbiter = await mod.runLoopGptFinalArbiter({ root, plan, proofs: result.proofs, integrationMerge: { schema: 'sks.loop-integration-merge.v1', ok: true, applied_loops: [], conflict_loops: [], changed_files: ['src/core/loops/loop-runtime.ts'], blockers: [] }, forceVerdict: 'approve' });
167
+ assert(arbiter.ok && arbiter.verdict === 'approve', 'loop GPT final arbiter can approve');
168
+ }
169
+ else if (id === 'loop:checkpoint') {
170
+ assert(await exists(path.join(loopRoot(root, missionId), 'loop-zellij', 'checkpoint-latest.json')), 'latest checkpoint exists');
171
+ }
172
+ else if (id === 'loop:kill-resume' || id === 'loop:cli-kill-resume') {
173
+ const control = await import('../core/loops/loop-runtime-control.js');
174
+ await control.writeLoopKillRequest(root, missionId, 'loop-zellij');
175
+ assert(await control.shouldKillLoop(root, missionId, 'loop-zellij'), 'kill request targets loop');
176
+ }
177
+ else if (id === 'loop:real-maker-checker-blackbox') {
178
+ const proof = await readJson(loopProofPath(root, missionId, 'loop-zellij'));
179
+ assert(proof.maker_result.worker_count > 0 && proof.checker_result.worker_count > 0, 'maker/checker worker counts recorded');
180
+ assert(proof.checker_result.checker_findings.length > 0, 'checker findings artifact exists');
181
+ }
182
+ else if (id === 'naruto:loop-mesh-real-blackbox') {
183
+ assert(plan.graph.nodes.length >= 5, 'at least four domain loops plus integration are planned');
184
+ assert(result.proofs.every((proof) => proof.maker_result.artifacts.length && proof.checker_result.artifacts.length), 'worker runtime artifacts exist for every loop');
185
+ assert(result.graph_proof.integration_merge, 'integration finalizer ran');
186
+ }
187
+ else if (id === 'goal:loop-runtime-real-blackbox') {
188
+ const goalPlan = await compileGoalToLoopPlan({ root, missionId: `${missionId}-goal-real`, goalText: 'fix release cache', legacyGoalOptions: {} });
189
+ const goalResult = await runLoopPlan({ root, plan: goalPlan, parallelism: 'balanced', noMutation: true });
190
+ assert(await exists(path.join(root, '.sneakoscope', 'missions', `${missionId}-goal-real`, 'goal-compat.json')), 'goal compat artifact exists');
191
+ assert(goalResult.proofs.some((proof) => proof.maker_result.artifacts.length), 'goal loop worker runtime artifacts exist');
192
+ assert(await exists(loopGraphProofPath(root, `${missionId}-goal-real`)), 'goal graph proof exists');
193
+ }
194
+ else if (id === 'loop:status-ux') {
195
+ assert(await exists(loopGraphProofPath(root, missionId)), 'status has graph proof source');
196
+ }
197
+ else if (id === 'loop:zellij-real-runtime-ui') {
198
+ assert(renderZellijSlotPane({ slotId: 'slot-003', generationIndex: 1, loopId: 'loop-zellij', loopRole: 'maker', loopGate: 'loop:test', backend: 'fixture', patchStatus: 'fixture', verifyStatus: 'pass' }).includes('fixture loop proof'), 'zellij marks fixture proof');
199
+ }
71
200
  else if (id === 'loop:proof') {
72
201
  assert(await exists(loopProofPath(root, missionId, 'loop-zellij')), 'loop proof exists');
73
202
  }
@@ -85,6 +214,48 @@ export async function runLoopDirectiveCheck(id) {
85
214
  const node = byId.get('loop-zellij');
86
215
  const gates = await runLoopGates({ root, missionId, node, gates: node.gates });
87
216
  assert(gates.skipped_gates.includes('release:check') === false, 'gate runner avoids full release check inside loop');
217
+ const checkerDir = path.join(root, '.sneakoscope', 'missions', missionId, 'agents', 'sessions');
218
+ await fs.mkdir(checkerDir, { recursive: true });
219
+ await fs.writeFile(path.join(checkerDir, 'checker-findings.json'), JSON.stringify({ fresh_session: true, approved: true }));
220
+ const checkerGate = await runLoopGates({
221
+ root,
222
+ missionId,
223
+ node,
224
+ gates: { triage: [], local: [], checker: ['loop:checker-fresh-session'], integration: [], final: [] },
225
+ checkerArtifacts: ['sessions/checker-findings.json']
226
+ });
227
+ assert(checkerGate.ok, 'builtin checker gate resolves mission-ledger relative artifacts');
228
+ const foreignChecker = path.join(path.dirname(root), `${missionId}-foreign-checker-findings.json`);
229
+ await fs.writeFile(foreignChecker, JSON.stringify({ fresh_session: true, approved: true }));
230
+ const foreignRelative = path.relative(path.join(root, '.sneakoscope', 'missions', missionId, 'agents'), foreignChecker);
231
+ const unsafeCheckerGate = await runLoopGates({
232
+ root,
233
+ missionId,
234
+ node,
235
+ gates: { triage: [], local: [], checker: ['loop:checker-fresh-session'], integration: [], final: [] },
236
+ checkerArtifacts: [foreignRelative, foreignChecker]
237
+ });
238
+ assert(!unsafeCheckerGate.ok && unsafeCheckerGate.blockers.includes('loop_checker_fresh_session_missing'), 'builtin checker gate rejects foreign absolute and traversal artifacts');
239
+ const repoLocalChecker = path.join(root, 'repo-local-checker-findings.json');
240
+ await fs.writeFile(repoLocalChecker, JSON.stringify({ fresh_session: true, approved: true }));
241
+ const repoLocalCheckerGate = await runLoopGates({
242
+ root,
243
+ missionId,
244
+ node,
245
+ gates: { triage: [], local: [], checker: ['loop:checker-fresh-session'], integration: [], final: [] },
246
+ checkerArtifacts: ['repo-local-checker-findings.json', repoLocalChecker]
247
+ });
248
+ assert(!repoLocalCheckerGate.ok && repoLocalCheckerGate.blockers.includes('loop_checker_fresh_session_missing'), 'builtin checker gate rejects repo-local non-mission artifacts');
249
+ const symlinkChecker = path.join(checkerDir, 'checker-findings-symlink.json');
250
+ await fs.symlink(repoLocalChecker, symlinkChecker);
251
+ const symlinkCheckerGate = await runLoopGates({
252
+ root,
253
+ missionId,
254
+ node,
255
+ gates: { triage: [], local: [], checker: ['loop:checker-fresh-session'], integration: [], final: [] },
256
+ checkerArtifacts: ['sessions/checker-findings-symlink.json']
257
+ });
258
+ assert(!symlinkCheckerGate.ok && symlinkCheckerGate.blockers.includes('loop_checker_fresh_session_missing'), 'builtin checker gate rejects mission-local symlinks that escape the mission root');
88
259
  }
89
260
  else if (id === 'loop:gate-ladder') {
90
261
  const node = byId.get('loop-zellij');
@@ -108,7 +279,7 @@ export async function runLoopDirectiveCheck(id) {
108
279
  assert(docsA.status === 'active' && docsB.status === 'active', 'docs overlap is allowed when non-exclusive');
109
280
  }
110
281
  else if (id === 'naruto:loop-mesh' || id === 'naruto:loop-maker-checker') {
111
- const mesh = await runNarutoLoopMesh({ root, plan, parallelism: 'balanced' });
282
+ const mesh = await runNarutoLoopMesh({ root, plan, parallelism: 'balanced', noMutation: fixtureMode ? true : !realRuntimeMode });
112
283
  assert(mesh.proofs.every((proof) => proof.maker_result.worker_count > 0 && proof.checker_result.worker_count > 0), 'maker/checker artifacts exist for each loop');
113
284
  }
114
285
  else if (id === 'naruto:loop-worker-router') {
@@ -159,7 +330,59 @@ async function exists(file) {
159
330
  return false;
160
331
  }
161
332
  }
333
+ function throws(fn) {
334
+ try {
335
+ fn();
336
+ return false;
337
+ }
338
+ catch {
339
+ return true;
340
+ }
341
+ }
162
342
  async function readJson(file) {
163
343
  return JSON.parse(await fs.readFile(file, 'utf8'));
164
344
  }
345
+ async function productionFixtureNegativeCheck() {
346
+ const code = `
347
+ import { runLoopMakerWorkers } from './dist/core/loops/loop-worker-runtime.js';
348
+ const node = {
349
+ mission_id: 'M-production-fixture-negative',
350
+ loop_id: 'loop-production-fixture-negative',
351
+ owner_scope: { files: ['README.md'], directories: [], package_scripts: [], release_gate_ids: [], exclusive: true, collision_policy: 'handoff' },
352
+ maker: { worker_count: 1 },
353
+ checker: { worker_count: 1 },
354
+ risk: { requires_gpt_final: false },
355
+ worktree: { required: false }
356
+ };
357
+ const plan = { mission_id: 'M-production-fixture-negative' };
358
+ try {
359
+ await runLoopMakerWorkers({ root: process.cwd(), plan, node, fixture: true });
360
+ console.error('fixture unexpectedly allowed outside test context');
361
+ process.exit(1);
362
+ } catch (err) {
363
+ const message = err instanceof Error ? err.message : String(err);
364
+ if (!message.includes('loop_fixture_runtime_forbidden')) {
365
+ console.error(message);
366
+ process.exit(2);
367
+ }
368
+ console.log(message);
369
+ }
370
+ `;
371
+ return runProcess('/usr/bin/env', [
372
+ '-u', 'NODE_ENV',
373
+ '-u', 'SKS_TEST_RUNTIME_FIXTURE_ALLOWED',
374
+ '-u', 'VITEST_WORKER_ID',
375
+ '-u', 'JEST_WORKER_ID',
376
+ '-u', 'NODE_V8_COVERAGE',
377
+ 'SKS_LOOP_RUNTIME_FIXTURE=1',
378
+ process.execPath,
379
+ '--input-type=module',
380
+ '-e',
381
+ code
382
+ ], {
383
+ cwd: process.cwd(),
384
+ timeoutMs: 30000,
385
+ maxOutputBytes: 8192
386
+ });
387
+ }
165
388
  //# sourceMappingURL=loop-directive-check-lib.js.map
@@ -0,0 +1,53 @@
1
+ #!/usr/bin/env node
2
+ // @ts-nocheck
3
+ import fs from 'node:fs/promises';
4
+ import path from 'node:path';
5
+ const intakePath = process.argv[2];
6
+ if (!intakePath)
7
+ throw new Error('Usage: loop-worker-fixture-child <intake.json>');
8
+ const intake = JSON.parse(await fs.readFile(intakePath, 'utf8'));
9
+ const dir = path.dirname(intake.result_path);
10
+ await fs.mkdir(dir, { recursive: true });
11
+ const workerIds = Array.from({ length: Math.max(1, Number(intake.worker_count || 1)) }, (_, index) => `${intake.loop_id}-${intake.phase}-fixture-worker-${index + 1}`);
12
+ const sessionIds = workerIds.map((id) => `${id}-${process.pid}`);
13
+ const artifactPath = path.join(dir, intake.phase === 'maker' ? 'maker-patch-candidate.json' : 'checker-findings.json');
14
+ const changedFiles = intake.phase === 'maker' ? [] : [];
15
+ const artifact = intake.phase === 'maker'
16
+ ? {
17
+ schema: 'sks.loop-patch-candidate.v1',
18
+ loop_id: intake.loop_id,
19
+ worker_ids: workerIds,
20
+ changed_files: changedFiles,
21
+ fixture_child_pid: process.pid,
22
+ generated_at: new Date().toISOString()
23
+ }
24
+ : {
25
+ schema: 'sks.loop-checker-findings.v1',
26
+ loop_id: intake.loop_id,
27
+ fresh_session: true,
28
+ reviewed_maker_artifacts: intake.maker_artifacts || [],
29
+ side_effects_detected: [],
30
+ approved: true,
31
+ worker_ids: workerIds,
32
+ fixture_child_pid: process.pid,
33
+ generated_at: new Date().toISOString()
34
+ };
35
+ await fs.writeFile(artifactPath, `${JSON.stringify(artifact, null, 2)}\n`);
36
+ await fs.writeFile(intake.result_path, `${JSON.stringify({
37
+ schema: 'sks.loop-worker-run-result.v1',
38
+ ok: true,
39
+ mission_id: intake.mission_id,
40
+ loop_id: intake.loop_id,
41
+ phase: intake.phase,
42
+ worker_count: workerIds.length,
43
+ backend: 'deterministic-fixture',
44
+ artifacts: [artifactPath],
45
+ patch_candidates: intake.phase === 'maker' ? [artifactPath] : [],
46
+ checker_findings: intake.phase === 'checker' ? [artifactPath] : [],
47
+ changed_files: changedFiles,
48
+ blockers: [],
49
+ runtime_proof_path: intake.result_path,
50
+ worker_ids: workerIds,
51
+ session_ids: sessionIds
52
+ }, null, 2)}\n`);
53
+ //# sourceMappingURL=loop-worker-fixture-child.js.map
@@ -1,16 +1,25 @@
1
1
  #!/usr/bin/env node
2
2
  // @ts-nocheck
3
+ import fs from 'node:fs/promises';
4
+ import path from 'node:path';
3
5
  import { assertGate, emitGate, importDist } from './sks-1-18-gate-lib.js';
4
6
  const finalizer = await importDist('core/naruto/naruto-finalizer.js');
5
7
  const draft = finalizer.evaluateNarutoFinalizer({ localParticipated: true, gptFinalStatus: null, applyPatches: true });
6
8
  const approved = finalizer.evaluateNarutoFinalizer({ localParticipated: true, gptFinalStatus: 'approved', applyPatches: true });
7
9
  const deterministic = finalizer.evaluateNarutoFinalizer({ localParticipated: false, applyPatches: true });
10
+ const deterministicDraft = finalizer.evaluateNarutoFinalizer({ localParticipated: false, applyPatches: false });
11
+ const narutoCommandSource = await fs.readFile(path.join(process.cwd(), 'src/core/commands/naruto-command.ts'), 'utf8');
8
12
  assertGate(draft.ok === false && draft.blockers.includes('naruto_local_worker_output_needs_gpt_final_arbiter'), 'local worker patch must be blocked until GPT final arbiter', draft);
9
13
  assertGate(approved.ok === true && approved.final_patch_source === 'gpt_final_arbiter', 'GPT-approved local output must become final patch source', approved);
10
14
  assertGate(deterministic.ok === true && deterministic.gpt_final_required === false, 'no-local deterministic run must not require GPT final', deterministic);
15
+ assertGate(deterministicDraft.final_status === 'draft', 'no-apply Naruto run must remain draft even when writes were possible', deterministicDraft);
16
+ assertGate(deterministicDraft.ok === false && deterministicDraft.run_ok === true && deterministicDraft.release_proof_allowed === false, 'no-apply Naruto draft must not masquerade as an accepted finalizer', deterministicDraft);
17
+ assertGate(narutoCommandSource.includes('applyPatches: parsed.applyPatches') && !narutoCommandSource.includes('applyPatches: writeCapable'), 'Naruto command finalizer must use explicit apply-patches flag, not write capability');
18
+ assertGate(narutoCommandSource.includes('parsed.applyPatches === true ? finalizer.ok === true : finalizer.run_ok === true') && narutoCommandSource.includes('ok: summaryOk'), 'Naruto command top-level ok must separate patch finality from readonly/no-apply run success');
11
19
  emitGate('naruto:real-local-gpt-final-smoke', {
12
20
  require_real_env: process.env.SKS_REQUIRE_LOCAL_LLM === '1' || process.env.SKS_REQUIRE_GPT_FINAL === '1',
13
21
  draft_status: draft.final_status,
14
- approved_status: approved.final_status
22
+ approved_status: approved.final_status,
23
+ deterministic_no_apply_status: deterministicDraft.final_status
15
24
  });
16
25
  //# sourceMappingURL=naruto-real-local-gpt-final-smoke.js.map
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "sneakoscope",
3
3
  "displayName": "ㅅㅋㅅ",
4
- "version": "3.1.0",
4
+ "version": "3.1.1",
5
5
  "description": "Sneakoscope Codex: fast proof-first Codex trust layer with image-based Voxel TriWiki.",
6
6
  "type": "module",
7
7
  "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",
@@ -99,6 +99,7 @@
99
99
  "core-skill:route-runtime-integration": "node ./dist/scripts/core-skill-route-runtime-integration-check.js",
100
100
  "core-skill:promotion-side-effect-ledger": "node ./dist/scripts/core-skill-promotion-side-effect-ledger-check.js",
101
101
  "core-skill:legacy-promotion-api-audit": "node ./dist/scripts/core-skill-legacy-promotion-api-audit.js",
102
+ "core-skill:trainer-loop": "node ./dist/scripts/core-skill-trainer-check.js",
102
103
  "safety:side-effect-zero": "node ./dist/scripts/side-effect-zero-gate-check.js",
103
104
  "safety:mutation-callsite-coverage": "node ./dist/scripts/mutation-callsite-coverage-check.js",
104
105
  "safety:mutation-callsite-coverage:repo-wide": "node ./dist/scripts/mutation-callsite-coverage-check.js --repo-wide",
@@ -159,6 +160,7 @@
159
160
  "all-features:execute-fixtures": "node ./dist/bin/sks.js all-features selftest --mock --execute-fixtures --strict-artifacts --json",
160
161
  "feature-fixtures:strict": "node ./dist/bin/sks.js all-features selftest --mock --execute-fixtures --strict-artifacts --hermetic --json",
161
162
  "trust:check": "node ./dist/bin/sks.js trust validate latest --json || node ./dist/scripts/trust-fixture-check.js",
163
+ "proof:root-cause-policy": "node ./dist/scripts/proof-root-cause-policy-check.js",
162
164
  "wrongness:fixtures": "node --test test/wrongness/*.test.mjs",
163
165
  "wrongness:check": "node ./dist/bin/sks.js wrongness validate project --json && node ./dist/scripts/wrongness-fixture-check.js",
164
166
  "git-hygiene:check": "node ./dist/bin/sks.js git doctor --json",
@@ -557,7 +559,7 @@
557
559
  "python-tools:smoke": "node ./dist/scripts/python-tools-smoke-check.js",
558
560
  "agent:zellij-dynamic-backfill-panes": "node ./dist/scripts/agent-zellij-dynamic-backfill-panes-check.js",
559
561
  "agent:real-codex-in-zellij-worker-pane": "node ./dist/scripts/agent-real-codex-in-zellij-worker-pane-check.js",
560
- "release:check:legacy": "npm run release:check:parallel && npm run mad-sks:app-ui-no-mutation && npm run codex-app:fast-ui-preservation && npm run codex-app:ui-clobber-guard && npm run doctor:fixes-codex-app-fast-ui && npm run provider:badge-context && npm run provider:context-config-toml && npm run codex-app:provider-badge && npm run zellij:spawn-on-demand-layout && npm run zellij:worker-pane-manager && npm run zellij:worker-pane-manager-single-owner && npm run agent:worker-pane-communication-contract && npm run runtime:no-mjs-scripts && npm run runtime:ts-python-boundary && npm run codex-sdk:capability && npm run codex-sdk:no-legacy-fallback && npm run codex-sdk:backend-router && npm run codex-sdk:structured-output && npm run codex-sdk:event-stream-ledger && npm run codex-sdk:thread-registry && npm run codex-sdk:sandbox-policy && npm run codex-sdk:zellij-pane-binding && npm run codex-sdk:all-pipelines && npm run codex-sdk:dfix-pipeline && npm run codex-sdk:qa-pipeline && npm run codex-sdk:research-pipeline && npm run codex-sdk:team-naruto-agent-pipeline && npm run codex-sdk:release-review-pipeline && npm run codex-sdk:ux-ppt-review-pipeline && npm run codex-sdk:core-skill-pipeline && npm run codex-control:capability && npm run codex-control:no-legacy-fallback && npm run codex-control:structured-output && npm run codex-control:event-stream-ledger && npm run codex-control:thread-registry && npm run codex-control:side-effect-scope && npm run codex-control:all-pipelines && npm run codex-control:empty-result-retry && npm run codex-control:stream-idle-watchdog && npm run codex-control:tool-call-sequence-repair && npm run codex-control:keepalive-no-cot-leak && npm run local-collab:policy && npm run local-collab:gpt-final-arbiter && npm run local-collab:no-local-only-final && npm run local-collab:gpt-final-availability && npm run local-llm:capability && npm run local-llm:structured-output && npm run local-llm:tool-call-repair && npm run local-llm:all-pipelines && npm run local-collab:all-pipelines-final-gpt && npm run python-sdk:capability && npm run python-sdk:stream-bridge && npm run python-sdk:sandbox-policy && npm run python-sdk:all-pipelines && npm run codex:plugin-list-json && npm run codex:product-design-plugin-routing && npm run codex:product-design-auto-install && npm run codex:thread-runtime-choice && npm run codex:environment-scoped-approvals && npm run ultra-router:classification && npm run ultra-router:auto-router && npm run release:version-truth && npm run release:worktree-gates && npm run codex:0.137-compat && npm run codex:0.136-compat && npm run codex:0.135-compat && npm run doctor:codex-doctor-parity && npm run codex:permission-profiles && npm run codex:legacy-profile-consumers-removed && npm run terminal:keyboard-enhancement-safety && npm run terminal:tui-output-stability && npm run codex:resume-cwd-truth && npm run mcp:tool-naming-parity && npm run responses:retry-policy-centralized && npm run runtime:no-tmux && npm run zellij:layout-valid && npm run agent:zellij-dynamic-backfill-panes && npm run agent:worker-pane-communication-contract && npm run agent:slot-pane-binding-proof && npm run zellij:worker-pane-manager && npm run zellij:spawn-on-demand-layout && npm run zellij:lane-renderer && npm run mad-sks:zellij-launch && npm run mad-sks:zellij-default-pane-worker && npm run agent:zellij-runtime && npm run codex:config-eperm-fixture && npm run doctor:fix-proves-codex-read && npm run mad:preflight-blocks-unreadable-config && npm run fast:codex-service-tier-proof && npm run codex:project-config-policy-splitter && npm run test:no-orphan-dist-imports && npm run agent:patch-envelope-extraction && npm run agent:patch-queue-runtime && npm run agent:strategy-to-lease-wiring && npm run agent:patch-swarm-runtime && npm run agent:patch-transaction-journal && npm run agent:patch-conflict-rebase && npm run agent:strategy-to-patch-strict && npm run agent:patch-swarm-runtime-truth && npm run agent:rollback-command && npm run agent:patch-verification-dag && npm run agent:patch-rollback-dag && npm run agent:patch-proof-runtime && npm run agent:patch-swarm-route-blackbox && npm run team:patch-swarm-route-blackbox && npm run dfix:patch-swarm-route-blackbox && npm run appshots:thread-attachment-discovery && npm run mcp:readonly-runtime-scheduler && npm run naruto:work-graph && npm run naruto:readonly-routing && npm run naruto:concurrency-governor && npm run naruto:active-pool && npm run naruto:role-distribution && npm run naruto:parallel-patch-apply && npm run naruto:verification-pool && npm run naruto:zellij-massive-ui && npm run naruto:gpt-final-pack && npm run prompt:placeholder-guard && npm run codex:0.134-runner-truth && npm run agent:native-cli-session-swarm && npm run naruto:shadow-clone-swarm && npm run agent:native-cli-session-swarm-10 && npm run agent:native-cli-session-swarm-20 && npm run agent:no-subagent-scaling && npm run agent:native-cli-session-proof && npm run agent:worker-backend-router && npm run agent:codex-child-overlap && npm run agent:model-authored-patch-envelope && npm run agent:fast-mode-default && npm run agent:fast-mode-worker-propagation && npm run codex:fast-mode-profile-propagation && npm run mad-sks:fast-mode-propagation && npm run zellij:launch-command-truth && npm run zellij:real-session-heartbeat && npm run zellij:ui-design && npm run zellij:doctor-readiness && npm run legacy:upgrade-zero-break && npm run publish:packlist-performance && npm run postinstall:safe-side-effects && npm run runtime:ts-rust-boundary && npm run core-skill:card-schema && npm run core-skill:rollout-scoring && npm run core-skill:patch && npm run core-skill:heldout-validation && npm run core-skill:deployment-snapshot && npm run core-skill:no-inference-optimizer && npm run core-skill:route-runtime-integration && npm run core-skill:promotion-side-effect-ledger && npm run core-skill:legacy-promotion-api-audit && npm run safety:side-effect-zero && npm run safety:mutation-callsite-coverage && npm run safety:mutation-callsite-coverage:repo-wide && npm run side-effect:runtime-report && npm run release:gate-planner && npm run release:dynamic-performance && npm run release:provenance && npm run release:gate-budget && npm run agent:wiki-context-proof && npm run shared-memory:check && npm run wrongness:check && npm run wrongness:fixtures && npm run trust:check && npm run git-collaboration:e2e && node ./dist/scripts/release-check-stamp.js write && npm run release:readiness --silent && node ./dist/scripts/release-check-stamp.js write",
562
+ "release:check:legacy": "npm run release:check:parallel && npm run mad-sks:app-ui-no-mutation && npm run codex-app:fast-ui-preservation && npm run codex-app:ui-clobber-guard && npm run doctor:fixes-codex-app-fast-ui && npm run provider:badge-context && npm run provider:context-config-toml && npm run codex-app:provider-badge && npm run zellij:spawn-on-demand-layout && npm run zellij:worker-pane-manager && npm run zellij:worker-pane-manager-single-owner && npm run agent:worker-pane-communication-contract && npm run runtime:no-mjs-scripts && npm run runtime:ts-python-boundary && npm run codex-sdk:capability && npm run codex-sdk:no-legacy-fallback && npm run codex-sdk:backend-router && npm run codex-sdk:structured-output && npm run codex-sdk:event-stream-ledger && npm run codex-sdk:thread-registry && npm run codex-sdk:sandbox-policy && npm run codex-sdk:zellij-pane-binding && npm run codex-sdk:all-pipelines && npm run codex-sdk:dfix-pipeline && npm run codex-sdk:qa-pipeline && npm run codex-sdk:research-pipeline && npm run codex-sdk:team-naruto-agent-pipeline && npm run codex-sdk:release-review-pipeline && npm run codex-sdk:ux-ppt-review-pipeline && npm run codex-sdk:core-skill-pipeline && npm run codex-control:capability && npm run codex-control:no-legacy-fallback && npm run codex-control:structured-output && npm run codex-control:event-stream-ledger && npm run codex-control:thread-registry && npm run codex-control:side-effect-scope && npm run codex-control:all-pipelines && npm run codex-control:empty-result-retry && npm run codex-control:stream-idle-watchdog && npm run codex-control:tool-call-sequence-repair && npm run codex-control:keepalive-no-cot-leak && npm run local-collab:policy && npm run local-collab:gpt-final-arbiter && npm run local-collab:no-local-only-final && npm run local-collab:gpt-final-availability && npm run local-llm:capability && npm run local-llm:structured-output && npm run local-llm:tool-call-repair && npm run local-llm:all-pipelines && npm run local-collab:all-pipelines-final-gpt && npm run python-sdk:capability && npm run python-sdk:stream-bridge && npm run python-sdk:sandbox-policy && npm run python-sdk:all-pipelines && npm run codex:plugin-list-json && npm run codex:product-design-plugin-routing && npm run codex:product-design-auto-install && npm run codex:thread-runtime-choice && npm run codex:environment-scoped-approvals && npm run ultra-router:classification && npm run ultra-router:auto-router && npm run release:version-truth && npm run release:worktree-gates && npm run codex:0.137-compat && npm run codex:0.136-compat && npm run codex:0.135-compat && npm run doctor:codex-doctor-parity && npm run codex:permission-profiles && npm run codex:legacy-profile-consumers-removed && npm run terminal:keyboard-enhancement-safety && npm run terminal:tui-output-stability && npm run codex:resume-cwd-truth && npm run mcp:tool-naming-parity && npm run responses:retry-policy-centralized && npm run runtime:no-tmux && npm run zellij:layout-valid && npm run agent:zellij-dynamic-backfill-panes && npm run agent:worker-pane-communication-contract && npm run agent:slot-pane-binding-proof && npm run zellij:worker-pane-manager && npm run zellij:spawn-on-demand-layout && npm run zellij:lane-renderer && npm run mad-sks:zellij-launch && npm run mad-sks:zellij-default-pane-worker && npm run agent:zellij-runtime && npm run codex:config-eperm-fixture && npm run doctor:fix-proves-codex-read && npm run mad:preflight-blocks-unreadable-config && npm run fast:codex-service-tier-proof && npm run codex:project-config-policy-splitter && npm run test:no-orphan-dist-imports && npm run agent:patch-envelope-extraction && npm run agent:patch-queue-runtime && npm run agent:strategy-to-lease-wiring && npm run agent:patch-swarm-runtime && npm run agent:patch-transaction-journal && npm run agent:patch-conflict-rebase && npm run agent:strategy-to-patch-strict && npm run agent:patch-swarm-runtime-truth && npm run agent:rollback-command && npm run agent:patch-verification-dag && npm run agent:patch-rollback-dag && npm run agent:patch-proof-runtime && npm run agent:patch-swarm-route-blackbox && npm run team:patch-swarm-route-blackbox && npm run dfix:patch-swarm-route-blackbox && npm run appshots:thread-attachment-discovery && npm run mcp:readonly-runtime-scheduler && npm run naruto:work-graph && npm run naruto:readonly-routing && npm run naruto:concurrency-governor && npm run naruto:active-pool && npm run naruto:role-distribution && npm run naruto:parallel-patch-apply && npm run naruto:verification-pool && npm run naruto:zellij-massive-ui && npm run naruto:gpt-final-pack && npm run prompt:placeholder-guard && npm run codex:0.134-runner-truth && npm run agent:native-cli-session-swarm && npm run naruto:shadow-clone-swarm && npm run agent:native-cli-session-swarm-10 && npm run agent:native-cli-session-swarm-20 && npm run agent:no-subagent-scaling && npm run agent:native-cli-session-proof && npm run agent:worker-backend-router && npm run agent:codex-child-overlap && npm run agent:model-authored-patch-envelope && npm run agent:fast-mode-default && npm run agent:fast-mode-worker-propagation && npm run codex:fast-mode-profile-propagation && npm run mad-sks:fast-mode-propagation && npm run zellij:launch-command-truth && npm run zellij:real-session-heartbeat && npm run zellij:ui-design && npm run zellij:doctor-readiness && npm run legacy:upgrade-zero-break && npm run publish:packlist-performance && npm run postinstall:safe-side-effects && npm run runtime:ts-rust-boundary && npm run core-skill:card-schema && npm run core-skill:rollout-scoring && npm run core-skill:patch && npm run core-skill:heldout-validation && npm run core-skill:deployment-snapshot && npm run core-skill:no-inference-optimizer && npm run core-skill:route-runtime-integration && npm run core-skill:promotion-side-effect-ledger && npm run core-skill:legacy-promotion-api-audit && npm run core-skill:trainer-loop && npm run safety:side-effect-zero && npm run safety:mutation-callsite-coverage && npm run safety:mutation-callsite-coverage:repo-wide && npm run side-effect:runtime-report && npm run release:gate-planner && npm run release:dynamic-performance && npm run release:provenance && npm run release:gate-budget && npm run agent:wiki-context-proof && npm run shared-memory:check && npm run wrongness:check && npm run wrongness:fixtures && npm run trust:check && npm run git-collaboration:e2e && node ./dist/scripts/release-check-stamp.js write && npm run release:readiness --silent && node ./dist/scripts/release-check-stamp.js write",
561
563
  "release:check:dag": "node ./dist/scripts/release-gate-dag-runner.js --preset release",
562
564
  "release:check:dag:explain": "node ./dist/scripts/release-gate-dag-runner.js --preset release --explain",
563
565
  "release:check:dag:no-cache": "node ./dist/scripts/release-gate-dag-runner.js --preset release --no-cache",
@@ -755,6 +757,7 @@
755
757
  "loop:owner-inference": "node ./dist/scripts/loop-owner-inference-check.js",
756
758
  "loop:scheduler": "node ./dist/scripts/loop-scheduler-check.js",
757
759
  "loop:runtime": "node ./dist/scripts/loop-runtime-check.js",
760
+ "loop:fixture-safety": "node ./dist/scripts/loop-fixture-safety-check.js",
758
761
  "loop:proof": "node ./dist/scripts/loop-proof-check.js",
759
762
  "loop:integration-finalizer": "node ./dist/scripts/loop-integration-finalizer-check.js",
760
763
  "loop:gate-selector": "node ./dist/scripts/loop-gate-selector-check.js",