sneakoscope 3.1.12 → 3.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/README.md +10 -12
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/bin/sks.js +1 -1
  6. package/dist/commands/doctor.js +62 -32
  7. package/dist/core/agents/agent-cleanup-executor.js +75 -1
  8. package/dist/core/agents/agent-command-surface.js +29 -4
  9. package/dist/core/agents/agent-orchestrator.js +25 -6
  10. package/dist/core/agents/agent-role-config.js +12 -1
  11. package/dist/core/agents/native-cli-session-swarm.js +1 -1
  12. package/dist/core/codex/agent-config-file-repair.js +115 -19
  13. package/dist/core/codex/codex-startup-config-postcheck.js +57 -4
  14. package/dist/core/codex-control/codex-0140-capability.js +72 -7
  15. package/dist/core/codex-control/codex-0140-feature-probes.js +174 -16
  16. package/dist/core/codex-control/codex-0140-real-probes.js +43 -3
  17. package/dist/core/codex-control/codex-0140-usage-parser.js +81 -0
  18. package/dist/core/codex-native/native-capability-postcheck.js +5 -2
  19. package/dist/core/codex-native/native-capability-repair-matrix.js +4 -4
  20. package/dist/core/commands/local-model-command.js +1 -1
  21. package/dist/core/commands/naruto-command.js +14 -5
  22. package/dist/core/config/secret-preservation.js +107 -10
  23. package/dist/core/doctor/context7-mcp-repair.js +15 -0
  24. package/dist/core/doctor/doctor-codex-startup-repair.js +3 -2
  25. package/dist/core/doctor/doctor-repair-postcheck.js +9 -3
  26. package/dist/core/doctor/doctor-transaction.js +98 -2
  27. package/dist/core/doctor/supabase-mcp-repair.js +36 -6
  28. package/dist/core/fsx.js +1 -1
  29. package/dist/core/loops/loop-concurrency-budget.js +22 -0
  30. package/dist/core/mcp/mcp-config-preservation.js +30 -7
  31. package/dist/core/naruto/naruto-loop-mesh.js +5 -1
  32. package/dist/core/version.js +1 -1
  33. package/dist/core/zellij/zellij-fake-adapter.js +8 -2
  34. package/dist/core/zellij/zellij-launcher.js +16 -0
  35. package/dist/core/zellij/zellij-worker-pane-manager.js +3 -2
  36. package/dist/scripts/codex-0140-feature-gate-lib.js +4 -2
  37. package/dist/scripts/release-3113-required-gates.js +25 -0
  38. package/package.json +11 -3
  39. package/dist/scripts/loop-directive-check-lib.js +0 -388
  40. package/dist/scripts/loop-hardening-check-lib.js +0 -289
  41. package/dist/scripts/sks-1-12-real-execution-check-lib.js +0 -27
  42. package/dist/scripts/sks-3-1-4-directive-check-lib.js +0 -212
  43. package/dist/scripts/sks-3-1-5-directive-check-lib.js +0 -318
  44. package/dist/scripts/sks-3-1-6-directive-check-lib.js +0 -522
  45. package/dist/scripts/sks-3-1-7-directive-check-lib.js +0 -58
  46. package/dist/scripts/sks-3-1-8-check-lib.js +0 -30
package/README.md CHANGED
@@ -35,18 +35,16 @@ Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-C
35
35
 
36
36
  ## 🚀 Current Release
37
37
 
38
- SKS **3.1.12** is a release-ready repair pass for `sks doctor --fix` production recovery, Codex 0.140 capability coverage, and MAD Zellij right-column stack reliability.
39
-
40
- What changed in 3.1.12:
41
-
42
- - **MAD Zellij panes are stack-reconciled.** Second and later visible workers still launch with native `new-pane --stacked`, then SKS calls Zellij `stack-panes` with the observed worker pane ids so the right column stays one stack instead of drifting into automatic split geometry.
43
- - **Codex 0.140 readiness is gated.** The release records hermetic coverage for usage metadata, goal attachment preservation, session delete/import, unified mentions, Bedrock managed auth, MCP reliability, SQLite recovery, non-TTY interrupt behavior, large-repo performance, and optional real-probe enforcement.
44
- - **Doctor production repair is transactional.** `sks doctor --fix` now writes a doctor fix transaction and postcheck report so startup config, Context7 MCP, Supabase MCP, command alias, and native capability repair results are visible in JSON output instead of disappearing into console-only repair steps.
45
- - **Context7 stdio lockups are doctor-repairable.** `sks doctor --fix` detects local `@upstash/context7-mcp` stdio config and migrates it to the remote Context7 MCP endpoint so Codex launches do not stall at the stdio server banner.
46
- - **Codex startup warnings are repaired more completely.** `sks doctor --fix` rewrites stale SKS agent `config_file` paths, removes unsupported managed `message_role_prefix` role fields, preserves optional `supabase_sauron`, and now repairs `node_repl` to a valid Codex App command when available or removes both the stale parent table and child env table when it is not.
47
- - **Doctor JSON exposes the Context7, startup, Supabase, and production postcheck reports.** `context7_repair`, `codex_startup_repair`, `startup_config_repair`, `context7_mcp_repair`, `supabase_mcp_repair`, `doctor_fix_transaction`, `doctor_fix_postcheck`, and their `repair.*` entries carry migration status, backups, actions, warnings, and any manual auth actions.
48
- - **Secret rollback is stricter.** The secret-preservation guard treats protected-value changes the same way as missing values, rolls back affected files from redacted backups, and records rollback status without writing raw secret values.
49
- - **Release metadata is aligned for 3.1.12.** Package, lockfile, CLI version constants, Rust helper metadata, README, and changelog all point at the same release.
38
+ SKS **3.1.14** is a production-hardening release for Codex 0.140 evidence, transactional `sks doctor --fix` repair, MCP readiness, native capability proof, and protected-secret rollback.
39
+
40
+ What changed in 3.1.14:
41
+
42
+ - **Codex 0.140 readiness carries evidence.** Capability reports now expose per-feature state and certainty, real usage parsing, goal attachment roundtrip proof, and usage-budget provenance for loop/Naruto runtime decisions.
43
+ - **Doctor repair is phase-based.** `sks doctor --fix` records phase durations, postchecks, optional manual readiness, and rollback evidence instead of collapsing repair work into a summary writer.
44
+ - **Startup and MCP repair are safer.** Managed agent TOML blocks are repaired without touching unrelated config, missing role files are regenerated from real managed templates, Context7 disabled servers stay disabled, and Supabase write scope is separated from read-only readiness.
45
+ - **Secret rollback is line-level when possible.** Protected key changes are restored without discarding unrelated operator edits, nested guard operations are recorded, and backup artifacts remain ignored.
46
+ - **Native capability proof is stricter.** Computer Use and Chrome/web review no longer become verified from environment variables outside explicit fixture/test modes.
47
+ - **Release metadata is aligned for 3.1.14.** Package, lockfile, CLI version constants, Rust helper metadata, README, changelog, docs, built output, and release stamp all point at the same release.
50
48
 
51
49
  SKS 3.0.0 was the parallel-runtime stabilization release. The whole live-swarm experience — what you actually *see* while 5, 20, or 100 workers run — was rebuilt and proven end-to-end.
52
50
 
@@ -76,7 +76,7 @@ dependencies = [
76
76
 
77
77
  [[package]]
78
78
  name = "sks-core"
79
- version = "3.1.12"
79
+ version = "3.1.14"
80
80
  dependencies = [
81
81
  "serde_json",
82
82
  ]
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "sks-core"
3
- version = "3.1.12"
3
+ version = "3.1.14"
4
4
  edition = "2021"
5
5
 
6
6
  [dependencies]
@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
4
4
  fn main() {
5
5
  let mut args = std::env::args().skip(1);
6
6
  match args.next().as_deref() {
7
- Some("--version") => println!("sks-rs 3.1.12"),
7
+ Some("--version") => println!("sks-rs 3.1.14"),
8
8
  Some("compact-info") => {
9
9
  let mut input = String::new();
10
10
  let _ = io::stdin().read_to_string(&mut input);
package/dist/bin/sks.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- const FAST_PACKAGE_VERSION = '3.1.12';
2
+ const FAST_PACKAGE_VERSION = '3.1.14';
3
3
  const args = process.argv.slice(2);
4
4
  try {
5
5
  if (args[0] === '--agent' && args[1] === 'worker') {
@@ -34,7 +34,7 @@ import { runDoctorCommandAliasCleanup } from '../core/doctor/command-alias-clean
34
34
  import { repairCodexStartupConfig } from '../core/doctor/codex-startup-config-repair.js';
35
35
  import { repairContext7Mcp } from '../core/doctor/context7-mcp-repair.js';
36
36
  import { repairSupabaseMcp } from '../core/doctor/supabase-mcp-repair.js';
37
- import { writeDoctorFixTransaction } from '../core/doctor/doctor-transaction.js';
37
+ import { runDoctorFixTransaction } from '../core/doctor/doctor-transaction.js';
38
38
  import { doctorRepairPostcheck } from '../core/doctor/doctor-repair-postcheck.js';
39
39
  import { withSecretPreservationGuard } from '../core/config/config-migration-journal.js';
40
40
  export async function run(_command, args = []) {
@@ -271,8 +271,12 @@ async function runDoctor(args = [], root, doctorFix) {
271
271
  apply: true,
272
272
  configured: false,
273
273
  disabled: false,
274
+ disabled_preserved: false,
274
275
  token_env_present: false,
275
276
  unsafe_write_access: false,
277
+ read_only_migrated: false,
278
+ write_scope_requires_confirmation: false,
279
+ ready_blocking: true,
276
280
  manual_required: true,
277
281
  next_action: 'Review Supabase MCP configuration manually.',
278
282
  blockers: [err?.message || String(err)],
@@ -281,62 +285,88 @@ async function runDoctor(args = [], root, doctorFix) {
281
285
  }))
282
286
  : null;
283
287
  const doctorFixTransaction = doctorFix
284
- ? await writeDoctorFixTransaction({
288
+ ? await runDoctorFixTransaction({
285
289
  root,
286
290
  phases: [
287
291
  {
288
292
  id: 'setup',
289
- ok: setupRepair !== null,
290
- repaired: setupRepair !== null,
291
- blockers: setupRepair === null ? ['setup_repair_not_recorded'] : []
293
+ run: async () => ({
294
+ id: 'setup',
295
+ ok: setupRepair !== null,
296
+ repaired: setupRepair !== null,
297
+ blockers: setupRepair === null ? ['setup_repair_not_recorded'] : []
298
+ })
292
299
  },
293
300
  {
294
301
  id: 'codex_startup_repair',
295
- ok: codexStartupRepair?.ok !== false,
296
- repaired: doctorFix,
297
- blockers: codexStartupRepair?.blockers || [],
298
- warnings: codexStartupRepair?.warnings || []
302
+ run: async () => ({
303
+ id: 'codex_startup_repair',
304
+ ok: codexStartupRepair?.ok !== false,
305
+ repaired: doctorFix,
306
+ blockers: codexStartupRepair?.blockers || [],
307
+ warnings: codexStartupRepair?.warnings || []
308
+ })
299
309
  },
300
310
  {
301
311
  id: 'startup_config_repair',
302
- ok: startupConfigRepair?.ok === true,
303
- repaired: startupConfigRepair?.apply === true,
304
- blockers: startupConfigRepair?.blockers || []
312
+ run: async () => ({
313
+ id: 'startup_config_repair',
314
+ ok: startupConfigRepair?.ok === true,
315
+ repaired: startupConfigRepair?.apply === true,
316
+ blockers: startupConfigRepair?.blockers || []
317
+ })
305
318
  },
306
319
  {
307
320
  id: 'context7_repair',
308
- ok: context7Repair?.ok !== false,
309
- repaired: doctorFix,
310
- blockers: context7Repair?.blockers || [],
311
- warnings: context7Repair?.warnings || []
321
+ run: async () => ({
322
+ id: 'context7_repair',
323
+ ok: context7Repair?.ok !== false,
324
+ repaired: doctorFix,
325
+ blockers: context7Repair?.blockers || [],
326
+ warnings: context7Repair?.warnings || []
327
+ })
312
328
  },
313
329
  {
314
330
  id: 'context7_mcp_repair',
315
- ok: context7McpRepair?.ok === true,
316
- repaired: context7McpRepair?.repaired === true,
317
- manual_required: context7McpRepair?.manual_required === true,
318
- blockers: context7McpRepair?.blockers || [],
319
- warnings: context7McpRepair?.warnings || []
331
+ run: async () => ({
332
+ id: 'context7_mcp_repair',
333
+ ok: context7McpRepair?.ok === true,
334
+ repaired: context7McpRepair?.repaired === true,
335
+ manual_required: context7McpRepair?.manual_required === true,
336
+ blockers: context7McpRepair?.blockers || [],
337
+ warnings: context7McpRepair?.warnings || []
338
+ })
320
339
  },
321
340
  {
322
341
  id: 'supabase_mcp_repair',
323
- ok: supabaseMcpRepair?.ok === true,
324
- repaired: false,
325
- manual_required: supabaseMcpRepair?.manual_required === true,
326
- blockers: supabaseMcpRepair?.blockers || [],
327
- warnings: supabaseMcpRepair?.warnings || []
342
+ required_for_ready: false,
343
+ run: async () => ({
344
+ id: 'supabase_mcp_repair',
345
+ ok: supabaseMcpRepair?.ok === true,
346
+ repaired: false,
347
+ manual_required: supabaseMcpRepair?.manual_required === true,
348
+ required_for_ready: false,
349
+ blockers: supabaseMcpRepair?.blockers || [],
350
+ warnings: supabaseMcpRepair?.warnings || []
351
+ })
328
352
  },
329
353
  {
330
354
  id: 'command_alias_cleanup',
331
- ok: commandAliasCleanup?.ok !== false,
332
- repaired: Array.isArray(commandAliasCleanup?.actions) && commandAliasCleanup.actions.length > 0,
333
- blockers: commandAliasCleanup?.blockers || []
355
+ run: async () => ({
356
+ id: 'command_alias_cleanup',
357
+ ok: commandAliasCleanup?.ok !== false,
358
+ repaired: Array.isArray(commandAliasCleanup?.actions) && commandAliasCleanup.actions.length > 0,
359
+ blockers: commandAliasCleanup?.blockers || []
360
+ })
334
361
  },
335
362
  {
336
363
  id: 'native_capability_repair',
337
- ok: doctorNativeCapabilityRepair?.ok !== false,
338
- repaired: doctorFix,
339
- blockers: doctorNativeCapabilityRepair?.blockers || []
364
+ run: async () => ({
365
+ id: 'native_capability_repair',
366
+ ok: doctorNativeCapabilityRepair?.ok !== false,
367
+ repaired: doctorFix,
368
+ blockers: doctorNativeCapabilityRepair?.blockers || []
369
+ })
340
370
  }
341
371
  ]
342
372
  }).catch((err) => ({
@@ -1,8 +1,9 @@
1
1
  import fsp from 'node:fs/promises';
2
2
  import path from 'node:path';
3
- import { appendJsonl, exists, nowIso, readJson, writeJsonAtomic } from '../fsx.js';
3
+ import { appendJsonl, exists, nowIso, packageRoot, readJson, writeJsonAtomic } from '../fsx.js';
4
4
  import { drainZellijLaneSupervisor } from './zellij-lane-supervisor.js';
5
5
  import { normalizeAgentSessionRows } from './agent-session-rows.js';
6
+ import { closeZellijPaneById } from '../zellij/zellij-worker-pane-manager.js';
6
7
  export const AGENT_CLEANUP_PROOF_SCHEMA = 'sks.agent-cleanup-proof.v2';
7
8
  export const AGENT_CLEANUP_ACTION_LEDGER_SCHEMA = 'sks.agent-cleanup-action-ledger.v1';
8
9
  const TERMINAL_STATUSES = new Set(['closed', 'completed', 'done', 'failed', 'blocked', 'killed', 'timed_out']);
@@ -50,6 +51,7 @@ export async function runAgentCleanupExecutor(opts) {
50
51
  killEscalation
51
52
  }));
52
53
  }
54
+ const seenZellijPaneIds = new Set();
53
55
  const zellijReports = await listNamedFiles(path.join(agentRoot, 'sessions'), 'agent-zellij-report.json');
54
56
  for (const file of zellijReports) {
55
57
  const report = await readJson(file, null);
@@ -57,6 +59,7 @@ export async function runAgentCleanupExecutor(opts) {
57
59
  const sessionId = String(report?.session_id || '');
58
60
  if (!paneId)
59
61
  continue;
62
+ seenZellijPaneIds.add(paneId);
60
63
  if (!processReportInNamespace(report, projectHash)) {
61
64
  actions.push({ kind: 'skip_foreign_namespace', target: paneId, status: 'skipped', reason: 'zellij_pane_outside_project_namespace' });
62
65
  continue;
@@ -77,6 +80,77 @@ export async function runAgentCleanupExecutor(opts) {
77
80
  }
78
81
  }));
79
82
  }
83
+ const workerPaneReports = await listNamedFiles(path.join(agentRoot, 'sessions'), 'zellij-worker-pane.json');
84
+ for (const file of workerPaneReports) {
85
+ const report = await readJson(file, null);
86
+ const paneId = String(report?.pane_id || '');
87
+ const sessionName = String(report?.session_name || '');
88
+ const sessionId = String(report?.session_id || '');
89
+ const status = String(report?.status || '');
90
+ if (!paneId || !sessionName || seenZellijPaneIds.has(paneId))
91
+ continue;
92
+ seenZellijPaneIds.add(paneId);
93
+ if (opts.missionId && report?.mission_id && String(report.mission_id) !== String(opts.missionId)) {
94
+ actions.push({ kind: 'skip_foreign_namespace', target: paneId, status: 'skipped', reason: 'zellij_pane_wrong_mission' });
95
+ continue;
96
+ }
97
+ const terminal = TERMINAL_STATUSES.has(status) || Boolean(report?.closed_at);
98
+ if (activeSessionIds.has(sessionId) && !terminal && opts.drain !== true) {
99
+ actions.push({ kind: 'skip_active_session', target: sessionId || paneId, status: 'skipped', reason: 'managed_zellij_worker_active' });
100
+ continue;
101
+ }
102
+ actions.push(await applyAction({
103
+ kind: 'close_zellij_pane',
104
+ target: paneId,
105
+ reason: terminal ? 'managed_worker_zellij_pane_terminal' : 'managed_worker_zellij_pane_stale',
106
+ apply,
107
+ before: async () => ({ listed: true, pane_id: paneId, session_name: sessionName, source: path.relative(agentRoot, file), status }),
108
+ after: async () => ({ listed: false, pane_id: paneId, session_name: sessionName }),
109
+ run: async () => {
110
+ const close = await closeZellijPaneById(sessionName, paneId, packageRoot());
111
+ if (close && close.ok !== true)
112
+ throw new Error(close.blockers.join(',') || close.stderr_tail || 'zellij_pane_close_failed');
113
+ }
114
+ }));
115
+ }
116
+ const rightColumnReports = await listNamedFiles(opts.missionDir, 'zellij-right-column-state.json');
117
+ for (const file of rightColumnReports) {
118
+ const report = await readJson(file, null);
119
+ const sessionName = String(report?.session_name || '');
120
+ if (!sessionName)
121
+ continue;
122
+ const visibleActive = (Array.isArray(report?.visible_worker_panes) ? report.visible_worker_panes : [])
123
+ .some((pane) => pane?.status === 'launching' || pane?.status === 'running');
124
+ const headlessActive = (Array.isArray(report?.headless_workers) ? report.headless_workers : [])
125
+ .some((row) => !row?.status || row.status === 'running');
126
+ const anchorPaneIds = [...new Set([
127
+ report?.slot_column_anchor_pane_id,
128
+ report?.right_anchor_pane_id,
129
+ report?.dashboard_pane_id
130
+ ].map(String).filter((paneId) => paneId && paneId !== 'null' && paneId !== 'undefined'))];
131
+ for (const paneId of anchorPaneIds) {
132
+ if (seenZellijPaneIds.has(paneId))
133
+ continue;
134
+ seenZellijPaneIds.add(paneId);
135
+ if ((visibleActive || headlessActive) && opts.drain !== true) {
136
+ actions.push({ kind: 'skip_active_session', target: paneId, status: 'skipped', reason: 'zellij_right_column_anchor_active' });
137
+ continue;
138
+ }
139
+ actions.push(await applyAction({
140
+ kind: 'close_zellij_pane',
141
+ target: paneId,
142
+ reason: 'zellij_right_column_anchor_terminal',
143
+ apply,
144
+ before: async () => ({ listed: true, pane_id: paneId, session_name: sessionName, source: path.relative(opts.missionDir, file), visible_active: visibleActive, headless_active: headlessActive }),
145
+ after: async () => ({ listed: false, pane_id: paneId, session_name: sessionName }),
146
+ run: async () => {
147
+ const close = await closeZellijPaneById(sessionName, paneId, packageRoot());
148
+ if (close && close.ok !== true)
149
+ throw new Error(close.blockers.join(',') || close.stderr_tail || 'zellij_anchor_close_failed');
150
+ }
151
+ }));
152
+ }
153
+ }
80
154
  for (const dir of Array.isArray(namespace?.orphan_temp_dirs) ? namespace.orphan_temp_dirs.map(String) : []) {
81
155
  if (!namespaceOwnsPath(dir, projectHash)) {
82
156
  actions.push({ kind: 'skip_foreign_namespace', target: dir, status: 'skipped', reason: 'path_outside_project_namespace' });
@@ -12,10 +12,19 @@ export function parseAgentCommandArgs(command, args = []) {
12
12
  const minimumWorkItems = Number(readOption(args, '--minimum-work-items', targetActiveSlots));
13
13
  const maxQueueExpansion = Number(readOption(args, '--max-queue-expansion', 10));
14
14
  const concurrency = Number(readOption(args, '--concurrency', Math.min(agents, 5)));
15
- const useOllama = hasFlag(args, '--ollama') || hasFlag(args, '--local-model');
15
+ const useOllamaProtocol = hasFlag(args, '--ollama');
16
+ const useLocalModel = hasFlag(args, '--local-model');
17
+ const useOllama = useOllamaProtocol || useLocalModel;
16
18
  const noOllama = hasFlag(args, '--no-ollama') || hasFlag(args, '--no-local-model');
17
- const backendExplicit = hasOption(args, '--backend');
18
- const backend = String(readOption(args, '--backend', hasFlag(args, '--mock') ? 'fake' : useOllama && !noOllama ? 'ollama' : 'codex-sdk'));
19
+ const backendExplicit = hasOption(args, '--backend') || useOllamaProtocol || useLocalModel || noOllama;
20
+ const defaultBackend = hasFlag(args, '--mock')
21
+ ? 'fake'
22
+ : useLocalModel && !noOllama
23
+ ? 'local-llm'
24
+ : useOllamaProtocol && !noOllama
25
+ ? 'ollama'
26
+ : 'codex-sdk';
27
+ const backend = String(readOption(args, '--backend', defaultBackend));
19
28
  const route = String(readOption(args, '--route', '$Agent'));
20
29
  const mock = hasFlag(args, '--mock') || backend === 'fake';
21
30
  const real = hasFlag(args, '--real');
@@ -34,7 +43,7 @@ export function parseAgentCommandArgs(command, args = []) {
34
43
  const zellijSessionName = String(readOption(args, '--zellij-session-name', '') || '') || null;
35
44
  const zellijPaneWorker = hasFlag(args, '--no-zellij-pane-worker') ? false : hasFlag(args, '--zellij-pane-worker') ? true : undefined;
36
45
  const workerPlacement = String(readOption(args, '--worker-placement', zellijPaneWorker === true ? 'zellij-pane' : '') || '') || undefined;
37
- const zellijVisiblePaneCap = Number(readOption(args, '--zellij-visible-pane-cap', process.env.SKS_ZELLIJ_VISIBLE_PANE_CAP || 12));
46
+ const zellijVisiblePaneCap = resolveZellijVisiblePaneCap(readOption(args, '--zellij-visible-pane-cap', process.env.SKS_ZELLIJ_VISIBLE_PANE_CAP || ''), hasOption(args, '--zellij-visible-pane-cap') || Boolean(process.env.SKS_ZELLIJ_VISIBLE_PANE_CAP));
38
47
  const apply = hasFlag(args, '--apply');
39
48
  const dryRun = hasFlag(args, '--dry-run') || hasFlag(args, '--dryrun');
40
49
  const drain = hasFlag(args, '--drain');
@@ -52,6 +61,22 @@ export function parseAgentCommandArgs(command, args = []) {
52
61
  const prompt = promptPositionals.join(' ').trim() || 'Native agent run';
53
62
  return { command, action, prompt, route, agents, targetActiveSlots, desiredWorkItemCount, minimumWorkItems, maxQueueExpansion, concurrency, backend, backendExplicit, mock, real, readonly, profile, writeMode, applyPatches, dryRunPatches, maxWriteAgents, fastMode, serviceTier, noFast, ollamaEnabled: useOllama && !noOllama, noOllama, ollamaModel, ollamaBaseUrl, zellijSessionName, zellijPaneWorker, workerPlacement, zellijVisiblePaneCap, apply, dryRun, drain, staleMs, graceMs, killEscalation, json, missionId, lane, codexApp, patchEntryId };
54
63
  }
64
+ export function resolveZellijVisiblePaneCap(value = '', explicit = false) {
65
+ const requested = Number(value);
66
+ if (explicit && Number.isFinite(requested) && requested >= 1)
67
+ return Math.max(1, Math.floor(requested));
68
+ const columns = Number(process.env.SKS_ZELLIJ_TERMINAL_COLUMNS || process.env.COLUMNS || process.stdout?.columns || 0);
69
+ const unknownFallback = Number(process.env.SKS_ZELLIJ_UNKNOWN_VISIBLE_PANE_CAP || 3);
70
+ if (!Number.isFinite(columns) || columns < 120) {
71
+ return Math.max(1, Math.floor(Number.isFinite(unknownFallback) ? unknownFallback : 3));
72
+ }
73
+ const reservedColumns = Number(process.env.SKS_ZELLIJ_RESERVED_COLUMNS || 108);
74
+ const minWorkerColumns = Number(process.env.SKS_ZELLIJ_MIN_WORKER_PANE_COLUMNS || 72);
75
+ const maxAutoVisible = Number(process.env.SKS_ZELLIJ_MAX_AUTO_VISIBLE_PANES || 8);
76
+ const available = Math.max(0, columns - Math.max(80, reservedColumns));
77
+ const computed = Math.floor(available / Math.max(40, minWorkerColumns));
78
+ return Math.max(1, Math.min(Math.max(1, Math.floor(maxAutoVisible || 8)), computed || Math.floor(unknownFallback) || 3));
79
+ }
55
80
  function hasFlag(args, flag) {
56
81
  return args.includes(flag);
57
82
  }
@@ -1676,7 +1676,8 @@ async function runAgentByBackend(backend, agent, slice, opts) {
1676
1676
  return runProcessAgent(agent, slice, opts);
1677
1677
  if (backend === 'ollama')
1678
1678
  return runOllamaAgent(agent, slice, opts);
1679
- if (backend === 'codex-sdk' || backend === 'zellij') {
1679
+ if (backend === 'codex-sdk' || backend === 'zellij' || backend === 'local-llm') {
1680
+ const localPreferred = backend === 'local-llm';
1680
1681
  const ledgerRoot = path.resolve(opts.agentRoot || opts.cwd || process.cwd());
1681
1682
  const workerDir = path.join(ledgerRoot, 'codex-sdk-workers', String(agent.session_id || agent.id || 'agent'), String(slice?.id || 'slice'));
1682
1683
  const writePaths = sdkWritePaths(slice, opts);
@@ -1703,6 +1704,9 @@ async function runAgentByBackend(backend, agent, slice, opts) {
1703
1704
  user_confirmed_full_access: false,
1704
1705
  mad_sks_authorized: opts.madSksAuthorized === true || process.env.SKS_MAD_SKS_ACTIVE === '1'
1705
1706
  },
1707
+ backendPreference: localPreferred ? ['local-llm', 'codex-sdk'] : ['codex-sdk'],
1708
+ allowLocalLlm: localPreferred,
1709
+ ...(localPreferred ? { localLlmPolicy: { mode: 'local_preferred', requiresGptFinal: true } } : {}),
1706
1710
  mutationLedgerRoot: workerDir,
1707
1711
  zellijPaneId: null
1708
1712
  });
@@ -1710,9 +1714,11 @@ async function runAgentByBackend(backend, agent, slice, opts) {
1710
1714
  const patchEnvelopes = normalizeDirectSdkPatchEnvelopes(sdkWorkerResult?.patch_envelopes || [], agent, opts, sdkTask.sdkThreadId);
1711
1715
  const sdkReport = {
1712
1716
  schema: 'sks.codex-sdk-worker-adapter.v1',
1713
- backend: 'codex-sdk',
1717
+ backend: sdkTask.backend === 'local-llm' ? 'local-llm' : 'codex-sdk',
1718
+ backend_family: sdkTask.backend_family,
1714
1719
  sdk_thread_id: sdkTask.sdkThreadId,
1715
1720
  sdk_run_id: sdkTask.sdkRunId,
1721
+ local_llm_proof_path: sdkTask.localLlmProofPath || null,
1716
1722
  stream_event_count: sdkTask.streamEventCount,
1717
1723
  structured_output_valid: sdkTask.structuredOutputValid,
1718
1724
  worker_result_path: path.relative(ledgerRoot, sdkTask.workerResultPath),
@@ -1723,18 +1729,31 @@ async function runAgentByBackend(backend, agent, slice, opts) {
1723
1729
  };
1724
1730
  return validateAgentWorkerResult({
1725
1731
  ...sdkWorkerResult,
1726
- backend: 'codex-sdk',
1732
+ backend: sdkTask.backend === 'local-llm' ? 'local-llm' : 'codex-sdk',
1727
1733
  patch_envelopes: patchEnvelopes,
1728
1734
  ...(patchEnvelopes.length ? {} : { no_patch_reason: buildDirectNoPatchReason(slice, opts) }),
1729
1735
  codex_child_report: sdkReport,
1730
1736
  codex_sdk_thread: sdkReport,
1731
1737
  model_authored_patch_envelopes: patchEnvelopes.length > 0,
1732
1738
  fixture_patch_envelopes: false,
1733
- artifacts: [...new Set([...(sdkWorkerResult?.artifacts || []), path.relative(ledgerRoot, sdkTask.workerResultPath), path.join(path.relative(ledgerRoot, workerDir), 'codex-control-proof.json'), path.join(path.relative(ledgerRoot, workerDir), 'codex-thread-registry.json'), path.join(path.relative(ledgerRoot, workerDir), 'codex-sdk-events.jsonl')])],
1739
+ artifacts: [...new Set([
1740
+ ...(sdkWorkerResult?.artifacts || []),
1741
+ path.relative(ledgerRoot, sdkTask.workerResultPath),
1742
+ path.join(path.relative(ledgerRoot, workerDir), 'codex-control-proof.json'),
1743
+ path.join(path.relative(ledgerRoot, workerDir), 'codex-thread-registry.json'),
1744
+ path.join(path.relative(ledgerRoot, workerDir), sdkTask.backend === 'local-llm' ? 'local-llm-events.jsonl' : 'codex-sdk-events.jsonl'),
1745
+ ...(sdkTask.localLlmProofPath ? [path.relative(ledgerRoot, sdkTask.localLlmProofPath)] : [])
1746
+ ])],
1734
1747
  blockers: [...(sdkWorkerResult?.blockers || []), ...sdkTask.blockers],
1735
1748
  verification: {
1736
1749
  status: sdkTask.ok ? 'passed' : 'failed',
1737
- checks: [...(sdkWorkerResult?.verification?.checks || []), 'codex-sdk-control-plane', 'codex-sdk-event-stream', 'codex-sdk-structured-output']
1750
+ checks: [
1751
+ ...(sdkWorkerResult?.verification?.checks || []),
1752
+ sdkTask.backend === 'local-llm' ? 'local-llm-control-plane' : 'codex-sdk-control-plane',
1753
+ sdkTask.backend === 'local-llm' ? 'local-llm-event-stream' : 'codex-sdk-event-stream',
1754
+ sdkTask.backend === 'local-llm' ? 'local-llm-structured-output' : 'codex-sdk-structured-output',
1755
+ ...(sdkTask.backend === 'local-llm' ? ['gpt-final-required-before-acceptance'] : [])
1756
+ ]
1738
1757
  }
1739
1758
  });
1740
1759
  }
@@ -1753,7 +1772,7 @@ async function maybeSelectOllamaBackend(backend, agent, slice, opts) {
1753
1772
  if (!config?.ok || config.enabled !== true)
1754
1773
  return backend;
1755
1774
  const policy = classifyOllamaWorkerSlice(slice, { route: opts.route, agent });
1756
- return policy.ok ? 'ollama' : backend;
1775
+ return policy.ok ? 'local-llm' : backend;
1757
1776
  }
1758
1777
  function buildDirectSdkWorkerPrompt(slice) {
1759
1778
  const write = sdkWritePaths(slice, {});
@@ -3,7 +3,7 @@ import path from 'node:path';
3
3
  import { ensureDir, nowIso, writeJsonAtomic, writeTextAtomic } from '../fsx.js';
4
4
  import { REQUIRED_CODEX_MODEL } from '../codex-model-guard.js';
5
5
  export const AGENT_ROLE_CONFIG_REPAIR_SCHEMA = 'sks.agent-role-config-repair.v1';
6
- const SKS_OWNED_AGENT_CONFIGS = new Map([
6
+ export const SKS_OWNED_AGENT_CONFIGS = new Map([
7
7
  ['analysis-scout.toml', roleConfig('analysis_scout', 'Read-only SKS analysis scout retained for stale Codex agent-role config repair.', 'read-only')],
8
8
  ['native-agent-intake.toml', roleConfig('native_agent', 'Read-only Team native agent for repository/docs/tests/API/risk slices.', 'read-only')],
9
9
  ['team-consensus.toml', roleConfig('team_consensus', 'Planning and debate specialist for SKS Team mode.', 'read-only')],
@@ -11,6 +11,17 @@ const SKS_OWNED_AGENT_CONFIGS = new Map([
11
11
  ['db-safety-reviewer.toml', roleConfig('db_safety_reviewer', 'Read-only database safety reviewer for SQL, migrations, Supabase, and rollback safety.', 'read-only')],
12
12
  ['qa-reviewer.toml', roleConfig('qa_reviewer', 'Strict read-only verification reviewer for correctness, regressions, and final evidence.', 'read-only')]
13
13
  ]);
14
+ export function managedAgentRoleConfigForFile(file) {
15
+ return SKS_OWNED_AGENT_CONFIGS.get(path.basename(file))?.content || null;
16
+ }
17
+ export function managedAgentRoleConfigForRole(role) {
18
+ const normalized = String(role || '').trim().replace(/-/g, '_');
19
+ for (const [file, config] of SKS_OWNED_AGENT_CONFIGS) {
20
+ if (config.name === normalized || path.basename(file, '.toml').replace(/-/g, '_') === normalized)
21
+ return { file, content: config.content };
22
+ }
23
+ return null;
24
+ }
14
25
  export async function repairAgentRoleConfigs(input) {
15
26
  const root = path.resolve(input.root);
16
27
  const codexHome = input.codexHome || process.env.CODEX_HOME || path.join(process.env.HOME || '', '.codex');
@@ -66,7 +66,7 @@ class NativeCliSessionSwarmRecorder {
66
66
  patch_envelope_path: patchRel,
67
67
  service_tier: this.input.fastModePolicy.service_tier,
68
68
  fast_mode: this.input.fastModePolicy.fast_mode,
69
- ollama_enabled: ctx.opts.ollamaEnabled === true || this.input.backend === 'ollama',
69
+ ollama_enabled: ctx.opts.ollamaEnabled === true || this.input.backend === 'ollama' || this.input.backend === 'local-llm',
70
70
  ollama_model: ctx.opts.ollamaModel || null,
71
71
  ollama_base_url: ctx.opts.ollamaBaseUrl || null,
72
72
  source_intelligence_refs: ctx.agent.source_intelligence_refs || null,