sneakoscope 3.1.5 → 3.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/README.md +9 -37
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/.sks-build-stamp.json +4 -4
  6. package/dist/bin/sks.js +1 -1
  7. package/dist/cli/command-registry.js +1 -2
  8. package/dist/commands/codex-app.js +20 -12
  9. package/dist/commands/codex-native.js +84 -0
  10. package/dist/commands/doctor.js +90 -2
  11. package/dist/core/codex-app/codex-agent-role-sync.js +15 -5
  12. package/dist/core/codex-app/codex-app-execution-profile.js +38 -16
  13. package/dist/core/codex-app/codex-app-harness-matrix.js +4 -117
  14. package/dist/core/codex-app/codex-hook-lifecycle.js +4 -1
  15. package/dist/core/codex-app/codex-init-deep.js +66 -4
  16. package/dist/core/codex-app/codex-skill-sync.js +13 -8
  17. package/dist/core/codex-control/codex-0138-capability.js +5 -2
  18. package/dist/core/codex-native/codex-native-capability-cache.js +21 -0
  19. package/dist/core/codex-native/codex-native-feature-broker.js +250 -0
  20. package/dist/core/codex-native/codex-native-feature-matrix.js +31 -0
  21. package/dist/core/codex-native/codex-native-harness-compat.js +54 -0
  22. package/dist/core/{codex-app/lazycodex-interop-policy.js → codex-native/codex-native-interop-policy.js} +13 -15
  23. package/dist/core/codex-native/codex-native-invocation-router.js +112 -0
  24. package/dist/core/codex-native/codex-native-pattern-analysis.js +68 -0
  25. package/dist/core/codex-native/codex-native-reference-cache.js +98 -0
  26. package/dist/core/codex-native/codex-native-reference-evidence.js +2 -0
  27. package/dist/core/codex-native/codex-native-reference-source.js +149 -0
  28. package/dist/core/codex-native/codex-native-rename-map.js +25 -0
  29. package/dist/core/codex-native/codex-native-repair-transaction.js +150 -0
  30. package/dist/core/codex-plugins/codex-plugin-json.js +5 -2
  31. package/dist/core/commands/mad-sks-command.js +16 -0
  32. package/dist/core/feature-fixtures.js +2 -4
  33. package/dist/core/feature-registry.js +1 -1
  34. package/dist/core/fsx.js +1 -1
  35. package/dist/core/image/image-artifact-path-contract.js +18 -1
  36. package/dist/core/loops/loop-owner-inference.js +3 -0
  37. package/dist/core/loops/loop-planner.js +8 -2
  38. package/dist/core/loops/loop-worker-prompts.js +2 -0
  39. package/dist/core/loops/loop-worker-runtime.js +42 -7
  40. package/dist/core/qa-loop.js +24 -1
  41. package/dist/core/research.js +36 -3
  42. package/dist/core/routes.js +2 -3
  43. package/dist/core/version.js +1 -1
  44. package/dist/scripts/codex-native-runtime-e2e-fixture.js +75 -0
  45. package/dist/scripts/loop-worker-fixture-child.js +2 -1
  46. package/dist/scripts/sks-3-1-4-directive-check-lib.js +1 -30
  47. package/dist/scripts/sks-3-1-5-directive-check-lib.js +4 -33
  48. package/dist/scripts/sks-3-1-6-directive-check-lib.js +522 -0
  49. package/dist/scripts/sks-3-1-7-directive-check-lib.js +58 -0
  50. package/package.json +44 -13
  51. package/dist/cli/hermes-command.js +0 -99
  52. package/dist/cli/openclaw-command.js +0 -83
  53. package/dist/commands/hermes.js +0 -5
  54. package/dist/commands/openclaw.js +0 -3
  55. package/dist/core/codex-app/lazycodex-analysis.js +0 -72
  56. package/dist/core/codex-app/lazycodex-live-analyzer.js +0 -98
  57. package/dist/core/hermes.js +0 -192
  58. package/dist/core/openclaw.js +0 -171
package/README.md CHANGED
@@ -27,7 +27,7 @@ Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex
27
27
 
28
28
  ![Sneakoscope Codex Trust Layer](docs/assets/sneakoscope-architecture-pipeline.jpg)
29
29
 
30
- ## LLM Init Prompt for Hermes / OpenClaw Agent Builders
30
+ ## LLM Init Prompt for Codex Native Agent Builders
31
31
 
32
32
  ```text
33
33
  Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-Codex](https://github.com/mandarange/Sneakoscope-Codex)] as the repo reference and [npm i -g sneakoscope] as the recommended global install command, then run the appropriate `sks` setup, doctor, Codex App, and proof checks for this repo. Keep generated SKS state out of source control unless documented, and record every version-facing change in CHANGELOG.md.
@@ -35,7 +35,7 @@ Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-C
35
35
 
36
36
  ## 🚀 Current Release
37
37
 
38
- SKS **3.1.5** productionizes the Codex App harness with typed probe surfaces, dry-run Zellij self-heal planning, hook approval and `agent_type` evidence, LazyCodex live-source analysis, init-deep directory memory hints, and execution profile routing across Loop, QA, Research, and Naruto artifacts.
38
+ SKS **3.1.7** closes Codex-native runtime-proof gaps with real routing blackboxes, neutral reference cache refresh, read-only broker checks, explicit managed-asset repair transactions, and final brand-neutral artifact scans.
39
39
 
40
40
  SKS 3.0.0 was the parallel-runtime stabilization release. The whole live-swarm experience — what you actually *see* while 5, 20, or 100 workers run — was rebuilt and proven end-to-end.
41
41
 
@@ -79,7 +79,7 @@ npm run runtime:ts-python-boundary
79
79
  npm run codex-control:all-pipelines
80
80
  ```
81
81
 
82
- Broader release checks still live behind `npm run release:check`. Detailed release history is in [CHANGELOG.md](CHANGELOG.md), and release readiness is tracked in [docs/release-readiness.md](docs/release-readiness.md).
82
+ Change-aware release checks live behind `npm run release:check`; publish-authorizing full DAG checks use `npm run release:check:full`. Detailed release history is in [CHANGELOG.md](CHANGELOG.md), and release readiness is tracked in [docs/release-readiness.md](docs/release-readiness.md).
83
83
 
84
84
  ## 🍥 Parallelism, UX, And Integrations
85
85
 
@@ -292,7 +292,7 @@ sks selftest --mock
292
292
 
293
293
  ## 🎁 What Sneakoscope Adds
294
294
 
295
- `sks` adds a Zellij-backed Codex CLI runtime, Codex App `$` commands, Team/QA/PPT/Research/DB/GX/Wiki routes, OpenClaw and Hermes skill generation, Context7-gated current docs, TriWiki context packs, DB safety, design SSOT policy, skill dreaming, release checks, and Honest Mode.
295
+ `sks` adds a Zellij-backed Codex CLI runtime, Codex App `$` commands, Codex Native broker routing, Team/QA/PPT/Research/DB/GX/Wiki routes, Context7-gated current docs, TriWiki context packs, DB safety, design SSOT policy, skill dreaming, release checks, and Honest Mode.
296
296
 
297
297
  ## Report-Only Planning Surfaces
298
298
 
@@ -618,43 +618,15 @@ SKS does not install Git pre-commit hooks. Release metadata is changed only by e
618
618
 
619
619
  TriWiki is intentionally sparse: `sks wiki sweep` records demote, soft-forget, archive, delete, promote-to-skill, and promote-to-rule candidates instead of injecting every old claim into future prompts. `sks harness fixture` validates the broader Harness Growth Factory contract: deliberate forgetting fixtures, skill card metadata, experiment schema, tool-error taxonomy, permission profiles, MultiAgentV2 defaults, and tmux cockpit view coverage. `sks code-structure scan` flags handwritten files above 1000/2000/3000-line thresholds so new logic can be extracted before command files become harder to maintain.
620
620
 
621
- ## 🤖 OpenClaw And Hermes Agent Usage
622
-
623
- Sneakoscope can generate an OpenClaw skill package for agents that need to operate SKS-enabled repositories.
621
+ ## Codex Native Broker
624
622
 
625
623
  ```sh
626
- sks openclaw install
627
- sks openclaw path
624
+ sks codex-native status --json
625
+ sks codex-native invocation-plan --route '$Loop' --capability agent-role --json
626
+ sks codex-native init-deep --apply --directory-local --json
628
627
  ```
629
628
 
630
- By default this writes `~/.openclaw/skills/sneakoscope-codex/` with `manifest.yaml`, `SKILL.md`, a README, and `openclaw-agent-config.example.yaml`. Set `OPENCLAW_HOME` or pass `--dir` for a custom location. Attach the skill with the built-in `shell` tool enabled and set `SKS_OPENCLAW=1` so SKS can auto-approve update/install prompts that would otherwise wait for `Y/n`.
631
-
632
- ```sh
633
- SKS_OPENCLAW=1 sks root
634
- SKS_OPENCLAW=1 sks commands
635
- SKS_OPENCLAW=1 sks dollar-commands
636
- SKS_OPENCLAW=1 sks deps check
637
- SKS_OPENCLAW=1 sks proof-field scan --intent "small CLI change" --changed src/cli/main.ts
638
- ```
639
-
640
- If OpenClaw runs in a sandbox, grant shell execution only for trusted workspaces. Database, migration, and destructive work still follows SKS safety routes.
641
-
642
- Sneakoscope can also generate a Hermes Agent skill package for the Hermes `/skills` surface.
643
-
644
- ```sh
645
- sks hermes install
646
- sks hermes status --json
647
- sks hermes path
648
- ```
649
-
650
- By default this writes `~/.hermes/skills/sneakoscope-codex/` with `SKILL.md`, a README, `hermes-config.example.yaml`, and `skill-bundle.example.yaml`. Set `HERMES_HOME` or pass `--dir` for a custom location. Hermes agents should invoke `/sneakoscope-codex` with the terminal toolset enabled and run shell commands with `SKS_HERMES=1`; this enables non-interactive dependency/update prompts while leaving SKS DB, migration, and destructive-operation safety routes intact. If you use Hermes `skills.external_dirs`, remember writable external directories can be updated by Hermes, so protect shared skill folders with filesystem permissions when needed.
651
-
652
- ```sh
653
- SKS_HERMES=1 sks root --json
654
- SKS_HERMES=1 sks commands --json
655
- SKS_HERMES=1 sks dollar-commands --json
656
- SKS_HERMES=1 sks status --json
657
- ```
629
+ The broker records Codex-native feature availability, invocation defaults, neutral pattern evidence, and managed memory setup without exposing reference implementation branding in user-facing artifacts.
658
630
 
659
631
  ## 💬 Prompt `$` Commands
660
632
 
@@ -76,7 +76,7 @@ dependencies = [
76
76
 
77
77
  [[package]]
78
78
  name = "sks-core"
79
- version = "3.1.5"
79
+ version = "3.1.7"
80
80
  dependencies = [
81
81
  "serde_json",
82
82
  ]
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "sks-core"
3
- version = "3.1.5"
3
+ version = "3.1.7"
4
4
  edition = "2021"
5
5
 
6
6
  [dependencies]
@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
4
4
  fn main() {
5
5
  let mut args = std::env::args().skip(1);
6
6
  match args.next().as_deref() {
7
- Some("--version") => println!("sks-rs 3.1.5"),
7
+ Some("--version") => println!("sks-rs 3.1.7"),
8
8
  Some("compact-info") => {
9
9
  let mut input = String::new();
10
10
  let _ = io::stdin().read_to_string(&mut input);
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "schema": "sks.dist-build-stamp.v1",
3
3
  "package_name": "sneakoscope",
4
- "package_version": "3.1.5",
5
- "source_digest": "89b81e91ec4d82c33320922ae0dc33bd6562ccf37c58171858e7f703d7767e4b",
6
- "source_file_count": 2518,
7
- "built_at_source_time": 1781439913355
4
+ "package_version": "3.1.7",
5
+ "source_digest": "8927dd50bf67d1f2ce1df5744a3b21645a870f8f9182fe7b86a92affedf416aa",
6
+ "source_file_count": 2558,
7
+ "built_at_source_time": 1781491235171
8
8
  }
package/dist/bin/sks.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- const FAST_PACKAGE_VERSION = '3.1.5';
2
+ const FAST_PACKAGE_VERSION = '3.1.7';
3
3
  const args = process.argv.slice(2);
4
4
  try {
5
5
  if (args[0] === '--agent' && args[1] === 'worker') {
@@ -97,11 +97,10 @@ export const COMMANDS = {
97
97
  postinstall: entry('stable', 'Run postinstall bootstrap', 'dist/core/commands/basic-cli.js', basicArgs('postinstallCommand')),
98
98
  codex: entry('beta', 'Check Codex CLI compatibility and vendored hook schemas', 'dist/commands/codex.js', directCommand(() => import('../commands/codex.js'), 'dist/commands/codex.js')),
99
99
  'codex-app': entry('beta', 'Check Codex App readiness', 'dist/commands/codex-app.js', directCommand(() => import('../commands/codex-app.js'), 'dist/commands/codex-app.js')),
100
+ 'codex-native': entry('beta', 'Inspect Codex Native broker and routing readiness', 'dist/commands/codex-native.js', directCommand(() => import('../commands/codex-native.js'), 'dist/commands/codex-native.js')),
100
101
  'codex-lb': entry('beta', 'Inspect codex-lb status and circuit health', 'dist/commands/codex-lb.js', directCommand(() => import('../commands/codex-lb.js'), 'dist/commands/codex-lb.js')),
101
102
  auth: entry('beta', 'Alias for codex-lb auth commands', 'dist/commands/codex-lb.js', directCommand(() => import('../commands/codex-lb.js'), 'dist/commands/codex-lb.js')),
102
103
  hooks: entry('beta', 'Explain and inspect Codex hooks', 'dist/commands/hooks.js', directCommand(() => import('../commands/hooks.js'), 'dist/commands/hooks.js')),
103
- openclaw: entry('labs', 'Create OpenClaw skill package', 'dist/commands/openclaw.js', directCommand(() => import('../commands/openclaw.js'), 'dist/commands/openclaw.js')),
104
- hermes: entry('labs', 'Create Hermes Agent skill package', 'dist/commands/hermes.js', directCommand(() => import('../commands/hermes.js'), 'dist/commands/hermes.js')),
105
104
  tmux: entry('beta', 'Show removed-runtime migration notice', 'dist/commands/tmux.js', directCommand(() => import('../commands/tmux.js'), 'dist/commands/tmux.js')),
106
105
  'zellij-lane': entry('beta', 'Render a Zellij lane frame for SKS sessions', 'dist/commands/zellij-lane.js', directCommand(() => import('../commands/zellij-lane.js'), 'dist/commands/zellij-lane.js')),
107
106
  'zellij-slot-pane': entry('beta', 'Render a compact Zellij worker slot pane', 'dist/commands/zellij-slot-pane.js', directCommand(() => import('../commands/zellij-slot-pane.js'), 'dist/commands/zellij-slot-pane.js')),
@@ -9,13 +9,15 @@ import { syncCodexAgentRoles } from '../core/codex-app/codex-agent-role-sync.js'
9
9
  import { runCodexInitDeep } from '../core/codex-app/codex-init-deep.js';
10
10
  import { buildCodexHookLifecycle } from '../core/codex-app/codex-hook-lifecycle.js';
11
11
  import { resolveCodexAppExecutionProfile } from '../core/codex-app/codex-app-execution-profile.js';
12
- import { buildLazyCodexInteropPolicy } from '../core/codex-app/lazycodex-interop-policy.js';
12
+ import { repairCodexNativeManagedAssets } from '../core/codex-native/codex-native-repair-transaction.js';
13
13
  export async function run(_command, args = []) {
14
14
  const action = args[0] || 'check';
15
15
  if (action === 'remote-control' || action === 'remote')
16
16
  return codexAppRemoteControlCommand(args.slice(1));
17
- if (action === 'harness-matrix')
18
- return printCodexAppResult(args, await buildCodexAppHarnessMatrix({ root: await sksRoot(), applyRepairs: flag(args, '--fix') || flag(args, '--apply') }));
17
+ if (action === 'harness-matrix') {
18
+ const root = await sksRoot();
19
+ return printCodexAppResult(args, await maybeRepairThenReadOnlyHarness(args, root));
20
+ }
19
21
  if (action === 'skill-sync')
20
22
  return printCodexAppResult(args, await syncCodexSksSkills({ root: await sksRoot(), apply: flag(args, '--apply') || flag(args, '--fix') }));
21
23
  if (action === 'agent-role-sync')
@@ -26,11 +28,6 @@ export async function run(_command, args = []) {
26
28
  return printCodexAppResult(args, await buildCodexHookLifecycle({ root: await sksRoot(), apply: flag(args, '--apply') || flag(args, '--fix') }));
27
29
  if (action === 'execution-profile')
28
30
  return printCodexAppResult(args, await resolveCodexAppExecutionProfile({ root: await sksRoot() }));
29
- if (action === 'interop' && args[1] === 'lazycodex') {
30
- const modeArg = readOption(args, '--mode', 'coexist');
31
- const mode = modeArg === 'sks-primary' || modeArg === 'handoff-to-omo' ? modeArg : 'coexist';
32
- return printCodexAppResult(args, await buildLazyCodexInteropPolicy({ root: await sksRoot(), mode }));
33
- }
34
31
  if (action === 'product-design' || action === 'design-product' || action === 'ensure-product-design') {
35
32
  const checkOnly = flag(args, '--check-only') || flag(args, '--no-install');
36
33
  const status = await codexProductDesignPluginStatus({
@@ -91,7 +88,7 @@ export async function run(_command, args = []) {
91
88
  process.exitCode = 1;
92
89
  return;
93
90
  }
94
- console.error('Usage: sks codex-app check|status|harness-matrix|skill-sync|agent-role-sync|init-deep|hook-lifecycle|execution-profile|interop lazycodex [--mode coexist]|product-design [--check-only]|ensure-product-design|chrome-extension|pat status|remote-control [--json]');
91
+ console.error('Usage: sks codex-app check|status|harness-matrix|skill-sync|agent-role-sync|init-deep|hook-lifecycle|execution-profile|product-design [--check-only]|ensure-product-design|chrome-extension|pat status|remote-control [--json]');
95
92
  process.exitCode = 1;
96
93
  }
97
94
  function printCodexAppResult(args = [], result) {
@@ -109,8 +106,19 @@ function printCodexAppResult(args = [], result) {
109
106
  if (result?.ok === false)
110
107
  process.exitCode = 1;
111
108
  }
112
- function readOption(args = [], name, fallback) {
113
- const index = args.indexOf(name);
114
- return index >= 0 && args[index + 1] ? String(args[index + 1]) : fallback;
109
+ async function maybeRepairThenReadOnlyHarness(args = [], root) {
110
+ const wantsRepair = flag(args, '--fix') || flag(args, '--apply') || flag(args, '--repair-codex-native');
111
+ if (!wantsRepair)
112
+ return buildCodexAppHarnessMatrix({ root, mode: 'read-only' });
113
+ const repair = await repairCodexNativeManagedAssets({ root, requestedBy: 'manual', yes: flag(args, '--yes') });
114
+ const matrix = await buildCodexAppHarnessMatrix({ root, mode: 'read-only' });
115
+ return {
116
+ schema: 'sks.codex-app-harness-read-repair-split.v1',
117
+ ok: repair.ok && matrix?.ok !== false,
118
+ repair,
119
+ matrix,
120
+ blockers: [...(repair.blockers || []), ...(matrix?.blockers || [])],
121
+ warnings: [...(repair.warnings || []), 'harness_probe_after_explicit_repair_transaction']
122
+ };
115
123
  }
116
124
  //# sourceMappingURL=codex-app.js.map
@@ -0,0 +1,84 @@
1
+ import { flag } from '../cli/args.js';
2
+ import { printJson } from '../cli/output.js';
3
+ import { sksRoot } from '../core/fsx.js';
4
+ import { syncCodexAgentRoles } from '../core/codex-app/codex-agent-role-sync.js';
5
+ import { resolveCodexAppExecutionProfile } from '../core/codex-app/codex-app-execution-profile.js';
6
+ import { buildCodexAppHarnessMatrix } from '../core/codex-app/codex-app-harness-matrix.js';
7
+ import { buildCodexHookLifecycle } from '../core/codex-app/codex-hook-lifecycle.js';
8
+ import { runCodexInitDeep } from '../core/codex-app/codex-init-deep.js';
9
+ import { syncCodexSksSkills } from '../core/codex-app/codex-skill-sync.js';
10
+ import { buildCodexNativeFeatureMatrix } from '../core/codex-native/codex-native-feature-broker.js';
11
+ import { resolveCodexNativeInvocationPlan } from '../core/codex-native/codex-native-invocation-router.js';
12
+ import { buildCodexNativeInteropPolicy } from '../core/codex-native/codex-native-interop-policy.js';
13
+ import { analyzeCodexNativeReferenceSource } from '../core/codex-native/codex-native-reference-evidence.js';
14
+ import { writeCodexNativePatternAnalysis } from '../core/codex-native/codex-native-pattern-analysis.js';
15
+ import { repairCodexNativeManagedAssets } from '../core/codex-native/codex-native-repair-transaction.js';
16
+ export async function run(_command, args = []) {
17
+ const root = await sksRoot();
18
+ const action = String(args[0] || 'status');
19
+ if (action === 'status' || action === 'check' || action === 'feature-broker' || action === 'feature-matrix') {
20
+ return printCodexNativeResult(args, await maybeRepairThenReadOnlyMatrix(args, root, () => buildCodexNativeFeatureMatrix({ root, mode: 'read-only' })));
21
+ }
22
+ if (action === 'harness-matrix' || action === 'harness-compat') {
23
+ return printCodexNativeResult(args, await maybeRepairThenReadOnlyMatrix(args, root, () => buildCodexAppHarnessMatrix({ root, mode: 'read-only' })));
24
+ }
25
+ if (action === 'skill-sync')
26
+ return printCodexNativeResult(args, await syncCodexSksSkills({ root, apply: flag(args, '--apply') || flag(args, '--fix') }));
27
+ if (action === 'agent-role-sync')
28
+ return printCodexNativeResult(args, await syncCodexAgentRoles({ root, apply: flag(args, '--apply') || flag(args, '--fix') }));
29
+ if (action === 'init-deep')
30
+ return printCodexNativeResult(args, await runCodexInitDeep({ root, apply: flag(args, '--apply') || flag(args, '--fix'), directoryLocal: flag(args, '--directory-local') }));
31
+ if (action === 'hook-lifecycle')
32
+ return printCodexNativeResult(args, await buildCodexHookLifecycle({ root, apply: flag(args, '--apply') || flag(args, '--fix') }));
33
+ if (action === 'execution-profile')
34
+ return printCodexNativeResult(args, await resolveCodexAppExecutionProfile({ root }));
35
+ if (action === 'interop-policy')
36
+ return printCodexNativeResult(args, await buildCodexNativeInteropPolicy({ root }));
37
+ if (action === 'reference-evidence')
38
+ return printCodexNativeResult(args, await analyzeCodexNativeReferenceSource({ root, writeReport: true }));
39
+ if (action === 'pattern-analysis')
40
+ return printCodexNativeResult(args, await writeCodexNativePatternAnalysis(root));
41
+ if (action === 'route' || action === 'invocation-plan') {
42
+ const route = readOption(args, '--route', '$Loop');
43
+ const desiredCapability = readOption(args, '--capability', 'agent-role');
44
+ const missionId = readOption(args, '--mission', null);
45
+ return printCodexNativeResult(args, await resolveCodexNativeInvocationPlan({ root, missionId, route, desiredCapability }));
46
+ }
47
+ console.error('Usage: sks codex-native status|feature-broker|harness-compat|skill-sync|agent-role-sync|init-deep|hook-lifecycle|execution-profile|interop-policy|reference-evidence|pattern-analysis|invocation-plan [--json]');
48
+ process.exitCode = 1;
49
+ }
50
+ async function maybeRepairThenReadOnlyMatrix(args = [], root, matrixFn) {
51
+ const wantsRepair = flag(args, '--fix') || flag(args, '--apply') || flag(args, '--repair-codex-native');
52
+ if (!wantsRepair)
53
+ return matrixFn();
54
+ const repair = await repairCodexNativeManagedAssets({ root, requestedBy: 'manual', yes: flag(args, '--yes') });
55
+ const matrix = await matrixFn();
56
+ return {
57
+ schema: 'sks.codex-native-read-repair-split.v1',
58
+ ok: repair.ok && matrix?.ok !== false,
59
+ repair,
60
+ matrix,
61
+ blockers: [...(repair.blockers || []), ...(matrix?.blockers || [])],
62
+ warnings: [...(repair.warnings || []), 'matrix_probe_after_explicit_repair_transaction']
63
+ };
64
+ }
65
+ function printCodexNativeResult(args = [], result) {
66
+ if (flag(args, '--json')) {
67
+ printJson(result);
68
+ if (result?.ok === false)
69
+ process.exitCode = 1;
70
+ return;
71
+ }
72
+ console.log(`${result?.schema || 'sks.codex-native-result'}: ${result?.ok === false ? 'blocked' : 'ok'}`);
73
+ for (const blocker of result?.blockers || [])
74
+ console.log(`- blocker: ${blocker}`);
75
+ for (const warning of result?.warnings || [])
76
+ console.log(`- warning: ${warning}`);
77
+ if (result?.ok === false)
78
+ process.exitCode = 1;
79
+ }
80
+ function readOption(args = [], name, fallback) {
81
+ const index = args.indexOf(name);
82
+ return index >= 0 && args[index + 1] ? String(args[index + 1]) : fallback;
83
+ }
84
+ //# sourceMappingURL=codex-native.js.map
@@ -25,6 +25,8 @@ import { writeCodexPluginInventoryArtifacts, pluginAppTemplatePolicy } from '../
25
25
  import { writeMcpPluginInventoryArtifacts } from '../core/mcp/mcp-plugin-inventory.js';
26
26
  import { runDoctorZellijRepair, doctorZellijRepairConsoleLine } from '../core/doctor/doctor-zellij-repair.js';
27
27
  import { buildCodexAppHarnessMatrix } from '../core/codex-app/codex-app-harness-matrix.js';
28
+ import { buildCodexNativeFeatureMatrix } from '../core/codex-native/codex-native-feature-broker.js';
29
+ import { repairCodexNativeManagedAssets } from '../core/codex-native/codex-native-repair-transaction.js';
28
30
  export async function run(_command, args = []) {
29
31
  const doctorFix = flag(args, '--fix');
30
32
  let setupRepair = null;
@@ -197,7 +199,23 @@ export async function run(_command, args = []) {
197
199
  const mcpPluginInventory = pluginInventory?.report
198
200
  ? await writeMcpPluginInventoryArtifacts(root, { inventory: pluginInventory.report }).catch((err) => ({ error: err?.message || String(err), candidates: null }))
199
201
  : null;
200
- const codexAppHarnessMatrix = await buildCodexAppHarnessMatrix({ root, applyRepairs: doctorFix }).catch((err) => ({
202
+ const repairCodexNative = doctorFix && flag(args, '--repair-codex-native');
203
+ const codexNativeRepair = repairCodexNative
204
+ ? await repairCodexNativeManagedAssets({
205
+ root,
206
+ requestedBy: 'doctor --fix',
207
+ yes: flag(args, '--yes') || flag(args, '-y')
208
+ }).catch((err) => ({
209
+ schema: 'sks.codex-native-repair-transaction.v1',
210
+ ok: false,
211
+ generated_at: new Date().toISOString(),
212
+ requested_by: 'doctor --fix',
213
+ repaired: [],
214
+ blockers: [err?.message || String(err)],
215
+ warnings: []
216
+ }))
217
+ : null;
218
+ const codexAppHarnessMatrix = await buildCodexAppHarnessMatrix({ root, mode: 'read-only' }).catch((err) => ({
201
219
  schema: 'sks.codex-app-harness-matrix.v1',
202
220
  ok: false,
203
221
  codex_cli: { available: false, version: null },
@@ -206,6 +224,22 @@ export async function run(_command, args = []) {
206
224
  blockers: [err?.message || String(err)],
207
225
  warnings: []
208
226
  }));
227
+ const codexNativeFeatureMatrix = await buildCodexNativeFeatureMatrix({ root, mode: 'read-only' }).catch((err) => ({
228
+ schema: 'sks.codex-native-feature-matrix.v1',
229
+ ok: false,
230
+ codex_cli: { available: Boolean(codex.bin), version: codex.version || null, bin: codex.bin || null },
231
+ features: {},
232
+ invocation_defaults: {
233
+ loop_worker_role_strategy: 'message-role',
234
+ qa_visual_review_strategy: 'blocked',
235
+ research_source_strategy: 'local-files',
236
+ image_followup_strategy: 'blocked',
237
+ hook_evidence_policy: 'unknown-do-not-count',
238
+ skill_bridge_strategy: 'cli-only'
239
+ },
240
+ blockers: [err?.message || String(err)],
241
+ warnings: []
242
+ }));
209
243
  const pkgBytes = await dirSize(root).catch(() => 0);
210
244
  const ready = await writeDoctorReadinessMatrix(root, {
211
245
  codex,
@@ -232,6 +266,7 @@ export async function run(_command, args = []) {
232
266
  ]
233
267
  });
234
268
  const zellijReadiness = buildZellijReadiness(root, zellij, ready);
269
+ const runtimeReadiness = buildRuntimeReadiness(zellijReadiness, codexNativeFeatureMatrix);
235
270
  const result = {
236
271
  schema: 'sks.doctor-status.v1',
237
272
  ok: ready.ready && (!sksUpdate || sksUpdate.ok !== false),
@@ -265,10 +300,12 @@ export async function run(_command, args = []) {
265
300
  mcp_plugin_inventory: mcpPluginInventory?.candidates || null
266
301
  },
267
302
  codex_app_harness_matrix: codexAppHarnessMatrix,
303
+ codex_native_feature_matrix: codexNativeFeatureMatrix,
304
+ runtime_readiness: runtimeReadiness,
268
305
  ready,
269
306
  sneakoscope: { ok: await exists(`${root}/.sneakoscope`) },
270
307
  package: { bytes: pkgBytes, human: formatBytes(pkgBytes) },
271
- repair: { sks_update: sksUpdate, setup: setupRepair, codex_config: configRepair, migration_journal: migrationJournal, global_sks_installs: globalSksInstallCleanup, agent_role_config: agentRoleConfigRepair, zellij: zellijRepair }
308
+ repair: { sks_update: sksUpdate, setup: setupRepair, codex_config: configRepair, migration_journal: migrationJournal, global_sks_installs: globalSksInstallCleanup, agent_role_config: agentRoleConfigRepair, zellij: zellijRepair, codex_native: codexNativeRepair }
272
309
  };
273
310
  if (flag(args, '--json')) {
274
311
  printJson(result);
@@ -298,6 +335,20 @@ export async function run(_command, args = []) {
298
335
  console.log(` codex doctor: ${codexDoctor.available ? (codexDoctor.exit_code === 0 ? 'ok' : 'warning') : 'unavailable'}`);
299
336
  console.log(`Rust acc.: ${rust.mode || (rust.available ? 'rust_accelerated' : 'js_fallback')} ${rust.version || rust.status || ''}`);
300
337
  console.log(`Codex App: ${ready.codex_app_ready ? 'ok' : 'optional_missing'}`);
338
+ console.log('SKS Runtime Readiness:');
339
+ console.log(` Zellij: ${runtimeReadiness.zellij}`);
340
+ console.log(` Codex Native: ${runtimeReadiness.codex_native}`);
341
+ console.log(` Loop Mesh: ${runtimeReadiness.loop_mesh}`);
342
+ console.log(` QA Visual: ${runtimeReadiness.qa_visual}`);
343
+ console.log(` Research Sources: ${runtimeReadiness.research_sources}`);
344
+ console.log(` Image Follow-up: ${runtimeReadiness.image_followup}`);
345
+ for (const note of runtimeReadiness.notes)
346
+ console.log(` ${note}`);
347
+ if (runtimeReadiness.repair_actions.length) {
348
+ console.log('Repair actions:');
349
+ for (const action of runtimeReadiness.repair_actions)
350
+ console.log(` - ${action}`);
351
+ }
301
352
  console.log('Codex App Harness:');
302
353
  console.log(` plugins: ${codexAppHarnessMatrix.app_features?.plugin_json ? 'ok' : 'degraded'}`);
303
354
  console.log(` hook approval: ${codexAppHarnessMatrix.app_features?.hook_approval_state_detectable ? 'ok' : 'unknown'}`);
@@ -385,6 +436,43 @@ export async function run(_command, args = []) {
385
436
  if (!result.ok)
386
437
  process.exitCode = 1;
387
438
  }
439
+ function buildRuntimeReadiness(zellijReadiness, matrix) {
440
+ const defaults = matrix?.invocation_defaults || {};
441
+ const hookPolicy = defaults.hook_evidence_policy || 'unknown-do-not-count';
442
+ const agentStrategy = defaults.loop_worker_role_strategy || 'message-role';
443
+ const zellijStatus = zellijReadiness?.status === 'ok'
444
+ ? 'ok'
445
+ : zellijReadiness?.cli_ready ? 'headless_available' : 'repair_required';
446
+ const codexNative = matrix?.ok === true
447
+ ? 'ok'
448
+ : matrix?.codex_cli?.available ? 'degraded' : 'blocked';
449
+ const repairActions = [];
450
+ if (zellijStatus !== 'ok') {
451
+ repairActions.push('Zellij: sks doctor --fix --yes');
452
+ repairActions.push('Homebrew + Zellij: sks doctor --fix --install-homebrew --yes');
453
+ }
454
+ if (codexNative !== 'ok')
455
+ repairActions.push('Codex Native managed assets: sks doctor --fix --repair-codex-native --yes');
456
+ if (matrix?.features?.project_memory?.ok !== true)
457
+ repairActions.push('Project memory: sks codex-native init-deep --apply --directory-local');
458
+ return {
459
+ schema: 'sks.runtime-readiness-story.v1',
460
+ zellij: zellijStatus,
461
+ codex_native: codexNative,
462
+ loop_mesh: agentStrategy === 'agent_type' ? 'ok' : 'fallback',
463
+ qa_visual: defaults.qa_visual_review_strategy || 'blocked',
464
+ research_sources: defaults.research_source_strategy || 'local-files',
465
+ image_followup: defaults.image_followup_strategy || 'blocked',
466
+ hook_evidence_policy: hookPolicy,
467
+ agent_role_strategy: agentStrategy,
468
+ notes: [
469
+ ...(zellijStatus === 'headless_available' ? ['MAD can run with --headless; live panes require repair'] : []),
470
+ ...(hookPolicy !== 'approved-only' ? ['hook-derived evidence will not count'] : []),
471
+ ...(agentStrategy !== 'agent_type' ? ['message-role fallback active'] : [])
472
+ ],
473
+ repair_actions: [...new Set(repairActions)]
474
+ };
475
+ }
388
476
  // Assemble the explicit Zellij readiness block for `doctor --json` from the
389
477
  // capability probe + readiness matrix. Proof statuses are availability-derived:
390
478
  // `verified` is reserved for a real environment run (SKS_REQUIRE_ZELLIJ=1 gates);
@@ -56,7 +56,7 @@ export async function syncCodexAgentRoles(input) {
56
56
  for (const role of DIRECTIVE_ROLES) {
57
57
  const file = path.join(targetDir, `${role}.toml`);
58
58
  const current = await fs.readFile(file, 'utf8').catch(() => '');
59
- if (current && !current.includes('SKS managed 3.1.4 directive role') && !current.includes('SKS managed 3.1.5 directive role'))
59
+ if (current && !current.includes('SKS managed 3.1.4 directive role') && !current.includes('SKS managed 3.1.5 directive role') && !current.includes('SKS managed 3.1.6 directive role') && !current.includes('SKS managed 3.1.6 bounded role') && !current.includes('SKS managed 3.1.7 directive role'))
60
60
  continue;
61
61
  await writeTextAtomic(file, roleToml(role, rolePayloads[role]));
62
62
  created.push(file);
@@ -69,6 +69,9 @@ export async function syncCodexAgentRoles(input) {
69
69
  apply: input.apply === true,
70
70
  agent_type_supported: agentTypeProbe.supported,
71
71
  fallback: agentTypeProbe.supported ? 'agent_type' : 'message-role',
72
+ strategy: agentTypeProbe.supported ? 'agent_type' : 'message-role',
73
+ probe_artifact_path: '.sneakoscope/reports/codex-agent-type-probe.json',
74
+ clobbered_user_roles: false,
72
75
  codex_home: codexHome,
73
76
  directive_roles: DIRECTIVE_ROLES,
74
77
  role_payloads: rolePayloads,
@@ -86,15 +89,22 @@ function roleToml(role, payload) {
86
89
  : `message_role_prefix = "${escapeToml(payload?.message_role_prefix || `Role: ${role}.`)}"`;
87
90
  return [
88
91
  `name = "${role}"`,
89
- `description = "SKS managed 3.1.5 directive role: ${role}"`,
92
+ `description = "SKS managed 3.1.7 directive role: ${role}"`,
90
93
  strategyLine,
91
94
  'model_reasoning_effort = "medium"',
92
95
  role.includes('implementer') ? 'sandbox_mode = "workspace-write"' : 'sandbox_mode = "read-only"',
93
96
  'approval_policy = "never"',
94
97
  'developer_instructions = """',
95
- `You are ${role}. SKS managed 3.1.5 directive role.`,
96
- 'Use the assigned scope only, cite concrete repo evidence, keep mutation surfaces bounded, and never clobber user files.',
97
- 'Report blockers as evidence-backed findings and write route artifacts before claiming completion.',
98
+ `You are ${role}. SKS managed 3.1.7 directive role with bounded ownership.`,
99
+ 'Bounded ownership: use only the assigned owner files/directories and treat memory as guidance, not permission.',
100
+ role.includes('implementer') ? 'Maker/checker separation: implementer may patch only owner scope and cannot self-approve.' : 'Maker/checker separation: checker is read-only and must reject missing gates or missing proof artifacts.',
101
+ role.includes('implementer') ? 'Allowed sandbox: workspace-write only within assigned owner scope.' : 'Allowed sandbox: read-only; checker roles cannot mutate.',
102
+ role.includes('release') ? 'Release verifier: verify version truth, release DAG coverage, package scripts, packlist, and changelog evidence.' : '',
103
+ role.includes('zellij') ? 'UI/Zellij verifier: inspect readiness status, headless fallback, repair_required, pane proof, and slot telemetry without mutating unrelated UI state.' : '',
104
+ role.includes('codex') ? 'Codex native verifier: inspect hook approval, agent_type, skill sync, plugin inventory, MCP candidates, and invocation plan artifacts.' : '',
105
+ 'Side-effect restrictions: no destructive shell, package publish, global config mutation, database mutation, or external service write unless the sealed route contract explicitly allows it.',
106
+ 'Required proof artifacts: cite concrete repo paths, command outputs, and route-local JSON proof before claiming completion.',
107
+ 'Final arbiter constraints: parent integration owns final acceptance; this role supplies evidence and cannot override missing gates.',
98
108
  `Execution role strategy: ${payload?.strategy || 'message-role'}. Probe: ${payload?.probe_artifact_path || '.sneakoscope/reports/codex-agent-type-probe.json'}.`,
99
109
  '"""',
100
110
  ''
@@ -2,38 +2,60 @@ import path from 'node:path';
2
2
  import { nowIso, writeJsonAtomic } from '../fsx.js';
3
3
  import { buildCodexAppHarnessMatrix } from './codex-app-harness-matrix.js';
4
4
  import { isCodexAppHarnessMatrix } from './codex-app-types.js';
5
+ import { buildCodexNativeFeatureMatrix } from '../codex-native/codex-native-feature-broker.js';
5
6
  export async function resolveCodexAppExecutionProfile(input = { root: process.cwd() }) {
6
7
  const root = path.resolve(input.root || process.cwd());
7
- const maybeMatrix = input.matrix || await buildCodexAppHarnessMatrix({ root }).catch(() => null);
8
+ const nativeMatrix = await buildCodexNativeFeatureMatrix({ root }).catch(() => null);
9
+ const maybeMatrix = input.matrix || (nativeMatrix ? null : await buildCodexAppHarnessMatrix({ root }).catch(() => null));
8
10
  const matrix = isCodexAppHarnessMatrix(maybeMatrix) ? maybeMatrix : null;
9
- const mode = !matrix?.codex_cli.available
10
- ? 'degraded-no-app'
11
- : matrix.app_features.app_handoff_ready && matrix.app_features.agent_type_supported
12
- ? 'codex-app-native'
13
- : matrix.codex_cli.available
14
- ? 'codex-cli-headless'
15
- : 'sks-loop-headless';
11
+ const mode = nativeMatrix
12
+ ? modeFromNative(nativeMatrix)
13
+ : !matrix?.codex_cli.available
14
+ ? 'degraded-no-app'
15
+ : matrix.app_features.app_handoff_ready && matrix.app_features.agent_type_supported
16
+ ? 'codex-app-native'
17
+ : matrix.codex_cli.available
18
+ ? 'codex-cli-headless'
19
+ : 'sks-loop-headless';
20
+ const agentRoleStrategy = nativeMatrix?.invocation_defaults.loop_worker_role_strategy || (matrix?.app_features.agent_type_supported ? 'agent_type' : 'message-role');
21
+ const hookApprovalState = hookApprovalStateFrom(nativeMatrix) || matrix?.app_features.hook_approval_state || 'unknown';
16
22
  const profile = {
17
23
  schema: 'sks.codex-app-execution-profile.v1',
18
24
  generated_at: nowIso(),
19
25
  ok: mode !== 'degraded-no-app',
20
26
  mode,
21
- agent_role_strategy: matrix?.app_features.agent_type_supported ? 'agent_type' : 'message-role',
27
+ agent_role_strategy: agentRoleStrategy,
22
28
  hooks_assumed_running: false,
23
- hooks_approval_required: matrix?.app_features.hook_approval_state !== 'approved',
24
- hook_approval_state: matrix?.app_features.hook_approval_state || 'unknown',
25
- app_handoff_ready: matrix?.app_features.app_handoff_ready === true,
26
- image_path_exposure_ready: matrix?.app_features.image_path_exposure_ready === true,
27
- plugin_mcp_inventory_ready: matrix?.app_features.mcp_inventory_ready === true,
29
+ hooks_approval_required: hookApprovalState !== 'approved',
30
+ hook_approval_state: hookApprovalState,
31
+ app_handoff_ready: nativeMatrix?.features.app_handoff.ok === true || matrix?.app_features.app_handoff_ready === true,
32
+ image_path_exposure_ready: nativeMatrix?.features.image_path_exposure.ok === true || matrix?.app_features.image_path_exposure_ready === true,
33
+ plugin_mcp_inventory_ready: nativeMatrix?.features.mcp_inventory.ok === true || matrix?.app_features.mcp_inventory_ready === true,
28
34
  loop_mesh_app_profile_available: true,
29
35
  artifact_path: '.sneakoscope/reports/codex-app-execution-profile.json',
30
- matrix_artifact_path: '.sneakoscope/reports/codex-app-harness-matrix.json',
36
+ matrix_artifact_path: nativeMatrix ? '.sneakoscope/reports/codex-native-feature-matrix.json' : '.sneakoscope/reports/codex-app-harness-matrix.json',
31
37
  agent_type_probe_artifact_path: '.sneakoscope/reports/codex-agent-type-probe.json',
32
38
  hook_approval_probe_artifact_path: '.sneakoscope/reports/codex-hook-approval-probe.json',
33
39
  blockers: mode === 'degraded-no-app' ? ['codex_cli_missing'] : [],
34
- warnings: matrix?.warnings || []
40
+ warnings: nativeMatrix?.warnings || matrix?.warnings || []
35
41
  };
36
42
  await writeJsonAtomic(path.join(root, '.sneakoscope', 'reports', 'codex-app-execution-profile.json'), profile).catch(() => undefined);
37
43
  return profile;
38
44
  }
45
+ function modeFromNative(matrix) {
46
+ if (!matrix.codex_cli.available)
47
+ return 'degraded-no-app';
48
+ if (matrix.features.app_handoff.ok && matrix.features.agent_type.ok)
49
+ return 'codex-app-native';
50
+ return 'codex-cli-headless';
51
+ }
52
+ function hookApprovalStateFrom(matrix) {
53
+ const probe = matrix?.probes.hook_approval;
54
+ if (!probe || typeof probe !== 'object' || Array.isArray(probe))
55
+ return null;
56
+ const state = probe.approval_state;
57
+ return state === 'approved' || state === 'pending_review' || state === 'modified_requires_reapproval' || state === 'not_installed' || state === 'unknown'
58
+ ? state
59
+ : null;
60
+ }
39
61
  //# sourceMappingURL=codex-app-execution-profile.js.map