sneakoscope 4.0.1 → 4.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/README.md +7 -7
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/bin/sks.js +1 -1
  6. package/dist/cli/command-registry.js +1 -0
  7. package/dist/cli/global-mode-router.js +25 -0
  8. package/dist/cli/router.js +12 -0
  9. package/dist/commands/codex-app.js +10 -1
  10. package/dist/commands/codex.js +15 -1
  11. package/dist/core/build/build-once-runner.js +49 -16
  12. package/dist/core/codex-app/glm-model-profile.js +2 -0
  13. package/dist/core/codex-app/glm-profile-installer.js +61 -0
  14. package/dist/core/codex-app/glm-profile-schema.js +24 -0
  15. package/dist/core/codex-control/codex-0141-capability.js +95 -0
  16. package/dist/core/commands/daemon-command.js +1 -1
  17. package/dist/core/commands/glm-command.js +5 -0
  18. package/dist/core/daemon/sksd-client.js +7 -2
  19. package/dist/core/daemon/sksd-ipc.js +13 -3
  20. package/dist/core/daemon/sksd.js +62 -3
  21. package/dist/core/doctor/doctor-dirty-planner.js +97 -7
  22. package/dist/core/doctor/doctor-transaction.js +21 -5
  23. package/dist/core/fsx.js +1 -1
  24. package/dist/core/providers/glm/glm-52-profile.js +30 -0
  25. package/dist/core/providers/glm/glm-52-request.js +34 -0
  26. package/dist/core/providers/glm/glm-52-response-guard.js +34 -0
  27. package/dist/core/providers/glm/glm-52-settings.js +26 -0
  28. package/dist/core/providers/glm/glm-mad-mode.js +242 -0
  29. package/dist/core/providers/openrouter/openrouter-client.js +44 -0
  30. package/dist/core/providers/openrouter/openrouter-error.js +37 -0
  31. package/dist/core/providers/openrouter/openrouter-secret-store.js +113 -0
  32. package/dist/core/providers/openrouter/openrouter-types.js +2 -0
  33. package/dist/core/release/extreme-parallel-scheduler.js +124 -11
  34. package/dist/core/release/gate-pack-assertion.js +58 -0
  35. package/dist/core/release/gate-pack-fixture-cache.js +38 -2
  36. package/dist/core/release/gate-pack-manifest.js +2 -2
  37. package/dist/core/release/gate-pack-runner.js +9 -93
  38. package/dist/core/release/release-gate-cache-v2.js +71 -0
  39. package/dist/core/release/release-gate-dag.js +50 -5
  40. package/dist/core/release/release-gate-node.js +2 -0
  41. package/dist/core/release/release-gate-resource-governor.js +2 -0
  42. package/dist/core/release/resource-class-budget.js +1 -0
  43. package/dist/core/results.js +2 -0
  44. package/dist/core/secret-redaction.js +4 -0
  45. package/dist/core/security/redact-secrets.js +15 -0
  46. package/dist/core/triwiki/triwiki-affected-graph.js +35 -3
  47. package/dist/core/triwiki/triwiki-gate-impact-map.js +2 -0
  48. package/dist/core/triwiki/triwiki-proof-bank.js +12 -2
  49. package/dist/core/triwiki/triwiki-sla-certificate.js +3 -0
  50. package/dist/core/version.js +1 -1
  51. package/dist/scripts/release-4002-required-gates.js +14 -0
  52. package/dist/scripts/release-gate-dag-runner.js +2 -1
  53. package/dist/scripts/release-gate-existence-audit.js +1 -2
  54. package/package.json +16 -3
@@ -126,6 +126,14 @@ export function readReleaseGateCacheRecord(root, gate) {
126
126
  const key = releaseGateCacheKey(root, gate);
127
127
  const proof = readReusableTriWikiProofCard({ root, subjectId: gate.id, cacheKey: key });
128
128
  if (proof.hit && proof.card) {
129
+ writeReleaseCacheBridgeReport(root, {
130
+ gate_id: gate.id,
131
+ cache_key: key,
132
+ bridge: 'triwiki-to-release-v2',
133
+ source: proof.path || null,
134
+ duration_ms: Math.max(0, Math.floor(Number(proof.card.duration_ms) || 0)),
135
+ disagreement: null
136
+ });
129
137
  return {
130
138
  ok: true,
131
139
  gate_id: gate.id,
@@ -140,6 +148,15 @@ export function readReleaseGateCacheRecord(root, gate) {
140
148
  const record = readCacheRecord(file, key);
141
149
  if (!record || record.ok !== true)
142
150
  continue;
151
+ writeTriWikiProofFromReleaseCacheRecord(root, gate, key, record, file);
152
+ writeReleaseCacheBridgeReport(root, {
153
+ gate_id: gate.id,
154
+ cache_key: key,
155
+ bridge: 'release-v2-to-triwiki',
156
+ source: file,
157
+ duration_ms: Math.max(0, Math.floor(Number(record.duration_ms) || 0)),
158
+ disagreement: null
159
+ });
143
160
  return {
144
161
  ok: true,
145
162
  gate_id: String(record.gate_id || gate.id),
@@ -197,6 +214,60 @@ export function writeReleaseGateCacheHit(root, gate, durationMs = 0) {
197
214
  },
198
215
  invalidation_reasons: []
199
216
  }));
217
+ writeReleaseCacheBridgeReport(root, {
218
+ gate_id: gate.id,
219
+ cache_key: key,
220
+ bridge: 'release-v2-to-triwiki',
221
+ source: releaseGateCacheFile(root),
222
+ duration_ms: record.duration_ms,
223
+ disagreement: null
224
+ });
225
+ }
226
+ function writeTriWikiProofFromReleaseCacheRecord(root, gate, key, record, source) {
227
+ const triKey = computeTriWikiCacheKey({
228
+ root,
229
+ id: gate.id,
230
+ inputs: gate.cache.inputs,
231
+ implementationFiles: ['release-gates.v2.json', `src/scripts/${gate.id.replace(/[:]/g, '-')}-check.ts`],
232
+ envAllowlist: ['CI', 'SKS_FAST_MODE', 'SKS_RELEASE_PRESET'],
233
+ fixtureVersion: 'sks-4.0.2',
234
+ salt: key
235
+ });
236
+ writeTriWikiProofCard(root, createTriWikiProofCard({
237
+ subject_type: 'gate',
238
+ subject_id: gate.id,
239
+ cache_key: key,
240
+ input_hash: triKey.input_hash,
241
+ implementation_hash: triKey.implementation_hash,
242
+ gate_impl_hash: triKey.implementation_hash,
243
+ package_lock_hash: triKey.package_lock_hash,
244
+ release_gates_hash: triKey.release_gates_hash,
245
+ env_allowlist_hash: triKey.env_allowlist_hash,
246
+ tool_versions: triKey.tool_versions,
247
+ tool_version: triKey.tool_version,
248
+ fixture_version: triKey.fixture_version,
249
+ result: 'passed',
250
+ reusable: true,
251
+ duration_ms: Math.max(0, Math.floor(Number(record.duration_ms) || 0)),
252
+ evidence: { command: gate.command, cache_bridge: 'release-v2-to-triwiki', source },
253
+ invalidation_reasons: []
254
+ }));
255
+ }
256
+ function writeReleaseCacheBridgeReport(root, row) {
257
+ const file = path.join(root, '.sneakoscope', 'reports', 'release-cache-bridge.json');
258
+ let parsed = { schema: 'sks.release-cache-bridge.v1', records: [] };
259
+ try {
260
+ const existing = JSON.parse(fs.readFileSync(file, 'utf8'));
261
+ if (existing.schema === parsed.schema && Array.isArray(existing.records))
262
+ parsed = existing;
263
+ }
264
+ catch { }
265
+ parsed.records = [
266
+ ...parsed.records.filter((item) => item.gate_id !== row.gate_id || item.cache_key !== row.cache_key || item.bridge !== row.bridge),
267
+ row
268
+ ].sort((a, b) => `${a.gate_id}:${a.bridge}`.localeCompare(`${b.gate_id}:${b.bridge}`));
269
+ fs.mkdirSync(path.dirname(file), { recursive: true });
270
+ fs.writeFileSync(file, `${JSON.stringify(parsed, null, 2)}\n`);
200
271
  }
201
272
  function readCacheRecord(file, key) {
202
273
  try {
@@ -9,6 +9,8 @@ import { RELEASE_GATE_NODE_SCHEMA, validateReleaseGateManifest } from './release
9
9
  import { countReleaseGateResources, defaultReleaseGateBudget, summarizeReleaseGateBudget } from './release-gate-resource-governor.js';
10
10
  import { selectAffectedReleaseGates } from './release-gate-affected-selector.js';
11
11
  import { computeTriWikiAffectedGraph } from '../triwiki/triwiki-affected-graph.js';
12
+ import { executeExtremeSchedule } from './extreme-parallel-scheduler.js';
13
+ import { computeResourceClassBudget } from './resource-class-budget.js';
12
14
  import { guardedProcessKill, guardContextForRoute } from '../safety/mutation-guard.js';
13
15
  import { createRequestedScopeContract } from '../safety/requested-scope-contract.js';
14
16
  import { rmrf } from '../fsx.js';
@@ -27,12 +29,24 @@ export async function runReleaseGateDag(input) {
27
29
  const manifest = loadReleaseGateManifest(root);
28
30
  const presetGates = selectReleaseGatePreset(manifest, preset);
29
31
  const triwikiGraph = input.triwiki !== false && (preset === 'affected' || preset === 'fast' || preset === 'confidence') && input.full !== true
30
- ? computeTriWikiAffectedGraph({ root, tier: preset === 'fast' ? 'affected' : 'confidence', changedSince: input.changedSince || 'auto' })
32
+ ? computeTriWikiAffectedGraph({ root, tier: preset === 'fast' ? 'affected' : 'confidence', changedSince: input.changedSince || 'auto', ...(input.changedFiles ? { changedFiles: input.changedFiles } : {}) })
31
33
  : null;
32
34
  const affected = (preset === 'affected' || preset === 'fast' || preset === 'confidence') && input.full !== true
33
- ? selectAffectedReleaseGates(root, manifest, presetGates, { changedSince: input.changedSince || 'auto', preset })
35
+ ? selectAffectedReleaseGates(root, manifest, presetGates, { changedSince: input.changedSince || 'auto', ...(input.changedFiles ? { changedFiles: input.changedFiles } : {}), preset })
34
36
  : selectAffectedReleaseGates(root, manifest, presetGates, { full: true, preset });
35
- const selected = affected.gates;
37
+ const triwikiSelectionUsed = Boolean(triwikiGraph);
38
+ const triwikiConservative = Boolean(triwikiGraph?.conservative_reason);
39
+ const triwikiSelectedIds = new Set(triwikiGraph && !triwikiConservative ? triwikiGraph.gates : presetGates.map((gate) => gate.id));
40
+ const selected = triwikiGraph
41
+ ? presetGates.filter((gate) => triwikiSelectedIds.has(gate.id))
42
+ : affected.gates;
43
+ const triwikiSkippedGates = triwikiGraph ? presetGates.filter((gate) => !selected.some((row) => row.id === gate.id)).map((gate) => gate.id) : [];
44
+ if (triwikiGraph) {
45
+ affected.selection.mode = 'affected';
46
+ affected.selection.selected_gate_ids = selected.map((gate) => gate.id);
47
+ affected.selection.skipped_gate_ids = triwikiSkippedGates;
48
+ affected.selection.reasons = Object.fromEntries(selected.map((gate) => [gate.id, triwikiConservative ? `triwiki_conservative:${triwikiGraph.conservative_reason}` : 'triwiki-affected']));
49
+ }
36
50
  const selectedIds = new Set(selected.map((gate) => gate.id));
37
51
  const affectedExternalSatisfiedDeps = affected.selection.mode === 'affected'
38
52
  ? new Set(selected.flatMap((gate) => gate.deps || []).filter((dep) => !selectedIds.has(dep)))
@@ -110,7 +124,11 @@ export async function runReleaseGateDag(input) {
110
124
  failures,
111
125
  affected_graph: affectedGraph,
112
126
  completion_certificate: completionCertificate,
113
- triwiki_affected_graph: triwikiGraph
127
+ triwiki_affected_graph: triwikiGraph,
128
+ triwiki_selection_used: triwikiSelectionUsed,
129
+ triwiki_selected_gates: triwikiGraph ? selected.map((gate) => gate.id) : [],
130
+ triwiki_skipped_gates: triwikiSkippedGates,
131
+ triwiki_conservative_reason: triwikiGraph?.conservative_reason || null
114
132
  };
115
133
  if (!finished) {
116
134
  snapshot.in_progress = true;
@@ -128,6 +146,33 @@ export async function runReleaseGateDag(input) {
128
146
  }
129
147
  return snapshot;
130
148
  };
149
+ if (input.useGatePacks === true && triwikiGraph && (preset === 'affected' || preset === 'fast' || preset === 'confidence') && selected.length > 0) {
150
+ const packRun = await executeExtremeSchedule({
151
+ root,
152
+ graph: triwikiGraph,
153
+ slaMs,
154
+ budget: computeResourceClassBudget(),
155
+ useProofBank: input.useTriWikiProofBank !== false
156
+ });
157
+ for (const report of packRun.pack_reports) {
158
+ if (report.ok)
159
+ completed.set(report.pack_id, { id: report.pack_id, ok: true, exit_code: 0, signal: null, timed_out: false, duration_ms: report.critical_path_ms || 0, cached: false, stderr_tail: '' });
160
+ else
161
+ failed.set(report.pack_id, { id: report.pack_id, ok: false, exit_code: 1, signal: null, timed_out: false, duration_ms: report.critical_path_ms || 0, cached: false, stderr_tail: report.blockers.join('\n') });
162
+ sumGateMs += report.critical_path_ms || 0;
163
+ }
164
+ const packed = writeSummarySnapshot(true);
165
+ return {
166
+ ...packed,
167
+ ok: packed.ok && packRun.ok,
168
+ completed: packRun.pack_reports.filter((report) => report.ok).length,
169
+ failed: packRun.failed_pack_count,
170
+ executed_packs: packRun.executed_packs,
171
+ pack_parallelism_gain: packRun.wall_ms > 0 ? Number((packRun.sequential_ms / packRun.wall_ms).toFixed(2)) : 1,
172
+ triwiki_proof_bank_hits: packRun.reused_proof_count,
173
+ pack_proof_paths: packRun.pack_reports.flatMap((report) => report.proof_paths)
174
+ };
175
+ }
131
176
  if (input.explain) {
132
177
  writeReleaseGateJson(path.join(reportDir, 'explain.json'), { schema: RELEASE_GATE_NODE_SCHEMA, preset, budget, gates: selected.map((gate) => ({ id: gate.id, deps: gate.deps, resource: gate.resource, command: gate.command })) });
133
178
  }
@@ -211,7 +256,7 @@ export async function runReleaseGateDag(input) {
211
256
  return finalResult;
212
257
  }
213
258
  export function selectReleaseGatePreset(manifest, preset) {
214
- const effectivePreset = preset === 'affected' || preset === 'fast' ? 'release' : preset;
259
+ const effectivePreset = preset === 'affected' || preset === 'fast' || preset === 'confidence' ? 'release' : preset;
215
260
  return manifest.gates.filter((gate) => gate.preset.includes(effectivePreset));
216
261
  }
217
262
  function buildAffectedGraph(input) {
@@ -7,6 +7,8 @@ export const RELEASE_GATE_RESOURCE_CLASSES = [
7
7
  'git',
8
8
  'git-worktree',
9
9
  'zellij-real',
10
+ 'browser-real',
11
+ 'secret-sensitive',
10
12
  'local-llm-real',
11
13
  'remote-model-real',
12
14
  'python',
@@ -12,6 +12,8 @@ export function defaultReleaseGateBudget() {
12
12
  python: Math.min(12, Math.max(1, cores)),
13
13
  network: 12,
14
14
  'zellij-real': 1,
15
+ 'browser-real': 1,
16
+ 'secret-sensitive': 1,
15
17
  'local-llm-real': Math.max(1, Number(process.env.SKS_LOCAL_LLM_MAX_PARALLEL || 1)),
16
18
  'remote-model-real': 6,
17
19
  'global-config': 1,
@@ -12,6 +12,7 @@ export function computeResourceClassBudget(env = process.env) {
12
12
  network: readEnvInt(env, 'SKS_RESOURCE_NETWORK', 2),
13
13
  remote_model_real: readEnvInt(env, 'SKS_RESOURCE_REMOTE_MODEL_REAL', 1),
14
14
  zellij_real: readEnvInt(env, 'SKS_RESOURCE_ZELLIJ_REAL', 1),
15
+ browser_real: readEnvInt(env, 'SKS_RESOURCE_BROWSER_REAL', 1),
15
16
  secret_sensitive: readEnvInt(env, 'SKS_RESOURCE_SECRET', 1)
16
17
  };
17
18
  }
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=results.js.map
@@ -1,6 +1,8 @@
1
1
  const SECRET_ENV_NAMES = [
2
2
  'CODEX_ACCESS_TOKEN',
3
3
  'OPENAI_API_KEY',
4
+ 'OPENROUTER_API_KEY',
5
+ 'SKS_OPENROUTER_API_KEY',
4
6
  'CODEX_LB_API_KEY',
5
7
  'ANTHROPIC_API_KEY',
6
8
  'GITHUB_TOKEN',
@@ -8,6 +10,8 @@ const SECRET_ENV_NAMES = [
8
10
  ];
9
11
  const SECRET_PATTERNS = [
10
12
  /\bsk-proj-[A-Za-z0-9_-]{12,}\b/g,
13
+ /\bsk-or-v1-[A-Za-z0-9_-]{12,}\b/g,
14
+ /\bsk-or-[A-Za-z0-9_-]{12,}\b/g,
11
15
  /\bsk-[A-Za-z0-9_-]{20,}\b/g,
12
16
  /\bsk-clb-[A-Za-z0-9_-]{8,}\b/g,
13
17
  /\bgithub_pat_[A-Za-z0-9_]{20,}\b/g,
@@ -0,0 +1,15 @@
1
+ import { redactSecrets, redactString } from '../secret-redaction.js';
2
+ export function redactOpenRouterKey(value) {
3
+ if (!value)
4
+ return '';
5
+ if (value.length <= 10)
6
+ return '<redacted>';
7
+ return `${value.slice(0, 6)}...${value.slice(-4)}`;
8
+ }
9
+ export function redactOpenRouterSecrets(value, env = process.env) {
10
+ return redactSecrets(value, env);
11
+ }
12
+ export function redactOpenRouterString(value, env = process.env) {
13
+ return redactString(String(value ?? ''), env);
14
+ }
15
+ //# sourceMappingURL=redact-secrets.js.map
@@ -3,6 +3,8 @@ import fs from 'node:fs';
3
3
  import path from 'node:path';
4
4
  import { DEFAULT_TRIWIKI_MODULE_CARDS, moduleIdsForPath } from './triwiki-module-card.js';
5
5
  import { buildTriWikiGateImpactMap } from './triwiki-gate-impact-map.js';
6
+ import { computeTriWikiCacheKey } from './triwiki-cache-key.js';
7
+ import { readReusableTriWikiProofCard } from './triwiki-proof-bank.js';
6
8
  export const TRIWIKI_AFFECTED_GRAPH_SCHEMA = 'sks.triwiki-affected-graph.v1';
7
9
  export function computeTriWikiAffectedGraph(input) {
8
10
  const cards = input.cards || DEFAULT_TRIWIKI_MODULE_CARDS;
@@ -33,6 +35,30 @@ export function computeTriWikiAffectedGraph(input) {
33
35
  const gatePacks = new Set();
34
36
  for (const impact of selected)
35
37
  gatePacks.add(impact.gate_pack);
38
+ const proofLookup = selected.map((impact) => {
39
+ const cacheKey = computeTriWikiCacheKey({
40
+ root: input.root,
41
+ id: impact.gate_id,
42
+ inputs: impact.cache_inputs,
43
+ implementationFiles: [`src/scripts/${scriptFileForCommand(impact.command) || ''}`].filter(Boolean),
44
+ envAllowlist: ['CI', 'SKS_FAST_MODE', 'SKS_RELEASE_PRESET'],
45
+ fixtureVersion: 'sks-4.0.2'
46
+ });
47
+ const hit = readReusableTriWikiProofCard({ root: input.root, subjectId: impact.gate_id, cacheKey: cacheKey.key });
48
+ return { impact, hit };
49
+ });
50
+ const reusedProofs = proofLookup
51
+ .filter((row) => row.hit.hit && row.hit.card && row.hit.path)
52
+ .map((row) => ({ gate_id: row.impact.gate_id, proof_id: row.hit.card.proof_id, path: row.hit.path }))
53
+ .sort((a, b) => a.gate_id.localeCompare(b.gate_id));
54
+ const invalidatedProofs = proofLookup
55
+ .filter((row) => !row.hit.hit && row.hit.invalidation_reasons.some((reason) => !['proof_dir_missing', 'proof_not_found'].includes(reason)))
56
+ .map((row) => ({ gate_id: row.impact.gate_id, reason: row.hit.invalidation_reasons.join('|') || 'proof_not_reusable' }))
57
+ .sort((a, b) => a.gate_id.localeCompare(b.gate_id));
58
+ const requiredNewProofs = proofLookup
59
+ .filter((row) => !row.hit.hit)
60
+ .map((row) => row.impact.gate_id)
61
+ .sort();
36
62
  const tier = input.tier || 'affected';
37
63
  return {
38
64
  schema: TRIWIKI_AFFECTED_GRAPH_SCHEMA,
@@ -45,9 +71,9 @@ export function computeTriWikiAffectedGraph(input) {
45
71
  release_equivalent_within_scope: tier !== 'instant',
46
72
  confidence: tier === 'release' ? 'full-release' : tier === 'instant' ? 'instant' : 'affected-release-equivalent',
47
73
  conservative_reason: conservativeReason,
48
- reused_proofs: [],
49
- invalidated_proofs: selected.map((impact) => impact.gate_id).sort(),
50
- required_new_proofs: selected.map((impact) => impact.gate_id).sort()
74
+ reused_proofs: reusedProofs,
75
+ invalidated_proofs: invalidatedProofs,
76
+ required_new_proofs: requiredNewProofs
51
77
  };
52
78
  }
53
79
  function resolveChangedFiles(input) {
@@ -109,4 +135,10 @@ function parseGitStatusPathLine(line) {
109
135
  function previousPathOrConservative(root, file) {
110
136
  return fs.existsSync(path.join(root, file)) ? file : file;
111
137
  }
138
+ function scriptFileForCommand(command) {
139
+ const script = command.match(/^npm run ([^ ]+)/)?.[1];
140
+ if (!script)
141
+ return null;
142
+ return `${script.replace(/[:]/g, '-')}${script.includes('blackbox') ? '' : '-check'}.ts`;
143
+ }
112
144
  //# sourceMappingURL=triwiki-affected-graph.js.map
@@ -72,6 +72,8 @@ export function gatePackForGate(gate, modules, cards = DEFAULT_TRIWIKI_MODULE_CA
72
72
  return 'doctor-production';
73
73
  if (gate.id.startsWith('sksd:') || gate.id.startsWith('probes:'))
74
74
  return 'startup-mcp';
75
+ if (gate.id.startsWith('secret:') || gate.id.includes('secret'))
76
+ return 'secret';
75
77
  if (gate.id.startsWith('legacy:') || gate.id.startsWith('orphan:') || gate.id.includes('zellij'))
76
78
  return 'zellij';
77
79
  const card = cards.find((candidate) => modules.includes(candidate.module_id) && candidate.gate_packs.length);
@@ -165,8 +165,8 @@ function isLockStale(file, staleAfterMs) {
165
165
  try {
166
166
  const stat = fs.statSync(file);
167
167
  const raw = JSON.parse(fs.readFileSync(file, 'utf8'));
168
- const pidAlive = typeof raw.pid === 'number' && process.kill(raw.pid, 0) !== undefined;
169
- return !pidAlive || Date.now() - stat.mtimeMs > staleAfterMs;
168
+ const alive = typeof raw.pid === 'number' && pidAlive(raw.pid);
169
+ return !alive || Date.now() - stat.mtimeMs > staleAfterMs;
170
170
  }
171
171
  catch {
172
172
  try {
@@ -178,6 +178,16 @@ function isLockStale(file, staleAfterMs) {
178
178
  }
179
179
  }
180
180
  }
181
+ function pidAlive(pid) {
182
+ try {
183
+ process.kill(pid, 0);
184
+ return true;
185
+ }
186
+ catch (err) {
187
+ const code = typeof err === 'object' && err && 'code' in err ? String(err.code || '') : '';
188
+ return code === 'EPERM';
189
+ }
190
+ }
181
191
  function walkJson(dir) {
182
192
  const out = [];
183
193
  const stack = [dir];
@@ -7,6 +7,8 @@ export function buildTriWikiSlaCertificate(input) {
7
7
  const mode = input.mode || 'plan';
8
8
  if (input.estimatedCriticalPathMs > input.slaMs)
9
9
  blockers.push('sla_estimate_exceeds_budget');
10
+ if (mode === 'actual' && input.actualDurationMs !== undefined && input.actualDurationMs > input.slaMs)
11
+ blockers.push('actual_duration_exceeds_budget');
10
12
  if (mode === 'actual' && input.actualDurationMs === undefined)
11
13
  blockers.push('actual_mode_missing_execution_stats');
12
14
  const certificate = {
@@ -18,6 +20,7 @@ export function buildTriWikiSlaCertificate(input) {
18
20
  estimated_critical_path_ms: input.estimatedCriticalPathMs,
19
21
  estimated_sequential_ms: input.estimatedSequentialMs,
20
22
  reduction_ratio: Number(reductionRatio.toFixed(4)),
23
+ sla_met: blockers.length === 0,
21
24
  release_equivalent_within_scope: input.graph.release_equivalent_within_scope,
22
25
  gates: input.graph.gates.length,
23
26
  gate_packs: input.graph.gate_packs,
@@ -1,2 +1,2 @@
1
- export const PACKAGE_VERSION = '4.0.1';
1
+ export const PACKAGE_VERSION = '4.0.3';
2
2
  //# sourceMappingURL=version.js.map
@@ -0,0 +1,14 @@
1
+ export const REQUIRED_4002_RELEASE_IDS = [
2
+ 'build-once:runner-blackbox',
3
+ 'release:triwiki-first-runner-blackbox',
4
+ 'triwiki:proof-bank-lock-blackbox',
5
+ 'gate-pack:v2-blackbox',
6
+ 'scheduler:resource-claim-blackbox',
7
+ 'doctor:dirty-semantic-blackbox',
8
+ 'legacy:purge-final',
9
+ 'orphan:purge-final',
10
+ 'sks:402-five-minute-real-blackbox',
11
+ 'sks:402-all-feature-regression'
12
+ ];
13
+ export const REQUIRED_4002_REAL_CHECK_IDS = [];
14
+ //# sourceMappingURL=release-4002-required-gates.js.map
@@ -18,7 +18,8 @@ const result = await runReleaseGateDag({
18
18
  full: args.includes('--full'),
19
19
  explain: args.includes('--explain'),
20
20
  noCache: args.includes('--no-cache'),
21
- failFast: args.includes('--fail-fast')
21
+ failFast: args.includes('--fail-fast'),
22
+ useGatePacks: args.includes('--use-gate-packs')
22
23
  });
23
24
  console.log(`SKS Release DAG
24
25
  gates: ${result.total_gates} total, ${result.selected_gates} selected, ${result.cached} cached
@@ -39,8 +39,7 @@ const required = [
39
39
  'agent:worker-pane-communication-contract',
40
40
  'git:worktree-integration-primary',
41
41
  'git:worktree-integration-primary-runtime',
42
- 'codex:0.136-compat',
43
- 'codex:0.135-compat',
42
+ 'codex:0.137-compat',
44
43
  'doctor:codex-doctor-parity',
45
44
  'codex:permission-profiles',
46
45
  'codex:legacy-profile-consumers-removed',
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "sneakoscope",
3
3
  "displayName": "ㅅㅋㅅ",
4
- "version": "4.0.1",
4
+ "version": "4.0.3",
5
5
  "description": "Sneakoscope Codex: fast proof-first Codex trust layer with image-based Voxel TriWiki.",
6
6
  "type": "module",
7
7
  "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",
@@ -30,6 +30,8 @@
30
30
  "!dist/**/*.d.ts.map",
31
31
  "!dist/**/*.js.map",
32
32
  "!dist/**/*.tsbuildinfo",
33
+ "!dist/**/__tests__",
34
+ "!dist/**/*.test.js",
33
35
  "!dist/vendor/openai-codex/rust-v0.131.0",
34
36
  "!dist/scripts/*-blackbox.js",
35
37
  "!dist/scripts/*-check.js",
@@ -122,6 +124,7 @@
122
124
  "prepublish:fast-check": "node ./dist/scripts/prepublish-fast-check.js",
123
125
  "prepublish:release-check-or-fast": "node ./dist/scripts/prepublish-release-check-or-fast.js",
124
126
  "mad:preflight-blocks-unreadable-config": "node ./dist/scripts/mad-preflight-blocks-unreadable-config-check.js",
127
+ "codex:0.141-compat": "node ./dist/scripts/codex-0141-capability-check.js",
125
128
  "codex:0.136-compat": "node ./dist/scripts/codex-0-136-compat-check.js",
126
129
  "codex:0.136-compat:require-real": "node ./dist/scripts/codex-0-136-compat-check.js --require-real",
127
130
  "codex:0.135-compat": "node ./dist/scripts/codex-0-135-compat-check.js",
@@ -568,7 +571,7 @@
568
571
  "python-tools:smoke": "node ./dist/scripts/python-tools-smoke-check.js",
569
572
  "agent:zellij-dynamic-backfill-panes": "node ./dist/scripts/agent-zellij-dynamic-backfill-panes-check.js",
570
573
  "agent:real-codex-in-zellij-worker-pane": "node ./dist/scripts/agent-real-codex-in-zellij-worker-pane-check.js",
571
- "release:check:legacy": "npm run release:check:parallel && npm run mad-sks:app-ui-no-mutation && npm run codex-app:fast-ui-preservation && npm run codex-app:ui-clobber-guard && npm run doctor:fixes-codex-app-fast-ui && npm run provider:badge-context && npm run provider:context-config-toml && npm run codex-app:provider-badge && npm run zellij:spawn-on-demand-layout && npm run zellij:worker-pane-manager && npm run zellij:worker-pane-manager-single-owner && npm run agent:worker-pane-communication-contract && npm run runtime:no-mjs-scripts && npm run runtime:ts-python-boundary && npm run codex-sdk:capability && npm run codex-sdk:no-legacy-fallback && npm run codex-sdk:backend-router && npm run codex-sdk:structured-output && npm run codex-sdk:event-stream-ledger && npm run codex-sdk:thread-registry && npm run codex-sdk:sandbox-policy && npm run codex-sdk:zellij-pane-binding && npm run codex-sdk:all-pipelines && npm run codex-sdk:dfix-pipeline && npm run codex-sdk:qa-pipeline && npm run codex-sdk:research-pipeline && npm run codex-sdk:team-naruto-agent-pipeline && npm run codex-sdk:release-review-pipeline && npm run codex-sdk:ux-ppt-review-pipeline && npm run codex-sdk:core-skill-pipeline && npm run codex-control:capability && npm run codex-control:no-legacy-fallback && npm run codex-control:structured-output && npm run codex-control:event-stream-ledger && npm run codex-control:thread-registry && npm run codex-control:side-effect-scope && npm run codex-control:all-pipelines && npm run codex-control:empty-result-retry && npm run codex-control:stream-idle-watchdog && npm run codex-control:tool-call-sequence-repair && npm run codex-control:keepalive-no-cot-leak && npm run local-collab:policy && npm run local-collab:gpt-final-arbiter && npm run local-collab:no-local-only-final && npm run local-collab:gpt-final-availability && npm run local-llm:capability && npm run local-llm:structured-output && npm run local-llm:tool-call-repair && npm run local-llm:all-pipelines && npm run local-collab:all-pipelines-final-gpt && npm run python-sdk:capability && npm run python-sdk:stream-bridge && npm run python-sdk:sandbox-policy && npm run python-sdk:all-pipelines && npm run codex:plugin-list-json && npm run codex:product-design-plugin-routing && npm run codex:product-design-auto-install && npm run codex:thread-runtime-choice && npm run codex:environment-scoped-approvals && npm run ultra-router:classification && npm run ultra-router:auto-router && npm run release:version-truth && npm run release:worktree-gates && npm run codex:0.137-compat && npm run codex:0.136-compat && npm run codex:0.135-compat && npm run doctor:codex-doctor-parity && npm run codex:permission-profiles && npm run codex:legacy-profile-consumers-removed && npm run terminal:keyboard-enhancement-safety && npm run terminal:tui-output-stability && npm run codex:resume-cwd-truth && npm run mcp:tool-naming-parity && npm run responses:retry-policy-centralized && npm run runtime:no-tmux && npm run zellij:layout-valid && npm run agent:zellij-dynamic-backfill-panes && npm run agent:worker-pane-communication-contract && npm run agent:slot-pane-binding-proof && npm run zellij:worker-pane-manager && npm run zellij:spawn-on-demand-layout && npm run zellij:lane-renderer && npm run mad-sks:zellij-launch && npm run mad-sks:zellij-default-pane-worker && npm run agent:zellij-runtime && npm run codex:config-eperm-fixture && npm run doctor:fix-proves-codex-read && npm run mad:preflight-blocks-unreadable-config && npm run fast:codex-service-tier-proof && npm run codex:project-config-policy-splitter && npm run test:no-orphan-dist-imports && npm run agent:patch-envelope-extraction && npm run agent:patch-queue-runtime && npm run agent:strategy-to-lease-wiring && npm run agent:patch-swarm-runtime && npm run agent:patch-transaction-journal && npm run agent:patch-conflict-rebase && npm run agent:strategy-to-patch-strict && npm run agent:patch-swarm-runtime-truth && npm run agent:rollback-command && npm run agent:patch-verification-dag && npm run agent:patch-rollback-dag && npm run agent:patch-proof-runtime && npm run agent:patch-swarm-route-blackbox && npm run team:patch-swarm-route-blackbox && npm run dfix:patch-swarm-route-blackbox && npm run appshots:thread-attachment-discovery && npm run mcp:readonly-runtime-scheduler && npm run naruto:work-graph && npm run naruto:readonly-routing && npm run naruto:concurrency-governor && npm run naruto:active-pool && npm run naruto:role-distribution && npm run naruto:parallel-patch-apply && npm run naruto:verification-pool && npm run naruto:zellij-massive-ui && npm run naruto:gpt-final-pack && npm run prompt:placeholder-guard && npm run codex:0.134-runner-truth && npm run agent:native-cli-session-swarm && npm run naruto:shadow-clone-swarm && npm run agent:native-cli-session-swarm-10 && npm run agent:native-cli-session-swarm-20 && npm run agent:no-subagent-scaling && npm run agent:native-cli-session-proof && npm run agent:worker-backend-router && npm run agent:codex-child-overlap && npm run agent:model-authored-patch-envelope && npm run agent:fast-mode-default && npm run agent:fast-mode-worker-propagation && npm run codex:fast-mode-profile-propagation && npm run mad-sks:fast-mode-propagation && npm run zellij:launch-command-truth && npm run zellij:real-session-heartbeat && npm run zellij:ui-design && npm run zellij:doctor-readiness && npm run legacy:upgrade-zero-break && npm run publish:packlist-performance && npm run postinstall:safe-side-effects && npm run runtime:ts-rust-boundary && npm run core-skill:card-schema && npm run core-skill:rollout-scoring && npm run core-skill:patch && npm run core-skill:heldout-validation && npm run core-skill:deployment-snapshot && npm run core-skill:no-inference-optimizer && npm run core-skill:route-runtime-integration && npm run core-skill:promotion-side-effect-ledger && npm run core-skill:legacy-promotion-api-audit && npm run core-skill:trainer-loop && npm run safety:side-effect-zero && npm run safety:mutation-callsite-coverage && npm run safety:mutation-callsite-coverage:repo-wide && npm run side-effect:runtime-report && npm run release:gate-planner && npm run release:dynamic-performance && npm run release:provenance && npm run release:gate-budget && npm run agent:wiki-context-proof && npm run shared-memory:check && npm run wrongness:check && npm run wrongness:fixtures && npm run trust:check && npm run git-collaboration:e2e && node ./dist/scripts/release-check-stamp.js write && npm run release:readiness --silent && node ./dist/scripts/release-check-stamp.js write",
574
+ "release:check:legacy": "npm run release:check:parallel && npm run mad-sks:app-ui-no-mutation && npm run codex-app:fast-ui-preservation && npm run codex-app:ui-clobber-guard && npm run doctor:fixes-codex-app-fast-ui && npm run provider:badge-context && npm run provider:context-config-toml && npm run codex-app:provider-badge && npm run zellij:spawn-on-demand-layout && npm run zellij:worker-pane-manager && npm run zellij:worker-pane-manager-single-owner && npm run agent:worker-pane-communication-contract && npm run runtime:no-mjs-scripts && npm run runtime:ts-python-boundary && npm run codex-sdk:capability && npm run codex-sdk:no-legacy-fallback && npm run codex-sdk:backend-router && npm run codex-sdk:structured-output && npm run codex-sdk:event-stream-ledger && npm run codex-sdk:thread-registry && npm run codex-sdk:sandbox-policy && npm run codex-sdk:zellij-pane-binding && npm run codex-sdk:all-pipelines && npm run codex-sdk:dfix-pipeline && npm run codex-sdk:qa-pipeline && npm run codex-sdk:research-pipeline && npm run codex-sdk:team-naruto-agent-pipeline && npm run codex-sdk:release-review-pipeline && npm run codex-sdk:ux-ppt-review-pipeline && npm run codex-sdk:core-skill-pipeline && npm run codex-control:capability && npm run codex-control:no-legacy-fallback && npm run codex-control:structured-output && npm run codex-control:event-stream-ledger && npm run codex-control:thread-registry && npm run codex-control:side-effect-scope && npm run codex-control:all-pipelines && npm run codex-control:empty-result-retry && npm run codex-control:stream-idle-watchdog && npm run codex-control:tool-call-sequence-repair && npm run codex-control:keepalive-no-cot-leak && npm run local-collab:policy && npm run local-collab:gpt-final-arbiter && npm run local-collab:no-local-only-final && npm run local-collab:gpt-final-availability && npm run local-llm:capability && npm run local-llm:structured-output && npm run local-llm:tool-call-repair && npm run local-llm:all-pipelines && npm run local-collab:all-pipelines-final-gpt && npm run python-sdk:capability && npm run python-sdk:stream-bridge && npm run python-sdk:sandbox-policy && npm run python-sdk:all-pipelines && npm run codex:plugin-list-json && npm run codex:product-design-plugin-routing && npm run codex:product-design-auto-install && npm run codex:thread-runtime-choice && npm run codex:environment-scoped-approvals && npm run ultra-router:classification && npm run ultra-router:auto-router && npm run release:version-truth && npm run release:worktree-gates && npm run codex:0.137-compat && npm run doctor:codex-doctor-parity && npm run codex:permission-profiles && npm run codex:legacy-profile-consumers-removed && npm run terminal:keyboard-enhancement-safety && npm run terminal:tui-output-stability && npm run codex:resume-cwd-truth && npm run mcp:tool-naming-parity && npm run responses:retry-policy-centralized && npm run runtime:no-tmux && npm run zellij:layout-valid && npm run agent:zellij-dynamic-backfill-panes && npm run agent:worker-pane-communication-contract && npm run agent:slot-pane-binding-proof && npm run zellij:worker-pane-manager && npm run zellij:spawn-on-demand-layout && npm run zellij:lane-renderer && npm run mad-sks:zellij-launch && npm run mad-sks:zellij-default-pane-worker && npm run agent:zellij-runtime && npm run codex:config-eperm-fixture && npm run doctor:fix-proves-codex-read && npm run mad:preflight-blocks-unreadable-config && npm run fast:codex-service-tier-proof && npm run codex:project-config-policy-splitter && npm run test:no-orphan-dist-imports && npm run agent:patch-envelope-extraction && npm run agent:patch-queue-runtime && npm run agent:strategy-to-lease-wiring && npm run agent:patch-swarm-runtime && npm run agent:patch-transaction-journal && npm run agent:patch-conflict-rebase && npm run agent:strategy-to-patch-strict && npm run agent:patch-swarm-runtime-truth && npm run agent:rollback-command && npm run agent:patch-verification-dag && npm run agent:patch-rollback-dag && npm run agent:patch-proof-runtime && npm run agent:patch-swarm-route-blackbox && npm run team:patch-swarm-route-blackbox && npm run dfix:patch-swarm-route-blackbox && npm run appshots:thread-attachment-discovery && npm run mcp:readonly-runtime-scheduler && npm run naruto:work-graph && npm run naruto:readonly-routing && npm run naruto:concurrency-governor && npm run naruto:active-pool && npm run naruto:role-distribution && npm run naruto:parallel-patch-apply && npm run naruto:verification-pool && npm run naruto:zellij-massive-ui && npm run naruto:gpt-final-pack && npm run prompt:placeholder-guard && npm run codex:0.134-runner-truth && npm run agent:native-cli-session-swarm && npm run naruto:shadow-clone-swarm && npm run agent:native-cli-session-swarm-10 && npm run agent:native-cli-session-swarm-20 && npm run agent:no-subagent-scaling && npm run agent:native-cli-session-proof && npm run agent:worker-backend-router && npm run agent:codex-child-overlap && npm run agent:model-authored-patch-envelope && npm run agent:fast-mode-default && npm run agent:fast-mode-worker-propagation && npm run codex:fast-mode-profile-propagation && npm run mad-sks:fast-mode-propagation && npm run zellij:launch-command-truth && npm run zellij:real-session-heartbeat && npm run zellij:ui-design && npm run zellij:doctor-readiness && npm run legacy:upgrade-zero-break && npm run publish:packlist-performance && npm run postinstall:safe-side-effects && npm run runtime:ts-rust-boundary && npm run core-skill:card-schema && npm run core-skill:rollout-scoring && npm run core-skill:patch && npm run core-skill:heldout-validation && npm run core-skill:deployment-snapshot && npm run core-skill:no-inference-optimizer && npm run core-skill:route-runtime-integration && npm run core-skill:promotion-side-effect-ledger && npm run core-skill:legacy-promotion-api-audit && npm run core-skill:trainer-loop && npm run safety:side-effect-zero && npm run safety:mutation-callsite-coverage && npm run safety:mutation-callsite-coverage:repo-wide && npm run side-effect:runtime-report && npm run release:gate-planner && npm run release:dynamic-performance && npm run release:provenance && npm run release:gate-budget && npm run agent:wiki-context-proof && npm run shared-memory:check && npm run wrongness:check && npm run wrongness:fixtures && npm run trust:check && npm run git-collaboration:e2e && node ./dist/scripts/release-check-stamp.js write && npm run release:readiness --silent && node ./dist/scripts/release-check-stamp.js write",
572
575
  "release:check:dag": "node ./dist/scripts/release-gate-dag-runner.js --preset release",
573
576
  "release:check:dag:explain": "node ./dist/scripts/release-gate-dag-runner.js --preset release --explain",
574
577
  "release:check:dag:no-cache": "node ./dist/scripts/release-gate-dag-runner.js --preset release --no-cache",
@@ -1003,7 +1006,17 @@
1003
1006
  "legacy:strong-inventory": "node ./dist/scripts/legacy-strong-inventory-check.js",
1004
1007
  "orphan:strong-detection": "node ./dist/scripts/orphan-strong-detection-check.js",
1005
1008
  "sks:401-five-minute-actual-blackbox": "node ./dist/scripts/sks-401-five-minute-actual-blackbox.js",
1006
- "sks:401-all-feature-regression": "node ./dist/scripts/sks-401-all-feature-regression-blackbox.js"
1009
+ "sks:401-all-feature-regression": "node ./dist/scripts/sks-401-all-feature-regression-blackbox.js",
1010
+ "build-once:runner-blackbox": "node ./dist/scripts/build-once-runner-blackbox.js",
1011
+ "release:triwiki-first-runner-blackbox": "node ./dist/scripts/release-triwiki-first-runner-blackbox.js",
1012
+ "triwiki:proof-bank-lock-blackbox": "node ./dist/scripts/triwiki-proof-bank-lock-blackbox.js",
1013
+ "gate-pack:v2-blackbox": "node ./dist/scripts/gate-pack-v2-blackbox.js",
1014
+ "scheduler:resource-claim-blackbox": "node ./dist/scripts/scheduler-resource-claim-blackbox.js",
1015
+ "doctor:dirty-semantic-blackbox": "node ./dist/scripts/doctor-dirty-semantic-blackbox.js",
1016
+ "legacy:purge-final": "node ./dist/scripts/legacy-purge-final-check.js",
1017
+ "orphan:purge-final": "node ./dist/scripts/orphan-purge-final-check.js",
1018
+ "sks:402-five-minute-real-blackbox": "node ./dist/scripts/sks-402-five-minute-real-blackbox.js",
1019
+ "sks:402-all-feature-regression": "node ./dist/scripts/sks-402-all-feature-regression-blackbox.js"
1007
1020
  },
1008
1021
  "keywords": [
1009
1022
  "sneakoscope",