sneakoscope 4.0.13 → 4.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/README.md +10 -2
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/bin/sks.js +1 -1
  6. package/dist/cli/global-mode-router.js +2 -1
  7. package/dist/core/commands/mad-sks-command.js +3 -0
  8. package/dist/core/fsx.js +1 -1
  9. package/dist/core/providers/glm/bench/glm-bench-model-lock-proof.js +32 -3
  10. package/dist/core/providers/glm/bench/glm-benchmark-runner.js +29 -5
  11. package/dist/core/providers/glm/bench/glm-benchmark-types.js +1 -1
  12. package/dist/core/providers/glm/naruto/glm-naruto-critical-path.js +51 -0
  13. package/dist/core/providers/glm/naruto/glm-naruto-final-seal.js +9 -2
  14. package/dist/core/providers/glm/naruto/glm-naruto-orchestrator.js +101 -15
  15. package/dist/core/providers/glm/naruto/glm-naruto-parallelism-summary.js +55 -0
  16. package/dist/core/providers/glm/naruto/glm-naruto-requirement-coverage.js +92 -0
  17. package/dist/core/providers/glm/naruto/glm-naruto-requirement-ledger.js +42 -0
  18. package/dist/core/providers/glm/naruto/glm-naruto-stage-scheduler.js +85 -0
  19. package/dist/core/providers/glm/naruto/glm-naruto-task-size-classifier.js +12 -0
  20. package/dist/core/providers/glm/naruto/glm-naruto-trace.js +4 -0
  21. package/dist/core/providers/glm/naruto/glm-naruto-verifier-output.js +5 -0
  22. package/dist/core/providers/glm/naruto/glm-naruto-worker-pool.js +130 -44
  23. package/dist/core/providers/glm/naruto/glm-naruto-worker-runtime.js +6 -2
  24. package/dist/core/routes/model-mode-router.js +44 -0
  25. package/dist/core/version.js +1 -1
  26. package/package.json +24 -1
  27. package/dist/scripts/agent-dynamic-pool-fixture.js +0 -80
  28. package/dist/scripts/agent-native-release-gate.js +0 -274
  29. package/dist/scripts/agent-patch-swarm-gate-lib.js +0 -113
  30. package/dist/scripts/agent-real-codex-patch-envelope-smoke.js +0 -126
  31. package/dist/scripts/agent-route-blackbox-lib.js +0 -132
  32. package/dist/scripts/blackbox-command-import-smoke.js +0 -143
  33. package/dist/scripts/blackbox-global-shim.js +0 -77
  34. package/dist/scripts/blackbox-matrix.js +0 -70
  35. package/dist/scripts/blackbox-npx-one-shot.js +0 -69
  36. package/dist/scripts/blackbox-pack-install.js +0 -174
  37. package/dist/scripts/build-dist.js +0 -64
  38. package/dist/scripts/check-architecture.js +0 -135
  39. package/dist/scripts/check-cli-entrypoint.js +0 -43
  40. package/dist/scripts/check-command-module-budget.js +0 -25
  41. package/dist/scripts/check-dist-runtime.js +0 -100
  42. package/dist/scripts/check-feature-quality.js +0 -53
  43. package/dist/scripts/check-legacy-free.js +0 -66
  44. package/dist/scripts/check-package-boundary.js +0 -108
  45. package/dist/scripts/check-pipeline-budget.js +0 -69
  46. package/dist/scripts/check-pipeline-runtime.js +0 -25
  47. package/dist/scripts/check-publish-tag.js +0 -30
  48. package/dist/scripts/check-route-modularity.js +0 -82
  49. package/dist/scripts/check-runtime-schemas.js +0 -87
  50. package/dist/scripts/check-source-runtime.js +0 -4
  51. package/dist/scripts/check-ts-contracts.js +0 -69
  52. package/dist/scripts/check-ts-suppressions.js +0 -58
  53. package/dist/scripts/clean-dist.js +0 -8
  54. package/dist/scripts/codex-0140-feature-gate-lib.js +0 -14
  55. package/dist/scripts/codex-config-eperm-fixture.js +0 -32
  56. package/dist/scripts/codex-lb-missing-env-regression.js +0 -40
  57. package/dist/scripts/codex-native-runtime-e2e-fixture.js +0 -75
  58. package/dist/scripts/codex-project-config-policy-merge-regression.js +0 -92
  59. package/dist/scripts/core-skill-legacy-promotion-api-audit.js +0 -54
  60. package/dist/scripts/ensure-bin-executable.js +0 -10
  61. package/dist/scripts/fixtures/fake-codex-config-loader.js +0 -51
  62. package/dist/scripts/github-release-body-helper.js +0 -65
  63. package/dist/scripts/gpt-image-2-real-file-smoke.js +0 -448
  64. package/dist/scripts/hooks-no-unsupported-handlers.js +0 -15
  65. package/dist/scripts/hooks-runtime-replay-warning-zero-v2.js +0 -26
  66. package/dist/scripts/hooks-runtime-replay-warning-zero.js +0 -10
  67. package/dist/scripts/hooks-trust-warning-zero.js +0 -14
  68. package/dist/scripts/lib/codex-sdk-gate-lib.js +0 -92
  69. package/dist/scripts/lib/ensure-dist-fresh.js +0 -142
  70. package/dist/scripts/lib/git-worktree-fixture.js +0 -33
  71. package/dist/scripts/lib/mad-sks-actual-executor-check-lib.js +0 -255
  72. package/dist/scripts/lib/native-cli-session-swarm-check-lib.js +0 -79
  73. package/dist/scripts/lib/real-codex-parallel-gate.js +0 -94
  74. package/dist/scripts/lib/real-codex-parallel-proof-fixture.js +0 -55
  75. package/dist/scripts/lib/valid-png-fixture.js +0 -25
  76. package/dist/scripts/mad-sks-live-protected-core-smoke.js +0 -5
  77. package/dist/scripts/naruto-real-local-gpt-final-smoke.js +0 -25
  78. package/dist/scripts/perf-gate.js +0 -39
  79. package/dist/scripts/prepublish-release-check-or-fast.js +0 -121
  80. package/dist/scripts/release-3112-required-gates.js +0 -30
  81. package/dist/scripts/release-3113-required-gates.js +0 -25
  82. package/dist/scripts/release-4000-required-gates.js +0 -36
  83. package/dist/scripts/release-4001-required-gates.js +0 -13
  84. package/dist/scripts/release-4002-required-gates.js +0 -14
  85. package/dist/scripts/release-check-dynamic-execute.js +0 -259
  86. package/dist/scripts/release-check-dynamic.js +0 -107
  87. package/dist/scripts/release-check-stamp.js +0 -261
  88. package/dist/scripts/release-gate-dag-runner.js +0 -56
  89. package/dist/scripts/release-gate-existence-audit.js +0 -111
  90. package/dist/scripts/release-gate-planner.js +0 -34
  91. package/dist/scripts/release-gate-worker.js +0 -10
  92. package/dist/scripts/release-speed-summary.js +0 -67
  93. package/dist/scripts/repo-audit.js +0 -83
  94. package/dist/scripts/rust-smoke.js +0 -5
  95. package/dist/scripts/sizecheck.js +0 -146
  96. package/dist/scripts/sks-1-11-gate-lib.js +0 -78
  97. package/dist/scripts/sks-1-18-gate-lib.js +0 -55
  98. package/dist/scripts/tmux-removal-inventory.js +0 -36
  99. package/dist/scripts/write-build-manifest.js +0 -71
  100. package/dist/scripts/zellij-dashboard-watch.js +0 -41
  101. package/dist/scripts/zellij-right-column-geometry-proof.js +0 -162
@@ -1,111 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import fs from 'node:fs';
4
- import path from 'node:path';
5
- import { assertGate, emitGate, packageScripts, root } from './sks-1-18-gate-lib.js';
6
- const scripts = packageScripts();
7
- const releaseManifestPath = path.join(root, 'release-gates.v2.json');
8
- const releaseManifest = JSON.parse(fs.readFileSync(releaseManifestPath, 'utf8'));
9
- const releaseGates = Array.isArray(releaseManifest.gates)
10
- ? releaseManifest.gates.filter((gate) => Array.isArray(gate.preset) && gate.preset.includes('release'))
11
- : [];
12
- const dagTasks = new Set(releaseGates.map((gate) => gate.id));
13
- const manifestTasks = new Set((Array.isArray(releaseManifest.gates) ? releaseManifest.gates : []).map((gate) => gate.id));
14
- const removedRuntime = `${'tm'}ux`;
15
- const removedLane = `${'warp'}-right-${'lane'}`;
16
- const removedRuntimeGateRe = new RegExp(`^${removedRuntime}:|^agent:${removedRuntime}-|real-${removedRuntime}|${removedLane}`, 'i');
17
- const required = [
18
- 'runtime:no-tmux',
19
- 'terminal:keyboard-enhancement-safety',
20
- 'terminal:tui-output-stability',
21
- 'zellij:layout-valid',
22
- 'zellij:initial-main-only-blackbox',
23
- 'zellij:right-column-geometry-proof',
24
- 'zellij:dynamic-pane-lifecycle',
25
- 'zellij:lane-renderer',
26
- 'zellij:doctor-readiness',
27
- 'zellij:spawn-on-demand-layout',
28
- 'zellij:worker-pane-manager',
29
- 'zellij:worker-pane-manager-single-owner',
30
- 'zellij:slot-only-ui',
31
- 'zellij:compact-slot-renderer',
32
- 'zellij:right-column-headless-overflow',
33
- 'safety:mutation-callsite-coverage',
34
- 'mad-sks:zellij-launch',
35
- 'mad-sks:zellij-default-pane-worker',
36
- 'agent:zellij-runtime',
37
- 'agent:slot-pane-binding-proof',
38
- 'agent:role-config-repair',
39
- 'agent:worker-pane-communication-contract',
40
- 'git:worktree-integration-primary',
41
- 'git:worktree-integration-primary-runtime',
42
- 'codex:0.137-compat',
43
- 'doctor:codex-doctor-parity',
44
- 'codex:permission-profiles',
45
- 'codex:legacy-profile-consumers-removed',
46
- 'codex:resume-cwd-truth',
47
- 'mcp:tool-naming-parity',
48
- 'responses:retry-policy-centralized',
49
- 'codex-app:fast-ui-preservation',
50
- 'codex-app:ui-clobber-guard',
51
- 'doctor:fixes-codex-app-fast-ui',
52
- 'mad-sks:app-ui-no-mutation',
53
- 'provider:badge-context',
54
- 'provider:context-config-toml',
55
- 'codex-app:provider-badge',
56
- 'runtime:no-mjs-scripts',
57
- 'runtime:ts-python-boundary',
58
- 'agent:patch-swarm-runtime-truth',
59
- 'agent:patch-transaction-journal',
60
- 'agent:patch-conflict-rebase',
61
- 'agent:strategy-to-patch-strict',
62
- 'agent:rollback-command',
63
- 'agent:native-cli-session-swarm',
64
- 'agent:native-cli-session-swarm-10',
65
- 'agent:native-cli-session-swarm-20',
66
- 'agent:no-subagent-scaling',
67
- 'agent:official-subagent-helper-policy',
68
- 'agent:native-cli-session-proof',
69
- 'agent:fast-mode-default',
70
- 'agent:fast-mode-worker-propagation',
71
- 'codex:fast-mode-profile-propagation',
72
- 'mad-sks:fast-mode-propagation',
73
- 'naruto:active-pool',
74
- 'naruto:real-active-pool',
75
- 'naruto:real-active-pool-runtime',
76
- 'naruto:extreme-parallelism',
77
- 'naruto:extreme-parallelism-real',
78
- 'naruto:zellij-dynamic-right-column',
79
- 'agent:wiki-context-proof',
80
- 'shared-memory:check',
81
- 'wrongness:check',
82
- 'wrongness:fixtures',
83
- 'trust:check',
84
- 'git-collaboration:e2e'
85
- ];
86
- assertGate(releaseManifest.schema === 'sks.release-gates.v2', 'release gate manifest schema mismatch', { schema: releaseManifest.schema });
87
- const releaseCheck = String(scripts['release:check'] || '');
88
- const releaseCheckTarget = releaseCheck.includes('release:check:affected')
89
- ? String(scripts['release:check:affected'] || '')
90
- : releaseCheck;
91
- assertGate(releaseCheckTarget.includes('release-gate-dag-runner') && /--preset\s+(?:release|affected)/.test(releaseCheckTarget), 'release:check must use the v2 DAG release/affected preset', { release_check: scripts['release:check'], resolved_release_check: releaseCheckTarget });
92
- assertGate(releaseGates.length > 0, 'release v2 manifest must include release preset gates', { gate_count: releaseGates.length });
93
- for (const name of required) {
94
- assertGate(Boolean(scripts[name]), `missing release gate script: ${name}`, { required });
95
- const inReleaseManifest = manifestTasks.has(name);
96
- assertGate(inReleaseManifest, `critical gate missing from release v2 manifest: ${name}`, { name, release_gates: [...dagTasks].sort(), manifest_gates: [...manifestTasks].sort() });
97
- const match = String(scripts[name]).match(/node\s+(\.\/dist\/scripts\/[^ ]+\.js)/);
98
- if (match)
99
- assertGate(fs.existsSync(path.join(root, match[1])), `script target missing for ${name}`, { command: scripts[name] });
100
- }
101
- for (const name of dagTasks) {
102
- if (name === 'build')
103
- continue;
104
- assertGate(Boolean(scripts[name]), `release DAG task has no package script: ${name}`, { name });
105
- assertGate(!removedRuntimeGateRe.test(name), `tmux gate remains in release DAG: ${name}`, { name });
106
- }
107
- for (const name of Object.keys(scripts)) {
108
- assertGate(!removedRuntimeGateRe.test(name), `tmux package gate remains: ${name}`, { name });
109
- }
110
- emitGate('release:gate-existence-audit', { gates: required.length, dag_tasks: dagTasks.size, manifest: 'release-gates.v2.json' });
111
- //# sourceMappingURL=release-gate-existence-audit.js.map
@@ -1,34 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- // Gate: release:gate-planner
4
- // Builds the release gate manifest (release-gates.json) from the live release-gate
5
- // set (DAG task ids + release:check chain) and validates manifest <-> release parity:
6
- // - every release gate is in the manifest,
7
- // - every manifest entry maps to a real package.json script.
8
- import fs from 'node:fs';
9
- import path from 'node:path';
10
- import { assertGate, emitGate, importDist, root } from './sks-1-18-gate-lib.js';
11
- const { buildGateManifest, validateManifestParity } = await importDist('core/release/gate-manifest.js');
12
- const pkg = JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8'));
13
- const scripts = pkg.scripts || {};
14
- const dagSource = fs.readFileSync(path.join(root, 'src/scripts/release-parallel-check.ts'), 'utf8');
15
- // Release gate ids = DAG task ids + gates referenced in the release:check chain.
16
- const dagIds = [...dagSource.matchAll(/task\('([^']+)'/g)].map((m) => m[1]);
17
- const releaseCheckIds = [...String(scripts['release:check'] || '').matchAll(/npm run ([^\s&]+)/g)].map((m) => m[1]);
18
- const releaseGateIds = [...new Set([...dagIds, ...releaseCheckIds])]
19
- .filter((id) => id && id !== 'build' && id !== 'release:check:parallel');
20
- const manifest = buildGateManifest(releaseGateIds);
21
- // Every manifest entry must map to a real package.json script.
22
- for (const entry of manifest.gates) {
23
- assertGate(Boolean(scripts[entry.id]), `gate in manifest without package script: ${entry.id}`, { id: entry.id });
24
- }
25
- // Every package script that is a release gate must be in the manifest, and vice versa.
26
- const parity = validateManifestParity(manifest.gates.map((g) => g.id), releaseGateIds);
27
- assertGate(parity.ok, 'gate manifest <-> release-gate parity failed', parity);
28
- const manifestPath = path.join(root, 'release-gates.json');
29
- fs.writeFileSync(manifestPath, `${JSON.stringify(manifest, null, 2)}\n`);
30
- const reportDir = path.join(root, '.sneakoscope', 'reports');
31
- fs.mkdirSync(reportDir, { recursive: true });
32
- fs.writeFileSync(path.join(reportDir, 'release-gate-plan.json'), `${JSON.stringify({ schema: 'sks.release-gate-plan.v1', ok: true, gate_count: manifest.gates.length, p0: manifest.gates.filter((g) => g.tier === 'P0').length, required_for_publish: manifest.gates.filter((g) => g.required_for_publish).length }, null, 2)}\n`);
33
- emitGate('release:gate-planner', { gates: manifest.gates.length, manifest: 'release-gates.json' });
34
- //# sourceMappingURL=release-gate-planner.js.map
@@ -1,10 +0,0 @@
1
- #!/usr/bin/env node
2
- import { spawnSync } from 'node:child_process';
3
- const command = process.argv.slice(2).join(' ');
4
- if (!command) {
5
- console.error('usage: release-gate-worker <command>');
6
- process.exit(2);
7
- }
8
- const result = spawnSync(command, { shell: true, stdio: 'inherit', env: process.env });
9
- process.exit(result.status ?? 1);
10
- //# sourceMappingURL=release-gate-worker.js.map
@@ -1,67 +0,0 @@
1
- #!/usr/bin/env node
2
- import fs from 'node:fs';
3
- import path from 'node:path';
4
- import { fileURLToPath } from 'node:url';
5
- const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..');
6
- const reports = path.join(root, '.sneakoscope', 'reports', 'release-gates');
7
- const runs = fs.existsSync(reports)
8
- ? fs.readdirSync(reports).map((name) => path.join(reports, name, 'summary.json')).filter((file) => fs.existsSync(file))
9
- : [];
10
- const latest = runs.sort((a, b) => fs.statSync(b).mtimeMs - fs.statSync(a).mtimeMs)[0];
11
- const summary = latest ? JSON.parse(fs.readFileSync(latest, 'utf8')) : null;
12
- const certificatePath = latest ? path.join(path.dirname(latest), 'completion-certificate.json') : null;
13
- const certificate = certificatePath && fs.existsSync(certificatePath) ? JSON.parse(fs.readFileSync(certificatePath, 'utf8')) : summary?.completion_certificate || null;
14
- const affectedGraphPath = latest ? path.join(path.dirname(latest), 'affected-gate-graph.json') : null;
15
- const mode = summary?.affected_selection?.mode || summary?.selected_preset || (summary?.full === true ? 'full' : 'unknown');
16
- const affectedMode = mode === 'affected';
17
- const latestRuntimeProof = latestRuntimeProofSummaryPath();
18
- console.log(JSON.stringify({
19
- schema: 'sks.release-speed-summary.v1',
20
- ok: true,
21
- report: latest || null,
22
- mode,
23
- affected_mode: affectedMode,
24
- affected_mode_warning: affectedMode ? 'Affected mode: true. This is not a full publish gate. Run npm run release:check:full before publishing.' : null,
25
- selected_gates: summary?.selected_gates || 0,
26
- selected_gate_ids: summary?.selected_gate_ids || [],
27
- skipped_by_affected: summary?.skipped_by_affected?.length || 0,
28
- skipped_gate_ids: summary?.skipped_by_affected || [],
29
- cached: summary?.cached || 0,
30
- cached_gates: summary?.cached_gates || [],
31
- proof_bank_file: certificate?.proof_bank_file || path.join(root, '.sneakoscope', 'proof-bank', 'gates', 'cache-v2.json'),
32
- completion_certificate: certificate,
33
- affected_graph_file: affectedGraphPath && fs.existsSync(affectedGraphPath) ? affectedGraphPath : null,
34
- reused_proofs: certificate?.reused_proofs || summary?.cached || 0,
35
- newly_executed_gates: certificate?.newly_executed_gates || summary?.executed_gates?.length || 0,
36
- five_minute_sla_met: certificate?.sla_met ?? null,
37
- version_neutralized_inputs: [
38
- 'package.json:version',
39
- 'package-lock.json:root.version',
40
- 'src/core/version.ts:PACKAGE_VERSION',
41
- 'src/core/fsx.ts:PACKAGE_VERSION',
42
- 'src/bin/sks.ts:FAST_PACKAGE_VERSION',
43
- 'dist/build-manifest.json:version'
44
- ],
45
- behavior_affecting_inputs: [],
46
- cache_key_policy: 'version-neutral-safe-v1',
47
- cache_message: 'Release cache: version-only changes neutralized for behavior gates. Version correctness gates still ran uncached.',
48
- executed: summary?.executed_gates?.length || 0,
49
- executed_gates: summary?.executed_gates || [],
50
- wall_ms: summary?.wall_ms || 0,
51
- cpu_time_saved_ms: summary?.cpu_time_saved_ms || 0,
52
- parallelism_gain: summary?.parallelism_gain || 0,
53
- max_running: summary?.peak_running || summary?.max_running || 0,
54
- slowest_gates: summary?.slowest_gates || [],
55
- proof_file_path: latestRuntimeProof
56
- }, null, 2));
57
- function latestRuntimeProofSummaryPath() {
58
- const missions = path.join(root, '.sneakoscope', 'missions');
59
- if (!fs.existsSync(missions))
60
- return null;
61
- const files = fs.readdirSync(missions)
62
- .map((name) => path.join(missions, name, 'agents', 'runtime-proof-summary.json'))
63
- .filter((file) => fs.existsSync(file))
64
- .sort((a, b) => fs.statSync(b).mtimeMs - fs.statSync(a).mtimeMs);
65
- return files[0] || null;
66
- }
67
- //# sourceMappingURL=release-speed-summary.js.map
@@ -1,83 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import { execFileSync } from 'node:child_process';
4
- import fs from 'node:fs';
5
- const riskyPathPatterns = [
6
- /(^|\/)\.env(\..*)?$/,
7
- /(^|\/)\.npmrc$/,
8
- /(^|\/)\.pypirc$/,
9
- /(^|\/)\.netrc$/,
10
- /(^|\/)\.envrc$/,
11
- /(^|\/)id_(rsa|dsa|ecdsa|ed25519)$/,
12
- /(^|\/)(\.mcp\.json|mcp\.json|claude_desktop_config\.json)$/,
13
- /(^|\/)(\.codex|\.agents|\.sneakoscope|\.dcodex|\.omx|\.cursor|\.windsurf)(\/|$)/,
14
- /(^|\/)(\.aws|\.azure)(\/|$)/,
15
- /\.(pem|key|p12|pfx|crt|cer|asc|kubeconfig|db|sqlite|sqlite3|dump|bak|backup|sql\.gz)$/i
16
- ];
17
- const allowedSneakoscopeSharedPathPatterns = [
18
- /^\.sneakoscope\/git-policy\.json$/,
19
- /^\.sneakoscope\/shared-memory-manifest\.json$/,
20
- /^\.sneakoscope\/wiki\/project-policy\.json$/,
21
- /^\.sneakoscope\/wiki\/records\/claims\/[^/]+\.json$/,
22
- /^\.sneakoscope\/wiki\/wrongness\/[^/]+\.json$/,
23
- /^\.sneakoscope\/wiki\/image-voxels\/[^/]+\/[^/]+\.json$/,
24
- /^\.sneakoscope\/wiki\/avoidance-rules\/[^/]+\.json$/,
25
- /^\.sneakoscope\/wiki\/summaries\/[^/]+\.md$/
26
- ];
27
- const secretContentPatterns = [
28
- /-----BEGIN (?:RSA |DSA |EC |OPENSSH |PGP )?PRIVATE KEY-----/,
29
- /\bnpm_[A-Za-z0-9]{20,}\b/,
30
- /\bgh[pousr]_[A-Za-z0-9_]{30,}\b/,
31
- /\bsk-[A-Za-z0-9_-]{32,}\b/,
32
- /\bAKIA[0-9A-Z]{16}\b/,
33
- /\bservice_role\b.{0,80}\beyJ[A-Za-z0-9_-]{20,}/i,
34
- /\b(supabase|firebase|stripe|resend|vercel|github|openai)[A-Za-z0-9_-]{0,30}_(?:secret|token|key)\b\s*[:=]\s*['"]?[A-Za-z0-9._-]{20,}/i
35
- ];
36
- function gitFiles(args) {
37
- const out = execFileSync('git', args, { encoding: 'utf8' });
38
- return out.split('\0').filter(Boolean);
39
- }
40
- function candidateFiles() {
41
- return [
42
- ...gitFiles(['ls-files', '-z']),
43
- ...gitFiles(['ls-files', '--others', '--exclude-standard', '-z'])
44
- ];
45
- }
46
- function isProbablyBinary(buf) {
47
- return buf.includes(0);
48
- }
49
- function isAllowedRiskyPath(file) {
50
- return allowedSneakoscopeSharedPathPatterns.some((pattern) => pattern.test(file));
51
- }
52
- const files = [...new Set(candidateFiles())];
53
- const findings = [];
54
- for (const file of files) {
55
- if (/^src\/.*\.mjs$/.test(file))
56
- findings.push({ file, reason: 'high severity runtime MJS shadow copy' });
57
- for (const pattern of riskyPathPatterns) {
58
- if (pattern.test(file) && !isAllowedRiskyPath(file))
59
- findings.push({ file, reason: 'risky tracked path' });
60
- }
61
- let buf;
62
- try {
63
- buf = fs.readFileSync(file);
64
- }
65
- catch {
66
- continue;
67
- }
68
- if (isProbablyBinary(buf))
69
- continue;
70
- const text = buf.toString('utf8');
71
- for (const pattern of secretContentPatterns) {
72
- if (pattern.test(text))
73
- findings.push({ file, reason: 'possible secret material' });
74
- }
75
- }
76
- if (findings.length) {
77
- console.error('Repo audit failed. Remove or untrack these before publishing:');
78
- for (const f of findings)
79
- console.error(`- ${f.file}: ${f.reason}`);
80
- process.exit(1);
81
- }
82
- console.log(`Repo audit passed: ${files.length} tracked and unignored files checked.`);
83
- //# sourceMappingURL=repo-audit.js.map
@@ -1,5 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import { rustCommand } from '../core/commands/rust-command.js';
4
- await rustCommand(['smoke', '--json', ...process.argv.slice(2)]);
5
- //# sourceMappingURL=rust-smoke.js.map
@@ -1,146 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import { spawnSync } from 'node:child_process';
4
- import fs from 'node:fs';
5
- import os from 'node:os';
6
- import path from 'node:path';
7
- import { fileURLToPath } from 'node:url';
8
- const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..');
9
- const limits = {
10
- packedBytes: Number(process.env.SKS_MAX_PACK_BYTES || 1536 * 1024),
11
- unpackedBytes: Number(process.env.SKS_MAX_UNPACKED_BYTES || 6400 * 1024),
12
- packFiles: Number(process.env.SKS_MAX_PACK_FILES || 1200),
13
- trackedFileBytes: Number(process.env.SKS_MAX_TRACKED_FILE_BYTES || 384 * 1024)
14
- };
15
- const trackedFileSizeAllowlist = new Set([
16
- // Historical source documentation export; not included in the npm package payload.
17
- 'docs/sks-local-llm-mode/exports/sks-local-llm-mode-deck.pdf',
18
- // Central release DAG manifest; package footprint limits still apply below.
19
- 'release-gates.v2.json'
20
- ]);
21
- const npmBin = process.platform === 'win32' ? 'npm.cmd' : 'npm';
22
- function fail(message, detail = '') {
23
- console.error(`Size check failed: ${message}`);
24
- if (detail)
25
- console.error(detail.trim());
26
- process.exit(2);
27
- }
28
- function fmt(bytes) {
29
- if (bytes < 1024)
30
- return `${bytes} B`;
31
- if (bytes < 1024 * 1024)
32
- return `${(bytes / 1024).toFixed(1)} KiB`;
33
- return `${(bytes / 1024 / 1024).toFixed(2)} MiB`;
34
- }
35
- function run(cmd, args, options = {}) {
36
- return spawnSync(cmd, args, {
37
- cwd: root,
38
- encoding: 'utf8',
39
- ...options
40
- });
41
- }
42
- function checkTrackedFiles() {
43
- const result = run('git', ['ls-files', '-z'], { encoding: 'buffer' });
44
- if (result.status !== 0)
45
- fail('unable to list tracked files', result.stderr?.toString('utf8') || '');
46
- const files = result.stdout.toString('utf8').split('\0').filter(Boolean);
47
- const oversized = [];
48
- for (const file of files) {
49
- if (trackedFileSizeAllowlist.has(file))
50
- continue;
51
- let stat;
52
- try {
53
- stat = fs.statSync(path.join(root, file));
54
- }
55
- catch (err) {
56
- if (err?.code === 'ENOENT')
57
- continue;
58
- throw err;
59
- }
60
- if (stat.size > limits.trackedFileBytes)
61
- oversized.push(`${file} (${fmt(stat.size)})`);
62
- }
63
- if (oversized.length) {
64
- fail(`tracked file exceeds ${fmt(limits.trackedFileBytes)}`, oversized.join('\n'));
65
- }
66
- }
67
- function checkVersionSync() {
68
- const pkg = JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8'));
69
- const lock = JSON.parse(fs.readFileSync(path.join(root, 'package-lock.json'), 'utf8'));
70
- const source = fs.readFileSync(path.join(root, 'src', 'core', 'version.ts'), 'utf8');
71
- const fsx = fs.readFileSync(path.join(root, 'src', 'core', 'fsx.ts'), 'utf8');
72
- const tsBin = fs.readFileSync(path.join(root, 'src', 'bin', 'sks.ts'), 'utf8');
73
- const cargoToml = fs.readFileSync(path.join(root, 'crates', 'sks-core', 'Cargo.toml'), 'utf8');
74
- const cargoLock = fs.readFileSync(path.join(root, 'crates', 'sks-core', 'Cargo.lock'), 'utf8');
75
- const cargoMain = fs.readFileSync(path.join(root, 'crates', 'sks-core', 'src', 'main.rs'), 'utf8');
76
- const sourceVersion = source.match(/export const PACKAGE_VERSION = ['"]([^'"]+)['"];/)?.[1];
77
- const fsxVersion = fsx.match(/export const PACKAGE_VERSION = ['"]([^'"]+)['"];/)?.[1];
78
- const tsBinVersion = tsBin.match(/const FAST_PACKAGE_VERSION = ['"]([^'"]+)['"];/)?.[1];
79
- const cargoTomlVersion = cargoToml.match(/^version = "([^"]+)"/m)?.[1];
80
- const cargoLockVersion = cargoLock.match(/\[\[package\]\]\nname = "sks-core"\nversion = "([^"]+)"/)?.[1];
81
- const cargoMainVersion = cargoMain.match(/println!\("sks-rs ([^"]+)"\)/)?.[1];
82
- const lockRootVersion = lock.packages?.['']?.version;
83
- const mismatches = [
84
- ['package-lock.json version', lock.version],
85
- ['package-lock root package version', lockRootVersion],
86
- ['src/core/version.ts PACKAGE_VERSION', sourceVersion],
87
- ['src/core/fsx.ts PACKAGE_VERSION', fsxVersion],
88
- ['src/bin/sks.ts FAST_PACKAGE_VERSION', tsBinVersion],
89
- ['crates/sks-core/Cargo.toml version', cargoTomlVersion],
90
- ['crates/sks-core/Cargo.lock sks-core version', cargoLockVersion],
91
- ['crates/sks-core/src/main.rs sks-rs version', cargoMainVersion]
92
- ].filter(([, version]) => version !== pkg.version);
93
- if (mismatches.length) {
94
- fail('package version metadata is not synchronized', [
95
- `package.json version: ${pkg.version}`,
96
- ...mismatches.map(([label, version]) => `${label}: ${version || 'missing'}`)
97
- ].join('\n'));
98
- }
99
- }
100
- function checkPackageFootprint() {
101
- const env = {
102
- ...process.env,
103
- npm_config_cache: process.env.SKS_SIZECHECK_NPM_CACHE || path.join(os.tmpdir(), 'sneakoscope-npm-cache')
104
- };
105
- const result = run(npmBin, ['pack', '--dry-run', '--json', '--ignore-scripts'], { env });
106
- if (result.status !== 0)
107
- fail('npm pack dry-run failed', `${result.stdout || ''}\n${result.stderr || ''}`);
108
- let info;
109
- try {
110
- info = JSON.parse(result.stdout)[0];
111
- }
112
- catch {
113
- fail('npm pack dry-run returned non-json output', result.stdout || '');
114
- }
115
- if (!info)
116
- fail('npm pack dry-run returned no package metadata');
117
- const forbiddenPatterns = [
118
- /^\.agents\//,
119
- /^\.codex\//,
120
- /^\.dcodex\//,
121
- /^\.omx\//,
122
- /^\.sneakoscope\//,
123
- /^native\//,
124
- /^node_modules\//,
125
- /^scripts\//,
126
- /^tmp\//,
127
- /^logs\//,
128
- /\.(tgz|zip|tar|tar\.gz|log)$/i
129
- ];
130
- const forbidden = (info.files || [])
131
- .map((file) => file.path)
132
- .filter((file) => forbiddenPatterns.some((pattern) => pattern.test(file)));
133
- if (forbidden.length)
134
- fail('npm package includes forbidden files', forbidden.join('\n'));
135
- if (info.size > limits.packedBytes)
136
- fail(`npm tarball exceeds ${fmt(limits.packedBytes)}`, `${info.filename}: ${fmt(info.size)}`);
137
- if (info.unpackedSize > limits.unpackedBytes)
138
- fail(`npm unpacked size exceeds ${fmt(limits.unpackedBytes)}`, `${info.filename}: ${fmt(info.unpackedSize)}`);
139
- if (info.entryCount > limits.packFiles)
140
- fail(`npm package file count exceeds ${limits.packFiles}`, `${info.entryCount} files`);
141
- console.log(`Size check passed: ${fmt(info.size)} packed, ${fmt(info.unpackedSize)} unpacked, ${info.entryCount} files.`);
142
- }
143
- checkTrackedFiles();
144
- checkVersionSync();
145
- checkPackageFootprint();
146
- //# sourceMappingURL=sizecheck.js.map
@@ -1,78 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import fs from 'node:fs';
4
- import path from 'node:path';
5
- import { spawnSync } from 'node:child_process';
6
- import { fileURLToPath } from 'node:url';
7
- export const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..');
8
- export function assertGate(condition, message, detail = {}) {
9
- if (condition)
10
- return;
11
- console.error(JSON.stringify({ ok: false, message, detail }, null, 2));
12
- process.exit(1);
13
- }
14
- export function emitGate(name, detail = {}) {
15
- console.log(JSON.stringify({ schema: 'sks.release-gate.v1', ok: true, gate: name, ...detail }, null, 2));
16
- }
17
- export function runSksJson(args) {
18
- const entrypoint = path.join(root, 'dist', 'bin', 'sks.js');
19
- assertGate(fs.existsSync(entrypoint), 'dist entrypoint missing; run npm run build first', { entrypoint });
20
- const result = spawnSync(process.execPath, [entrypoint, ...args], {
21
- cwd: root,
22
- encoding: 'utf8',
23
- timeout: Number(process.env.SKS_GATE_TIMEOUT_MS || 120_000),
24
- env: { ...process.env, SKS_SKIP_NPM_FRESHNESS_CHECK: '1', CI: 'true' }
25
- });
26
- if (result.status !== 0) {
27
- assertGate(false, 'sks command failed', { args, status: result.status, stdout: result.stdout, stderr: result.stderr });
28
- }
29
- try {
30
- return JSON.parse(result.stdout);
31
- }
32
- catch (err) {
33
- assertGate(false, 'sks command did not emit parseable JSON', { args, stdout: result.stdout, error: err.message });
34
- }
35
- }
36
- export function runPptReview(action = 'review') {
37
- const json = runSksJson(['ppt', 'fixture', '--mock', '--json']);
38
- const proof = readMissionJson(json.mission_id, 'completion-proof.json');
39
- const review = json.artifacts || json.imagegen_review || {};
40
- json.proof_evidence = proof.evidence?.ppt_review || json.artifacts?.proof_evidence || {};
41
- json.artifacts = {
42
- ...review,
43
- callouts: {
44
- ...(review.slide_callout_ledger || {}),
45
- no_text_fallback: review.slide_callout_ledger?.text_only_fallback_allowed === false || review.slide_callout_ledger?.generated_slide_callout_images_count > 0
46
- },
47
- slideIssues: review.slide_issue_ledger || {}
48
- };
49
- assertGate(json.ok === true, 'ppt imagegen review fixture blocked', json);
50
- assertGate(json.proof_evidence?.generated_slide_callout_images_count > 0, 'ppt callout image evidence missing', json.proof_evidence);
51
- assertGate(json.proof_evidence?.slide_issue_extraction_status === 'valid', 'ppt issue extraction missing', json.proof_evidence);
52
- return json;
53
- }
54
- export function runDfixFixture() {
55
- const json = runSksJson(['dfix', 'fixture', '--json']);
56
- json.gate = json.gate || json.artifacts?.gate;
57
- assertGate(json.ok === true, 'dfix fixture blocked', json);
58
- assertGate(json.gate?.passed === true, 'dfix gate did not pass', json.gate);
59
- return json;
60
- }
61
- export function runUxFixture() {
62
- const json = runSksJson(['image-ux-review', 'fixture', '--mock', '--json']);
63
- assertGate(json.ok === true, 'image UX review fixture blocked', json);
64
- return json;
65
- }
66
- export function missionFile(missionId, file) {
67
- return path.join(root, '.sneakoscope', 'missions', missionId, file);
68
- }
69
- export function readMissionJson(missionId, file) {
70
- const absolute = missionFile(missionId, file);
71
- assertGate(fs.existsSync(absolute), `mission artifact missing: ${file}`, { mission_id: missionId, absolute });
72
- return JSON.parse(fs.readFileSync(absolute, 'utf8'));
73
- }
74
- export function hasRelationType(missionId, type) {
75
- const ledger = readMissionJson(missionId, 'image-voxel-ledger.json');
76
- return (ledger.relations || []).some((relation) => relation.type === type);
77
- }
78
- //# sourceMappingURL=sks-1-11-gate-lib.js.map
@@ -1,55 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import fs from 'node:fs';
4
- import path from 'node:path';
5
- import { fileURLToPath, pathToFileURL } from 'node:url';
6
- export const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..');
7
- export function assertGate(condition, message, detail = {}) {
8
- if (condition)
9
- return;
10
- console.error(JSON.stringify({ ok: false, message, detail }, null, 2));
11
- process.exit(1);
12
- }
13
- export function emitGate(name, detail = {}) {
14
- console.log(JSON.stringify({ schema: 'sks.release-gate.v1', ok: true, gate: name, ...detail }, null, 2));
15
- }
16
- export function readText(rel) {
17
- return fs.readFileSync(path.join(root, rel), 'utf8');
18
- }
19
- export function readJson(rel) {
20
- return JSON.parse(readText(rel));
21
- }
22
- export function exists(rel) {
23
- return fs.existsSync(path.join(root, rel));
24
- }
25
- export async function importDist(rel) {
26
- const absolute = path.join(root, 'dist', rel);
27
- assertGate(fs.existsSync(absolute), `dist module missing: ${rel}`, { hint: 'run npm run build first' });
28
- return import(pathToFileURL(absolute).href);
29
- }
30
- export function packageScripts() {
31
- return readJson('package.json').scripts || {};
32
- }
33
- export function scriptContains(name, token) {
34
- return String(packageScripts()[name] || '').includes(token);
35
- }
36
- export function assertFiles(files) {
37
- for (const file of files)
38
- assertGate(exists(file), `missing required file: ${file}`);
39
- }
40
- export const SOURCE_INTELLIGENCE_FILES = [
41
- 'src/core/source-intelligence/source-intelligence-policy.ts',
42
- 'src/core/source-intelligence/source-intelligence-runner.ts',
43
- 'src/core/source-intelligence/source-intelligence-proof.ts',
44
- 'src/core/mcp/xai-mcp-detector.ts',
45
- 'src/core/mcp/xai-search-adapter.ts',
46
- 'src/core/codex/codex-web-search-adapter.ts'
47
- ];
48
- export const AGENT_118_FILES = [
49
- 'src/core/agents/scout-policy.ts',
50
- 'src/core/agents/agent-terminal-session.ts',
51
- 'src/core/agents/zellij-right-lane-cockpit.ts',
52
- 'src/core/agents/agent-runner-zellij.ts',
53
- 'src/core/codex/official-goal-mode.ts'
54
- ];
55
- //# sourceMappingURL=sks-1-18-gate-lib.js.map
@@ -1,36 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import fs from 'node:fs/promises';
4
- import path from 'node:path';
5
- import { root } from './lib/ensure-dist-fresh.js';
6
- const matches = [];
7
- for (const dir of ['src', 'scripts', 'docs', 'README.md', 'CHANGELOG.md', 'package.json']) {
8
- for (const file of await listFiles(path.join(root, dir))) {
9
- const text = await fs.readFile(file, 'utf8').catch(() => '');
10
- if (/tmux/i.test(text))
11
- matches.push(path.relative(root, file));
12
- }
13
- }
14
- const report = { schema: 'sks.tmux-removal-inventory.v1', ok: true, generated_at: new Date().toISOString(), match_files: [...new Set(matches)].sort(), migration_note: 'Runtime paths moved to Zellij; remaining tmux mentions are historical docs, migration notices, or removal gates.' };
15
- await fs.mkdir(path.join(root, '.sneakoscope', 'reports'), { recursive: true });
16
- await fs.writeFile(path.join(root, '.sneakoscope', 'reports', 'tmux-removal-inventory.json'), `${JSON.stringify(report, null, 2)}\n`);
17
- console.log(JSON.stringify(report, null, 2));
18
- async function listFiles(target) {
19
- const stat = await fs.stat(target).catch(() => null);
20
- if (!stat)
21
- return [];
22
- if (stat.isFile())
23
- return [target];
24
- const out = [];
25
- for (const entry of await fs.readdir(target, { withFileTypes: true })) {
26
- if (entry.name === 'node_modules' || entry.name === 'dist' || entry.name === '.git')
27
- continue;
28
- const file = path.join(target, entry.name);
29
- if (entry.isDirectory())
30
- out.push(...await listFiles(file));
31
- else if (entry.isFile())
32
- out.push(file);
33
- }
34
- return out;
35
- }
36
- //# sourceMappingURL=tmux-removal-inventory.js.map