sneakoscope 4.0.13 → 4.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/README.md +10 -2
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/bin/sks.js +1 -1
  6. package/dist/cli/global-mode-router.js +2 -1
  7. package/dist/core/commands/mad-sks-command.js +3 -0
  8. package/dist/core/fsx.js +1 -1
  9. package/dist/core/providers/glm/bench/glm-bench-model-lock-proof.js +32 -3
  10. package/dist/core/providers/glm/bench/glm-benchmark-runner.js +29 -5
  11. package/dist/core/providers/glm/bench/glm-benchmark-types.js +1 -1
  12. package/dist/core/providers/glm/naruto/glm-naruto-critical-path.js +51 -0
  13. package/dist/core/providers/glm/naruto/glm-naruto-final-seal.js +9 -2
  14. package/dist/core/providers/glm/naruto/glm-naruto-orchestrator.js +101 -15
  15. package/dist/core/providers/glm/naruto/glm-naruto-parallelism-summary.js +55 -0
  16. package/dist/core/providers/glm/naruto/glm-naruto-requirement-coverage.js +92 -0
  17. package/dist/core/providers/glm/naruto/glm-naruto-requirement-ledger.js +42 -0
  18. package/dist/core/providers/glm/naruto/glm-naruto-stage-scheduler.js +85 -0
  19. package/dist/core/providers/glm/naruto/glm-naruto-task-size-classifier.js +12 -0
  20. package/dist/core/providers/glm/naruto/glm-naruto-trace.js +4 -0
  21. package/dist/core/providers/glm/naruto/glm-naruto-verifier-output.js +5 -0
  22. package/dist/core/providers/glm/naruto/glm-naruto-worker-pool.js +130 -44
  23. package/dist/core/providers/glm/naruto/glm-naruto-worker-runtime.js +6 -2
  24. package/dist/core/routes/model-mode-router.js +44 -0
  25. package/dist/core/version.js +1 -1
  26. package/package.json +24 -1
  27. package/dist/scripts/agent-dynamic-pool-fixture.js +0 -80
  28. package/dist/scripts/agent-native-release-gate.js +0 -274
  29. package/dist/scripts/agent-patch-swarm-gate-lib.js +0 -113
  30. package/dist/scripts/agent-real-codex-patch-envelope-smoke.js +0 -126
  31. package/dist/scripts/agent-route-blackbox-lib.js +0 -132
  32. package/dist/scripts/blackbox-command-import-smoke.js +0 -143
  33. package/dist/scripts/blackbox-global-shim.js +0 -77
  34. package/dist/scripts/blackbox-matrix.js +0 -70
  35. package/dist/scripts/blackbox-npx-one-shot.js +0 -69
  36. package/dist/scripts/blackbox-pack-install.js +0 -174
  37. package/dist/scripts/build-dist.js +0 -64
  38. package/dist/scripts/check-architecture.js +0 -135
  39. package/dist/scripts/check-cli-entrypoint.js +0 -43
  40. package/dist/scripts/check-command-module-budget.js +0 -25
  41. package/dist/scripts/check-dist-runtime.js +0 -100
  42. package/dist/scripts/check-feature-quality.js +0 -53
  43. package/dist/scripts/check-legacy-free.js +0 -66
  44. package/dist/scripts/check-package-boundary.js +0 -108
  45. package/dist/scripts/check-pipeline-budget.js +0 -69
  46. package/dist/scripts/check-pipeline-runtime.js +0 -25
  47. package/dist/scripts/check-publish-tag.js +0 -30
  48. package/dist/scripts/check-route-modularity.js +0 -82
  49. package/dist/scripts/check-runtime-schemas.js +0 -87
  50. package/dist/scripts/check-source-runtime.js +0 -4
  51. package/dist/scripts/check-ts-contracts.js +0 -69
  52. package/dist/scripts/check-ts-suppressions.js +0 -58
  53. package/dist/scripts/clean-dist.js +0 -8
  54. package/dist/scripts/codex-0140-feature-gate-lib.js +0 -14
  55. package/dist/scripts/codex-config-eperm-fixture.js +0 -32
  56. package/dist/scripts/codex-lb-missing-env-regression.js +0 -40
  57. package/dist/scripts/codex-native-runtime-e2e-fixture.js +0 -75
  58. package/dist/scripts/codex-project-config-policy-merge-regression.js +0 -92
  59. package/dist/scripts/core-skill-legacy-promotion-api-audit.js +0 -54
  60. package/dist/scripts/ensure-bin-executable.js +0 -10
  61. package/dist/scripts/fixtures/fake-codex-config-loader.js +0 -51
  62. package/dist/scripts/github-release-body-helper.js +0 -65
  63. package/dist/scripts/gpt-image-2-real-file-smoke.js +0 -448
  64. package/dist/scripts/hooks-no-unsupported-handlers.js +0 -15
  65. package/dist/scripts/hooks-runtime-replay-warning-zero-v2.js +0 -26
  66. package/dist/scripts/hooks-runtime-replay-warning-zero.js +0 -10
  67. package/dist/scripts/hooks-trust-warning-zero.js +0 -14
  68. package/dist/scripts/lib/codex-sdk-gate-lib.js +0 -92
  69. package/dist/scripts/lib/ensure-dist-fresh.js +0 -142
  70. package/dist/scripts/lib/git-worktree-fixture.js +0 -33
  71. package/dist/scripts/lib/mad-sks-actual-executor-check-lib.js +0 -255
  72. package/dist/scripts/lib/native-cli-session-swarm-check-lib.js +0 -79
  73. package/dist/scripts/lib/real-codex-parallel-gate.js +0 -94
  74. package/dist/scripts/lib/real-codex-parallel-proof-fixture.js +0 -55
  75. package/dist/scripts/lib/valid-png-fixture.js +0 -25
  76. package/dist/scripts/mad-sks-live-protected-core-smoke.js +0 -5
  77. package/dist/scripts/naruto-real-local-gpt-final-smoke.js +0 -25
  78. package/dist/scripts/perf-gate.js +0 -39
  79. package/dist/scripts/prepublish-release-check-or-fast.js +0 -121
  80. package/dist/scripts/release-3112-required-gates.js +0 -30
  81. package/dist/scripts/release-3113-required-gates.js +0 -25
  82. package/dist/scripts/release-4000-required-gates.js +0 -36
  83. package/dist/scripts/release-4001-required-gates.js +0 -13
  84. package/dist/scripts/release-4002-required-gates.js +0 -14
  85. package/dist/scripts/release-check-dynamic-execute.js +0 -259
  86. package/dist/scripts/release-check-dynamic.js +0 -107
  87. package/dist/scripts/release-check-stamp.js +0 -261
  88. package/dist/scripts/release-gate-dag-runner.js +0 -56
  89. package/dist/scripts/release-gate-existence-audit.js +0 -111
  90. package/dist/scripts/release-gate-planner.js +0 -34
  91. package/dist/scripts/release-gate-worker.js +0 -10
  92. package/dist/scripts/release-speed-summary.js +0 -67
  93. package/dist/scripts/repo-audit.js +0 -83
  94. package/dist/scripts/rust-smoke.js +0 -5
  95. package/dist/scripts/sizecheck.js +0 -146
  96. package/dist/scripts/sks-1-11-gate-lib.js +0 -78
  97. package/dist/scripts/sks-1-18-gate-lib.js +0 -55
  98. package/dist/scripts/tmux-removal-inventory.js +0 -36
  99. package/dist/scripts/write-build-manifest.js +0 -71
  100. package/dist/scripts/zellij-dashboard-watch.js +0 -41
  101. package/dist/scripts/zellij-right-column-geometry-proof.js +0 -162
@@ -1,10 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import { codexHookWarningCheck } from '../core/codex-compat/codex-hook-warning-detector.js';
4
- const report = await codexHookWarningCheck(process.cwd());
5
- const events = new Set((report.events || []).map((row) => row.event));
6
- const ok = report.ok && report.warnings_count === 0 && events.has('SubagentStart') && events.has('SubagentStop');
7
- console.log(JSON.stringify({ schema: 'sks.hooks-runtime-replay-warning-zero.v1', ok, warnings_count: report.warnings_count, events: Array.from(events).sort(), report }, null, 2));
8
- if (!ok)
9
- process.exitCode = 1;
10
- //# sourceMappingURL=hooks-runtime-replay-warning-zero.js.map
@@ -1,14 +0,0 @@
1
- #!/usr/bin/env node
2
- // @ts-nocheck
3
- import { codexHookWarningCheck } from '../core/codex-compat/codex-hook-warning-detector.js';
4
- const report = await codexHookWarningCheck(process.cwd());
5
- console.log(JSON.stringify({
6
- schema: 'sks.hooks-trust-warning-zero.v1',
7
- ok: report.ok,
8
- warnings_count: report.warnings_count,
9
- issues_by_category: report.issues_by_category,
10
- trust_warning_section: report.config?.dual_representation || null
11
- }, null, 2));
12
- if (!report.ok)
13
- process.exitCode = 1;
14
- //# sourceMappingURL=hooks-trust-warning-zero.js.map
@@ -1,92 +0,0 @@
1
- // @ts-nocheck
2
- import fs from 'node:fs/promises';
3
- import os from 'node:os';
4
- import path from 'node:path';
5
- import { assertGate, emitGate, importDist, readJson, readText, root } from '../sks-1-18-gate-lib.js';
6
- export { assertGate, emitGate, importDist, readJson, readText, root };
7
- export async function readJsonFile(file) {
8
- return JSON.parse(await fs.readFile(file, 'utf8'));
9
- }
10
- export async function readTextFile(file) {
11
- return fs.readFile(file, 'utf8');
12
- }
13
- export async function runFakeCodexSdkTaskFixture(label = 'fixture', extra = {}) {
14
- const mod = await importDist('core/codex-control/codex-control-plane.js');
15
- const schema = await importDist('core/codex-control/schemas/agent-worker-result.schema.js');
16
- const tmp = await fs.mkdtemp(path.join(os.tmpdir(), `sks-codex-sdk-${label}-`));
17
- const old = snapshotEnv();
18
- process.env.NODE_ENV = 'test';
19
- process.env.SKS_CODEX_SDK_FAKE = '1';
20
- try {
21
- const result = await mod.runCodexTask({
22
- route: extra.route || '$Agent',
23
- missionId: extra.missionId || `M-${label}`,
24
- workItemId: extra.workItemId || `${label}-work-item`,
25
- slotId: extra.slotId || 'slot-001',
26
- generationIndex: extra.generationIndex || 1,
27
- sessionId: extra.sessionId || `${label}-session`,
28
- cwd: root,
29
- prompt: extra.prompt || `Hermetic Codex SDK gate fixture ${label}`,
30
- inputFiles: [],
31
- inputImages: [],
32
- outputSchemaId: schema.CODEX_AGENT_WORKER_RESULT_SCHEMA_ID,
33
- outputSchema: schema.codexAgentWorkerResultSchema,
34
- sandboxPolicy: extra.sandboxPolicy || 'read-only',
35
- requestedScopeContract: {
36
- id: `${label}-scope`,
37
- route: extra.route || '$Agent',
38
- read_only: extra.sandboxPolicy !== 'workspace-write',
39
- allowed_paths: extra.allowedPaths || [],
40
- write_paths: extra.allowedPaths || [],
41
- user_confirmed_full_access: false,
42
- mad_sks_authorized: true,
43
- ...(extra.requestedScopeContract || {})
44
- },
45
- mutationLedgerRoot: tmp,
46
- zellijPaneId: extra.zellijPaneId || null
47
- });
48
- const proof = await readJsonFile(path.join(tmp, 'codex-control-proof.json'));
49
- const registry = await readJsonFile(path.join(tmp, 'codex-thread-registry.json'));
50
- const worker = await readJsonFile(path.join(tmp, 'codex-sdk-worker-result.json'));
51
- const eventText = await fs.readFile(path.join(tmp, 'codex-sdk-events.jsonl'), 'utf8');
52
- const events = eventText.split(/\n/).filter(Boolean).map((line) => JSON.parse(line));
53
- return { tmp, result, proof, registry, worker, events };
54
- }
55
- finally {
56
- restoreEnv(old);
57
- }
58
- }
59
- export function packageScripts() {
60
- return readJson('package.json').scripts || {};
61
- }
62
- export function releaseGateIds() {
63
- const manifest = readJson('release-gates.v2.json');
64
- return new Set((manifest.gates || []).map((gate) => gate.id));
65
- }
66
- export function assertSourceIncludes(file, tokens) {
67
- const text = readText(file);
68
- for (const token of tokens)
69
- assertGate(text.includes(token), `${file} missing token ${token}`);
70
- return text;
71
- }
72
- export function assertScriptPresent(name) {
73
- const scripts = packageScripts();
74
- assertGate(Boolean(scripts[name]), `package script missing: ${name}`, { script: name });
75
- return scripts[name];
76
- }
77
- function snapshotEnv() {
78
- return {
79
- NODE_ENV: process.env.NODE_ENV,
80
- SKS_CODEX_SDK_FAKE: process.env.SKS_CODEX_SDK_FAKE,
81
- SKS_CODEX_SDK_FIXTURE: process.env.SKS_CODEX_SDK_FIXTURE
82
- };
83
- }
84
- function restoreEnv(old) {
85
- for (const [key, value] of Object.entries(old)) {
86
- if (value === undefined)
87
- delete process.env[key];
88
- else
89
- process.env[key] = value;
90
- }
91
- }
92
- //# sourceMappingURL=codex-sdk-gate-lib.js.map
@@ -1,142 +0,0 @@
1
- // @ts-nocheck
2
- import { spawnSync } from 'node:child_process';
3
- import crypto from 'node:crypto';
4
- import fs from 'node:fs';
5
- import path from 'node:path';
6
- import { fileURLToPath } from 'node:url';
7
- export const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..', '..');
8
- export const distStampPath = path.join(root, 'dist', '.sks-build-stamp.json');
9
- export const reportStampPath = path.join(root, '.sneakoscope', 'reports', 'dist-build-stamp.json');
10
- export function sourceSnapshot() {
11
- const files = releaseRelevantFiles();
12
- const hash = crypto.createHash('sha256');
13
- for (const file of files) {
14
- const full = path.join(root, file);
15
- if (!fs.existsSync(full) || !fs.statSync(full).isFile())
16
- continue;
17
- const buf = fs.readFileSync(full);
18
- hash.update(file);
19
- hash.update('\0');
20
- hash.update(String(buf.length));
21
- hash.update('\0');
22
- hash.update(sha256(buf));
23
- hash.update('\0');
24
- }
25
- return { digest: hash.digest('hex'), file_count: files.length, files };
26
- }
27
- export function currentDistFreshness() {
28
- const pkg = JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8'));
29
- const snapshot = sourceSnapshot();
30
- const stamp = readJson(distStampPath) || readJson(path.join(root, 'dist', 'build-manifest.json'));
31
- const issues = [];
32
- if (!stamp)
33
- issues.push('dist_build_stamp_missing');
34
- if (stamp && stamp.package_version !== pkg.version && stamp.version !== pkg.version)
35
- issues.push(`dist_version:${stamp.package_version || stamp.version || 'missing'}!=${pkg.version}`);
36
- if (stamp && stamp.source_digest !== snapshot.digest)
37
- issues.push('dist_source_digest_stale');
38
- if (!fs.existsSync(path.join(root, 'dist', 'bin', 'sks.js')))
39
- issues.push('dist_bin_missing');
40
- return {
41
- schema: 'sks.dist-freshness.v1',
42
- ok: issues.length === 0,
43
- package_version: pkg.version,
44
- source_digest: snapshot.digest,
45
- source_file_count: snapshot.file_count,
46
- stamp_path: fs.existsSync(distStampPath) ? distStampPath : path.join(root, 'dist', 'build-manifest.json'),
47
- stamp,
48
- issues
49
- };
50
- }
51
- export function ensureDistFresh({ rebuild = true } = {}) {
52
- let freshness = currentDistFreshness();
53
- const rebuildAllowed = rebuild
54
- && process.env.SKS_ENSURE_DIST_NO_REBUILD !== '1'
55
- && process.env.SKS_RELEASE_DIST_FRESHNESS_NO_REBUILD !== '1';
56
- if (freshness.ok || !rebuildAllowed)
57
- return freshness;
58
- const run = spawnSync(process.platform === 'win32' ? 'npm.cmd' : 'npm', ['run', 'build', '--silent'], {
59
- cwd: root,
60
- encoding: 'utf8',
61
- stdio: 'pipe'
62
- });
63
- if (run.status !== 0) {
64
- return {
65
- ...freshness,
66
- ok: false,
67
- rebuild_attempted: true,
68
- rebuild_status: run.status,
69
- issues: [...freshness.issues, `build_failed:${tail(run.stderr || run.stdout)}`]
70
- };
71
- }
72
- freshness = currentDistFreshness();
73
- return { ...freshness, rebuild_attempted: true, rebuild_status: run.status };
74
- }
75
- export function buildStampPayload() {
76
- const pkg = JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8'));
77
- const snapshot = sourceSnapshot();
78
- return {
79
- schema: 'sks.dist-build-stamp.v1',
80
- package_name: pkg.name,
81
- package_version: pkg.version,
82
- source_digest: snapshot.digest,
83
- source_file_count: snapshot.file_count,
84
- built_at_source_time: latestSourceMtime(snapshot.files)
85
- };
86
- }
87
- export function writeDistFreshStamp() {
88
- const payload = buildStampPayload();
89
- fs.mkdirSync(path.dirname(distStampPath), { recursive: true });
90
- fs.mkdirSync(path.dirname(reportStampPath), { recursive: true });
91
- fs.writeFileSync(distStampPath, `${JSON.stringify(payload, null, 2)}\n`);
92
- fs.writeFileSync(reportStampPath, `${JSON.stringify(payload, null, 2)}\n`);
93
- return payload;
94
- }
95
- function releaseRelevantFiles() {
96
- const result = spawnSync('git', ['ls-files', '-z', '--cached', '--others', '--exclude-standard'], {
97
- cwd: root,
98
- encoding: 'utf8'
99
- });
100
- const raw = result.status === 0 ? result.stdout.split('\0').filter(Boolean) : walk(root).map((file) => path.relative(root, file).split(path.sep).join('/'));
101
- return raw
102
- .filter((file) => /^(src|scripts|schemas|docs|test|crates\/sks-core)\//.test(file) || /^(package|package-lock)\.json$|^README\.md$|^CHANGELOG\.md$|^tsconfig\.json$/.test(file))
103
- .filter((file) => !file.startsWith('dist/') && !file.startsWith('node_modules/') && !file.startsWith('.sneakoscope/'))
104
- .sort();
105
- }
106
- function walk(dir, out = []) {
107
- for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
108
- const file = path.join(dir, entry.name);
109
- if (entry.name === '.git' || entry.name === 'node_modules' || entry.name === 'dist' || entry.name === '.sneakoscope')
110
- continue;
111
- if (entry.isDirectory())
112
- walk(file, out);
113
- else if (entry.isFile())
114
- out.push(file);
115
- }
116
- return out;
117
- }
118
- function latestSourceMtime(files) {
119
- let latest = 0;
120
- for (const file of files) {
121
- try {
122
- latest = Math.max(latest, fs.statSync(path.join(root, file)).mtimeMs);
123
- }
124
- catch { }
125
- }
126
- return Math.round(latest);
127
- }
128
- function sha256(value) {
129
- return crypto.createHash('sha256').update(value).digest('hex');
130
- }
131
- function readJson(file) {
132
- try {
133
- return JSON.parse(fs.readFileSync(file, 'utf8'));
134
- }
135
- catch {
136
- return null;
137
- }
138
- }
139
- function tail(value) {
140
- return String(value || '').slice(-1200).replace(/\s+/g, ' ').trim();
141
- }
142
- //# sourceMappingURL=ensure-dist-fresh.js.map
@@ -1,33 +0,0 @@
1
- import fs from 'node:fs';
2
- import os from 'node:os';
3
- import path from 'node:path';
4
- import { spawnSync } from 'node:child_process';
5
- export function makeGitFixture(name) {
6
- const root = fs.mkdtempSync(path.join(os.tmpdir(), `sks-${name}-`));
7
- run('git', ['init'], root);
8
- run('git', ['config', 'user.email', 'sks@example.invalid'], root);
9
- run('git', ['config', 'user.name', 'SKS Test'], root);
10
- fs.writeFileSync(path.join(root, 'a.txt'), 'alpha\n');
11
- fs.writeFileSync(path.join(root, 'b.txt'), 'bravo\n');
12
- run('git', ['add', 'a.txt', 'b.txt'], root);
13
- run('git', ['commit', '-m', 'fixture'], root);
14
- return root;
15
- }
16
- export function makeNonGitFixture(name) {
17
- const root = fs.mkdtempSync(path.join(os.tmpdir(), `sks-${name}-`));
18
- fs.writeFileSync(path.join(root, 'plain.txt'), 'not git\n');
19
- return root;
20
- }
21
- export function run(command, args, cwd, input) {
22
- const result = spawnSync(command, args, {
23
- cwd,
24
- input,
25
- encoding: 'utf8',
26
- stdio: input === undefined ? ['ignore', 'pipe', 'pipe'] : ['pipe', 'pipe', 'pipe']
27
- });
28
- if (result.status !== 0) {
29
- throw new Error(`${command} ${args.join(' ')} failed in ${cwd}: ${result.stderr || result.stdout}`);
30
- }
31
- return result.stdout || '';
32
- }
33
- //# sourceMappingURL=git-worktree-fixture.js.map
@@ -1,255 +0,0 @@
1
- // @ts-nocheck
2
- import fs from 'node:fs';
3
- import path from 'node:path';
4
- import { pathToFileURL } from 'node:url';
5
- import { ensureDistFresh, root } from './ensure-dist-fresh.js';
6
- export async function runMadSksExecutorCheck(kind) {
7
- const reportDir = path.join(root, '.sneakoscope', 'reports');
8
- fs.mkdirSync(reportDir, { recursive: true });
9
- const freshness = ensureDistFresh({ rebuild: true });
10
- if (!freshness.ok)
11
- return writeReport(reportDir, kind, { schema: schemaFor(kind), ok: false, blocker: 'dist_not_fresh', freshness });
12
- const mods = await loadMadSksDist();
13
- const targetRoot = path.join(root, '.sneakoscope', 'tmp', `mad-sks-${kind}-${process.pid}`);
14
- const artifactDir = path.join(targetRoot, 'artifacts');
15
- fs.mkdirSync(artifactDir, { recursive: true });
16
- const { permission, authorization, authorizationPath } = createAuthorization(mods, targetRoot, kind, artifactDir);
17
- const common = {
18
- target_root: targetRoot,
19
- artifact_dir: artifactDir,
20
- authorization_manifest: authorization,
21
- authorization_manifest_path: authorizationPath,
22
- permission_model: permission,
23
- yes: true
24
- };
25
- const protectedBefore = await mods.immutable.snapshotProtectedCore(root, `${kind}-before`);
26
- let result;
27
- let rollbackApply = null;
28
- let protectedBlock = null;
29
- let engineSourceProbe = null;
30
- const checks = [];
31
- if (kind === 'actual-executor-blackbox' || kind === 'file-write-executor') {
32
- result = await mods.executors.runMadSksExecutor({
33
- ...common,
34
- executor: 'file-write',
35
- dry_run: false,
36
- target_path: path.join('target', 'actual-write.txt'),
37
- content: `mad-sks actual executor ${kind}\n`
38
- });
39
- const targetFile = path.join(targetRoot, 'target', 'actual-write.txt');
40
- const resultVerifiedWrite = Array.isArray(result.verification) && result.verification.some((item) => item?.kind === 'file_expectation' && item?.ok === true);
41
- checks.push(['target_file_written', result.ok === true && result.status === 'applied' && result.changed_files?.includes(targetFile) && resultVerifiedWrite]);
42
- engineSourceProbe = await mods.immutable.evaluateMadSksWrite({
43
- packageRoot: root,
44
- targetRoot: root,
45
- operation: 'file_write',
46
- path: path.join(root, 'src', 'core', 'version.ts')
47
- });
48
- checks.push(['engine_source_repo_write_not_protected_core_blocked', engineSourceProbe.decision === 'allowed']);
49
- const installed = await createInstalledCoreFixture();
50
- protectedBlock = await mods.immutable.evaluateMadSksWrite({
51
- packageRoot: installed.root,
52
- targetRoot: installed.root,
53
- operation: 'file_write',
54
- path: path.join(installed.root, 'src', 'core', 'version.ts')
55
- });
56
- checks.push(['installed_protected_core_write_blocked', protectedBlock.ok === false && protectedBlock.decision === 'blocked']);
57
- rollbackApply = await mods.rollbackApply.applyMadSksRollbackPlan({
58
- rollbackPlanPath: result.rollback_plan_path,
59
- targetRoot,
60
- artifactDir,
61
- yes: true,
62
- root
63
- });
64
- checks.push(['rollback_apply_removed_new_file', rollbackApply.ok === true && !fs.existsSync(targetFile)]);
65
- }
66
- else if (kind === 'shell-executor') {
67
- result = await mods.executors.runMadSksExecutor({
68
- ...common,
69
- executor: 'shell-command',
70
- dry_run: false,
71
- argv: [process.execPath, '-e', 'console.log("mad-sks-shell-ok")'],
72
- command: [process.execPath, '-e', 'console.log("mad-sks-shell-ok")']
73
- });
74
- checks.push(['argv_no_shell_command_succeeded', result.ok === true && result.status === 'applied' && /mad-sks-shell-ok/.test(String(result.stdout_tail || ''))]);
75
- }
76
- else if (kind === 'package-executor') {
77
- result = await mods.executors.runMadSksExecutor({
78
- ...common,
79
- executor: 'package-install',
80
- dry_run: true,
81
- argv: ['npm', 'install', 'left-pad'],
82
- command: ['npm', 'install', 'left-pad']
83
- });
84
- checks.push(['package_command_routed_dry_run', result.ok === true && result.status === 'dry_run' && result.classification?.route_to_executor === 'package_install']);
85
- }
86
- else if (kind === 'service-executor') {
87
- result = await mods.executors.runMadSksExecutor({
88
- ...common,
89
- executor: 'service-control',
90
- dry_run: true,
91
- argv: ['npm', 'run', 'dev'],
92
- command: ['npm', 'run', 'dev']
93
- });
94
- checks.push(['service_command_guarded_dry_run', result.ok === true && result.status === 'dry_run' && result.previous_state?.captured === true]);
95
- }
96
- else if (kind === 'db-executor') {
97
- result = await mods.executors.runMadSksExecutor({
98
- ...common,
99
- executor: 'db-write',
100
- dry_run: true,
101
- sql: 'update accounts set name = name where id = 1',
102
- rollback_sql: 'update accounts set name = name where id = 1'
103
- });
104
- checks.push(['db_write_plan_guarded_dry_run', result.ok === true && result.status === 'dry_run' && result.sql_classification?.destructive === false]);
105
- }
106
- else if (kind === 'rollback-apply') {
107
- const write = await mods.executors.runMadSksExecutor({
108
- ...common,
109
- executor: 'file-write',
110
- dry_run: false,
111
- target_path: path.join('target', 'rollback-only.txt'),
112
- content: 'rollback target\n'
113
- });
114
- result = await mods.rollbackApply.applyMadSksRollbackPlan({
115
- rollbackPlanPath: write.rollback_plan_path,
116
- targetRoot,
117
- artifactDir,
118
- yes: true,
119
- root
120
- });
121
- checks.push(['rollback_plan_applied', result.ok === true && result.status === 'applied']);
122
- }
123
- else if (kind === 'live-protected-core-smoke') {
124
- engineSourceProbe = await mods.immutable.evaluateMadSksWrite({
125
- packageRoot: root,
126
- targetRoot: root,
127
- operation: 'file_write',
128
- path: path.join(root, 'src', 'core', 'version.ts')
129
- });
130
- const installed = await createInstalledCoreFixture();
131
- const decision = await mods.immutable.evaluateMadSksWrite({
132
- packageRoot: installed.root,
133
- targetRoot: installed.root,
134
- operation: 'file_write',
135
- path: path.join(installed.root, 'src', 'core', 'version.ts')
136
- });
137
- result = {
138
- schema: 'sks.mad-sks-live-protected-core-smoke.v1',
139
- ok: engineSourceProbe.decision === 'allowed' && decision.ok === false,
140
- status: engineSourceProbe.decision === 'allowed' && decision.decision === 'blocked' ? 'engine_exception_and_installed_blocked' : 'failed',
141
- engine_source_probe: engineSourceProbe,
142
- installed_protected_core_probe: decision
143
- };
144
- checks.push(['live_guard_honors_engine_source_exception', engineSourceProbe.decision === 'allowed']);
145
- checks.push(['live_guard_blocks_installed_protected_core', decision.decision === 'blocked']);
146
- }
147
- else if (kind === 'executor-proof-graph') {
148
- const required = [
149
- 'mad-sks-actual-executor-blackbox.json',
150
- 'mad-sks-file-write-executor.json',
151
- 'mad-sks-shell-executor.json',
152
- 'mad-sks-package-executor.json',
153
- 'mad-sks-service-executor.json',
154
- 'mad-sks-db-executor.json',
155
- 'mad-sks-rollback-apply.json',
156
- 'mad-sks-live-protected-core-smoke.json'
157
- ];
158
- const artifacts = required.map((name) => {
159
- const file = path.join(reportDir, name);
160
- const parsed = fs.existsSync(file) ? JSON.parse(fs.readFileSync(file, 'utf8')) : null;
161
- return { path: `.sneakoscope/reports/${name}`, present: Boolean(parsed), ok: parsed?.ok === true, schema: parsed?.schema || null };
162
- });
163
- result = {
164
- schema: 'sks.mad-sks-executor-proof-graph.v1',
165
- ok: artifacts.every((artifact) => artifact.present && artifact.ok),
166
- artifacts,
167
- evidence_index_linked: true,
168
- completion_proof_linked: true,
169
- trust_report_linked: true,
170
- wrongness_linked: true,
171
- local_only_artifact_policy: true
172
- };
173
- checks.push(['executor_reports_ok', result.ok === true]);
174
- }
175
- else {
176
- result = { schema: schemaFor(kind), ok: false, status: 'blocked', blocker: `unknown_check:${kind}` };
177
- checks.push(['known_check', false]);
178
- }
179
- const protectedAfter = await mods.immutable.snapshotProtectedCore(root, `${kind}-after`);
180
- const protectedComparison = mods.immutable.compareProtectedCoreSnapshots(protectedBefore, protectedAfter);
181
- const report = {
182
- schema: schemaFor(kind),
183
- ok: Boolean(result?.ok) && protectedComparison.ok === true && checks.every(([, ok]) => ok === true),
184
- status: result?.status || null,
185
- generated_at: new Date().toISOString(),
186
- target_root: targetRoot,
187
- checks: Object.fromEntries(checks),
188
- result,
189
- rollback_apply: rollbackApply,
190
- protected_core_block_probe: protectedBlock,
191
- engine_source_exception_probe: engineSourceProbe,
192
- protected_core_unchanged: protectedComparison.ok === true,
193
- protected_core_comparison: protectedComparison,
194
- local_only_artifact_policy: true
195
- };
196
- return writeReport(reportDir, kind, report);
197
- }
198
- async function createInstalledCoreFixture() {
199
- const fixtureRoot = path.join(root, '.sneakoscope', 'tmp', `mad-sks-installed-core-${process.pid}-${Date.now()}`);
200
- const artifactDir = path.join(fixtureRoot, 'artifacts');
201
- fs.mkdirSync(path.join(fixtureRoot, 'src', 'core'), { recursive: true });
202
- fs.mkdirSync(path.join(fixtureRoot, 'scripts'), { recursive: true });
203
- fs.mkdirSync(artifactDir, { recursive: true });
204
- fs.writeFileSync(path.join(fixtureRoot, 'package.json'), '{"name":"sneakoscope","version":"1.18.13"}\n');
205
- fs.writeFileSync(path.join(fixtureRoot, 'src', 'core', 'version.ts'), 'export const PACKAGE_VERSION = "1.18.13";\n');
206
- return { root: fixtureRoot, artifactDir };
207
- }
208
- function createAuthorization(mods, targetRoot, kind, artifactDir) {
209
- const flags = [
210
- '--mad-sks',
211
- '--allow-system',
212
- '--allow-db-write',
213
- '--allow-package-install',
214
- '--allow-service-control',
215
- '--allow-network',
216
- '--allow-computer-use',
217
- '--allow-browser-use',
218
- '--allow-generated-assets',
219
- '--yes'
220
- ];
221
- const permission = mods.permission.buildMadSksPermissionModel({
222
- targetRoot,
223
- userIntent: `MAD-SKS ${kind} release check`,
224
- flags: mods.permission.parseMadSksFlags(flags)
225
- });
226
- const authorization = mods.auth.createMadSksAuthorizationManifest({ permission, userIntent: `MAD-SKS ${kind} release check` });
227
- const authorizationPath = path.join(artifactDir, 'mad-sks-authorization.json');
228
- fs.writeFileSync(authorizationPath, `${JSON.stringify(authorization, null, 2)}\n`);
229
- return { permission, authorization, authorizationPath };
230
- }
231
- async function loadMadSksDist() {
232
- return {
233
- executors: await importDist('core/mad-sks/executors/index.js'),
234
- permission: await importDist('core/mad-sks/permission-model.js'),
235
- auth: await importDist('core/mad-sks/authorization-manifest.js'),
236
- immutable: await importDist('core/mad-sks/immutable-harness-guard.js'),
237
- rollbackApply: await importDist('core/mad-sks/rollback-apply.js')
238
- };
239
- }
240
- async function importDist(rel) {
241
- return import(pathToFileURL(path.join(root, 'dist', rel)).href);
242
- }
243
- function schemaFor(kind) {
244
- return `sks.mad-sks-${kind}.v1`;
245
- }
246
- function writeReport(reportDir, kind, report) {
247
- const fileName = `mad-sks-${kind.replace(/^actual-executor-blackbox$/, 'actual-executor-blackbox')}.json`;
248
- const file = path.join(reportDir, fileName);
249
- fs.writeFileSync(file, `${JSON.stringify(report, null, 2)}\n`);
250
- console.log(JSON.stringify(report, null, 2));
251
- if (!report.ok)
252
- process.exitCode = 1;
253
- return report;
254
- }
255
- //# sourceMappingURL=mad-sks-actual-executor-check-lib.js.map
@@ -1,79 +0,0 @@
1
- // @ts-nocheck
2
- import fs from 'node:fs';
3
- import path from 'node:path';
4
- import { execFileSync } from 'node:child_process';
5
- import { assertGate, root } from '../sks-1-18-gate-lib.js';
6
- export function runNativeCliSwarmCheck({ agents, workItems = agents, reportName, backend = 'fake', extraArgs = [], expectedFastMode = null }) {
7
- const distCli = path.join(root, 'dist', 'bin', 'sks.js');
8
- assertGate(fs.existsSync(distCli), 'dist CLI missing for native CLI swarm check', { distCli });
9
- const args = [
10
- distCli,
11
- 'agent',
12
- 'run',
13
- `native cli session swarm ${agents}`,
14
- '--backend',
15
- backend,
16
- '--mock',
17
- '--agents',
18
- String(agents),
19
- '--concurrency',
20
- String(agents),
21
- '--work-items',
22
- String(workItems),
23
- '--minimum-work-items',
24
- String(agents),
25
- '--json',
26
- ...extraArgs
27
- ];
28
- const stdout = execFileSync(process.execPath, args, {
29
- cwd: root,
30
- encoding: 'utf8',
31
- env: {
32
- ...process.env,
33
- ...(backend === 'codex-sdk' ? { SKS_CODEX_SDK_FAKE: '1', NODE_ENV: 'test' } : {})
34
- },
35
- maxBuffer: 96 * 1024 * 1024
36
- });
37
- const result = JSON.parse(stdout);
38
- const proof = result.native_cli_session_proof || {};
39
- const noSubagent = result.no_subagent_scaling_policy || {};
40
- const officialHelper = result.official_subagent_helper_policy || {};
41
- const fast = result.fast_mode_propagation || {};
42
- const policy = fast.policy || result.fast_mode_policy || {};
43
- const expectedFast = expectedFastMode === null || expectedFastMode === undefined ? Boolean(policy.fast_mode) : Boolean(expectedFastMode);
44
- const expectedTier = expectedFast ? 'fast' : 'standard';
45
- const report = {
46
- schema: 'sks.native-cli-session-swarm-check.v1',
47
- ok: result.ok === true,
48
- agents,
49
- work_items: workItems,
50
- mission_id: result.mission_id,
51
- backend: result.backend,
52
- native_cli_session_proof: proof,
53
- no_subagent_scaling_policy: noSubagent,
54
- official_subagent_helper_policy: officialHelper,
55
- fast_mode_propagation: fast,
56
- proof_status: result.proof?.status || null
57
- };
58
- const out = path.join(root, '.sneakoscope', 'reports', reportName);
59
- fs.mkdirSync(path.dirname(out), { recursive: true });
60
- fs.writeFileSync(out, `${JSON.stringify(report, null, 2)}\n`);
61
- assertGate(result.ok === true, 'native CLI session swarm run must pass', report);
62
- assertGate(proof.spawned_worker_process_count >= agents, 'spawned native worker process count below requested agents', report);
63
- assertGate(proof.unique_worker_session_count >= agents, 'unique worker session count below requested agents', report);
64
- assertGate(proof.unique_slot_count >= agents, 'unique slot count below requested agents', report);
65
- assertGate(Array.isArray(proof.process_ids) && proof.process_ids.length >= agents, 'process ids missing from native CLI proof', report);
66
- assertGate(proof.close_report_count >= agents, 'worker close report count below requested agents', report);
67
- assertGate(noSubagent.ok === true && noSubagent.subagent_events_counted_as_worker_sessions === false, 'no-subagent scaling policy must pass', report);
68
- assertGate(officialHelper.ok === true && officialHelper.official_codex_subagent_helper_lane_enabled === true, 'official subagent helper policy must pass', report);
69
- assertGate(officialHelper.worker_capacity_credit === 0 && officialHelper.subagent_events_counted_as_worker_sessions === false, 'official helper lane must not count toward worker capacity', report);
70
- assertGate(noSubagent.official_codex_subagent_helper_lane_allowed === true && noSubagent.official_helper_lane_worker_capacity_credit === 0, 'no-subagent policy must allow helper lane with zero capacity credit', report);
71
- assertGate(fast.ok === true, 'fast mode propagation proof must pass', report);
72
- assertGate(fast.fast_mode === expectedFast && fast.service_tier === expectedTier, 'worker service tier must match the selected fast-mode policy', { ...report, expected_fast_mode: expectedFast, expected_service_tier: expectedTier });
73
- if (expectedFast) {
74
- assertGate(policy.explicit_fast === true || policy.preference_mode === 'fast' || policy.explicit_service_tier === 'fast', 'fast-mode propagation gate must use explicit fast opt-in', report);
75
- }
76
- assertGate((proof.worker_command_lines || []).every((line) => line.includes('--agent') && line.includes('worker')), 'worker command lines must use --agent worker', report);
77
- return report;
78
- }
79
- //# sourceMappingURL=native-cli-session-swarm-check-lib.js.map