sneakoscope 4.0.13 → 4.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -2
- package/config/codex-releases/rust-v0.142.0.json +39 -0
- package/crates/sks-core/Cargo.lock +1 -1
- package/crates/sks-core/Cargo.toml +1 -1
- package/crates/sks-core/src/main.rs +1 -1
- package/dist/bin/sks.js +1 -1
- package/dist/cli/global-mode-router.js +2 -1
- package/dist/commands/codex.js +15 -1
- package/dist/core/codex-adapter.js +7 -12
- package/dist/core/codex-compat/codex-compat-report.js +11 -1
- package/dist/core/codex-compat/codex-release-manifest.js +66 -0
- package/dist/core/codex-compat/codex-version-policy.js +5 -4
- package/dist/core/codex-compat/codex-version.js +5 -2
- package/dist/core/codex-control/codex-0142-capability.js +243 -0
- package/dist/core/codex-control/codex-app-server-v2-client.js +211 -0
- package/dist/core/codex-control/codex-sdk-adapter.js +37 -7
- package/dist/core/codex-control/codex-sdk-capability.js +2 -1
- package/dist/core/codex-control/codex-sdk-config-policy.js +16 -0
- package/dist/core/codex-control/codex-sdk-env-policy.js +29 -5
- package/dist/core/codex-control/codex-thread-registry.js +110 -19
- package/dist/core/codex-runtime/resolve-codex-runtime.js +102 -0
- package/dist/core/commands/mad-sks-command.js +3 -0
- package/dist/core/fsx.js +1 -1
- package/dist/core/providers/glm/bench/glm-bench-model-lock-proof.js +32 -3
- package/dist/core/providers/glm/bench/glm-benchmark-runner.js +29 -5
- package/dist/core/providers/glm/bench/glm-benchmark-types.js +1 -1
- package/dist/core/providers/glm/naruto/glm-naruto-critical-path.js +51 -0
- package/dist/core/providers/glm/naruto/glm-naruto-final-seal.js +9 -2
- package/dist/core/providers/glm/naruto/glm-naruto-orchestrator.js +101 -15
- package/dist/core/providers/glm/naruto/glm-naruto-parallelism-summary.js +55 -0
- package/dist/core/providers/glm/naruto/glm-naruto-requirement-coverage.js +92 -0
- package/dist/core/providers/glm/naruto/glm-naruto-requirement-ledger.js +42 -0
- package/dist/core/providers/glm/naruto/glm-naruto-stage-scheduler.js +85 -0
- package/dist/core/providers/glm/naruto/glm-naruto-task-size-classifier.js +12 -0
- package/dist/core/providers/glm/naruto/glm-naruto-trace.js +4 -0
- package/dist/core/providers/glm/naruto/glm-naruto-verifier-output.js +5 -0
- package/dist/core/providers/glm/naruto/glm-naruto-worker-pool.js +130 -44
- package/dist/core/providers/glm/naruto/glm-naruto-worker-runtime.js +6 -2
- package/dist/core/release/gate-manifest.js +24 -1
- package/dist/core/release/gate-pack-manifest.js +6 -6
- package/dist/core/release/release-gate-affected-selector.js +24 -0
- package/dist/core/routes/model-mode-router.js +44 -0
- package/dist/core/routes.js +1 -1
- package/dist/core/version.js +1 -1
- package/dist/scripts/agent-ast-aware-work-graph-check.js +25 -0
- package/dist/scripts/agent-backfill-replenishment-check.js +13 -0
- package/dist/scripts/agent-backfill-route-blackbox.js +5 -0
- package/dist/scripts/agent-background-terminals-check.js +16 -0
- package/dist/scripts/agent-cleanup-command-ux-check.js +12 -0
- package/dist/scripts/agent-cleanup-executor-check.js +53 -0
- package/dist/scripts/agent-cleanup-executor-v2-check.js +39 -0
- package/dist/scripts/agent-cli-options-to-task-graph-check.js +5 -0
- package/dist/scripts/agent-codex-app-cockpit-check.js +91 -0
- package/dist/scripts/agent-codex-child-overlap-check.js +21 -0
- package/dist/scripts/agent-dynamic-cockpit-check.js +10 -0
- package/dist/scripts/agent-dynamic-pool-check.js +13 -0
- package/dist/scripts/agent-dynamic-pool-route-blackbox.js +5 -0
- package/dist/scripts/agent-fast-mode-default-check.js +79 -0
- package/dist/scripts/agent-fast-mode-worker-propagation-check.js +7 -0
- package/dist/scripts/agent-follow-up-work-schema-check.js +80 -0
- package/dist/scripts/agent-goal-mode-propagation-check.js +9 -0
- package/dist/scripts/agent-intelligent-work-graph-check.js +29 -0
- package/dist/scripts/agent-janitor-check.js +79 -0
- package/dist/scripts/agent-main-no-scout-check.js +11 -0
- package/dist/scripts/agent-message-bus-reader-check.js +19 -0
- package/dist/scripts/agent-model-authored-patch-envelope-check.js +15 -0
- package/dist/scripts/agent-multi-project-isolation-check.js +86 -0
- package/dist/scripts/agent-native-cli-session-proof-check.js +7 -0
- package/dist/scripts/agent-native-cli-session-swarm-10-check.js +7 -0
- package/dist/scripts/agent-native-cli-session-swarm-20-check.js +7 -0
- package/dist/scripts/agent-native-cli-session-swarm-check.js +7 -0
- package/dist/scripts/agent-no-subagent-scaling-check.js +7 -0
- package/dist/scripts/agent-official-subagent-helper-policy-check.js +71 -0
- package/dist/scripts/agent-parallel-write-blackbox.js +56 -0
- package/dist/scripts/agent-parallel-write-kernel-check.js +103 -0
- package/dist/scripts/agent-patch-conflict-rebase-check.js +198 -0
- package/dist/scripts/agent-patch-envelope-extraction-check.js +17 -0
- package/dist/scripts/agent-patch-proof-check.js +41 -0
- package/dist/scripts/agent-patch-proof-runtime-check.js +63 -0
- package/dist/scripts/agent-patch-queue-runtime-check.js +36 -0
- package/dist/scripts/agent-patch-rollback-check.js +38 -0
- package/dist/scripts/agent-patch-rollback-dag-check.js +14 -0
- package/dist/scripts/agent-patch-swarm-route-blackbox.js +10 -0
- package/dist/scripts/agent-patch-swarm-runtime-check.js +10 -0
- package/dist/scripts/agent-patch-swarm-runtime-truth-check.js +76 -0
- package/dist/scripts/agent-patch-transaction-journal-check.js +57 -0
- package/dist/scripts/agent-patch-verification-dag-check.js +14 -0
- package/dist/scripts/agent-proof-contract-reconciled-check.js +5 -0
- package/dist/scripts/agent-real-codex-dynamic-smoke-check.js +166 -0
- package/dist/scripts/agent-real-codex-dynamic-smoke-v2-check.js +14 -0
- package/dist/scripts/agent-real-codex-in-zellij-worker-pane-check.js +227 -0
- package/dist/scripts/agent-real-codex-parallel-workers-10-check.js +5 -0
- package/dist/scripts/agent-real-codex-parallel-workers-20-check.js +5 -0
- package/dist/scripts/agent-real-codex-parallel-workers-5-check.js +5 -0
- package/dist/scripts/agent-real-codex-parallel-workers-check.js +5 -0
- package/dist/scripts/agent-role-config-repair-check.js +33 -0
- package/dist/scripts/agent-rollback-command-check.js +86 -0
- package/dist/scripts/agent-route-truth-backfill-check.js +5 -0
- package/dist/scripts/agent-scheduler-proof-check.js +13 -0
- package/dist/scripts/agent-scheduler-proof-hardening-check.js +22 -0
- package/dist/scripts/agent-session-generation-check.js +21 -0
- package/dist/scripts/agent-slot-pane-binding-proof-check.js +64 -0
- package/dist/scripts/agent-slot-telemetry-wiring-check.js +11 -0
- package/dist/scripts/agent-source-intelligence-propagation-check.js +9 -0
- package/dist/scripts/agent-strategy-to-lease-wiring-check.js +32 -0
- package/dist/scripts/agent-strategy-to-patch-strict-check.js +54 -0
- package/dist/scripts/agent-task-graph-expansion-check.js +14 -0
- package/dist/scripts/agent-terminal-generations-check.js +23 -0
- package/dist/scripts/agent-visual-consistency-check.js +9 -0
- package/dist/scripts/agent-wiki-context-proof-check.js +62 -0
- package/dist/scripts/agent-worker-backend-router-check.js +63 -0
- package/dist/scripts/agent-worker-scout-limited-check.js +17 -0
- package/dist/scripts/agent-zellij-dynamic-backfill-panes-check.js +34 -0
- package/dist/scripts/agent-zellij-runtime-check.js +85 -0
- package/dist/scripts/all-feature-deep-completion-check.js +31 -0
- package/dist/scripts/appshots-capability-check.js +18 -0
- package/dist/scripts/appshots-evidence-check.js +48 -0
- package/dist/scripts/appshots-operator-policy-check.js +25 -0
- package/dist/scripts/appshots-privacy-safety-check.js +48 -0
- package/dist/scripts/appshots-source-intelligence-check.js +53 -0
- package/dist/scripts/appshots-thread-attachment-discovery-check.js +87 -0
- package/dist/scripts/appshots-triwiki-voxel-check.js +46 -0
- package/dist/scripts/architecture-guard-check.js +55 -0
- package/dist/scripts/brand-neutrality-generated-artifacts-check.js +161 -0
- package/dist/scripts/brand-neutrality-rename-map-check.js +4 -0
- package/dist/scripts/brand-neutrality-zero-leakage-blackbox.js +4 -0
- package/dist/scripts/brand-neutrality-zero-leakage-check.js +4 -0
- package/dist/scripts/build-once-runner-blackbox.js +34 -0
- package/dist/scripts/build-once-runner-check.js +8 -0
- package/dist/scripts/certificate-sla-check.js +9 -0
- package/dist/scripts/changelog-check.js +47 -0
- package/dist/scripts/changelog-loop-productionization-check.js +3 -0
- package/dist/scripts/cli-check-tiers-check.js +10 -0
- package/dist/scripts/cli-five-minute-task-check.js +6 -0
- package/dist/scripts/codex-0-133-official-compat-report.js +53 -0
- package/dist/scripts/codex-0-134-official-compat-report.js +110 -0
- package/dist/scripts/codex-0-134-runner-truth-check.js +66 -0
- package/dist/scripts/codex-0-135-compat-check.js +57 -0
- package/dist/scripts/codex-0-136-compat-check.js +30 -0
- package/dist/scripts/codex-0-137-compat-check.js +27 -0
- package/dist/scripts/codex-0138-capability-artifact-check.js +15 -0
- package/dist/scripts/codex-0138-capability-check.js +11 -0
- package/dist/scripts/codex-0138-doctor-check.js +15 -0
- package/dist/scripts/codex-0138-feature-probes-check.js +12 -0
- package/dist/scripts/codex-0139-capability-check.js +26 -0
- package/dist/scripts/codex-0139-code-mode-web-search-check.js +25 -0
- package/dist/scripts/codex-0139-code-mode-web-search-real-check.js +10 -0
- package/dist/scripts/codex-0139-doctor-env-real-check.js +10 -0
- package/dist/scripts/codex-0139-doctor-env-redaction-check.js +18 -0
- package/dist/scripts/codex-0139-feature-probes-check.js +30 -0
- package/dist/scripts/codex-0139-image-path-real-check.js +10 -0
- package/dist/scripts/codex-0139-interrupt-agent-check.js +14 -0
- package/dist/scripts/codex-0139-interrupt-agent-real-check.js +8 -0
- package/dist/scripts/codex-0139-marketplace-source-check.js +13 -0
- package/dist/scripts/codex-0139-plugin-cache-real-check.js +10 -0
- package/dist/scripts/codex-0139-plugin-marketplace-real-check.js +10 -0
- package/dist/scripts/codex-0139-real-probe-summary-check.js +14 -0
- package/dist/scripts/codex-0139-real-probes-check.js +37 -0
- package/dist/scripts/codex-0139-rich-tool-schema-check.js +12 -0
- package/dist/scripts/codex-0139-rich-tool-schema-real-check.js +10 -0
- package/dist/scripts/codex-0139-sandbox-profile-alias-check.js +13 -0
- package/dist/scripts/codex-0139-sandbox-profile-alias-real-check.js +10 -0
- package/dist/scripts/codex-0139-sandbox-proxy-real-check.js +10 -0
- package/dist/scripts/codex-0140-bedrock-managed-auth-check.js +4 -0
- package/dist/scripts/codex-0140-capability-check.js +15 -0
- package/dist/scripts/codex-0140-deep-probes-check.js +40 -0
- package/dist/scripts/codex-0140-feature-probes-check.js +24 -0
- package/dist/scripts/codex-0140-goal-attachment-preservation-check.js +8 -0
- package/dist/scripts/codex-0140-goal-attachment-roundtrip-check.js +9 -0
- package/dist/scripts/codex-0140-import-check.js +4 -0
- package/dist/scripts/codex-0140-integration-blackbox.js +13 -0
- package/dist/scripts/codex-0140-large-repo-performance-check.js +4 -0
- package/dist/scripts/codex-0140-mcp-reliability-check.js +4 -0
- package/dist/scripts/codex-0140-non-tty-interrupt-check.js +4 -0
- package/dist/scripts/codex-0140-real-probes-check.js +9 -0
- package/dist/scripts/codex-0140-session-delete-check.js +4 -0
- package/dist/scripts/codex-0140-sqlite-recovery-check.js +4 -0
- package/dist/scripts/codex-0140-unified-mentions-check.js +4 -0
- package/dist/scripts/codex-0140-usage-check.js +4 -0
- package/dist/scripts/codex-0140-usage-real-parser-check.js +17 -0
- package/dist/scripts/codex-0141-capability-check.js +17 -0
- package/dist/scripts/codex-0142-app-server-v2-check.js +46 -0
- package/dist/scripts/codex-0142-binary-identity-check.js +17 -0
- package/dist/scripts/codex-0142-capability-check.js +21 -0
- package/dist/scripts/codex-0142-manifest-check.js +21 -0
- package/dist/scripts/codex-0142-policy-check.js +32 -0
- package/dist/scripts/codex-0142-thread-store-check.js +54 -0
- package/dist/scripts/codex-account-usage-autodiscovery-check.js +22 -0
- package/dist/scripts/codex-account-usage-check.js +9 -0
- package/dist/scripts/codex-agent-role-rich-content-check.js +4 -0
- package/dist/scripts/codex-agent-role-sync-check.js +4 -0
- package/dist/scripts/codex-agent-type-blackbox.js +4 -0
- package/dist/scripts/codex-agent-type-probe-check.js +4 -0
- package/dist/scripts/codex-agent-type-routing-check.js +4 -0
- package/dist/scripts/codex-app-execution-profile-check.js +4 -0
- package/dist/scripts/codex-app-fast-ui-preservation-check.js +32 -0
- package/dist/scripts/codex-app-handoff-check.js +25 -0
- package/dist/scripts/codex-app-handoff-launch-check.js +25 -0
- package/dist/scripts/codex-app-harness-blackbox.js +4 -0
- package/dist/scripts/codex-app-harness-matrix-check.js +4 -0
- package/dist/scripts/codex-app-launcher-check.js +17 -0
- package/dist/scripts/codex-app-provider-badge-check.js +37 -0
- package/dist/scripts/codex-app-skill-agent-blackbox.js +4 -0
- package/dist/scripts/codex-app-type-safety-check.js +4 -0
- package/dist/scripts/codex-app-ui-clobber-guard-check.js +22 -0
- package/dist/scripts/codex-app-ui-preservation-check.js +96 -0
- package/dist/scripts/codex-control-all-pipelines-check.js +37 -0
- package/dist/scripts/codex-control-capability-check.js +10 -0
- package/dist/scripts/codex-control-empty-result-retry-check.js +43 -0
- package/dist/scripts/codex-control-event-stream-ledger-check.js +10 -0
- package/dist/scripts/codex-control-keepalive-no-cot-leak-check.js +14 -0
- package/dist/scripts/codex-control-no-legacy-fallback-check.js +31 -0
- package/dist/scripts/codex-control-side-effect-scope-check.js +26 -0
- package/dist/scripts/codex-control-stream-idle-watchdog-check.js +18 -0
- package/dist/scripts/codex-control-structured-output-check.js +11 -0
- package/dist/scripts/codex-control-thread-registry-check.js +11 -0
- package/dist/scripts/codex-control-tool-call-sequence-repair-check.js +14 -0
- package/dist/scripts/codex-effort-auto-discovery-check.js +17 -0
- package/dist/scripts/codex-effort-order-check.js +9 -0
- package/dist/scripts/codex-environment-scoped-approvals-check.js +10 -0
- package/dist/scripts/codex-exec-output-schema-actual-syntax-check.js +33 -0
- package/dist/scripts/codex-fast-mode-profile-propagation-check.js +14 -0
- package/dist/scripts/codex-history-search-check.js +19 -0
- package/dist/scripts/codex-hook-approval-blackbox.js +4 -0
- package/dist/scripts/codex-hook-approval-matrix-check.js +4 -0
- package/dist/scripts/codex-hook-approval-probe-check.js +4 -0
- package/dist/scripts/codex-hook-lifecycle-check.js +4 -0
- package/dist/scripts/codex-hook-semantic-check.js +15 -0
- package/dist/scripts/codex-hook-strict-subset-check.js +61 -0
- package/dist/scripts/codex-init-deep-check.js +4 -0
- package/dist/scripts/codex-init-deep-directory-local-blackbox.js +4 -0
- package/dist/scripts/codex-init-deep-managed-agents-check.js +4 -0
- package/dist/scripts/codex-lb-config-toml-safety-check.js +85 -0
- package/dist/scripts/codex-lb-persistence-truth-check.js +96 -0
- package/dist/scripts/codex-lb-setup-fixture-check.js +91 -0
- package/dist/scripts/codex-lb-setup-truthfulness-check.js +84 -0
- package/dist/scripts/codex-legacy-profile-consumers-removed-check.js +24 -0
- package/dist/scripts/codex-managed-proxy-env-check.js +17 -0
- package/dist/scripts/codex-model-metadata-check.js +10 -0
- package/dist/scripts/codex-native-agent-role-content-check.js +27 -0
- package/dist/scripts/codex-native-broker-read-only-check.js +44 -0
- package/dist/scripts/codex-native-feature-broker-blackbox.js +4 -0
- package/dist/scripts/codex-native-feature-broker-check.js +4 -0
- package/dist/scripts/codex-native-harness-compat-check.js +4 -0
- package/dist/scripts/codex-native-hook-lifecycle-proof-check.js +4 -0
- package/dist/scripts/codex-native-interop-policy-check.js +4 -0
- package/dist/scripts/codex-native-invocation-defaults-check.js +4 -0
- package/dist/scripts/codex-native-invocation-router-check.js +4 -0
- package/dist/scripts/codex-native-pattern-analysis-blackbox.js +4 -0
- package/dist/scripts/codex-native-pattern-analysis-check.js +4 -0
- package/dist/scripts/codex-native-read-repair-split-blackbox.js +55 -0
- package/dist/scripts/codex-native-reference-cache-blackbox.js +41 -0
- package/dist/scripts/codex-native-reference-cache-check.js +23 -0
- package/dist/scripts/codex-native-reference-evidence-check.js +4 -0
- package/dist/scripts/codex-native-repair-transaction-check.js +45 -0
- package/dist/scripts/codex-native-route-map-check.js +4 -0
- package/dist/scripts/codex-native-skill-content-check.js +24 -0
- package/dist/scripts/codex-output-schema-fixture-check.js +25 -0
- package/dist/scripts/codex-permission-profiles-check.js +36 -0
- package/dist/scripts/codex-plugin-app-template-policy-check.js +11 -0
- package/dist/scripts/codex-plugin-cache-check.js +15 -0
- package/dist/scripts/codex-plugin-diff-check.js +16 -0
- package/dist/scripts/codex-plugin-inventory-check.js +15 -0
- package/dist/scripts/codex-plugin-json-check.js +10 -0
- package/dist/scripts/codex-plugin-list-json-check.js +8 -0
- package/dist/scripts/codex-plugin-parallel-detail-fetch-check.js +12 -0
- package/dist/scripts/codex-profile-primary-check.js +13 -0
- package/dist/scripts/codex-project-config-policy-splitter-check.js +51 -0
- package/dist/scripts/codex-resume-cwd-truth-check.js +17 -0
- package/dist/scripts/codex-sdk-all-pipelines-check.js +33 -0
- package/dist/scripts/codex-sdk-backend-router-check.js +65 -0
- package/dist/scripts/codex-sdk-capability-check.js +11 -0
- package/dist/scripts/codex-sdk-core-skill-pipeline-check.js +9 -0
- package/dist/scripts/codex-sdk-dfix-pipeline-check.js +9 -0
- package/dist/scripts/codex-sdk-event-stream-ledger-check.js +9 -0
- package/dist/scripts/codex-sdk-no-legacy-fallback-check.js +33 -0
- package/dist/scripts/codex-sdk-qa-pipeline-check.js +8 -0
- package/dist/scripts/codex-sdk-real-smoke-check.js +39 -0
- package/dist/scripts/codex-sdk-release-review-pipeline-check.js +13 -0
- package/dist/scripts/codex-sdk-research-pipeline-check.js +47 -0
- package/dist/scripts/codex-sdk-sandbox-policy-check.js +21 -0
- package/dist/scripts/codex-sdk-structured-output-check.js +10 -0
- package/dist/scripts/codex-sdk-team-naruto-agent-pipeline-check.js +12 -0
- package/dist/scripts/codex-sdk-thread-registry-check.js +11 -0
- package/dist/scripts/codex-sdk-ux-ppt-review-pipeline-check.js +9 -0
- package/dist/scripts/codex-sdk-version-compat-check.js +10 -0
- package/dist/scripts/codex-sdk-zellij-pane-binding-check.js +13 -0
- package/dist/scripts/codex-skill-rich-content-check.js +4 -0
- package/dist/scripts/codex-skill-sync-check.js +4 -0
- package/dist/scripts/codex-thread-runtime-choice-check.js +10 -0
- package/dist/scripts/codex-web-adapter-check.js +12 -0
- package/dist/scripts/computer-use-live-evidence-check.js +55 -0
- package/dist/scripts/computer-use-live-optional-check.js +32 -0
- package/dist/scripts/computer-use-policy-check.js +69 -0
- package/dist/scripts/computer-use-visual-route-fixture-check.js +37 -0
- package/dist/scripts/config-managed-merge-callsite-coverage-check.js +200 -0
- package/dist/scripts/context7-evidence-dedupe-check.js +54 -0
- package/dist/scripts/core-skill-card-schema-check.js +61 -0
- package/dist/scripts/core-skill-deployment-snapshot-check.js +54 -0
- package/dist/scripts/core-skill-heldout-validation-check.js +49 -0
- package/dist/scripts/core-skill-immutable-sync-check.js +18 -0
- package/dist/scripts/core-skill-integrity-blackbox.js +32 -0
- package/dist/scripts/core-skill-manifest-check.js +15 -0
- package/dist/scripts/core-skill-no-drift-check.js +24 -0
- package/dist/scripts/core-skill-no-inference-optimizer-check.js +75 -0
- package/dist/scripts/core-skill-patch-check.js +79 -0
- package/dist/scripts/core-skill-promotion-side-effect-ledger-check.js +64 -0
- package/dist/scripts/core-skill-rollout-scoring-check.js +72 -0
- package/dist/scripts/core-skill-route-runtime-integration-check.js +49 -0
- package/dist/scripts/core-skill-trainer-check.js +116 -0
- package/dist/scripts/dfix-fast-blackbox-check.js +37 -0
- package/dist/scripts/dfix-fast-kernel-check.js +26 -0
- package/dist/scripts/dfix-fixture-check.js +6 -0
- package/dist/scripts/dfix-parallel-write-blackbox.js +48 -0
- package/dist/scripts/dfix-patch-handoff-check.js +13 -0
- package/dist/scripts/dfix-patch-swarm-route-blackbox.js +10 -0
- package/dist/scripts/dfix-performance-check.js +15 -0
- package/dist/scripts/dfix-verification-check.js +9 -0
- package/dist/scripts/dfix-verification-recommendation-check.js +15 -0
- package/dist/scripts/docs-brand-neutrality-check.js +4 -0
- package/dist/scripts/docs-codex-0139-wording-check.js +21 -0
- package/dist/scripts/docs-loop-productionization-check.js +3 -0
- package/dist/scripts/docs-loop-runtime-check.js +3 -0
- package/dist/scripts/docs-truthfulness-check.js +61 -0
- package/dist/scripts/doctor-codex-0138-fix-check.js +10 -0
- package/dist/scripts/doctor-codex-0139-real-probes-check.js +25 -0
- package/dist/scripts/doctor-codex-app-harness-check.js +4 -0
- package/dist/scripts/doctor-codex-doctor-parity-check.js +17 -0
- package/dist/scripts/doctor-codex-native-readiness-ux-check.js +29 -0
- package/dist/scripts/doctor-codex-native-repair-actions-check.js +24 -0
- package/dist/scripts/doctor-codex-startup-repair-check.js +103 -0
- package/dist/scripts/doctor-context7-mcp-repair-blackbox.js +16 -0
- package/dist/scripts/doctor-context7-mcp-repair-check.js +11 -0
- package/dist/scripts/doctor-context7-repair-check.js +47 -0
- package/dist/scripts/doctor-dirty-plan-check.js +9 -0
- package/dist/scripts/doctor-dirty-repair-blackbox.js +22 -0
- package/dist/scripts/doctor-dirty-repair-check.js +8 -0
- package/dist/scripts/doctor-dirty-semantic-blackbox.js +8 -0
- package/dist/scripts/doctor-dirty-semantic-check.js +7 -0
- package/dist/scripts/doctor-fix-production-blackbox.js +26 -0
- package/dist/scripts/doctor-fix-proves-codex-read-check.js +102 -0
- package/dist/scripts/doctor-fix-recovers-corrupted-config-check.js +122 -0
- package/dist/scripts/doctor-fixes-codex-app-fast-ui-check.js +44 -0
- package/dist/scripts/doctor-native-capability-repair-blackbox.js +39 -0
- package/dist/scripts/doctor-native-capability-repair-check.js +10 -0
- package/dist/scripts/doctor-native-repair-output-check.js +18 -0
- package/dist/scripts/doctor-startup-config-repair-blackbox.js +13 -0
- package/dist/scripts/doctor-startup-config-repair-check.js +10 -0
- package/dist/scripts/doctor-supabase-mcp-repair-blackbox.js +14 -0
- package/dist/scripts/doctor-supabase-mcp-repair-check.js +12 -0
- package/dist/scripts/doctor-transaction-engine-blackbox.js +28 -0
- package/dist/scripts/doctor-transaction-engine-check.js +31 -0
- package/dist/scripts/doctor-zellij-fix-blackbox.js +4 -0
- package/dist/scripts/doctor-zellij-fix-output-check.js +4 -0
- package/dist/scripts/doctor-zellij-no-homebrew-blackbox.js +4 -0
- package/dist/scripts/doctor-zellij-repair-check.js +4 -0
- package/dist/scripts/doctor-zellij-upgrade-blackbox.js +4 -0
- package/dist/scripts/evidence-fixture-check.js +26 -0
- package/dist/scripts/evidence-flagship-coverage-check.js +55 -0
- package/dist/scripts/fake-real-proof-policy-v2-check.js +27 -0
- package/dist/scripts/fake-vs-real-proof-policy-check.js +14 -0
- package/dist/scripts/fast-codex-service-tier-proof-check.js +42 -0
- package/dist/scripts/flagship-proof-graph-v2-check.js +48 -0
- package/dist/scripts/flagship-proof-graph-v3-check.js +67 -0
- package/dist/scripts/flagship-proof-graph-v4-check.js +61 -0
- package/dist/scripts/gate-pack-fixture-cache-check.js +9 -0
- package/dist/scripts/gate-pack-manifest-check.js +9 -0
- package/dist/scripts/gate-pack-runner-blackbox.js +27 -0
- package/dist/scripts/gate-pack-runner-check.js +6 -0
- package/dist/scripts/gate-pack-v2-blackbox.js +18 -0
- package/dist/scripts/git-precommit-fixture-check.js +41 -0
- package/dist/scripts/git-worktree-batch-allocation-check.js +10 -0
- package/dist/scripts/git-worktree-cache-performance-check.js +25 -0
- package/dist/scripts/git-worktree-capability-check.js +27 -0
- package/dist/scripts/git-worktree-checkpoint-check.js +20 -0
- package/dist/scripts/git-worktree-cleanup-check.js +27 -0
- package/dist/scripts/git-worktree-cross-rebase-check.js +41 -0
- package/dist/scripts/git-worktree-diff-envelope-check.js +17 -0
- package/dist/scripts/git-worktree-diff-export-check.js +43 -0
- package/dist/scripts/git-worktree-dirty-lock-check.js +17 -0
- package/dist/scripts/git-worktree-dirty-main-detection-check.js +14 -0
- package/dist/scripts/git-worktree-integration-primary-check.js +24 -0
- package/dist/scripts/git-worktree-integration-primary-runtime-check.js +20 -0
- package/dist/scripts/git-worktree-manager-check.js +37 -0
- package/dist/scripts/git-worktree-manifest-append-check.js +18 -0
- package/dist/scripts/git-worktree-merge-queue-check.js +31 -0
- package/dist/scripts/git-worktree-pool-performance-check.js +20 -0
- package/dist/scripts/git-worktree-prewarm-runtime-check.js +7 -0
- package/dist/scripts/git-worktree-untracked-diff-check.js +18 -0
- package/dist/scripts/goal-artifact-compat-check.js +3 -0
- package/dist/scripts/goal-legacy-runtime-escape-check.js +3 -0
- package/dist/scripts/goal-loop-compat-check.js +3 -0
- package/dist/scripts/goal-loop-runtime-default-check.js +3 -0
- package/dist/scripts/goal-mode-official-default-check.js +12 -0
- package/dist/scripts/gpt-final-arbiter-check.js +63 -0
- package/dist/scripts/gpt-final-arbiter-performance-check.js +36 -0
- package/dist/scripts/gpt-image-2-request-validator-check.js +35 -0
- package/dist/scripts/hooks-0.134-context-parity-check.js +20 -0
- package/dist/scripts/hooks-actual-parity-check.js +17 -0
- package/dist/scripts/hooks-actual-parity-v2-check.js +21 -0
- package/dist/scripts/hooks-latest-schema-check.js +20 -0
- package/dist/scripts/hooks-managed-install-fixture-check.js +21 -0
- package/dist/scripts/hooks-official-hash-oracle-check.js +35 -0
- package/dist/scripts/hooks-official-hash-parity-check.js +17 -0
- package/dist/scripts/hooks-subagent-events-check.js +17 -0
- package/dist/scripts/hooks-trust-state-check.js +14 -0
- package/dist/scripts/image-artifact-path-contract-check.js +14 -0
- package/dist/scripts/image-artifact-registry-check.js +14 -0
- package/dist/scripts/image-fidelity-fixture-check.js +24 -0
- package/dist/scripts/image-followup-edit-path-check.js +14 -0
- package/dist/scripts/image-generation-path-handoff-check.js +8 -0
- package/dist/scripts/image-global-path-contract-check.js +38 -0
- package/dist/scripts/imagegen-capability-check.js +30 -0
- package/dist/scripts/imagegen-real-smoke-check.js +155 -0
- package/dist/scripts/init-deep-backup-retention-check.js +37 -0
- package/dist/scripts/init-deep-memory-scope-safety-check.js +23 -0
- package/dist/scripts/install-update-preserves-config-check.js +172 -0
- package/dist/scripts/json-schema-recursive-check.js +78 -0
- package/dist/scripts/legacy-gate-inventory-check.js +49 -0
- package/dist/scripts/legacy-gate-purge-check.js +7 -0
- package/dist/scripts/legacy-multiagent-removal-check.js +85 -0
- package/dist/scripts/legacy-purge-final-check.js +5 -0
- package/dist/scripts/legacy-strong-inventory-check.js +43 -0
- package/dist/scripts/legacy-upgrade-matrix-check.js +300 -0
- package/dist/scripts/local-collab-all-pipelines-final-gpt-check.js +21 -0
- package/dist/scripts/local-collab-gpt-final-availability-check.js +58 -0
- package/dist/scripts/local-collab-no-local-only-final-check.js +27 -0
- package/dist/scripts/local-collab-policy-check.js +17 -0
- package/dist/scripts/local-collab-worktree-gpt-final-apply-policy-check.js +63 -0
- package/dist/scripts/local-llm-all-pipelines-check.js +11 -0
- package/dist/scripts/local-llm-cache-performance-check.js +10 -0
- package/dist/scripts/local-llm-capability-check.js +14 -0
- package/dist/scripts/local-llm-smoke-check.js +32 -0
- package/dist/scripts/local-llm-structured-output-check.js +11 -0
- package/dist/scripts/local-llm-throughput-check.js +10 -0
- package/dist/scripts/local-llm-tool-call-repair-check.js +10 -0
- package/dist/scripts/local-llm-warmup-check.js +11 -0
- package/dist/scripts/loop-artifact-paths-check.js +3 -0
- package/dist/scripts/loop-blocker-check.js +15 -0
- package/dist/scripts/loop-cli-check.js +3 -0
- package/dist/scripts/loop-cli-registry-check.js +3 -0
- package/dist/scripts/loop-collision-blackbox.js +3 -0
- package/dist/scripts/loop-concurrency-budget-check.js +3 -0
- package/dist/scripts/loop-concurrency-budget-runtime-check.js +3 -0
- package/dist/scripts/loop-concurrency-oversubscription-blackbox.js +3 -0
- package/dist/scripts/loop-continuation-enforcer-check.js +4 -0
- package/dist/scripts/loop-decomposer-check.js +3 -0
- package/dist/scripts/loop-directive-check-lib.js +388 -0
- package/dist/scripts/loop-execution-profile-routing-check.js +4 -0
- package/dist/scripts/loop-final-arbiter-contract-check.js +3 -0
- package/dist/scripts/loop-fixture-policy-check.js +3 -0
- package/dist/scripts/loop-fixture-production-misuse-blackbox.js +3 -0
- package/dist/scripts/loop-fixture-safety-check.js +3 -0
- package/dist/scripts/loop-gate-fixture-guard-check.js +3 -0
- package/dist/scripts/loop-gate-ladder-check.js +3 -0
- package/dist/scripts/loop-gate-runner-check.js +3 -0
- package/dist/scripts/loop-gate-selector-check.js +3 -0
- package/dist/scripts/loop-gpt-final-contract-crossref-check.js +3 -0
- package/dist/scripts/loop-gpt-final-fixture-guard-check.js +3 -0
- package/dist/scripts/loop-gpt-final-gate-contract-check.js +3 -0
- package/dist/scripts/loop-hardening-check-lib.js +289 -0
- package/dist/scripts/loop-integration-finalizer-check.js +3 -0
- package/dist/scripts/loop-integration-merge-strategy-check.js +3 -0
- package/dist/scripts/loop-interrupt-registry-check.js +3 -0
- package/dist/scripts/loop-kill-interrupt-real-blackbox.js +3 -0
- package/dist/scripts/loop-lease-check.js +3 -0
- package/dist/scripts/loop-merge-strategy-blackbox.js +3 -0
- package/dist/scripts/loop-merge-strategy-check.js +3 -0
- package/dist/scripts/loop-mesh-production-e2e-blackbox.js +3 -0
- package/dist/scripts/loop-mutation-ledger-check.js +3 -0
- package/dist/scripts/loop-observability-check.js +3 -0
- package/dist/scripts/loop-owner-inference-check.js +3 -0
- package/dist/scripts/loop-planner-check.js +3 -0
- package/dist/scripts/loop-planner-project-memory-check.js +4 -0
- package/dist/scripts/loop-planner-project-memory-deep-check.js +4 -0
- package/dist/scripts/loop-proof-check.js +3 -0
- package/dist/scripts/loop-proof-summary-cli-check.js +3 -0
- package/dist/scripts/loop-risk-classifier-check.js +3 -0
- package/dist/scripts/loop-runtime-check.js +3 -0
- package/dist/scripts/loop-scheduler-check.js +3 -0
- package/dist/scripts/loop-schema-check.js +3 -0
- package/dist/scripts/loop-side-effect-blackbox.js +3 -0
- package/dist/scripts/loop-side-effect-final-arbiter-check.js +3 -0
- package/dist/scripts/loop-side-effect-scanner-check.js +3 -0
- package/dist/scripts/loop-state-check.js +3 -0
- package/dist/scripts/loop-status-proof-ux-check.js +3 -0
- package/dist/scripts/loop-worker-fixture-guard-check.js +3 -0
- package/dist/scripts/loop-worker-handle-registration-check.js +3 -0
- package/dist/scripts/loop-worker-interrupt-check.js +3 -0
- package/dist/scripts/loop-worktree-policy-check.js +3 -0
- package/dist/scripts/loop-zellij-ui-check.js +3 -0
- package/dist/scripts/mad-db-capability-check.js +15 -0
- package/dist/scripts/mad-db-command-check.js +13 -0
- package/dist/scripts/mad-db-ledger-check.js +7 -0
- package/dist/scripts/mad-db-lifecycle-hook-decision-check.js +17 -0
- package/dist/scripts/mad-db-mad-command-check.js +100 -0
- package/dist/scripts/mad-db-mcp-result-lifecycle-check.js +30 -0
- package/dist/scripts/mad-db-one-cycle-bounded-check.js +27 -0
- package/dist/scripts/mad-db-one-cycle-consumption-check.js +16 -0
- package/dist/scripts/mad-db-operation-lifecycle-blackbox.js +29 -0
- package/dist/scripts/mad-db-operation-lifecycle-ledger-check.js +17 -0
- package/dist/scripts/mad-db-priority-resolver-check.js +20 -0
- package/dist/scripts/mad-db-safety-conflict-matrix-check.js +22 -0
- package/dist/scripts/mad-preflight-blocks-unreadable-config-check.js +66 -0
- package/dist/scripts/mad-sks-actual-executor-blackbox.js +5 -0
- package/dist/scripts/mad-sks-app-ui-no-mutation-check.js +92 -0
- package/dist/scripts/mad-sks-audit-proof-check.js +34 -0
- package/dist/scripts/mad-sks-db-executor-check.js +5 -0
- package/dist/scripts/mad-sks-executor-proof-graph-check.js +5 -0
- package/dist/scripts/mad-sks-fast-mode-propagation-check.js +24 -0
- package/dist/scripts/mad-sks-file-write-executor-check.js +5 -0
- package/dist/scripts/mad-sks-immutable-harness-check.js +36 -0
- package/dist/scripts/mad-sks-no-harness-modification-check.js +25 -0
- package/dist/scripts/mad-sks-package-executor-check.js +5 -0
- package/dist/scripts/mad-sks-permission-model-check.js +22 -0
- package/dist/scripts/mad-sks-rollback-apply-check.js +5 -0
- package/dist/scripts/mad-sks-service-executor-check.js +5 -0
- package/dist/scripts/mad-sks-shell-executor-check.js +5 -0
- package/dist/scripts/mad-sks-write-guard-check.js +28 -0
- package/dist/scripts/mad-sks-zellij-default-pane-worker-check.js +37 -0
- package/dist/scripts/mad-sks-zellij-launch-check.js +102 -0
- package/dist/scripts/mad-zellij-headless-fallback-blackbox.js +4 -0
- package/dist/scripts/mad-zellij-no-contradictory-output-check.js +4 -0
- package/dist/scripts/mad-zellij-self-heal-blackbox.js +4 -0
- package/dist/scripts/mad-zellij-self-heal-check.js +4 -0
- package/dist/scripts/managed-config-merge-check.js +24 -0
- package/dist/scripts/mcp-0-134-modernization-check.js +55 -0
- package/dist/scripts/mcp-plugin-inventory-check.js +12 -0
- package/dist/scripts/mcp-readonly-concurrency-check.js +17 -0
- package/dist/scripts/mcp-readonly-runtime-scheduler-check.js +20 -0
- package/dist/scripts/mcp-tool-naming-parity-check.js +16 -0
- package/dist/scripts/memory-summary-rebuild-check.js +22 -0
- package/dist/scripts/model-call-concurrency-check.js +15 -0
- package/dist/scripts/mutation-callsite-coverage-check.js +180 -0
- package/dist/scripts/naruto-active-pool-check.js +39 -0
- package/dist/scripts/naruto-actual-worker-control-plane-check.js +56 -0
- package/dist/scripts/naruto-allocation-policy-check.js +33 -0
- package/dist/scripts/naruto-allocation-runtime-wiring-check.js +92 -0
- package/dist/scripts/naruto-concurrency-governor-check.js +53 -0
- package/dist/scripts/naruto-extreme-parallelism-check.js +22 -0
- package/dist/scripts/naruto-extreme-parallelism-real-check.js +43 -0
- package/dist/scripts/naruto-gpt-final-pack-check.js +34 -0
- package/dist/scripts/naruto-loop-maker-checker-check.js +3 -0
- package/dist/scripts/naruto-loop-mesh-blackbox.js +3 -0
- package/dist/scripts/naruto-loop-mesh-check.js +3 -0
- package/dist/scripts/naruto-loop-worker-router-check.js +3 -0
- package/dist/scripts/naruto-orchestrator-runtime-source-check.js +70 -0
- package/dist/scripts/naruto-parallel-gate-consistency-check.js +8 -0
- package/dist/scripts/naruto-parallel-patch-apply-check.js +41 -0
- package/dist/scripts/naruto-parallel-runtime-proof-check.js +9 -0
- package/dist/scripts/naruto-parallelism-mode-check.js +12 -0
- package/dist/scripts/naruto-parallelism-ux-check.js +8 -0
- package/dist/scripts/naruto-proof-message-summary-check.js +9 -0
- package/dist/scripts/naruto-proof-zellij-stacked-summary-check.js +47 -0
- package/dist/scripts/naruto-readonly-routing-check.js +119 -0
- package/dist/scripts/naruto-real-active-pool-check.js +39 -0
- package/dist/scripts/naruto-real-active-pool-runtime-check.js +55 -0
- package/dist/scripts/naruto-real-parallelism-blackbox.js +294 -0
- package/dist/scripts/naruto-rebalance-policy-check.js +41 -0
- package/dist/scripts/naruto-role-distribution-check.js +23 -0
- package/dist/scripts/naruto-shadow-clone-swarm-check.js +164 -0
- package/dist/scripts/naruto-ssot-default-check.js +9 -0
- package/dist/scripts/naruto-ssot-gate-aliases-check.js +10 -0
- package/dist/scripts/naruto-ssot-pipeline-default-check.js +11 -0
- package/dist/scripts/naruto-ssot-route-normalization-check.js +9 -0
- package/dist/scripts/naruto-ssot-routing-check.js +13 -0
- package/dist/scripts/naruto-verification-pool-check.js +36 -0
- package/dist/scripts/naruto-visible-vs-active-workers-check.js +10 -0
- package/dist/scripts/naruto-work-graph-check.js +24 -0
- package/dist/scripts/naruto-worktree-coding-blackbox.js +29 -0
- package/dist/scripts/naruto-worktree-coding-check.js +44 -0
- package/dist/scripts/naruto-worktree-gpt-final-check.js +45 -0
- package/dist/scripts/naruto-worktree-zellij-ui-check.js +28 -0
- package/dist/scripts/naruto-zellij-dynamic-right-column-check.js +48 -0
- package/dist/scripts/naruto-zellij-massive-ui-check.js +23 -0
- package/dist/scripts/native-app-screenshot-repair-check.js +11 -0
- package/dist/scripts/native-capability-postcheck-check.js +16 -0
- package/dist/scripts/native-capability-repair-check.js +15 -0
- package/dist/scripts/native-capability-repair-matrix-check.js +10 -0
- package/dist/scripts/native-chrome-web-review-repair-check.js +10 -0
- package/dist/scripts/native-computer-use-repair-check.js +10 -0
- package/dist/scripts/native-image-generation-repair-check.js +9 -0
- package/dist/scripts/native-swarm-heartbeat-does-not-serialize-launch-check.js +8 -0
- package/dist/scripts/native-swarm-process-spawn-proof-check.js +7 -0
- package/dist/scripts/native-swarm-zellij-does-not-block-workers-check.js +11 -0
- package/dist/scripts/no-ts-nocheck-core-check.js +4 -0
- package/dist/scripts/no-ts-nocheck-release-scripts-check.js +4 -0
- package/dist/scripts/non-recursive-pipeline-check.js +68 -0
- package/dist/scripts/npm-publish-performance-check.js +65 -0
- package/dist/scripts/official-docs-compat-report.js +304 -0
- package/dist/scripts/orphan-gate-detection-check.js +53 -0
- package/dist/scripts/orphan-purge-final-check.js +5 -0
- package/dist/scripts/orphan-strong-detection-check.js +12 -0
- package/dist/scripts/package-published-contract-check.js +46 -0
- package/dist/scripts/packlist-performance-check.js +83 -0
- package/dist/scripts/parallel-claim-enforcement-check.js +21 -0
- package/dist/scripts/parallel-missing-pid-rejection-check.js +55 -0
- package/dist/scripts/parallel-runtime-proof-check.js +23 -0
- package/dist/scripts/parallel-runtime-proof-events-check.js +13 -0
- package/dist/scripts/parallel-runtime-real-blackbox.js +44 -0
- package/dist/scripts/parallel-strict-pid-proof-check.js +54 -0
- package/dist/scripts/parallel-verification-engine-check.js +85 -0
- package/dist/scripts/pipeline-codex-0140-integration-check.js +30 -0
- package/dist/scripts/pipeline-codex-native-doctor-mad-routing-check.js +4 -0
- package/dist/scripts/pipeline-codex-native-doctor-mad-routing-real-blackbox.js +77 -0
- package/dist/scripts/pipeline-codex-native-e2e-blackbox.js +13 -0
- package/dist/scripts/pipeline-codex-native-image-routing-check.js +4 -0
- package/dist/scripts/pipeline-codex-native-image-routing-real-blackbox.js +50 -0
- package/dist/scripts/pipeline-codex-native-loop-routing-check.js +4 -0
- package/dist/scripts/pipeline-codex-native-loop-routing-real-blackbox.js +74 -0
- package/dist/scripts/pipeline-codex-native-qa-routing-check.js +4 -0
- package/dist/scripts/pipeline-codex-native-qa-routing-real-blackbox.js +51 -0
- package/dist/scripts/pipeline-codex-native-research-routing-check.js +4 -0
- package/dist/scripts/pipeline-codex-native-research-routing-real-blackbox.js +45 -0
- package/dist/scripts/pipeline-execution-profile-routing-blackbox.js +4 -0
- package/dist/scripts/pipeline-five-minute-sla-check.js +7 -0
- package/dist/scripts/postinstall-safe-side-effects-check.js +65 -0
- package/dist/scripts/ppt-full-e2e-artifact-graph-check.js +40 -0
- package/dist/scripts/ppt-full-e2e-blackbox-check.js +109 -0
- package/dist/scripts/ppt-image-voxel-relations-check.js +9 -0
- package/dist/scripts/ppt-imagegen-blackbox-check.js +46 -0
- package/dist/scripts/ppt-imagegen-review-fixture-check.js +6 -0
- package/dist/scripts/ppt-issue-extraction-fixture-check.js +7 -0
- package/dist/scripts/ppt-no-mock-as-real-check.js +8 -0
- package/dist/scripts/ppt-no-text-fallback-check.js +7 -0
- package/dist/scripts/ppt-proof-trust-fixture-check.js +10 -0
- package/dist/scripts/ppt-real-export-adapter-check.js +13 -0
- package/dist/scripts/ppt-real-imagegen-smoke-check.js +42 -0
- package/dist/scripts/ppt-real-imagegen-wiring-check.js +16 -0
- package/dist/scripts/ppt-reexport-rereview-check.js +19 -0
- package/dist/scripts/ppt-slide-export-fixture-check.js +7 -0
- package/dist/scripts/prepublish-fast-check.js +128 -0
- package/dist/scripts/priority-full-closure-check.js +12 -0
- package/dist/scripts/probe-memoization-check.js +11 -0
- package/dist/scripts/product-design-auto-install-check.js +119 -0
- package/dist/scripts/product-design-plugin-routing-check.js +101 -0
- package/dist/scripts/project-skill-dedupe-blackbox.js +36 -0
- package/dist/scripts/project-skill-dedupe-check.js +16 -0
- package/dist/scripts/prompt-placeholder-guard-check.js +33 -0
- package/dist/scripts/proof-root-cause-policy-check.js +70 -0
- package/dist/scripts/provider-badge-context-check.js +26 -0
- package/dist/scripts/provider-context-config-toml-check.js +63 -0
- package/dist/scripts/python-codex-sdk-all-pipelines-check.js +47 -0
- package/dist/scripts/python-codex-sdk-capability-check.js +75 -0
- package/dist/scripts/python-codex-sdk-sandbox-policy-check.js +10 -0
- package/dist/scripts/python-codex-sdk-stream-bridge-check.js +12 -0
- package/dist/scripts/python-tools-smoke-check.js +71 -0
- package/dist/scripts/qa-actual-route-backfill-check.js +5 -0
- package/dist/scripts/qa-backfill-route-blackbox.js +5 -0
- package/dist/scripts/qa-loop-app-handoff-capability-check.js +9 -0
- package/dist/scripts/qa-loop-app-handoff-check.js +9 -0
- package/dist/scripts/qa-loop-app-handoff-cli-check.js +8 -0
- package/dist/scripts/qa-loop-app-handoff-confirmation-check.js +24 -0
- package/dist/scripts/qa-loop-app-handoff-gate-lifecycle-check.js +44 -0
- package/dist/scripts/qa-loop-app-handoff-launch-check.js +7 -0
- package/dist/scripts/qa-loop-app-handoff-status-lifecycle-check.js +7 -0
- package/dist/scripts/qa-loop-budget-policy-check.js +8 -0
- package/dist/scripts/qa-loop-effort-escalation-check.js +9 -0
- package/dist/scripts/qa-loop-execution-profile-routing-check.js +4 -0
- package/dist/scripts/qa-loop-image-path-exposure-check.js +9 -0
- package/dist/scripts/qa-loop-image-path-prompt-injection-check.js +8 -0
- package/dist/scripts/qa-patch-swarm-route-blackbox.js +10 -0
- package/dist/scripts/readme-architecture-imagegen-official-check.js +448 -0
- package/dist/scripts/release-affected-selector-check.js +41 -0
- package/dist/scripts/release-aggressive-resource-governor-check.js +25 -0
- package/dist/scripts/release-batch-runner-check.js +6 -0
- package/dist/scripts/release-cache-bridge-check.js +23 -0
- package/dist/scripts/release-cache-glob-hashing-check.js +42 -0
- package/dist/scripts/release-cache-input-classifier-check.js +13 -0
- package/dist/scripts/release-cache-neutralization-report-check.js +13 -0
- package/dist/scripts/release-cache-version-neutral-fixture-check.js +65 -0
- package/dist/scripts/release-check-stamp.js +2 -1
- package/dist/scripts/release-dag-full-coverage-check.js +428 -0
- package/dist/scripts/release-dist-freshness-check.js +8 -0
- package/dist/scripts/release-dynamic-performance-check.js +110 -0
- package/dist/scripts/release-dynamic-presets-check.js +20 -0
- package/dist/scripts/release-full-parallelism-blackbox.js +41 -0
- package/dist/scripts/release-gate-batch-runner-check.js +43 -0
- package/dist/scripts/release-gate-budget-check.js +36 -0
- package/dist/scripts/release-gate-dag-runner-check.js +107 -0
- package/dist/scripts/release-gate-script-parity-check.js +117 -0
- package/dist/scripts/release-metadata-1-11-check.js +37 -0
- package/dist/scripts/release-metadata-1-12-check.js +48 -0
- package/dist/scripts/release-metadata-1-13-check.js +53 -0
- package/dist/scripts/release-metadata-1-14-check.js +63 -0
- package/dist/scripts/release-metadata-1-16-check.js +81 -0
- package/dist/scripts/release-metadata-1-17-check.js +51 -0
- package/dist/scripts/release-metadata-1-19-check.js +376 -0
- package/dist/scripts/release-metadata-check.js +7 -0
- package/dist/scripts/release-native-agent-fixture-check.js +41 -0
- package/dist/scripts/release-parallel-check.js +375 -0
- package/dist/scripts/release-parallel-full-coverage-check.js +13 -0
- package/dist/scripts/release-parallel-speed-budget-check.js +91 -0
- package/dist/scripts/release-proof-truth-check.js +14 -0
- package/dist/scripts/release-provenance-check.js +143 -0
- package/dist/scripts/release-readiness-report.js +1231 -0
- package/dist/scripts/release-real-check.js +338 -0
- package/dist/scripts/release-registry-check.js +353 -0
- package/dist/scripts/release-runtime-truth-matrix-check.js +47 -0
- package/dist/scripts/release-script-type-safety-check.js +4 -0
- package/dist/scripts/release-speed-summary-check.js +20 -0
- package/dist/scripts/release-stability-report-check.js +99 -0
- package/dist/scripts/release-triwiki-first-runner-blackbox.js +44 -0
- package/dist/scripts/release-triwiki-first-runner-check.js +9 -0
- package/dist/scripts/release-version-truth-check.js +134 -0
- package/dist/scripts/release-wiring-3110-blackbox.js +27 -0
- package/dist/scripts/release-wiring-3112-blackbox.js +17 -0
- package/dist/scripts/release-wiring-3113-blackbox.js +17 -0
- package/dist/scripts/research-actual-route-backfill-check.js +5 -0
- package/dist/scripts/research-backfill-route-blackbox.js +5 -0
- package/dist/scripts/research-blueprint-densifier-check.js +21 -0
- package/dist/scripts/research-claim-builder-check.js +19 -0
- package/dist/scripts/research-complete-package-fixture-check.js +29 -0
- package/dist/scripts/research-execution-profile-routing-check.js +4 -0
- package/dist/scripts/research-final-reviewer-blackbox.js +70 -0
- package/dist/scripts/research-handoff-consumability-check.js +23 -0
- package/dist/scripts/research-parallel-source-shards-check.js +22 -0
- package/dist/scripts/research-quality-gate-check.js +112 -0
- package/dist/scripts/research-real-cycle-no-legacy-final-md-check.js +14 -0
- package/dist/scripts/research-real-synthesis-no-deterministic-renderer-check.js +14 -0
- package/dist/scripts/research-repetition-detector-check.js +19 -0
- package/dist/scripts/research-short-report-rejection-check.js +46 -0
- package/dist/scripts/research-source-ledger-merge-check.js +26 -0
- package/dist/scripts/research-stage-cycle-runtime-blackbox.js +40 -0
- package/dist/scripts/research-synthesis-prompt-contract-check.js +36 -0
- package/dist/scripts/research-synthesis-writer-blackbox.js +24 -0
- package/dist/scripts/research-synthesis-writer-check.js +26 -0
- package/dist/scripts/research-template-report-rejection-check.js +56 -0
- package/dist/scripts/research-ultra-stability-report.js +45 -0
- package/dist/scripts/responses-retry-policy-centralized-check.js +19 -0
- package/dist/scripts/retention-cleanup-safety-check.js +155 -0
- package/dist/scripts/route-blackbox-realism-check.js +21 -0
- package/dist/scripts/route-proof-artifact-structure-check.js +145 -0
- package/dist/scripts/runtime-dist-parity-check.js +78 -0
- package/dist/scripts/runtime-no-mjs-scripts-check.js +45 -0
- package/dist/scripts/runtime-no-src-mjs-check.js +32 -0
- package/dist/scripts/runtime-no-tmux-check.js +114 -0
- package/dist/scripts/runtime-proof-summary-check.js +58 -0
- package/dist/scripts/runtime-proof-summary-cli-check.js +51 -0
- package/dist/scripts/runtime-proof-summary-messages-check.js +37 -0
- package/dist/scripts/runtime-proof-zellij-stacked-summary-check.js +58 -0
- package/dist/scripts/runtime-ts-python-boundary-check.js +59 -0
- package/dist/scripts/runtime-ts-rust-boundary-check.js +74 -0
- package/dist/scripts/runtime-ts-source-of-truth-check.js +55 -0
- package/dist/scripts/safety-check.js +23 -0
- package/dist/scripts/scheduler-batch-dispatch-check.js +17 -0
- package/dist/scripts/scheduler-critical-path-check.js +9 -0
- package/dist/scripts/scheduler-extreme-parallel-check.js +7 -0
- package/dist/scripts/scheduler-no-false-pending-block-check.js +7 -0
- package/dist/scripts/scheduler-parallel-proof-consistency-check.js +65 -0
- package/dist/scripts/scheduler-resource-budget-check.js +7 -0
- package/dist/scripts/scheduler-resource-claim-blackbox.js +24 -0
- package/dist/scripts/scheduler-utilization-integral-check.js +105 -0
- package/dist/scripts/scheduler-utilization-proof-check.js +8 -0
- package/dist/scripts/secret-line-rollback-check.js +35 -0
- package/dist/scripts/secret-preservation-check.js +11 -0
- package/dist/scripts/secret-preservation-guard-check.js +37 -0
- package/dist/scripts/shared-memory-fixture-check.js +27 -0
- package/dist/scripts/side-effect-runtime-report-check.js +19 -0
- package/dist/scripts/side-effect-zero-gate-check.js +226 -0
- package/dist/scripts/skill-name-canonicalizer-check.js +9 -0
- package/dist/scripts/skill-registry-ledger-check.js +14 -0
- package/dist/scripts/skill-sync-atomic-check.js +35 -0
- package/dist/scripts/sks-1-11-fixture-check.js +130 -0
- package/dist/scripts/sks-1-12-real-execution-check-lib.js +27 -0
- package/dist/scripts/sks-3-1-4-directive-check-lib.js +212 -0
- package/dist/scripts/sks-3-1-5-directive-check-lib.js +318 -0
- package/dist/scripts/sks-3-1-6-directive-check-lib.js +522 -0
- package/dist/scripts/sks-3-1-7-directive-check-lib.js +58 -0
- package/dist/scripts/sks-3-1-8-check-lib.js +30 -0
- package/dist/scripts/sks-3110-all-feature-regression-blackbox.js +116 -0
- package/dist/scripts/sks-3112-all-feature-regression-blackbox.js +29 -0
- package/dist/scripts/sks-3113-all-feature-regression-blackbox.js +17 -0
- package/dist/scripts/sks-400-all-feature-regression-blackbox.js +21 -0
- package/dist/scripts/sks-400-extreme-parallel-blackbox.js +8 -0
- package/dist/scripts/sks-400-five-minute-blackbox.js +9 -0
- package/dist/scripts/sks-400-legacy-purge-blackbox.js +8 -0
- package/dist/scripts/sks-401-all-feature-regression-blackbox.js +46 -0
- package/dist/scripts/sks-401-five-minute-actual-blackbox.js +23 -0
- package/dist/scripts/sks-402-all-feature-regression-blackbox.js +9 -0
- package/dist/scripts/sks-402-five-minute-real-blackbox.js +22 -0
- package/dist/scripts/sksd-daemon-check.js +9 -0
- package/dist/scripts/sksd-warm-cache-blackbox.js +12 -0
- package/dist/scripts/source-intelligence-all-modes-check.js +32 -0
- package/dist/scripts/source-intelligence-policy-check.js +13 -0
- package/dist/scripts/strategy-adhd-orchestrating-gate-check.js +22 -0
- package/dist/scripts/strategy-file-ownership-plan-check.js +18 -0
- package/dist/scripts/strategy-parallel-modification-plan-check.js +19 -0
- package/dist/scripts/strategy-verification-rollback-dag-check.js +19 -0
- package/dist/scripts/supabase-secret-preservation-blackbox.js +29 -0
- package/dist/scripts/team-actual-route-backfill-check.js +5 -0
- package/dist/scripts/team-alias-to-naruto-check.js +7 -0
- package/dist/scripts/team-backfill-route-blackbox.js +5 -0
- package/dist/scripts/team-legacy-create-removed-check.js +12 -0
- package/dist/scripts/team-parallel-write-blackbox.js +55 -0
- package/dist/scripts/team-patch-swarm-route-blackbox.js +10 -0
- package/dist/scripts/terminal-keyboard-enhancement-safety-check.js +12 -0
- package/dist/scripts/terminal-tui-output-stability-check.js +35 -0
- package/dist/scripts/test-no-orphan-dist-imports-check.js +73 -0
- package/dist/scripts/triwiki-affected-graph-blackbox.js +28 -0
- package/dist/scripts/triwiki-affected-graph-check.js +10 -0
- package/dist/scripts/triwiki-cache-key-check.js +9 -0
- package/dist/scripts/triwiki-gate-impact-map-check.js +8 -0
- package/dist/scripts/triwiki-module-card-check.js +7 -0
- package/dist/scripts/triwiki-proof-bank-blackbox.js +30 -0
- package/dist/scripts/triwiki-proof-bank-check.js +7 -0
- package/dist/scripts/triwiki-proof-bank-lock-blackbox.js +7 -0
- package/dist/scripts/triwiki-proof-card-check.js +23 -0
- package/dist/scripts/triwiki-stale-proof-rejection-check.js +25 -0
- package/dist/scripts/trust-fixture-check.js +33 -0
- package/dist/scripts/type-surface-codex-app-check.js +4 -0
- package/dist/scripts/typescript-migration-report.js +78 -0
- package/dist/scripts/ultra-router-auto-router-check.js +33 -0
- package/dist/scripts/ultra-router-classification-check.js +28 -0
- package/dist/scripts/update-gate-removed-check.js +9 -0
- package/dist/scripts/update-mad-zellij-notice-check.js +9 -0
- package/dist/scripts/update-notice-check.js +10 -0
- package/dist/scripts/update-preserves-supabase-keys-blackbox.js +27 -0
- package/dist/scripts/update-secret-migration-journal-check.js +8 -0
- package/dist/scripts/update-secret-preservation-guard-check.js +10 -0
- package/dist/scripts/ux-patch-swarm-route-blackbox.js +10 -0
- package/dist/scripts/ux-ppt-structured-extraction-check.js +21 -0
- package/dist/scripts/ux-review-extract-real-callouts-fixture-check.js +8 -0
- package/dist/scripts/ux-review-extract-wires-real-extractor-check.js +15 -0
- package/dist/scripts/ux-review-generate-callouts-fixture-check.js +9 -0
- package/dist/scripts/ux-review-image-voxel-relations-check.js +31 -0
- package/dist/scripts/ux-review-imagegen-blackbox-check.js +67 -0
- package/dist/scripts/ux-review-no-fake-callouts-check.js +8 -0
- package/dist/scripts/ux-review-no-text-fallback-check.js +25 -0
- package/dist/scripts/ux-review-patch-diff-recheck-check.js +20 -0
- package/dist/scripts/ux-review-patch-handoff-fixture-check.js +8 -0
- package/dist/scripts/ux-review-real-imagegen-smoke-check.js +31 -0
- package/dist/scripts/ux-review-real-loop-fixture-check.js +24 -0
- package/dist/scripts/ux-review-recapture-recheck-fixture-check.js +8 -0
- package/dist/scripts/ux-review-run-wires-imagegen-check.js +11 -0
- package/dist/scripts/worker-pane-communication-contract-check.js +54 -0
- package/dist/scripts/wrongness-fixture-check.js +65 -0
- package/dist/scripts/xai-mcp-capability-check.js +14 -0
- package/dist/scripts/zellij-capability-check.js +15 -0
- package/dist/scripts/zellij-dashboard-pane-check.js +70 -0
- package/dist/scripts/zellij-developer-controls-check.js +20 -0
- package/dist/scripts/zellij-doctor-readiness-check.js +63 -0
- package/dist/scripts/zellij-dynamic-pane-lifecycle-check.js +21 -0
- package/dist/scripts/zellij-fake-adapter-check.js +33 -0
- package/dist/scripts/zellij-first-slot-down-stack-check.js +21 -0
- package/dist/scripts/zellij-first-slot-down-stack-real-check.js +349 -0
- package/dist/scripts/zellij-homebrew-policy-check.js +4 -0
- package/dist/scripts/zellij-initial-main-only-blackbox.js +28 -0
- package/dist/scripts/zellij-lane-renderer-check.js +80 -0
- package/dist/scripts/zellij-launch-command-truth-check.js +75 -0
- package/dist/scripts/zellij-layout-valid-check.js +90 -0
- package/dist/scripts/zellij-pane-creation-lock-metrics-check.js +12 -0
- package/dist/scripts/zellij-pane-lock-concurrency-blackbox.js +80 -0
- package/dist/scripts/zellij-pane-lock-does-not-block-worker-check.js +14 -0
- package/dist/scripts/zellij-pane-lock-open-worker-integration-blackbox.js +137 -0
- package/dist/scripts/zellij-pane-proof-check.js +59 -0
- package/dist/scripts/zellij-qa-app-handoff-status-check.js +9 -0
- package/dist/scripts/zellij-real-session-cleanup-check.js +21 -0
- package/dist/scripts/zellij-real-session-heartbeat-check.js +49 -0
- package/dist/scripts/zellij-real-session-launch-check.js +57 -0
- package/dist/scripts/zellij-right-column-headless-overflow-check.js +22 -0
- package/dist/scripts/zellij-right-column-manager-check.js +27 -0
- package/dist/scripts/zellij-screen-proof-check.js +45 -0
- package/dist/scripts/zellij-self-heal-check.js +4 -0
- package/dist/scripts/zellij-self-heal-dry-run-check.js +4 -0
- package/dist/scripts/zellij-self-heal-status-contract-check.js +4 -0
- package/dist/scripts/zellij-self-heal-typed-blackbox.js +4 -0
- package/dist/scripts/zellij-slot-column-anchor-check.js +66 -0
- package/dist/scripts/zellij-slot-column-anchor-telemetry-check.js +9 -0
- package/dist/scripts/zellij-slot-only-ui-check.js +31 -0
- package/dist/scripts/zellij-slot-pane-renderer-check.js +150 -0
- package/dist/scripts/zellij-slot-pane-stale-detection-check.js +74 -0
- package/dist/scripts/zellij-slot-pane-telemetry-renderer-check.js +11 -0
- package/dist/scripts/zellij-slot-renderer-proof-semantics-check.js +59 -0
- package/dist/scripts/zellij-slot-telemetry-check.js +39 -0
- package/dist/scripts/zellij-slot-telemetry-incremental-check.js +48 -0
- package/dist/scripts/zellij-slot-telemetry-live-flush-check.js +57 -0
- package/dist/scripts/zellij-slot-telemetry-performance-check.js +34 -0
- package/dist/scripts/zellij-slot-telemetry-real-blackbox.js +20 -0
- package/dist/scripts/zellij-slot-telemetry-renderer-check.js +10 -0
- package/dist/scripts/zellij-slot-telemetry-runtime-check.js +23 -0
- package/dist/scripts/zellij-spawn-on-demand-layout-check.js +40 -0
- package/dist/scripts/zellij-stacked-capability-routing-check.js +11 -0
- package/dist/scripts/zellij-stacked-fallback-integration-blackbox.js +81 -0
- package/dist/scripts/zellij-stacked-version-matrix-check.js +31 -0
- package/dist/scripts/zellij-stacked-version-parser-check.js +21 -0
- package/dist/scripts/zellij-ui-design-check.js +105 -0
- package/dist/scripts/zellij-update-missing-self-heal-check.js +4 -0
- package/dist/scripts/zellij-update-prompt-matrix-check.js +18 -0
- package/dist/scripts/zellij-update-prompt-mode-check.js +20 -0
- package/dist/scripts/zellij-update-prompt-safety-check.js +10 -0
- package/dist/scripts/zellij-worker-pane-manager-check.js +109 -0
- package/dist/scripts/zellij-worker-pane-manager-single-owner-check.js +47 -0
- package/dist/scripts/zellij-worker-pane-real-ui-blackbox.js +202 -0
- package/dist/scripts/zellij-worker-pane-spawn-order-check.js +35 -0
- package/package.json +17 -7
- package/schemas/codex/app-server-0.142/codex_app_server_protocol.v2.schemas.json +18447 -0
- package/schemas/codex-release-manifest.schema.json +44 -0
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import fs from 'node:fs';
|
|
4
|
+
import os from 'node:os';
|
|
5
|
+
import path from 'node:path';
|
|
6
|
+
import { assertGate, emitGate, importDist, readText } from './lib/codex-sdk-gate-lib.js';
|
|
7
|
+
const researchCommand = readText('src/core/commands/research-command.ts');
|
|
8
|
+
assertGate(researchCommand.includes("backend: mock ? 'fake' : 'codex-sdk'"), 'Research pipeline must default native agents to codex-sdk');
|
|
9
|
+
assertGate(researchCommand.includes("flag(args, '--autoresearch') ? '$AutoResearch' : '$Research'"), 'Research/AutoResearch route selection missing');
|
|
10
|
+
assertGate(researchCommand.includes('narutoWorkGraph: researchWorkGraph'), 'Research pipeline must pass the stage-aware Naruto work graph');
|
|
11
|
+
assertGate(researchCommand.includes('readonly: true'), 'Research pipeline must force read-only native orchestration');
|
|
12
|
+
assertGate(researchCommand.includes('quality_metrics'), 'Research pipeline JSON output must include quality metrics');
|
|
13
|
+
assertGate(researchCommand.includes('const cycleResult = await runResearchCycle({'), 'Research default path must use runResearchCycle');
|
|
14
|
+
assertGate(researchCommand.includes('--legacy-research-cycle'), 'Legacy final.md loop must be opt-in only');
|
|
15
|
+
const researchCore = readText('src/core/research.ts');
|
|
16
|
+
assertGate(researchCore.includes('readResearchQualityContract'), 'Research gate must read research-quality-contract.json');
|
|
17
|
+
assertGate(researchCore.includes('claim_evidence_matrix_missing'), 'Research gate must require claim-evidence-matrix.json');
|
|
18
|
+
assertGate(researchCore.includes('research_final_review_not_approved'), 'Research gate must require final reviewer approval');
|
|
19
|
+
for (const [file, tokens] of Object.entries({
|
|
20
|
+
'src/core/research/research-work-graph.ts': ['buildResearchWorkGraph', 'source_shard_academic_literature'],
|
|
21
|
+
'src/core/research/research-cycle-runner.ts': ['runResearchCycle', 'Promise.race'],
|
|
22
|
+
'src/core/research/research-final-reviewer.ts': ['runResearchCodexFinalReviewer'],
|
|
23
|
+
'src/core/research/claim-evidence-matrix.ts': ['claim-evidence-matrix'],
|
|
24
|
+
'src/core/research/implementation-blueprint.ts': ['implementation-blueprint'],
|
|
25
|
+
'src/core/research/research-quality-contract.ts': ['research-quality-contract']
|
|
26
|
+
})) {
|
|
27
|
+
const text = readText(file);
|
|
28
|
+
for (const token of tokens)
|
|
29
|
+
assertGate(text.includes(token), `${file} missing token ${token}`);
|
|
30
|
+
}
|
|
31
|
+
const research = await importDist('core/research.js');
|
|
32
|
+
const fsx = await importDist('core/fsx.js');
|
|
33
|
+
const dirShort = fs.mkdtempSync(path.join(os.tmpdir(), 'sks-codex-research-short-'));
|
|
34
|
+
const planShort = await research.writeResearchPlan(dirShort, 'codex sdk short rejection fixture', { missionId: 'M-CODEX-SHORT' });
|
|
35
|
+
await fsx.writeTextAtomic(path.join(dirShort, 'research-report.md'), `# Short Report\n\n${Array.from({ length: 300 }, (_unused, index) => `word${index}`).join(' ')}\n`);
|
|
36
|
+
await fsx.writeJsonAtomic(path.join(dirShort, 'source-ledger.json'), { schema_version: 1, web_search_passes: 1, source_layers: [], sources: [], counterevidence_sources: [], triangulation: { cross_layer_checks: [] }, citation_coverage: { all_key_claims_cited: false }, blockers: [] });
|
|
37
|
+
await fsx.writeJsonAtomic(path.join(dirShort, 'implementation-blueprint.json'), { schema: 'sks.research-implementation-blueprint.v1', sections: [] });
|
|
38
|
+
const shortGate = await research.evaluateResearchGate(dirShort);
|
|
39
|
+
assertGate(shortGate.passed === false, 'codex-sdk research pipeline must reject short report fixture', shortGate);
|
|
40
|
+
assertGate((shortGate.reasons || []).includes('research_report_too_short'), 'short rejection must include report length reason', shortGate);
|
|
41
|
+
const dirComplete = fs.mkdtempSync(path.join(os.tmpdir(), 'sks-codex-research-complete-'));
|
|
42
|
+
const planComplete = await research.writeResearchPlan(dirComplete, 'codex sdk complete package fixture', { missionId: 'M-CODEX-COMPLETE' });
|
|
43
|
+
const completeGate = await research.writeMockResearchResult(dirComplete, planComplete);
|
|
44
|
+
assertGate(completeGate.passed === true, 'codex-sdk research pipeline must pass complete package fixture', completeGate);
|
|
45
|
+
assertGate(completeGate.metrics?.final_review_approved === true, 'complete package must include approved final review', completeGate.metrics);
|
|
46
|
+
emitGate('codex-sdk:research-pipeline', { route: '$Research', short_dir: dirShort, complete_dir: dirComplete });
|
|
47
|
+
//# sourceMappingURL=codex-sdk-research-pipeline-check.js.map
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, importDist } from './sks-1-18-gate-lib.js';
|
|
4
|
+
const mod = await importDist('core/codex-control/codex-sdk-sandbox-policy.js');
|
|
5
|
+
const base = {
|
|
6
|
+
route: '$Agent',
|
|
7
|
+
missionId: 'M-sandbox',
|
|
8
|
+
cwd: process.cwd(),
|
|
9
|
+
prompt: 'sandbox fixture',
|
|
10
|
+
outputSchemaId: 'sks.agent-worker-result.v1',
|
|
11
|
+
outputSchema: {},
|
|
12
|
+
mutationLedgerRoot: process.cwd()
|
|
13
|
+
};
|
|
14
|
+
const readOnly = mod.mapCodexSdkSandboxPolicy({ ...base, sandboxPolicy: 'read-only', requestedScopeContract: { read_only: true } });
|
|
15
|
+
const workspace = mod.mapCodexSdkSandboxPolicy({ ...base, sandboxPolicy: 'workspace-write', requestedScopeContract: { read_only: false, allowed_paths: ['tmp'], write_paths: ['tmp'] } });
|
|
16
|
+
const fullBlocked = mod.mapCodexSdkSandboxPolicy({ ...base, sandboxPolicy: 'full-access', requestedScopeContract: { read_only: false } });
|
|
17
|
+
assertGate(readOnly.ok && readOnly.sandboxMode === 'read-only', 'read-only sandbox mapping failed', readOnly);
|
|
18
|
+
assertGate(workspace.ok && workspace.sandboxMode === 'workspace-write', 'workspace-write sandbox mapping failed', workspace);
|
|
19
|
+
assertGate(!fullBlocked.ok && fullBlocked.blockers.includes('codex_sdk_full_access_requires_explicit_mad_scope'), 'full-access must require explicit authorization', fullBlocked);
|
|
20
|
+
emitGate('codex-sdk:sandbox-policy', { read_only: readOnly.sandboxMode, workspace: workspace.sandboxMode, full_blockers: fullBlocked.blockers });
|
|
21
|
+
//# sourceMappingURL=codex-sdk-sandbox-policy-check.js.map
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, runFakeCodexSdkTaskFixture } from './lib/codex-sdk-gate-lib.js';
|
|
4
|
+
const fixture = await runFakeCodexSdkTaskFixture('structured-output');
|
|
5
|
+
assertGate(fixture.result.ok === true, 'Codex SDK fake run must pass', fixture.result);
|
|
6
|
+
assertGate(fixture.result.structuredOutputValid === true, 'structured output must validate', fixture.result);
|
|
7
|
+
assertGate(fixture.worker.backend === 'codex-sdk', 'worker backend must be codex-sdk', fixture.worker);
|
|
8
|
+
assertGate(fixture.worker.verification?.checks?.includes('sks.agent-worker-result.v1'), 'worker verification must reference output schema', fixture.worker);
|
|
9
|
+
emitGate('codex-sdk:structured-output', { output_schema_id: fixture.proof.output_schema_id, structured_output_valid: fixture.result.structuredOutputValid });
|
|
10
|
+
//# sourceMappingURL=codex-sdk-structured-output-check.js.map
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, readText } from './lib/codex-sdk-gate-lib.js';
|
|
4
|
+
const team = readText('src/core/commands/team-command.ts');
|
|
5
|
+
const naruto = readText('src/core/commands/naruto-command.ts');
|
|
6
|
+
const agent = readText('src/core/agents/agent-command-surface.ts');
|
|
7
|
+
assertGate(team.includes('redirectTeamCreateToNaruto') && team.includes('narutoCommand'), 'Team create must redirect to Naruto codex-sdk SSOT');
|
|
8
|
+
assertGate(naruto.includes("backend: 'codex-sdk'"), 'Naruto help/defaults must expose codex-sdk');
|
|
9
|
+
assertGate(agent.includes("useLocalModel && !noOllama") && agent.includes("'local-llm'") && agent.includes("useOllamaProtocol && !noOllama"), 'Agent command surface must route --local-model to local-llm and --ollama to ollama explicitly');
|
|
10
|
+
assertGate(agent.includes('backendExplicit'), 'Agent command surface must preserve explicit backend/local-model intent');
|
|
11
|
+
emitGate('codex-sdk:team-naruto-agent-pipeline', { routes: ['$Team', '$Naruto', '$Agent'] });
|
|
12
|
+
//# sourceMappingURL=codex-sdk-team-naruto-agent-pipeline-check.js.map
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, runFakeCodexSdkTaskFixture } from './lib/codex-sdk-gate-lib.js';
|
|
4
|
+
const fixture = await runFakeCodexSdkTaskFixture('thread-registry', { zellijPaneId: 'pane-42' });
|
|
5
|
+
const thread = fixture.registry.threads[0] || {};
|
|
6
|
+
assertGate(fixture.registry.thread_count === 1, 'thread registry must record one thread', fixture.registry);
|
|
7
|
+
assertGate(thread.sdk_thread_id === fixture.result.sdkThreadId, 'thread registry sdk_thread_id mismatch', { thread, result: fixture.result });
|
|
8
|
+
assertGate(thread.zellij_pane_id === 'pane-42', 'thread registry must link zellij pane id when present', thread);
|
|
9
|
+
assertGate(thread.output_schema_id === 'sks.agent-worker-result.v1', 'thread registry output schema mismatch', thread);
|
|
10
|
+
emitGate('codex-sdk:thread-registry', { thread_count: fixture.registry.thread_count, sdk_thread_id: thread.sdk_thread_id });
|
|
11
|
+
//# sourceMappingURL=codex-sdk-thread-registry-check.js.map
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, packageScripts } from './lib/codex-sdk-gate-lib.js';
|
|
4
|
+
const scripts = packageScripts();
|
|
5
|
+
assertGate(Boolean(scripts['ux-review:imagegen-blackbox']), 'UX review imagegen blackbox gate missing');
|
|
6
|
+
assertGate(Boolean(scripts['ppt:imagegen-blackbox']), 'PPT imagegen blackbox gate missing');
|
|
7
|
+
assertGate(Boolean(scripts['ux-ppt:structured-extraction']), 'UX/PPT structured extraction gate missing');
|
|
8
|
+
emitGate('codex-sdk:ux-ppt-review-pipeline', { gates: ['ux-review:imagegen-blackbox', 'ppt:imagegen-blackbox', 'ux-ppt:structured-extraction'] });
|
|
9
|
+
//# sourceMappingURL=codex-sdk-ux-ppt-review-pipeline-check.js.map
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, readJson } from './sks-1-18-gate-lib.js';
|
|
4
|
+
const pkg = readJson('package.json');
|
|
5
|
+
const lock = readJson('package-lock.json');
|
|
6
|
+
const dep = pkg.dependencies?.['@openai/codex-sdk'];
|
|
7
|
+
const lockDep = lock.packages?.['node_modules/@openai/codex-sdk']?.version;
|
|
8
|
+
assertGate(dep === '0.142.0' && lockDep === '0.142.0', '@openai/codex-sdk must be pinned to 0.142.0 compatibility in package and lockfile', { dep, lockDep });
|
|
9
|
+
emitGate('codex-sdk:version-compat', { dependency: dep, lock_version: lockDep });
|
|
10
|
+
//# sourceMappingURL=codex-sdk-version-compat-check.js.map
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, readText, runFakeCodexSdkTaskFixture } from './lib/codex-sdk-gate-lib.js';
|
|
4
|
+
const fixture = await runFakeCodexSdkTaskFixture('zellij-binding', { zellijPaneId: 'pane-999' });
|
|
5
|
+
const swarmSource = readText('src/core/agents/native-cli-session-swarm.ts');
|
|
6
|
+
const proofSource = readText('src/core/agents/agent-slot-pane-binding-proof.ts');
|
|
7
|
+
const managerSource = readText('src/core/zellij/zellij-worker-pane-manager.ts');
|
|
8
|
+
assertGate(fixture.proof.zellij_pane_id === 'pane-999', 'control proof must link zellij pane id', fixture.proof);
|
|
9
|
+
assertGate(swarmSource.includes('codex_sdk_thread_started'), 'swarm must emit SDK thread event');
|
|
10
|
+
assertGate(proofSource.includes('worker_codex_sdk') && proofSource.includes('slot_status_renderer'), 'slot-pane proof must accept worker command panes and compact slot renderer panes');
|
|
11
|
+
assertGate(managerSource.includes('slot_status_renderer') && managerSource.includes('worker_codex_sdk'), 'worker pane manager must distinguish slot renderer and worker command pane kinds');
|
|
12
|
+
emitGate('codex-sdk:zellij-pane-binding', { zellij_pane_id: fixture.proof.zellij_pane_id, sdk_thread_id: fixture.proof.sdk_thread_id });
|
|
13
|
+
//# sourceMappingURL=codex-sdk-zellij-pane-binding-check.js.map
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, readText } from './lib/codex-sdk-gate-lib.js';
|
|
4
|
+
const runner = readText('src/core/codex-control/codex-task-runner.ts');
|
|
5
|
+
const registry = readText('src/core/codex-control/codex-thread-registry.ts');
|
|
6
|
+
assertGate(runner.includes('backendPreference'), 'Codex task runner must carry backend/runtime preference');
|
|
7
|
+
assertGate(runner.includes('backend_family'), 'Codex task runner must persist backend family');
|
|
8
|
+
assertGate(registry.includes('recordCodexThread'), 'Codex thread registry missing');
|
|
9
|
+
emitGate('codex:thread-runtime-choice', { runtime_choice: 'backendPreference/backend_family' });
|
|
10
|
+
//# sourceMappingURL=codex-thread-runtime-choice-check.js.map
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { assertGate, emitGate, importDist } from './sks-1-18-gate-lib.js';
|
|
4
|
+
const mod = await importDist('core/codex/codex-web-search-adapter.js');
|
|
5
|
+
const available = mod.detectCodexWebSearchCapability({ env: { SKS_CODEX_WEB_SEARCH_AVAILABLE: '1' } });
|
|
6
|
+
const offline = mod.detectCodexWebSearchCapability({ offline: true });
|
|
7
|
+
const evidence = await mod.runCodexWebSearch('fixture', { search: async () => [{ title: 'result', url: 'https://example.com' }], env: { SKS_CODEX_WEB_SEARCH_AVAILABLE: '1' } });
|
|
8
|
+
assertGate(available.available === true, 'Codex Web capability env detector must pass');
|
|
9
|
+
assertGate(offline.status === 'disabled_offline', 'offline mode must disable web search with reason');
|
|
10
|
+
assertGate(evidence.ok === true && evidence.normalized_results.length === 1, 'Codex Web adapter must normalize results');
|
|
11
|
+
emitGate('codex-web:adapter', { status: evidence.status, results: evidence.normalized_results.length });
|
|
12
|
+
//# sourceMappingURL=codex-web-adapter-check.js.map
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { runProcess } from '../core/fsx.js';
|
|
4
|
+
const entry = './dist/bin/sks.js';
|
|
5
|
+
const probe = await runProcess(process.execPath, [entry, 'computer-use', 'smoke', '--json'], {
|
|
6
|
+
env: { ...process.env, CI: 'true', SKS_TEST_REAL_COMPUTER_USE: '' },
|
|
7
|
+
timeoutMs: 20_000,
|
|
8
|
+
maxOutputBytes: 256 * 1024
|
|
9
|
+
});
|
|
10
|
+
const real = await runProcess(process.execPath, [entry, 'computer-use', 'smoke', '--real', '--capture-screenshot', '--json'], {
|
|
11
|
+
env: { ...process.env, CI: 'true', SKS_TEST_REAL_COMPUTER_USE: '' },
|
|
12
|
+
timeoutMs: 20_000,
|
|
13
|
+
maxOutputBytes: 256 * 1024
|
|
14
|
+
});
|
|
15
|
+
const probeJson = parseJson(probe.stdout);
|
|
16
|
+
const realJson = parseJson(real.stdout);
|
|
17
|
+
const text = `${probe.stdout}\n${probe.stderr}\n${real.stdout}\n${real.stderr}`;
|
|
18
|
+
const forbidden = /mock.*live|fabricated|Computer Use blocked by safety policy|MAD-SKS disabled Computer Use/i.test(text);
|
|
19
|
+
const ok = probe.code === 0
|
|
20
|
+
&& probeJson.schema === 'sks.computer-use-live-smoke.v2'
|
|
21
|
+
&& probeJson.evidence_mode === 'probe_only'
|
|
22
|
+
&& probeJson.mock === false
|
|
23
|
+
&& realJson.schema === 'sks.computer-use-live-smoke.v2'
|
|
24
|
+
&& ['probe_only', 'live_capture_attempted', 'live_capture_success', 'live_capture_blocked'].includes(realJson.evidence_mode)
|
|
25
|
+
&& realJson.mock === false
|
|
26
|
+
&& Boolean(realJson.live_evidence_path)
|
|
27
|
+
&& forbidden === false;
|
|
28
|
+
console.log(JSON.stringify({
|
|
29
|
+
schema: 'sks.computer-use-live-evidence-check.v1',
|
|
30
|
+
ok,
|
|
31
|
+
probe: {
|
|
32
|
+
code: probe.code,
|
|
33
|
+
status: probeJson.status || null,
|
|
34
|
+
evidence_mode: probeJson.evidence_mode || null
|
|
35
|
+
},
|
|
36
|
+
real: {
|
|
37
|
+
code: real.code,
|
|
38
|
+
status: realJson.status || null,
|
|
39
|
+
evidence_mode: realJson.evidence_mode || null,
|
|
40
|
+
live_evidence_path: realJson.live_evidence_path || null,
|
|
41
|
+
image_voxel_linked: realJson.image_voxel_linked === true
|
|
42
|
+
},
|
|
43
|
+
forbidden_wording: forbidden
|
|
44
|
+
}, null, 2));
|
|
45
|
+
if (!ok)
|
|
46
|
+
process.exitCode = 1;
|
|
47
|
+
function parseJson(text) {
|
|
48
|
+
try {
|
|
49
|
+
return JSON.parse(text);
|
|
50
|
+
}
|
|
51
|
+
catch {
|
|
52
|
+
return {};
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
//# sourceMappingURL=computer-use-live-evidence-check.js.map
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { runProcess } from '../core/fsx.js';
|
|
4
|
+
const entry = './dist/bin/sks.js';
|
|
5
|
+
const result = await runProcess(process.execPath, [entry, 'computer-use', 'smoke', '--json'], {
|
|
6
|
+
env: { ...process.env, CI: 'true', SKS_TEST_REAL_COMPUTER_USE: '' },
|
|
7
|
+
timeoutMs: 20_000,
|
|
8
|
+
maxOutputBytes: 256 * 1024
|
|
9
|
+
});
|
|
10
|
+
const text = `${result.stdout}\n${result.stderr}`;
|
|
11
|
+
let parsed = {};
|
|
12
|
+
try {
|
|
13
|
+
parsed = JSON.parse(result.stdout);
|
|
14
|
+
}
|
|
15
|
+
catch { }
|
|
16
|
+
const structuredStatus = ['available', 'codex_app_missing', 'macos_permission_missing', 'codex_app_capability_missing', 'external_capability_blocked', 'not_macos', 'unknown'].includes(parsed.status);
|
|
17
|
+
const ok = result.code === 0
|
|
18
|
+
&& parsed.schema === 'sks.computer-use-live-smoke.v2'
|
|
19
|
+
&& parsed.ok === true
|
|
20
|
+
&& structuredStatus
|
|
21
|
+
&& parsed.mock === false
|
|
22
|
+
&& !/Computer Use blocked by safety policy|MAD-SKS disabled Computer Use|Computer Use access is unsafe/i.test(text);
|
|
23
|
+
console.log(JSON.stringify({
|
|
24
|
+
schema: 'sks.computer-use-live-optional-check.v1',
|
|
25
|
+
ok,
|
|
26
|
+
status: parsed.status || null,
|
|
27
|
+
mode: parsed.evidence_mode || parsed.mode || null,
|
|
28
|
+
structured_status: structuredStatus
|
|
29
|
+
}, null, 2));
|
|
30
|
+
if (!ok)
|
|
31
|
+
process.exitCode = 1;
|
|
32
|
+
//# sourceMappingURL=computer-use-live-optional-check.js.map
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { runProcess } from '../core/fsx.js';
|
|
4
|
+
const entry = './dist/bin/sks.js';
|
|
5
|
+
const status = await runProcess(process.execPath, [entry, 'computer-use', 'status', '--json'], {
|
|
6
|
+
env: { ...process.env, CI: 'true' },
|
|
7
|
+
timeoutMs: 20_000,
|
|
8
|
+
maxOutputBytes: 256 * 1024
|
|
9
|
+
});
|
|
10
|
+
const text = `${status.stdout}\n${status.stderr}`;
|
|
11
|
+
const forbidden = [
|
|
12
|
+
/Computer Use blocked by safety policy/i,
|
|
13
|
+
/Computer Use access is unsafe/i,
|
|
14
|
+
/MAD-SKS disabled Computer Use/i,
|
|
15
|
+
/Computer Use 접근이 안전 정책상 차단/i
|
|
16
|
+
].filter((pattern) => pattern.test(text)).map(String);
|
|
17
|
+
let parsed = {};
|
|
18
|
+
try {
|
|
19
|
+
parsed = JSON.parse(status.stdout);
|
|
20
|
+
}
|
|
21
|
+
catch { }
|
|
22
|
+
const allowedStatus = ['available', 'codex_app_missing', 'macos_permission_missing', 'codex_app_capability_missing', 'external_capability_blocked', 'not_macos', 'unknown'];
|
|
23
|
+
const ok = status.code === 0
|
|
24
|
+
&& parsed.schema === 'sks.computer-use-status.v1'
|
|
25
|
+
&& allowedStatus.includes(parsed.status)
|
|
26
|
+
&& parsed.mad_sks_independent === true
|
|
27
|
+
&& forbidden.length === 0;
|
|
28
|
+
console.log(JSON.stringify({
|
|
29
|
+
schema: 'sks.computer-use-policy-check.v1',
|
|
30
|
+
ok,
|
|
31
|
+
status_code: status.code,
|
|
32
|
+
computer_use_status: parsed.status || null,
|
|
33
|
+
forbidden
|
|
34
|
+
}, null, 2));
|
|
35
|
+
if (!ok && forbidden.length)
|
|
36
|
+
await recordComputerUseWrongness(forbidden);
|
|
37
|
+
if (!ok)
|
|
38
|
+
process.exitCode = 1;
|
|
39
|
+
async function recordComputerUseWrongness(forbidden) {
|
|
40
|
+
const { addWrongnessRecord } = await import('../core/triwiki-wrongness/wrongness-ledger.js');
|
|
41
|
+
await addWrongnessRecord(process.cwd(), {
|
|
42
|
+
route: '$Computer-Use',
|
|
43
|
+
wrongness_kind: 'computer_use_policy_misclassification',
|
|
44
|
+
severity: 'high',
|
|
45
|
+
claim: { text: `Computer Use was described with forbidden safety/MAD-SKS block wording: ${forbidden.join(', ')}` },
|
|
46
|
+
detected_by: {
|
|
47
|
+
source: 'computer_use_policy_check',
|
|
48
|
+
command: 'npm run computer-use:policy-check',
|
|
49
|
+
artifact: 'dist/scripts/computer-use-policy-check.js',
|
|
50
|
+
detail: forbidden.join(', ')
|
|
51
|
+
},
|
|
52
|
+
root_cause: {
|
|
53
|
+
category: 'route_policy_gap',
|
|
54
|
+
explanation: 'Computer Use is a Codex App/macOS capability check, not a MAD-SKS or generic SKS safety block.'
|
|
55
|
+
},
|
|
56
|
+
corrective_action: {
|
|
57
|
+
summary: 'Separate Computer Use availability from safety policy wording and rerun the policy fixture.',
|
|
58
|
+
required_evidence: ['npm run computer-use:policy-check'],
|
|
59
|
+
patch_status: 'pending'
|
|
60
|
+
},
|
|
61
|
+
avoidance_rule: {
|
|
62
|
+
text: 'Do not classify macOS Computer Use as MAD-SKS or generic SKS safety block.',
|
|
63
|
+
applies_to: ['computer-use', '$Computer-Use', '$QA-LOOP', '$Image-UX-Review'],
|
|
64
|
+
severity: 'high'
|
|
65
|
+
},
|
|
66
|
+
links: { tests: ['npm run computer-use:policy-check'], files: ['dist/scripts/computer-use-policy-check.js'] }
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=computer-use-policy-check.js.map
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import { runProcess } from '../core/fsx.js';
|
|
4
|
+
const entry = './dist/bin/sks.js';
|
|
5
|
+
const routes = ['$Image-UX-Review', '$QA-LOOP', '$PPT', '$Computer-Use', '$From-Chat-IMG'];
|
|
6
|
+
const results = [];
|
|
7
|
+
for (const route of routes) {
|
|
8
|
+
const result = await runProcess(process.execPath, [entry, 'computer-use', 'require', '--route', route, '--json'], {
|
|
9
|
+
env: { ...process.env, CI: 'true' },
|
|
10
|
+
timeoutMs: 20_000,
|
|
11
|
+
maxOutputBytes: 256 * 1024
|
|
12
|
+
});
|
|
13
|
+
const text = `${result.stdout}\n${result.stderr}`;
|
|
14
|
+
let parsed = {};
|
|
15
|
+
try {
|
|
16
|
+
parsed = JSON.parse(result.stdout);
|
|
17
|
+
}
|
|
18
|
+
catch { }
|
|
19
|
+
results.push({
|
|
20
|
+
route,
|
|
21
|
+
code: result.code,
|
|
22
|
+
schema: parsed.schema || null,
|
|
23
|
+
status: parsed.status || null,
|
|
24
|
+
ok_or_structured_blocker: parsed.ok === true || ['available', 'codex_app_missing', 'macos_permission_missing', 'codex_app_capability_missing', 'external_capability_blocked', 'not_macos', 'unknown', 'web_verification_uses_chrome_extension'].includes(parsed.status),
|
|
25
|
+
no_forbidden_wording: !/Computer Use blocked by safety policy|MAD-SKS disabled Computer Use|Computer Use access is unsafe/i.test(text),
|
|
26
|
+
evidence_status: parsed.evidence?.status || null
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
const ok = results.every((row) => row.schema === 'sks.computer-use-require.v1' && row.ok_or_structured_blocker && row.no_forbidden_wording);
|
|
30
|
+
console.log(JSON.stringify({
|
|
31
|
+
schema: 'sks.computer-use-visual-route-fixture-check.v1',
|
|
32
|
+
ok,
|
|
33
|
+
results
|
|
34
|
+
}, null, 2));
|
|
35
|
+
if (!ok)
|
|
36
|
+
process.exitCode = 1;
|
|
37
|
+
//# sourceMappingURL=computer-use-visual-route-fixture-check.js.map
|
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import fs from 'node:fs';
|
|
3
|
+
import path from 'node:path';
|
|
4
|
+
import { assertGate, emitGate, root } from './sks-1-18-gate-lib.js';
|
|
5
|
+
const SCAN_DIRS = ['src/core', 'src/commands', 'src/cli'];
|
|
6
|
+
const WRITE_CALL = /\b(?:writeTextAtomic|writeJsonAtomic|fs\.writeFile|fsp\.writeFile|writeFileSync|copyFile)\s*\(/;
|
|
7
|
+
const PROTECTED_INDICATORS = [
|
|
8
|
+
['codex-config-toml', /(?:config\.toml|generatedCodexConfigPath|codexLbConfigPath|\bconfigPath\b)/],
|
|
9
|
+
['codex-auth-json', /(?:auth\.json|\bauthPath\b|codexAuthPath)/],
|
|
10
|
+
['env-secret-file', /(?:(?:['"`][^'"`]*\.env[^'"`]*['"`])|sks-codex-lb\.env|\benvPath\b|status\.env_path|codexLbEnvPath)/],
|
|
11
|
+
['mcp-json', /(?:mcp\.json|\bmcpPath\b|cursorMcpPath)/],
|
|
12
|
+
['sneakoscope-config', /(?:\.sneakoscope\/config\.json|sneakoscopeConfigPath)/]
|
|
13
|
+
];
|
|
14
|
+
const ALLOWLIST = [
|
|
15
|
+
{
|
|
16
|
+
file: 'src/core/config/managed-config-merge.ts',
|
|
17
|
+
pattern: /writeTextAtomic|fs\.writeFile/,
|
|
18
|
+
reason: 'central managed config merge writer preserves protected keys and secret line hashes',
|
|
19
|
+
expires: '3.2.0'
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
file: 'src/core/config/secret-preservation.ts',
|
|
23
|
+
pattern: /writeTextAtomic|writeJsonAtomic|fs\.writeFile/,
|
|
24
|
+
reason: 'secret preservation guard backup, rollback, and sanitized report writer',
|
|
25
|
+
expires: '3.2.0'
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
file: 'src/core/init.ts',
|
|
29
|
+
pattern: /generatedCodexConfigPath|\.codex['"], ['"]SNEAKOSCOPE\.md|hooksPath|mergeManagedHookTrustStateToml/,
|
|
30
|
+
reason: 'setup/init harness writes run through setup-command or doctor-fix secret preservation guard',
|
|
31
|
+
expires: '3.2.0'
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
file: 'src/commands/doctor.ts',
|
|
35
|
+
pattern: /backupProjectConfigBeforeFix|writeTextAtomic|fsp\.writeFile|config_backup_path/,
|
|
36
|
+
reason: 'doctor --fix wraps runDoctor in secret preservation guard before project config repair',
|
|
37
|
+
expires: '3.2.0'
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
file: 'src/core/doctor/doctor-context7-repair.ts',
|
|
41
|
+
pattern: /backupConfig|writeTextAtomic|CONTEXT7_REMOTE_URL/,
|
|
42
|
+
reason: 'doctor Context7 repair writes a backup before replacing only the local stdio Context7 MCP block with the remote endpoint',
|
|
43
|
+
expires: '3.2.0'
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
file: 'src/core/doctor/doctor-codex-startup-repair.ts',
|
|
47
|
+
pattern: /backupConfig|writeTextAtomic|doctor-codex-startup-repair/,
|
|
48
|
+
reason: 'doctor startup repair writes backups before fixing stale Codex agent config_file paths and removing only missing-command MCP blocks',
|
|
49
|
+
expires: '3.2.0'
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
file: 'src/core/auto-review.ts',
|
|
53
|
+
pattern: /writeTextAtomic|writeProfileConfig|configPath/,
|
|
54
|
+
reason: 'auto-review profile migration rewrites bounded Codex profile tables while preserving non-profile config text',
|
|
55
|
+
expires: '3.2.0'
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
file: 'src/cli/context7-command.ts',
|
|
59
|
+
pattern: /writeTextAtomic|configPath/,
|
|
60
|
+
reason: 'explicit context7 setup appends non-secret MCP config and preserves existing secret lines',
|
|
61
|
+
expires: '3.2.0'
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
file: 'src/cli/xai-command.ts',
|
|
65
|
+
pattern: /writeTextAtomic|configPath/,
|
|
66
|
+
reason: 'explicit xAI setup appends MCP config and references env var names rather than raw secret values',
|
|
67
|
+
expires: '3.2.0'
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
file: 'src/cli/install-helpers.ts',
|
|
71
|
+
pattern: /writeTextAtomic|writeJsonAtomic|envPath|authPath|configPath|codexLbEnvPath|codexLbConfigPath|codexAuthPath/,
|
|
72
|
+
reason: 'postinstall/codex-lb setup callsites are covered by setup/update/doctor secret preservation guard fixtures',
|
|
73
|
+
expires: '3.2.0'
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
file: 'src/core/codex/codex-config-eperm-repair.ts',
|
|
77
|
+
pattern: /writeTextAtomic|configPath/,
|
|
78
|
+
reason: 'doctor config repair runs inside doctor-fix secret preservation guard',
|
|
79
|
+
expires: '3.2.0'
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
file: 'src/core/codex/agent-config-file-repair.ts',
|
|
83
|
+
pattern: /writeTextAtomic|configPath|missingAgentConfigFiles/,
|
|
84
|
+
reason: 'agent config_file repair rewrites only the project .codex/config.toml agent config_file paths and is covered by doctor/setup secret preservation fixtures',
|
|
85
|
+
expires: '3.2.0'
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
file: 'src/core/codex/codex-project-config-policy.ts',
|
|
89
|
+
pattern: /writeTextAtomic|configPath/,
|
|
90
|
+
reason: 'project config policy splitter preserves existing protected config content',
|
|
91
|
+
expires: '3.2.0'
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
file: 'src/core/codex-app/codex-app-fast-ui-repair.ts',
|
|
95
|
+
pattern: /writeTextAtomic|configPath/,
|
|
96
|
+
reason: 'Codex App fast UI repair is invoked from guarded doctor/setup flows',
|
|
97
|
+
expires: '3.2.0'
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
file: 'src/core/codex-control/codex-task-runner.ts',
|
|
101
|
+
pattern: /ensurePythonCodexLbConfig|CODEX_LB_API_KEY|config\.toml/,
|
|
102
|
+
reason: 'Python Codex task runner writes an isolated CODEX_HOME provider config referencing env_key only',
|
|
103
|
+
expires: '3.2.0'
|
|
104
|
+
},
|
|
105
|
+
{
|
|
106
|
+
file: 'src/core/codex-lb/codex-lb-setup.ts',
|
|
107
|
+
pattern: /installCodexLbShellProfileSnippet|upsertManagedBlock|envPath/,
|
|
108
|
+
reason: 'codex-lb shell profile setup writes a managed source block pointing at an env file, not the raw key',
|
|
109
|
+
expires: '3.2.0'
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
file: 'src/core/migration/migration-transaction-journal.ts',
|
|
113
|
+
pattern: /writeJsonAtomic|writeTextAtomic/,
|
|
114
|
+
reason: 'migration journal writes hashes and rollback metadata, not raw secret config values',
|
|
115
|
+
expires: '3.2.0'
|
|
116
|
+
}
|
|
117
|
+
];
|
|
118
|
+
const sources = listSourceFiles().map((file) => ({
|
|
119
|
+
file,
|
|
120
|
+
text: fs.readFileSync(path.join(root, file), 'utf8')
|
|
121
|
+
}));
|
|
122
|
+
const suspicious = findProtectedWriteCallsites(sources);
|
|
123
|
+
const uncovered = suspicious.filter((callsite) => !allowFor(callsite));
|
|
124
|
+
const negative = findProtectedWriteCallsites([{
|
|
125
|
+
file: 'fixture/unprotected-config-write.ts',
|
|
126
|
+
text: "await writeTextAtomic(path.join(root, '.codex', 'config.toml'), 'model = \"x\"\\n');\n"
|
|
127
|
+
}]);
|
|
128
|
+
const report = {
|
|
129
|
+
schema: 'sks.config-managed-merge-callsite-coverage.v1',
|
|
130
|
+
ok: uncovered.length === 0 && negative.length === 1 && !allowFor(negative[0]),
|
|
131
|
+
scanned_dirs: SCAN_DIRS,
|
|
132
|
+
protected_write_callsites: suspicious.length,
|
|
133
|
+
allowlist_entries: ALLOWLIST.map((entry) => ({
|
|
134
|
+
file: entry.file,
|
|
135
|
+
pattern: String(entry.pattern),
|
|
136
|
+
reason: entry.reason,
|
|
137
|
+
expires: entry.expires
|
|
138
|
+
})),
|
|
139
|
+
uncovered,
|
|
140
|
+
negative_fixture_detected: negative.length === 1,
|
|
141
|
+
generated_at: new Date().toISOString()
|
|
142
|
+
};
|
|
143
|
+
fs.mkdirSync(path.join(root, '.sneakoscope', 'reports'), { recursive: true });
|
|
144
|
+
fs.writeFileSync(path.join(root, '.sneakoscope', 'reports', 'config-managed-merge-callsite-coverage.json'), `${JSON.stringify(report, null, 2)}\n`);
|
|
145
|
+
assertGate(report.ok, 'managed config merge callsite coverage failed', report);
|
|
146
|
+
emitGate('config:managed-merge-callsite-coverage', {
|
|
147
|
+
protected_write_callsites: suspicious.length,
|
|
148
|
+
allowlist_entries: ALLOWLIST.length
|
|
149
|
+
});
|
|
150
|
+
export function findProtectedWriteCallsites(files) {
|
|
151
|
+
const calls = [];
|
|
152
|
+
for (const sourceFile of files) {
|
|
153
|
+
const lines = sourceFile.text.split(/\r?\n/);
|
|
154
|
+
for (let index = 0; index < lines.length; index += 1) {
|
|
155
|
+
const line = lines[index] || '';
|
|
156
|
+
if (!WRITE_CALL.test(line))
|
|
157
|
+
continue;
|
|
158
|
+
const window = lines.slice(Math.max(0, index - 3), Math.min(lines.length, index + 4)).join('\n');
|
|
159
|
+
const indicators = PROTECTED_INDICATORS.filter(([, pattern]) => pattern.test(window)).map(([name]) => name);
|
|
160
|
+
if (!indicators.length)
|
|
161
|
+
continue;
|
|
162
|
+
calls.push({
|
|
163
|
+
file: sourceFile.file,
|
|
164
|
+
line: index + 1,
|
|
165
|
+
source: line.trim(),
|
|
166
|
+
window,
|
|
167
|
+
indicators
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
return calls;
|
|
172
|
+
}
|
|
173
|
+
function allowFor(callsite) {
|
|
174
|
+
if (!callsite)
|
|
175
|
+
return null;
|
|
176
|
+
const text = `${callsite.source}\n${callsite.window}`;
|
|
177
|
+
return ALLOWLIST.find((entry) => entry.file === callsite.file && entry.pattern.test(text)) || null;
|
|
178
|
+
}
|
|
179
|
+
function listSourceFiles() {
|
|
180
|
+
const files = [];
|
|
181
|
+
for (const dir of SCAN_DIRS)
|
|
182
|
+
collectTsFiles(path.join(root, dir), files);
|
|
183
|
+
return files.sort();
|
|
184
|
+
}
|
|
185
|
+
function collectTsFiles(dir, out) {
|
|
186
|
+
const rows = fs.readdirSync(dir, { withFileTypes: true });
|
|
187
|
+
for (const row of rows) {
|
|
188
|
+
const abs = path.join(dir, row.name);
|
|
189
|
+
const rel = path.relative(root, abs);
|
|
190
|
+
if (row.isDirectory()) {
|
|
191
|
+
if (row.name === 'scripts' || row.name === 'node_modules' || row.name === 'dist')
|
|
192
|
+
continue;
|
|
193
|
+
collectTsFiles(abs, out);
|
|
194
|
+
continue;
|
|
195
|
+
}
|
|
196
|
+
if (row.isFile() && row.name.endsWith('.ts'))
|
|
197
|
+
out.push(rel);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
//# sourceMappingURL=config-managed-merge-callsite-coverage-check.js.map
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
// @ts-nocheck
|
|
3
|
+
import fs from 'node:fs/promises';
|
|
4
|
+
import os from 'node:os';
|
|
5
|
+
import path from 'node:path';
|
|
6
|
+
import { assertGate, emitGate, importDist } from './sks-1-18-gate-lib.js';
|
|
7
|
+
const mod = await importDist('core/pipeline-internals/runtime-core.js');
|
|
8
|
+
const root = await fs.mkdtemp(path.join(os.tmpdir(), 'sks-context7-evidence-'));
|
|
9
|
+
const missionId = 'M-context7-dedupe';
|
|
10
|
+
const missionDir = path.join(root, '.sneakoscope', 'missions', missionId);
|
|
11
|
+
await fs.mkdir(missionDir, { recursive: true });
|
|
12
|
+
const state = { mission_id: missionId };
|
|
13
|
+
const falsePositive = await mod.recordContext7Evidence(root, state, {
|
|
14
|
+
tool_name: 'update_plan',
|
|
15
|
+
tool_response: 'This ordinary planning output mentions Context7 resolve-library-id and query-docs.'
|
|
16
|
+
});
|
|
17
|
+
assertGate(falsePositive === null, 'ordinary tool output must not be recorded as Context7 evidence', falsePositive);
|
|
18
|
+
await mod.recordContext7Evidence(root, state, {
|
|
19
|
+
tool_name: 'resolve-library-id',
|
|
20
|
+
source: 'sks context7 evidence',
|
|
21
|
+
library: 'react',
|
|
22
|
+
library_id: '/react/react'
|
|
23
|
+
});
|
|
24
|
+
await mod.recordContext7Evidence(root, state, {
|
|
25
|
+
tool_name: 'resolve-library-id',
|
|
26
|
+
source: 'sks context7 evidence',
|
|
27
|
+
library: 'react',
|
|
28
|
+
library_id: '/react/react'
|
|
29
|
+
});
|
|
30
|
+
await mod.recordContext7Evidence(root, state, {
|
|
31
|
+
tool_name: 'query-docs',
|
|
32
|
+
source: 'sks context7 evidence',
|
|
33
|
+
library_id: '/react/react',
|
|
34
|
+
tool_input: { libraryId: '/react/react', query: 'hooks' }
|
|
35
|
+
});
|
|
36
|
+
await mod.recordContext7Evidence(root, state, {
|
|
37
|
+
tool_name: 'query-docs',
|
|
38
|
+
source: 'sks context7 evidence',
|
|
39
|
+
library_id: '/react/react',
|
|
40
|
+
tool_input: { libraryId: '/react/react', query: 'hooks' }
|
|
41
|
+
});
|
|
42
|
+
await mod.recordContext7Evidence(root, state, {
|
|
43
|
+
tool_name: 'query-docs',
|
|
44
|
+
source: 'sks context7 evidence',
|
|
45
|
+
library_id: '/react/react',
|
|
46
|
+
tool_input: { libraryId: '/react/react', query: 'server components' }
|
|
47
|
+
});
|
|
48
|
+
const evidenceFile = path.join(missionDir, 'context7-evidence.jsonl');
|
|
49
|
+
const lines = (await fs.readFile(evidenceFile, 'utf8')).split(/\n/).filter(Boolean);
|
|
50
|
+
const evidence = await mod.context7Evidence(root, state);
|
|
51
|
+
assertGate(lines.length === 3, 'duplicate Context7 evidence records must be collapsed without merging distinct queries', { lines });
|
|
52
|
+
assertGate(evidence.ok === true && evidence.resolve === true && evidence.docs === true && evidence.count === 3, 'deduped Context7 evidence must still satisfy docs gate', evidence);
|
|
53
|
+
emitGate('context7:evidence-dedupe', { records: lines.length, evidence });
|
|
54
|
+
//# sourceMappingURL=context7-evidence-dedupe-check.js.map
|