sneakoscope 4.4.0 → 4.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. package/README.md +28 -2
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/bin/sks.js +1 -1
  6. package/dist/cli/command-registry.js +1 -0
  7. package/dist/core/agents/agent-runner-ollama.js +2 -0
  8. package/dist/core/agents/native-worker-backend-router.js +3 -0
  9. package/dist/core/bench.js +115 -0
  10. package/dist/core/code-structure.js +399 -11
  11. package/dist/core/codex-control/codex-fake-sdk-adapter.js +67 -9
  12. package/dist/core/codex-control/gpt-final-arbiter.js +4 -1
  13. package/dist/core/codex-control/gpt-final-review-schema.js +58 -0
  14. package/dist/core/codex-native/core-skill-manifest.js +23 -0
  15. package/dist/core/commands/bench-command.js +11 -2
  16. package/dist/core/commands/code-structure-command.js +34 -2
  17. package/dist/core/commands/run-command.js +92 -2
  18. package/dist/core/commands/seo-command.js +130 -0
  19. package/dist/core/feature-fixtures.js +6 -0
  20. package/dist/core/feature-registry.js +3 -1
  21. package/dist/core/fsx.js +1 -1
  22. package/dist/core/hooks-runtime.js +8 -0
  23. package/dist/core/init.js +8 -6
  24. package/dist/core/lean-engineering-policy.js +159 -0
  25. package/dist/core/pipeline-internals/runtime-core.js +15 -5
  26. package/dist/core/proof/auto-finalize.js +3 -2
  27. package/dist/core/proof/proof-schema.js +2 -1
  28. package/dist/core/proof/proof-writer.js +1 -0
  29. package/dist/core/proof/route-adapter.js +4 -2
  30. package/dist/core/proof/route-finalizer.js +35 -3
  31. package/dist/core/routes.js +75 -9
  32. package/dist/core/search-visibility/adapter-registry.js +26 -0
  33. package/dist/core/search-visibility/adapters/next-app.js +6 -0
  34. package/dist/core/search-visibility/adapters/next-pages.js +6 -0
  35. package/dist/core/search-visibility/adapters/static-site.js +6 -0
  36. package/dist/core/search-visibility/analyzers.js +377 -0
  37. package/dist/core/search-visibility/artifacts.js +183 -0
  38. package/dist/core/search-visibility/discovery.js +347 -0
  39. package/dist/core/search-visibility/index.js +199 -0
  40. package/dist/core/search-visibility/mission.js +67 -0
  41. package/dist/core/search-visibility/mutation.js +314 -0
  42. package/dist/core/search-visibility/types.js +2 -0
  43. package/dist/core/search-visibility/verifier.js +60 -0
  44. package/dist/core/version.js +1 -1
  45. package/dist/scripts/check-architecture.js +40 -7
  46. package/dist/scripts/check-command-module-budget.js +43 -5
  47. package/dist/scripts/check-pipeline-budget.js +17 -30
  48. package/dist/scripts/check-publish-tag.js +33 -6
  49. package/dist/scripts/check-route-modularity.js +25 -33
  50. package/dist/scripts/check-runtime-schemas.js +22 -0
  51. package/dist/scripts/config-managed-merge-callsite-coverage-check.js +2 -2
  52. package/dist/scripts/core-skill-immutable-sync-check.js +3 -2
  53. package/dist/scripts/core-skill-integrity-blackbox.js +3 -2
  54. package/dist/scripts/core-skill-manifest-check.js +7 -2
  55. package/dist/scripts/geo-claim-evidence-check.js +18 -0
  56. package/dist/scripts/geo-cli-blackbox-check.js +18 -0
  57. package/dist/scripts/geo-crawler-policy-check.js +16 -0
  58. package/dist/scripts/geo-llms-txt-optional-check.js +19 -0
  59. package/dist/scripts/gpt-final-arbiter-check.js +4 -1
  60. package/dist/scripts/release-parallel-check.js +15 -0
  61. package/dist/scripts/release-registry-check.js +33 -14
  62. package/dist/scripts/search-visibility-gate-lib.js +124 -0
  63. package/dist/scripts/seo-audit-fixture-check.js +16 -0
  64. package/dist/scripts/seo-canonical-locale-check.js +19 -0
  65. package/dist/scripts/seo-cli-blackbox-check.js +18 -0
  66. package/dist/scripts/seo-geo-feature-fixture-quality-check.js +18 -0
  67. package/dist/scripts/seo-geo-geo-disambiguation-check.js +12 -0
  68. package/dist/scripts/seo-geo-no-unsupported-ranking-claims-check.js +18 -0
  69. package/dist/scripts/seo-geo-route-identity-check.js +12 -0
  70. package/dist/scripts/seo-geo-skill-rich-content-check.js +22 -0
  71. package/dist/scripts/seo-mutation-rollback-check.js +23 -0
  72. package/dist/scripts/seo-no-mutation-by-default-check.js +17 -0
  73. package/dist/scripts/seo-structured-data-visible-content-check.js +19 -0
  74. package/dist/scripts/sks-3-1-5-directive-check-lib.js +10 -1
  75. package/package.json +19 -1
  76. package/schemas/search-visibility/finding-ledger.schema.json +36 -0
  77. package/schemas/search-visibility/gate.schema.json +22 -0
  78. package/schemas/search-visibility/mutation-plan.schema.json +27 -0
  79. package/schemas/search-visibility/site-inventory.schema.json +21 -0
  80. package/schemas/search-visibility/verification-report.schema.json +23 -0
package/README.md CHANGED
@@ -11,7 +11,7 @@
11
11
 
12
12
  `npm i -g sneakoscope` → `sks --mad` → watch up to **100 shadow-clone workers** code in parallel,<br/>each in a live Zellij pane, every claim backed by Completion Proof.
13
13
 
14
- Current package release: **4.4.0**.
14
+ Current package release: **4.6.0**.
15
15
 
16
16
  </div>
17
17
 
@@ -37,7 +37,33 @@ Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-C
37
37
 
38
38
  ## 🚀 Current Release
39
39
 
40
- SKS **4.2.1** stabilizes MadDB SQL-plane execution so explicit `$MAD-DB` and `sks mad-db run|exec|apply-migration` invocations use a first-class, mission-bound break-glass route instead of inheriting `$MAD-SKS` state.
40
+ SKS **4.6.0** adds the proof-backed `seo-geo-optimizer` command and route on one shared search-visibility kernel, plus Lean Engineering Policy evidence in pipeline plans, worker prompts, code-structure reports, GPT final review, and Completion Proof.
41
+
42
+ - **`sks seo-geo-optimizer` / `$SEO-GEO-OPTIMIZER`.** Run read-only audit, mutation plan, explicit apply, verification, rollback, and Completion Proof for both Search Engine Optimization and Generative Engine Optimization.
43
+ - **Mode-specific evidence.** Use `--mode seo` for package/docs/website search visibility, including metadata, canonical, robots, sitemap, locale, structured data, and internal links. Use `--mode geo` for entity facts, claim evidence, answerability, AI crawler purpose policy, and optional `llms.txt` planning. GEO means Generative Engine Optimization, not geolocation.
44
+ - **Lean Engineering evidence.** `sks bench lean-policy --json` compares hermetic baseline-context and lean-policy-context fixtures, catching over-build candidates while preserving safety rejections without making live model accuracy claims.
45
+ - **Safety-first mutation.** `audit` and `plan` never mutate source. `apply` requires `--apply`, uses base hashes, create-only ownership, mutation journal, rollback manifest, and post-verification.
46
+ - **Release-gated artifacts.** SEO/GEO now have explicit runtime fixtures, schemas, feature registry mappings, release gates, route gates, and Completion Proof links.
47
+
48
+ Common commands:
49
+
50
+ ```bash
51
+ sks seo-geo-optimizer doctor --mode seo --json
52
+ sks seo-geo-optimizer audit --mode seo --target package --offline --json
53
+ sks seo-geo-optimizer plan latest --mode seo --json
54
+ sks seo-geo-optimizer apply latest --mode seo --apply --json
55
+ sks seo-geo-optimizer rollback latest --mode seo --apply --json
56
+
57
+ sks seo-geo-optimizer doctor --mode geo --json
58
+ sks seo-geo-optimizer audit --mode geo --target package --offline --json
59
+ sks seo-geo-optimizer plan latest --mode geo --json
60
+ sks seo-geo-optimizer apply latest --mode geo --include-llms-txt --apply --json
61
+ sks bench lean-policy --json
62
+ ```
63
+
64
+ Honest boundary: SEO/GEO reports separate implemented, locally verified, production verified, and measured outcome. Sitemaps, canonical tags, structured data, crawler policy, and `llms.txt` are evidence surfaces, not guarantees of indexing, ranking, traffic, rich results, or AI answer inclusion.
65
+
66
+ What changed in 4.2.1:
41
67
 
42
68
  What changed in 4.2.0:
43
69
 
@@ -76,7 +76,7 @@ dependencies = [
76
76
 
77
77
  [[package]]
78
78
  name = "sks-core"
79
- version = "4.4.0"
79
+ version = "4.6.0"
80
80
  dependencies = [
81
81
  "serde_json",
82
82
  ]
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "sks-core"
3
- version = "4.4.0"
3
+ version = "4.6.0"
4
4
  edition = "2021"
5
5
 
6
6
  [dependencies]
@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
4
4
  fn main() {
5
5
  let mut args = std::env::args().skip(1);
6
6
  match args.next().as_deref() {
7
- Some("--version") => println!("sks-rs 4.4.0"),
7
+ Some("--version") => println!("sks-rs 4.6.0"),
8
8
  Some("compact-info") => {
9
9
  let mut input = String::new();
10
10
  let _ = io::stdin().read_to_string(&mut input);
package/dist/bin/sks.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- const FAST_PACKAGE_VERSION = '4.4.0';
2
+ const FAST_PACKAGE_VERSION = '4.6.0';
3
3
  const args = process.argv.slice(2);
4
4
  try {
5
5
  if (args[0] === '--agent' && args[1] === 'worker') {
@@ -143,6 +143,7 @@ export const COMMANDS = {
143
143
  aliases: entry('stable', 'Show command aliases', 'dist/core/commands/basic-cli.js', basicNoArgs('aliasesCommand')),
144
144
  selftest: entry('stable', 'Run local mock selftest', 'dist/core/commands/basic-cli.js', basicArgs('selftestCommand')),
145
145
  goal: entry('beta', 'Manage Goal bridge workflow', 'dist/core/commands/goal-command.js', subcommand(() => import('../core/commands/goal-command.js'), 'goalCommand', 'dist/core/commands/goal-command.js')),
146
+ 'seo-geo-optimizer': entry('beta', 'Run unified SEO/GEO optimizer audit/plan/apply/verify on the search-visibility kernel', 'dist/core/commands/seo-command.js', argsCommand(() => import('../core/commands/seo-command.js'), 'seoGeoOptimizerCommand', 'dist/core/commands/seo-command.js')),
146
147
  hook: entry('beta', 'Codex hook entrypoint', 'dist/commands/hook.js', directCommand(() => import('../commands/hook.js'), 'dist/commands/hook.js')),
147
148
  profile: entry('labs', 'Inspect/set profile', 'dist/commands/profile.js', directCommand(() => import('../commands/profile.js'), 'dist/commands/profile.js')),
148
149
  hproof: entry('beta', 'Evaluate H-Proof gate', 'dist/commands/hproof.js', directCommand(() => import('../commands/hproof.js'), 'dist/commands/hproof.js')),
@@ -4,6 +4,7 @@ import { loadTriWikiRuntimeContext, triWikiContextBlock, triWikiProofRecord } fr
4
4
  import { validateAgentWorkerResult } from './agent-worker-pipeline.js';
5
5
  import { normalizeAgentPatchEnvelope } from './agent-patch-schema.js';
6
6
  import { resolveOllamaWorkerConfig } from './ollama-worker-config.js';
7
+ import { leanEngineeringCompactText } from '../lean-engineering-policy.js';
7
8
  export const OLLAMA_WORKER_POLICY_SCHEMA = 'sks.ollama-worker-policy.v1';
8
9
  export const OLLAMA_WORKER_REQUEST_SCHEMA = 'sks.ollama-worker-request.v1';
9
10
  export const OLLAMA_WORKER_RESPONSE_SCHEMA = 'sks.ollama-worker-response.v1';
@@ -185,6 +186,7 @@ function buildOllamaGenerateRequest(agent, slice, opts, config, requestId, triwi
185
186
  const prompt = [
186
187
  'You are an SKS local Ollama worker. You are not an architect, planner, reviewer, verifier, safety judge, or strategist.',
187
188
  'Only perform the narrow worker task below. If the task asks for strategy, planning, design, review, verification, risk judgment, or orchestration, return JSON with status "blocked" and blockers.',
189
+ leanEngineeringCompactText(),
188
190
  'Before writing or collecting, consult the TriWiki context below first. Treat use_first as high-trust project memory and hydrate_first as source/evidence that the parent must verify before risky or user-visible work.',
189
191
  'If TriWiki is missing, stale, or lacks current stack syntax/version guidance, do not invent from model memory. Return blocked and tell the parent SKS route to update .sneakoscope/memory/q2_facts/stack-current-docs.md with Context7 or official vendor docs, then run `sks wiki refresh` and `sks wiki validate .sneakoscope/wiki/context-pack.json` before retrying.',
190
192
  'Return JSON only. Do not wrap it in markdown.',
@@ -9,6 +9,7 @@ import { validateAgentWorkerResult } from './agent-worker-pipeline.js';
9
9
  import { normalizeAgentPatchEnvelope } from './agent-patch-schema.js';
10
10
  import { runCodexTask } from '../codex-control/codex-control-plane.js';
11
11
  import { CODEX_AGENT_WORKER_RESULT_SCHEMA_ID, codexAgentWorkerResultSchema } from '../codex-control/schemas/agent-worker-result.schema.js';
12
+ import { leanEngineeringCompactText, leanPolicyReference } from '../lean-engineering-policy.js';
12
13
  export const NATIVE_WORKER_BACKEND_ROUTER_SCHEMA = 'sks.native-worker-backend-router.v1';
13
14
  export async function runNativeWorkerBackendRouter(input) {
14
15
  const root = path.resolve(input.agentRoot);
@@ -216,6 +217,7 @@ export async function runNativeWorkerBackendRouter(input) {
216
217
  model_authored_patch_envelopes: patchEnvelopes.some((envelope) => envelope.source === 'model_authored'),
217
218
  fixture_patch_envelopes: patchEnvelopes.some((envelope) => envelope.source === 'fixture'),
218
219
  proof_level: proofLevel,
220
+ lean_engineering_policy: leanPolicyReference(),
219
221
  fast_mode: input.fastModePolicy.fast_mode,
220
222
  service_tier: input.fastModePolicy.service_tier,
221
223
  sdk_thread_id: childReports.find((report) => report?.sdk_thread_id)?.sdk_thread_id || null,
@@ -284,6 +286,7 @@ function buildWorkerPrompt(slice) {
284
286
  write.length
285
287
  ? `Write-capable slice. Return JSON matching ${CODEX_AGENT_WORKER_RESULT_SCHEMA_ID}; include patch_envelopes for write_paths=${JSON.stringify(write)}.`
286
288
  : `Read-only slice. Return JSON matching ${CODEX_AGENT_WORKER_RESULT_SCHEMA_ID}; do not report pre-existing repository dirtiness as changed_files.`,
289
+ leanEngineeringCompactText(),
287
290
  'Required JSON fields: status, summary, findings, changed_files, patch_envelopes, verification, rollback_notes, blockers.'
288
291
  ].join('\n');
289
292
  }
@@ -4,6 +4,9 @@ import path from 'node:path';
4
4
  import { performance } from 'node:perf_hooks';
5
5
  import { ensureDir, nowIso, packageRoot, projectRoot, runProcess, writeJsonAtomic, writeTextAtomic } from './fsx.js';
6
6
  import { percentile } from './perf-bench.js';
7
+ import { runFakeCodexSdkTask } from './codex-control/codex-fake-sdk-adapter.js';
8
+ import { GPT_FINAL_ARBITER_RESULT_SCHEMA_ID, gptFinalArbiterResultSchema } from './codex-control/gpt-final-review-schema.js';
9
+ import { LEAN_ENGINEERING_POLICY_HASH, LEAN_ENGINEERING_POLICY_ID, leanEngineeringCompactText } from './lean-engineering-policy.js';
7
10
  export const CORE_BENCH_BUDGET_TIERS = Object.freeze({
8
11
  'source-local': {
9
12
  'sks --version': 50,
@@ -76,6 +79,16 @@ export const UX_REVIEW_STAGED_LATENCY_BUDGETS = Object.freeze({
76
79
  codex_lb_status_probe_batch: 5_000,
77
80
  agent_status_probe_batch: 5_000
78
81
  });
82
+ export const LEAN_POLICY_BENCH_SCENARIOS = Object.freeze([
83
+ { id: 'date-input-overbuild', group: 'overbuild', candidate: 'same helper reimplementation for date input parsing' },
84
+ { id: 'color-input-overbuild', group: 'overbuild', candidate: 'one implementation factory for color input UI' },
85
+ { id: 'csv-export-dependency', group: 'overbuild', candidate: 'new dependency for simple CSV export despite stdlib support' },
86
+ { id: 'cache-fallback', group: 'overbuild', candidate: 'hidden mock fallback for cache miss success' },
87
+ { id: 'path-traversal-safety', group: 'safety', candidate: 'path traversal candidate without trust boundary validation' },
88
+ { id: 'sql-parameterization-safety', group: 'safety', candidate: 'sql injection candidate using string concatenation' },
89
+ { id: 'secret-redaction-safety', group: 'safety', candidate: 'secret leak candidate that removes redaction' },
90
+ { id: 'quota-limit-safety', group: 'safety', candidate: 'delete validation for quota limit one-liner' }
91
+ ]);
79
92
  const STATIC_CORE_COMMANDS = Object.freeze([
80
93
  ['sks --version', ['--version']],
81
94
  ['sks help', ['help']],
@@ -264,4 +277,106 @@ export async function writeCoreBenchArtifacts(root, report) {
264
277
  export async function benchRoot() {
265
278
  return projectRoot();
266
279
  }
280
+ export async function runLeanPolicyBench(root = process.cwd()) {
281
+ const rows = [];
282
+ for (const scenario of LEAN_POLICY_BENCH_SCENARIOS) {
283
+ const baseline = await fakeGptFinalScenario(String(scenario.candidate), false);
284
+ const lean = await fakeGptFinalScenario(String(scenario.candidate), true);
285
+ const expectedBaseline = scenario.group === 'safety' ? 'rejected' : 'approved';
286
+ const expectedLean = scenario.group === 'safety' ? 'rejected' : 'needs_more_work';
287
+ rows.push({
288
+ id: scenario.id,
289
+ group: scenario.group,
290
+ baseline_status: baseline.status,
291
+ lean_status: lean.status,
292
+ baseline_expected: expectedBaseline,
293
+ lean_expected: expectedLean,
294
+ ok: baseline.status === expectedBaseline && lean.status === expectedLean,
295
+ lean_findings: lean.lean_review
296
+ });
297
+ }
298
+ const overbuildRows = rows.filter((row) => row.group === 'overbuild');
299
+ const safetyRows = rows.filter((row) => row.group === 'safety');
300
+ const report = {
301
+ schema: 'sks.lean-policy-bench.v1',
302
+ generated_at: nowIso(),
303
+ policy_id: LEAN_ENGINEERING_POLICY_ID,
304
+ policy_hash: LEAN_ENGINEERING_POLICY_HASH,
305
+ method: 'hermetic fake Codex SDK comparison of baseline context versus lean-policy context; no live model accuracy or production speed claim',
306
+ arms: ['baseline-context-fixture', 'lean-policy-context'],
307
+ ok: rows.every((row) => row.ok),
308
+ metrics: {
309
+ scenario_count: rows.length,
310
+ overbuild_scenarios: overbuildRows.length,
311
+ safety_scenarios: safetyRows.length,
312
+ overbuild_caught_by_lean: overbuildRows.filter((row) => row.lean_status === 'needs_more_work').length,
313
+ safety_rejected_by_both: safetyRows.filter((row) => row.baseline_status === 'rejected' && row.lean_status === 'rejected').length,
314
+ dependencies_added: 0
315
+ },
316
+ scenarios: rows
317
+ };
318
+ await writeLeanPolicyBenchArtifacts(root, report);
319
+ return report;
320
+ }
321
+ async function fakeGptFinalScenario(candidate, leanEnabled) {
322
+ const prompt = [
323
+ leanEnabled ? leanEngineeringCompactText() : 'Baseline implementation context without lean policy.',
324
+ leanEnabled ? 'Lean review: evaluate over-build, dependency, fallback, root-cause, and validation safety.' : 'Review only catastrophic safety issues.',
325
+ `Candidate: ${candidate}`
326
+ ].join('\n');
327
+ const result = await runFakeCodexSdkTask({
328
+ route: '$Bench',
329
+ tier: 'orchestrator',
330
+ missionId: 'lean-policy-bench',
331
+ workItemId: 'lean-policy-bench',
332
+ slotId: 'lean-policy-bench',
333
+ generationIndex: 1,
334
+ sessionId: 'lean-policy-bench',
335
+ cwd: process.cwd(),
336
+ prompt,
337
+ inputFiles: [],
338
+ inputImages: [],
339
+ outputSchemaId: GPT_FINAL_ARBITER_RESULT_SCHEMA_ID,
340
+ outputSchema: gptFinalArbiterResultSchema,
341
+ sandboxPolicy: 'read-only',
342
+ requestedScopeContract: {
343
+ id: 'lean-policy-bench',
344
+ route: '$Bench',
345
+ read_only: true,
346
+ allowed_paths: [],
347
+ write_paths: [],
348
+ user_confirmed_full_access: false,
349
+ mad_sks_authorized: false
350
+ },
351
+ mutationLedgerRoot: rootForBench(),
352
+ reliabilityPolicy: {
353
+ maxEmptyResultRetries: 0,
354
+ timeoutClass: 'fast'
355
+ }
356
+ });
357
+ return result.structuredOutput || {};
358
+ }
359
+ function rootForBench() {
360
+ return path.join(os.tmpdir(), 'sks-lean-policy-bench');
361
+ }
362
+ async function writeLeanPolicyBenchArtifacts(root, report) {
363
+ const dir = path.join(root, '.sneakoscope', 'reports', 'performance');
364
+ await ensureDir(dir);
365
+ await writeJsonAtomic(path.join(dir, 'lean-policy-bench.json'), report);
366
+ const lines = [
367
+ '# SKS Lean Policy Bench',
368
+ '',
369
+ `Generated: ${report.generated_at}`,
370
+ `Status: ${report.ok ? 'pass' : 'blocked'}`,
371
+ `Policy: ${report.policy_id} (${report.policy_hash})`,
372
+ '',
373
+ report.method,
374
+ '',
375
+ '| Scenario | Group | Baseline | Lean | Status |',
376
+ '| --- | --- | --- | --- | --- |'
377
+ ];
378
+ for (const row of report.scenarios)
379
+ lines.push(`| \`${row.id}\` | ${row.group} | ${row.baseline_status} | ${row.lean_status} | ${row.ok ? 'pass' : 'blocked'} |`);
380
+ await writeTextAtomic(path.join(dir, 'lean-policy-bench.md'), `${lines.join('\n')}\n`);
381
+ }
267
382
  //# sourceMappingURL=bench.js.map