sneakoscope 4.6.1 → 4.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -166
- package/crates/sks-core/Cargo.lock +1 -1
- package/crates/sks-core/Cargo.toml +1 -1
- package/crates/sks-core/src/main.rs +1 -1
- package/dist/bin/sks.js +1 -1
- package/dist/cli/command-registry.js +2 -1
- package/dist/cli/{ultra-search-command.js → insane-search-command.js} +17 -13
- package/dist/cli/xai-command.js +6 -6
- package/dist/core/commands/run-command.js +9 -5
- package/dist/core/db-safety.js +2 -2
- package/dist/core/feature-fixtures.js +3 -0
- package/dist/core/fsx.js +1 -1
- package/dist/core/init.js +2 -1
- package/dist/core/mad-db/mad-db-policy-resolver.js +38 -1
- package/dist/core/mad-db/mad-db-policy.js +4 -3
- package/dist/core/release-parallel-full-coverage.js +1 -1
- package/dist/core/routes.js +15 -14
- package/dist/core/version.js +1 -1
- package/dist/scripts/mad-db-direct-apply-migration-hook-check.js +24 -1
- package/dist/scripts/mad-db-skill-policy-snapshot-check.js +4 -0
- package/dist/scripts/release-metadata-1-19-check.js +1 -1
- package/dist/scripts/release-parallel-check.js +2 -2
- package/dist/scripts/release-parallel-full-coverage-check.js +1 -1
- package/dist/scripts/release-readiness-report.js +1 -1
- package/dist/scripts/ultra-search-provider-interface-check.js +1 -1
- package/package.json +3 -2
package/README.md
CHANGED
|
@@ -2,22 +2,22 @@
|
|
|
2
2
|
|
|
3
3
|
# 🔭 Sneakoscope Codex
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
### Proof-first orchestration for OpenAI Codex — run massive parallel AI coding agents you can watch, audit, and trust.
|
|
6
6
|
|
|
7
7
|
[](https://www.npmjs.com/package/sneakoscope)
|
|
8
8
|
[](#requirements)
|
|
9
9
|
[](#license)
|
|
10
|
-
[](#mad-zellij-launch)
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
[](https://www.npmjs.com/package/sneakoscope)
|
|
13
13
|
|
|
14
|
-
|
|
14
|
+
`npm i -g sneakoscope` → `sks --mad` → watch up to **100 parallel workers** code at once,<br/>each in a live Zellij pane, every claim backed by **Completion Proof**.
|
|
15
15
|
|
|
16
16
|
</div>
|
|
17
17
|
|
|
18
18
|
---
|
|
19
19
|
|
|
20
|
-
Sneakoscope Codex (`sks`) is a Codex CLI
|
|
20
|
+
**Sneakoscope Codex** (`sks`) is a Codex CLI and Codex App harness that makes repeatable Codex work **auditable**. It focuses on one thing relentlessly: every Codex run becomes visual-evidence-bound, safety-gated, and reproducible through Completion Proof.
|
|
21
21
|
|
|
22
22
|
| | What you get |
|
|
23
23
|
| --- | --- |
|
|
@@ -27,173 +27,29 @@ Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex
|
|
|
27
27
|
| 🛡️ **Safety gates** | DB/migration/destructive operations stay gated, 190+ release gate scripts, Honest Mode |
|
|
28
28
|
| 🖼️ **Visual evidence** | Image Voxel TriWiki plus `$imagegen`/`gpt-image-2`-bound visual review flows |
|
|
29
29
|
|
|
30
|
-

|
|
31
|
-
|
|
32
30
|
## LLM Init Prompt for Codex Native Agent Builders
|
|
33
31
|
|
|
34
32
|
```text
|
|
35
33
|
Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-Codex](https://github.com/mandarange/Sneakoscope-Codex)] as the repo reference and [npm i -g sneakoscope] as the recommended global install command, then run the appropriate `sks` setup, doctor, Codex App, and proof checks for this repo. Keep generated SKS state out of source control unless documented, and record every version-facing change in CHANGELOG.md.
|
|
36
34
|
```
|
|
37
35
|
|
|
38
|
-
##
|
|
39
|
-
|
|
40
|
-
SKS **4.6.1** keeps the 4.6 search-visibility release surface and fixes the MadDB safety hook so direct Supabase MCP `apply_migration` calls use the active persisted MadDB capability when Codex hook payload state drifts.
|
|
41
|
-
|
|
42
|
-
- **`sks seo-geo-optimizer` / `$SEO-GEO-OPTIMIZER`.** Run read-only audit, mutation plan, explicit apply, verification, rollback, and Completion Proof for both Search Engine Optimization and Generative Engine Optimization.
|
|
43
|
-
- **Mode-specific evidence.** Use `--mode seo` for package/docs/website search visibility, including metadata, canonical, robots, sitemap, locale, structured data, and internal links. Use `--mode geo` for entity facts, claim evidence, answerability, AI crawler purpose policy, and optional `llms.txt` planning. GEO means Generative Engine Optimization, not geolocation.
|
|
44
|
-
- **Lean Engineering evidence.** `sks bench lean-policy --json` compares hermetic baseline-context and lean-policy-context fixtures, catching over-build candidates while preserving safety rejections without making live model accuracy claims.
|
|
45
|
-
- **Safety-first mutation.** `audit` and `plan` never mutate source. `apply` requires `--apply`, uses base hashes, create-only ownership, mutation journal, rollback manifest, and post-verification.
|
|
46
|
-
- **Release-gated artifacts.** SEO/GEO now have explicit runtime fixtures, schemas, feature registry mappings, release gates, route gates, and Completion Proof links.
|
|
36
|
+
## ✨ Highlights
|
|
47
37
|
|
|
48
|
-
|
|
38
|
+
- **Massive parallel swarm.** `$Naruto` fans work out to up to 100 clone workers behind a hardware-safe governor, with lease-based parallel writes and a scheduler that keeps idle slots full while runnable work remains.
|
|
39
|
+
- **Live Zellij cockpit.** Workers stack as native Zellij panes that stream heartbeat, current file, tool events, and stdout every second.
|
|
40
|
+
- **Completion Proof on every serious route.** Schema-backed proof artifacts replace "trust me, it's done," and Honest Mode separates implemented, locally verified, production verified, and measured outcomes.
|
|
41
|
+
- **Safety-first by default.** SQL/migrations, Supabase/RLS changes, destructive filesystem operations, and published release state stay gated unless you explicitly opt in.
|
|
42
|
+
- **Visual evidence.** Image Voxel TriWiki plus `$imagegen`/`gpt-image-2`-bound visual review flows.
|
|
43
|
+
- **Search visibility route (SEO + GEO).** `sks seo-geo-optimizer` / `$SEO-GEO-OPTIMIZER` runs read-only audit, mutation plan, explicit apply, verification, rollback, and Completion Proof for both Search Engine Optimization and Generative Engine Optimization (GEO is generative-engine, not geolocation).
|
|
49
44
|
|
|
50
|
-
```
|
|
51
|
-
sks seo-geo-optimizer doctor --mode seo --json
|
|
45
|
+
```sh
|
|
52
46
|
sks seo-geo-optimizer audit --mode seo --target package --offline --json
|
|
53
47
|
sks seo-geo-optimizer plan latest --mode seo --json
|
|
54
48
|
sks seo-geo-optimizer apply latest --mode seo --apply --json
|
|
55
|
-
sks seo-geo-optimizer rollback latest --mode seo --apply --json
|
|
56
|
-
|
|
57
|
-
sks seo-geo-optimizer doctor --mode geo --json
|
|
58
49
|
sks seo-geo-optimizer audit --mode geo --target package --offline --json
|
|
59
|
-
sks seo-geo-optimizer plan latest --mode geo --json
|
|
60
|
-
sks seo-geo-optimizer apply latest --mode geo --include-llms-txt --apply --json
|
|
61
|
-
sks bench lean-policy --json
|
|
62
50
|
```
|
|
63
51
|
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
What changed in 4.2.1:
|
|
67
|
-
|
|
68
|
-
What changed in 4.2.0:
|
|
69
|
-
|
|
70
|
-
- **First-class MadDB route.** `$MAD-DB` no longer aliases `$MAD-SKS`; it creates one authoritative mission, capability, runtime profile, inventory check, execution, read-back, and closeout cycle.
|
|
71
|
-
- **Capability v2 binding.** MadDB capabilities bind project root, project ref hash, mission/cycle/session identity, runtime profile hash, TTL, operator intent, and SQL-plane operation classes.
|
|
72
|
-
- **Ephemeral Supabase write profile.** Persistent Supabase MCP config stays read-only; write-capable MCP settings exist only inside the active MadDB mission and are removed in `finally`.
|
|
73
|
-
- **Exact lifecycle correlation.** Hook/result handling is keyed by canonical `tool_call_id`, uses idempotent operation state, and avoids unsafe tool-name result matching under parallel calls.
|
|
74
|
-
- **Policy/docs/test SSOT.** MadDB route metadata, generated skill guidance, DB safety wording, Doctor guidance, release gates, docs, scanner coverage, and local regression tests share the typed MadDB policy surface.
|
|
75
|
-
- **Release metadata truth.** Package, CLI version constants, Rust crate metadata, README, changelog, and release checks all point at 4.2.0.
|
|
76
|
-
|
|
77
|
-
What changed in 4.1.1:
|
|
78
|
-
|
|
79
|
-
What changed in 4.1.0:
|
|
80
|
-
|
|
81
|
-
SKS **4.1.0** turns the Codex `rust-v0.142.0` compatibility surface into the authoritative Doctor/update readiness path. Doctor now consumes structured Codex Doctor semantics, separates pre-repair observation from post-repair truth, repairs managed native assets from plain `sks doctor --fix`, and gates update completion on a current project migration receipt.
|
|
82
|
-
|
|
83
|
-
- **Semantic Doctor readiness.** Warning-only Codex Doctor output stays ready, blocking checks block readiness, and unknown non-zero/unparseable Doctor output fails closed.
|
|
84
|
-
- **Post-repair authority.** `sks doctor --fix` records pre-repair Codex Doctor output but bases readiness on the final post-repair Doctor run.
|
|
85
|
-
- **Managed native assets.** Skills, agent roles, hooks, and Context7 transport share the 4.1.0 managed manifest; stale directive markers no longer appear in generated role content.
|
|
86
|
-
- **Codex 0.142 wiring.** The native feature broker exposes multi-agent mode, rollout budget strategy, indexed web search, current time, app-server overload, MCP reconnect, plugin refresh, thread search, remote native environment, and terminal subagent error handling as current capabilities.
|
|
87
|
-
- **Update lifecycle receipts.** `sks update now` runs old-version Doctor preflight, installs through the guarded npm path, re-resolves the new package-local binary, runs new-version global Doctor, and writes a project migration receipt before reporting `updated`.
|
|
88
|
-
- **Local evidence hygiene.** Machine-local `.sneakoscope` runtime evidence is ignored and guarded so release commits do not carry host paths, secrets, or transient proof logs.
|
|
89
|
-
|
|
90
|
-
What changed in 4.0.15:
|
|
91
|
-
|
|
92
|
-
- **Codex 0.142 release manifest.** `rust-v0.142.0`, `codex-cli 0.142.0`, SDK `0.142.0`, generated app-server schema hash, required probes, and supported platforms are captured as a single manifest.
|
|
93
|
-
- **Runtime identity proof.** Codex compatibility now resolves the project/env/PATH binary through one resolver and records realpath, version, SHA-256, package root, platform, and arch.
|
|
94
|
-
- **Safer SDK execution policy.** SDK tasks no longer inherit `process.env` wholesale and no longer hard-code `approvalPolicy: never`, `skipGitRepoCheck: true`, or network access from sandbox mode.
|
|
95
|
-
- **0.142 app-server evidence.** Generated app-server TypeScript and JSON Schema snapshots are stored under versioned paths; app-server-v2 wraps `thread/list`, `thread/read`, list search, and `currentTime/read` handling, while capability gates reject `assumed_by_version` evidence.
|
|
96
|
-
- **Transactional thread registry guard.** Codex thread registration now uses an atomic lock and append-only journal, with a 100-write gate covering concurrent updates and corruption preservation.
|
|
97
|
-
- **Package contract repair.** The npm tarball includes `dist/scripts` verification targets so public package scripts do not point at files excluded from the package.
|
|
98
|
-
|
|
99
|
-
What changed in 4.0.14:
|
|
100
|
-
|
|
101
|
-
- **Real stage parallelism evidence.** GLM Naruto records bounded parallel stage timelines, overlap ratios, parallelism summaries, critical-path metrics, and speed diagnosis artifacts.
|
|
102
|
-
- **Parallel gate/verifier/worktree stages.** Candidate gate, worktree materialization, and verifier checks no longer have to run candidate-by-candidate when multiple candidates are available.
|
|
103
|
-
- **Requirement coverage seal.** GLM Naruto writes a requirement ledger and candidate coverage artifacts, and the final seal blocks when required requirements remain uncovered.
|
|
104
|
-
- **MAD route isolation.** `sks --mad` without `--glm` remains the GPT/Codex/MAD route and does not resolve OpenRouter or run GLM-specific benchmark/Naruto code.
|
|
105
|
-
- **Benchmark proof honesty.** GLM benchmark proof now reports request-summary availability separately from case-level model lock checks and fixes the no-mutation proof boolean.
|
|
106
|
-
|
|
107
|
-
What changed in 4.0.13:
|
|
108
|
-
|
|
109
|
-
- **Extracted worktree patches.** `--worktree` parses `<sks_patch_candidate>` and records candidate/extracted patch hashes before any worker worktree apply.
|
|
110
|
-
- **Adaptive scheduler.** Patch workers use a finite launch queue with provider-health backpressure and retry-once handling for retryable 429/5xx/idle-timeout failures.
|
|
111
|
-
- **True direct-vs-Naruto bench.** `--bench --live --no-apply` compares direct GLM, Naruto 1, 4, 8, and 12 worker cases without fake zero metrics.
|
|
112
|
-
- **Transaction guards.** Final apply blocks dirty touched paths unless `--allow-dirty-apply` is explicit, runs targeted checks, and rolls back on validation failure by default.
|
|
113
|
-
- **Seal artifacts.** GLM Naruto writes `final-seal.json`, stop-gate final-seal evidence, `merge-rationale.md`, and `bench-report.md` for auditability.
|
|
114
|
-
|
|
115
|
-
What changed in 4.0.8:
|
|
116
|
-
|
|
117
|
-
- **`--open` alias for interactive GLM launch.** `sks --mad --glm --open` now opens the GLM interactive Zellij runtime, equivalent to `sks --mad --glm --interactive`.
|
|
118
|
-
|
|
119
|
-
What changed in 4.0.6:
|
|
120
|
-
|
|
121
|
-
- **No default long-lived GLM launch.** Bare `sks --mad --glm` no longer falls through to MAD/Zellij; `--interactive`, `--open`, `--zellij`, or `session` is required for that path.
|
|
122
|
-
- **Fast GLM speed profile.** Speed mode keeps OpenRouter locked to `z-ai/glm-5.2`, disables GPT/model fallback, avoids high/xhigh reasoning by default, and uses `provider.require_parameters: false` with throughput-first routing.
|
|
123
|
-
- **Bounded direct task runs.** `sks --mad --glm run "task"` and `sks --mad --glm "task"` use a one-shot GLM speed run with max-turn, wall-clock, request-timeout, no-progress, repeated-output, and terminal-state guards.
|
|
124
|
-
- **Deterministic mutation gate.** GLM still returns patch envelopes; SKS parses the unified diff, blocks protected paths, runs `git apply --check`, and applies only after the gate passes.
|
|
125
|
-
- **OpenRouter speed plumbing.** Encoded request bodies are cached without Authorization headers, request timeout/abort is wired, streaming TTFT/usage capture is scaffolded, and synthetic `--bench` remains network-free by default.
|
|
126
|
-
- **Loop regression tests.** Routing, speed-profile, cache, loop-guard, patch-gate, and OpenRouter key handling are covered by targeted tests.
|
|
127
|
-
|
|
128
|
-
SKS **3.1.16** was a launch-reliability patch on the 3.1.15 doctor-reliability release. It made `sks --mad` self-bootstrap a fresh project instead of dead-ending on a missing Codex config.
|
|
129
|
-
|
|
130
|
-
What changed in 3.1.16:
|
|
131
|
-
|
|
132
|
-
- **`sks --mad` bootstraps a fresh project.** When the only preflight blocker is a missing managed Codex config (`.codex/config.toml` absent), `sks --mad` now regenerates it — the `sks doctor --fix` equivalent — and re-runs the preflight, instead of blocking and making you run a separate command. An existing but unreadable/EPERM/parse-broken config still blocks and routes you to `sks doctor --fix`.
|
|
133
|
-
- **Missing-config diagnostics are honest.** A missing config no longer cascades into misleading `macos_acl_ls_le_failed` / `macos_flags_ls_lO_failed` / `spawned_child_read_failed` blockers from running file checks on a nonexistent path; the preflight reports only `missing_config` / `missing_codex_dir`.
|
|
134
|
-
|
|
135
|
-
SKS **3.1.15** was a doctor-reliability patch on the 3.1.14 production-hardening release. It ended the endless `sks doctor --fix` loop that kept reporting `codex_cli_config_toml_parse_error` / `cli_ready: no` on the very run that already repaired the config.
|
|
136
|
-
|
|
137
|
-
What changed in 3.1.15:
|
|
138
|
-
|
|
139
|
-
- **`sks doctor --fix` no longer loops on a config it already fixed.** The Codex config-load probe is re-run *after* the Context7/Supabase/startup MCP repairs land, so the readiness verdict reflects the repaired config instead of the stale pre-repair snapshot.
|
|
140
|
-
- **Context7 is seeded on the remote transport.** Managed setup writes `[mcp_servers.context7]` with the streamable-HTTP `url` instead of a local stdio `command`, so the project config never merges with a remote `url` in the global Codex config into the `url is not supported for stdio` error Codex 0.140 rejects.
|
|
141
|
-
- **The config-load operator action is accurate.** A `codex_cli_config_toml_parse_error` now points at both misplaced machine-local keys *and* the Context7/MCP stdio-vs-`url` transport conflict, instead of only suggesting a key hoist that does nothing for a transport conflict.
|
|
142
|
-
|
|
143
|
-
The 3.1.14 production-hardening surface for Codex 0.140 evidence, transactional `sks doctor --fix` repair, MCP readiness, native capability proof, and protected-secret rollback remains intact.
|
|
144
|
-
|
|
145
|
-
What changed in 3.1.14:
|
|
146
|
-
|
|
147
|
-
- **Codex 0.140 readiness carries evidence.** Capability reports now expose per-feature state and certainty, real usage parsing, goal attachment roundtrip proof, and usage-budget provenance for loop/Naruto runtime decisions.
|
|
148
|
-
- **Doctor repair is phase-based.** `sks doctor --fix` records phase durations, postchecks, optional manual readiness, and rollback evidence instead of collapsing repair work into a summary writer.
|
|
149
|
-
- **Startup and MCP repair are safer.** Managed agent TOML blocks are repaired without touching unrelated config, missing role files are regenerated from real managed templates, Context7 disabled servers stay disabled, and Supabase write scope is separated from read-only readiness.
|
|
150
|
-
- **Secret rollback is line-level when possible.** Protected key changes are restored without discarding unrelated operator edits, nested guard operations are recorded, and backup artifacts remain ignored.
|
|
151
|
-
- **Native capability proof is stricter.** Computer Use and Chrome/web review no longer become verified from environment variables outside explicit fixture/test modes.
|
|
152
|
-
- **Release metadata is aligned for 3.1.14.** Package, lockfile, CLI version constants, Rust helper metadata, README, changelog, docs, built output, and release stamp all point at the same release.
|
|
153
|
-
|
|
154
|
-
SKS 3.0.0 was the parallel-runtime stabilization release. The whole live-swarm experience — what you actually *see* while 5, 20, or 100 workers run — was rebuilt and proven end-to-end.
|
|
155
|
-
|
|
156
|
-
What changed in 3.0.0:
|
|
157
|
-
|
|
158
|
-
- **Slot panes are finally alive.** The watch renderer froze for entire missions because the telemetry snapshot cache never invalidated; snapshot reads are now mtime-aware, multi-process flushes merge instead of clobbering each other, and the disk `updated_at` stays authoritative for stale detection.
|
|
159
|
-
- **One SLOTS column, vertical stack.** Concurrent workers used to race anchor creation and split the screen into N side-by-side columns. Anchor + worker pane creation is serialized per session, and workers join a native Zellij stacked-pane group (`new-pane --stacked`, opt out with `SKS_ZELLIJ_WORKER_STACKED=0`).
|
|
160
|
-
- **Live renderer is the default worker pane.** `full-debug` showed nothing until worker exit (workers run with `--json`); the default `compact-slots` renderer streams heartbeat, current file, tool events, and stdout tails every second.
|
|
161
|
-
- **Zellij stays current like Codex does.** `sks --mad` / `sks naruto run` offer a `[Y/n]` upgrade to the latest stable Zellij (GitHub releases lookup, 6h cache), plus an explicit `sks zellij update [--yes]` subcommand and `SKS_SKIP_ZELLIJ_UPDATE` escape.
|
|
162
|
-
- **Faster, honest dispatch.** Scheduler batch telemetry writes run concurrently per batch instead of serializing two file writes per worker; naruto backpressure throttling (50%/25% under host pressure) is reported in the run header instead of staying silent.
|
|
163
|
-
- **Wired, not decorative.** The naruto finalizer gate and the agent message bus now run in production paths; dead swarm code (`naruto-work-stealing`, `zellij-right-column-layout-proof`) was removed.
|
|
164
|
-
|
|
165
|
-
Quick checks:
|
|
166
|
-
|
|
167
|
-
```bash
|
|
168
|
-
npm run typecheck
|
|
169
|
-
npm run build
|
|
170
|
-
npm run codex:0138-capability
|
|
171
|
-
npm run codex-sdk:version-compat
|
|
172
|
-
npm run codex-app:handoff
|
|
173
|
-
npm run codex-plugin:inventory
|
|
174
|
-
npm run qa-loop:app-handoff
|
|
175
|
-
npm run image:artifact-path-contract
|
|
176
|
-
npm run codex:effort-order
|
|
177
|
-
npm run codex:account-usage
|
|
178
|
-
npm run codex:0138-doctor
|
|
179
|
-
npm run doctor:codex-0138-fix
|
|
180
|
-
npm run codex-control:capability
|
|
181
|
-
npm run codex-control:structured-output
|
|
182
|
-
npm run codex-control:event-stream-ledger
|
|
183
|
-
npm run codex-control:thread-registry
|
|
184
|
-
npm run codex-control:empty-result-retry
|
|
185
|
-
npm run codex-control:stream-idle-watchdog
|
|
186
|
-
npm run ultra-router:auto-router
|
|
187
|
-
npm run codex-sdk:zellij-pane-binding
|
|
188
|
-
npm run codex-app:fast-ui-preservation
|
|
189
|
-
npm run provider:badge-context
|
|
190
|
-
npm run zellij:worker-pane-manager
|
|
191
|
-
npm run runtime:no-mjs-scripts
|
|
192
|
-
npm run runtime:ts-python-boundary
|
|
193
|
-
npm run codex-control:all-pipelines
|
|
194
|
-
```
|
|
195
|
-
|
|
196
|
-
Change-aware release checks live behind `npm run release:check`; publish-authorizing full DAG checks use `npm run release:check:full`. Detailed release history is in [CHANGELOG.md](CHANGELOG.md), and release readiness is tracked in [docs/release-readiness.md](docs/release-readiness.md).
|
|
52
|
+
> 📋 **Current release: `v4.6.2`** — full release history lives in [CHANGELOG.md](CHANGELOG.md). This README documents how Sneakoscope works today, not its version-by-version changes. Release readiness is tracked in [docs/release-readiness.md](docs/release-readiness.md).
|
|
197
53
|
|
|
198
54
|
## 🍥 Parallelism, UX, And Integrations
|
|
199
55
|
|
|
@@ -210,12 +66,12 @@ Change-aware release checks live behind `npm run release:check`; publish-authori
|
|
|
210
66
|
|
|
211
67
|
- **Image generation under codex-lb.** `gpt-image-2` routes through the same Codex `/responses` backend the load balancer already proxies, so `$imagegen` works when you are authenticated only through codex-lb (no direct `OPENAI_API_KEY`). The official Codex App `$imagegen` surface stays primary; the codex-lb/OpenAI API path is the fallback. Opt out with `SKS_IMAGEGEN_ALLOW_CODEX_LB_API_FALLBACK=0`.
|
|
212
68
|
|
|
213
|
-
- **
|
|
69
|
+
- **InsaneSearch source intelligence.** Run provider-independent source acquisition without requiring xAI/Grok credentials:
|
|
214
70
|
|
|
215
71
|
```bash
|
|
216
|
-
sks
|
|
217
|
-
sks
|
|
218
|
-
sks
|
|
72
|
+
sks insane-search doctor
|
|
73
|
+
sks insane-search run "current package release notes" --mode balanced
|
|
74
|
+
sks insane-search x "site:x.com product launch"
|
|
219
75
|
```
|
|
220
76
|
|
|
221
77
|
- **CLI-only SKS update notices.** Codex App hooks no longer stop normal work to ask for an SKS update. CLI launch surfaces such as `sks --mad` print a non-blocking latest-version notice, `sks update-check` / `sks update check` show the explicit status, and `sks doctor --fix` runs the guarded global SKS update path before repair.
|
|
@@ -301,7 +157,7 @@ The cleanup contract is policy-backed in `.sneakoscope/policy.json`, but the def
|
|
|
301
157
|
- Codex App Hooks/PAT: [docs/hooks-pat.md](docs/hooks-pat.md)
|
|
302
158
|
- codex-lb: [docs/codex-lb.md](docs/codex-lb.md)
|
|
303
159
|
- Source Intelligence Layer: [docs/source-intelligence-layer.md](docs/source-intelligence-layer.md)
|
|
304
|
-
-
|
|
160
|
+
- InsaneSearch / Context7 / Codex Web policy: [docs/ultra-search-source-intelligence-policy.md](docs/ultra-search-source-intelligence-policy.md)
|
|
305
161
|
- Main no-Scout / worker Scout policy: [docs/main-no-scout-worker-scout-policy.md](docs/main-no-scout-worker-scout-policy.md)
|
|
306
162
|
- Real Codex dynamic smoke: [docs/real-codex-dynamic-smoke.md](docs/real-codex-dynamic-smoke.md)
|
|
307
163
|
- Appshots pipeline: [docs/appshots-pipeline.md](docs/appshots-pipeline.md)
|
|
@@ -739,7 +595,7 @@ sks codex-native invocation-plan --route Loop --capability agent-role --json
|
|
|
739
595
|
sks codex-native init-deep --apply --directory-local --json
|
|
740
596
|
```
|
|
741
597
|
|
|
742
|
-
The broker records Codex-native feature availability, invocation defaults, neutral pattern evidence, and managed memory setup
|
|
598
|
+
The broker records Codex-native feature availability, invocation defaults, neutral pattern evidence, and managed memory setup to drive routing decisions.
|
|
743
599
|
|
|
744
600
|
## 💬 Prompt `$` Commands
|
|
745
601
|
|
|
@@ -856,14 +712,14 @@ sks codex-app check
|
|
|
856
712
|
|
|
857
713
|
If Codex App UI panels or auth-dependent controls still look wrong after codex-lb setup, repair, or upgrade, restart the app first. If the UI still does not recover, sign out of Codex App, sign back in, then run `sks codex-app check` or `sks codex-lb repair` as needed.
|
|
858
714
|
|
|
859
|
-
### Setup is blocked by another
|
|
715
|
+
### Setup is blocked by another tool
|
|
860
716
|
|
|
861
717
|
```sh
|
|
862
718
|
sks conflicts check
|
|
863
719
|
sks conflicts prompt
|
|
864
720
|
```
|
|
865
721
|
|
|
866
|
-
|
|
722
|
+
If another agent tool's managed config conflicts with setup, SKS blocks setup/doctor until you approve the cleanup.
|
|
867
723
|
|
|
868
724
|
### The route is stuck or a final hook keeps reopening
|
|
869
725
|
|
|
@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
|
|
|
4
4
|
fn main() {
|
|
5
5
|
let mut args = std::env::args().skip(1);
|
|
6
6
|
match args.next().as_deref() {
|
|
7
|
-
Some("--version") => println!("sks-rs 4.6.
|
|
7
|
+
Some("--version") => println!("sks-rs 4.6.2"),
|
|
8
8
|
Some("compact-info") => {
|
|
9
9
|
let mut input = String::new();
|
|
10
10
|
let _ = io::stdin().read_to_string(&mut input);
|
package/dist/bin/sks.js
CHANGED
|
@@ -132,7 +132,8 @@ export const COMMANDS = {
|
|
|
132
132
|
'image-ux-review': entry('labs', 'Inspect image UX artifacts', 'dist/core/commands/image-ux-review-command.js', commandArgsCommand(() => import('../core/commands/image-ux-review-command.js'), 'imageUxReviewCommand', 'dist/core/commands/image-ux-review-command.js')),
|
|
133
133
|
'computer-use': entry('beta', 'Record native Mac/non-web Computer Use visual evidence', 'dist/core/commands/computer-use-command.js', commandArgsCommand(() => import('../core/commands/computer-use-command.js'), 'computerUseCommand', 'dist/core/commands/computer-use-command.js')),
|
|
134
134
|
context7: entry('beta', 'Context7 checks and docs', 'dist/cli/context7-command.js', subcommand(() => import('./context7-command.js'), 'context7Command', 'dist/cli/context7-command.js', 'check')),
|
|
135
|
-
'
|
|
135
|
+
'insane-search': entry('beta', 'Run provider-independent InsaneSearch source intelligence', 'dist/cli/insane-search-command.js', subcommand(() => import('./insane-search-command.js'), 'insaneSearchCommand', 'dist/cli/insane-search-command.js', 'doctor')),
|
|
136
|
+
'ultra-search': entry('beta', 'Compatibility alias for InsaneSearch source intelligence', 'dist/cli/insane-search-command.js', subcommand(() => import('./insane-search-command.js'), 'ultraSearchCommand', 'dist/cli/insane-search-command.js', 'doctor')),
|
|
136
137
|
xai: entry('beta', 'Deprecated compatibility notice for removed xAI/Grok setup', 'dist/cli/xai-command.js', subcommand(() => import('./xai-command.js'), 'xaiCommand', 'dist/cli/xai-command.js', 'check')),
|
|
137
138
|
recallpulse: entry('labs', 'RecallPulse evidence route', 'dist/commands/recallpulse.js', directCommand(() => import('../commands/recallpulse.js'), 'dist/commands/recallpulse.js')),
|
|
138
139
|
pipeline: entry('beta', 'Inspect pipeline missions', 'dist/commands/pipeline.js', directCommand(() => import('../commands/pipeline.js'), 'dist/commands/pipeline.js')),
|
|
@@ -2,7 +2,7 @@ import fs from 'node:fs/promises';
|
|
|
2
2
|
import os from 'node:os';
|
|
3
3
|
import path from 'node:path';
|
|
4
4
|
import { runUltraSearch } from '../core/ultra-search/index.js';
|
|
5
|
-
export async function
|
|
5
|
+
export async function insaneSearchCommand(sub = 'help', args = []) {
|
|
6
6
|
const action = sub || 'help';
|
|
7
7
|
if (action === 'run')
|
|
8
8
|
return runCommand(args);
|
|
@@ -22,12 +22,13 @@ export async function ultraSearchCommand(sub = 'help', args = []) {
|
|
|
22
22
|
return migrateXaiCommand(args);
|
|
23
23
|
return helpCommand();
|
|
24
24
|
}
|
|
25
|
+
export const ultraSearchCommand = insaneSearchCommand;
|
|
25
26
|
async function runCommand(args) {
|
|
26
27
|
const json = args.includes('--json');
|
|
27
28
|
const mode = readOption(args, '--mode');
|
|
28
29
|
const query = positional(args).join(' ').trim();
|
|
29
30
|
if (!query)
|
|
30
|
-
throw new Error('Usage: sks
|
|
31
|
+
throw new Error('Usage: sks insane-search run "<query>" [--mode fast|balanced|deep|exhaustive|x_search|url_acquisition] [--json]');
|
|
31
32
|
const missionDir = await mkMissionDir();
|
|
32
33
|
const result = await runUltraSearch({
|
|
33
34
|
missionDir,
|
|
@@ -37,7 +38,7 @@ async function runCommand(args) {
|
|
|
37
38
|
if (json)
|
|
38
39
|
console.log(JSON.stringify(result, null, 2));
|
|
39
40
|
else {
|
|
40
|
-
console.log(`
|
|
41
|
+
console.log(`InsaneSearch ${result.ok ? 'completed' : 'partial/blocked'}: ${result.mode}`);
|
|
41
42
|
console.log(`Mission: ${missionDir}`);
|
|
42
43
|
console.log(`Sources: ${result.sources.length}, verified: ${result.proof.verified_source_count}`);
|
|
43
44
|
if (result.blockers.length)
|
|
@@ -64,7 +65,7 @@ async function doctorCommand(args) {
|
|
|
64
65
|
if (json)
|
|
65
66
|
console.log(JSON.stringify(report, null, 2));
|
|
66
67
|
else
|
|
67
|
-
console.log('
|
|
68
|
+
console.log('InsaneSearch doctor: core ready; xAI/Grok is not required.');
|
|
68
69
|
return report;
|
|
69
70
|
}
|
|
70
71
|
async function inspectCommand(action, args) {
|
|
@@ -112,14 +113,17 @@ async function migrateXaiCommand(args) {
|
|
|
112
113
|
function helpCommand() {
|
|
113
114
|
console.log([
|
|
114
115
|
'Usage:',
|
|
115
|
-
' sks
|
|
116
|
-
' sks
|
|
117
|
-
' sks
|
|
118
|
-
' sks
|
|
119
|
-
' sks
|
|
120
|
-
' sks
|
|
121
|
-
' sks
|
|
122
|
-
' sks
|
|
116
|
+
' sks insane-search doctor [--json]',
|
|
117
|
+
' sks insane-search run "<query>" [--mode fast|balanced|deep|exhaustive]',
|
|
118
|
+
' sks insane-search x "<query>"',
|
|
119
|
+
' sks insane-search fetch "<url>"',
|
|
120
|
+
' sks insane-search status|inspect|sources|claims <mission|latest>',
|
|
121
|
+
' sks insane-search cache status|prune|clear',
|
|
122
|
+
' sks insane-search bench [--suite all|x|web|docs|blocked]',
|
|
123
|
+
' sks insane-search migrate-xai [--apply]',
|
|
124
|
+
'',
|
|
125
|
+
'Compatibility:',
|
|
126
|
+
' sks ultra-search ...'
|
|
123
127
|
].join('\n'));
|
|
124
128
|
return { ok: true, status: 'help' };
|
|
125
129
|
}
|
|
@@ -160,4 +164,4 @@ async function latestMissionDir() {
|
|
|
160
164
|
function asyncDirLikelyUltra(dir) {
|
|
161
165
|
return Boolean(dir);
|
|
162
166
|
}
|
|
163
|
-
//# sourceMappingURL=
|
|
167
|
+
//# sourceMappingURL=insane-search-command.js.map
|
package/dist/cli/xai-command.js
CHANGED
|
@@ -9,9 +9,9 @@ export async function xaiCommand(sub = 'check', args = []) {
|
|
|
9
9
|
setup_performed: false,
|
|
10
10
|
xai_required: false,
|
|
11
11
|
replacement: {
|
|
12
|
-
doctor: 'sks
|
|
13
|
-
x_search: 'sks
|
|
14
|
-
migration: 'sks
|
|
12
|
+
doctor: 'sks insane-search doctor',
|
|
13
|
+
x_search: 'sks insane-search x "<query>"',
|
|
14
|
+
migration: 'sks insane-search migrate-xai [--apply]'
|
|
15
15
|
},
|
|
16
16
|
blockers: action === 'setup' ? ['xai_setup_removed_use_ultra_search'] : [],
|
|
17
17
|
warnings: ['sks_xai_is_deprecated_and_does_not_configure_mcp_or_require_XAI_API_KEY']
|
|
@@ -19,9 +19,9 @@ export async function xaiCommand(sub = 'check', args = []) {
|
|
|
19
19
|
if (json)
|
|
20
20
|
console.log(JSON.stringify(result, null, 2));
|
|
21
21
|
else {
|
|
22
|
-
console.log('`sks xai` is deprecated.
|
|
23
|
-
console.log('Use: sks
|
|
24
|
-
console.log('Use: sks
|
|
22
|
+
console.log('`sks xai` is deprecated. InsaneSearch no longer requires xAI/Grok or XAI_API_KEY.');
|
|
23
|
+
console.log('Use: sks insane-search doctor');
|
|
24
|
+
console.log('Use: sks insane-search x "<query>"');
|
|
25
25
|
if (action === 'setup') {
|
|
26
26
|
console.log('No MCP setup was performed.');
|
|
27
27
|
process.exitCode = 1;
|
|
@@ -346,7 +346,7 @@ function runNextAction(route, id, args) {
|
|
|
346
346
|
function safeRouteExecutionArgs(route, prompt, { auto = false } = {}) {
|
|
347
347
|
if (route.command === '$DB')
|
|
348
348
|
return ['db', 'check', '--sql', 'SELECT 1', '--json'];
|
|
349
|
-
if (route.command === '$
|
|
349
|
+
if (route.command === '$Insane-Search')
|
|
350
350
|
return ultraSearchExecutionArgs(prompt);
|
|
351
351
|
if (route.command === '$SEO-GEO-OPTIMIZER')
|
|
352
352
|
return ['seo-geo-optimizer', searchVisibilityActionFromPrompt(prompt), '--mode', searchVisibilityModeFromPrompt(prompt), '--target', searchVisibilityTargetFromPrompt(prompt), '--offline', '--json'];
|
|
@@ -366,22 +366,26 @@ function ultraSearchExecutionArgs(prompt = '') {
|
|
|
366
366
|
const stripped = stripUltraSearchPrompt(prompt);
|
|
367
367
|
const lower = stripped.toLowerCase();
|
|
368
368
|
if (!stripped || /^(?:doctor|check|status)\b/.test(lower))
|
|
369
|
-
return ['
|
|
369
|
+
return ['insane-search', 'doctor', '--json'];
|
|
370
370
|
if (/^(?:x|x-search|x_search)\b/.test(lower)) {
|
|
371
371
|
const query = stripped.replace(/^(?:x|x-search|x_search)\b[:\s-]*/i, '').trim() || 'source intelligence fixture';
|
|
372
|
-
return ['
|
|
372
|
+
return ['insane-search', 'x', query, '--json'];
|
|
373
373
|
}
|
|
374
374
|
const url = stripped.match(/\bhttps?:\/\/\S+/)?.[0];
|
|
375
375
|
if (/^(?:fetch|url)\b/.test(lower) || url)
|
|
376
|
-
return ['
|
|
376
|
+
return ['insane-search', 'fetch', url || stripped.replace(/^(?:fetch|url)\b[:\s-]*/i, '').trim() || 'https://example.com', '--json'];
|
|
377
377
|
const query = stripped.replace(/^run\b[:\s-]*/i, '').trim() || 'source intelligence fixture';
|
|
378
|
-
return ['
|
|
378
|
+
return ['insane-search', 'run', query, '--mode', 'balanced', '--json'];
|
|
379
379
|
}
|
|
380
380
|
function stripUltraSearchPrompt(prompt = '') {
|
|
381
381
|
return String(prompt || '')
|
|
382
382
|
.trim()
|
|
383
|
+
.replace(/^\[\$Insane-Search\]\([^)]+\)(?:\s|:)?\s*/i, '')
|
|
384
|
+
.replace(/^\[\$InsaneSearch\]\([^)]+\)(?:\s|:)?\s*/i, '')
|
|
383
385
|
.replace(/^\[\$Ultra-Search\]\([^)]+\)(?:\s|:)?\s*/i, '')
|
|
384
386
|
.replace(/^\[\$UltraSearch\]\([^)]+\)(?:\s|:)?\s*/i, '')
|
|
387
|
+
.replace(/^\$Insane-Search(?:\s|:)?\s*/i, '')
|
|
388
|
+
.replace(/^\$InsaneSearch(?:\s|:)?\s*/i, '')
|
|
385
389
|
.replace(/^\$Ultra-Search(?:\s|:)?\s*/i, '')
|
|
386
390
|
.replace(/^\$UltraSearch(?:\s|:)?\s*/i, '')
|
|
387
391
|
.trim();
|
package/dist/core/db-safety.js
CHANGED
|
@@ -10,8 +10,8 @@ import { madDbOperationClassesFromClassification } from './mad-db/mad-db-policy.
|
|
|
10
10
|
export const DEFAULT_DB_SAFETY_POLICY = Object.freeze({
|
|
11
11
|
schema_version: 1,
|
|
12
12
|
mode: 'read_only_default',
|
|
13
|
-
destructive_operations: '
|
|
14
|
-
production_writes: '
|
|
13
|
+
destructive_operations: 'deny_without_active_mad_db_capability',
|
|
14
|
+
production_writes: 'deny_without_active_mad_db_capability',
|
|
15
15
|
mcp_live_writes: 'deny_by_default',
|
|
16
16
|
require_project_scoped_mcp: true,
|
|
17
17
|
require_read_only_mcp_for_real_data: true,
|
|
@@ -76,6 +76,7 @@ const FIXTURES = Object.freeze({
|
|
|
76
76
|
'cli-commit': fixture('mock', 'sks commit --dry-run', [], 'pass'),
|
|
77
77
|
'cli-commit-and-push': fixture('mock', 'sks commit-and-push --dry-run', [], 'pass'),
|
|
78
78
|
'cli-context7': fixture('real_optional', 'sks context7 check --json', [], 'pass'),
|
|
79
|
+
'cli-insane-search': fixture('execute', 'sks insane-search doctor --json', [], 'pass'),
|
|
79
80
|
'cli-ultra-search': fixture('execute', 'sks ultra-search doctor --json', [], 'pass'),
|
|
80
81
|
'cli-xai': fixture('real_optional', 'sks xai check --json', [], 'pass'),
|
|
81
82
|
'cli-all-features': fixture('mock', 'sks all-features complete --json', [`.sneakoscope/reports/all-feature-completion-${PACKAGE_VERSION}.json`], 'pass'),
|
|
@@ -107,6 +108,8 @@ const FIXTURES = Object.freeze({
|
|
|
107
108
|
'route-dfix': fixture('execute_and_validate_artifacts', 'sks dfix fixture --json', ['completion-proof.json', 'dfix-gate.json', 'dfix-verification.json'], 'pass'),
|
|
108
109
|
'route-answer': fixture('mock', '$Answer answer-only route policy', [], 'pass'),
|
|
109
110
|
'route-goal': fixture('mock', '$Goal bridge route', ['goal-workflow.json', 'completion-proof.json'], 'pass'),
|
|
111
|
+
'route-insane-search': fixture('execute', 'sks run "$Insane-Search source intelligence fixture" --execute --json', [], 'pass'),
|
|
112
|
+
'route-insanesearch': fixture('execute', 'sks run "$InsaneSearch source intelligence fixture" --execute --json', [], 'pass'),
|
|
110
113
|
'route-ultra-search': fixture('execute', 'sks run "$Ultra-Search source intelligence fixture" --execute --json', [], 'pass'),
|
|
111
114
|
'route-ultrasearch': fixture('execute', 'sks run "$UltraSearch source intelligence fixture" --execute --json', [], 'pass'),
|
|
112
115
|
'route-seo-geo-optimizer': fixture('execute_and_validate_artifacts', 'sks seo-geo-optimizer fixture --mode geo --json', ['search-visibility/site-inventory.json', 'search-visibility/geo-findings.json', 'search-visibility/verification-report.json', 'geo-gate.json', 'completion-proof.json'], 'pass'),
|
package/dist/core/fsx.js
CHANGED
|
@@ -5,7 +5,7 @@ import os from 'node:os';
|
|
|
5
5
|
import crypto from 'node:crypto';
|
|
6
6
|
import { spawn } from 'node:child_process';
|
|
7
7
|
import { fileURLToPath } from 'node:url';
|
|
8
|
-
export const PACKAGE_VERSION = '4.6.
|
|
8
|
+
export const PACKAGE_VERSION = '4.6.2';
|
|
9
9
|
export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
|
|
10
10
|
export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
|
|
11
11
|
export function nowIso() {
|
package/dist/core/init.js
CHANGED
|
@@ -1068,7 +1068,8 @@ export async function installSkills(root) {
|
|
|
1068
1068
|
'reasoning-router': `---\nname: reasoning-router\ndescription: Temporary SKS reasoning-effort routing for every command and pipeline route.\n---\n\nmedium: simple copy/color/discovery/setup/mechanical edits. high: logic, safety, architecture, DB, orchestration, refactor, multi-file work. xhigh: research, AutoResearch, falsification, benchmarks, SEO/GEO, open-ended discovery, and From-Chat-IMG image work-order analysis. Routing is temporary; return to default after the gate. Inspect with sks reasoning and sks pipeline status.\n`,
|
|
1069
1069
|
'pipeline-runner': `---\nname: pipeline-runner\ndescription: Execute SKS dollar-command routes as stateful pipelines with mission artifacts, route gates, Context7 evidence, temporary reasoning routing, reflection, and Honest Mode.\n---\n\nEvery $ command is a route. Use current.json, mission artifacts, and pipeline-plan.json as the execution plan: it records the lane, skipped stages, kept stages, verification, lean_decision, and no-unrequested-fallback invariant. Use temporary reasoning, TriWiki before stages, source hydration, Context7 when required, Team cleanup before reflection, reflection for full routes, and completion summary plus Honest Mode before final. Surface guard/scopes, record evidence, refresh/pack/validate TriWiki, and check sks pipeline status/resume/plan. ${leanEngineeringCompactText()} ${speedLanePolicyText()} ${skillDreamPolicyText()}\n`,
|
|
1070
1070
|
'context7-docs': `---\nname: context7-docs\ndescription: Enforce Context7 MCP documentation evidence for SKS routes that depend on external libraries, frameworks, APIs, MCPs, package managers, DB SDKs, or generated docs.\n---\n\nWhen required, resolve-library-id, then query-docs for the resolved id. Legacy get-library-docs evidence is accepted. Prefer sks context7 tools/resolve/docs/evidence and finish only after both evidence stages exist. Check setup with sks context7 check.\n`,
|
|
1071
|
-
'
|
|
1071
|
+
'insane-search': `---\nname: insane-search\ndescription: Dollar-command route for $Insane-Search/$InsaneSearch provider-independent source intelligence.\n---\n\nUse when the user invokes $Insane-Search, $InsaneSearch, legacy $Ultra-Search/$UltraSearch, or asks for InsaneSearch source intelligence, source acquisition, X-search-style collection, URL acquisition, source normalization, claim ledgers, or citation proof. Prefer \`sks insane-search doctor --json\` for readiness and \`sks insane-search run "<query>" --mode balanced --json\` for provider-independent source proof; use \`sks insane-search x "<query>" --json\` for X-search intent and \`sks insane-search fetch "<url>" --json\` for URL acquisition. Context7 is required only when the query depends on current package/API/framework/MCP/generated documentation behavior. xAI/Grok credentials are optional and must not be required for route readiness. Evidence/artifacts remain under \`.sneakoscope/missions/<ultra-* or route mission>/ultra-search/\`: intent.json, axes.json, query-variants.json, provider-plan.json, source-ledger.json, lead-ledger.json, claim-ledger.json, synthesis.md, ultra-search-proof.json, ultra-search-gate.json, and ultra-search-result.json. Do not turn weak discovery into supported claims; finish with an Honest Mode summary of verified sources, blockers, and unverified external coverage.\n`,
|
|
1072
|
+
'ultra-search': `---\nname: ultra-search\ndescription: Compatibility alias for $Insane-Search/$InsaneSearch provider-independent source intelligence.\n---\n\nUse when the user invokes legacy $Ultra-Search/$UltraSearch or asks for InsaneSearch source intelligence, source acquisition, X-search-style collection, URL acquisition, source normalization, claim ledgers, or citation proof. Prefer \`sks ultra-search doctor --json\` for readiness and \`sks ultra-search run "<query>" --mode balanced --json\` for provider-independent source proof; use \`sks ultra-search x "<query>" --json\` for X-search intent and \`sks ultra-search fetch "<url>" --json\` for URL acquisition. Context7 is required only when the query depends on current package/API/framework/MCP/generated documentation behavior. xAI/Grok credentials are optional and must not be required for route readiness. Evidence/artifacts live under \`.sneakoscope/missions/<ultra-* or route mission>/ultra-search/\`: intent.json, axes.json, query-variants.json, provider-plan.json, source-ledger.json, lead-ledger.json, claim-ledger.json, synthesis.md, ultra-search-proof.json, ultra-search-gate.json, and ultra-search-result.json. Do not turn weak discovery into supported claims; finish with an Honest Mode summary of verified sources, blockers, and unverified external coverage.\n`,
|
|
1072
1073
|
'search-visibility-core': `---\nname: search-visibility-core\ndescription: Shared kernel for seo-geo-optimizer audit, plan, explicit apply, rollback, verification, gates, and Completion Proof.\n---\n\nPurpose: keep Search Engine Optimization and Generative Engine Optimization on one typed search-visibility kernel instead of duplicate implementations. Use when $SEO-GEO-OPTIMIZER or \`sks seo-geo-optimizer\` is selected. Workflow: doctor detects package/static/Next evidence; audit writes source-backed inventory and findings; plan compiles safe mutation operations; apply requires explicit \`--apply\`; verify separates source, build, HTTP, browser, production, and measured outcome; rollback only reverses mission-owned operations. Safety: default read-only, never overwrite unmanaged robots.txt, sitemap, llms.txt, metadata, or structured data; do not hard-code customer routes; do not invent prices, reviews, availability, rankings, traffic, or AI citation outcomes. Evidence/artifacts: search-visibility/intake.json, adapter-detection.json, site-inventory.json, route-graph.json, robots-policy.json, structured-data-ledger.json, mutation-plan.json, mutation-journal.jsonl, rollback-manifest.json, verification-report.json, route gate, and completion-proof.json. Failure/recovery: unsupported frameworks stay audit/plan-only; missing production/browser/Search Console evidence remains unverified, not fabricated. CLI entrypoint: \`sks seo-geo-optimizer ... --mode seo|geo\`.\n`,
|
|
1073
1074
|
'seo-geo-optimizer': `---\nname: seo-geo-optimizer\ndescription: Unified $SEO-GEO-OPTIMIZER route for Search Engine Optimization and Generative Engine Optimization.\n---\n\nPurpose: use one route name for SEO and GEO work while keeping the internal search-visibility mode explicit. Use when: the user asks for SEO audit/fix/verification, package/npm/GitHub search visibility, canonical, sitemap, robots.txt, hreflang, metadata, structured data, AI answer visibility, LLM citation readiness, answerability, entity/claim provenance, crawler policy, OAI-SearchBot/GPTBot/ChatGPT-User, Claude-SearchBot/ClaudeBot/Claude-User, or optional llms.txt planning. GEO means Generative Engine Optimization, not geolocation, GeoIP, maps, CDN geography, location permission, or regional redirect bugs. Workflow: run \`sks seo-geo-optimizer doctor --mode seo|geo\`, then audit, plan, explicit apply, verify, status, and rollback. Use \`--mode seo\` for technical/package search optimization and \`--mode geo\` for entity facts, claim evidence, answerability, crawler policy, and optional llms.txt. Safety: audit and plan must not mutate source; apply checks base hashes, ownership, scope, protected paths, rollback manifest, and post-verify. AI crawler policy must split search, training, user-directed retrieval, and ads/other; never use one allow_ai toggle and never auto-allow training crawlers. Evidence/artifacts: site-inventory.json, route-graph.json, seo-findings.json or geo-findings.json, entity-facts.json, claim-evidence-ledger.json, answerability-report.json, ai-crawler-policy.json, llms-txt-plan.json, mutation-plan.json, verification-report.json, seo-gate.json or geo-gate.json, completion-proof.json. Failure/recovery: unsupported frameworks stay plan-only; browser/production/Search Console/analytics outcomes are marked unverified when not actually run. Forbidden claims: no ranking, indexing, traffic lift, rich-result, answer inclusion, or AI citation guarantee; no keyword stuffing, doorway pages, fake reviews, fake prices, fake availability, fake shipping, fake awards, hidden AI-only text, or scaled spam. CLI entrypoint: \`sks seo-geo-optimizer doctor|audit|plan|apply|verify|status|rollback|fixture --mode seo|geo\`.\n`,
|
|
1074
1075
|
'reflection': `---\nname: reflection\ndescription: Post-route self-review for full SKS routes that records real misses, gaps, and corrective lessons into TriWiki memory.\n---\n\nUse after full route work/tests and before final. DFix, Answer, Help, Wiki, SKS discovery are exempt. Do not invent faults. Write reflection.md; append real lessons to ${REFLECTION_MEMORY_PATH}; refresh/pack, validate context-pack.json, pass reflection-gate.json.\n\n${reflectionInstructionText()}\n`,
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { isMadDbCapabilityActive, readMadDbCapability } from './mad-db-capability.js';
|
|
2
2
|
import { activeMadDbAllowsSqlPlane, isMadDbControlPlaneDeniedTool, madDbOperationClassesFromClassification } from './mad-db-policy.js';
|
|
3
3
|
import { readJson, sha256 } from '../fsx.js';
|
|
4
|
-
import { stateFile } from '../mission.js';
|
|
4
|
+
import { missionsDir, stateFile } from '../mission.js';
|
|
5
5
|
export const MAD_DB_POLICY_DECISION_SCHEMA = 'sks.mad-db-policy-decision.v2';
|
|
6
6
|
export async function resolveMadDbMutationPolicy(root, state = {}, classification = {}, explicitCapability) {
|
|
7
7
|
const primary = await resolveMadDbMutationPolicyForState(root, state, classification, explicitCapability);
|
|
@@ -18,8 +18,45 @@ export async function resolveMadDbMutationPolicy(root, state = {}, classificatio
|
|
|
18
18
|
};
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
|
+
const latestCapability = await findLatestActiveMadDbCapability(root);
|
|
22
|
+
if (latestCapability) {
|
|
23
|
+
const fallback = await resolveMadDbMutationPolicyForState(root, {
|
|
24
|
+
mad_db_active: true,
|
|
25
|
+
mad_db_capability_mission_id: latestCapability.mission_id
|
|
26
|
+
}, classification, latestCapability);
|
|
27
|
+
if (fallback.allowed === true) {
|
|
28
|
+
return {
|
|
29
|
+
...fallback,
|
|
30
|
+
state_source: 'latest_active_mad_db_capability',
|
|
31
|
+
reasons: [...fallback.reasons, 'mad_db_latest_active_capability_used']
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
}
|
|
21
35
|
return primary;
|
|
22
36
|
}
|
|
37
|
+
async function findLatestActiveMadDbCapability(root) {
|
|
38
|
+
const fs = await import('node:fs/promises');
|
|
39
|
+
const entries = await fs.readdir(missionsDir(root), { withFileTypes: true }).catch(() => []);
|
|
40
|
+
const candidates = [];
|
|
41
|
+
for (const entry of entries) {
|
|
42
|
+
if (!entry.isDirectory() || !entry.name.startsWith('M-'))
|
|
43
|
+
continue;
|
|
44
|
+
const capability = await readMadDbCapability(root, entry.name).catch(() => null);
|
|
45
|
+
if (!capability || !isMadDbCapabilityActive(capability))
|
|
46
|
+
continue;
|
|
47
|
+
const issuedMs = Date.parse(capability.issued_at || '');
|
|
48
|
+
const expiresMs = Date.parse(capability.expires_at || '');
|
|
49
|
+
candidates.push({
|
|
50
|
+
capability,
|
|
51
|
+
issuedMs: Number.isFinite(issuedMs) ? issuedMs : 0,
|
|
52
|
+
expiresMs: Number.isFinite(expiresMs) ? expiresMs : 0
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
candidates.sort((a, b) => ((a.issuedMs - b.issuedMs)
|
|
56
|
+
|| (a.expiresMs - b.expiresMs)
|
|
57
|
+
|| a.capability.mission_id.localeCompare(b.capability.mission_id)));
|
|
58
|
+
return candidates.at(-1)?.capability || null;
|
|
59
|
+
}
|
|
23
60
|
async function resolveMadDbMutationPolicyForState(root, state = {}, classification = {}, explicitCapability) {
|
|
24
61
|
const missionId = explicitCapability?.mission_id || state?.mad_db_capability_mission_id || state?.mission_id;
|
|
25
62
|
if (!missionId)
|
|
@@ -168,7 +168,7 @@ Use only when the operator explicitly invokes $MAD-DB/$mad-db or ${commandPrefix
|
|
|
168
168
|
|
|
169
169
|
Keep normal Supabase MCP configuration read-only. MadDB must create a mission-local ephemeral write-capable Supabase MCP profile bound to capability v2, project_ref, root, mission, thread/session, intent, runtime profile hash, TTL, and SQL-plane operation classes. Verify execute_sql and apply_migration availability before claiming readiness. Require actual tool results plus independent read-back verification before claiming success. Close/revoke the capability and runtime profile in finally and prove read-only restoration.
|
|
170
170
|
|
|
171
|
-
Still deny Supabase account/project/billing/credential control-plane actions, credential exfiltration, unrelated
|
|
171
|
+
Still deny Supabase account/project/billing/credential control-plane actions, credential exfiltration, unrelated non-database admin changes, and unrequested fallback implementation. Do not add prompt-only SQL deny lists inside active MadDB; capability binding, SQL-plane scope, operation ledgering, and read-back verification are the approval boundary. Pair with db-safety-guard, Context7 evidence for MCP/API docs, route-local reflection, and Honest Mode.`;
|
|
172
172
|
}
|
|
173
173
|
export function dbSafetyGuardSkillText() {
|
|
174
174
|
return `---
|
|
@@ -177,10 +177,11 @@ description: Enforce Sneakoscope Codex database safety before using SQL, Supabas
|
|
|
177
177
|
---
|
|
178
178
|
|
|
179
179
|
Rules:
|
|
180
|
-
- Default mode is read-only
|
|
180
|
+
- Default non-MadDB mode is read-only and routes writes/destructive SQL to the DB safety gate.
|
|
181
181
|
- Supabase MCP must be read-only and project-scoped by default.
|
|
182
182
|
- Live execute_sql writes are blocked unless a bound active MadDB capability v2 is present.
|
|
183
|
-
- Active MadDB is the explicit exception: SQL-plane mutations requested by $MAD-DB or sks mad-db run|exec|apply-migration are allowed and must be executed with read-back verification.
|
|
183
|
+
- Active MadDB is the explicit exception: SQL-plane mutations requested by $MAD-DB or sks mad-db run|exec|apply-migration are allowed, including DROP, DELETE, TRUNCATE, RLS/policy changes, and execute_sql/apply_migration, and must be executed with read-back verification.
|
|
184
|
+
- Default read-only restrictions do not apply to SQL-plane work while the active MadDB capability v2 is bound.
|
|
184
185
|
- Supabase project/account/billing/credential control-plane actions remain denied even in MadDB.
|
|
185
186
|
- If no active bound MadDB cycle exists, fall back to read-only only.`;
|
|
186
187
|
}
|
|
@@ -17,7 +17,7 @@ export const RELEASE_1_17_GATE_SNAPSHOT = Object.freeze([
|
|
|
17
17
|
'release:readiness'
|
|
18
18
|
]);
|
|
19
19
|
export const RELEASE_1_18_REQUIRED_GATES = Object.freeze([
|
|
20
|
-
'
|
|
20
|
+
'insane-search:provider-interface',
|
|
21
21
|
'source-intelligence:policy',
|
|
22
22
|
'source-intelligence:all-modes',
|
|
23
23
|
'codex-web:adapter',
|
package/dist/core/routes.js
CHANGED
|
@@ -32,7 +32,7 @@ export const FROM_CHAT_IMG_CHECKLIST_ARTIFACT = 'from-chat-img-checklist.md';
|
|
|
32
32
|
export const FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT = 'from-chat-img-temp-triwiki.json';
|
|
33
33
|
export const FROM_CHAT_IMG_QA_LOOP_ARTIFACT = 'from-chat-img-qa-loop.json';
|
|
34
34
|
export const FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS = 5;
|
|
35
|
-
export const USAGE_TOPICS = 'install|setup|bootstrap|root|deps|zellij|tmux|auto-review|team|qa-loop|ppt|image-ux-review|computer-use|goal|fast-mode|research|seo-geo-optimizer|db|git|codex|codex-app|codex-native|hooks|features|all-features|dfix|commit|commit-and-push|design|imagegen|dollar|context7|ultra-search|xai|pipeline|reasoning|guard|conflicts|versioning|eval|harness|hproof|gx|wiki|wrongness|code-structure|proof-field|skill-dream|rust';
|
|
35
|
+
export const USAGE_TOPICS = 'install|setup|bootstrap|root|deps|zellij|tmux|auto-review|team|qa-loop|ppt|image-ux-review|computer-use|goal|fast-mode|research|seo-geo-optimizer|db|git|codex|codex-app|codex-native|hooks|features|all-features|dfix|commit|commit-and-push|design|imagegen|dollar|context7|insane-search|ultra-search|xai|pipeline|reasoning|guard|conflicts|versioning|eval|harness|hproof|gx|wiki|wrongness|code-structure|proof-field|skill-dream|rust';
|
|
36
36
|
export const CODEX_COMPUTER_USE_EVIDENCE_SOURCE = 'codex_computer_use';
|
|
37
37
|
export const CODEX_IN_APP_BROWSER_EVIDENCE_SOURCE = 'codex_in_app_browser';
|
|
38
38
|
export const CODEX_CHROME_EXTENSION_EVIDENCE_SOURCE = 'codex_chrome_extension';
|
|
@@ -541,19 +541,19 @@ export const ROUTES = [
|
|
|
541
541
|
examples: ['$Research investigate this idea']
|
|
542
542
|
},
|
|
543
543
|
{
|
|
544
|
-
id: '
|
|
545
|
-
command: '$
|
|
544
|
+
id: 'InsaneSearch',
|
|
545
|
+
command: '$Insane-Search',
|
|
546
546
|
mode: 'ULTRA_SEARCH',
|
|
547
547
|
route: 'provider-independent source intelligence',
|
|
548
|
-
description: 'Run
|
|
549
|
-
requiredSkills: ['
|
|
550
|
-
dollarAliases: ['$UltraSearch'],
|
|
548
|
+
description: 'Run InsaneSearch source acquisition, source normalization, claim/proof ledgers, and provider-independent citation evidence without requiring xAI/Grok.',
|
|
549
|
+
requiredSkills: ['insane-search', 'pipeline-runner', 'context7-docs', 'honest-mode'],
|
|
550
|
+
dollarAliases: ['$InsaneSearch', '$Ultra-Search', '$UltraSearch'],
|
|
551
551
|
lifecycle: ['source_intent', 'query_variants', 'provider_plan', 'source_ledgers', 'claim_ledgers', 'ultra_search_gate', 'honest_mode'],
|
|
552
552
|
context7Policy: 'if_external_docs',
|
|
553
553
|
reasoningPolicy: 'high',
|
|
554
554
|
stopGate: 'ultra-search/ultra-search-gate.json',
|
|
555
|
-
cliEntrypoint: 'sks
|
|
556
|
-
examples: ['$
|
|
555
|
+
cliEntrypoint: 'sks insane-search doctor|run|x|fetch|status|inspect|sources|claims|cache|bench|migrate-xai',
|
|
556
|
+
examples: ['$Insane-Search run "current package release notes"', '$InsaneSearch x "site:x.com product launch"']
|
|
557
557
|
},
|
|
558
558
|
{
|
|
559
559
|
id: 'SEOGEOOptimizer',
|
|
@@ -721,8 +721,9 @@ export const COMMAND_CATALOG = [
|
|
|
721
721
|
{ name: 'image-ux-review', usage: 'sks ux-review run --image <path> --fix --json | sks image-ux-review status <mission-id|latest> [--json]', description: 'Run or inspect $Image-UX-Review gpt-image-2/imagegen annotated UI/UX review artifacts, issue ledgers, safe fix loops, recapture, and proof gates.' },
|
|
722
722
|
{ name: 'computer-use', usage: 'sks computer-use import|status|smoke|require ... [--json]', description: 'Record native Mac/non-web Computer Use visual evidence while keeping web verification on the Chrome Extension path.' },
|
|
723
723
|
{ name: 'context7', usage: 'sks context7 check|setup|tools|resolve|docs|evidence ...', description: 'Check, configure, and call the local Context7 MCP requirement.' },
|
|
724
|
-
{ name: '
|
|
725
|
-
{ name: '
|
|
724
|
+
{ name: 'insane-search', usage: 'sks insane-search doctor|run|x|fetch|status|inspect|sources|claims|cache|bench|migrate-xai', description: 'Run provider-independent InsaneSearch source intelligence.' },
|
|
725
|
+
{ name: 'ultra-search', usage: 'compatibility alias for sks insane-search', description: 'Deprecated compatibility alias; use sks insane-search.' },
|
|
726
|
+
{ name: 'xai', usage: 'sks xai check|status|docs', description: 'Deprecated compatibility notice; use sks insane-search.' },
|
|
726
727
|
{ name: 'recallpulse', usage: 'sks recallpulse run|status|eval|governance|checklist <mission-id|latest>', description: 'Run report-only RecallPulse active recall, durable status, proof capsule, evidence envelope, and governance checks.' },
|
|
727
728
|
{ name: 'pipeline', usage: 'sks pipeline status|resume|plan|answer ...', description: 'Inspect the active skill-first route, materialized execution plan, ambiguity gates, and completion gates.' },
|
|
728
729
|
{ name: 'guard', usage: 'sks guard check [--json]', description: 'Check SKS harness self-protection lock, fingerprints, and source-repo exception state.' },
|
|
@@ -899,7 +900,7 @@ export function looksLikeGenerativeEngineOptimizationRequest(prompt = '') {
|
|
|
899
900
|
}
|
|
900
901
|
export function looksLikeUltraSearchRequest(prompt = '') {
|
|
901
902
|
const text = String(prompt || '');
|
|
902
|
-
return /\b(?:UltraSearch|Ultra-Search|ultra\s*search|source\s+intelligence|provider-independent\s+source|source\s+acquisition|citation\s+proof|x-search)\b
|
|
903
|
+
return /\b(?:InsaneSearch|Insane-Search|insane\s*search|UltraSearch|Ultra-Search|ultra\s*search|source\s+intelligence|provider-independent\s+source|source\s+acquisition|citation\s+proof|x-search)\b|인세인\s*서치|울트라\s*서치|소스\s*인텔리전스/i.test(text);
|
|
903
904
|
}
|
|
904
905
|
export function routePrompt(prompt) {
|
|
905
906
|
const text = stripVisibleDecisionAnswerBlocks(prompt);
|
|
@@ -949,7 +950,7 @@ export function routePrompt(prompt) {
|
|
|
949
950
|
if (/\b(qa[-\s]?loop|qaloop|e2e\s+qa|qa\s+e2e)\b/i.test(text))
|
|
950
951
|
return routeById('QALoop');
|
|
951
952
|
if (looksLikeUltraSearchRequest(text) && !looksLikeCodeChangingWork(text) && !looksLikeAnswerOnlyRequest(text))
|
|
952
|
-
return routeById('
|
|
953
|
+
return routeById('InsaneSearch');
|
|
953
954
|
if (looksLikeGenerativeEngineOptimizationRequest(text))
|
|
954
955
|
return routeById('SEOGEOOptimizer');
|
|
955
956
|
if (looksLikeSeoRequest(text))
|
|
@@ -1051,7 +1052,7 @@ export function routeRequiresSubagents(route, prompt = '') {
|
|
|
1051
1052
|
return false;
|
|
1052
1053
|
if (route.id === 'ImageUXReview')
|
|
1053
1054
|
return false;
|
|
1054
|
-
if (route.id === '
|
|
1055
|
+
if (route.id === 'InsaneSearch')
|
|
1055
1056
|
return false;
|
|
1056
1057
|
if (route.id === 'SEOGEOOptimizer')
|
|
1057
1058
|
return false;
|
|
@@ -1137,7 +1138,7 @@ export function routeReasoning(route, prompt = '') {
|
|
|
1137
1138
|
return teamRouteReasoning(text);
|
|
1138
1139
|
if (route?.id === 'Research' || route?.id === 'AutoResearch')
|
|
1139
1140
|
return reasoning('xhigh', 'research_or_experiment_route');
|
|
1140
|
-
if (route?.id === '
|
|
1141
|
+
if (route?.id === 'InsaneSearch')
|
|
1141
1142
|
return reasoning('high', 'source_intelligence_route');
|
|
1142
1143
|
if (route?.id === 'SEOGEOOptimizer')
|
|
1143
1144
|
return reasoning('high', 'search_visibility_route');
|
package/dist/core/version.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export const PACKAGE_VERSION = '4.6.
|
|
1
|
+
export const PACKAGE_VERSION = '4.6.2';
|
|
2
2
|
//# sourceMappingURL=version.js.map
|
|
@@ -46,5 +46,28 @@ assertGate(decision.mad_db.operation_classes.includes('migration_apply'), 'direc
|
|
|
46
46
|
assertGate(decision.mad_db.state_source === 'persisted_sks_state', 'drifted hook payload state must fall back to persisted SKS MadDB state', decision);
|
|
47
47
|
assertGate(updated?.counters.reserved === 1, 'direct apply_migration reservation must land on the real MadDB mission capability', updated || {});
|
|
48
48
|
assertGate(wrongMissionDirExists === false, 'direct apply_migration must not create or write under the drifted payload mission id');
|
|
49
|
-
|
|
49
|
+
const unrelatedMission = await createMission(root, { mode: 'team', prompt: 'unrelated current-state drift fixture' });
|
|
50
|
+
const unrelatedStateFromCodex = { mission_id: unrelatedMission.id, mode: 'TEAM', phase: 'TOOL_CALL' };
|
|
51
|
+
const executeDecision = await checkDbOperation(root, unrelatedStateFromCodex, {
|
|
52
|
+
tool_name: 'mcp__supabase__execute_sql',
|
|
53
|
+
tool_call_id: 'direct-execute-sql-drop-delete-call',
|
|
54
|
+
tool_input: {
|
|
55
|
+
query: 'drop table if exists public.fixture_old; delete from public.fixture;'
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
const afterExecute = await readMadDbCapability(root, mission.id);
|
|
59
|
+
const unrelatedOperationsDir = path.join(missionDir(root, unrelatedMission.id), 'mad-db', 'runtime', 'operations');
|
|
60
|
+
assertGate(executeDecision.allowed === true && executeDecision.mad_db?.active === true, 'active MadDB capability must allow direct execute_sql after current state drifts away from MadDB', executeDecision);
|
|
61
|
+
assertGate(executeDecision.mad_db.state_source === 'latest_active_mad_db_capability', 'direct execute_sql must fall back to the latest active MadDB capability when persisted state is unrelated', executeDecision);
|
|
62
|
+
for (const operation of ['direct_execute_sql', 'drop', 'all_row_delete']) {
|
|
63
|
+
assertGate(executeDecision.mad_db.operation_classes.includes(operation), `direct execute_sql destructive SQL must reserve ${operation}`, executeDecision);
|
|
64
|
+
}
|
|
65
|
+
assertGate(afterExecute?.counters.reserved === 2, 'direct execute_sql reservation must land on the real MadDB mission capability', afterExecute || {});
|
|
66
|
+
assertGate(fs.existsSync(unrelatedOperationsDir) === false, 'direct execute_sql must not write operation lifecycle files under the unrelated current mission');
|
|
67
|
+
emitGate('mad-db:direct-apply-migration-hook', {
|
|
68
|
+
mission_id: mission.id,
|
|
69
|
+
apply_operation_id: decision.mad_db.operation_id,
|
|
70
|
+
execute_operation_id: executeDecision.mad_db.operation_id,
|
|
71
|
+
counters: afterExecute?.counters
|
|
72
|
+
});
|
|
50
73
|
//# sourceMappingURL=mad-db-direct-apply-migration-hook-check.js.map
|
|
@@ -9,6 +9,10 @@ for (const token of ['table/schema DROP', 'all-row mutations', 'TRUNCATE', 'exec
|
|
|
9
9
|
}
|
|
10
10
|
assertGate(dbSafetySkill.includes('Active MadDB is the explicit exception'), 'db safety skill must name active MadDB exception', { dbSafetySkill });
|
|
11
11
|
assertGate(!madDbSkill.includes('Keep catastrophic safeguards active: whole database/schema/table removal'), 'MadDB skill must not carry old destructive-operation denial text', { madDbSkill });
|
|
12
|
+
assertGate(!madDbSkill.includes('persistent security weakening'), 'MadDB skill must not carry prompt-only SQL-plane denial text', { madDbSkill });
|
|
13
|
+
assertGate(madDbSkill.includes('Do not add prompt-only SQL deny lists inside active MadDB'), 'MadDB skill must prevent SQL-plane prompt veto lists', { madDbSkill });
|
|
14
|
+
assertGate(!dbSafetySkill.includes('do not run DROP'), 'db safety skill must not conflict with active MadDB SQL-plane allowance', { dbSafetySkill });
|
|
15
|
+
assertGate(dbSafetySkill.includes('Default read-only restrictions do not apply to SQL-plane work while the active MadDB capability v2 is bound'), 'db safety skill must explicitly remove default restrictions during active MadDB', { dbSafetySkill });
|
|
12
16
|
assertGate(initText.includes('madDbSkillText()') && initText.includes('dbSafetyGuardSkillText()'), 'init must generate skills from typed MadDB policy SSOT', {});
|
|
13
17
|
assertGate(MAD_DB_POLICY.active_mode.sql_plane === 'allow_all_mutations' && MAD_DB_POLICY.normal_supabase_mcp.read_only_required === true, 'typed policy must encode active SQL-plane and normal read-only modes', MAD_DB_POLICY);
|
|
14
18
|
emitGate('mad-db:skill-policy', { schema: MAD_DB_POLICY.schema, operation_classes: MAD_DB_POLICY.sql_plane_allowed.length });
|
|
@@ -97,7 +97,7 @@ const requiredScripts = [
|
|
|
97
97
|
'agent:janitor',
|
|
98
98
|
'agent:multi-project-isolation',
|
|
99
99
|
'verification:parallel-engine',
|
|
100
|
-
'
|
|
100
|
+
'insane-search:provider-interface',
|
|
101
101
|
'source-intelligence:policy',
|
|
102
102
|
'source-intelligence:all-modes',
|
|
103
103
|
'codex-web:adapter',
|
|
@@ -34,9 +34,9 @@ const tasks = [
|
|
|
34
34
|
task('agent:janitor', 'npm run agent:janitor --silent', { dependencies: ['build'] }),
|
|
35
35
|
task('agent:multi-project-isolation', 'npm run agent:multi-project-isolation --silent', { dependencies: ['build'] }),
|
|
36
36
|
task('verification:parallel-engine', 'npm run verification:parallel-engine --silent', { dependencies: ['build'] }),
|
|
37
|
-
task('
|
|
37
|
+
task('insane-search:provider-interface', 'npm run insane-search:provider-interface --silent', { dependencies: ['build'] }),
|
|
38
38
|
task('source-intelligence:policy', 'npm run source-intelligence:policy --silent', { dependencies: ['build'] }),
|
|
39
|
-
task('source-intelligence:all-modes', 'npm run source-intelligence:all-modes --silent', { dependencies: ['build', 'source-intelligence:policy', '
|
|
39
|
+
task('source-intelligence:all-modes', 'npm run source-intelligence:all-modes --silent', { dependencies: ['build', 'source-intelligence:policy', 'insane-search:provider-interface', 'codex-web:adapter'] }),
|
|
40
40
|
task('codex-web:adapter', 'npm run codex-web:adapter --silent', { dependencies: ['build'] }),
|
|
41
41
|
task('seo:cli-blackbox', 'npm run seo:cli-blackbox --silent', { dependencies: ['build'] }),
|
|
42
42
|
task('seo:audit-fixture', 'npm run seo:audit-fixture --silent', { dependencies: ['build'] }),
|
|
@@ -6,7 +6,7 @@ import { assertGate, emitGate, importDist, packageScripts, root } from './sks-1-
|
|
|
6
6
|
const mod = await importDist('core/release-parallel-full-coverage.js');
|
|
7
7
|
const pkgScripts = packageScripts();
|
|
8
8
|
const parallelSource = fs.readFileSync(path.join(root, 'src/scripts/release-parallel-check.ts'), 'utf8');
|
|
9
|
-
const current = [...new Set(Object.keys(pkgScripts).filter((name) => parallelSource.includes(name)).concat(Object.keys(pkgScripts).filter((name) => /^ultra-search|^source-intelligence|^codex-web|^goal-mode|^agent:main-no-scout|^agent:worker-scout-limited|^agent:background-terminals|^agent:zellij-runtime|^agent:visual-consistency|^release:parallel-full-coverage|^priority:full-closure/.test(name))))];
|
|
9
|
+
const current = [...new Set(Object.keys(pkgScripts).filter((name) => parallelSource.includes(name)).concat(Object.keys(pkgScripts).filter((name) => /^insane-search|^ultra-search|^source-intelligence|^codex-web|^goal-mode|^agent:main-no-scout|^agent:worker-scout-limited|^agent:background-terminals|^agent:zellij-runtime|^agent:visual-consistency|^release:parallel-full-coverage|^priority:full-closure/.test(name))))];
|
|
10
10
|
const report = mod.evaluateReleaseParallelFullCoverage(current);
|
|
11
11
|
assertGate(report.ok === true, 'release parallel DAG must preserve previous gates and include 1.18 gates', report);
|
|
12
12
|
emitGate('release:parallel-full-coverage', { previous_gate_count: report.previous_gate_count, current_gate_count: report.current_gate_count });
|
|
@@ -103,7 +103,7 @@ const checks = {
|
|
|
103
103
|
computer_use_live_evidence: scriptContains('release:check', 'computer-use:live-evidence'),
|
|
104
104
|
docs_truthfulness: scriptContains('release:check', 'docs:truthfulness'),
|
|
105
105
|
release_readiness: scriptContains('release:check:parallel', 'release:readiness'),
|
|
106
|
-
|
|
106
|
+
insane_search_provider_interface: scriptContains('release:check:parallel', 'insane-search:provider-interface'),
|
|
107
107
|
source_intelligence_policy: scriptContains('release:check:parallel', 'source-intelligence:policy'),
|
|
108
108
|
source_intelligence_all_modes: scriptContains('release:check:parallel', 'source-intelligence:all-modes'),
|
|
109
109
|
codex_web_adapter: scriptContains('release:check:parallel', 'codex-web:adapter'),
|
|
@@ -18,7 +18,7 @@ assertGate(result.proof.provider_independent === true, 'UltraSearch proof must b
|
|
|
18
18
|
assertGate(result.proof.xai_runtime_dependency === false, 'UltraSearch must not require xAI runtime', result.proof);
|
|
19
19
|
assertGate(result.sources.some((source) => source.acquisition_verdict === 'verified_content'), 'UltraSearch must normalize verified source evidence', result.sources);
|
|
20
20
|
assertGate(result.convergence.schema === 'sks.ultra-search-convergence.v1', 'UltraSearch convergence artifact must be typed', result.convergence);
|
|
21
|
-
emitGate('
|
|
21
|
+
emitGate('insane-search:provider-interface', {
|
|
22
22
|
mode: result.mode,
|
|
23
23
|
sources: result.sources.length,
|
|
24
24
|
verified: result.proof.verified_source_count,
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "sneakoscope",
|
|
3
3
|
"displayName": "ㅅㅋㅅ",
|
|
4
|
-
"version": "4.6.
|
|
4
|
+
"version": "4.6.2",
|
|
5
5
|
"description": "Sneakoscope Codex: fast proof-first Codex trust layer with image-based Voxel TriWiki.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",
|
|
@@ -496,7 +496,8 @@
|
|
|
496
496
|
"mcp:readonly-runtime-scheduler": "node ./dist/scripts/mcp-readonly-runtime-scheduler-check.js",
|
|
497
497
|
"codex:0.134-runner-truth": "node ./dist/scripts/codex-0-134-runner-truth-check.js",
|
|
498
498
|
"source-intelligence:policy": "node ./dist/scripts/source-intelligence-policy-check.js",
|
|
499
|
-
"
|
|
499
|
+
"insane-search:provider-interface": "node ./dist/scripts/ultra-search-provider-interface-check.js",
|
|
500
|
+
"ultra-search:provider-interface": "npm run insane-search:provider-interface --silent",
|
|
500
501
|
"context7:evidence-dedupe": "node ./dist/scripts/context7-evidence-dedupe-check.js",
|
|
501
502
|
"source-intelligence:codex-history-search": "node ./dist/scripts/codex-history-search-check.js",
|
|
502
503
|
"source-intelligence:all-modes": "node ./dist/scripts/source-intelligence-all-modes-check.js",
|