sneakoscope 4.6.1 → 4.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/README.md +23 -167
  2. package/crates/sks-core/Cargo.lock +1 -1
  3. package/crates/sks-core/Cargo.toml +1 -1
  4. package/crates/sks-core/src/main.rs +1 -1
  5. package/dist/bin/sks.js +1 -1
  6. package/dist/cli/command-registry.js +2 -1
  7. package/dist/cli/{ultra-search-command.js → insane-search-command.js} +17 -13
  8. package/dist/cli/xai-command.js +6 -6
  9. package/dist/commands/doctor.js +3 -1
  10. package/dist/core/commands/run-command.js +9 -5
  11. package/dist/core/db-safety.js +2 -2
  12. package/dist/core/doctor/global-sks-install-cleanup.js +73 -9
  13. package/dist/core/feature-fixtures.js +3 -0
  14. package/dist/core/fsx.js +1 -1
  15. package/dist/core/init.js +2 -1
  16. package/dist/core/mad-db/mad-db-coordinator.js +17 -8
  17. package/dist/core/mad-db/mad-db-executor.js +59 -7
  18. package/dist/core/mad-db/mad-db-policy-resolver.js +38 -1
  19. package/dist/core/mad-db/mad-db-policy.js +4 -3
  20. package/dist/core/mad-db/mad-db-runtime-profile.js +11 -2
  21. package/dist/core/mad-db/mad-db-target.js +31 -0
  22. package/dist/core/release-parallel-full-coverage.js +1 -1
  23. package/dist/core/routes.js +15 -14
  24. package/dist/core/update-check.js +11 -1
  25. package/dist/core/version.js +1 -1
  26. package/dist/scripts/mad-db-direct-apply-migration-hook-check.js +24 -1
  27. package/dist/scripts/mad-db-skill-policy-snapshot-check.js +4 -0
  28. package/dist/scripts/mad-db-supabase-transport-diagnostics-check.js +47 -0
  29. package/dist/scripts/release-metadata-1-19-check.js +1 -1
  30. package/dist/scripts/release-parallel-check.js +2 -2
  31. package/dist/scripts/release-parallel-full-coverage-check.js +1 -1
  32. package/dist/scripts/release-readiness-report.js +1 -1
  33. package/dist/scripts/ultra-search-provider-interface-check.js +1 -1
  34. package/package.json +5 -3
package/README.md CHANGED
@@ -2,22 +2,22 @@
2
2
 
3
3
  # 🔭 Sneakoscope Codex
4
4
 
5
- **Proof-first Codex orchestration — massive parallel agent swarms you can actually watch, audit, and trust.**
5
+ ### Proof-first orchestration for OpenAI Codex — run massive parallel AI coding agents you can watch, audit, and trust.
6
6
 
7
7
  [![npm version](https://img.shields.io/npm/v/sneakoscope?color=cb3837&logo=npm)](https://www.npmjs.com/package/sneakoscope)
8
8
  [![node](https://img.shields.io/badge/node-%3E%3D20.11-339933?logo=node.js&logoColor=white)](#requirements)
9
9
  [![license](https://img.shields.io/badge/license-MIT-blue)](#license)
10
- [![zellij](https://img.shields.io/badge/UI-Zellij%20stacked%20panes-1e90ff)](#mad-zellij-launch)
10
+ [![Zellij](https://img.shields.io/badge/UI-Zellij%20stacked%20panes-1e90ff)](#mad-zellij-launch)
11
11
 
12
- `npm i -g sneakoscope` `sks --mad` watch up to **100 shadow-clone workers** code in parallel,<br/>each in a live Zellij pane, every claim backed by Completion Proof.
12
+ [![Sneakoscope Codex - proof-first Codex orchestration pipeline: a Codex task fans out to the Naruto parallel worker swarm, streams through live Zellij panes, passes safety gates, and ends in Completion Proof](docs/assets/sneakoscope-hero.svg)](https://www.npmjs.com/package/sneakoscope)
13
13
 
14
- Current package release: **4.6.1**.
14
+ `npm i -g sneakoscope` → `sks --mad` → watch up to **100 parallel workers** code at once,<br/>each in a live Zellij pane, every claim backed by **Completion Proof**.
15
15
 
16
16
  </div>
17
17
 
18
18
  ---
19
19
 
20
- Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex work **auditable**. It does not try to clone every other harness. It focuses on one thing relentlessly: Codex work becomes visual-evidence-bound, safety-gated, and reproducible through Completion Proof.
20
+ **Sneakoscope Codex** (`sks`) is a Codex CLI and Codex App harness that makes repeatable Codex work **auditable**. It focuses on one thing relentlessly: every Codex run becomes visual-evidence-bound, safety-gated, and reproducible through Completion Proof.
21
21
 
22
22
  | | What you get |
23
23
  | --- | --- |
@@ -27,173 +27,29 @@ Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex
27
27
  | 🛡️ **Safety gates** | DB/migration/destructive operations stay gated, 190+ release gate scripts, Honest Mode |
28
28
  | 🖼️ **Visual evidence** | Image Voxel TriWiki plus `$imagegen`/`gpt-image-2`-bound visual review flows |
29
29
 
30
- ![Sneakoscope Codex Trust Layer](docs/assets/sneakoscope-architecture-pipeline.jpg)
31
-
32
30
  ## LLM Init Prompt for Codex Native Agent Builders
33
31
 
34
32
  ```text
35
33
  Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-Codex](https://github.com/mandarange/Sneakoscope-Codex)] as the repo reference and [npm i -g sneakoscope] as the recommended global install command, then run the appropriate `sks` setup, doctor, Codex App, and proof checks for this repo. Keep generated SKS state out of source control unless documented, and record every version-facing change in CHANGELOG.md.
36
34
  ```
37
35
 
38
- ## 🚀 Current Release
39
-
40
- SKS **4.6.1** keeps the 4.6 search-visibility release surface and fixes the MadDB safety hook so direct Supabase MCP `apply_migration` calls use the active persisted MadDB capability when Codex hook payload state drifts.
41
-
42
- - **`sks seo-geo-optimizer` / `$SEO-GEO-OPTIMIZER`.** Run read-only audit, mutation plan, explicit apply, verification, rollback, and Completion Proof for both Search Engine Optimization and Generative Engine Optimization.
43
- - **Mode-specific evidence.** Use `--mode seo` for package/docs/website search visibility, including metadata, canonical, robots, sitemap, locale, structured data, and internal links. Use `--mode geo` for entity facts, claim evidence, answerability, AI crawler purpose policy, and optional `llms.txt` planning. GEO means Generative Engine Optimization, not geolocation.
44
- - **Lean Engineering evidence.** `sks bench lean-policy --json` compares hermetic baseline-context and lean-policy-context fixtures, catching over-build candidates while preserving safety rejections without making live model accuracy claims.
45
- - **Safety-first mutation.** `audit` and `plan` never mutate source. `apply` requires `--apply`, uses base hashes, create-only ownership, mutation journal, rollback manifest, and post-verification.
46
- - **Release-gated artifacts.** SEO/GEO now have explicit runtime fixtures, schemas, feature registry mappings, release gates, route gates, and Completion Proof links.
36
+ ## Highlights
47
37
 
48
- Common commands:
38
+ - **Massive parallel swarm.** `$Naruto` fans work out to up to 100 clone workers behind a hardware-safe governor, with lease-based parallel writes and a scheduler that keeps idle slots full while runnable work remains.
39
+ - **Live Zellij cockpit.** Workers stack as native Zellij panes that stream heartbeat, current file, tool events, and stdout every second.
40
+ - **Completion Proof on every serious route.** Schema-backed proof artifacts replace "trust me, it's done," and Honest Mode separates implemented, locally verified, production verified, and measured outcomes.
41
+ - **Safety-first by default.** SQL/migrations, Supabase/RLS changes, destructive filesystem operations, and published release state stay gated unless you explicitly opt in.
42
+ - **Visual evidence.** Image Voxel TriWiki plus `$imagegen`/`gpt-image-2`-bound visual review flows.
43
+ - **Search visibility route (SEO + GEO).** `sks seo-geo-optimizer` / `$SEO-GEO-OPTIMIZER` runs read-only audit, mutation plan, explicit apply, verification, rollback, and Completion Proof for both Search Engine Optimization and Generative Engine Optimization (GEO is generative-engine, not geolocation).
49
44
 
50
- ```bash
51
- sks seo-geo-optimizer doctor --mode seo --json
45
+ ```sh
52
46
  sks seo-geo-optimizer audit --mode seo --target package --offline --json
53
47
  sks seo-geo-optimizer plan latest --mode seo --json
54
48
  sks seo-geo-optimizer apply latest --mode seo --apply --json
55
- sks seo-geo-optimizer rollback latest --mode seo --apply --json
56
-
57
- sks seo-geo-optimizer doctor --mode geo --json
58
49
  sks seo-geo-optimizer audit --mode geo --target package --offline --json
59
- sks seo-geo-optimizer plan latest --mode geo --json
60
- sks seo-geo-optimizer apply latest --mode geo --include-llms-txt --apply --json
61
- sks bench lean-policy --json
62
50
  ```
63
51
 
64
- Honest boundary: SEO/GEO reports separate implemented, locally verified, production verified, and measured outcome. Sitemaps, canonical tags, structured data, crawler policy, and `llms.txt` are evidence surfaces, not guarantees of indexing, ranking, traffic, rich results, or AI answer inclusion.
65
-
66
- What changed in 4.2.1:
67
-
68
- What changed in 4.2.0:
69
-
70
- - **First-class MadDB route.** `$MAD-DB` no longer aliases `$MAD-SKS`; it creates one authoritative mission, capability, runtime profile, inventory check, execution, read-back, and closeout cycle.
71
- - **Capability v2 binding.** MadDB capabilities bind project root, project ref hash, mission/cycle/session identity, runtime profile hash, TTL, operator intent, and SQL-plane operation classes.
72
- - **Ephemeral Supabase write profile.** Persistent Supabase MCP config stays read-only; write-capable MCP settings exist only inside the active MadDB mission and are removed in `finally`.
73
- - **Exact lifecycle correlation.** Hook/result handling is keyed by canonical `tool_call_id`, uses idempotent operation state, and avoids unsafe tool-name result matching under parallel calls.
74
- - **Policy/docs/test SSOT.** MadDB route metadata, generated skill guidance, DB safety wording, Doctor guidance, release gates, docs, scanner coverage, and local regression tests share the typed MadDB policy surface.
75
- - **Release metadata truth.** Package, CLI version constants, Rust crate metadata, README, changelog, and release checks all point at 4.2.0.
76
-
77
- What changed in 4.1.1:
78
-
79
- What changed in 4.1.0:
80
-
81
- SKS **4.1.0** turns the Codex `rust-v0.142.0` compatibility surface into the authoritative Doctor/update readiness path. Doctor now consumes structured Codex Doctor semantics, separates pre-repair observation from post-repair truth, repairs managed native assets from plain `sks doctor --fix`, and gates update completion on a current project migration receipt.
82
-
83
- - **Semantic Doctor readiness.** Warning-only Codex Doctor output stays ready, blocking checks block readiness, and unknown non-zero/unparseable Doctor output fails closed.
84
- - **Post-repair authority.** `sks doctor --fix` records pre-repair Codex Doctor output but bases readiness on the final post-repair Doctor run.
85
- - **Managed native assets.** Skills, agent roles, hooks, and Context7 transport share the 4.1.0 managed manifest; stale directive markers no longer appear in generated role content.
86
- - **Codex 0.142 wiring.** The native feature broker exposes multi-agent mode, rollout budget strategy, indexed web search, current time, app-server overload, MCP reconnect, plugin refresh, thread search, remote native environment, and terminal subagent error handling as current capabilities.
87
- - **Update lifecycle receipts.** `sks update now` runs old-version Doctor preflight, installs through the guarded npm path, re-resolves the new package-local binary, runs new-version global Doctor, and writes a project migration receipt before reporting `updated`.
88
- - **Local evidence hygiene.** Machine-local `.sneakoscope` runtime evidence is ignored and guarded so release commits do not carry host paths, secrets, or transient proof logs.
89
-
90
- What changed in 4.0.15:
91
-
92
- - **Codex 0.142 release manifest.** `rust-v0.142.0`, `codex-cli 0.142.0`, SDK `0.142.0`, generated app-server schema hash, required probes, and supported platforms are captured as a single manifest.
93
- - **Runtime identity proof.** Codex compatibility now resolves the project/env/PATH binary through one resolver and records realpath, version, SHA-256, package root, platform, and arch.
94
- - **Safer SDK execution policy.** SDK tasks no longer inherit `process.env` wholesale and no longer hard-code `approvalPolicy: never`, `skipGitRepoCheck: true`, or network access from sandbox mode.
95
- - **0.142 app-server evidence.** Generated app-server TypeScript and JSON Schema snapshots are stored under versioned paths; app-server-v2 wraps `thread/list`, `thread/read`, list search, and `currentTime/read` handling, while capability gates reject `assumed_by_version` evidence.
96
- - **Transactional thread registry guard.** Codex thread registration now uses an atomic lock and append-only journal, with a 100-write gate covering concurrent updates and corruption preservation.
97
- - **Package contract repair.** The npm tarball includes `dist/scripts` verification targets so public package scripts do not point at files excluded from the package.
98
-
99
- What changed in 4.0.14:
100
-
101
- - **Real stage parallelism evidence.** GLM Naruto records bounded parallel stage timelines, overlap ratios, parallelism summaries, critical-path metrics, and speed diagnosis artifacts.
102
- - **Parallel gate/verifier/worktree stages.** Candidate gate, worktree materialization, and verifier checks no longer have to run candidate-by-candidate when multiple candidates are available.
103
- - **Requirement coverage seal.** GLM Naruto writes a requirement ledger and candidate coverage artifacts, and the final seal blocks when required requirements remain uncovered.
104
- - **MAD route isolation.** `sks --mad` without `--glm` remains the GPT/Codex/MAD route and does not resolve OpenRouter or run GLM-specific benchmark/Naruto code.
105
- - **Benchmark proof honesty.** GLM benchmark proof now reports request-summary availability separately from case-level model lock checks and fixes the no-mutation proof boolean.
106
-
107
- What changed in 4.0.13:
108
-
109
- - **Extracted worktree patches.** `--worktree` parses `<sks_patch_candidate>` and records candidate/extracted patch hashes before any worker worktree apply.
110
- - **Adaptive scheduler.** Patch workers use a finite launch queue with provider-health backpressure and retry-once handling for retryable 429/5xx/idle-timeout failures.
111
- - **True direct-vs-Naruto bench.** `--bench --live --no-apply` compares direct GLM, Naruto 1, 4, 8, and 12 worker cases without fake zero metrics.
112
- - **Transaction guards.** Final apply blocks dirty touched paths unless `--allow-dirty-apply` is explicit, runs targeted checks, and rolls back on validation failure by default.
113
- - **Seal artifacts.** GLM Naruto writes `final-seal.json`, stop-gate final-seal evidence, `merge-rationale.md`, and `bench-report.md` for auditability.
114
-
115
- What changed in 4.0.8:
116
-
117
- - **`--open` alias for interactive GLM launch.** `sks --mad --glm --open` now opens the GLM interactive Zellij runtime, equivalent to `sks --mad --glm --interactive`.
118
-
119
- What changed in 4.0.6:
120
-
121
- - **No default long-lived GLM launch.** Bare `sks --mad --glm` no longer falls through to MAD/Zellij; `--interactive`, `--open`, `--zellij`, or `session` is required for that path.
122
- - **Fast GLM speed profile.** Speed mode keeps OpenRouter locked to `z-ai/glm-5.2`, disables GPT/model fallback, avoids high/xhigh reasoning by default, and uses `provider.require_parameters: false` with throughput-first routing.
123
- - **Bounded direct task runs.** `sks --mad --glm run "task"` and `sks --mad --glm "task"` use a one-shot GLM speed run with max-turn, wall-clock, request-timeout, no-progress, repeated-output, and terminal-state guards.
124
- - **Deterministic mutation gate.** GLM still returns patch envelopes; SKS parses the unified diff, blocks protected paths, runs `git apply --check`, and applies only after the gate passes.
125
- - **OpenRouter speed plumbing.** Encoded request bodies are cached without Authorization headers, request timeout/abort is wired, streaming TTFT/usage capture is scaffolded, and synthetic `--bench` remains network-free by default.
126
- - **Loop regression tests.** Routing, speed-profile, cache, loop-guard, patch-gate, and OpenRouter key handling are covered by targeted tests.
127
-
128
- SKS **3.1.16** was a launch-reliability patch on the 3.1.15 doctor-reliability release. It made `sks --mad` self-bootstrap a fresh project instead of dead-ending on a missing Codex config.
129
-
130
- What changed in 3.1.16:
131
-
132
- - **`sks --mad` bootstraps a fresh project.** When the only preflight blocker is a missing managed Codex config (`.codex/config.toml` absent), `sks --mad` now regenerates it — the `sks doctor --fix` equivalent — and re-runs the preflight, instead of blocking and making you run a separate command. An existing but unreadable/EPERM/parse-broken config still blocks and routes you to `sks doctor --fix`.
133
- - **Missing-config diagnostics are honest.** A missing config no longer cascades into misleading `macos_acl_ls_le_failed` / `macos_flags_ls_lO_failed` / `spawned_child_read_failed` blockers from running file checks on a nonexistent path; the preflight reports only `missing_config` / `missing_codex_dir`.
134
-
135
- SKS **3.1.15** was a doctor-reliability patch on the 3.1.14 production-hardening release. It ended the endless `sks doctor --fix` loop that kept reporting `codex_cli_config_toml_parse_error` / `cli_ready: no` on the very run that already repaired the config.
136
-
137
- What changed in 3.1.15:
138
-
139
- - **`sks doctor --fix` no longer loops on a config it already fixed.** The Codex config-load probe is re-run *after* the Context7/Supabase/startup MCP repairs land, so the readiness verdict reflects the repaired config instead of the stale pre-repair snapshot.
140
- - **Context7 is seeded on the remote transport.** Managed setup writes `[mcp_servers.context7]` with the streamable-HTTP `url` instead of a local stdio `command`, so the project config never merges with a remote `url` in the global Codex config into the `url is not supported for stdio` error Codex 0.140 rejects.
141
- - **The config-load operator action is accurate.** A `codex_cli_config_toml_parse_error` now points at both misplaced machine-local keys *and* the Context7/MCP stdio-vs-`url` transport conflict, instead of only suggesting a key hoist that does nothing for a transport conflict.
142
-
143
- The 3.1.14 production-hardening surface for Codex 0.140 evidence, transactional `sks doctor --fix` repair, MCP readiness, native capability proof, and protected-secret rollback remains intact.
144
-
145
- What changed in 3.1.14:
146
-
147
- - **Codex 0.140 readiness carries evidence.** Capability reports now expose per-feature state and certainty, real usage parsing, goal attachment roundtrip proof, and usage-budget provenance for loop/Naruto runtime decisions.
148
- - **Doctor repair is phase-based.** `sks doctor --fix` records phase durations, postchecks, optional manual readiness, and rollback evidence instead of collapsing repair work into a summary writer.
149
- - **Startup and MCP repair are safer.** Managed agent TOML blocks are repaired without touching unrelated config, missing role files are regenerated from real managed templates, Context7 disabled servers stay disabled, and Supabase write scope is separated from read-only readiness.
150
- - **Secret rollback is line-level when possible.** Protected key changes are restored without discarding unrelated operator edits, nested guard operations are recorded, and backup artifacts remain ignored.
151
- - **Native capability proof is stricter.** Computer Use and Chrome/web review no longer become verified from environment variables outside explicit fixture/test modes.
152
- - **Release metadata is aligned for 3.1.14.** Package, lockfile, CLI version constants, Rust helper metadata, README, changelog, docs, built output, and release stamp all point at the same release.
153
-
154
- SKS 3.0.0 was the parallel-runtime stabilization release. The whole live-swarm experience — what you actually *see* while 5, 20, or 100 workers run — was rebuilt and proven end-to-end.
155
-
156
- What changed in 3.0.0:
157
-
158
- - **Slot panes are finally alive.** The watch renderer froze for entire missions because the telemetry snapshot cache never invalidated; snapshot reads are now mtime-aware, multi-process flushes merge instead of clobbering each other, and the disk `updated_at` stays authoritative for stale detection.
159
- - **One SLOTS column, vertical stack.** Concurrent workers used to race anchor creation and split the screen into N side-by-side columns. Anchor + worker pane creation is serialized per session, and workers join a native Zellij stacked-pane group (`new-pane --stacked`, opt out with `SKS_ZELLIJ_WORKER_STACKED=0`).
160
- - **Live renderer is the default worker pane.** `full-debug` showed nothing until worker exit (workers run with `--json`); the default `compact-slots` renderer streams heartbeat, current file, tool events, and stdout tails every second.
161
- - **Zellij stays current like Codex does.** `sks --mad` / `sks naruto run` offer a `[Y/n]` upgrade to the latest stable Zellij (GitHub releases lookup, 6h cache), plus an explicit `sks zellij update [--yes]` subcommand and `SKS_SKIP_ZELLIJ_UPDATE` escape.
162
- - **Faster, honest dispatch.** Scheduler batch telemetry writes run concurrently per batch instead of serializing two file writes per worker; naruto backpressure throttling (50%/25% under host pressure) is reported in the run header instead of staying silent.
163
- - **Wired, not decorative.** The naruto finalizer gate and the agent message bus now run in production paths; dead swarm code (`naruto-work-stealing`, `zellij-right-column-layout-proof`) was removed.
164
-
165
- Quick checks:
166
-
167
- ```bash
168
- npm run typecheck
169
- npm run build
170
- npm run codex:0138-capability
171
- npm run codex-sdk:version-compat
172
- npm run codex-app:handoff
173
- npm run codex-plugin:inventory
174
- npm run qa-loop:app-handoff
175
- npm run image:artifact-path-contract
176
- npm run codex:effort-order
177
- npm run codex:account-usage
178
- npm run codex:0138-doctor
179
- npm run doctor:codex-0138-fix
180
- npm run codex-control:capability
181
- npm run codex-control:structured-output
182
- npm run codex-control:event-stream-ledger
183
- npm run codex-control:thread-registry
184
- npm run codex-control:empty-result-retry
185
- npm run codex-control:stream-idle-watchdog
186
- npm run ultra-router:auto-router
187
- npm run codex-sdk:zellij-pane-binding
188
- npm run codex-app:fast-ui-preservation
189
- npm run provider:badge-context
190
- npm run zellij:worker-pane-manager
191
- npm run runtime:no-mjs-scripts
192
- npm run runtime:ts-python-boundary
193
- npm run codex-control:all-pipelines
194
- ```
195
-
196
- Change-aware release checks live behind `npm run release:check`; publish-authorizing full DAG checks use `npm run release:check:full`. Detailed release history is in [CHANGELOG.md](CHANGELOG.md), and release readiness is tracked in [docs/release-readiness.md](docs/release-readiness.md).
52
+ > 📋 **Current release: `v4.6.3`** full release history lives in [CHANGELOG.md](CHANGELOG.md). This README documents how Sneakoscope works today, not its version-by-version changes. Release readiness is tracked in [docs/release-readiness.md](docs/release-readiness.md).
197
53
 
198
54
  ## 🍥 Parallelism, UX, And Integrations
199
55
 
@@ -210,12 +66,12 @@ Change-aware release checks live behind `npm run release:check`; publish-authori
210
66
 
211
67
  - **Image generation under codex-lb.** `gpt-image-2` routes through the same Codex `/responses` backend the load balancer already proxies, so `$imagegen` works when you are authenticated only through codex-lb (no direct `OPENAI_API_KEY`). The official Codex App `$imagegen` surface stays primary; the codex-lb/OpenAI API path is the fallback. Opt out with `SKS_IMAGEGEN_ALLOW_CODEX_LB_API_FALLBACK=0`.
212
68
 
213
- - **UltraSearch source intelligence.** Run provider-independent source acquisition without requiring xAI/Grok credentials:
69
+ - **InsaneSearch source intelligence.** Run provider-independent source acquisition without requiring xAI/Grok credentials:
214
70
 
215
71
  ```bash
216
- sks ultra-search doctor
217
- sks ultra-search run "current package release notes" --mode balanced
218
- sks ultra-search x "site:x.com product launch"
72
+ sks insane-search doctor
73
+ sks insane-search run "current package release notes" --mode balanced
74
+ sks insane-search x "site:x.com product launch"
219
75
  ```
220
76
 
221
77
  - **CLI-only SKS update notices.** Codex App hooks no longer stop normal work to ask for an SKS update. CLI launch surfaces such as `sks --mad` print a non-blocking latest-version notice, `sks update-check` / `sks update check` show the explicit status, and `sks doctor --fix` runs the guarded global SKS update path before repair.
@@ -301,7 +157,7 @@ The cleanup contract is policy-backed in `.sneakoscope/policy.json`, but the def
301
157
  - Codex App Hooks/PAT: [docs/hooks-pat.md](docs/hooks-pat.md)
302
158
  - codex-lb: [docs/codex-lb.md](docs/codex-lb.md)
303
159
  - Source Intelligence Layer: [docs/source-intelligence-layer.md](docs/source-intelligence-layer.md)
304
- - UltraSearch / Context7 / Codex Web policy: [docs/ultra-search-source-intelligence-policy.md](docs/ultra-search-source-intelligence-policy.md)
160
+ - InsaneSearch / Context7 / Codex Web policy: [docs/ultra-search-source-intelligence-policy.md](docs/ultra-search-source-intelligence-policy.md)
305
161
  - Main no-Scout / worker Scout policy: [docs/main-no-scout-worker-scout-policy.md](docs/main-no-scout-worker-scout-policy.md)
306
162
  - Real Codex dynamic smoke: [docs/real-codex-dynamic-smoke.md](docs/real-codex-dynamic-smoke.md)
307
163
  - Appshots pipeline: [docs/appshots-pipeline.md](docs/appshots-pipeline.md)
@@ -739,7 +595,7 @@ sks codex-native invocation-plan --route Loop --capability agent-role --json
739
595
  sks codex-native init-deep --apply --directory-local --json
740
596
  ```
741
597
 
742
- The broker records Codex-native feature availability, invocation defaults, neutral pattern evidence, and managed memory setup without exposing reference implementation branding in user-facing artifacts.
598
+ The broker records Codex-native feature availability, invocation defaults, neutral pattern evidence, and managed memory setup to drive routing decisions.
743
599
 
744
600
  ## 💬 Prompt `$` Commands
745
601
 
@@ -803,7 +659,7 @@ npm install -g .
803
659
  sks doctor --fix
804
660
  ```
805
661
 
806
- If PATH or npm has duplicate global installs, `sks doctor --fix` keeps one global npm install and removes duplicate global `sneakoscope` installs. The Sneakoscope source checkout is exempt so local development files are not removed.
662
+ If PATH or npm has duplicate global installs, `sks doctor --fix` keeps one global npm install, removes duplicate global `sneakoscope` installs, and clears the npm cache so old downloaded package versions do not accumulate. The Sneakoscope source checkout is exempt so local development files are not removed.
807
663
 
808
664
  ### SKS keeps asking to update after a global update
809
665
 
@@ -856,14 +712,14 @@ sks codex-app check
856
712
 
857
713
  If Codex App UI panels or auth-dependent controls still look wrong after codex-lb setup, repair, or upgrade, restart the app first. If the UI still does not recover, sign out of Codex App, sign back in, then run `sks codex-app check` or `sks codex-lb repair` as needed.
858
714
 
859
- ### Setup is blocked by another harness
715
+ ### Setup is blocked by another tool
860
716
 
861
717
  ```sh
862
718
  sks conflicts check
863
719
  sks conflicts prompt
864
720
  ```
865
721
 
866
- OMX/DCodex conflicts block setup/doctor until the user approves cleanup.
722
+ If another agent tool's managed config conflicts with setup, SKS blocks setup/doctor until you approve the cleanup.
867
723
 
868
724
  ### The route is stuck or a final hook keeps reopening
869
725
 
@@ -76,7 +76,7 @@ dependencies = [
76
76
 
77
77
  [[package]]
78
78
  name = "sks-core"
79
- version = "4.6.1"
79
+ version = "4.6.3"
80
80
  dependencies = [
81
81
  "serde_json",
82
82
  ]
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "sks-core"
3
- version = "4.6.1"
3
+ version = "4.6.3"
4
4
  edition = "2021"
5
5
 
6
6
  [dependencies]
@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
4
4
  fn main() {
5
5
  let mut args = std::env::args().skip(1);
6
6
  match args.next().as_deref() {
7
- Some("--version") => println!("sks-rs 4.6.1"),
7
+ Some("--version") => println!("sks-rs 4.6.3"),
8
8
  Some("compact-info") => {
9
9
  let mut input = String::new();
10
10
  let _ = io::stdin().read_to_string(&mut input);
package/dist/bin/sks.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- const FAST_PACKAGE_VERSION = '4.6.1';
2
+ const FAST_PACKAGE_VERSION = '4.6.3';
3
3
  const args = process.argv.slice(2);
4
4
  try {
5
5
  if (args[0] === '--agent' && args[1] === 'worker') {
@@ -132,7 +132,8 @@ export const COMMANDS = {
132
132
  'image-ux-review': entry('labs', 'Inspect image UX artifacts', 'dist/core/commands/image-ux-review-command.js', commandArgsCommand(() => import('../core/commands/image-ux-review-command.js'), 'imageUxReviewCommand', 'dist/core/commands/image-ux-review-command.js')),
133
133
  'computer-use': entry('beta', 'Record native Mac/non-web Computer Use visual evidence', 'dist/core/commands/computer-use-command.js', commandArgsCommand(() => import('../core/commands/computer-use-command.js'), 'computerUseCommand', 'dist/core/commands/computer-use-command.js')),
134
134
  context7: entry('beta', 'Context7 checks and docs', 'dist/cli/context7-command.js', subcommand(() => import('./context7-command.js'), 'context7Command', 'dist/cli/context7-command.js', 'check')),
135
- 'ultra-search': entry('beta', 'Run provider-independent UltraSearch source intelligence', 'dist/cli/ultra-search-command.js', subcommand(() => import('./ultra-search-command.js'), 'ultraSearchCommand', 'dist/cli/ultra-search-command.js', 'doctor')),
135
+ 'insane-search': entry('beta', 'Run provider-independent InsaneSearch source intelligence', 'dist/cli/insane-search-command.js', subcommand(() => import('./insane-search-command.js'), 'insaneSearchCommand', 'dist/cli/insane-search-command.js', 'doctor')),
136
+ 'ultra-search': entry('beta', 'Compatibility alias for InsaneSearch source intelligence', 'dist/cli/insane-search-command.js', subcommand(() => import('./insane-search-command.js'), 'ultraSearchCommand', 'dist/cli/insane-search-command.js', 'doctor')),
136
137
  xai: entry('beta', 'Deprecated compatibility notice for removed xAI/Grok setup', 'dist/cli/xai-command.js', subcommand(() => import('./xai-command.js'), 'xaiCommand', 'dist/cli/xai-command.js', 'check')),
137
138
  recallpulse: entry('labs', 'RecallPulse evidence route', 'dist/commands/recallpulse.js', directCommand(() => import('../commands/recallpulse.js'), 'dist/commands/recallpulse.js')),
138
139
  pipeline: entry('beta', 'Inspect pipeline missions', 'dist/commands/pipeline.js', directCommand(() => import('../commands/pipeline.js'), 'dist/commands/pipeline.js')),
@@ -2,7 +2,7 @@ import fs from 'node:fs/promises';
2
2
  import os from 'node:os';
3
3
  import path from 'node:path';
4
4
  import { runUltraSearch } from '../core/ultra-search/index.js';
5
- export async function ultraSearchCommand(sub = 'help', args = []) {
5
+ export async function insaneSearchCommand(sub = 'help', args = []) {
6
6
  const action = sub || 'help';
7
7
  if (action === 'run')
8
8
  return runCommand(args);
@@ -22,12 +22,13 @@ export async function ultraSearchCommand(sub = 'help', args = []) {
22
22
  return migrateXaiCommand(args);
23
23
  return helpCommand();
24
24
  }
25
+ export const ultraSearchCommand = insaneSearchCommand;
25
26
  async function runCommand(args) {
26
27
  const json = args.includes('--json');
27
28
  const mode = readOption(args, '--mode');
28
29
  const query = positional(args).join(' ').trim();
29
30
  if (!query)
30
- throw new Error('Usage: sks ultra-search run "<query>" [--mode fast|balanced|deep|exhaustive|x_search|url_acquisition] [--json]');
31
+ throw new Error('Usage: sks insane-search run "<query>" [--mode fast|balanced|deep|exhaustive|x_search|url_acquisition] [--json]');
31
32
  const missionDir = await mkMissionDir();
32
33
  const result = await runUltraSearch({
33
34
  missionDir,
@@ -37,7 +38,7 @@ async function runCommand(args) {
37
38
  if (json)
38
39
  console.log(JSON.stringify(result, null, 2));
39
40
  else {
40
- console.log(`UltraSearch ${result.ok ? 'completed' : 'partial/blocked'}: ${result.mode}`);
41
+ console.log(`InsaneSearch ${result.ok ? 'completed' : 'partial/blocked'}: ${result.mode}`);
41
42
  console.log(`Mission: ${missionDir}`);
42
43
  console.log(`Sources: ${result.sources.length}, verified: ${result.proof.verified_source_count}`);
43
44
  if (result.blockers.length)
@@ -64,7 +65,7 @@ async function doctorCommand(args) {
64
65
  if (json)
65
66
  console.log(JSON.stringify(report, null, 2));
66
67
  else
67
- console.log('UltraSearch doctor: core ready; xAI/Grok is not required.');
68
+ console.log('InsaneSearch doctor: core ready; xAI/Grok is not required.');
68
69
  return report;
69
70
  }
70
71
  async function inspectCommand(action, args) {
@@ -112,14 +113,17 @@ async function migrateXaiCommand(args) {
112
113
  function helpCommand() {
113
114
  console.log([
114
115
  'Usage:',
115
- ' sks ultra-search doctor [--json]',
116
- ' sks ultra-search run "<query>" [--mode fast|balanced|deep|exhaustive]',
117
- ' sks ultra-search x "<query>"',
118
- ' sks ultra-search fetch "<url>"',
119
- ' sks ultra-search status|inspect|sources|claims <mission|latest>',
120
- ' sks ultra-search cache status|prune|clear',
121
- ' sks ultra-search bench [--suite all|x|web|docs|blocked]',
122
- ' sks ultra-search migrate-xai [--apply]'
116
+ ' sks insane-search doctor [--json]',
117
+ ' sks insane-search run "<query>" [--mode fast|balanced|deep|exhaustive]',
118
+ ' sks insane-search x "<query>"',
119
+ ' sks insane-search fetch "<url>"',
120
+ ' sks insane-search status|inspect|sources|claims <mission|latest>',
121
+ ' sks insane-search cache status|prune|clear',
122
+ ' sks insane-search bench [--suite all|x|web|docs|blocked]',
123
+ ' sks insane-search migrate-xai [--apply]',
124
+ '',
125
+ 'Compatibility:',
126
+ ' sks ultra-search ...'
123
127
  ].join('\n'));
124
128
  return { ok: true, status: 'help' };
125
129
  }
@@ -160,4 +164,4 @@ async function latestMissionDir() {
160
164
  function asyncDirLikelyUltra(dir) {
161
165
  return Boolean(dir);
162
166
  }
163
- //# sourceMappingURL=ultra-search-command.js.map
167
+ //# sourceMappingURL=insane-search-command.js.map
@@ -9,9 +9,9 @@ export async function xaiCommand(sub = 'check', args = []) {
9
9
  setup_performed: false,
10
10
  xai_required: false,
11
11
  replacement: {
12
- doctor: 'sks ultra-search doctor',
13
- x_search: 'sks ultra-search x "<query>"',
14
- migration: 'sks ultra-search migrate-xai [--apply]'
12
+ doctor: 'sks insane-search doctor',
13
+ x_search: 'sks insane-search x "<query>"',
14
+ migration: 'sks insane-search migrate-xai [--apply]'
15
15
  },
16
16
  blockers: action === 'setup' ? ['xai_setup_removed_use_ultra_search'] : [],
17
17
  warnings: ['sks_xai_is_deprecated_and_does_not_configure_mcp_or_require_XAI_API_KEY']
@@ -19,9 +19,9 @@ export async function xaiCommand(sub = 'check', args = []) {
19
19
  if (json)
20
20
  console.log(JSON.stringify(result, null, 2));
21
21
  else {
22
- console.log('`sks xai` is deprecated. UltraSearch no longer requires xAI/Grok or XAI_API_KEY.');
23
- console.log('Use: sks ultra-search doctor');
24
- console.log('Use: sks ultra-search x "<query>"');
22
+ console.log('`sks xai` is deprecated. InsaneSearch no longer requires xAI/Grok or XAI_API_KEY.');
23
+ console.log('Use: sks insane-search doctor');
24
+ console.log('Use: sks insane-search x "<query>"');
25
25
  if (action === 'setup') {
26
26
  console.log('No MCP setup was performed.');
27
27
  process.exitCode = 1;
@@ -501,7 +501,7 @@ async function runDoctor(args = [], root, doctorFix) {
501
501
  warnings_suppressed: false,
502
502
  blockers: [err?.message || String(err)]
503
503
  }));
504
- const globalSksInstallCleanup = flag(args, '--fix') && !flag(args, '--local-only') && deepDiagnostics
504
+ const globalSksInstallCleanup = flag(args, '--fix') && !flag(args, '--local-only')
505
505
  ? await cleanDuplicateGlobalSksInstalls({ root, fix: true }).catch((err) => ({ schema: 'sks.global-sks-install-cleanup.v1', ok: false, fix: true, error: err?.message || String(err), blockers: ['global_sks_install_cleanup_exception'] }))
506
506
  : null;
507
507
  const { detectImagegenCapability } = await import('../core/imagegen/imagegen-capability.js');
@@ -879,6 +879,8 @@ async function runDoctor(args = [], root, doctorFix) {
879
879
  }
880
880
  if (globalSksInstallCleanup) {
881
881
  console.log(`Global SKS installs: kept ${globalSksInstallCleanup.kept?.length ?? 0}, removed ${globalSksInstallCleanup.removed?.filter((entry) => entry.ok).length ?? 0}, source repo exempt ${globalSksInstallCleanup.candidates?.filter((entry) => entry.source_repo_exempt).length ?? 0}`);
882
+ if (globalSksInstallCleanup.npm_cache)
883
+ console.log(`NPM cache cleanup: ${globalSksInstallCleanup.npm_cache.status}`);
882
884
  }
883
885
  if (!ready.ready && ready.next_actions?.length) {
884
886
  console.log('What still needs you:');
@@ -346,7 +346,7 @@ function runNextAction(route, id, args) {
346
346
  function safeRouteExecutionArgs(route, prompt, { auto = false } = {}) {
347
347
  if (route.command === '$DB')
348
348
  return ['db', 'check', '--sql', 'SELECT 1', '--json'];
349
- if (route.command === '$Ultra-Search')
349
+ if (route.command === '$Insane-Search')
350
350
  return ultraSearchExecutionArgs(prompt);
351
351
  if (route.command === '$SEO-GEO-OPTIMIZER')
352
352
  return ['seo-geo-optimizer', searchVisibilityActionFromPrompt(prompt), '--mode', searchVisibilityModeFromPrompt(prompt), '--target', searchVisibilityTargetFromPrompt(prompt), '--offline', '--json'];
@@ -366,22 +366,26 @@ function ultraSearchExecutionArgs(prompt = '') {
366
366
  const stripped = stripUltraSearchPrompt(prompt);
367
367
  const lower = stripped.toLowerCase();
368
368
  if (!stripped || /^(?:doctor|check|status)\b/.test(lower))
369
- return ['ultra-search', 'doctor', '--json'];
369
+ return ['insane-search', 'doctor', '--json'];
370
370
  if (/^(?:x|x-search|x_search)\b/.test(lower)) {
371
371
  const query = stripped.replace(/^(?:x|x-search|x_search)\b[:\s-]*/i, '').trim() || 'source intelligence fixture';
372
- return ['ultra-search', 'x', query, '--json'];
372
+ return ['insane-search', 'x', query, '--json'];
373
373
  }
374
374
  const url = stripped.match(/\bhttps?:\/\/\S+/)?.[0];
375
375
  if (/^(?:fetch|url)\b/.test(lower) || url)
376
- return ['ultra-search', 'fetch', url || stripped.replace(/^(?:fetch|url)\b[:\s-]*/i, '').trim() || 'https://example.com', '--json'];
376
+ return ['insane-search', 'fetch', url || stripped.replace(/^(?:fetch|url)\b[:\s-]*/i, '').trim() || 'https://example.com', '--json'];
377
377
  const query = stripped.replace(/^run\b[:\s-]*/i, '').trim() || 'source intelligence fixture';
378
- return ['ultra-search', 'run', query, '--mode', 'balanced', '--json'];
378
+ return ['insane-search', 'run', query, '--mode', 'balanced', '--json'];
379
379
  }
380
380
  function stripUltraSearchPrompt(prompt = '') {
381
381
  return String(prompt || '')
382
382
  .trim()
383
+ .replace(/^\[\$Insane-Search\]\([^)]+\)(?:\s|:)?\s*/i, '')
384
+ .replace(/^\[\$InsaneSearch\]\([^)]+\)(?:\s|:)?\s*/i, '')
383
385
  .replace(/^\[\$Ultra-Search\]\([^)]+\)(?:\s|:)?\s*/i, '')
384
386
  .replace(/^\[\$UltraSearch\]\([^)]+\)(?:\s|:)?\s*/i, '')
387
+ .replace(/^\$Insane-Search(?:\s|:)?\s*/i, '')
388
+ .replace(/^\$InsaneSearch(?:\s|:)?\s*/i, '')
385
389
  .replace(/^\$Ultra-Search(?:\s|:)?\s*/i, '')
386
390
  .replace(/^\$UltraSearch(?:\s|:)?\s*/i, '')
387
391
  .trim();
@@ -10,8 +10,8 @@ import { madDbOperationClassesFromClassification } from './mad-db/mad-db-policy.
10
10
  export const DEFAULT_DB_SAFETY_POLICY = Object.freeze({
11
11
  schema_version: 1,
12
12
  mode: 'read_only_default',
13
- destructive_operations: 'deny_always',
14
- production_writes: 'deny_always',
13
+ destructive_operations: 'deny_without_active_mad_db_capability',
14
+ production_writes: 'deny_without_active_mad_db_capability',
15
15
  mcp_live_writes: 'deny_by_default',
16
16
  require_project_scoped_mcp: true,
17
17
  require_read_only_mcp_for_real_data: true,
@@ -12,18 +12,22 @@ export async function cleanDuplicateGlobalSksInstalls(opts = {}) {
12
12
  const planned = planGlobalSksInstallCleanup(candidates, { sourceRoot });
13
13
  const removed = [];
14
14
  const blockers = [...planned.blockers];
15
+ const cleanupContract = opts.fix === true && npmBin
16
+ ? createRequestedScopeContract({
17
+ route: 'doctor',
18
+ userRequest: 'sks doctor --fix global SKS install and npm cache cleanup',
19
+ projectRoot: sourceRoot,
20
+ overrides: { package_install: true }
21
+ })
22
+ : null;
23
+ const guardContext = cleanupContract && npmBin
24
+ ? guardContextForRoute(sourceRoot, cleanupContract, 'sks doctor --fix global SKS install and npm cache cleanup')
25
+ : null;
15
26
  if (opts.fix === true && planned.removable.length > 0) {
16
- if (!npmBin) {
27
+ if (!npmBin || !guardContext) {
17
28
  blockers.push('npm_not_found_for_duplicate_global_sks_cleanup');
18
29
  }
19
30
  else {
20
- const cleanupContract = createRequestedScopeContract({
21
- route: 'doctor',
22
- userRequest: 'sks doctor --fix duplicate global SKS cleanup',
23
- projectRoot: sourceRoot,
24
- overrides: { package_install: true }
25
- });
26
- const guardContext = guardContextForRoute(sourceRoot, cleanupContract, 'sks doctor --fix duplicate global SKS cleanup');
27
31
  for (const candidate of planned.removable) {
28
32
  if (!candidate.prefix) {
29
33
  blockers.push(`duplicate_global_sks_missing_prefix:${candidate.package_root || candidate.bin || 'unknown'}`);
@@ -44,9 +48,12 @@ export async function cleanDuplicateGlobalSksInstalls(opts = {}) {
44
48
  }
45
49
  }
46
50
  }
51
+ const npmCache = await cleanNpmCache({ fix: opts.fix === true, npmBin, env, guardContext });
52
+ if (opts.fix === true && !npmCache.ok)
53
+ blockers.push(...npmCache.blockers);
47
54
  return {
48
55
  schema: 'sks.global-sks-install-cleanup.v1',
49
- ok: blockers.length === 0,
56
+ ok: blockers.length === 0 && npmCache.ok,
50
57
  fix: opts.fix === true,
51
58
  source_root: sourceRoot,
52
59
  package: 'sneakoscope',
@@ -54,6 +61,7 @@ export async function cleanDuplicateGlobalSksInstalls(opts = {}) {
54
61
  kept: planned.kept,
55
62
  removable: planned.removable,
56
63
  removed,
64
+ npm_cache: npmCache,
57
65
  blockers
58
66
  };
59
67
  }
@@ -217,6 +225,62 @@ function dedupeCandidates(candidates) {
217
225
  function scoreCandidate(candidate) {
218
226
  return (candidate.bin ? 2 : 0) + (candidate.prefix ? 1 : 0);
219
227
  }
228
+ async function cleanNpmCache(opts) {
229
+ const args = ['cache', 'clean', '--force', '--silent'];
230
+ const command = opts.npmBin ? [opts.npmBin, ...args].join(' ') : null;
231
+ if (!opts.fix) {
232
+ return {
233
+ schema: 'sks.npm-cache-cleanup.v1',
234
+ ok: true,
235
+ fix: false,
236
+ status: 'skipped',
237
+ command,
238
+ code: null,
239
+ scope: 'npm_cache_all_packages',
240
+ stdout_tail: '',
241
+ stderr_tail: '',
242
+ blockers: []
243
+ };
244
+ }
245
+ if (!opts.npmBin || !opts.guardContext) {
246
+ return {
247
+ schema: 'sks.npm-cache-cleanup.v1',
248
+ ok: false,
249
+ fix: true,
250
+ status: 'npm_missing',
251
+ command: null,
252
+ code: null,
253
+ scope: 'npm_cache_all_packages',
254
+ stdout_tail: '',
255
+ stderr_tail: '',
256
+ blockers: ['npm_not_found_for_npm_cache_cleanup']
257
+ };
258
+ }
259
+ const result = await guardedPackageInstall(opts.guardContext, 'npm cache clean --force', {
260
+ confirmed: true,
261
+ command: opts.npmBin,
262
+ args,
263
+ env: opts.env,
264
+ timeoutMs: 60_000,
265
+ maxOutputBytes: 16 * 1024
266
+ }).catch((err) => ({ code: 1, stdout: '', stderr: err?.message || String(err) }));
267
+ const ok = result.code === 0;
268
+ return {
269
+ schema: 'sks.npm-cache-cleanup.v1',
270
+ ok,
271
+ fix: true,
272
+ status: ok ? 'cleaned' : 'failed',
273
+ command,
274
+ code: result.code,
275
+ scope: 'npm_cache_all_packages',
276
+ stdout_tail: tail(result.stdout),
277
+ stderr_tail: tail(result.stderr),
278
+ blockers: ok ? [] : ['npm_cache_clean_failed']
279
+ };
280
+ }
281
+ function tail(text) {
282
+ return String(text || '').slice(-2000);
283
+ }
220
284
  async function realpathOrSelf(value) {
221
285
  try {
222
286
  return await fsp.realpath(value);