sneakoscope 0.6.25 → 0.6.26

package/README.md

@@ -30,7 +30,7 @@ Sneakoscope Codex is for developers who want Codex CLI to keep working until a g
 - **Database-safe autonomous coding**: destructive SQL, unsafe Supabase MCP writes, production DB mutation, and risky migration flows are blocked or surfaced early.
 - **Harness self-protection**: after setup, installed SKS control files are locked against LLM tool edits, with a source-repo-only exception for Sneakoscope engine development.
 - **Other-harness conflict gate**: OMX/DCodex-style Codex harness traces block npm install and setup until a human-approved cleanup is performed.
-- **Automatic project versioning**: every commit can carry a unique patch version bump, with package-lock sync and a Git common-dir lock for parallel workers.
+- **Automatic project versioning**: commits can carry a unique patch bump with lockfile sync.
 - **Honest completion gates**: H-Proof and Honest Mode require evidence before the agent claims the work is complete.
 - **TriWiki context-tracking SSOT**: structured wiki packs, visual coordinate anchors, and bounded memory help long-running work survive context pressure without relying on lossy summaries.
 
@@ -43,7 +43,7 @@ npm i -g sneakoscope
 sks
 ```
 
-`npm i -g sneakoscope` prints setup guidance without making npm output look like a crash. If OMX, DCodex, or their global/repo-level traces are detected during postinstall, npm installation can still finish, but SKS clearly reports that `sks setup` and `sks doctor --fix` are blocked until a human-approved cleanup happens. In an interactive terminal, postinstall asks whether to show the GPT-5.5 high cleanup prompt now; in CI or agent installs, it prints `sks conflicts prompt` for later. If no conflicting harness exists, SKS checks whether the `sks` command is available, best-effort creates a command shim in a writable PATH directory when needed, and best-effort installs the Context7 MCP globally when Codex CLI is available. Run `sks` in a real terminal to open the setup UI. The UI asks whether this project should use the global install or a project-only install, then offers to run setup, doctor, and selftest.
+`npm i -g sneakoscope` prints setup guidance without making npm output look like a crash. If OMX, DCodex, or their global/repo-level traces are detected, npm can finish but SKS reports that `sks setup` and `sks doctor --fix` are blocked until human-approved cleanup. Otherwise postinstall best-effort creates an `sks` shim, configures Context7 when Codex CLI is available, and initializes the current project when `INIT_CWD` looks like one. Project setup writes hooks, skills, agents, `$team`, and the `$agent-team` fallback picker alias. Run `sks` for the setup UI.
 
 Default non-interactive setup:
 
@@ -159,7 +159,7 @@ AGENTS.md                repository rules loaded by Codex agents
 .sneakoscope/            mission state, gates, logs, policy, GX cartridges, and reports
 ```
 
-Codex App discovers repo-local skills from `.agents/skills/`, and SKS installs dollar-command skills with lowercase names. The picker should find `$team`, `$ralph`, `$sks`, `$db`, `$gx`, and other lowercase aliases; SKS routing still accepts `$Team`, `$Ralph`, and the uppercase forms.
+Codex App discovers repo-local skills from `.agents/skills/`. The picker should find `$team`, `$ralph`, `$sks`, `$db`, `$gx`, and other lowercase aliases; SKS still accepts `$Team`, `$Ralph`, and uppercase forms. SKS also installs `$agent-team` as a Team fallback alias when the app hides the plain `team` skill name.
 
 SKS uses the official Codex hook behavior: `UserPromptSubmit` can inject additional developer context or block a prompt, `Stop` with `decision: "block"` continues the turn by creating a new continuation prompt, and hook `statusMessage` text makes active SKS routing, guard, permission, and done-gate checks visible in Codex App.
 
@@ -167,9 +167,9 @@ After setup, SKS writes `.sneakoscope/harness-guard.json`. Hooks block LLM tool
 
 ## Project Versioning
 
-SKS setup installs a managed Git `pre-commit` hook for projects with `package.json`. On every commit, SKS bumps the project patch version before Git writes the commit, syncs `package-lock.json` and `npm-shrinkwrap.json` when present, and stages those version files into the same commit.
+SKS setup installs a managed Git `pre-commit` hook for projects with `package.json`. It bumps the patch version, syncs lockfiles, and stages those files into the same commit.
 
-Multiple workers and worktrees share a version lock in the Git common directory. If another worker already used a version, the next commit automatically bumps above the last seen version instead of reusing it.
+Workers and worktrees share a Git common-dir lock so versions are not reused.
 
 ```bash
 sks versioning status
@@ -241,7 +241,7 @@ If your shell cannot find the global command yet, run through npm without relyin
 npx -y -p sneakoscope sks setup
 ```
 
-The global postinstall also tries to create a local `sks` shim automatically. If the only writable fallback is `~/.local/bin` or `~/bin`, add that directory to your shell PATH once.
+The global postinstall also tries to create a local `sks` shim automatically. If the install runs from a project directory, it performs the same Codex App setup as `sks setup` unless `SKS_SKIP_POSTINSTALL_SETUP=1` or CI is active.
 
 Create a Ralph mission:
 
@@ -284,7 +284,7 @@ sks research run latest --max-cycles 3
 - **Forced subagent execution policy**: code-changing work first surfaces SKS status context, then defaults to parallel worker subagents when independent write scopes exist; the parent orchestrator owns integration and verification.
 - **AutoResearch loop**: open-ended improvement tasks use a small experiment cycle: program, hypothesis, experiment, metric, keep/discard, falsification, and honest conclusion.
 - **Update-aware hooks**: before work, SKS checks for a newer published package and asks whether to update now or skip for the current conversation only.
-- **Automatic project versioning**: setup installs a pre-commit guard that bumps `package.json` patch versions, syncs lockfiles, stages them, and avoids duplicate versions across parallel workers.
+- **Automatic project versioning**: setup installs a pre-commit patch bump and lockfile sync guard.
 - **Honest Mode finish**: final answers must include an evidence-aware verification pass before claiming the goal is complete.
 - **Fast DF mode**: `$DF` handles small design/content edits like color, copy, labels, spacing, and translation without unnecessary Ralph, Research, or evaluation loops.
 - **Database guard**: destructive DB operations, production writes, unsafe Supabase MCP configuration, and direct live SQL mutations are blocked or warned on.
@@ -504,7 +504,7 @@ Context tracking uses TriWiki as the SSOT. When a route spans turns, subagent ha
 
 Installed projects treat the SKS harness as immutable to LLM tool edits. The `PreToolUse` and `PermissionRequest` hooks block direct writes to generated control files, generated skills/agents, policy files, `AGENTS.md`, and the installed `node_modules/sneakoscope` package. They also block LLM-issued maintenance commands such as `sks setup`, `sks init`, `sks doctor --fix`, `sks context7 setup`, and package-manager removal of `sneakoscope`.
 
-`sks doctor --fix` repairs broken SKS-generated settings by deleting and regenerating the current installed package templates for Codex hooks, config, app skills, local agents, manifest, policy, DB guard, and harness guard. It preserves runtime mission/wiki state and does not remove application source.
+`sks doctor --fix` repairs broken SKS-generated hooks, config, app skills, local agents, manifest, policy, DB guard, and harness guard. It also restores picker fallback aliases such as `$agent-team` when `$team` can be hidden by the app. Runtime mission/wiki state and application source are preserved.
 
 The guard writes fingerprints to `.sneakoscope/harness-guard.json`, and `sks doctor` includes the guard in readiness. Check it directly with:
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "Sneakoscope Codex",
-  "version": "0.6.25",
+  "version": "0.6.26",
   "description": "Sneakoscope Codex: update-aware, database-safe Codex CLI harness with multi-agent Team orchestration, Ralph no-question execution, autoresearch-style loops, and H-Proof gates.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/main.mjs

@@ -180,6 +180,11 @@ async function postinstall() {
   else if (context7Install.status === 'codex_missing') console.log('Context7 MCP: Codex CLI missing. Install @openai/codex or set SKS_CODEX_BIN, then run `sks context7 setup --scope global` or `sks setup` in a project.');
   else if (context7Install.status === 'skipped') console.log(`Context7 MCP: skipped (${context7Install.reason}).`);
   else if (context7Install.status === 'failed') console.log(`Context7 MCP: auto setup failed. Run \`sks context7 setup --scope global\` or \`sks setup\`. ${context7Install.error || ''}`.trim());
+  const appSetup = await ensureCodexAppProjectDuringInstall(installRoot, { shim });
+  if (appSetup.status === 'installed') console.log(`Codex App project setup: installed in ${appSetup.root} (${appSetup.install_scope}; picker aliases include ${appSetup.aliases.join(', ')}).`);
+  else if (appSetup.status === 'partial') console.log(`Codex App project setup: repaired with missing skill warning (${appSetup.missing_skills.join(', ')}). Run \`sks doctor --fix\`.`);
+  else if (appSetup.status === 'skipped') console.log(`Codex App project setup: skipped (${appSetup.reason}).`);
+  else if (appSetup.status === 'failed') console.log(`Codex App project setup: auto setup failed. Run \`sks doctor --fix\`. ${appSetup.error || ''}`.trim());
   console.log('Run `sks` to open the interactive setup UI, or run `sks setup` for the default global setup.');
   console.log('Project-only setup: `sks wizard` -> choose project, or `npx sks setup --install-scope project`.\n');
 }
@@ -288,6 +293,47 @@ async function ensureGlobalContext7DuringInstall() {
   return { status: 'failed', error: `${add.stderr || add.stdout || 'codex mcp add failed'}`.trim() };
 }
 
+async function ensureCodexAppProjectDuringInstall(installRoot, opts = {}) {
+  if (process.env.SKS_SKIP_POSTINSTALL_SETUP === '1') return { status: 'skipped', reason: 'SKS_SKIP_POSTINSTALL_SETUP=1' };
+  if (process.env.CI === 'true') return { status: 'skipped', reason: 'CI=true' };
+  const root = path.resolve(installRoot || process.cwd());
+  if (!(await isProjectSetupCandidate(root))) return { status: 'skipped', reason: 'no package.json, .git, .codex, .agents, or AGENTS.md in INIT_CWD' };
+  try {
+    const installScope = await isProjectPackageInstall(root) ? 'project' : 'global';
+    const globalCommand = opts.shim?.command && opts.shim.status !== 'created_not_on_path'
+      ? opts.shim.command
+      : await globalSksCommand();
+    await initProject(root, { installScope, globalCommand, localOnly: false });
+    const skills = await checkRequiredSkills(root);
+    return {
+      status: skills.ok ? 'installed' : 'partial',
+      root,
+      install_scope: installScope,
+      aliases: DOLLAR_COMMAND_ALIASES.map((x) => x.app_skill),
+      missing_skills: skills.missing
+    };
+  } catch (err) {
+    return { status: 'failed', root, error: err.message };
+  }
+}
+
+async function isProjectSetupCandidate(root) {
+  for (const marker of ['package.json', '.git', '.codex', '.agents', 'AGENTS.md']) {
+    if (await exists(path.join(root, marker))) return true;
+  }
+  return false;
+}
+
+async function isProjectPackageInstall(root) {
+  const installedPackage = path.join(root, 'node_modules', 'sneakoscope');
+  if (!(await exists(path.join(installedPackage, 'package.json')))) return false;
+  const [installedReal, packageReal] = await Promise.all([
+    fsp.realpath(installedPackage).catch(() => installedPackage),
+    fsp.realpath(packageRoot()).catch(() => packageRoot())
+  ]);
+  return installedReal === packageReal;
+}
+
 async function wizard(args = []) {
   if (!shouldShowWizard() && !flag(args, '--force')) return help();
   const rl = readline.createInterface({ input, output });
@@ -1716,10 +1762,13 @@ async function selftest() {
   const repairTmp = tmpdir();
   await initProject(repairTmp, {});
   await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'team', 'SKILL.md'), 'tampered\n');
+  await fsp.rm(path.join(repairTmp, '.agents', 'skills', 'agent-team'), { recursive: true, force: true });
   await writeTextAtomic(path.join(repairTmp, '.codex', 'skills', 'team', 'SKILL.md'), 'legacy mirror\n');
   await initProject(repairTmp, { force: true, repair: true });
   const repairedTeamSkill = await safeReadText(path.join(repairTmp, '.agents', 'skills', 'team', 'SKILL.md'));
   if (!repairedTeamSkill.includes('SKS Team multi-agent orchestration') || repairedTeamSkill.includes('tampered')) throw new Error('selftest failed: doctor repair did not regenerate team skill');
+  const repairedTeamAliasSkill = await safeReadText(path.join(repairTmp, '.agents', 'skills', 'agent-team', 'SKILL.md'));
+  if (!repairedTeamAliasSkill.includes('Fallback Codex App picker alias')) throw new Error('selftest failed: doctor repair did not regenerate agent-team fallback skill');
   if (await exists(path.join(repairTmp, '.codex', 'skills', 'team', 'SKILL.md'))) throw new Error('selftest failed: doctor repair did not remove legacy .codex/skills');
   const conflictTmp = tmpdir();
   await ensureDir(path.join(conflictTmp, '.omx'));
@@ -1731,6 +1780,12 @@ async function selftest() {
   if (!postinstallConflictOutput.includes('SKS setup is blocked') || postinstallConflictOutput.includes('Cleanup prompt:')) throw new Error('selftest failed: postinstall conflict notice did not stay informational');
   const postinstallConflictPrompt = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'postinstall'], { cwd: conflictTmp, input: 'y\n', env: { INIT_CWD: conflictTmp, HOME: path.join(conflictTmp, 'home'), SKS_SKIP_POSTINSTALL_SHIM: '1', SKS_SKIP_POSTINSTALL_CONTEXT7: '1', SKS_POSTINSTALL_PROMPT: '1' }, timeoutMs: 15000, maxOutputBytes: 128 * 1024 });
   if (postinstallConflictPrompt.code !== 0 || !String(postinstallConflictPrompt.stdout || '').includes('Goal: completely remove the conflicting Codex harnesses')) throw new Error('selftest failed: interactive postinstall prompt did not print cleanup prompt');
+  const postinstallSetupTmp = tmpdir();
+  await writeJsonAtomic(path.join(postinstallSetupTmp, 'package.json'), { name: 'postinstall-setup-smoke', version: '0.0.0' });
+  const postinstallSetup = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'postinstall'], { cwd: postinstallSetupTmp, env: { INIT_CWD: postinstallSetupTmp, HOME: path.join(postinstallSetupTmp, 'home'), SKS_SKIP_POSTINSTALL_SHIM: '1', SKS_SKIP_POSTINSTALL_CONTEXT7: '1' }, timeoutMs: 15000, maxOutputBytes: 128 * 1024 });
+  if (postinstallSetup.code !== 0) throw new Error(`selftest failed: postinstall setup exited ${postinstallSetup.code}: ${postinstallSetup.stderr}`);
+  if (!(await exists(path.join(postinstallSetupTmp, '.agents', 'skills', 'agent-team', 'SKILL.md')))) throw new Error('selftest failed: postinstall did not install agent-team fallback skill');
+  if (!String(postinstallSetup.stdout || '').includes('Codex App project setup: installed')) throw new Error('selftest failed: postinstall did not report automatic Codex App setup');
   const guardBlocked = await checkHarnessModification(tmp, { tool_name: 'apply_patch', command: '*** Update File: .agents/skills/team/SKILL.md\n+tamper\n' });
   if (guardBlocked.action !== 'block') throw new Error('selftest failed: harness guard allowed skill tampering');
   const setupBlocked = await checkHarnessModification(tmp, { command: 'sks setup --force' });
@@ -1767,6 +1822,16 @@ async function selftest() {
   await initProject(projectScopeTmp, { installScope: 'project' });
   const projectHooks = await readJson(path.join(projectScopeTmp, '.codex', 'hooks.json'));
   if (projectHooks.hooks.PreToolUse[0].hooks[0].command !== 'node ./node_modules/sneakoscope/bin/sks.mjs hook pre-tool') throw new Error('selftest failed: project install hook command missing');
+  const sourceHookTmp = tmpdir();
+  await writeJsonAtomic(path.join(sourceHookTmp, 'package.json'), { name: 'sneakoscope', version: '0.0.0' });
+  await ensureDir(path.join(sourceHookTmp, 'bin'));
+  await ensureDir(path.join(sourceHookTmp, 'src', 'core'));
+  await writeTextAtomic(path.join(sourceHookTmp, 'bin', 'sks.mjs'), '#!/usr/bin/env node\n');
+  await writeTextAtomic(path.join(sourceHookTmp, 'src', 'core', 'init.mjs'), '');
+  await writeTextAtomic(path.join(sourceHookTmp, 'src', 'core', 'hooks-runtime.mjs'), '');
+  await initProject(sourceHookTmp, { installScope: 'global', globalCommand: '/usr/local/bin/sks' });
+  const sourceHooks = await readJson(path.join(sourceHookTmp, '.codex', 'hooks.json'));
+  if (sourceHooks.hooks.PreToolUse[0].hooks[0].command !== 'node ./bin/sks.mjs hook pre-tool') throw new Error('selftest failed: source repo hook command should use local bin');
   const versionTmp = tmpdir();
   await runProcess('git', ['init'], { cwd: versionTmp, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
   await runProcess('git', ['config', 'user.email', 'sks-selftest@example.invalid'], { cwd: versionTmp, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
@@ -1857,7 +1922,13 @@ async function selftest() {
   const hookGuardResult = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'hook', 'pre-tool'], { cwd: tmp, input: hookGuardPayload, env: { SKS_DISABLE_UPDATE_CHECK: '1' }, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
   const hookGuardJson = JSON.parse(hookGuardResult.stdout);
   if (hookGuardJson.decision !== 'block' || !String(hookGuardJson.reason || '').includes('harness guard')) throw new Error('selftest failed: hook did not block harness tampering');
+  const camelHookGuardPayload = JSON.stringify({ cwd: tmp, toolName: 'apply_patch', toolInput: { command: '*** Update File: .agents/skills/team/SKILL.md\n+tamper\n' } });
+  const camelHookGuardResult = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'hook', 'pre-tool'], { cwd: tmp, input: camelHookGuardPayload, env: { SKS_DISABLE_UPDATE_CHECK: '1' }, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
+  const camelHookGuardJson = JSON.parse(camelHookGuardResult.stdout);
+  if (camelHookGuardJson.decision !== 'block') throw new Error('selftest failed: hook did not block camelCase Codex tool payload');
   if (new Set(DOLLAR_COMMANDS.map((c) => c.command)).size !== DOLLAR_COMMANDS.length) throw new Error('selftest failed: duplicate dollar commands');
+  if (!DOLLAR_COMMAND_ALIASES.some((alias) => alias.canonical === '$Team' && alias.app_skill === '$agent-team')) throw new Error('selftest failed: $Team fallback picker alias missing');
+  if (routePrompt('$agent-team run specialists')?.id !== 'Team') throw new Error('selftest failed: $agent-team did not route to Team');
   if (!COMMAND_CATALOG.some((c) => c.name === 'context7') || !COMMAND_CATALOG.some((c) => c.name === 'pipeline')) throw new Error('selftest failed: context7/pipeline commands missing from catalog');
   const registryDollarCommands = DOLLAR_COMMANDS.map((c) => c.command);
   const manifest = await readJson(path.join(tmp, '.sneakoscope', 'manifest.json'));
@@ -1883,10 +1954,11 @@ async function selftest() {
   const hookResult = await runProcess(process.execPath, [hookBin, 'hook', 'user-prompt-submit'], { cwd: hookRalphTmp, input: hookPayload, env: { SKS_DISABLE_UPDATE_CHECK: '1' }, timeoutMs: 15000, maxOutputBytes: 256 * 1024 });
   if (hookResult.code !== 0) throw new Error(`selftest failed: $Ralph hook exited ${hookResult.code}: ${hookResult.stderr}`);
   const hookJson = JSON.parse(hookResult.stdout);
-  if (!hookJson.additionalContext?.includes('MANDATORY $Ralph route activated')) throw new Error('selftest failed: $Ralph hook did not activate Ralph prepare pipeline');
+  if ('statusMessage' in hookJson || 'additionalContext' in hookJson) throw new Error('selftest failed: hook emitted Codex schema-invalid top-level fields');
+  if (!hookJson.hookSpecificOutput?.additionalContext?.includes('MANDATORY $Ralph route activated')) throw new Error('selftest failed: $Ralph hook did not activate Ralph prepare pipeline');
   if (hookJson.hookSpecificOutput?.hookEventName !== 'UserPromptSubmit' || !hookJson.hookSpecificOutput?.additionalContext?.includes('MANDATORY $Ralph route activated')) throw new Error('selftest failed: $Ralph hook did not emit official UserPromptSubmit additionalContext');
   if (!String(hookJson.systemMessage || '').includes('Ralph clarification gate')) throw new Error('selftest failed: $Ralph hook missing visible status message');
-  if (!hookJson.additionalContext?.includes('GOAL_PRECISE')) throw new Error('selftest failed: $Ralph hook did not provide clarification questions');
+  if (!hookJson.hookSpecificOutput?.additionalContext?.includes('GOAL_PRECISE')) throw new Error('selftest failed: $Ralph hook did not provide clarification questions');
   const hookState = await readJson(stateFile(hookRalphTmp), {});
   if (hookState.phase !== 'RALPH_AWAITING_ANSWERS') throw new Error('selftest failed: $Ralph hook did not set awaiting-answers state');
   if (!(await exists(path.join(missionDir(hookRalphTmp, hookState.mission_id), 'questions.md')))) throw new Error('selftest failed: $Ralph hook did not write questions.md');

package/src/core/db-safety.mjs

@@ -33,7 +33,7 @@ export async function ensureDbSafetyPolicy(root) {
 }
 
 export async function loadDbSafetyPolicy(root) {
-  const p = await ensureDbSafetyPolicy(root);
+  const p = path.join(root, '.sneakoscope', 'db-safety.json');
   const data = await readJson(p, {});
   return { ...DEFAULT_DB_SAFETY_POLICY, ...(data || {}) };
 }
@@ -189,7 +189,7 @@ function looksLikeSqlText(text = '') {
 
 export function classifyToolPayload(payload = {}) {
   const strings = recursivelyCollectStrings(payload).slice(0, 200);
-  const toolName = [payload.tool_name, payload.name, payload.tool?.name, payload.server, payload.mcp_tool, payload.tool, payload.type].filter(Boolean).join(' ').toLowerCase();
+  const toolName = [payload.tool_name, payload.toolName, payload.name, payload.tool?.name, payload.server, payload.mcp_tool, payload.tool, payload.type].filter(Boolean).join(' ').toLowerCase();
   const combined = strings.filter(looksLikeSqlText).join('\n');
   const sqlClass = classifySql(combined);
   const commandClass = classifyCommand(strings.find((s) => /\b(supabase|psql|prisma|drizzle|knex|sequelize)\b/i.test(s)) || '');

package/src/core/harness-guard.mjs

@@ -130,7 +130,7 @@ export function harnessGuardBlockReason(decision = {}) {
 export function classifyHarnessPayload(root, payload = {}, policy = {}) {
   const strings = collectPayloadStrings(payload).slice(0, 300);
   const hay = strings.join('\n');
-  const toolName = [payload.tool_name, payload.name, payload.tool?.name, payload.server, payload.mcp_tool, payload.tool, payload.type].filter(Boolean).join(' ').toLowerCase();
+  const toolName = [payload.tool_name, payload.toolName, payload.name, payload.tool?.name, payload.server, payload.mcp_tool, payload.tool, payload.type].filter(Boolean).join(' ').toLowerCase();
   const command = extractCommand(payload);
   const writeIntent = hasWriteIntent(toolName, command, hay);
   const maintenance = classifyMaintenanceCommand(command || hay);
@@ -175,7 +175,7 @@ async function listFiles(dir) {
 }
 
 function extractCommand(payload = {}) {
-  return payload.command || payload.tool_input?.command || payload.input?.command || payload.tool?.input?.command || '';
+  return payload.command || payload.tool_input?.command || payload.toolInput?.command || payload.input?.command || payload.tool?.input?.command || '';
 }
 
 function collectPayloadStrings(obj, out = [], depth = 0) {

package/src/core/hooks-runtime.mjs

@@ -40,7 +40,26 @@ function conversationId(payload) {
 }
 
 function extractCommand(payload) {
-  return payload.command || payload.tool_input?.command || payload.input?.command || payload.tool?.input?.command || '';
+  return payload.command || payload.tool_input?.command || payload.toolInput?.command || payload.input?.command || payload.tool?.input?.command || '';
+}
+
+function toolFailed(payload = {}) {
+  const candidates = [
+    payload.exit_code,
+    payload.exitCode,
+    payload.tool_response?.exit_code,
+    payload.toolResponse?.exitCode,
+    payload.result?.exit_code,
+    payload.result?.exitCode
+  ];
+  for (const candidate of candidates) {
+    if (candidate === undefined || candidate === null || candidate === '') continue;
+    const n = Number(candidate);
+    if (Number.isFinite(n)) return n !== 0;
+  }
+  if (payload.success === false || payload.tool_response?.success === false || payload.toolResponse?.success === false || payload.result?.success === false) return true;
+  if (payload.executed === false) return true;
+  return false;
 }
 
 function dollarCommand(prompt) {
@@ -111,8 +130,7 @@ async function hookPostTool(root, state, payload, noQuestion) {
   await recordContext7Evidence(root, state, payload).catch(() => null);
   await recordSubagentEvidence(root, state, payload).catch(() => null);
   if (!noQuestion) return { continue: true };
-  const failed = payload.exit_code && payload.exit_code !== 0;
-  if (failed) {
+  if (toolFailed(payload)) {
     return {
       additionalContext: 'SKS no-question mode is active. Do not ask the user about this tool failure. Apply the active plan fallback ladder, create a fix task, and continue.'
     };
@@ -231,22 +249,61 @@ export async function emitHook(name) {
 }
 
 function normalizeHookResult(name, result = {}) {
-  const out = { ...result };
   const eventName = codexHookEventName(name);
-  const specific = { ...(out.hookSpecificOutput || {}) };
-  if (out.additionalContext && (eventName === 'UserPromptSubmit' || eventName === 'PostToolUse')) {
-    specific.hookEventName = eventName;
-    specific.additionalContext = out.additionalContext;
+  const out = { ...result };
+  const systemMessage = out.systemMessage || visibleHookMessage(name, out.reason || out.additionalContext || '');
+  const normalized = { continue: out.continue !== false, systemMessage };
+  const reason = out.reason || 'SKS guard denied this action.';
+
+  if (eventName === 'UserPromptSubmit' || eventName === 'PostToolUse') {
+    if (out.decision === 'block') {
+      normalized.decision = 'block';
+      normalized.reason = reason;
+    }
+    if (out.additionalContext) {
+      normalized.hookSpecificOutput = {
+        hookEventName: eventName,
+        additionalContext: out.additionalContext
+      };
+    }
+    return normalized;
+  }
+
+  if (eventName === 'PreToolUse') {
+    if (out.decision === 'block' || out.permissionDecision === 'deny' || out.decision === 'deny') {
+      normalized.decision = 'block';
+      normalized.reason = reason;
+    }
+    return normalized;
+  }
+
+  if (eventName === 'PermissionRequest') {
+    if (out.decision === 'deny' || out.permissionDecision === 'deny') {
+      normalized.hookSpecificOutput = {
+        hookEventName: 'PermissionRequest',
+        decision: {
+          behavior: 'deny',
+          message: reason
+        }
+      };
+    } else if (out.decision === 'allow' || out.permissionDecision === 'allow') {
+      normalized.hookSpecificOutput = {
+        hookEventName: 'PermissionRequest',
+        decision: { behavior: 'allow' }
+      };
+    }
+    return normalized;
   }
-  if ((eventName === 'PreToolUse' || eventName === 'PermissionRequest') && (out.decision === 'block' || out.permissionDecision === 'deny' || out.decision === 'deny')) {
-    specific.hookEventName = eventName;
-    specific.permissionDecision = out.permissionDecision || 'deny';
-    specific.reason = out.reason || 'SKS guard denied this action.';
+
+  if (eventName === 'Stop') {
+    if (out.decision === 'block') {
+      normalized.decision = 'block';
+      normalized.reason = reason;
+    }
+    return normalized;
   }
-  if (Object.keys(specific).length) out.hookSpecificOutput = { hookEventName: eventName, ...specific };
-  if (!out.systemMessage) out.systemMessage = visibleHookMessage(name, out.reason || out.additionalContext || '');
-  if (!out.statusMessage) out.statusMessage = out.systemMessage;
-  return out;
+
+  return normalized;
 }
 
 function codexHookEventName(name) {

package/src/core/init.mjs

@@ -191,7 +191,9 @@ export async function initProject(root, opts = {}) {
   const created = [];
   const installScope = normalizeInstallScope(opts.installScope || 'global');
   const localOnly = Boolean(opts.localOnly);
-  const hookCommandPrefix = opts.hookCommandPrefix || sksCommandPrefix(installScope, { globalCommand: opts.globalCommand });
+  const sourceProject = await isHarnessSourceProject(root).catch(() => false);
+  const requestedHookCommandPrefix = opts.hookCommandPrefix || sksCommandPrefix(installScope, { globalCommand: opts.globalCommand });
+  const hookCommandPrefix = sourceProject ? 'node ./bin/sks.mjs' : requestedHookCommandPrefix;
   const sine = path.join(root, '.sneakoscope');
   if (opts.repair) {
     const repair = await repairSksGeneratedArtifacts(root, { resetState: Boolean(opts.resetState) });
@@ -506,9 +508,7 @@ export async function initProject(root, opts = {}) {
   created.push('.codex/agents/*');
   await writeHarnessGuardPolicy(root);
   created.push('.sneakoscope/harness-guard.json');
-  const versionHookCommand = await isHarnessSourceProject(root).catch(() => false)
-    ? 'node ./bin/sks.mjs'
-    : hookCommandPrefix;
+  const versionHookCommand = sourceProject ? 'node ./bin/sks.mjs' : hookCommandPrefix;
   const versionHook = await installVersionGitHook(root, versionHookCommand);
   if (versionHook.installed) created.push('.git/hooks/pre-commit SKS version guard');
   else created.push(`version guard skipped (${versionHook.reason})`);
@@ -687,6 +687,7 @@ async function installSkills(root) {
     'df': `---\nname: df\ndescription: Fast design/content fix mode for $DF or $df requests and inferred simple edits such as text color, copy, labels, spacing, or translation.\n---\n\nYou are running SKS DF mode.\n\nPurpose:\n- Quickly convert a small design/content request into the exact implementation change.\n- Use for requests like 글자 색 바꿔줘, 내용을 영어로 바꿔줘, button label 수정, spacing 조정, copy replacement, simple style tweaks.\n\nRules:\n- Do not start Ralph, Research, eval, or broad redesign unless the user explicitly asks.\n- Do not ask for more requirements when the target can be inferred from local context.\n- Inspect only the files needed to locate the target.\n- Make the smallest scoped edit that satisfies the request.\n- Preserve the existing design system and component patterns.\n- Run only cheap verification when useful, such as syntax check, focused test, or local render check for visual risk.\n- Final response should be short: what changed and any verification.\n`,
     'sks': `---\nname: sks\ndescription: General Sneakoscope Codex command route for $SKS or $sks usage, setup, status, and workflow help.\n---\n\nUse the local SKS control surface. Prefer these discovery commands when the user asks what is available: sks commands, sks usage <topic>, sks quickstart, sks codex-app, sks context7 check, sks guard check, sks conflicts check, sks reasoning, sks wiki pack, and sks pipeline status. If implementation is requested, route to the lightest matching SKS path and keep reasoning-profile changes temporary. For code-changing execution, first surface route/guard/write-scope status, then use worker subagents by default when scopes are independent; the parent integrates and verifies, while urgent blocking work stays local. Context tracking uses TriWiki as the SSOT for long-running or cross-turn work. Do not edit installed harness control files; the harness guard blocks LLM writes after setup except in the Sneakoscope engine source repo. If OMX/DCodex or another explicit Codex harness is detected, do not install SKS; use sks conflicts prompt and require human approval before cleanup.\n`,
     'team': `---\nname: team\ndescription: Dollar-command route for $Team or $team SKS Team multi-agent orchestration: parallel analysis scouts, TriWiki refresh, role-counted debate, fresh executor development team, live transcript, and final integration.\n---\n\nUse when the user invokes $Team/$team, asks for a team of agents, or asks for parallel specialist implementation.\n\nWorkflow:\n1. Create or inspect the Team mission with sks team \"task\" when useful. Role counts use executor:5 reviewer:2 user:1 planner:1. executor:N means exactly N analysis_scout_N agents first, exactly N debate participants next, and then a separate N-person executor development team. --agents N, --sessions N, and --team-size N remain aliases for executor/session budget; --max-agents uses the configured default maximum of 6 sessions/agents; default is executor:3 reviewer:1 user:1 planner:1.\n2. Parallel analysis scouts: spawn the concrete analysis_scout_N roster read-only. Split repo, docs, tests, API, DB-risk, UX-friction, and implementation-surface investigation into independent slices. Each scout returns source-backed findings for team-analysis.md.\n3. TriWiki refresh: parent turns scout findings into TriWiki-ready claims, runs sks wiki pack, then runs sks wiki validate .sneakoscope/wiki/context-pack.json. Do not move to debate or implementation until the pack is refreshed and validated.\n4. Debate bundle: spawn the concrete debate_team roster using the refreshed TriWiki context. Users are intentionally low-context, self-interested, stubborn, and inconvenience-averse. Executor voices are capable developers. Reviewers are strict. Planners force one coherent objective and required ambiguity-removal questions.\n5. Live visibility phase: after every useful scout finding, subagent status/result/handoff, record it with sks team event <mission-id|latest> --agent <name> --phase <phase> --message \"...\" so the user can see the team conversation without tmux.\n6. Consensus phase: synthesize debate into one objective, explicit constraints, acceptance criteria, and disjoint implementation slices.\n7. Close or stop the debate team after their results are captured.\n8. Development bundle: form a fresh development_team where exactly executor_N developers implement slices in parallel with non-overlapping ownership. Tell workers they are not alone in the codebase and must not revert others' edits.\n9. Review phase: validation_team reviewers check correctness, DB safety, missing tests, and evidence; user personas reject outcomes that create practical friction.\n10. Verification phase: run focused tests or justify gaps, update mission artifacts when present, and produce final evidence.\n\nLive files:\n- .sneakoscope/missions/<id>/team-analysis.md stores source-backed scout findings and TriWiki-ready claims.\n- .sneakoscope/missions/<id>/team-live.md is the user-readable live transcript inside Codex App.\n- .sneakoscope/missions/<id>/team-transcript.jsonl is the machine-readable event stream.\n- .sneakoscope/missions/<id>/team-dashboard.json is the current dashboard.\n\nRules:\n- The parent agent remains orchestrator and owns final integration.\n- Before spawning development workers, surface visible SKS route, guard, write-scope, TriWiki, and verification status.\n- Do not delegate the immediate blocking task when the parent can do it faster.\n- Use high reasoning only while the Team route is active, then return to the default/user-selected profile.\n- Never let subagents bypass SKS hooks, DB safety, no-question Ralph rules, or H-Proof completion gates.\n- Destructive database actions remain forbidden.\n`,
+    'agent-team': `---\nname: agent-team\ndescription: Fallback Codex App picker alias for $Team/$team when the app hides or reserves the plain team skill name.\n---\n\nUse exactly like $Team. This skill exists so npm install, sks setup, and sks doctor --fix can repair Codex App discovery when the plain \`team\` skill file exists but does not appear in the picker.\n\nRoute:\n- Treat $agent-team as $Team.\n- Create or inspect the Team mission with sks team \"task\" when useful.\n- Follow the same scout-first Team orchestration protocol: parallel analysis scouts, TriWiki refresh and validation, read-only debate, one sealed objective, fresh executor_N implementation team, strict review, and final evidence.\n- Record live progress with sks team event <mission-id|latest> --agent <name> --phase <phase> --message \"...\".\n\nRules:\n- The parent agent remains orchestrator and owns final integration.\n- Never let subagents bypass SKS hooks, DB safety, no-question Ralph rules, Context7 gates, or H-Proof/Honest Mode.\n- Destructive database actions remain forbidden.\n`,
     'ralph': `---\nname: ralph\ndescription: Dollar-command route for $Ralph or $ralph mandatory clarification and no-question mission workflows.\n---\n\nUse when the user invokes $Ralph/$ralph or requests a clarification-gated autonomous implementation mission. Prepare with sks ralph prepare, answer/seal required slots when answers are provided, then run only after decision-contract.json exists.\n`,
     'research': `---\nname: research\ndescription: Dollar-command route for $Research or $research frontier discovery workflows.\n---\n\nUse when the user invokes $Research/$research or asks for research, hypotheses, new mechanisms, falsification, or testable predictions. Prefer sks research prepare and sks research run. Do not use for ordinary code edits.\n`,
     'autoresearch': `---\nname: autoresearch\ndescription: Dollar-command route for $AutoResearch or $autoresearch iterative experiment loops.\n---\n\nUse when the user invokes $AutoResearch/$autoresearch or asks for iterative improvement, SEO/GEO, ranking, prompt/workflow improvement, benchmark gains, or open-ended experimentation. Follow the autoresearch-loop skill and load seo-geo-optimizer for README, npm, GitHub stars, schema, keyword, AI-search, or discoverability work. Define program, hypothesis, experiment, metric, keep/discard decision, falsification, next experiment, and Honest Mode conclusion.\n`,
@@ -724,7 +725,7 @@ async function installSkills(root) {
 }
 
 function enrichSkillContent(name, content) {
-  if (!['sks', 'team', 'ralph', 'research', 'autoresearch', 'db', 'gx', 'prompt-pipeline', 'pipeline-runner', 'turbo-context-pack', 'hproof-evidence-bind'].includes(name)) return content;
+  if (!['sks', 'team', 'agent-team', 'ralph', 'research', 'autoresearch', 'db', 'gx', 'prompt-pipeline', 'pipeline-runner', 'turbo-context-pack', 'hproof-evidence-bind'].includes(name)) return content;
   const text = String(content || '').trimEnd();
   if (text.includes('TriWiki context-tracking SSOT')) return text;
   return `${text}

package/src/core/pipeline.mjs

@@ -229,6 +229,7 @@ function formatRalphQuestions(schema) {
 export async function recordContext7Evidence(root, state, payload) {
   const stage = context7Stage(payload);
   if (!stage) return null;
+  if (!await shouldWritePipelineEvidence(root, state)) return null;
   const record = { ts: nowIso(), stage, tool: context7ToolName(payload), payload_keys: Object.keys(payload || {}).sort() };
   const id = state?.mission_id;
   const file = id ? path.join(missionDir(root, id), 'context7-evidence.jsonl') : path.join(root, '.sneakoscope', 'state', 'context7-evidence.jsonl');
@@ -243,6 +244,7 @@ export async function recordContext7Evidence(root, state, payload) {
 export async function recordSubagentEvidence(root, state, payload) {
   const stage = subagentStage(payload);
   if (!stage) return null;
+  if (!await shouldWritePipelineEvidence(root, state)) return null;
   const record = { ts: nowIso(), stage, tool: subagentToolName(payload), payload_keys: Object.keys(payload || {}).sort() };
   const id = state?.mission_id;
   const file = id ? path.join(missionDir(root, id), 'subagent-evidence.jsonl') : path.join(root, '.sneakoscope', 'state', 'subagent-evidence.jsonl');
@@ -254,6 +256,11 @@ export async function recordSubagentEvidence(root, state, payload) {
   return record;
 }
 
+async function shouldWritePipelineEvidence(root, state = {}) {
+  if (state?.mission_id) return exists(missionDir(root, state.mission_id));
+  return exists(path.join(root, '.sneakoscope', 'state', 'current.json'));
+}
+
 function subagentToolName(payload) {
   const obj = payload || {};
   return String(obj.tool_name || obj.name || obj.tool?.name || obj.mcp_tool || obj.command || obj.type || '');

package/src/core/routes.mjs

@@ -81,6 +81,7 @@ export const ROUTES = [
     mode: 'TEAM',
     route: 'multi-agent team orchestration',
     description: 'Run parallel analysis scouts, refresh TriWiki, debate with role personas, agree on an objective, close debate agents, then form a fresh executor development team for parallel work.',
+    appSkillAliases: ['agent-team'],
     requiredSkills: ['team', 'pipeline-runner', 'context7-docs', 'prompt-pipeline', 'honest-mode'],
     lifecycle: ['parallel_analysis_scouting', 'triwiki_refresh', 'planning_debate', 'live_transcript', 'consensus_artifact', 'fresh_implementation_team', 'review_artifact', 'integration_evidence', 'honest_mode'],
     context7Policy: 'required',
@@ -176,8 +177,14 @@ export const ROUTES = [
 ];
 
 export const DOLLAR_COMMANDS = ROUTES.map(({ command, route, description }) => ({ command, route, description }));
-export const DOLLAR_SKILL_NAMES = DOLLAR_COMMANDS.map((c) => dollarSkillName(c.command));
-export const DOLLAR_COMMAND_ALIASES = DOLLAR_COMMANDS.map((c) => ({ canonical: c.command, app_skill: `$${dollarSkillName(c.command)}` }));
+export const DOLLAR_SKILL_NAMES = ROUTES.flatMap((route) => [
+  dollarSkillName(route.command),
+  ...(route.appSkillAliases || [])
+]);
+export const DOLLAR_COMMAND_ALIASES = ROUTES.flatMap((route) => [
+  { canonical: route.command, app_skill: `$${dollarSkillName(route.command)}` },
+  ...(route.appSkillAliases || []).map((alias) => ({ canonical: route.command, app_skill: `$${alias}` }))
+]);
 
 export const COMMAND_CATALOG = [
   { name: 'help', usage: 'sks help [topic]', description: 'Show CLI help or focused help for a topic.' },
@@ -218,7 +225,15 @@ export const COMMAND_CATALOG = [
 
 export function routeById(id) {
   const key = String(id || '').replace(/^\$/, '').toLowerCase();
-  return ROUTES.find((route) => route.id.toLowerCase() === key || route.mode.toLowerCase() === key) || null;
+  return ROUTES.find((route) => {
+    const aliases = [
+      route.id,
+      route.mode,
+      dollarSkillName(route.command),
+      ...(route.appSkillAliases || [])
+    ].map((x) => String(x || '').toLowerCase());
+    return aliases.includes(key);
+  }) || null;
 }
 
 export function dollarCommand(prompt) {