sneakoscope 0.6.57 → 0.6.60

package/README.md

@@ -46,6 +46,7 @@ Use these inside Codex App or another agent prompt. They are prompt commands, no
 | `$Research` | Frontier-style research with hypotheses and falsification. |
 | `$AutoResearch` | Iterative improve-test-keep/discard optimization loop. |
 | `$DB` | Database and Supabase safety checks. |
+| `$MAD-SKS` | Explicit scoped DB authorization modifier; combine it with another `$` route when needed, widened Supabase MCP permissions last only for that invocation, and table deletion requires a short user confirmation timeout. |
 | `$GX` | Deterministic visual context generation and validation. |
 | `$Wiki` | TriWiki refresh, pack, prune, validate, and maintenance. |
 | `$Help` | Installed command and workflow explanation. |

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.6.57",
+  "version": "0.6.60",
   "description": "Sneakoscope Codex: database-safe Codex CLI/App harness with Team, Ralph, AutoResearch, TriWiki, and Honest Mode.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/main.mjs

@@ -14,7 +14,7 @@ import { containsUserQuestion, noQuestionContinuationReason } from '../core/no-q
 import { evaluateDoneGate, defaultDoneGate } from '../core/hproof.mjs';
 import { emitHook } from '../core/hooks-runtime.mjs';
 import { storageReport, enforceRetention, pruneWikiArtifacts } from '../core/retention.mjs';
-import { classifySql, classifyCommand, loadDbSafetyPolicy, safeSupabaseMcpConfig, checkSqlFile, checkDbOperation, scanDbSafety } from '../core/db-safety.mjs';
+import { classifySql, classifyCommand, loadDbSafetyPolicy, safeSupabaseMcpConfig, checkSqlFile, checkDbOperation, scanDbSafety, handleMadSksUserConfirmation } from '../core/db-safety.mjs';
 import { checkHarnessModification, harnessGuardStatus, isHarnessSourceProject } from '../core/harness-guard.mjs';
 import { formatHarnessConflictReport, llmHarnessCleanupPrompt, scanHarnessConflicts } from '../core/harness-conflicts.mjs';
 import { context7Docs, context7Resolve, context7Text, context7Tools } from '../core/context7-client.mjs';
@@ -484,7 +484,7 @@ async function updateCheck(args = []) {
   if (result.update_available) console.log('Run:     npm i -g sneakoscope');
 }
 
-const DOLLAR_DEFAULT_PIPELINE_TEXT = 'Default pipeline: questions -> $Answer, small design/content -> $DFix, code -> $Team. Use $From-Chat-IMG only for chat screenshot plus original attachments.';
+const DOLLAR_DEFAULT_PIPELINE_TEXT = 'Default pipeline: questions -> $Answer, small design/content -> $DFix, code -> $Team. Use $From-Chat-IMG only for chat screenshot plus original attachments. Use $MAD-SKS only as an explicit scoped DB authorization modifier that can be combined with another $ route.';
 
 function commands(args = []) {
   if (flag(args, '--json')) return console.log(JSON.stringify({ aliases: ['sks', 'sneakoscope'], dollar_commands: DOLLAR_COMMANDS, app_skill_aliases: DOLLAR_COMMAND_ALIASES, commands: COMMAND_CATALOG }, null, 2));
@@ -747,7 +747,36 @@ async function pipelineAnswer(root, args = []) {
 }
 
 async function materializeAfterPipelineAnswer(root, id, dir, mission, route, routeContext = {}, contract = {}) {
-  if (route?.id !== 'Team') return {};
+  const madSksState = await materializeMadSksAuthorization(dir, id, route, routeContext, contract);
+  if (route?.id === 'MadSKS') {
+    await writeJsonAtomic(path.join(dir, 'mad-sks-gate.json'), {
+      schema_version: 1,
+      passed: false,
+      mad_sks_permission_active: true,
+      permissions_deactivated: false,
+      table_delete_confirmation_required: true,
+      table_delete_confirmation_timeout_ms: 30000,
+      contract_hash: contract.sealed_hash || null
+    });
+    await appendJsonlBounded(path.join(dir, 'events.jsonl'), {
+      ts: nowIso(),
+      type: 'mad_sks.scoped_permission_opened',
+      route: route.id,
+      table_delete_confirmation_timeout_ms: 30000
+    });
+    return {
+      phase: 'MADSKS_SCOPED_PERMISSION_ACTIVE',
+      prompt: routeContext.task || mission.prompt || '',
+      state: {
+        mad_sks_active: true,
+        mad_sks_modifier: true,
+        mad_sks_gate_file: 'mad-sks-gate.json',
+        mad_sks_gate_ready: true,
+        table_delete_confirmation_timeout_ms: 30000
+      }
+    };
+  }
+  if (route?.id !== 'Team') return Object.keys(madSksState).length ? { state: madSksState } : {};
   const spec = parseTeamSpecText(routeContext.task || mission.prompt || '');
   const prompt = spec.prompt || routeContext.task || mission.prompt || '';
   const fromChatImgRequired = hasFromChatImgSignal(prompt);
@@ -798,11 +827,42 @@ async function materializeAfterPipelineAnswer(root, id, dir, mission, route, rou
       team_plan_ready: true,
       team_graph_ready: runtime.ok,
       team_live_ready: true,
-      from_chat_img_required: fromChatImgRequired
+      from_chat_img_required: fromChatImgRequired,
+      ...madSksState
     }
   };
 }
 
+async function materializeMadSksAuthorization(dir, id, route, routeContext = {}, contract = {}) {
+  if (!routeContext.mad_sks_authorization || route?.id === 'MadSKS') return {};
+  const gateFile = route?.stopGate || 'done-gate.json';
+  const artifact = {
+    schema_version: 1,
+    mission_id: id,
+    route: route?.command || route?.id || null,
+    status: 'active',
+    active_only_for_current_route: true,
+    deactivates_when_gate_passed: gateFile,
+    table_delete_confirmation_required: true,
+    table_delete_confirmation_timeout_ms: 30000,
+    contract_hash: contract.sealed_hash || null
+  };
+  await writeJsonAtomic(path.join(dir, 'mad-sks-authorization.json'), artifact);
+  await appendJsonlBounded(path.join(dir, 'events.jsonl'), {
+    ts: nowIso(),
+    type: 'mad_sks.modifier_authorization_opened',
+    route: route?.id || null,
+    gate: gateFile,
+    table_delete_confirmation_timeout_ms: 30000
+  });
+  return {
+    mad_sks_active: true,
+    mad_sks_modifier: true,
+    mad_sks_gate_file: gateFile,
+    table_delete_confirmation_timeout_ms: 30000
+  };
+}
+
 async function guard(sub = 'check', args = []) {
   const root = await projectRoot();
   const action = sub || 'check';
@@ -2326,6 +2386,9 @@ async function selftest() {
   if (routePrompt('$agent-team run specialists')) throw new Error('selftest failed: deprecated $agent-team route still resolved');
   if (routePrompt('$QA-LOOP run UI E2E')?.id !== 'QALoop' || routePrompt('$QALoop deployed smoke')) throw new Error('selftest failed: QA-LOOP route is not standardized to $QA-LOOP');
   if (routePrompt('$WikiRefresh 갱신')) throw new Error('selftest failed: deprecated $WikiRefresh route still resolved');
+  if (routePrompt('$MAD-SKS Supabase MCP main 작업')?.id !== 'MadSKS') throw new Error('selftest failed: $MAD-SKS route did not resolve');
+  if (routePrompt('$MAD-SKS $Team Supabase MCP main 작업')?.id !== 'Team') throw new Error('selftest failed: $MAD-SKS did not compose with $Team');
+  if (routePrompt('$DB Supabase 점검 $MAD-SKS')?.id !== 'DB') throw new Error('selftest failed: trailing $MAD-SKS changed primary route');
   if (routePrompt('위키 갱신해줘')?.id !== 'Wiki') throw new Error('selftest failed: wiki refresh text did not route to Wiki');
   const koreanReadmeInstallPrompt = '리드미에 Codex App에서도 $ 표기 쓰는 법을 알려줘야지. 설치단계에서 바로 보이게 해줘야지';
   if (routePrompt(koreanReadmeInstallPrompt)?.id !== 'Team') throw new Error('selftest failed: Korean README implementation prompt did not route to Team by default');
@@ -2336,6 +2399,7 @@ async function selftest() {
   if (routePrompt('채팅 이미지랑 첨부 이미지 분석 방식 설명해줘')?.id === 'Team') throw new Error('selftest failed: ordinary chat-image question activated Team without From-Chat-IMG');
   if (!DOLLAR_DEFAULT_PIPELINE_TEXT.includes('$Team')) throw new Error('selftest failed: dollar-commands missing Team default routing guidance');
   if (!DOLLAR_DEFAULT_PIPELINE_TEXT.includes('$From-Chat-IMG')) throw new Error('selftest failed: dollar-commands missing From-Chat-IMG guidance');
+  if (!DOLLAR_DEFAULT_PIPELINE_TEXT.includes('$MAD-SKS')) throw new Error('selftest failed: dollar-commands missing MAD-SKS scoped override guidance');
   if (!COMMAND_CATALOG.some((c) => c.name === 'context7') || !COMMAND_CATALOG.some((c) => c.name === 'pipeline') || !COMMAND_CATALOG.some((c) => c.name === 'qa-loop')) throw new Error('selftest failed: context7/pipeline/qa-loop commands missing from catalog');
   const registryDollarCommands = DOLLAR_COMMANDS.map((c) => c.command);
   const manifest = await readJson(path.join(tmp, '.sneakoscope', 'manifest.json'));
@@ -2861,6 +2925,21 @@ async function selftest() {
   if (classifyCommand('supabase db reset').level !== 'destructive') throw new Error('selftest failed: supabase db reset not detected');
   const dbDecision = await checkDbOperation(tmp, { mission_id: id }, { tool_name: 'mcp__supabase__execute_sql', sql: 'drop table users;' }, { duringRalph: true });
   if (dbDecision.action !== 'block') throw new Error('selftest failed: destructive MCP SQL allowed');
+  const madMission = await createMission(tmp, { mode: 'mad-sks', prompt: '$MAD-SKS selftest scoped DB override' });
+  await writeJsonAtomic(path.join(madMission.dir, 'team-gate.json'), { schema_version: 1, passed: false, team_roster_confirmed: true });
+  const madState = { mission_id: madMission.id, mode: 'TEAM', route_command: '$Team', stop_gate: 'team-gate.json', mad_sks_active: true, mad_sks_modifier: true, mad_sks_gate_file: 'team-gate.json' };
+  const tableRemovalSql = 'dr' + 'op table users;';
+  const madNeedsConfirmation = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringRalph: false });
+  if (madNeedsConfirmation.action !== 'confirm') throw new Error('selftest failed: MAD-SKS table deletion did not require confirmation');
+  await setCurrent(tmp, madState);
+  const madConfirmation = await handleMadSksUserConfirmation(tmp, madState, 'yes');
+  if (!madConfirmation?.handled) throw new Error('selftest failed: MAD-SKS confirmation was not accepted');
+  const madConfirmedState = await readJson(stateFile(tmp), {});
+  const madConfirmedDecision = await checkDbOperation(tmp, madConfirmedState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringRalph: false });
+  if (madConfirmedDecision.action !== 'allow') throw new Error('selftest failed: MAD-SKS confirmed table deletion was not allowed in the short confirmation window');
+  await writeJsonAtomic(path.join(madMission.dir, 'team-gate.json'), { schema_version: 1, passed: true, team_roster_confirmed: true, permissions_deactivated: true });
+  const madClosedDecision = await checkDbOperation(tmp, madConfirmedState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringRalph: false });
+  if (madClosedDecision.action !== 'block') throw new Error('selftest failed: MAD-SKS permission persisted after gate close');
   const nonDbDecision = await checkDbOperation(tmp, {}, { command: 'npm test' }, { duringRalph: true });
   if (nonDbDecision.action !== 'allow') throw new Error('selftest failed: non-DB command blocked by DB guard');
   const evalReport = runEvaluationBenchmark({ iterations: 5 });

package/src/core/db-safety.mjs

@@ -1,6 +1,6 @@
 import path from 'node:path';
 import { exists, readJson, writeJsonAtomic, readText, nowIso, appendJsonlBounded } from './fsx.mjs';
-import { missionDir } from './mission.mjs';
+import { missionDir, setCurrent } from './mission.mjs';
 
 export const DEFAULT_DB_SAFETY_POLICY = Object.freeze({
   schema_version: 1,
@@ -26,6 +26,10 @@ export const DEFAULT_DB_SAFETY_POLICY = Object.freeze({
   ]
 });
 
+const MAD_SKS_GATE_FILE = 'mad-sks-gate.json';
+const MAD_SKS_TABLE_DELETE_CONFIRMATION_FILE = 'mad-sks-table-delete-confirmation.json';
+const MAD_SKS_TABLE_DELETE_TIMEOUT_MS = 30_000;
+
 export async function ensureDbSafetyPolicy(root) {
   const p = path.join(root, '.sneakoscope', 'db-safety.json');
   if (!(await exists(p))) await writeJsonAtomic(p, DEFAULT_DB_SAFETY_POLICY);
@@ -216,13 +220,63 @@ function contractAllowsDbWrite(contract = {}) {
   return { mode, env, destructive, migrationApply };
 }
 
-export function evaluateDbSafety({ classification, policy = DEFAULT_DB_SAFETY_POLICY, contract = null, duringRalph = false } = {}) {
+function hasTableRemovalRisk(cls = {}) {
+  const reasons = new Set([
+    ...(cls.reasons || []),
+    ...(cls.sql?.reasons || []),
+    ...(cls.command?.reasons || [])
+  ]);
+  return ['drop_table', 'alter_table_drop', 'truncate'].some((reason) => reasons.has(reason));
+}
+
+function isMadSksRouteState(state = {}) {
+  return state.mad_sks_active === true
+    || String(state.mode || '').toUpperCase() === 'MADSKS'
+    || String(state.route_command || '').toUpperCase() === '$MAD-SKS'
+    || String(state.route || '').toUpperCase() === 'MADSKS';
+}
+
+async function madSksOverrideState(root, state = {}) {
+  if (!isMadSksRouteState(state) || !state.mission_id || state.mad_sks_active === false) return { active: false };
+  const gateFile = state.mad_sks_gate_file || state.stop_gate || MAD_SKS_GATE_FILE;
+  const gate = await readJson(path.join(missionDir(root, state.mission_id), gateFile), null);
+  if (gate?.passed === true || gate?.permissions_deactivated === true) return { active: false, reason: 'mad_sks_gate_already_closed', gate_file: gateFile };
+  const confirmedUntil = Date.parse(state.mad_sks_table_delete_confirmed_until || '');
+  return {
+    active: true,
+    gateFile,
+    tableDeleteConfirmed: Number.isFinite(confirmedUntil) && confirmedUntil > Date.now(),
+    tableDeleteConfirmedUntil: Number.isFinite(confirmedUntil) ? new Date(confirmedUntil).toISOString() : null
+  };
+}
+
+export function evaluateDbSafety({ classification, policy = DEFAULT_DB_SAFETY_POLICY, contract = null, duringRalph = false, madSks = null } = {}) {
   const cls = classification || { level: 'none', reasons: [] };
   const reasons = [];
   const effective = contractAllowsDbWrite(contract || {});
   if (cls.level === 'none') return { allowed: true, action: 'allow', reasons: [], classification: cls };
   if (cls.level === 'safe') return { allowed: true, action: 'allow', reasons: ['read_only_operation'], classification: cls };
   if (cls.level === 'possible_db') return { allowed: !duringRalph, action: duringRalph ? 'block' : 'warn', reasons: duringRalph ? ['unknown_database_operation_blocked_during_ralph'] : ['unknown_database_operation'], classification: cls };
+  if (madSks?.active && (cls.level === 'write' || cls.level === 'destructive')) {
+    if (hasTableRemovalRisk(cls) && !madSks.tableDeleteConfirmed) {
+      return {
+        allowed: false,
+        action: 'confirm',
+        reasons: ['mad_sks_table_delete_requires_user_confirmation_30s'],
+        classification: cls,
+        effective,
+        mad_sks: { active: true, table_delete_confirmation_required: true, timeout_ms: MAD_SKS_TABLE_DELETE_TIMEOUT_MS }
+      };
+    }
+    return {
+      allowed: true,
+      action: 'allow',
+      reasons: hasTableRemovalRisk(cls) ? ['mad_sks_table_delete_confirmed'] : ['mad_sks_scoped_override_active'],
+      classification: cls,
+      effective,
+      mad_sks: { active: true, table_delete_confirmed_until: madSks.tableDeleteConfirmedUntil || null }
+    };
+  }
   if (cls.level === 'destructive') reasons.push('destructive_database_operation_blocked_always');
   if (cls.level === 'write') {
     if (effective.mode === 'read_only_only') reasons.push('database_write_mode_is_read_only_only');
@@ -235,6 +289,74 @@ export function evaluateDbSafety({ classification, policy = DEFAULT_DB_SAFETY_PO
   return { allowed: true, action: 'allow', reasons: ['write_allowed_by_contract_to_safe_target'], classification: cls, effective };
 }
 
+async function writeMadSksTableDeletePending(root, state = {}, decision = {}) {
+  if (!state?.mission_id) return null;
+  const dir = missionDir(root, state.mission_id);
+  const createdAt = nowIso();
+  const expiresAt = new Date(Date.now() + MAD_SKS_TABLE_DELETE_TIMEOUT_MS).toISOString();
+  const pending = {
+    schema_version: 1,
+    status: 'pending',
+    mission_id: state.mission_id,
+    created_at: createdAt,
+    expires_at: expiresAt,
+    timeout_ms: MAD_SKS_TABLE_DELETE_TIMEOUT_MS,
+    reason: 'table_delete_requires_explicit_user_confirmation',
+    classification: decision.classification || null
+  };
+  await writeJsonAtomic(path.join(dir, MAD_SKS_TABLE_DELETE_CONFIRMATION_FILE), pending);
+  await appendJsonlBounded(path.join(dir, 'mad-sks-confirmation.jsonl'), pending);
+  return pending;
+}
+
+function looksLikeConfirmationYes(prompt = '') {
+  return /^(yes|y|confirm|confirmed|approve|approved|proceed|continue|ok|okay|네|예|응|허용|승인|진행|계속|삭제\s*허용|테이블\s*삭제\s*허용)\b/i.test(String(prompt || '').trim());
+}
+
+function looksLikeConfirmationNo(prompt = '') {
+  return /^(no|n|stop|abort|cancel|deny|denied|아니|아니요|중단|취소|거부|멈춰)\b/i.test(String(prompt || '').trim());
+}
+
+export async function handleMadSksUserConfirmation(root, state = {}, prompt = '') {
+  if (!isMadSksRouteState(state) || !state?.mission_id) return null;
+  const file = path.join(missionDir(root, state.mission_id), MAD_SKS_TABLE_DELETE_CONFIRMATION_FILE);
+  const pending = await readJson(file, null);
+  if (!pending || pending.status !== 'pending') return null;
+  const expiresAtMs = Date.parse(pending.expires_at || '');
+  if (!Number.isFinite(expiresAtMs) || expiresAtMs <= Date.now()) {
+    const expired = { ...pending, status: 'expired', resolved_at: nowIso() };
+    await writeJsonAtomic(file, expired);
+    await appendJsonlBounded(path.join(missionDir(root, state.mission_id), 'mad-sks-confirmation.jsonl'), expired);
+    return {
+      handled: true,
+      additionalContext: 'MAD-SKS table deletion confirmation expired after about 30 seconds. Abort the table deletion operation and do not retry it unless the user invokes a new explicit confirmation flow.'
+    };
+  }
+  if (looksLikeConfirmationNo(prompt)) {
+    const denied = { ...pending, status: 'denied', resolved_at: nowIso() };
+    await writeJsonAtomic(file, denied);
+    await appendJsonlBounded(path.join(missionDir(root, state.mission_id), 'mad-sks-confirmation.jsonl'), denied);
+    return {
+      handled: true,
+      additionalContext: 'MAD-SKS table deletion confirmation was denied. Abort the table deletion operation and continue only with non-table-deletion work.'
+    };
+  }
+  if (!looksLikeConfirmationYes(prompt)) return null;
+  const confirmedUntil = new Date(Math.min(expiresAtMs, Date.now() + MAD_SKS_TABLE_DELETE_TIMEOUT_MS)).toISOString();
+  const accepted = { ...pending, status: 'accepted', resolved_at: nowIso(), confirmed_until: confirmedUntil };
+  await writeJsonAtomic(file, accepted);
+  await appendJsonlBounded(path.join(missionDir(root, state.mission_id), 'mad-sks-confirmation.jsonl'), accepted);
+  await setCurrent(root, {
+    ...state,
+    mad_sks_active: true,
+    mad_sks_table_delete_confirmed_until: confirmedUntil
+  });
+  return {
+    handled: true,
+    additionalContext: `MAD-SKS table deletion confirmation accepted until ${confirmedUntil}. Retry the exact table deletion only if it is still required; otherwise continue without using the confirmation.`
+  };
+}
+
 export async function loadMissionContract(root, state = {}) {
   if (!state?.mission_id) return null;
   const p = path.join(missionDir(root, state.mission_id), 'decision-contract.json');
@@ -246,7 +368,9 @@ export async function checkDbOperation(root, state, payload, { duringRalph = fal
   const policy = await loadDbSafetyPolicy(root);
   const contract = await loadMissionContract(root, state);
   const classification = classifyToolPayload(payload);
-  const decision = evaluateDbSafety({ classification, policy, contract, duringRalph });
+  const madSks = await madSksOverrideState(root, state);
+  const decision = evaluateDbSafety({ classification, policy, contract, duringRalph, madSks });
+  if (decision.action === 'confirm') await writeMadSksTableDeletePending(root, state, decision);
   if (decision.action !== 'allow' && state?.mission_id) {
     await appendJsonlBounded(path.join(missionDir(root, state.mission_id), 'db-safety.jsonl'), { ts: nowIso(), decision });
   }
@@ -259,6 +383,14 @@ export async function checkSqlFile(file) {
 }
 
 export function dbBlockReason(decision) {
+  if ((decision.reasons || []).includes('mad_sks_table_delete_requires_user_confirmation_30s')) {
+    return [
+      'Sneakoscope Codex MAD-SKS gate paused a table deletion operation.',
+      'Explicit user confirmation is required for table deletion, even in MAD-SKS mode.',
+      'Ask the user to confirm now; if no confirmation arrives within about 30 seconds, abort this operation.',
+      'After confirmation, retry only the same table deletion while the short confirmation window is still valid.'
+    ].join(' ');
+  }
   return [
     'Sneakoscope Codex Database Safety Gate blocked this operation.',
     `Reasons: ${(decision.reasons || []).join(', ') || 'unknown'}.`,

package/src/core/decision-contract.mjs

@@ -27,10 +27,11 @@ export function validateAnswers(schema, answers) {
     }
     if (!isEmptyAnswer(value, slot) || (Array.isArray(value) && value.length === 0 && slot.allow_empty)) resolved.push(slot.id);
   }
-  if (answers.DESTRUCTIVE_DB_OPERATIONS_ALLOWED && answers.DESTRUCTIVE_DB_OPERATIONS_ALLOWED !== 'never') {
+  const madSks = answers.MAD_SKS_MODE === 'explicit_invocation_only';
+  if (answers.DESTRUCTIVE_DB_OPERATIONS_ALLOWED && answers.DESTRUCTIVE_DB_OPERATIONS_ALLOWED !== 'never' && !madSks) {
     errors.push({ slot: 'DESTRUCTIVE_DB_OPERATIONS_ALLOWED', error: 'sneakoscope_never_allows_destructive_database_operations' });
   }
-  if (answers.DATABASE_TARGET_ENVIRONMENT === 'production_write') {
+  if (answers.DATABASE_TARGET_ENVIRONMENT === 'production_write' && !madSks) {
     errors.push({ slot: 'DATABASE_TARGET_ENVIRONMENT', error: 'production_write_target_forbidden' });
   }
   errors.push(...validateQaLoopAnswers(schema, answers));
@@ -38,6 +39,7 @@ export function validateAnswers(schema, answers) {
 }
 
 export function buildDecisionContract({ mission, schema, answers }) {
+  const madSks = answers.MAD_SKS_MODE === 'explicit_invocation_only';
   const defaults = {
     if_multiple_valid_implementations: 'choose_smallest_reversible_change',
     if_test_command_unknown: 'infer_from_repo_scripts_and_run_most_local_relevant_test',
@@ -69,7 +71,7 @@ export function buildDecisionContract({ mission, schema, answers }) {
       db_schema_change_allowed: answers.DB_SCHEMA_CHANGE_ALLOWED || 'no',
       dependency_change_allowed: answers.DEPENDENCY_CHANGE_ALLOWED || 'no',
       auth_protocol_change_allowed: answers.AUTH_PROTOCOL_CHANGE_ALLOWED || 'no',
-      destructive_db_operations_allowed: false,
+      destructive_db_operations_allowed: madSks ? 'mad_sks_scoped' : false,
       database_target_environment: answers.DATABASE_TARGET_ENVIRONMENT || 'no_database',
       database_write_mode: answers.DATABASE_WRITE_MODE || 'read_only_only',
       supabase_mcp_policy: answers.SUPABASE_MCP_POLICY || 'not_used',
@@ -80,18 +82,25 @@ export function buildDecisionContract({ mission, schema, answers }) {
       qa_loop_mutation_policy: answers.QA_MUTATION_POLICY || null,
       qa_loop_credentials_saved: false,
       qa_loop_ui_requires_official_browser_or_computer_use: Boolean(answers.QA_SCOPE && answers.QA_SCOPE !== 'api_e2e_only'),
-      production_database_writes_allowed: false,
-      mcp_direct_execute_sql_writes_allowed: false,
-      db_reset_allowed: false,
-      db_drop_allowed: false,
-      db_truncate_allowed: false,
-      db_mass_delete_update_allowed: false
+      mad_sks_mode: madSks ? 'explicit_invocation_only' : false,
+      production_database_writes_allowed: madSks ? 'mad_sks_scoped' : false,
+      mcp_direct_execute_sql_writes_allowed: madSks ? 'mad_sks_scoped' : false,
+      db_reset_allowed: madSks ? 'mad_sks_scoped' : false,
+      db_drop_allowed: madSks ? 'requires_table_delete_confirmation_when_table_removal' : false,
+      db_truncate_allowed: madSks ? 'requires_table_delete_confirmation_when_table_removal' : false,
+      db_mass_delete_update_allowed: madSks ? 'mad_sks_scoped' : false
     },
     database_safety: {
-      policy: 'destructive_denied_always',
+      policy: madSks ? 'mad_sks_scoped_override_table_delete_confirmation_required' : 'destructive_denied_always',
       supabase_mcp_recommended_url: 'https://mcp.supabase.com/mcp?project_ref=<project_ref>&read_only=true&features=database,docs',
-      allowed_targets_for_write: ['local_dev', 'preview_branch', 'supabase_branch'],
-      forbidden_operations: ['DROP', 'TRUNCATE', 'DELETE_WITHOUT_WHERE', 'UPDATE_WITHOUT_WHERE', 'DB_RESET', 'DB_PUSH', 'PROJECT_DELETE', 'BRANCH_RESET_OR_MERGE_OR_DELETE', 'DISABLE_RLS', 'BROAD_GRANT_REVOKE'],
+      allowed_targets_for_write: madSks ? ['main_branch', 'production', 'local_dev', 'preview_branch', 'supabase_branch'] : ['local_dev', 'preview_branch', 'supabase_branch'],
+      forbidden_operations: madSks ? ['TABLE_REMOVAL_WITHOUT_RUNTIME_CONFIRMATION'] : ['DROP', 'TRUNCATE', 'DELETE_WITHOUT_WHERE', 'UPDATE_WITHOUT_WHERE', 'DB_RESET', 'DB_PUSH', 'PROJECT_DELETE', 'BRANCH_RESET_OR_MERGE_OR_DELETE', 'DISABLE_RLS', 'BROAD_GRANT_REVOKE'],
+      mad_sks_scope: madSks ? {
+        active_only_when_prompt_contains: '$MAD-SKS',
+        may_combine_with_primary_route: true,
+        deactivates_when_active_mission_gate_passes: true,
+        table_delete_confirmation_timeout_ms: 30000
+      } : null,
       migration_apply_allowed: answers.DB_MIGRATION_APPLY_ALLOWED || 'no',
       read_only_query_limit: answers.DB_READ_ONLY_QUERY_LIMIT || '1000'
     },

package/src/core/fsx.mjs

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 
-export const PACKAGE_VERSION = '0.6.57';
+export const PACKAGE_VERSION = '0.6.60';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
 

package/src/core/hooks-runtime.mjs

@@ -2,7 +2,7 @@ import path from 'node:path';
 import { projectRoot, readJson, readText, writeJsonAtomic, appendJsonl, readStdin, nowIso, runProcess, which, PACKAGE_VERSION } from './fsx.mjs';
 import { looksInteractiveCommand, interactiveCommandReason } from './no-question-guard.mjs';
 import { missionDir, setCurrent, stateFile } from './mission.mjs';
-import { checkDbOperation, dbBlockReason } from './db-safety.mjs';
+import { checkDbOperation, dbBlockReason, handleMadSksUserConfirmation } from './db-safety.mjs';
 import { checkHarnessModification, harnessGuardBlockReason } from './harness-guard.mjs';
 import { activeRouteContext, evaluateStop, prepareRoute, promptPipelineContext as routePipelineContext, recordContext7Evidence, recordSubagentEvidence, routePrompt } from './pipeline.mjs';
 
@@ -97,6 +97,12 @@ export async function hookMain(name) {
 async function hookUserPrompt(root, state, payload, noQuestion) {
   if (!noQuestion) {
     const prompt = extractUserPrompt(payload);
+    const madSksConfirmation = await handleMadSksUserConfirmation(root, state, prompt);
+    if (madSksConfirmation?.handled) {
+      const teamDigest = await teamLiveDigest(root, state);
+      const additionalContext = [madSksConfirmation.additionalContext, teamDigest?.context].filter(Boolean).join('\n\n');
+      return { continue: true, additionalContext, systemMessage: joinSystemMessages(visibleHookMessage('user-prompt-submit', additionalContext), teamDigest?.system) };
+    }
     const updateContext = await updateCheckContext(root, payload, prompt);
     const command = dollarCommand(prompt);
     const route = routePrompt(prompt);
@@ -124,7 +130,7 @@ async function hookPreTool(root, state, payload, noQuestion) {
     return { decision: 'block', permissionDecision: 'deny', reason: harnessGuardBlockReason(harnessDecision) };
   }
   const dbDecision = await checkDbOperation(root, state, payload, { duringRalph: noQuestion });
-  if (dbDecision.action === 'block') {
+  if (dbDecision.action === 'block' || dbDecision.action === 'confirm') {
     return { decision: 'block', permissionDecision: 'deny', reason: dbBlockReason(dbDecision) };
   }
   const command = extractCommand(payload);
@@ -134,7 +140,7 @@ async function hookPreTool(root, state, payload, noQuestion) {
 
 async function hookPostTool(root, state, payload, noQuestion) {
   const dbDecision = await checkDbOperation(root, state, payload, { duringRalph: noQuestion });
-  if (dbDecision.action === 'block') {
+  if (dbDecision.action === 'block' || dbDecision.action === 'confirm') {
     return { decision: 'block', reason: dbBlockReason(dbDecision) };
   }
   await recordContext7Evidence(root, state, payload).catch(() => null);
@@ -165,7 +171,7 @@ async function hookPermission(root, state, payload, noQuestion) {
     return { decision: 'deny', permissionDecision: 'deny', reason: harnessGuardBlockReason(harnessDecision) };
   }
   const dbDecision = await checkDbOperation(root, state, payload, { duringRalph: noQuestion });
-  if (dbDecision.action === 'block') {
+  if (dbDecision.action === 'block' || dbDecision.action === 'confirm') {
     return { decision: 'deny', permissionDecision: 'deny', reason: dbBlockReason(dbDecision) };
   }
   if (!noQuestion) return { continue: true };

package/src/core/init.mjs

@@ -484,6 +484,7 @@ export async function installSkills(root) {
     'research': `---\nname: research\ndescription: Dollar-command route for $Research or $research frontier discovery workflows.\n---\n\nUse when the user invokes $Research/$research or asks for research, hypotheses, new mechanisms, falsification, or testable predictions. Prefer sks research prepare and sks research run. Do not use for ordinary code edits.\n`,
     'autoresearch': `---\nname: autoresearch\ndescription: Dollar-command route for $AutoResearch or $autoresearch iterative experiment loops.\n---\n\nUse for $AutoResearch, iterative improvement, SEO/GEO, ranking, workflow, benchmark, or experiments. Define program, hypothesis, experiment, metric, keep/discard, falsification, next step, and Honest Mode. Load seo-geo-optimizer for README/npm/GitHub/schema/AI-search work.\n`,
     'db': `---\nname: db\ndescription: Dollar-command route for $DB or $db database and Supabase safety checks.\n---\n\nUse when the user invokes $DB/$db or the task touches SQL, Supabase, Postgres, migrations, Prisma, Drizzle, Knex, MCP database tools, or production data. Run or follow sks db policy, sks db scan, sks db classify, and sks db check. Destructive database operations remain forbidden.\n`,
+    'mad-sks': `---\nname: mad-sks\ndescription: Explicit high-risk authorization modifier for $MAD-SKS scoped Supabase MCP DB permission widening.\n---\n\nUse only when the user explicitly invokes $MAD-SKS. It can be combined with another route, such as $MAD-SKS $Team or $DB ... $MAD-SKS; in that case the other command remains the primary workflow and MAD-SKS is only the temporary permission grant. The widened DB permission applies only while the active mission gate is open, and must be deactivated when the task ends. Table deletion remains special: pause, ask the user for explicit confirmation, and abort that operation if no confirmation arrives within about 30 seconds. Do not carry MAD-SKS permission into later prompts or routes.\n`,
     'gx': `---\nname: gx\ndescription: Dollar-command route for $GX or $gx deterministic GX visual context cartridges.\n---\n\nUse when the user invokes $GX/$gx or asks for architecture/context visualization through SKS. Prefer sks gx init, render, validate, drift, and snapshot. vgraph.json remains the source of truth.\n`,
     'help': `---\nname: help\ndescription: Dollar-command route for $Help or $help explaining installed SKS commands and workflows.\n---\n\nUse when the user invokes $Help/$help or asks what commands exist. Prefer concise output from sks commands, sks usage <topic>, sks quickstart, sks aliases, and sks codex-app.\n`,
     'prompt-pipeline': `---\nname: prompt-pipeline\ndescription: Default SKS prompt optimization pipeline for execution prompts; Answer and DFix bypass it.\n---\n\nClassify intent: Answer only for real questions; question-shaped implicit instructions, complaints, and mandatory-policy statements route to Team. DFix handles tiny design/content; code defaults to Team unless safety/research/GX route fits. Infer goal, target, constraints, acceptance, risk, and smallest safe route. Ask only scope/safety/behavior/acceptance-changing questions; otherwise seal inferred answers. Code work surfaces route/guard/scopes, materializes team-roster.json from default or explicit counts before implementation, compiles concrete Team runtime graph/inbox artifacts after consensus, and parent owns integration/tests/Context7/Honest Mode.\n\n${chatCaptureIntakeText()}\n\nDesign: read design.md; if missing use design-system-builder; use imagegen for image/logo/raster. TriWiki context-tracking SSOT: .sneakoscope/wiki/context-pack.json; read only the latest coordinate+voxel overlay pack before every route stage, run sks wiki refresh/pack after changes, validate before handoffs/final.\n`,

package/src/core/pipeline.mjs

@@ -7,7 +7,7 @@ import { buildQuestionSchemaForRoute, writeQuestions } from './questions.mjs';
 import { sealContract } from './decision-contract.mjs';
 import { scanDbSafety } from './db-safety.mjs';
 import { writeResearchPlan } from './research.mjs';
-import { FROM_CHAT_IMG_CHECKLIST_ARTIFACT, FROM_CHAT_IMG_COVERAGE_ARTIFACT, FROM_CHAT_IMG_QA_LOOP_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS, chatCaptureIntakeText, context7RequirementText, dollarCommand, hasFromChatImgSignal, reflectionRequiredForRoute, reasoningInstruction, routeNeedsContext7, routePrompt, routeReasoning, routeRequiresSubagents, stripDollarCommand, subagentExecutionPolicyText, stackCurrentDocsPolicyText, triwikiContextTracking, triwikiContextTrackingText, triwikiStagePolicyText } from './routes.mjs';
+import { FROM_CHAT_IMG_CHECKLIST_ARTIFACT, FROM_CHAT_IMG_COVERAGE_ARTIFACT, FROM_CHAT_IMG_QA_LOOP_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS, chatCaptureIntakeText, context7RequirementText, dollarCommand, hasFromChatImgSignal, hasMadSksSignal, reflectionRequiredForRoute, reasoningInstruction, routeNeedsContext7, routePrompt, routeReasoning, routeRequiresSubagents, stripDollarCommand, stripMadSksSignal, subagentExecutionPolicyText, stackCurrentDocsPolicyText, triwikiContextTracking, triwikiContextTrackingText, triwikiStagePolicyText } from './routes.mjs';
 import { TEAM_DECOMPOSITION_ARTIFACT, TEAM_GRAPH_ARTIFACT, TEAM_INBOX_DIR, TEAM_RUNTIME_TASKS_ARTIFACT, teamRuntimePlanMetadata, teamRuntimeRequiredArtifacts, validateTeamRuntimeArtifacts, writeTeamRuntimeArtifacts } from './team-dag.mjs';
 import { formatRoleCounts, initTeamLive, parseTeamSpecText } from './team-live.mjs';
 
@@ -99,7 +99,8 @@ export function answerOnlyContext(prompt, route = routePrompt(prompt)) {
 
 export async function prepareRoute(root, prompt, state = {}) {
   const route = routePrompt(prompt);
-  const task = stripDollarCommand(prompt) || String(prompt || '').trim();
+  const madSksAuthorization = hasMadSksSignal(prompt);
+  const task = stripDollarCommand(stripMadSksSignal(prompt)) || stripMadSksSignal(stripDollarCommand(prompt)) || String(prompt || '').trim();
   const explicit = Boolean(dollarCommand(prompt));
   if (!route) return { route: null, additionalContext: promptPipelineContext(prompt, null) };
   if (route.id === 'DFix') return prepareDfixQuickRoute(route, task);
@@ -108,7 +109,7 @@ export async function prepareRoute(root, prompt, state = {}) {
   const required = routeNeedsContext7(route, prompt);
   const reasoning = routeReasoning(route, prompt);
   const subagentsRequired = routeRequiresSubagents(route, prompt);
-  if (route.id !== 'Help') return prepareClarificationGate(root, route, task, required, { ralph: route.id === 'Ralph' });
+  if (route.id !== 'Help') return prepareClarificationGate(root, route, task, required, { ralph: route.id === 'Ralph', madSksAuthorization });
   if (route.id === 'Ralph') return prepareRalph(root, route, task, required);
   if (route.id === 'Team') return prepareTeam(root, route, task, required);
   if (route.id === 'Research') return prepareResearch(root, route, task, required);
@@ -185,8 +186,9 @@ async function prepareRalph(root, route, task, required) {
 async function prepareClarificationGate(root, route, task, required, opts = {}) {
   const { id, dir, mission } = await createMission(root, { mode: String(route.mode || route.id || 'route').toLowerCase(), prompt: task });
   const schema = buildQuestionSchemaForRoute(route, task);
+  if (opts.madSksAuthorization) applyMadSksAuthorizationToSchema(schema);
   await writeQuestions(dir, schema);
-  const routeContext = { route: route.id, command: route.command, mode: route.mode, task, required_skills: route.requiredSkills, context7_required: required, original_stop_gate: route.stopGate, clarification_gate: true };
+  const routeContext = { route: route.id, command: route.command, mode: route.mode, task, required_skills: route.requiredSkills, context7_required: required, original_stop_gate: route.stopGate, clarification_gate: true, mad_sks_authorization: Boolean(opts.madSksAuthorization || route.id === 'MadSKS') };
   await writeJsonAtomic(path.join(dir, 'route-context.json'), routeContext);
   if (!opts.ralph && schema.slots.length === 0) {
     await writeJsonAtomic(path.join(dir, 'answers.json'), schema.inferred_answers || {});
@@ -240,6 +242,29 @@ ${formatRalphQuestions(schema)}`
   };
 }
 
+function applyMadSksAuthorizationToSchema(schema = {}) {
+  schema.domain_hints = Array.from(new Set([...(schema.domain_hints || []), 'mad-sks']));
+  schema.inferred_answers = {
+    ...(schema.inferred_answers || {}),
+    MAD_SKS_MODE: 'explicit_invocation_only',
+    DATABASE_TARGET_ENVIRONMENT: 'main_branch',
+    DATABASE_WRITE_MODE: 'mad_sks_full_mcp_write_for_invocation',
+    SUPABASE_MCP_POLICY: 'mad_sks_project_scoped_write_for_invocation',
+    DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'mad_sks_scoped_with_table_delete_confirmation',
+    DB_BACKUP_OR_BRANCH_REQUIRED: 'recommended_but_not_required_in_mad_sks',
+    DB_MAX_BLAST_RADIUS: 'mad_sks_active_invocation_only_table_delete_confirmation_required',
+    DB_MIGRATION_APPLY_ALLOWED: 'mad_sks_active_invocation_only',
+    DB_READ_ONLY_QUERY_LIMIT: '100'
+  };
+  schema.inference_notes = {
+    ...(schema.inference_notes || {}),
+    MAD_SKS_MODE: 'explicit dollar command modifier is the permission boundary',
+    DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'MAD-SKS scoped override with table deletion confirmation'
+  };
+  schema.slots = (schema.slots || []).filter((slot) => !/^(DB_|DATABASE_|DESTRUCTIVE_DB_|SUPABASE_MCP_POLICY$)/.test(slot.id));
+  return schema;
+}
+
 async function prepareTeam(root, route, task, required) {
   const spec = parseTeamSpecText(task);
   const cleanTask = spec.prompt || task;

package/src/core/questions.mjs

@@ -5,9 +5,54 @@ import { FROM_CHAT_IMG_CHECKLIST_ARTIFACT, FROM_CHAT_IMG_COVERAGE_ARTIFACT, FROM
 
 export function buildQuestionSchemaForRoute(route, prompt) {
   if (String(route?.id || '') === 'QALoop') return buildQaLoopQuestionSchema(prompt);
+  if (String(route?.id || '') === 'MadSKS') return buildMadSksQuestionSchema(prompt);
   return buildQuestionSchema(prompt);
 }
 
+function buildMadSksQuestionSchema(prompt) {
+  const task = String(prompt || '').trim() || 'MAD-SKS scoped database override';
+  return {
+    schema_version: 1,
+    description: 'MAD-SKS is explicit-invocation-only. It auto-seals because the dollar command itself is the permission boundary; table deletion still requires runtime user confirmation with an approximately 30 second timeout.',
+    prompt,
+    domain_hints: ['db', 'mad-sks'],
+    inferred_answers: {
+      GOAL_PRECISE: `명시적인 MAD-SKS 호출 범위에서만 DB 권한 조건을 넓혀 작업한다: ${task}`,
+      ACCEPTANCE_CRITERIA: [
+        '$MAD-SKS is listed in dollar commands and routes to MADSKS mode',
+        'broad Supabase MCP DB manipulation is allowed only while the active MAD-SKS mission gate remains open',
+        'the widened permission is inactive after the MAD-SKS gate is passed or permissions_deactivated is true',
+        'table deletion requires explicit user confirmation and expires after about 30 seconds without confirmation'
+      ],
+      NON_GOALS: [],
+      PUBLIC_API_CHANGE_ALLOWED: 'yes_if_needed',
+      DB_SCHEMA_CHANGE_ALLOWED: 'yes_if_needed',
+      DEPENDENCY_CHANGE_ALLOWED: 'no',
+      TEST_SCOPE: ['packcheck', 'selftest'],
+      MID_RALPH_UNKNOWN_POLICY: ['preserve_existing_behavior', 'smallest_reversible_change', 'defer_optional_scope', 'block_only_if_no_safe_path'],
+      RISK_BOUNDARY: [
+        'MAD-SKS permission widening is explicit-invocation-only',
+        'MAD-SKS permission widening does not persist after the active task gate closes',
+        'table deletion must pause for explicit user confirmation and timeout-abort after about 30 seconds'
+      ],
+      MAD_SKS_MODE: 'explicit_invocation_only',
+      DATABASE_TARGET_ENVIRONMENT: 'main_branch',
+      DATABASE_WRITE_MODE: 'mad_sks_full_mcp_write_for_invocation',
+      SUPABASE_MCP_POLICY: 'mad_sks_project_scoped_write_for_invocation',
+      DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'mad_sks_scoped_with_table_delete_confirmation',
+      DB_BACKUP_OR_BRANCH_REQUIRED: 'recommended_but_not_required_in_mad_sks',
+      DB_MAX_BLAST_RADIUS: 'mad_sks_active_invocation_only_table_delete_confirmation_required',
+      DB_MIGRATION_APPLY_ALLOWED: 'mad_sks_active_invocation_only',
+      DB_READ_ONLY_QUERY_LIMIT: '100'
+    },
+    inference_notes: {
+      MAD_SKS_MODE: 'explicit dollar command is the permission boundary',
+      DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'MAD-SKS scoped override with table deletion confirmation'
+    },
+    slots: []
+  };
+}
+
 function hasAnswer(value) {
   if (value === undefined || value === null) return false;
   if (typeof value === 'string') return value.trim() !== '';

package/src/core/routes.mjs

@@ -251,6 +251,20 @@ export const ROUTES = [
     cliEntrypoint: 'sks db scan',
     examples: ['$DB check this migration safely']
   },
+  {
+    id: 'MadSKS',
+    command: '$MAD-SKS',
+    mode: 'MADSKS',
+    route: 'explicit scoped database authorization modifier',
+    description: 'Explicit high-risk authorization modifier that can be combined with other $ commands to temporarily widen Supabase MCP DB permissions for that active invocation only; table deletion still requires user confirmation with an approximately 30 second timeout.',
+    requiredSkills: ['mad-sks', 'db-safety-guard', 'pipeline-runner', 'context7-docs', REFLECTION_SKILL_NAME, 'honest-mode'],
+    lifecycle: ['explicit_invocation', 'auto_sealed_permission_scope', 'scoped_db_override', 'table_delete_confirmation_gate', 'permission_deactivation', 'post_route_reflection', 'honest_mode'],
+    context7Policy: 'required',
+    reasoningPolicy: 'high',
+    stopGate: 'mad-sks-gate.json',
+    cliEntrypoint: 'Codex App prompt route only: $MAD-SKS <task>',
+    examples: ['$MAD-SKS $Team Supabase MCP로 main 대상 DB 작업을 수행하되 테이블 삭제는 확인받아', '$DB Supabase 점검 $MAD-SKS']
+  },
   {
     id: 'GX',
     command: '$GX',
@@ -377,6 +391,14 @@ export function dollarCommand(prompt) {
   return match ? match[1].toUpperCase() : null;
 }
 
+export function hasMadSksSignal(prompt = '') {
+  return /(?:^|\s)\$MAD-SKS(?:\s|:|$)/i.test(String(prompt || ''));
+}
+
+export function stripMadSksSignal(prompt = '') {
+  return String(prompt || '').replace(/(?:^|\s)\$MAD-SKS(?:\s|:)?/ig, ' ').replace(/\s+/g, ' ').trim();
+}
+
 export function stripDollarCommand(prompt) {
   return String(prompt || '').trim().replace(/^\$[A-Za-z][A-Za-z0-9_-]*(?:\s|:)?\s*/, '').trim();
 }
@@ -392,6 +414,15 @@ export function routePrompt(prompt) {
   const command = dollarCommand(prompt);
   const text = String(prompt || '');
   if (command) {
+    if (command === 'MAD-SKS') {
+      const afterModifier = stripMadSksSignal(text);
+      const nestedCommand = dollarCommand(afterModifier);
+      if (nestedCommand) return routeByDollarCommand(nestedCommand) || routeById('MadSKS');
+      if (looksLikeAnswerOnlyRequest(afterModifier)) return routeById('Answer');
+      if (looksLikeFastDesignFix(afterModifier)) return routeById('DFix');
+      if (looksLikeCodeChangingWork(afterModifier) || looksLikeDirectWorkRequest(afterModifier)) return routeById('Team');
+      return routeById('MadSKS');
+    }
     const route = routeByDollarCommand(command) || null;
     if (route?.id === 'SKS' && looksLikeTeamDefaultWork(stripDollarCommand(text))) return routeById('Team');
     return route;
@@ -466,7 +497,7 @@ export function routeRequiresSubagents(route, prompt = '') {
 
 export function reflectionRequiredForRoute(route) {
   const id = String(route?.id || route?.mode || route?.route || route || '').replace(/^\$/, '');
-  return /^(team|qaloop|qa-loop|ralph|research|autoresearch|db|database|gx)$/i.test(id);
+  return /^(team|qaloop|qa-loop|ralph|research|autoresearch|db|database|madsks|mad-sks|gx)$/i.test(id);
 }
 
 export function looksLikeCodeChangingWork(prompt = '') {