sneakoscope 0.6.85 → 0.6.89

package/README.md

@@ -90,6 +90,8 @@ sks bootstrap
 
 `sks` commands work even when no project root is present. Project-aware commands use the nearest `.sneakoscope`, `.dcodex`, or `.git` root; if none exists, SKS uses a per-user global runtime root. `sks bootstrap` still initializes the current project when you want project-local hooks, skills, and TriWiki state.
 
+Project setup writes shared `.gitignore` entries for generated SKS files: `.sneakoscope/`, `.codex/`, `.agents/`, and managed `AGENTS.md`. Use `sks setup --local-only` when you want those excludes kept only in `.git/info/exclude`.
+
 ### One-Shot Install
 
 Use this when you do not want to keep a global install:
@@ -215,6 +217,8 @@ sks gx init homepage
 sks gx render homepage --format html
 sks validate-artifacts latest --json
 sks perf run --json
+sks perf workflow --json --intent "small CLI change" --changed src/cli/main.mjs,src/core/routes.mjs
+sks proof-field scan --json --intent "small CLI change"
 sks code-structure scan --json
 ```
 
@@ -254,6 +258,8 @@ Generated app files include:
 | `.codex/config.toml` | Codex profiles, agents, and MCP configuration. |
 | `.sneakoscope/` | Runtime state, missions, wiki packs, policies, and artifacts. |
 
+Default setup adds these generated SKS paths to the project `.gitignore`; `--local-only` uses `.git/info/exclude` instead.
+
 Use `sks dollar-commands` to confirm that terminal discovery and Codex App prompt commands agree.
 
 TriWiki is intentionally sparse: `sks wiki sweep` records demote, soft-forget, archive, delete, promote-to-skill, and promote-to-rule candidates instead of injecting every old claim into future prompts. `sks harness fixture` validates the broader Harness Growth Factory contract: deliberate forgetting fixtures, skill card metadata, experiment schema, tool-error taxonomy, permission profiles, MultiAgentV2 defaults, and Warp cockpit view coverage. `sks code-structure scan` flags handwritten files above 1000/2000/3000-line thresholds so new logic can be extracted before command files become harder to maintain.
@@ -274,7 +280,7 @@ Use these inside Codex App or another agent prompt. They are prompt commands, no
 | `$Research` | You need frontier-style research with hypotheses and falsification. |
 | `$AutoResearch` | You want iterative improve/test/keep-or-discard optimization. |
 | `$DB` | You need database, Supabase, migration, SQL, or MCP safety checks. |
-| `$MAD-SKS` | You explicitly authorize a scoped high-risk DB permission modifier for the active invocation only. |
+| `$MAD-SKS` | You explicitly authorize scoped Supabase MCP DB cleanup/write permissions for the active invocation only, while keeping catastrophic wipe safeguards. |
 | `$GX` | You need deterministic visual context cartridges. |
 | `$Wiki` | You want TriWiki refresh, pack, prune, validate, or maintenance. |
 | `$Help` | You want installed command and workflow explanation. |

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.6.85",
+  "version": "0.6.89",
   "description": "Sneakoscope Codex: database-safe Codex CLI/App harness with Team, Goal, AutoResearch, TriWiki, and Honest Mode.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/main.mjs

@@ -14,7 +14,7 @@ import { containsUserQuestion, noQuestionContinuationReason } from '../core/no-q
 import { evaluateDoneGate, defaultDoneGate } from '../core/hproof.mjs';
 import { emitHook } from '../core/hooks-runtime.mjs';
 import { storageReport, enforceRetention, pruneWikiArtifacts } from '../core/retention.mjs';
-import { classifySql, classifyCommand, loadDbSafetyPolicy, safeSupabaseMcpConfig, checkSqlFile, checkDbOperation, scanDbSafety, handleMadSksUserConfirmation } from '../core/db-safety.mjs';
+import { classifySql, classifyCommand, checkDbOperation, handleMadSksUserConfirmation } from '../core/db-safety.mjs';
 import { checkHarnessModification, harnessGuardStatus, isHarnessSourceProject } from '../core/harness-guard.mjs';
 import { formatHarnessConflictReport, llmHarnessCleanupPrompt, scanHarnessConflicts } from '../core/harness-conflicts.mjs';
 import { context7Docs, context7Resolve, context7Text, context7Tools } from '../core/context7-client.mjs';
@@ -36,6 +36,8 @@ import { buildFromChatImgVisualMap } from '../core/from-chat-img-forensics.mjs';
 import { classifyDogfoodFinding, createDogfoodReport, writeDogfoodReport } from '../core/dogfood-loop.mjs';
 import { createSkillCandidate, decideSkillInjection, writeSkillCandidate, writeSkillForgeReport, writeSkillInjectionDecision } from '../core/skill-forge.mjs';
 import { classifyToolError, harnessGrowthReport } from '../core/evaluation.mjs';
+import { runWorkflowPerfBench, validateWorkflowPerfReport } from '../core/perf-bench.mjs';
+import { proofFieldFixture, validateProofFieldReport } from '../core/proof-field.mjs';
 import { recordMistake, writeMistakeMemoryReport } from '../core/mistake-memory.mjs';
 import { buildPromptContext } from '../core/prompt-context-builder.mjs';
 import { renderTeamDashboardState, writeTeamDashboardState } from '../core/team-dashboard-renderer.mjs';
@@ -43,11 +45,10 @@ import { GOAL_WORKFLOW_ARTIFACT } from '../core/goal-workflow.mjs';
 import { CODEX_APP_DOCS_URL, codexAppIntegrationStatus, formatCodexAppStatus } from '../core/codex-app.mjs';
 import { buildWarpLaunchConfigYaml, buildWarpLaunchPlan, buildWarpOpenArgs, runWarpLaunchConfigSyntaxCheck, warpReadiness, warpStatusKind, defaultWarpWorkspaceName, formatWarpBanner, launchWarpTeamView, launchWarpUi, platformWarpInstallHint, runWarpStatus, sanitizeWarpWorkspaceName, teamLaneStyle, writeWarpLaunchConfig } from '../core/warp-ui.mjs';
 import { autoReviewProfileName, autoReviewStatus, autoReviewSummary, enableAutoReview, disableAutoReview, enableMadHighProfile, madHighProfileName } from '../core/auto-review.mjs';
-import { buildTeamPlan, codeStructureCommand, defaultBeta, defaultVGraph, evalCommand, gcCommand, goalCommand, gxCommand, harnessCommand, hproofCommand, memoryCommand, migrateWikiContextPack, parseTeamCreateArgs, perfCommand, profileCommand, projectWikiClaims, qaLoopCommand, researchCommand, statsCommand, team, teamWorkflowMarkdown, validateArtifactsCommand, wikiCommand, wikiVoxelRowCount, writeWikiContextPack } from './maintenance-commands.mjs';
+import { buildTeamPlan, codeStructureCommand, dbCommand, defaultBeta, defaultVGraph, evalCommand, gcCommand, goalCommand, gxCommand, harnessCommand, hproofCommand, memoryCommand, migrateWikiContextPack, parseTeamCreateArgs, perfCommand, profileCommand, projectWikiClaims, proofFieldCommand, qaLoopCommand, quickstartCommand, researchCommand, statsCommand, team, teamWorkflowMarkdown, validateArtifactsCommand, wikiCommand, wikiVoxelRowCount, writeWikiContextPack } from './maintenance-commands.mjs';
 
 const flag = (args, name) => args.includes(name);
 const promptOf = (args) => args.filter((x) => !String(x).startsWith('--')).join(' ').trim();
-const REPOSITORY_URL = 'https://github.com/mandarange/Sneakoscope-Codex.git';
 const REFLECTION_ARTIFACT = 'reflection.md';
 const REFLECTION_GATE = 'reflection-gate.json';
 const TEAM_SESSION_CLEANUP_ARTIFACT = 'team-session-cleanup.json';
@@ -76,7 +77,7 @@ export async function main(args) {
   if (cmd === 'commands') return commands(tail);
   if (cmd === 'usage') return usage(tail);
   if (cmd === 'root') return rootCommand(tail);
-  if (cmd === 'quickstart') return quickstart();
+  if (cmd === 'quickstart') return quickstartCommand();
   if (cmd === 'codex-app') return codexAppHelp(tail);
   if (cmd === 'bootstrap') return bootstrap(tail);
   if (cmd === 'deps') return deps(sub, rest);
@@ -102,11 +103,12 @@ export async function main(args) {
   if (cmd === 'hproof') return hproofCommand(sub, rest);
   if (cmd === 'validate-artifacts') return validateArtifactsCommand(tail);
   if (cmd === 'perf') return perfCommand(sub, rest);
+  if (cmd === 'proof-field') return proofFieldCommand(sub, rest);
   if (cmd === 'code-structure') return codeStructureCommand(sub, rest);
   if (cmd === 'memory') return memoryCommand(sub, rest);
   if (cmd === 'gx') return gxCommand(sub, rest);
   if (cmd === 'team') return team(tail);
-  if (cmd === 'db') return db(sub, rest);
+  if (cmd === 'db') return dbCommand(sub, rest);
   if (cmd === 'eval') return evalCommand(sub, rest);
   if (cmd === 'harness') return harnessCommand(sub, rest);
   if (cmd === 'wiki') return wikiCommand(sub, rest);
@@ -178,7 +180,8 @@ Usage:
   sks validate-artifacts [mission-id|latest] [--json]
   sks eval run [--json] [--out report.json]
   sks eval compare --baseline old.json --candidate new.json [--json]
-  sks perf run [--json]
+  sks perf run|workflow [--json] [--intent "task"] [--changed file1,file2]
+  sks proof-field scan [--json] [--intent "task"]
   sks harness fixture [--json]
   sks code-structure scan [--json]
   sks wiki coords --rgba 12,34,56,255
@@ -812,15 +815,16 @@ async function materializeAfterPipelineAnswer(root, id, dir, mission, route, rou
       passed: false,
       mad_sks_permission_active: true,
       permissions_deactivated: false,
-      table_delete_confirmation_required: true,
-      table_delete_confirmation_timeout_ms: 30000,
+      supabase_mcp_schema_cleanup_allowed: true,
+      direct_execute_sql_allowed: true,
+      catastrophic_safety_guard_active: true,
       contract_hash: contract.sealed_hash || null
     });
     await appendJsonlBounded(path.join(dir, 'events.jsonl'), {
       ts: nowIso(),
       type: 'mad_sks.scoped_permission_opened',
       route: route.id,
-      table_delete_confirmation_timeout_ms: 30000
+      catastrophic_safety_guard_active: true
     });
     return {
       phase: 'MADSKS_SCOPED_PERMISSION_ACTIVE',
@@ -830,7 +834,9 @@ async function materializeAfterPipelineAnswer(root, id, dir, mission, route, rou
         mad_sks_modifier: true,
         mad_sks_gate_file: 'mad-sks-gate.json',
         mad_sks_gate_ready: true,
-        table_delete_confirmation_timeout_ms: 30000
+        supabase_mcp_schema_cleanup_allowed: true,
+        direct_execute_sql_allowed: true,
+        catastrophic_safety_guard_active: true
       }
     };
   }
@@ -901,8 +907,9 @@ async function materializeMadSksAuthorization(dir, id, route, routeContext = {},
     status: 'active',
     active_only_for_current_route: true,
     deactivates_when_gate_passed: gateFile,
-    table_delete_confirmation_required: true,
-    table_delete_confirmation_timeout_ms: 30000,
+    supabase_mcp_schema_cleanup_allowed: true,
+    direct_execute_sql_allowed: true,
+    catastrophic_safety_guard_active: true,
     contract_hash: contract.sealed_hash || null
   };
   await writeJsonAtomic(path.join(dir, 'mad-sks-authorization.json'), artifact);
@@ -911,13 +918,15 @@ async function materializeMadSksAuthorization(dir, id, route, routeContext = {},
     type: 'mad_sks.modifier_authorization_opened',
     route: route?.id || null,
     gate: gateFile,
-    table_delete_confirmation_timeout_ms: 30000
+    catastrophic_safety_guard_active: true
   });
   return {
     mad_sks_active: true,
     mad_sks_modifier: true,
     mad_sks_gate_file: gateFile,
-    table_delete_confirmation_timeout_ms: 30000
+    supabase_mcp_schema_cleanup_allowed: true,
+    direct_execute_sql_allowed: true,
+    catastrophic_safety_guard_active: true
   };
 }
 
@@ -1346,60 +1355,6 @@ async function autoReviewCommand(sub = 'status', args = []) {
   process.exitCode = 1;
 }
 
-function quickstart() {
-  console.log(`ㅅㅋㅅ Quickstart
-
-First install and bootstrap this project:
-  npm i -g sneakoscope
-  sks root
-  sks bootstrap
-  sks
-
-Use outside a project:
-  sks root
-  sks deps check
-  sks team "global mission"
-
-If warp is missing:
-  sks deps install warp
-
-Initialize this project for CLI and Codex App:
-  sks setup --bootstrap
-
-Open from terminal:
-  sks
-  sks --auto-review --high
-  sks auto-review start --high
-
-Verify:
-  sks deps check
-  sks codex-app check
-  sks warp check
-  sks auto-review status
-  sks doctor --fix
-  sks context7 check
-  sks selftest --mock
-  sks commands
-  sks dollar-commands
-
-If hooks cannot find the command:
-  sks fix-path
-
-Project-only install:
-  npm i -D sneakoscope
-  npx sks setup --install-scope project
-
-Local-only install artifacts:
-  sks setup --local-only
-  # writes generated SKS files but excludes .sneakoscope/, .codex/, .agents/, AGENTS.md through .git/info/exclude
-  # user-owned AGENTS.md is preserved; an existing SKS managed block is refreshed
-
-GitHub install for unreleased commits:
-  npm i -g git+${REPOSITORY_URL}
-  sks bootstrap
-`);
-}
-
 async function codexAppHelp(args = []) {
   const action = args[0] || 'help';
   if (action === 'check' || action === 'status') {
@@ -1430,6 +1385,7 @@ async function codexAppHelp(args = []) {
     `Skills: project=${skills.project.ok ? 'ok' : `missing ${skills.project.missing.length}`} global=${skills.global.ok ? 'ok' : `missing ${skills.global.missing.length}`}`, '',
     'Setup:', '  sks bootstrap', '  sks deps check', '  sks codex-app check', '  sks warp check', '',
     'Generated files:', '  .codex/config.toml', '  .codex/hooks.json', '  .agents/skills/', '  .codex/agents/', '  .codex/SNEAKOSCOPE.md', '  AGENTS.md', '',
+    'Git ignore:', '  default setup writes .gitignore entries for .sneakoscope/, .codex/, .agents/, AGENTS.md', '  --local-only writes those patterns to .git/info/exclude instead', '',
     'Prompt routes:', formatDollarCommandsCompact('  ')
   ].join('\n'));
 }
@@ -1609,6 +1565,7 @@ async function setup(args) {
   console.log(`Hooks:     ${path.relative(root, hooksPath)}`);
   console.log(`Version:   ${versioningInfo.enabled ? (versioningInfo.hook_installed ? 'auto-bump enabled' : 'auto-bump hook missing') : 'not enabled'}${versioningInfo.package_version ? ` (${versioningInfo.package_version})` : ''}`);
   if (localOnly) console.log('Git:       local-only (.git/info/exclude; user AGENTS preserved, SKS managed block refreshed)');
+  else console.log('Git:       .gitignore ignores SKS generated files');
   console.log(`Codex App: .codex/config.toml, .codex/hooks.json, .agents/skills, .codex/agents, .codex/SNEAKOSCOPE.md`);
   console.log(`Global $:  ${globalSkills.status === 'installed' ? 'ok' : globalSkills.status} ${globalSkills.root || ''}`.trimEnd());
   console.log(`App tools: ${appRuntime.ok ? 'ok' : 'needs setup'} Codex App=${appRuntime.app.installed ? 'ok' : 'missing'} Browser Use=${appRuntime.mcp.has_browser_use ? 'ok' : 'missing'} Computer Use=${appRuntime.mcp.has_computer_use ? 'ok' : 'missing'}`);
@@ -1804,6 +1761,7 @@ async function init(args) {
   console.log(`Initialized ㅅㅋㅅ in ${root}`);
   console.log(`Install scope: ${installScope} (${sksCommandPrefix(installScope, { globalCommand })})`);
   if (localOnly) console.log('Git mode: local-only (.git/info/exclude)');
+  else console.log('Git mode: shared .gitignore');
   for (const x of res.created) console.log(`- ${x}`);
 }
 
@@ -2012,9 +1970,11 @@ async function selftest() {
   await writeJsonAtomic(path.join(postinstallBootstrapTmp, 'package.json'), { name: 'postinstall-bootstrap-smoke', version: '0.0.0' });
   const postinstallBootstrap = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'postinstall'], { cwd: postinstallBootstrapTmp, input: 'y\n', env: { INIT_CWD: postinstallBootstrapTmp, HOME: path.join(postinstallBootstrapTmp, 'home'), SKS_SKIP_POSTINSTALL_SHIM: '1', SKS_SKIP_POSTINSTALL_CONTEXT7: '1', SKS_SKIP_POSTINSTALL_GLOBAL_SKILLS: '1', SKS_SKIP_CLI_TOOLS: '1', SKS_POSTINSTALL_PROMPT: '1' }, timeoutMs: 30000, maxOutputBytes: 256 * 1024 });
   if (postinstallBootstrap.code !== 0 || !String(postinstallBootstrap.stdout || '').includes('SKS Ready')) throw new Error(`selftest failed: approved postinstall bootstrap did not run: ${postinstallBootstrap.stderr}`);
-  for (const rel of ['.agents/skills/team/SKILL.md', '.codex/config.toml', '.codex/hooks.json', '.sneakoscope/harness-guard.json', '.codex/SNEAKOSCOPE.md', 'AGENTS.md']) {
+  for (const rel of ['.agents/skills/team/SKILL.md', '.codex/config.toml', '.codex/hooks.json', '.sneakoscope/harness-guard.json', '.codex/SNEAKOSCOPE.md', 'AGENTS.md', '.gitignore']) {
     if (!(await exists(path.join(postinstallBootstrapTmp, rel)))) throw new Error(`selftest failed: bootstrap did not create ${rel}`);
   }
+  const postinstallBootstrapGitignore = await safeReadText(path.join(postinstallBootstrapTmp, '.gitignore'));
+  if (!postinstallBootstrapGitignore.includes('.sneakoscope/') || !postinstallBootstrapGitignore.includes('.codex/') || !postinstallBootstrapGitignore.includes('.agents/') || !postinstallBootstrapGitignore.includes('AGENTS.md')) throw new Error('selftest failed: bootstrap did not ignore SKS generated files');
   const bootstrapJsonTmp = tmpdir();
   await writeJsonAtomic(path.join(bootstrapJsonTmp, 'package.json'), { name: 'bootstrap-json-smoke', version: '0.0.0' });
   const bootstrapJson = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'bootstrap', '--json'], { cwd: bootstrapJsonTmp, env: { HOME: path.join(bootstrapJsonTmp, 'home'), SKS_SKIP_POSTINSTALL_GLOBAL_SKILLS: '1', SKS_SKIP_CLI_TOOLS: '1' }, timeoutMs: 30000, maxOutputBytes: 256 * 1024 });
@@ -2135,10 +2095,19 @@ async function selftest() {
   await initProject(localOnlyTmp, { localOnly: true });
   const localExclude = await safeReadText(path.join(localOnlyTmp, '.git', 'info', 'exclude'));
   if (!localExclude.includes('.codex/') || !localExclude.includes('AGENTS.md')) throw new Error('selftest failed: local-only git excludes missing');
+  if (await exists(path.join(localOnlyTmp, '.gitignore'))) throw new Error('selftest failed: local-only wrote shared .gitignore');
   const localAgents = await safeReadText(path.join(localOnlyTmp, 'AGENTS.md'));
   if (localAgents.trim() !== 'existing local rules') throw new Error('selftest failed: local-only modified existing AGENTS.md');
   const localManifest = await readJson(path.join(localOnlyTmp, '.sneakoscope', 'manifest.json'));
   if (!localManifest.git?.local_only) throw new Error('selftest failed: local-only manifest missing');
+  const gitignoreTmp = tmpdir();
+  await writeTextAtomic(path.join(gitignoreTmp, '.gitignore'), 'node_modules/\n.sneakoscope/\n');
+  await initProject(gitignoreTmp, {});
+  const gitignoreText = await safeReadText(path.join(gitignoreTmp, '.gitignore'));
+  if (!gitignoreText.includes('node_modules/') || !gitignoreText.includes('# BEGIN Sneakoscope Codex generated files') || !gitignoreText.includes('.codex/') || !gitignoreText.includes('.agents/') || !gitignoreText.includes('AGENTS.md')) throw new Error('selftest failed: shared .gitignore did not preserve existing entries and add SKS patterns');
+  await initProject(gitignoreTmp, {});
+  const gitignoreTextSecond = await safeReadText(path.join(gitignoreTmp, '.gitignore'));
+  if ((gitignoreTextSecond.match(/BEGIN Sneakoscope Codex generated files/g) || []).length !== 1) throw new Error('selftest failed: shared .gitignore managed block duplicated');
   const managedAgentsTmp = tmpdir();
   await ensureDir(path.join(managedAgentsTmp, '.git'));
   await writeTextAtomic(path.join(managedAgentsTmp, 'AGENTS.md'), '<!-- BEGIN Sneakoscope Codex GX MANAGED BLOCK -->\nold managed rules\n<!-- END Sneakoscope Codex GX MANAGED BLOCK -->\n');
@@ -2904,17 +2873,17 @@ async function selftest() {
   const madMission = await createMission(tmp, { mode: 'mad-sks', prompt: '$MAD-SKS selftest scoped DB override' });
   await writeJsonAtomic(path.join(madMission.dir, 'team-gate.json'), { schema_version: 1, passed: false, team_roster_confirmed: true });
   const madState = { mission_id: madMission.id, mode: 'TEAM', route_command: '$Team', stop_gate: 'team-gate.json', mad_sks_active: true, mad_sks_modifier: true, mad_sks_gate_file: 'team-gate.json' };
+  const columnCleanupSql = 'alter table users ' + 'dr' + 'op column legacy_name;';
+  const madColumnCleanupDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: columnCleanupSql }, { duringNoQuestion: false });
+  if (madColumnCleanupDecision.action !== 'allow') throw new Error('selftest failed: MAD-SKS column cleanup was not allowed');
   const tableRemovalSql = 'dr' + 'op table users;';
-  const madNeedsConfirmation = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringNoQuestion: false });
-  if (madNeedsConfirmation.action !== 'confirm') throw new Error('selftest failed: MAD-SKS table deletion did not require confirmation');
-  await setCurrent(tmp, madState);
-  const madConfirmation = await handleMadSksUserConfirmation(tmp, madState, 'yes');
-  if (!madConfirmation?.handled) throw new Error('selftest failed: MAD-SKS confirmation was not accepted');
-  const madConfirmedState = await readJson(stateFile(tmp), {});
-  const madConfirmedDecision = await checkDbOperation(tmp, madConfirmedState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringNoQuestion: false });
-  if (madConfirmedDecision.action !== 'allow') throw new Error('selftest failed: MAD-SKS confirmed table deletion was not allowed in the short confirmation window');
+  const madTableRemovalDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringNoQuestion: false });
+  if (madTableRemovalDecision.action !== 'block') throw new Error('selftest failed: MAD-SKS catastrophic table removal was not blocked');
+  const allRowsSql = 'de' + 'lete from users;';
+  const madAllRowsDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: allRowsSql }, { duringNoQuestion: false });
+  if (madAllRowsDecision.action !== 'block') throw new Error('selftest failed: MAD-SKS all-row DML was not blocked');
   await writeJsonAtomic(path.join(madMission.dir, 'team-gate.json'), { schema_version: 1, passed: true, team_roster_confirmed: true, permissions_deactivated: true });
-  const madClosedDecision = await checkDbOperation(tmp, madConfirmedState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringNoQuestion: false });
+  const madClosedDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: columnCleanupSql }, { duringNoQuestion: false });
   if (madClosedDecision.action !== 'block') throw new Error('selftest failed: MAD-SKS permission persisted after gate close');
   const nonDbDecision = await checkDbOperation(tmp, {}, { command: 'npm test' }, { duringNoQuestion: true });
   if (nonDbDecision.action !== 'allow') throw new Error('selftest failed: non-DB command blocked by DB guard');
@@ -2924,6 +2893,15 @@ async function selftest() {
   if (evalReport.candidate.wiki?.voxel_schema !== 'sks.wiki-voxel.v1' || evalReport.candidate.wiki?.voxel_rows < 1) throw new Error('selftest failed: eval did not include voxel overlay metrics');
   const harnessReport = harnessGrowthReport({});
   if (!harnessReport.forgetting.fixture.passed || !harnessReport.warp.views.includes('Harness Experiments View') || !harnessReport.reliability.tool_error_taxonomy.includes('Unknown')) throw new Error('selftest failed: harness growth fixture incomplete');
+  const proofField = await proofFieldFixture();
+  if (!proofField.validation.ok || !validateProofFieldReport(proofField.report).ok) throw new Error('selftest failed: proof field report invalid');
+  if (!proofField.checks.route_cone_selected || !proofField.checks.cli_cone_selected || !proofField.checks.catastrophic_guard_present || !proofField.checks.negative_release_work_recorded) throw new Error('selftest failed: proof field fixture checks incomplete');
+  const workflowPerf = await runWorkflowPerfBench(tmp, {
+    iterations: 2,
+    intent: 'small CLI help surface update',
+    changedFiles: ['src/cli/maintenance-commands.mjs', 'src/core/routes.mjs']
+  });
+  if (!validateWorkflowPerfReport(workflowPerf).ok || workflowPerf.metrics.decision_mode !== 'fast_lane' || !workflowPerf.metrics.fast_lane_eligible) throw new Error('selftest failed: workflow perf proof field did not produce a valid fast lane report');
   if (classifyToolError({ message: 'operation timed out' }) !== 'Timeout' || classifyToolError({ message: 'unclassified weirdness' }) !== 'Unknown') throw new Error('selftest failed: tool error taxonomy classification');
   const coord = rgbaToWikiCoord({ r: 12, g: 34, b: 56, a: 255 });
   if (coord.schema !== 'sks.wiki-coordinate.v1' || coord.xyzw.length !== 4) throw new Error('selftest failed: RGBA wiki coordinate conversion');
@@ -2995,49 +2973,3 @@ async function selftest() {
   console.log('ㅅㅋㅅ selftest passed.');
   console.log(`temp: ${tmp}`);
 }
-
-async function db(sub, args) {
-  const root = await sksRoot();
-  if (sub === 'policy') {
-    console.log(JSON.stringify(await loadDbSafetyPolicy(root), null, 2));
-    return;
-  }
-  if (sub === 'scan') {
-    const report = await scanDbSafety(root, { includeMigrations: flag(args, '--migrations') });
-    console.log(JSON.stringify(report, null, 2));
-    process.exitCode = report.ok ? 0 : 2;
-    return;
-  }
-  if (sub === 'mcp-config') {
-    const projectIdx = args.indexOf('--project-ref');
-    const featuresIdx = args.indexOf('--features');
-    const projectRef = projectIdx >= 0 ? args[projectIdx + 1] : '<project_ref>';
-    const features = featuresIdx >= 0 ? args[featuresIdx + 1] : 'database,docs';
-    console.log(JSON.stringify(safeSupabaseMcpConfig({ projectRef, readOnly: true, features }), null, 2));
-    return;
-  }
-  if (sub === 'classify' || sub === 'check') {
-    const sqlIdx = args.indexOf('--sql');
-    const commandIdx = args.indexOf('--command');
-    const fileIdx = args.indexOf('--file');
-    let result;
-    if (fileIdx >= 0 && args[fileIdx + 1]) result = await checkSqlFile(path.resolve(args[fileIdx + 1]));
-    else if (commandIdx >= 0 && args[commandIdx + 1]) result = classifyCommand(args[commandIdx + 1]);
-    else if (sqlIdx >= 0 && args[sqlIdx + 1]) result = classifySql(args[sqlIdx + 1]);
-    else if (sub === 'check' && args[0]) result = await checkSqlFile(path.resolve(args[0]));
-    else result = classifySql(args.join(' ').trim());
-    console.log(JSON.stringify(result, null, 2));
-    process.exitCode = ['destructive', 'write', 'possible_db'].includes(result.level) ? 2 : 0;
-    return;
-  }
-  if (sub === 'scan-payload') {
-    const raw = await fsp.readFile(0, 'utf8');
-    const payload = raw.trim() ? JSON.parse(raw) : {};
-    const decision = await checkDbOperation(root, {}, payload, { duringNoQuestion: false });
-    console.log(JSON.stringify(decision, null, 2));
-    process.exitCode = decision.action === 'block' ? 2 : 0;
-    return;
-  }
-  console.error('Usage: sks db policy | db scan [--migrations] | db mcp-config --project-ref <id> | db check --sql "..." | db check --command "..." | db check --file file.sql');
-  process.exitCode = 1;
-}

package/src/cli/maintenance-commands.mjs

@@ -23,22 +23,80 @@ import { writeEffortDecision } from '../core/effort-orchestrator.mjs';
 import { createWorkOrderLedger, writeWorkOrderLedger } from '../core/work-order-ledger.mjs';
 import { writeFromChatImgArtifacts } from '../core/from-chat-img-forensics.mjs';
 import { renderTeamDashboardState, writeTeamDashboardState } from '../core/team-dashboard-renderer.mjs';
-import { runPerfBench } from '../core/perf-bench.mjs';
+import { runPerfBench, runWorkflowPerfBench } from '../core/perf-bench.mjs';
+import { writeProofFieldReport } from '../core/proof-field.mjs';
 import { GOAL_BRIDGE_ARTIFACT, GOAL_WORKFLOW_ARTIFACT, updateGoalWorkflow, writeGoalWorkflow } from '../core/goal-workflow.mjs';
 import { scanCodeStructure, writeCodeStructureReport } from '../core/code-structure.mjs';
 import { writeMemorySweepReport } from '../core/memory-governor.mjs';
 import { cleanupWarpTeamView, launchWarpTeamView } from '../core/warp-ui.mjs';
 import { writeSkillForgeReport } from '../core/skill-forge.mjs';
 import { writeMistakeMemoryReport } from '../core/mistake-memory.mjs';
-import { scanDbSafety } from '../core/db-safety.mjs';
+import { checkDbOperation, checkSqlFile, classifyCommand, classifySql, loadDbSafetyPolicy, safeSupabaseMcpConfig, scanDbSafety } from '../core/db-safety.mjs';
 import { harnessGrowthReport, writeHarnessGrowthReport } from '../core/evaluation.mjs';
 
 const flag = (args, name) => args.includes(name);
 const promptOf = (args) => args.filter((x) => !String(x).startsWith('--')).join(' ').trim();
 const TEAM_SESSION_CLEANUP_ARTIFACT = 'team-session-cleanup.json';
+const REPOSITORY_URL = 'https://github.com/mandarange/Sneakoscope-Codex.git';
 
 async function resolveMissionId(root, arg) { return (!arg || arg === 'latest') ? findLatestMission(root) : arg; }
 
+export function quickstartCommand() {
+  console.log(`ㅅㅋㅅ Quickstart
+
+First install and bootstrap this project:
+  npm i -g sneakoscope
+  sks root
+  sks bootstrap
+  sks
+
+Use outside a project:
+  sks root
+  sks deps check
+  sks team "global mission"
+
+If warp is missing:
+  sks deps install warp
+
+Initialize this project for CLI and Codex App:
+  sks setup --bootstrap
+
+Open from terminal:
+  sks
+  sks --auto-review --high
+  sks auto-review start --high
+
+Verify:
+  sks deps check
+  sks codex-app check
+  sks warp check
+  sks auto-review status
+  sks doctor --fix
+  sks context7 check
+  sks selftest --mock
+  sks commands
+  sks dollar-commands
+
+If hooks cannot find the command:
+  sks fix-path
+
+Project-only install:
+  npm i -D sneakoscope
+  npx sks setup --install-scope project
+
+Local-only install artifacts:
+  sks setup --local-only
+  # writes generated SKS files but excludes .sneakoscope/, .codex/, .agents/, AGENTS.md through .git/info/exclude
+  # user-owned AGENTS.md is preserved; an existing SKS managed block is refreshed
+
+Default project setup writes the same SKS generated-file patterns into the project .gitignore.
+
+GitHub install for unreleased commits:
+  npm i -g git+${REPOSITORY_URL}
+  sks bootstrap
+`);
+}
+
 export async function researchCommand(sub, args) {
   if (sub === 'prepare') return researchPrepare(args);
   if (sub === 'run') return researchRun(args);
@@ -385,6 +443,52 @@ export async function hproofCommand(sub, args) {
   console.log(JSON.stringify(await evaluateDoneGate(root, id), null, 2));
 }
 
+export async function dbCommand(sub, args = []) {
+  const root = await sksRoot();
+  if (sub === 'policy') {
+    console.log(JSON.stringify(await loadDbSafetyPolicy(root), null, 2));
+    return;
+  }
+  if (sub === 'scan') {
+    const report = await scanDbSafety(root, { includeMigrations: flag(args, '--migrations') });
+    console.log(JSON.stringify(report, null, 2));
+    process.exitCode = report.ok ? 0 : 2;
+    return;
+  }
+  if (sub === 'mcp-config') {
+    const projectIdx = args.indexOf('--project-ref');
+    const featuresIdx = args.indexOf('--features');
+    const projectRef = projectIdx >= 0 ? args[projectIdx + 1] : '<project_ref>';
+    const features = featuresIdx >= 0 ? args[featuresIdx + 1] : 'database,docs';
+    console.log(JSON.stringify(safeSupabaseMcpConfig({ projectRef, readOnly: true, features }), null, 2));
+    return;
+  }
+  if (sub === 'classify' || sub === 'check') {
+    const sqlIdx = args.indexOf('--sql');
+    const commandIdx = args.indexOf('--command');
+    const fileIdx = args.indexOf('--file');
+    let result;
+    if (fileIdx >= 0 && args[fileIdx + 1]) result = await checkSqlFile(path.resolve(args[fileIdx + 1]));
+    else if (commandIdx >= 0 && args[commandIdx + 1]) result = classifyCommand(args[commandIdx + 1]);
+    else if (sqlIdx >= 0 && args[sqlIdx + 1]) result = classifySql(args[sqlIdx + 1]);
+    else if (sub === 'check' && args[0]) result = await checkSqlFile(path.resolve(args[0]));
+    else result = classifySql(args.join(' ').trim());
+    console.log(JSON.stringify(result, null, 2));
+    process.exitCode = ['destructive', 'write', 'possible_db'].includes(result.level) ? 2 : 0;
+    return;
+  }
+  if (sub === 'scan-payload') {
+    const raw = await fsp.readFile(0, 'utf8');
+    const payload = raw.trim() ? JSON.parse(raw) : {};
+    const decision = await checkDbOperation(root, {}, payload, { duringNoQuestion: false });
+    console.log(JSON.stringify(decision, null, 2));
+    process.exitCode = decision.action === 'block' ? 2 : 0;
+    return;
+  }
+  console.error('Usage: sks db policy | db scan [--migrations] | db mcp-config --project-ref <id> | db check --sql "..." | db check --command "..." | db check --file file.sql');
+  process.exitCode = 1;
+}
+
 export async function validateArtifactsCommand(args = []) {
   const root = await sksRoot();
   const missionArg = args[0] && !String(args[0]).startsWith('--') ? args[0] : 'latest';
@@ -404,12 +508,32 @@ export async function validateArtifactsCommand(args = []) {
 }
 
 export async function perfCommand(sub, args = []) {
-  if (sub !== 'run') {
-    console.error('Usage: sks perf run [--json] [--iterations N]');
+  if (!['run', 'workflow'].includes(sub)) {
+    console.error('Usage: sks perf run|workflow [--json] [--iterations N] [--intent "task"] [--changed file1,file2]');
     process.exitCode = 1;
     return;
   }
   const root = await sksRoot();
+  if (sub === 'workflow') {
+    const changedRaw = readFlagValue(args, '--changed', null);
+    const report = await runWorkflowPerfBench(root, {
+      iterations: readFlagValue(args, '--iterations', 3),
+      intent: readFlagValue(args, '--intent', positionalArgs(args).join(' ')),
+      changedFiles: changedRaw ? changedRaw.split(',').filter(Boolean) : undefined
+    });
+    const outPath = path.join(root, '.sneakoscope', 'reports', `workflow-perf-${Date.now()}.json`);
+    await writeJsonAtomic(outPath, report);
+    if (flag(args, '--json')) return console.log(JSON.stringify({ ...report, report_path: outPath }, null, 2));
+    console.log('SKS Workflow Performance');
+    console.log(`Mode: ${report.metrics.decision_mode}`);
+    console.log(`Fast lane: ${report.metrics.fast_lane_eligible ? 'yes' : 'no'}`);
+    console.log(`Proof Field p95: ${report.metrics.proof_field_build_ms_p95}ms`);
+    console.log(`Proof cones: ${report.metrics.proof_cone_count}`);
+    console.log(`Negative work skipped: ${report.metrics.negative_work_skipped_count}`);
+    console.log(`Next: ${report.recommendation.next.join('; ')}`);
+    console.log(`Report: ${path.relative(root, outPath)}`);
+    return;
+  }
   const report = await runPerfBench(root, { iterations: readFlagValue(args, '--iterations', 3) });
   const outPath = path.join(root, '.sneakoscope', 'reports', `perf-${Date.now()}.json`);
   await writeJsonAtomic(outPath, report);
@@ -421,6 +545,34 @@ export async function perfCommand(sub, args = []) {
   console.log(`Report: ${path.relative(root, outPath)}`);
 }
 
+export async function proofFieldCommand(sub, args = []) {
+  const action = sub || 'scan';
+  if (!['scan', 'help', '--help'].includes(action)) {
+    console.error('Usage: sks proof-field scan [--json] [--intent "task"] [--changed file1,file2]');
+    process.exitCode = 1;
+    return;
+  }
+  if (action === 'help' || action === '--help') {
+    console.log('Usage: sks proof-field scan [--json] [--intent "task"] [--changed file1,file2]');
+    console.log('Build a Potential Proof Field report: proof cones, negative-work cache, and fast-lane eligibility for the current change set.');
+    return;
+  }
+  const root = await sksRoot();
+  const changedRaw = readFlagValue(args, '--changed', null);
+  const report = await writeProofFieldReport(root, {
+    intent: readFlagValue(args, '--intent', positionalArgs(args).join(' ')),
+    changedFiles: changedRaw ? changedRaw.split(',').filter(Boolean) : undefined
+  });
+  if (flag(args, '--json')) return console.log(JSON.stringify(report, null, 2));
+  console.log('SKS Proof Field');
+  console.log(`Mode: ${report.fast_lane_decision.mode}`);
+  console.log(`Eligible: ${report.fast_lane_decision.eligible ? 'yes' : 'no'}`);
+  if (report.fast_lane_decision.blockers.length) console.log(`Blockers: ${report.fast_lane_decision.blockers.join(', ')}`);
+  console.log(`Proof cones: ${report.proof_cones.map((cone) => cone.id).join(', ')}`);
+  console.log(`Verification: ${report.fast_lane_decision.verification.join('; ')}`);
+  console.log(`Report: ${path.relative(root, report.report_path)}`);
+}
+
 export async function harnessCommand(sub, args = []) {
   const action = sub || 'fixture';
   if (!['fixture', 'review'].includes(action)) {
@@ -1084,7 +1236,7 @@ export async function statsCommand(args) {
 
 function positionalArgs(args = []) {
   const out = [];
-  const valueFlags = new Set(['--format', '--iterations', '--out', '--baseline', '--candidate', '--install-scope', '--max-cycles', '--depth', '--scope', '--transport', '--query', '--topic', '--tokens', '--timeout-ms', '--sql', '--command', '--project-ref', '--agent', '--phase', '--message', '--role', '--max-anchors', '--lines']);
+  const valueFlags = new Set(['--format', '--iterations', '--out', '--baseline', '--candidate', '--install-scope', '--max-cycles', '--depth', '--scope', '--transport', '--query', '--topic', '--tokens', '--timeout-ms', '--sql', '--command', '--project-ref', '--agent', '--phase', '--message', '--role', '--max-anchors', '--lines', '--intent', '--changed']);
   for (let i = 0; i < args.length; i++) {
     const arg = String(args[i]);
     if (valueFlags.has(arg)) {

package/src/core/db-safety.mjs

@@ -226,7 +226,27 @@ function hasTableRemovalRisk(cls = {}) {
     ...(cls.sql?.reasons || []),
     ...(cls.command?.reasons || [])
   ]);
-  return ['drop_table', 'alter_table_drop', 'truncate'].some((reason) => reasons.has(reason));
+  return ['drop_table', 'truncate'].some((reason) => reasons.has(reason));
+}
+
+function hasMadSksCatastrophicDbRisk(cls = {}) {
+  const reasons = new Set([
+    ...(cls.reasons || []),
+    ...(cls.sql?.reasons || []),
+    ...(cls.command?.reasons || [])
+  ]);
+  return [
+    'drop_database',
+    'drop_schema',
+    'drop_table',
+    'truncate',
+    'delete_without_where',
+    'update_without_where',
+    'supabase_db_reset',
+    'prisma_migrate_reset',
+    'postgres_database_admin_command'
+  ].some((reason) => reasons.has(reason))
+    || cls.toolReasons?.includes?.('dangerous_supabase_management_tool');
 }
 
 function isMadSksRouteState(state = {}) {
@@ -259,23 +279,32 @@ export function evaluateDbSafety({ classification, policy = DEFAULT_DB_SAFETY_PO
   if (cls.level === 'safe') return { allowed: true, action: 'allow', reasons: ['read_only_operation'], classification: cls };
   if (cls.level === 'possible_db') return { allowed: !noQuestion, action: noQuestion ? 'block' : 'warn', reasons: noQuestion ? ['unknown_database_operation_blocked_during_no_question_run'] : ['unknown_database_operation'], classification: cls };
   if (madSks?.active && (cls.level === 'write' || cls.level === 'destructive')) {
-    if (hasTableRemovalRisk(cls) && !madSks.tableDeleteConfirmed) {
+    if (hasMadSksCatastrophicDbRisk(cls)) {
       return {
         allowed: false,
-        action: 'confirm',
-        reasons: ['mad_sks_table_delete_requires_user_confirmation_30s'],
+        action: 'block',
+        reasons: ['mad_sks_catastrophic_db_operation_blocked'],
         classification: cls,
         effective,
-        mad_sks: { active: true, table_delete_confirmation_required: true, timeout_ms: MAD_SKS_TABLE_DELETE_TIMEOUT_MS }
+        mad_sks: {
+          active: true,
+          catastrophic_safety_guard_active: true,
+          blocked_categories: ['whole_database_or_table_removal', 'all_rows_delete_or_update', 'dangerous_project_management']
+        }
       };
     }
     return {
       allowed: true,
       action: 'allow',
-      reasons: hasTableRemovalRisk(cls) ? ['mad_sks_table_delete_confirmed'] : ['mad_sks_scoped_override_active'],
+      reasons: ['mad_sks_scoped_override_active'],
       classification: cls,
       effective,
-      mad_sks: { active: true, table_delete_confirmed_until: madSks.tableDeleteConfirmedUntil || null }
+      mad_sks: {
+        active: true,
+        sks_db_constraints_removed: true,
+        catastrophic_safety_guard_active: true,
+        supabase_mcp_schema_cleanup_allowed: true
+      }
     };
   }
   if (cls.level === 'destructive') reasons.push('destructive_database_operation_blocked_always');
@@ -384,6 +413,13 @@ export async function checkSqlFile(file) {
 }
 
 export function dbBlockReason(decision) {
+  if ((decision.reasons || []).includes('mad_sks_catastrophic_db_operation_blocked')) {
+    return [
+      'Sneakoscope Codex MAD-SKS catastrophic database safeguard blocked this operation.',
+      'MAD-SKS opens Supabase MCP column/schema cleanup, direct execute SQL, and normal DB writes only while the mission gate is active.',
+      'Whole database/table removal, all-row value wipes, database reset, and dangerous project or branch management remain blocked.'
+    ].join(' ');
+  }
   if ((decision.reasons || []).includes('mad_sks_table_delete_requires_user_confirmation_30s')) {
     return [
       'Sneakoscope Codex MAD-SKS gate paused a table deletion operation.',

package/src/core/decision-contract.mjs

@@ -87,21 +87,23 @@ export function buildDecisionContract({ mission, schema, answers }) {
       mad_sks_mode: madSks ? 'explicit_invocation_only' : false,
       production_database_writes_allowed: madSks ? 'mad_sks_scoped' : false,
       mcp_direct_execute_sql_writes_allowed: madSks ? 'mad_sks_scoped' : false,
-      db_reset_allowed: madSks ? 'mad_sks_scoped' : false,
-      db_drop_allowed: madSks ? 'requires_table_delete_confirmation_when_table_removal' : false,
-      db_truncate_allowed: madSks ? 'requires_table_delete_confirmation_when_table_removal' : false,
+      db_reset_allowed: false,
+      db_drop_allowed: madSks ? 'column_and_non_catastrophic_schema_cleanup_only' : false,
+      db_truncate_allowed: false,
       db_mass_delete_update_allowed: madSks ? 'mad_sks_scoped' : false
     },
     database_safety: {
-      policy: madSks ? 'mad_sks_scoped_override_table_delete_confirmation_required' : 'destructive_denied_always',
+      policy: madSks ? 'mad_sks_scoped_override_with_catastrophic_db_guard' : 'destructive_denied_always',
       supabase_mcp_recommended_url: 'https://mcp.supabase.com/mcp?project_ref=<project_ref>&read_only=true&features=database,docs',
       allowed_targets_for_write: madSks ? ['main_branch', 'production', 'local_dev', 'preview_branch', 'supabase_branch'] : ['local_dev', 'preview_branch', 'supabase_branch'],
-      forbidden_operations: madSks ? ['TABLE_REMOVAL_WITHOUT_RUNTIME_CONFIRMATION'] : ['DROP', 'TRUNCATE', 'DELETE_WITHOUT_WHERE', 'UPDATE_WITHOUT_WHERE', 'DB_RESET', 'DB_PUSH', 'PROJECT_DELETE', 'BRANCH_RESET_OR_MERGE_OR_DELETE', 'DISABLE_RLS', 'BROAD_GRANT_REVOKE'],
+      forbidden_operations: madSks ? ['DROP_DATABASE', 'DROP_SCHEMA', 'DROP_TABLE', 'TRUNCATE', 'DELETE_WITHOUT_WHERE', 'UPDATE_WITHOUT_WHERE', 'DB_RESET', 'PROJECT_DELETE', 'BRANCH_RESET_OR_MERGE_OR_DELETE'] : ['DROP', 'TRUNCATE', 'DELETE_WITHOUT_WHERE', 'UPDATE_WITHOUT_WHERE', 'DB_RESET', 'DB_PUSH', 'PROJECT_DELETE', 'BRANCH_RESET_OR_MERGE_OR_DELETE', 'DISABLE_RLS', 'BROAD_GRANT_REVOKE'],
       mad_sks_scope: madSks ? {
         active_only_when_prompt_contains: '$MAD-SKS',
         may_combine_with_primary_route: true,
         deactivates_when_active_mission_gate_passes: true,
-        table_delete_confirmation_timeout_ms: 30000
+        supabase_mcp_schema_cleanup_allowed: true,
+        direct_execute_sql_allowed: true,
+        catastrophic_safety_guard_active: true
       } : null,
       migration_apply_allowed: answers.DB_MIGRATION_APPLY_ALLOWED || 'no',
       read_only_query_limit: answers.DB_READ_ONLY_QUERY_LIMIT || '1000'

package/src/core/fsx.mjs

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 
-export const PACKAGE_VERSION = '0.6.85';
+export const PACKAGE_VERSION = '0.6.89';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
 

package/src/core/init.mjs

@@ -9,6 +9,8 @@ import { installVersionGitHook } from './version-manager.mjs';
 import { CODEX_COMPUTER_USE_ONLY_POLICY, DOLLAR_COMMANDS, DOLLAR_COMMAND_ALIASES, DOLLAR_SKILL_NAMES, FROM_CHAT_IMG_CHECKLIST_ARTIFACT, FROM_CHAT_IMG_COVERAGE_ARTIFACT, FROM_CHAT_IMG_QA_LOOP_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS, RECOMMENDED_MCP_SERVERS, RECOMMENDED_SKILLS, chatCaptureIntakeText, context7ConfigToml, stackCurrentDocsPolicyText, triwikiContextTracking, triwikiContextTrackingText, triwikiStagePolicyText } from './routes.mjs';
 
 const REFLECTION_MEMORY_PATH = '.sneakoscope/memory/q2_facts/post-route-reflection.md';
+const SKS_GENERATED_GIT_PATTERNS = ['.sneakoscope/', '.codex/', '.agents/', 'AGENTS.md'];
+
 function reflectionInstructionText(commandPrefix = 'sks') {
   return `Post-route reflection: full routes load \`reflection\` after work/tests and before final; DFix/Answer/Help/Wiki/SKS discovery are exempt. Write reflection.md; record only real misses/gaps, or no_issue_acknowledged. For lessons, append TriWiki claim rows to ${REFLECTION_MEMORY_PATH}. Run "${commandPrefix} wiki refresh" or pack, validate, then pass reflection-gate.json.`;
 }
@@ -107,7 +109,9 @@ export async function initProject(root, opts = {}) {
   ];
   for (const d of dirs) await ensureDir(path.join(root, d));
   const localExclude = localOnly ? await ensureLocalOnlyGitExclude(root) : null;
+  const sharedIgnore = localOnly ? null : await ensureSharedGitIgnore(root);
   if (localExclude?.path) created.push(`${path.relative(root, localExclude.path)} local-only excludes`);
+  if (sharedIgnore?.changed) created.push(`${path.relative(root, sharedIgnore.path)} SKS generated files ignore`);
 
   await writeJsonAtomic(path.join(sine, 'manifest.json'), {
     package: 'sneakoscope',
@@ -165,6 +169,8 @@ export async function initProject(root, opts = {}) {
     },
     git: {
       local_only: localOnly,
+      ignore_path: sharedIgnore?.path ? path.relative(root, sharedIgnore.path) : null,
+      ignored_patterns: sharedIgnore?.patterns || [],
       exclude_path: localExclude?.path ? path.relative(root, localExclude.path) : null,
       excluded_patterns: localExclude?.patterns || [],
       versioning: {
@@ -198,6 +204,8 @@ export async function initProject(root, opts = {}) {
       git: {
         ...(policy.git || {}),
         local_only: localOnly || Boolean(policy.git?.local_only),
+        ignore_path: sharedIgnore?.path ? path.relative(root, sharedIgnore.path) : policy.git?.ignore_path || null,
+        ignored_patterns: sharedIgnore?.patterns || policy.git?.ignored_patterns || [],
         exclude_path: localExclude?.path ? path.relative(root, localExclude.path) : policy.git?.exclude_path || null,
         excluded_patterns: localExclude?.patterns || policy.git?.excluded_patterns || [],
         versioning: {
@@ -267,6 +275,8 @@ export async function initProject(root, opts = {}) {
       installation: installPolicy(scope, commandPrefix),
       git: {
         local_only: localOnly,
+        ignore_path: sharedIgnore?.path ? path.relative(root, sharedIgnore.path) : null,
+        ignored_patterns: sharedIgnore?.patterns || [],
         exclude_path: localExclude?.path ? path.relative(root, localExclude.path) : null,
         excluded_patterns: localExclude?.patterns || [],
         versioning: {
@@ -445,10 +455,33 @@ policy = "Deny destructive database operations, credential exfiltration, persist
   return { created };
 }
 
+async function ensureSharedGitIgnore(root) {
+  const patterns = SKS_GENERATED_GIT_PATTERNS;
+  const ignorePath = path.join(root, '.gitignore');
+  const markerStart = '# BEGIN Sneakoscope Codex generated files';
+  const markerEnd = '# END Sneakoscope Codex generated files';
+  const managedBlock = `${markerStart}\n${patterns.join('\n')}\n${markerEnd}\n`;
+  const current = await readText(ignorePath, '');
+  if (current.includes(markerStart)) {
+    const re = new RegExp(`${escapeRegExp(markerStart)}[\\s\\S]*?${escapeRegExp(markerEnd)}\\n?`);
+    const next = current.replace(re, managedBlock);
+    if (next !== current) await writeTextAtomic(ignorePath, next.endsWith('\n') ? next : `${next}\n`);
+    return { path: ignorePath, patterns, changed: next !== current };
+  }
+  const existing = new Set(current.split(/\r?\n/).map((line) => line.trim()).filter(Boolean));
+  const missing = patterns.filter((pattern) => !existing.has(pattern));
+  if (!missing.length) return { path: ignorePath, patterns, changed: false };
+  const block = missing.length === patterns.length
+    ? managedBlock
+    : `${markerStart}\n${missing.join('\n')}\n${markerEnd}\n`;
+  await writeTextAtomic(ignorePath, `${current.trimEnd()}${current.trim() ? '\n\n' : ''}${block}`);
+  return { path: ignorePath, patterns, changed: true };
+}
+
 async function ensureLocalOnlyGitExclude(root) {
   const gitDir = await resolveGitDir(root);
   if (!gitDir) return { path: null, patterns: [] };
-  const patterns = ['.sneakoscope/', '.codex/', '.agents/', 'AGENTS.md'];
+  const patterns = SKS_GENERATED_GIT_PATTERNS;
   const excludePath = path.join(gitDir, 'info', 'exclude');
   await ensureDir(path.dirname(excludePath));
   const markerStart = '# Sneakoscope Codex local-only generated files';
@@ -505,7 +538,7 @@ export async function installSkills(root) {
     'research': `---\nname: research\ndescription: Dollar-command route for $Research or $research frontier discovery workflows.\n---\n\nUse when the user invokes $Research/$research or asks for research, hypotheses, new mechanisms, falsification, or testable predictions. Prefer sks research prepare and sks research run. Do not use for ordinary code edits.\n`,
     'autoresearch': `---\nname: autoresearch\ndescription: Dollar-command route for $AutoResearch or $autoresearch iterative experiment loops.\n---\n\nUse for $AutoResearch, iterative improvement, SEO/GEO, ranking, workflow, benchmark, or experiments. Define program, hypothesis, experiment, metric, keep/discard, falsification, next step, and Honest Mode. Load seo-geo-optimizer for README/npm/GitHub/schema/AI-search work.\n`,
     'db': `---\nname: db\ndescription: Dollar-command route for $DB or $db database and Supabase safety checks.\n---\n\nUse when the user invokes $DB/$db or the task touches SQL, Supabase, Postgres, migrations, Prisma, Drizzle, Knex, MCP database tools, or production data. Run or follow sks db policy, sks db scan, sks db classify, and sks db check. Destructive database operations remain forbidden.\n`,
-    'mad-sks': `---\nname: mad-sks\ndescription: Explicit high-risk authorization modifier for $MAD-SKS scoped Supabase MCP DB permission widening.\n---\n\nUse only when the user explicitly invokes $MAD-SKS. It can be combined with another route, such as $MAD-SKS $Team or $DB ... $MAD-SKS; in that case the other command remains the primary workflow and MAD-SKS is only the temporary permission grant. The widened DB permission applies only while the active mission gate is open, and must be deactivated when the task ends. Table deletion remains special: pause, ask the user for explicit confirmation, and abort that operation if no confirmation arrives within about 30 seconds. Do not carry MAD-SKS permission into later prompts or routes.\n`,
+    'mad-sks': `---\nname: mad-sks\ndescription: Explicit high-risk authorization modifier for $MAD-SKS scoped Supabase MCP DB permission widening.\n---\n\nUse only when the user explicitly invokes $MAD-SKS. It can be combined with another route, such as $MAD-SKS $Team or $DB ... $MAD-SKS; in that case the other command remains the primary workflow and MAD-SKS is only the temporary permission grant. The widened DB permission applies only while the active mission gate is open, must be deactivated when the task ends, and opens Supabase MCP column/schema cleanup, direct execute SQL, and normal DB write permissions. Keep only catastrophic database-wipe safeguards: whole database/table removal, all-row delete/update, reset, and dangerous project/branch management remain blocked. Do not carry MAD-SKS permission into later prompts or routes.\n`,
     'gx': `---\nname: gx\ndescription: Dollar-command route for $GX or $gx deterministic GX visual context cartridges.\n---\n\nUse when the user invokes $GX/$gx or asks for architecture/context visualization through SKS. Prefer sks gx init, render, validate, drift, and snapshot. vgraph.json remains the source of truth.\n`,
     'help': `---\nname: help\ndescription: Dollar-command route for $Help or $help explaining installed SKS commands and workflows.\n---\n\nUse when the user invokes $Help/$help or asks what commands exist. Prefer concise output from sks commands, sks usage <topic>, sks quickstart, sks aliases, and sks codex-app.\n`,
     'prompt-pipeline': `---\nname: prompt-pipeline\ndescription: Default SKS prompt optimization pipeline for execution prompts; Answer and DFix bypass it.\n---\n\nClassify intent: Answer only for real questions; question-shaped implicit instructions, complaints, and mandatory-policy statements route to Team. DFix handles tiny design/content; code defaults to Team unless safety/research/GX route fits. Infer goal, target, constraints, acceptance, risk, and smallest safe route. Ask only scope/safety/behavior/acceptance-changing questions; otherwise seal inferred answers. Code work surfaces route/guard/scopes, materializes team-roster.json from default or explicit counts before implementation, compiles concrete Team runtime graph/inbox artifacts after consensus, and parent owns integration/tests/Context7/Honest Mode.\n\n${chatCaptureIntakeText()}\n\nDesign: read design.md; if missing use design-system-builder; use imagegen for image/logo/raster. TriWiki context-tracking SSOT: .sneakoscope/wiki/context-pack.json; read only the latest coordinate+voxel overlay pack before every route stage, run sks wiki refresh/pack after changes, validate before handoffs/final.\n`,

package/src/core/perf-bench.mjs

@@ -1,6 +1,7 @@
 import path from 'node:path';
 import { performance } from 'node:perf_hooks';
 import { dirSize, fileSize, nowIso, packageRoot, runProcess, writeJsonAtomic } from './fsx.mjs';
+import { buildProofField, validateProofFieldReport } from './proof-field.mjs';
 
 export const DEFAULT_PERF_BUDGETS = {
   cli_startup_ms_p95: 250,
@@ -8,6 +9,8 @@ export const DEFAULT_PERF_BUDGETS = {
   context_build_ms_p95: 500,
   artifact_validation_ms_p95: 150,
   dashboard_render_ms_p95: 100,
+  proof_field_build_ms_p95: 150,
+  workflow_scan_ms_p95: 1000,
   fast_selftest_ms_p95: 5000,
   package_size_kb_max: 1024,
   notes: 'Package payload budget is 1024KB because the current low-dependency CLI payload is already above 512KB; reduce only with measured justification.'
@@ -52,6 +55,90 @@ export async function runPerfBench(root, opts = {}) {
   };
 }
 
+export async function runWorkflowPerfBench(root, opts = {}) {
+  const iterations = Math.max(1, Math.min(20, Number(opts.iterations || 3)));
+  const intent = String(opts.intent || '').trim();
+  const changedFiles = normalizeChangedFiles(opts.changedFiles);
+  const proofFieldBuild = [];
+  let proofField = null;
+  for (let i = 0; i < iterations; i++) {
+    const t0 = performance.now();
+    proofField = await buildProofField(root, {
+      intent,
+      changedFiles: changedFiles.length ? changedFiles : undefined
+    });
+    proofFieldBuild.push(performance.now() - t0);
+  }
+  const proofValidation = validateProofFieldReport(proofField);
+  const verification = proofField?.fast_lane_decision?.verification || [];
+  const negativeWork = proofField?.negative_work_cache || [];
+  const estimatedSavedWork = negativeWork.filter((item) => item.disposition === 'skip_with_evidence').length;
+  const proofFieldMsP95 = Math.round(percentile(proofFieldBuild, 95));
+  const workflowScanMsP95 = proofFieldMsP95;
+  return {
+    schema_version: 1,
+    measured_at: nowIso(),
+    theory: 'Potential Proof Field',
+    iterations,
+    intent: intent || null,
+    budgets: DEFAULT_PERF_BUDGETS,
+    metrics: {
+      proof_field_build_ms_p95: proofFieldMsP95,
+      workflow_scan_ms_p95: workflowScanMsP95,
+      decision_mode: proofField?.fast_lane_decision?.mode || null,
+      fast_lane_eligible: Boolean(proofField?.fast_lane_decision?.eligible),
+      proof_cone_count: proofField?.proof_cones?.length || 0,
+      verification_count: verification.length,
+      negative_work_skipped_count: estimatedSavedWork,
+      proof_field_valid: proofValidation.ok
+    },
+    proof_field: proofField,
+    recommendation: workflowRecommendation(proofField, proofValidation),
+    raw: {
+      proof_field_build_ms: proofFieldBuild.map((value) => Math.round(value))
+    }
+  };
+}
+
+export function validateWorkflowPerfReport(report = {}) {
+  const issues = [];
+  if (report.schema_version !== 1) issues.push('schema_version');
+  if (report.theory !== 'Potential Proof Field') issues.push('theory');
+  if (!report.metrics || !Number.isFinite(Number(report.metrics.proof_field_build_ms_p95))) issues.push('proof_field_build_ms_p95');
+  if (!report.metrics?.decision_mode) issues.push('decision_mode');
+  if (!report.proof_field || !validateProofFieldReport(report.proof_field).ok) issues.push('proof_field');
+  if (!report.recommendation?.mode) issues.push('recommendation');
+  return { ok: issues.length === 0, issues };
+}
+
+function normalizeChangedFiles(files) {
+  return [...new Set((files || []).flatMap((value) => String(value || '').split(',')).map((file) => file.trim()).filter(Boolean))]
+    .sort();
+}
+
+function workflowRecommendation(proofField, validation) {
+  if (!validation.ok) {
+    return {
+      mode: 'full_proof',
+      reason: `proof field invalid: ${validation.issues.join(', ')}`,
+      next: ['repair proof-field report generation', 'rerun sks perf workflow --json']
+    };
+  }
+  const decision = proofField.fast_lane_decision;
+  if (decision.eligible) {
+    return {
+      mode: 'fast_lane',
+      reason: 'selected proof cones are narrow and all unrelated work is safely cached as negative work',
+      next: decision.verification
+    };
+  }
+  return {
+    mode: decision.mode,
+    reason: decision.blockers.length ? `blocked by ${decision.blockers.join(', ')}` : 'balanced proof required',
+    next: decision.verification
+  };
+}
+
 async function packagePayloadSize(root) {
   let total = 0;
   for (const rel of ['bin', 'src']) total += await dirSize(path.join(root, rel));

package/src/core/pipeline.mjs

@@ -258,16 +258,16 @@ function applyMadSksAuthorizationToSchema(schema = {}) {
     DATABASE_TARGET_ENVIRONMENT: 'main_branch',
     DATABASE_WRITE_MODE: 'mad_sks_full_mcp_write_for_invocation',
     SUPABASE_MCP_POLICY: 'mad_sks_project_scoped_write_for_invocation',
-    DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'mad_sks_scoped_with_table_delete_confirmation',
+    DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'mad_sks_scoped_except_catastrophic_db_wipe',
     DB_BACKUP_OR_BRANCH_REQUIRED: 'recommended_but_not_required_in_mad_sks',
-    DB_MAX_BLAST_RADIUS: 'mad_sks_active_invocation_only_table_delete_confirmation_required',
+    DB_MAX_BLAST_RADIUS: 'mad_sks_active_invocation_only_catastrophic_wipe_blocked',
     DB_MIGRATION_APPLY_ALLOWED: 'mad_sks_active_invocation_only',
     DB_READ_ONLY_QUERY_LIMIT: '100'
   };
   schema.inference_notes = {
     ...(schema.inference_notes || {}),
     MAD_SKS_MODE: 'explicit dollar command modifier is the permission boundary',
-    DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'MAD-SKS scoped override with table deletion confirmation'
+    DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'MAD-SKS opens Supabase MCP DB cleanup while blocking only catastrophic database wipe operations'
   };
   schema.slots = (schema.slots || []).filter((slot) => !/^(DB_|DATABASE_|DESTRUCTIVE_DB_|SUPABASE_MCP_POLICY$)/.test(slot.id));
   return schema;

package/src/core/proof-field.mjs

@@ -0,0 +1,219 @@
+import path from 'node:path';
+import { nowIso, readText, rel, runProcess, sha256, writeJsonAtomic } from './fsx.mjs';
+
+export const PROOF_FIELD_SCHEMA_VERSION = 1;
+
+export const INVARIANT_LEDGER = Object.freeze([
+  { id: 'db-catastrophic-guard', severity: 'critical', description: 'Database/table wipe, all-row DML, reset, and dangerous project/branch operations remain blocked.' },
+  { id: 'honest-evidence', severity: 'critical', description: 'Final claims must be backed by current code, tests, artifacts, or explicitly marked unverified.' },
+  { id: 'route-surface-consistency', severity: 'high', description: 'User-visible route surfaces must agree across CLI help, command catalog, generated skills, and docs.' },
+  { id: 'triwiki-hydratable-context', severity: 'high', description: 'TriWiki context must remain coordinate+voxel backed and hydratable by source/hash/anchor.' },
+  { id: 'no-unrequested-fallback-code', severity: 'high', description: 'Do not add substitute paths, mocks, shims, or fallback behavior unless explicitly requested.' }
+]);
+
+export const PROOF_CONE_DEFINITIONS = Object.freeze([
+  {
+    id: 'db_safety',
+    surfaces: ['database', 'supabase', 'mad-sks'],
+    match: [/db-safety|supabase|migration|rls|schema|sql/i],
+    verification: ['npm run packcheck', 'npm run selftest -- --mock', 'sks db scan --json'],
+    negative_work: ['browser_ui_e2e', 'visual_snapshot']
+  },
+  {
+    id: 'route_surface',
+    surfaces: ['routes', 'skills', 'cli-help', 'docs'],
+    match: [/routes\.mjs|init\.mjs|codex-app|README|AGENTS|skills/i],
+    verification: ['npm run packcheck', 'npm run selftest -- --mock', 'sks commands --json'],
+    negative_work: ['database_migration', 'from_chat_img_forensics']
+  },
+  {
+    id: 'cli_runtime',
+    surfaces: ['cli', 'commands', 'runtime'],
+    match: [/src\/cli|bin\/sks|maintenance-commands|fsx|codex-adapter/i],
+    verification: ['npm run packcheck', 'node ./bin/sks.mjs commands --json', 'node ./bin/sks.mjs proof-field scan --json'],
+    negative_work: ['browser_ui_e2e']
+  },
+  {
+    id: 'context_memory',
+    surfaces: ['triwiki', 'memory', 'evaluation'],
+    match: [/triwiki|wiki|memory|evaluation|perf-bench|proof-field/i],
+    verification: ['npm run packcheck', 'node ./bin/sks.mjs eval run --json', 'node ./bin/sks.mjs wiki validate .sneakoscope/wiki/context-pack.json'],
+    negative_work: ['database_migration', 'browser_ui_e2e']
+  },
+  {
+    id: 'release_surface',
+    surfaces: ['package', 'changelog', 'release'],
+    match: [/package\.json|package-lock\.json|CHANGELOG|README/i],
+    verification: ['npm run release:check'],
+    negative_work: []
+  },
+  {
+    id: 'visual_forensic',
+    surfaces: ['from-chat-img', 'visual', 'qa-loop'],
+    match: [/from-chat-img|visual|screenshot|qa-loop|dogfood/i],
+    verification: ['npm run packcheck', 'npm run selftest -- --mock'],
+    negative_work: ['database_migration']
+  }
+]);
+
+export async function buildProofField(root, opts = {}) {
+  const changedFiles = normalizeChangedFiles(opts.changedFiles || await gitChangedFiles(root));
+  const intent = String(opts.intent || '').trim();
+  const selectedCones = selectProofCones(changedFiles, intent);
+  const risk = riskSummary(changedFiles, selectedCones, intent);
+  const negativeWork = buildNegativeWorkCache(selectedCones, risk);
+  const fastLane = fastLaneDecision({ changedFiles, selectedCones, risk, negativeWork });
+  const sourceHash = await sourceDigest(root, changedFiles);
+  return {
+    schema_version: PROOF_FIELD_SCHEMA_VERSION,
+    generated_at: nowIso(),
+    theory: 'Potential Proof Field',
+    intent: intent || null,
+    source_hash: sourceHash,
+    changed_files: changedFiles,
+    invariant_ledger: INVARIANT_LEDGER,
+    proof_cones: selectedCones,
+    negative_work_cache: negativeWork,
+    fast_lane_decision: fastLane,
+    next_action: nextAction(fastLane)
+  };
+}
+
+export async function writeProofFieldReport(root, opts = {}) {
+  const report = await buildProofField(root, opts);
+  const file = path.join(root, '.sneakoscope', 'reports', `proof-field-${Date.now()}.json`);
+  await writeJsonAtomic(file, report);
+  return { ...report, report_path: file };
+}
+
+export function validateProofFieldReport(report = {}) {
+  const issues = [];
+  if (report.schema_version !== PROOF_FIELD_SCHEMA_VERSION) issues.push('schema_version');
+  if (!Array.isArray(report.invariant_ledger) || !report.invariant_ledger.length) issues.push('invariant_ledger');
+  if (!Array.isArray(report.proof_cones)) issues.push('proof_cones');
+  if (!Array.isArray(report.negative_work_cache)) issues.push('negative_work_cache');
+  if (!report.fast_lane_decision?.mode) issues.push('fast_lane_decision');
+  if (report.fast_lane_decision?.mode === 'fast_lane' && report.fast_lane_decision?.escalate_on?.length < 1) issues.push('fast_lane_escalation');
+  return { ok: issues.length === 0, issues };
+}
+
+export async function proofFieldFixture() {
+  const report = await buildProofField(process.cwd(), {
+    intent: 'small CLI help surface update',
+    changedFiles: ['src/cli/maintenance-commands.mjs', 'src/core/routes.mjs']
+  });
+  return {
+    report,
+    validation: validateProofFieldReport(report),
+    checks: {
+      route_cone_selected: report.proof_cones.some((cone) => cone.id === 'route_surface'),
+      cli_cone_selected: report.proof_cones.some((cone) => cone.id === 'cli_runtime'),
+      catastrophic_guard_present: report.invariant_ledger.some((item) => item.id === 'db-catastrophic-guard'),
+      negative_release_work_recorded: report.negative_work_cache.some((item) => item.id === 'full_release_gate' && item.disposition === 'skip_with_evidence')
+    }
+  };
+}
+
+async function gitChangedFiles(root) {
+  const result = await runProcess('git', ['diff', '--name-only', 'HEAD', '--'], { cwd: root, timeoutMs: 10000, maxOutputBytes: 128 * 1024 });
+  if (result.code !== 0) return [];
+  return result.stdout.split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+}
+
+function normalizeChangedFiles(files = []) {
+  return [...new Set((files || []).flatMap((value) => String(value || '').split(',')).map((file) => file.trim()).filter(Boolean))]
+    .sort();
+}
+
+function selectProofCones(files, intent) {
+  const haystack = `${files.join('\n')}\n${intent || ''}`;
+  const selected = PROOF_CONE_DEFINITIONS
+    .filter((cone) => cone.match.some((re) => re.test(haystack)))
+    .map((cone) => ({
+      id: cone.id,
+      surfaces: cone.surfaces,
+      verification: cone.verification,
+      matched_files: files.filter((file) => cone.match.some((re) => re.test(file)))
+    }));
+  if (!selected.length) {
+    selected.push({
+      id: 'generic_local_change',
+      surfaces: ['unknown'],
+      verification: ['npm run packcheck', 'focused relevant tests or documented justification'],
+      matched_files: files
+    });
+  }
+  return selected;
+}
+
+function riskSummary(files, cones, intent) {
+  const text = `${files.join('\n')}\n${intent || ''}`;
+  const flags = {
+    database: /\b(db|database|supabase|sql|migration|rls|schema)\b/i.test(text),
+    security: /\b(auth|permission|token|secret|security|권한|보안)\b/i.test(text),
+    visual_forensic: /from-chat-img|screenshot|visual|이미지|스크린샷/i.test(text),
+    release: /package\.json|package-lock\.json|CHANGELOG|release|publish/i.test(text),
+    broad_change: files.length > 3,
+    unknown_surface: cones.some((cone) => cone.id === 'generic_local_change')
+  };
+  const score = Object.values(flags).filter(Boolean).length;
+  const level = score >= 3 ? 'high' : score === 2 ? 'medium' : score === 1 ? 'low' : 'minimal';
+  return { level, score, flags };
+}
+
+function buildNegativeWorkCache(cones, risk) {
+  const required = new Set(cones.flatMap((cone) => cone.verification));
+  const candidates = new Set(cones.flatMap((cone) => cone.negative_work || []));
+  const out = [];
+  for (const id of candidates) {
+    const blockedByRisk = (id === 'database_migration' && risk.flags.database)
+      || (id === 'browser_ui_e2e' && risk.flags.visual_forensic);
+    out.push({
+      id,
+      disposition: blockedByRisk ? 'not_skipped_risk_present' : 'skip_with_evidence',
+      reason: blockedByRisk ? 'risk flag requires explicit verification' : 'selected proof cones do not touch this surface'
+    });
+  }
+  if (!required.has('npm run release:check') && !risk.flags.release) {
+    out.push({ id: 'full_release_gate', disposition: 'skip_with_evidence', reason: 'no package/release surface in selected cones' });
+  }
+  return out.sort((a, b) => a.id.localeCompare(b.id));
+}
+
+function fastLaneDecision({ changedFiles, selectedCones, risk, negativeWork }) {
+  const verification = [...new Set(selectedCones.flatMap((cone) => cone.verification))];
+  const safeSkips = negativeWork.filter((item) => item.disposition === 'skip_with_evidence').map((item) => item.id);
+  const blockers = [];
+  if (!changedFiles.length) blockers.push('no_changed_files');
+  if (changedFiles.length > 3) blockers.push('broad_change_set');
+  if (risk.flags.database) blockers.push('database_surface');
+  if (risk.flags.security) blockers.push('security_surface');
+  if (risk.flags.visual_forensic) blockers.push('visual_forensic_surface');
+  if (risk.flags.unknown_surface) blockers.push('unknown_surface');
+  const mode = blockers.length ? (risk.level === 'high' ? 'full_proof' : 'balanced') : 'fast_lane';
+  return {
+    mode,
+    eligible: mode === 'fast_lane',
+    blockers,
+    verification,
+    negative_work: safeSkips,
+    escalate_on: ['verification_failed', 'proof_cone_unknown', 'source_hash_changed', 'unsupported_claim', 'user_scope_expanded']
+  };
+}
+
+function nextAction(decision) {
+  if (decision.mode === 'fast_lane') return 'apply minimal patch, run listed verification, then Honest Mode against the proof field report';
+  if (decision.mode === 'balanced') return 'narrow the change set or run parent-led implementation with listed verification and reviewer escalation if checks fail';
+  return 'use full Team/Honest proof path; fast lane is intentionally blocked for this risk state';
+}
+
+async function sourceDigest(root, files) {
+  const rows = [];
+  for (const file of files) {
+    const abs = path.resolve(root, file);
+    if (!abs.startsWith(path.resolve(root))) continue;
+    const text = await readText(abs, null);
+    rows.push([rel(root, abs), text == null ? null : sha256(text).slice(0, 16)]);
+  }
+  return sha256(JSON.stringify(rows)).slice(0, 24);
+}

package/src/core/questions.mjs

@@ -13,16 +13,16 @@ function buildMadSksQuestionSchema(prompt) {
   const task = String(prompt || '').trim() || 'MAD-SKS scoped database override';
   return {
     schema_version: 1,
-    description: 'MAD-SKS is explicit-invocation-only. It auto-seals because the dollar command itself is the permission boundary; table deletion still requires runtime user confirmation with an approximately 30 second timeout.',
+    description: 'MAD-SKS is explicit-invocation-only. It auto-seals because the dollar command itself is the permission boundary; while active, SKS opens Supabase MCP schema cleanup and direct DB write permissions, leaving only catastrophic database-wipe safeguards.',
     prompt,
     domain_hints: ['db', 'mad-sks'],
     inferred_answers: {
       GOAL_PRECISE: `명시적인 MAD-SKS 호출 범위에서만 DB 권한 조건을 넓혀 작업한다: ${task}`,
       ACCEPTANCE_CRITERIA: [
         '$MAD-SKS is listed in dollar commands and routes to MADSKS mode',
-        'broad Supabase MCP DB manipulation is allowed only while the active MAD-SKS mission gate remains open',
+        'Supabase MCP column cleanup, schema cleanup, direct execute SQL, and normal DB writes are allowed only while the active MAD-SKS mission gate remains open',
         'the widened permission is inactive after the MAD-SKS gate is passed or permissions_deactivated is true',
-        'table deletion requires explicit user confirmation and expires after about 30 seconds without confirmation'
+        'whole database/table removal and all-row delete/update operations remain blocked as non-sensible catastrophic operations'
       ],
       NON_GOALS: [],
       PUBLIC_API_CHANGE_ALLOWED: 'yes_if_needed',
@@ -33,21 +33,21 @@ function buildMadSksQuestionSchema(prompt) {
       RISK_BOUNDARY: [
         'MAD-SKS permission widening is explicit-invocation-only',
         'MAD-SKS permission widening does not persist after the active task gate closes',
-        'table deletion must pause for explicit user confirmation and timeout-abort after about 30 seconds'
+        'catastrophic database wipe operations remain blocked even in MAD-SKS'
       ],
       MAD_SKS_MODE: 'explicit_invocation_only',
       DATABASE_TARGET_ENVIRONMENT: 'main_branch',
       DATABASE_WRITE_MODE: 'mad_sks_full_mcp_write_for_invocation',
       SUPABASE_MCP_POLICY: 'mad_sks_project_scoped_write_for_invocation',
-      DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'mad_sks_scoped_with_table_delete_confirmation',
+      DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'mad_sks_scoped_except_catastrophic_db_wipe',
       DB_BACKUP_OR_BRANCH_REQUIRED: 'recommended_but_not_required_in_mad_sks',
-      DB_MAX_BLAST_RADIUS: 'mad_sks_active_invocation_only_table_delete_confirmation_required',
+      DB_MAX_BLAST_RADIUS: 'mad_sks_active_invocation_only_catastrophic_wipe_blocked',
       DB_MIGRATION_APPLY_ALLOWED: 'mad_sks_active_invocation_only',
       DB_READ_ONLY_QUERY_LIMIT: '100'
     },
     inference_notes: {
       MAD_SKS_MODE: 'explicit dollar command is the permission boundary',
-      DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'MAD-SKS scoped override with table deletion confirmation'
+      DESTRUCTIVE_DB_OPERATIONS_ALLOWED: 'MAD-SKS opens Supabase MCP DB cleanup while blocking only catastrophic database wipe operations'
     },
     slots: []
   };

package/src/core/routes.mjs

@@ -7,7 +7,7 @@ export const FROM_CHAT_IMG_CHECKLIST_ARTIFACT = 'from-chat-img-checklist.md';
 export const FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT = 'from-chat-img-temp-triwiki.json';
 export const FROM_CHAT_IMG_QA_LOOP_ARTIFACT = 'from-chat-img-qa-loop.json';
 export const FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS = 5;
-export const USAGE_TOPICS = 'install|setup|bootstrap|root|deps|warp|auto-review|team|qa-loop|goal|research|db|codex-app|dfix|design|imagegen|dollar|context7|pipeline|reasoning|guard|conflicts|versioning|eval|harness|hproof|gx|wiki|code-structure';
+export const USAGE_TOPICS = 'install|setup|bootstrap|root|deps|warp|auto-review|team|qa-loop|goal|research|db|codex-app|dfix|design|imagegen|dollar|context7|pipeline|reasoning|guard|conflicts|versioning|eval|harness|hproof|gx|wiki|code-structure|proof-field';
 export const CODEX_COMPUTER_USE_EVIDENCE_SOURCE = 'codex_computer_use';
 export const CODEX_COMPUTER_USE_ONLY_POLICY = 'Pipeline UI/browser verification and visual inspection must use Codex Computer Use only. Do not use Playwright, Chrome MCP, Browser Use, Selenium, Puppeteer, or any other browser automation substitute; if Codex Computer Use is unavailable, mark the UI/browser evidence unverified instead of substituting another tool.';
 export const FORBIDDEN_BROWSER_AUTOMATION_RE = /\b(playwright|chrome\s+mcp|browser\s+use|selenium|puppeteer)\b/i;
@@ -276,14 +276,14 @@ export const ROUTES = [
     command: '$MAD-SKS',
     mode: 'MADSKS',
     route: 'explicit scoped database authorization modifier',
-    description: 'Explicit high-risk authorization modifier that can be combined with other $ commands to temporarily widen Supabase MCP DB permissions for that active invocation only; table deletion still requires user confirmation with an approximately 30 second timeout.',
+    description: 'Explicit high-risk authorization modifier that can be combined with other $ commands to temporarily open Supabase MCP column/schema cleanup, direct execute SQL, and normal DB write permissions for the active invocation, while blocking only catastrophic database-wipe operations.',
     requiredSkills: ['mad-sks', 'db-safety-guard', 'pipeline-runner', 'context7-docs', REFLECTION_SKILL_NAME, 'honest-mode'],
-    lifecycle: ['explicit_invocation', 'auto_sealed_permission_scope', 'scoped_db_override', 'table_delete_confirmation_gate', 'permission_deactivation', 'post_route_reflection', 'honest_mode'],
+    lifecycle: ['explicit_invocation', 'auto_sealed_permission_scope', 'scoped_db_cleanup_override', 'catastrophic_db_guard', 'permission_deactivation', 'post_route_reflection', 'honest_mode'],
     context7Policy: 'required',
     reasoningPolicy: 'high',
     stopGate: 'mad-sks-gate.json',
     cliEntrypoint: 'Codex App prompt route only: $MAD-SKS <task>',
-    examples: ['$MAD-SKS $Team Supabase MCP로 main 대상 DB 작업을 수행하되 테이블 삭제는 확인받아', '$DB Supabase 점검 $MAD-SKS']
+    examples: ['$MAD-SKS $Team Supabase MCP로 main 대상 DB 컬럼 정리를 수행해', '$DB Supabase 점검 $MAD-SKS']
   },
   {
     id: 'GX',
@@ -376,7 +376,8 @@ export const COMMAND_CATALOG = [
   { name: 'db', usage: 'sks db policy|scan|mcp-config|classify|check ...', description: 'Inspect and enforce database/Supabase safety policy.' },
   { name: 'eval', usage: 'sks eval run|compare|thresholds ...', description: 'Run deterministic context-quality and performance evidence checks.' },
   { name: 'harness', usage: 'sks harness fixture|review [--json]', description: 'Run Harness Growth Factory fixtures for forgetting, skills, experiments, tool taxonomy, permissions, MultiAgentV2, and Warp views.' },
-  { name: 'perf', usage: 'sks perf run [--json] [--iterations N]', description: 'Measure structured GPT-5.5/SKS performance budgets such as CLI startup and package size.' },
+  { name: 'perf', usage: 'sks perf run|workflow [--json] [--iterations N] [--intent "task"] [--changed file1,file2]', description: 'Measure structured GPT-5.5/SKS performance budgets, including Proof Field workflow decisions and fast-lane evidence.' },
+  { name: 'proof-field', usage: 'sks proof-field scan [--json] [--intent "task"] [--changed file1,file2]', description: 'Analyze Potential Proof Field cones, negative-work cache, and fast-lane eligibility for a change set.' },
   { name: 'code-structure', usage: 'sks code-structure scan [--json]', description: 'Scan handwritten source files for 1000/2000/3000-line structure gates and split-review exceptions.' },
   { name: 'validate-artifacts', usage: 'sks validate-artifacts [mission-id|latest] [--json]', description: 'Validate schema-backed mission artifacts for work orders, effort decisions, visual maps, dogfood reports, skills, mistake memory, Team dashboard state, and Honest Mode.' },
   { name: 'wiki', usage: 'sks wiki coords|pack|refresh|prune|validate ...', description: 'Build, refresh, prune, and validate RGBA/trig LLM Wiki context packs with attention.use_first and attention.hydrate_first for compact recall plus source hydration.' },