sneakoscope 0.7.53 → 0.7.55

package/README.md

@@ -211,7 +211,7 @@ sks --mad
 sks --mad --yes
 ```
 
-This syncs existing codex-lb/Codex CLI auth before launch, creates/uses the `sks-mad-high` Codex profile for a one-shot full-access, high-reasoning tmux session with `sandbox_mode = "danger-full-access"` and `approval_policy = "never"`, opens an active MAD-SKS permission gate for that tmux run, then launches Codex with `--sandbox danger-full-access --ask-for-approval never` and attaches to the session in an interactive terminal. If codex-lb is configured and no explicit `--workspace`/`--session` was passed, SKS opens a fresh tmux session so the repaired key is loaded by the Codex process immediately. While the gate is active, live server work, Supabase MCP database writes, direct SQL, targeted DML, schema cleanup, and needed migrations are allowed. Catastrophic database wipe/all-row/project-management safeguards remain active. Repeat launches reuse the same named SKS MAD tmux session unless auth repair requires a fresh codex-lb session.
+This syncs existing codex-lb/Codex CLI auth before launch, creates/uses the `sks-mad-high` Codex profile for a one-shot full-access, high-reasoning tmux session with `sandbox_mode = "danger-full-access"` and `approval_policy = "never"`, opens an active MAD-SKS permission gate for that tmux run, then launches Codex with `--sandbox danger-full-access --ask-for-approval never` and attaches to the session in an interactive terminal. If codex-lb is configured and no explicit `--workspace`/`--session` was passed, SKS opens a fresh tmux session so the repaired key is loaded by the Codex process immediately. While the gate is active, live server work, Supabase MCP database writes, direct SQL, targeted DML, schema cleanup, Supabase MCP `apply_migration`, and required Supabase CLI migration application such as `supabase migration up` or `supabase db push` are allowed. Catastrophic database wipe/all-row/project-management safeguards remain active. Repeat launches reuse the same named SKS MAD tmux session unless auth repair requires a fresh codex-lb session.
 
 MAD does not disable the pipeline contract: stages, executors, reviewers, and auto-review policy still must not invent unrequested fallback implementation code. If the requested path cannot be implemented, SKS should block with evidence rather than add substitute behavior.
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.7.53",
+  "version": "0.7.55",
   "description": "Sneakoscope Codex: database-safe Codex CLI/App harness with Team, Goal, AutoResearch, TriWiki, and Honest Mode.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/codex-app-command.mjs

@@ -1,5 +1,6 @@
 import { spawn } from 'node:child_process';
 import { codexRemoteControlStatus, formatCodexRemoteControlStatus } from '../core/codex-app.mjs';
+import { forceGpt55CodexConfigArgs } from '../core/codex-model-guard.mjs';
 
 export async function codexAppRemoteControlCommand(args = [], opts = {}) {
   const controlArgs = argsBeforeSeparator(args);
@@ -27,7 +28,7 @@ export async function codexAppRemoteControlCommand(args = [], opts = {}) {
     return;
   }
 
-  const passthrough = stripSeparator(args);
+  const passthrough = forceGpt55CodexConfigArgs(stripSeparator(args));
   const spawnFn = opts.spawn || spawn;
   const code = await spawnInherited(spawnFn, status.codex_cli.bin, ['remote-control', ...passthrough], {
     cwd: process.cwd(),

package/src/cli/main.mjs

@@ -5,7 +5,7 @@ import readline from 'node:readline/promises';
 import { stdin as input, stdout as output } from 'node:process';
 import { projectRoot, readJson, writeJsonAtomic, writeTextAtomic, appendJsonlBounded, nowIso, exists, ensureDir, tmpdir, packageRoot, dirSize, formatBytes, which, runProcess, PACKAGE_VERSION, sksRoot, globalSksRoot, findProjectRoot, readStdin } from '../core/fsx.mjs';
 import { initProject, installSkills, normalizeInstallScope, sksCommandPrefix } from '../core/init.mjs';
-import { getCodexInfo, runCodexExec } from '../core/codex-adapter.mjs';
+import { buildCodexExecArgs, getCodexInfo, runCodexExec } from '../core/codex-adapter.mjs';
 import { createMission, loadMission, findLatestMission, missionDir, setCurrent, stateFile } from '../core/mission.mjs';
 import { buildQuestionSchema, writeQuestions } from '../core/questions.mjs';
 import { sealContract, validateAnswers } from '../core/decision-contract.mjs';
@@ -2277,6 +2277,10 @@ async function selftest() {
   if (defaultFastHighPlan.codexArgs.join(' ') !== '--model gpt-5.5 -c model_reasoning_effort="high"') throw new Error('selftest failed: default sks tmux launch is not fast-high');
   const forcedModelPlan = await buildTmuxLaunchPlan({ root: tmp, env: { SKS_CODEX_MODEL: 'gpt-5.4-mini', SKS_CODEX_FAST_HIGH: '0', SKS_CODEX_REASONING: 'medium' }, tmux: { ok: true, bin: 'tmux', version: '3.4' }, codex: { bin: 'codex', version: 'codex-cli 99.0.0' }, app: { ok: true } });
   if (forcedModelPlan.codexArgs.includes('gpt-5.4-mini') || forcedModelPlan.codexArgs.join(' ') !== '--model gpt-5.5 -c model_reasoning_effort="medium"') throw new Error('selftest failed: sks tmux launch allowed a non-GPT-5.5 model override');
+  const explicitBadModelPlan = await buildTmuxLaunchPlan({ root: tmp, codexArgs: ['--profile', 'legacy-5.4', '--model', 'gpt-5.4-mini', '-c', 'model="gpt-5.4"', '-c', 'model_reasoning_effort="low"'], tmux: { ok: true, bin: 'tmux', version: '3.4' }, codex: { bin: 'codex', version: 'codex-cli 99.0.0' }, app: { ok: true } });
+  if (explicitBadModelPlan.codexArgs.join(' ').includes('gpt-5.4') || explicitBadModelPlan.codexArgs.join(' ') !== '--model gpt-5.5 --profile legacy-5.4 -c model_reasoning_effort="low"') throw new Error('selftest failed: explicit tmux model override was not forced back to GPT-5.5');
+  const codexExecArgs = buildCodexExecArgs({ root: tmp, prompt: 'model guard selftest', profile: 'legacy-5.4', extraArgs: ['--model=gpt-5.4-mini', '--config', 'model = "gpt-5.4"', '-c', 'model_reasoning_effort="medium"'] });
+  if (codexExecArgs.join(' ').includes('gpt-5.4') || !codexExecArgs.includes('gpt-5.5') || codexExecArgs.includes('--model=gpt-5.4-mini')) throw new Error('selftest failed: codex exec args allowed a non-GPT-5.5 model override');
   const codexLbHome = path.join(tmp, 'codex-lb-home');
   await ensureDir(path.join(codexLbHome, '.codex'));
   const codexLbFakeBin = path.join(tmp, 'codex-lb-fake-bin');
@@ -2309,6 +2313,7 @@ async function selftest() {
   if (!/^model = "gpt-5\.5"/m.test(codexLbConfig) || !codexLbConfig.includes('service_tier = "fast"') || !codexLbConfig.includes('hooks = true') || codexLbConfig.includes('codex_hooks = true') || !codexLbConfig.includes('fast_mode = true') || !codexLbConfig.includes('fast_mode_ui = true') || !codexLbConfig.includes('[user.fast_mode]') || !codexLbConfig.includes('visible = true') || !codexLbConfig.includes('enabled = true') || !codexLbConfig.includes('default_profile = "sks-fast-high"') || !/\[profiles\.sks-fast-high\][\s\S]*?service_tier = "fast"/.test(codexLbConfig) || codexLbConfig.includes('fast_default_opt_out = true') || hasTopLevelCodexModeLock(codexLbConfig)) throw new Error('selftest failed: codex-lb setup did not preserve Codex App Fast mode defaults, force GPT-5.5, or migrate the hooks feature flag');
   const codexLbLaunch = codexLaunchCommand(tmp, 'codex', []);
   if (!codexLbLaunch.includes('sks-codex-lb.env')) throw new Error('selftest failed: tmux launch command does not source codex-lb env file');
+  if (!codexLbLaunch.includes("'--model' 'gpt-5.5'")) throw new Error('selftest failed: tmux launch command without args did not force GPT-5.5');
   if (!codexLbLaunch.includes('SKS_TMUX_LOGO_ANIMATION') || !codexLbLaunch.includes('SNEAKOSCOPE CODEX')) throw new Error('selftest failed: tmux launch command does not include the animated SKS logo intro');
   const madLaunchSource = await safeReadText(path.join(packageRoot(), 'src', 'cli', 'main.mjs'));
   if (!madLaunchSource.includes('const lb = await maybePromptCodexLbSetupForLaunch(args)') || !madLaunchSource.includes("const launchLb = lb.status === 'present'") || !madLaunchSource.includes('codexLbImmediateLaunchOpts(cleanArgs, launchLb')) throw new Error('selftest failed: MAD launch does not sync codex-lb auth and fresh-session launch options');
@@ -2353,7 +2358,7 @@ async function selftest() {
   if (!String(openClawAutoUpdate.stdout || '').includes('Codex CLI ready: 0.1.0 -> codex-cli 99.0.0')) throw new Error('selftest failed: OpenClaw mode did not auto-approve Codex CLI update before tmux launch');
   const remoteControlBin = path.join(tmp, 'remote-control-bin');
   await ensureDir(remoteControlBin);
-  await writeTextAtomic(path.join(remoteControlBin, 'codex'), '#!/bin/sh\nif [ "$1" = "--version" ]; then echo "codex-cli 0.130.0"; exit 0; fi\nif [ "$1" = "remote-control" ]; then echo "remote-control $*"; exit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
+  await writeTextAtomic(path.join(remoteControlBin, 'codex'), '#!/bin/sh\nif [ "$1" = "--version" ]; then echo "codex-cli 0.130.0"; exit 0; fi\nif [ "$1" = "remote-control" ]; then shift; for arg in "$@"; do if [ "$arg" = "--model" ]; then echo "remote-control rejects --model" >&2; exit 64; fi; done; echo "remote-control $*"; exit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
   await fsp.chmod(path.join(remoteControlBin, 'codex'), 0o755);
   const remoteControlStatus = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'codex-app', 'remote-control', '--dry-run', '--json'], {
     cwd: globalCwd,
@@ -2364,6 +2369,14 @@ async function selftest() {
   if (remoteControlStatus.code !== 0) throw new Error(`selftest failed: Codex remote-control status exited ${remoteControlStatus.code}: ${remoteControlStatus.stderr}`);
   const remoteControlJson = JSON.parse(remoteControlStatus.stdout);
   if (!remoteControlJson.ok || remoteControlJson.min_version !== '0.130.0' || !String(remoteControlJson.command || '').includes('remote-control')) throw new Error('selftest failed: Codex remote-control status did not report 0.130.0 readiness');
+  const remoteControlLaunch = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'codex-app', 'remote-control', '--', '--model', 'gpt-5.4-mini', '-c', 'model="gpt-5.4"', '--example'], {
+    cwd: globalCwd,
+    env: { SKS_GLOBAL_ROOT: globalRuntimeRoot, PATH: remoteControlBin },
+    timeoutMs: 15000,
+    maxOutputBytes: 64 * 1024
+  });
+  const remoteControlLaunchText = `${remoteControlLaunch.stdout}\n${remoteControlLaunch.stderr}`;
+  if (remoteControlLaunch.code !== 0 || remoteControlLaunchText.includes('gpt-5.4') || remoteControlLaunchText.includes('--model') || !remoteControlLaunchText.includes('-c model="gpt-5.5"')) throw new Error('selftest failed: Codex remote-control passthrough did not force GPT-5.5 with config syntax');
   const remoteControlOldBin = path.join(tmp, 'remote-control-old-bin');
   await ensureDir(remoteControlOldBin);
   await writeTextAtomic(path.join(remoteControlOldBin, 'codex'), '#!/bin/sh\nif [ "$1" = "--version" ]; then echo "codex-cli 0.129.0"; exit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
@@ -2804,6 +2817,10 @@ async function selftest() {
   if (hookTeamState.phase !== 'TEAM_PARALLEL_ANALYSIS_SCOUTING' || hookTeamState.implementation_allowed === false || !hookTeamState.team_plan_ready) throw new Error('selftest failed: $Team hook did not prepare direct Team mission');
   if (!hookTeamState.pipeline_plan_ready || !(await exists(path.join(missionDir(hookTeamTmp, hookTeamState.mission_id), PIPELINE_PLAN_ARTIFACT)))) throw new Error('selftest failed: $Team hook did not write a pipeline plan');
   if (!(await exists(path.join(missionDir(hookTeamTmp, hookTeamState.mission_id), 'team-plan.json')))) throw new Error('selftest failed: Team plan was not created directly');
+  const hookForbiddenModelResult = await runProcess(process.execPath, [hookBin, 'hook', 'user-prompt-submit'], { cwd: hookTeamTmp, input: JSON.stringify({ cwd: hookTeamTmp, prompt: '$Team should be blocked before route work', model: 'gpt-5.5', metadata: { client: { modelId: 'gpt-5.4-mini' } } }), env: { SKS_DISABLE_UPDATE_CHECK: '1' }, timeoutMs: 15000, maxOutputBytes: 128 * 1024 });
+  if (hookForbiddenModelResult.code !== 0) throw new Error(`selftest failed: forbidden model hook exited ${hookForbiddenModelResult.code}: ${hookForbiddenModelResult.stderr}`);
+  const hookForbiddenModelJson = JSON.parse(hookForbiddenModelResult.stdout);
+  if (hookForbiddenModelJson.decision !== 'block' || !String(hookForbiddenModelJson.reason || '').includes('gpt-5.5') || !String(hookForbiddenModelJson.reason || '').includes('gpt-5.4-mini')) throw new Error('selftest failed: hook did not block GPT-5.4 client model metadata');
   const hookTeamPendingResult = await runProcess(process.execPath, [hookBin, 'hook', 'user-prompt-submit'], { cwd: hookTeamTmp, input: JSON.stringify({ cwd: hookTeamTmp, prompt: '$Team 새 작업으로 넘어가' }), env: { SKS_DISABLE_UPDATE_CHECK: '1' }, timeoutMs: 15000, maxOutputBytes: 256 * 1024 });
   if (hookTeamPendingResult.code !== 0) throw new Error(`selftest failed: pending clarification hook exited ${hookTeamPendingResult.code}: ${hookTeamPendingResult.stderr}`);
   const hookTeamPendingJson = JSON.parse(hookTeamPendingResult.stdout);
@@ -3497,6 +3514,12 @@ async function selftest() {
   const supabaseWritePayloadClass = classifyToolPayload({ tool_name: 'mcp__supabase__execute_sql', sql: "update users set name = 'x' where id = '1';" });
   if (supabaseWritePayloadClass.level !== 'write' || !supabaseWritePayloadClass.toolReasons.includes('database_tool')) throw new Error('selftest failed: Supabase execute_sql write classification was weakened');
   if (classifyCommand('supabase db reset').level !== 'destructive') throw new Error('selftest failed: supabase db reset not detected');
+  const supabaseMigrationApplyClass = classifyCommand('supabase migration up --linked');
+  if (supabaseMigrationApplyClass.level !== 'write' || !supabaseMigrationApplyClass.reasons.includes('supabase_migration_apply')) throw new Error('selftest failed: supabase migration apply was not classified as DB write');
+  const supabaseDbPushClass = classifyCommand('supabase db push');
+  if (supabaseDbPushClass.level !== 'write' || !supabaseDbPushClass.reasons.includes('supabase_db_push')) throw new Error('selftest failed: supabase db push was not classified as migration apply work');
+  const supabaseApplyMigrationToolClass = classifyToolPayload({ tool_name: 'mcp__supabase__apply_migration', name: 'add_selftest_table' });
+  if (supabaseApplyMigrationToolClass.level !== 'write' || !supabaseApplyMigrationToolClass.toolReasons.includes('migration_apply_tool')) throw new Error('selftest failed: Supabase apply_migration tool was not classified as DB write');
   const dbDecision = await checkDbOperation(tmp, { mission_id: id }, { tool_name: 'mcp__supabase__execute_sql', sql: 'drop table users;' }, { duringNoQuestion: true });
   if (dbDecision.action !== 'block') throw new Error('selftest failed: destructive MCP SQL allowed');
   const computerUseDecision = await checkDbOperation(tmp, { mission_id: id }, { tool_name: 'mcp__computer_use__open_app', bundle_id: 'com.microsoft.edgemac', action: 'open_app' }, { duringNoQuestion: true });
@@ -3509,6 +3532,17 @@ async function selftest() {
   if (madColumnCleanupDecision.action !== 'allow' || !madColumnCleanupDecision.mad_sks?.permission_profile?.allowed?.includes('direct_execute_sql_writes')) throw new Error('selftest failed: MAD-SKS column cleanup was not allowed through the modular permission gate');
   const madLiveDmlDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: "update users set name = 'fixed' where id = 'selftest';" }, { duringNoQuestion: false });
   if (madLiveDmlDecision.action !== 'allow' || !madLiveDmlDecision.mad_sks?.live_server_writes_allowed) throw new Error('selftest failed: MAD-SKS targeted live DML was not allowed');
+  const madMigrationUpDecision = await checkDbOperation(tmp, madState, { command: 'supabase migration up --linked' }, { duringNoQuestion: true });
+  if (madMigrationUpDecision.action !== 'allow' || !madMigrationUpDecision.mad_sks?.permission_profile?.allowed?.includes('migration_apply_when_required')) throw new Error('selftest failed: MAD-SKS did not allow Supabase migration up during no-question execution');
+  const madDbPushDecision = await checkDbOperation(tmp, madState, { command: 'supabase db push' }, { duringNoQuestion: true });
+  if (madDbPushDecision.action !== 'allow') throw new Error('selftest failed: MAD-SKS did not allow Supabase db push migration application');
+  const madApplyMigrationDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__apply_migration', name: 'add_selftest_table' }, { duringNoQuestion: true });
+  if (madApplyMigrationDecision.action !== 'allow') throw new Error('selftest failed: MAD-SKS did not allow Supabase MCP apply_migration');
+  const madTmuxMission = await createMission(tmp, { mode: 'mad-sks', prompt: 'sks --mad migration selftest' });
+  await writeJsonAtomic(path.join(madTmuxMission.dir, 'mad-sks-gate.json'), { schema_version: 1, passed: false, mad_sks_permission_active: true, migration_apply_allowed: true });
+  const madTmuxState = { mission_id: madTmuxMission.id, mode: 'MADSKS', route_command: '$MAD-SKS', stop_gate: 'mad-sks-gate.json', mad_sks_active: true, mad_sks_modifier: true, mad_sks_gate_file: 'mad-sks-gate.json', migration_apply_allowed: true };
+  const madTmuxMigrationDecision = await checkDbOperation(tmp, madTmuxState, { command: 'supabase migration up --linked' }, { duringNoQuestion: true });
+  if (madTmuxMigrationDecision.action !== 'allow') throw new Error('selftest failed: sks --mad state did not allow Supabase migration application');
   const tableRemovalSql = 'dr' + 'op table users;';
   const madTableRemovalDecision = await checkDbOperation(tmp, madState, { tool_name: 'mcp__supabase__execute_sql', sql: tableRemovalSql }, { duringNoQuestion: false });
   if (madTableRemovalDecision.action !== 'block') throw new Error('selftest failed: MAD-SKS catastrophic table removal was not blocked');

package/src/core/codex-adapter.mjs

@@ -1,5 +1,6 @@
 import path from 'node:path';
 import { exists, packageRoot, runProcess, which } from './fsx.mjs';
+import { forceGpt55CodexArgs } from './codex-model-guard.mjs';
 
 export async function findCodexBinary() {
   const env = process.env.SKS_CODEX_BIN || process.env.DCODEX_CODEX_BIN || process.env.CODEX_BIN;
@@ -25,17 +26,22 @@ export async function getCodexInfo() {
   return { bin, version, available: Boolean(bin) };
 }
 
-export async function runCodexExec({ root, prompt, outputFile, json = true, profile = null, extraArgs = [], onStdout, onStderr, logDir = null, stdoutFile = null, stderrFile = null, maxBufferBytes = 256 * 1024, timeoutMs = null }) {
-  const bin = await findCodexBinary();
-  if (!bin) {
-    return { code: 127, stdout: '', stderr: 'Codex CLI not found. Install @openai/codex or set SKS_CODEX_BIN.' };
-  }
+export function buildCodexExecArgs({ root, prompt, outputFile, json = true, profile = null, extraArgs = [] }) {
   const args = ['exec', '--cd', root];
   if (profile) args.push('--profile', profile);
   if (json) args.push('--json');
   if (outputFile) args.push('--output-last-message', outputFile);
-  args.push(...extraArgs);
+  args.push(...forceGpt55CodexArgs(extraArgs));
   args.push(prompt);
+  return args;
+}
+
+export async function runCodexExec({ root, prompt, outputFile, json = true, profile = null, extraArgs = [], onStdout, onStderr, logDir = null, stdoutFile = null, stderrFile = null, maxBufferBytes = 256 * 1024, timeoutMs = null }) {
+  const bin = await findCodexBinary();
+  if (!bin) {
+    return { code: 127, stdout: '', stderr: 'Codex CLI not found. Install @openai/codex or set SKS_CODEX_BIN.' };
+  }
+  const args = buildCodexExecArgs({ root, prompt, outputFile, json, profile, extraArgs });
   const effectiveTimeoutMs = Number(timeoutMs || process.env.SKS_CODEX_TIMEOUT_MS || process.env.DCODEX_CODEX_TIMEOUT_MS || 30 * 60 * 1000);
   return runProcess(bin, args, {
     cwd: root,

package/src/core/codex-model-guard.mjs

@@ -0,0 +1,50 @@
+export const REQUIRED_CODEX_MODEL = 'gpt-5.5';
+
+const MODEL_VALUE_FLAGS = new Set(['--model', '-m']);
+const CONFIG_VALUE_FLAGS = new Set(['-c', '--config']);
+
+function isModelConfigOverride(value = '') {
+  return /^model\s*=/.test(String(value || '').trim());
+}
+
+function stripCodexModelOverrides(args = []) {
+  const out = [];
+  const input = Array.isArray(args) ? args : [];
+  for (let i = 0; i < input.length; i += 1) {
+    const arg = String(input[i]);
+    if (MODEL_VALUE_FLAGS.has(arg)) {
+      i += 1;
+      continue;
+    }
+    if (arg.startsWith('--model=') || arg.startsWith('-m=')) continue;
+    if (CONFIG_VALUE_FLAGS.has(arg)) {
+      const value = i + 1 < input.length ? String(input[i + 1]) : '';
+      if (isModelConfigOverride(value)) {
+        i += 1;
+        continue;
+      }
+      out.push(arg);
+      if (i + 1 < input.length) out.push(String(input[++i]));
+      continue;
+    }
+    if (arg.startsWith('-c=') || arg.startsWith('--config=')) {
+      const value = arg.slice(arg.indexOf('=') + 1);
+      if (isModelConfigOverride(value)) continue;
+    }
+    out.push(arg);
+  }
+  return out;
+}
+
+export function forceGpt55CodexArgs(args = []) {
+  return ['--model', REQUIRED_CODEX_MODEL, ...stripCodexModelOverrides(args)];
+}
+
+export function forceGpt55CodexConfigArgs(args = []) {
+  return ['-c', `model="${REQUIRED_CODEX_MODEL}"`, ...stripCodexModelOverrides(args)];
+}
+
+export function isForbiddenCodexModel(value = '') {
+  const model = String(value || '').trim().toLowerCase();
+  return /^gpt-5\./.test(model) && model !== REQUIRED_CODEX_MODEL;
+}

package/src/core/db-safety.mjs

@@ -137,9 +137,14 @@ export function classifyCommand(command = '') {
   const low = c.toLowerCase();
   const reasons = [];
   if (!low.trim()) return { level: 'none', kind: 'none', reasons: [], command: c };
+  const supabaseMigrationApply = [];
+  if (/\bsupabase\s+migration\s+up\b/.test(low)) supabaseMigrationApply.push('supabase_migration_up', 'supabase_migration_apply');
+  if (/\bsupabase\s+db\s+push\b/.test(low)) supabaseMigrationApply.push('supabase_db_push', 'supabase_migration_apply');
+  const supabaseMigrationRead = [];
+  if (/\bsupabase\s+db\s+(diff|pull)\b/.test(low)) supabaseMigrationRead.push('supabase_migration_schema_read');
+  if (/\bsupabase\s+migration\s+(list|new|squash)\b/.test(low)) supabaseMigrationRead.push('supabase_migration_file_work');
   const hard = [
     [/\bsupabase\s+db\s+reset\b/, 'supabase_db_reset'],
-    [/\bsupabase\s+db\s+push\b/, 'supabase_db_push'],
     [/\bsupabase\s+migration\s+repair\b/, 'supabase_migration_repair'],
     [/\bprisma\s+migrate\s+reset\b/, 'prisma_migrate_reset'],
     [/\bprisma\s+db\s+push\b/, 'prisma_db_push'],
@@ -152,6 +157,25 @@ export function classifyCommand(command = '') {
   const maybeSql = extractSqlLiterals(c).join('\n');
   const sqlClass = maybeSql ? classifySql(maybeSql) : { level: 'none', reasons: [] };
   if (reasons.length) return { level: 'destructive', kind: 'db_command', reasons, sql: sqlClass, command: c };
+  if (supabaseMigrationApply.length) {
+    const level = sqlClass.level === 'destructive' ? 'destructive' : 'write';
+    return {
+      level,
+      kind: 'db_migration',
+      reasons: [...new Set([...supabaseMigrationApply, ...(sqlClass.reasons || [])])],
+      sql: sqlClass,
+      command: c
+    };
+  }
+  if (supabaseMigrationRead.length && !['write', 'destructive'].includes(sqlClass.level)) {
+    return {
+      level: 'safe',
+      kind: 'db_migration',
+      reasons: [...new Set([...supabaseMigrationRead, ...(sqlClass.reasons || [])])],
+      sql: sqlClass,
+      command: c
+    };
+  }
   if (/\b(psql|supabase|prisma|drizzle-kit|knex|sequelize)\b/.test(low)) {
     if (sqlClass.level === 'destructive' || sqlClass.level === 'write') return { level: sqlClass.level, kind: 'db_command', reasons: sqlClass.reasons, sql: sqlClass, command: c };
     return { level: sqlClass.level === 'safe' ? 'safe' : 'possible_db', kind: 'db_command', reasons: sqlClass.reasons, sql: sqlClass, command: c };
@@ -199,10 +223,15 @@ export function classifyToolPayload(payload = {}) {
   const sqlClass = classifySql(combined);
   const commandClass = classifyCommand(strings.find((s) => /\b(supabase|psql|prisma|drizzle|knex|sequelize)\b/i.test(s)) || '');
   const toolReasons = [];
+  const reasons = [];
   if (/\b(apply_patch|edit|write|create|remove|rename|str_replace|file_write|fs_write)\b/i.test(toolName) && !/supabase|postgres|database|execute_sql|apply_migration|sql_query|db_|_db\b|migration/.test(toolName)) {
-    return { level: 'none', toolName, toolReasons, sql: sqlClass, command: commandClass, stringsExamined: strings.length };
+    return { level: 'none', toolName, toolReasons, reasons, sql: sqlClass, command: commandClass, stringsExamined: strings.length };
   }
   if (/supabase|postgres|database|execute_sql|apply_migration|sql_query|db_|_db\b|migration/.test(toolName)) toolReasons.push('database_tool');
+  if (/apply_migration|migration_apply/i.test(toolName)) {
+    toolReasons.push('migration_apply_tool');
+    reasons.push('supabase_migration_apply');
+  }
   if (/delete_project|pause_project|restore_project|delete_branch|reset_branch|merge_branch/.test(toolName)) toolReasons.push('dangerous_supabase_management_tool');
   let level = 'none';
   for (const candidate of [sqlClass.level, commandClass.level]) {
@@ -211,8 +240,9 @@ export function classifyToolPayload(payload = {}) {
     else if ((candidate === 'safe' || candidate === 'possible_db') && level === 'none') level = candidate;
   }
   if (toolReasons.includes('dangerous_supabase_management_tool')) level = 'destructive';
+  if (toolReasons.includes('migration_apply_tool') && level !== 'destructive') level = 'write';
   if (toolReasons.includes('database_tool') && level === 'none') level = 'possible_db';
-  return { level, toolName, toolReasons, sql: sqlClass, command: commandClass, stringsExamined: strings.length };
+  return { level, toolName, toolReasons, reasons, sql: sqlClass, command: commandClass, stringsExamined: strings.length };
 }
 
 function contractAllowsDbWrite(contract = {}) {
@@ -290,6 +320,12 @@ export function evaluateDbSafety({ classification, policy = DEFAULT_DB_SAFETY_PO
   }
   if (cls.level === 'destructive') reasons.push('destructive_database_operation_blocked_always');
   if (cls.level === 'write') {
+    const reasonSet = new Set([
+      ...(cls.reasons || []),
+      ...(cls.sql?.reasons || []),
+      ...(cls.command?.reasons || [])
+    ]);
+    if (reasonSet.has('supabase_db_push')) reasons.push('supabase_db_push_requires_active_mad_sks');
     if (effective.mode === 'read_only_only') reasons.push('database_write_mode_is_read_only_only');
     if (effective.env === 'production' || effective.env === 'production_read_only') reasons.push('production_database_writes_forbidden');
     if (!['local_dev', 'preview_branch', 'supabase_branch'].includes(effective.env)) reasons.push('database_write_target_not_local_or_branch');

package/src/core/fsx.mjs

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 
-export const PACKAGE_VERSION = '0.7.53';
+export const PACKAGE_VERSION = '0.7.55';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
 

package/src/core/hooks-runtime.mjs

@@ -6,6 +6,7 @@ import { checkDbOperation, dbBlockReason, handleMadSksUserConfirmation } from '.
 import { checkHarnessModification, harnessGuardBlockReason } from './harness-guard.mjs';
 import { activeRouteContext, evaluateStop, prepareRoute, promptPipelineContext as routePipelineContext, recordContext7Evidence, recordSubagentEvidence, routePrompt } from './pipeline.mjs';
 import { classifyToolError } from './evaluation.mjs';
+import { REQUIRED_CODEX_MODEL, isForbiddenCodexModel } from './codex-model-guard.mjs';
 
 const TEAM_DIGEST_MAX_EVENTS = 4;
 const TEAM_DIGEST_MESSAGE_CHARS = 180;
@@ -91,7 +92,11 @@ export async function hookMain(name) {
   const root = await projectRoot(payload.cwd || process.cwd());
   const state = await loadState(root);
   const noQuestion = isNoQuestionRunning(state);
-  if (name === 'user-prompt-submit') return hookUserPrompt(root, state, payload, noQuestion);
+  if (name === 'user-prompt-submit') {
+    const modelBlock = blockForbiddenClientModel(payload);
+    if (modelBlock) return modelBlock;
+    return hookUserPrompt(root, state, payload, noQuestion);
+  }
   if (name === 'pre-tool') return hookPreTool(root, state, payload, noQuestion);
   if (name === 'post-tool') return hookPostTool(root, state, payload, noQuestion);
   if (name === 'permission-request') return hookPermission(root, state, payload, noQuestion);
@@ -99,6 +104,43 @@ export async function hookMain(name) {
   return { continue: true };
 }
 
+function blockForbiddenClientModel(payload = {}) {
+  const model = forbiddenClientModelFromPayload(payload);
+  if (!model || !isForbiddenCodexModel(model)) return null;
+  return {
+    decision: 'block',
+    reason: `SKS requires ${REQUIRED_CODEX_MODEL}; client payload requested ${model}. Switch the Codex client/session model to ${REQUIRED_CODEX_MODEL} and retry.`
+  };
+}
+
+function forbiddenClientModelFromPayload(payload = {}) {
+  const candidates = [
+    payload.model,
+    payload.model_id,
+    payload.modelId,
+    payload.client_model,
+    payload.clientModel,
+    ...clientModelCandidates(payload.client),
+    ...clientModelCandidates(payload.metadata),
+    ...clientModelCandidates(payload.context),
+    ...clientModelCandidates(payload.thread),
+    ...clientModelCandidates(payload.session)
+  ];
+  return candidates.find((value) => typeof value === 'string' && isForbiddenCodexModel(value)) || '';
+}
+
+function clientModelCandidates(value, depth = 0) {
+  if (!value || typeof value !== 'object' || depth > 4) return [];
+  const out = [];
+  for (const key of ['model', 'model_id', 'modelId', 'client_model', 'clientModel']) {
+    if (typeof value[key] === 'string') out.push(value[key]);
+  }
+  for (const key of ['client', 'metadata', 'context', 'thread', 'session']) {
+    out.push(...clientModelCandidates(value[key], depth + 1));
+  }
+  return out;
+}
+
 async function hookUserPrompt(root, state, payload, noQuestion) {
   if (!noQuestion) {
     const prompt = extractUserPrompt(payload);

package/src/core/tmux-ui.mjs

@@ -4,6 +4,7 @@ import { spawnSync } from 'node:child_process';
 import { exists, nowIso, packageRoot, readJson, runProcess, sha256, sksRoot, which, writeJsonAtomic } from './fsx.mjs';
 import { getCodexInfo } from './codex-adapter.mjs';
 import { codexAppIntegrationStatus, formatCodexAppStatus } from './codex-app.mjs';
+import { REQUIRED_CODEX_MODEL, forceGpt55CodexArgs } from './codex-model-guard.mjs';
 import { MIN_TEAM_REVIEWER_LANES } from './team-review-policy.mjs';
 
 export const SKS_TMUX_LOGO = [
@@ -114,7 +115,7 @@ const SKS_TMUX_LOGO_ANIMATION_STEPS = Object.freeze([
   { frame: 9, color: '51', bold: true, delay: '0.16' }
 ]);
 
-export const DEFAULT_SKS_CODEX_MODEL = 'gpt-5.5';
+export const DEFAULT_SKS_CODEX_MODEL = REQUIRED_CODEX_MODEL;
 export const DEFAULT_SKS_CODEX_REASONING = 'high';
 
 export function defaultCodexLaunchArgs(env = process.env) {
@@ -200,7 +201,7 @@ export function tmuxStatusKind(tmux = {}) {
 }
 
 export function codexLaunchCommand(root, codexBin, codexArgs = []) {
-  const extraArgs = Array.isArray(codexArgs) ? codexArgs : [];
+  const extraArgs = forceGpt55CodexArgs(codexArgs);
   return [
     sksLogoIntroCommand(codexBin),
     `printf '\\nProject: %s\\n' ${shellEscape(root)}`,
@@ -322,7 +323,7 @@ export async function buildTmuxLaunchPlan(opts = {}) {
   const codex = opts.codex || await getCodexInfo().catch(() => ({}));
   const tmux = opts.tmux || await tmuxReadiness(opts);
   const app = opts.app || await codexAppIntegrationStatus({ codex });
-  const codexArgs = Array.isArray(opts.codexArgs) ? opts.codexArgs : defaultCodexLaunchArgs(opts.env || process.env);
+  const codexArgs = forceGpt55CodexArgs(Array.isArray(opts.codexArgs) ? opts.codexArgs : defaultCodexLaunchArgs(opts.env || process.env));
   return {
     root,
     session,