sneakoscope 0.8.5 → 0.9.0

package/README.md

@@ -59,6 +59,19 @@ Research scouts now use named persona-inspired cognitive lenses: Einstein Scout,
 
 For existing 0.7.x users, the visible change is new report-only evidence, not a route personality rewrite. Team still feels like Team, DFix stays ultralight, DB remains conservative, QA-LOOP still dogfoods, PPT stays information-first, imagegen still requires real raster evidence, and Honest Mode remains the final truth pass. The original strong reminder idea became neutral RecallPulse so user-facing prompts stay short, professional, and non-repetitive; hook messages can point at status, but `mission-status-ledger.json` is the durable source when app-visible text disappears. The planning source is `docs/RECALLPULSE_0_8_0_TASKS.md`, and implementation is designed to land in safe task-sized slices before any enforcement promotion.
 
+## 0.9.0 Report-Only Decision Lattice
+
+Sneakoscope 0.9.0 adds a report-only Decision Lattice planner that uses A* over proof-debt signals to explain which route or verification path the pipeline would prefer. It is an evidence and planning surface, not a runtime shortcut: SKS must not claim speedup, fast-lane accuracy, or reduced verification cost from the lattice until replay or scored eval evidence demonstrates those outcomes.
+
+The lattice integrates with the existing proof-field and `sks pipeline plan` surfaces. Its reports are expected to show the explored frontier, the selected path, and rejected paths with their proof-debt reasons, so reviewers can audit why a route stayed on the full Team/Honest path or why a smaller verification plan was only proposed. Like RecallPulse, this is designed to land as report-only evidence first; route enforcement and performance claims remain gated by later validation.
+
+Quick checks:
+
+```bash
+sks proof-field scan --json --intent "small CLI change"
+sks pipeline plan latest --proof-field --json
+```
+
 ## Requirements
 
 - Node.js `>=20.11`
@@ -174,7 +187,7 @@ sks codex-lb repair
 sks
 ```
 
-Bare `sks` can also prompt for codex-lb auth; SKS stores the base URL/key in `~/.codex/sks-codex-lb.env`, loads the provider env key for tmux launches, and syncs the macOS user launch environment so the Codex App can see `CODEX_LB_API_KEY` after restart. npm postinstall upgrades resync that stored env file when postinstall is not stopped by a hard harness conflict, and `sks doctor --fix` does the same during repair. If an older SKS release left the codex-lb dashboard key only in the shared Codex `auth.json` login cache, SKS migrates that key back into `~/.codex/sks-codex-lb.env` when a codex-lb provider or env base URL is already recoverable. It does not rewrite the shared Codex `auth.json` login cache by default; set `SKS_CODEX_LB_SYNC_CODEX_LOGIN=1` only if you intentionally want the old API-key login-cache behavior. When codex-lb is active, SKS opens a fresh `sks-codex-lb-*` tmux session and sweeps older detached codex-lb sessions for the same repo before launch so stale Responses API chains are not reused. Configured launch paths, including non-interactive runs, verify that codex-lb can continue a Responses API chain with `previous_response_id`; if that check fails, SKS bypasses codex-lb for that launch with `model_provider="openai"` instead of letting the Codex session fail mid-work.
+Bare `sks` can also prompt for codex-lb auth; SKS stores the base URL/key in `~/.codex/sks-codex-lb.env`, writes `model_provider = "codex-lb"` into `~/.codex/config.toml` for Codex App routing, loads the provider env key for tmux launches, and syncs the macOS user launch environment so the Codex App can see `CODEX_LB_API_KEY` after restart. npm postinstall upgrades resync that stored env file and restore the Codex App provider selection when postinstall is not stopped by a hard harness conflict, and `sks doctor --fix` does the same during repair. If an older SKS release left the codex-lb dashboard key only in the shared Codex `auth.json` login cache, SKS migrates that key back into `~/.codex/sks-codex-lb.env` when a codex-lb provider or env base URL is already recoverable. It does not rewrite the shared Codex `auth.json` login cache by default; set `SKS_CODEX_LB_SYNC_CODEX_LOGIN=1` only if you intentionally want the old API-key login-cache behavior. When codex-lb is active, SKS opens a fresh `sks-codex-lb-*` tmux session and sweeps older detached codex-lb sessions for the same repo before launch so stale Responses API chains are not reused. Configured launch paths, including non-interactive runs, verify that codex-lb can continue a Responses API chain with `previous_response_id`; if that check fails, SKS bypasses codex-lb for that launch with `model_provider="openai"` instead of letting the Codex session fail mid-work.
 
 If codex-lb provider auth drifts after launch/reinstall, run `sks doctor --fix` or `sks codex-lb repair`; to replace it, run `sks codex-lb reconfigure --host <domain> --api-key <key>`.
 
@@ -239,7 +252,7 @@ sks code-structure scan --json
 
 `sks recallpulse` is the 0.8.0 report-only RecallPulse utility. It writes `recallpulse-decision.json`, `mission-status-ledger.json`, `route-proof-capsule.json`, `evidence-envelope.json`, `recallpulse-governance-report.json`, `recallpulse-task-goal-ledger.json`, and `recallpulse-eval-report.json` for the current mission. RecallPulse does not replace route gates, Honest Mode, DB safety, imagegen evidence, or TriWiki validation; it records cache hits, hydration needs, duplicate suppression, route-governance risks, and final-summary-ready durable status so later releases can promote only measured improvements. Checklist updates are sequential: every `Txxx` row is treated as a child `$Goal` checkpoint, and `sks recallpulse checklist ... --task T001 --apply` refuses out-of-order checks unless explicitly overridden.
 
-`sks pipeline plan` shows the active route lane, kept/skipped stages, verification commands, and no-unrequested-fallback invariant. `sks proof-field scan` is the lightweight rubric for small changes; risky or broad signals return to the full Team/Honest path.
+`sks pipeline plan` shows the active route lane, kept/skipped stages, verification commands, and no-unrequested-fallback invariant. The 0.9.0 Decision Lattice augments this planning surface with report-only A*/proof-debt evidence: frontier paths considered, the selected path, and rejected paths with rejection reasons. `sks proof-field scan` remains the lightweight rubric for small changes; risky or broad signals return to the full Team/Honest path, and no speedup claim is valid without replay or eval evidence.
 
 ### Ambiguity Questions
 
@@ -251,7 +264,7 @@ Clarification asks only for ambiguity that changes execution; predictable defaul
 $PPT create a customer proposal deck as HTML/PDF
 ```
 
-`$PPT` seals presentation context before artifact work and grounds design in `design.md`, getdesign inputs, and source material.
+`$PPT` seals presentation context before artifact work and grounds design in `design.md`, getdesign inputs, and source material. The route loads `imagegen`; when the sealed deck needs generated raster assets or generated slide visual critique, use Codex App `$imagegen`/`gpt-image-2` and record the real output path in the PPT image/review ledgers.
 
 ## Codex App Usage
 
@@ -275,7 +288,7 @@ For headless remotely controllable Codex App/server sessions on Codex CLI 0.130.
 sks codex-app remote-control -- --help
 ```
 
-`sks codex-app check` reports whether the installed Codex CLI is new enough, whether the required app flags are visible, whether Fast/speed-selector config is unlocked, and whether installed OpenAI default plugins such as Browser, Chrome, Computer Use, Documents, Presentations, Spreadsheets, and LaTeX are enabled. codex-lb can remain configured as a custom provider, but SKS keeps it off the top-level Codex App provider setting so native model, speed, and built-in feature UI stay visible. Codex CLI 0.130.0+ app-server/remote-control threads can pick up config changes live; older CLI/TUI sessions should still be restarted after `.codex/config.toml` or MCP/plugin changes.
+`sks codex-app check` reports whether the installed Codex CLI is new enough, whether the required app flags are visible, whether Fast/speed-selector config is unlocked, and whether installed OpenAI default plugins such as Browser, Chrome, Computer Use, Documents, Presentations, Spreadsheets, and LaTeX are enabled. When codex-lb is configured, SKS keeps it selected as the top-level Codex App provider while still preserving required app flags and plugin settings. Codex CLI 0.130.0+ app-server/remote-control threads can pick up config changes live; older CLI/TUI sessions should still be restarted after `.codex/config.toml` or MCP/plugin changes.
 
 Then open Codex App and use prompt commands directly in the chat. Examples:
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.8.5",
+  "version": "0.9.0",
   "description": "Sneakoscope Codex: database-safe Codex CLI/App harness with Team, Goal, AutoResearch, TriWiki, and Honest Mode.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/install-helpers.mjs

@@ -387,7 +387,7 @@ export async function repairCodexLbAuth(opts = {}) {
       status = await codexLbStatus(opts);
     }
   }
-  if (status.env_key_configured && status.base_url && (!status.ok || status.selected || legacyAuthMigrated || hasTopLevelCodexModeLock(currentConfig))) {
+  if (status.env_key_configured && status.base_url && (!status.ok || !status.selected || legacyAuthMigrated || hasTopLevelCodexModeLock(currentConfig))) {
     await ensureDir(path.dirname(status.config_path));
     const next = normalizeCodexFastModeUiConfig(upsertCodexLbConfig(currentConfig, status.base_url));
     await writeTextAtomic(status.config_path, next);
@@ -426,6 +426,7 @@ export async function ensureCodexLbAuthDuringInstall(opts = {}) {
   if (process.env.SKS_SKIP_POSTINSTALL_CODEX_LB_AUTH === '1' && !opts.force) return { status: 'skipped', reason: 'SKS_SKIP_POSTINSTALL_CODEX_LB_AUTH=1' };
   const status = await codexLbStatus(opts);
   if (!status.selected && !status.provider_configured && !status.env_file) return { status: 'not_configured', codex_lb: status };
+  if (status.ok && !status.selected) return repairCodexLbAuth(opts);
   if (!status.ok) {
     if (status.base_url && (status.env_key_configured || status.provider_configured || status.selected || status.env_base_url_configured)) return repairCodexLbAuth(opts);
     return { status: status.env_key_configured ? 'missing_base_url' : 'missing_env_key', codex_lb: status, config_path: status.config_path, env_path: status.env_path };
@@ -559,7 +560,7 @@ async function syncCodexApiKeyLogin(apiKey, opts = {}) {
 }
 
 function upsertCodexLbConfig(text = '', baseUrl) {
-  let next = removeTopLevelTomlKeyIfValue(text, 'model_provider', 'codex-lb');
+  let next = upsertTopLevelTomlString(text, 'model_provider', 'codex-lb');
   const block = [
     '[model_providers.codex-lb]',
     'name = "OpenAI"',
@@ -1233,7 +1234,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   const codexLbEnv = await safeReadText(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'));
   const codexLbAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
-  if (!codexLbSetupJson.ok || codexLbSetupJson.base_url !== 'https://lb.example.test/backend-api/codex' || hasTopLevelCodexLbSelected(codexLbConfig) || !codexLbConfig.includes('[model_providers.codex-lb]') || !codexLbEnv.includes("CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'") || !codexLbEnv.includes("CODEX_LB_API_KEY='sk-test'") || codexLbSetupJson.codex_environment?.ok !== true || codexLbSetupJson.codex_login?.status !== 'skipped' || codexLbAuth.trim()) throw new Error('selftest: codex-lb setup');
+  if (!codexLbSetupJson.ok || codexLbSetupJson.base_url !== 'https://lb.example.test/backend-api/codex' || !hasTopLevelCodexLbSelected(codexLbConfig) || !codexLbConfig.includes('[model_providers.codex-lb]') || !codexLbEnv.includes("CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'") || !codexLbEnv.includes("CODEX_LB_API_KEY='sk-test'") || codexLbSetupJson.codex_environment?.ok !== true || codexLbSetupJson.codex_login?.status !== 'skipped' || codexLbAuth.trim()) throw new Error('selftest: codex-lb setup');
   const codexLbFailLaunchctl = path.join(codexLbFakeBin, 'launchctl-fail');
   await writeTextAtomic(codexLbFailLaunchctl, '#!/bin/sh\necho "launchctl denied" >&2\nexit 7\n');
   await fsp.chmod(codexLbFailLaunchctl, 0o755);
@@ -1242,14 +1243,14 @@ export async function selftestCodexLb(tmp) {
   if (!hasCodexUnstableFeatureWarningSuppression(codexLbConfig)) throw new Error('selftest: codex-lb setup did not suppress Codex unstable feature warning');
   await initProject(codexLbHome, { installScope: 'global', force: true, repair: true });
   const codexLbRepairSetupConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
-  if (hasTopLevelCodexLbSelected(codexLbRepairSetupConfig) || !codexLbRepairSetupConfig.includes('[model_providers.codex-lb]') || !codexLbRepairSetupConfig.includes('https://lb.example.test/backend-api/codex') || codexLbRepairSetupConfig.includes('sk-test')) throw new Error('selftest: init codex-lb');
+  if (!hasTopLevelCodexLbSelected(codexLbRepairSetupConfig) || !codexLbRepairSetupConfig.includes('[model_providers.codex-lb]') || !codexLbRepairSetupConfig.includes('https://lb.example.test/backend-api/codex') || codexLbRepairSetupConfig.includes('sk-test')) throw new Error('selftest: init codex-lb');
   if (!hasCodexUnstableFeatureWarningSuppression(codexLbRepairSetupConfig)) throw new Error('selftest: init codex-lb did not suppress Codex unstable feature warning');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), `${codexLbConfig}\n[mcp_servers.supabase]\nurl = "https://mcp.supabase.com/mcp?project_ref=ref&read_only=true&features=database,docs"\n`);
   const ptmp = path.join(tmp, 'codex-lb-project-config'), prevHome = process.env.HOME;
   try { process.env.HOME = codexLbHome; await initProject(ptmp, { installScope: 'global' }); }
   finally { if (prevHome === undefined) delete process.env.HOME; else process.env.HOME = prevHome; }
   const pcfg = await safeReadText(path.join(ptmp, '.codex', 'config.toml'));
-  if (hasTopLevelCodexLbSelected(pcfg) || !pcfg.includes('[model_providers.codex-lb]') || !pcfg.includes('[mcp_servers.supabase]') || !pcfg.includes('read_only=true')) throw new Error('selftest: project codex-lb');
+  if (!hasTopLevelCodexLbSelected(pcfg) || !pcfg.includes('[model_providers.codex-lb]') || !pcfg.includes('[mcp_servers.supabase]') || !pcfg.includes('read_only=true')) throw new Error('selftest: project codex-lb');
   if (!hasCodexUnstableFeatureWarningSuppression(pcfg)) throw new Error('selftest: project codex-lb config did not suppress Codex unstable feature warning');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'auth.json'), '{"auth_mode":"browser"}\n');
   const codexLbRepair = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'auth', 'repair', '--json'], { cwd: tmp, env: codexLbEnvForSelftest, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
@@ -1308,7 +1309,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbPostBootstrapConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   const codexLbLoginCallsAfterBootstrap = await codexLbLoginCallCount(codexLbHome);
   if (!codexLbPostBootstrapAuth.includes('"auth_mode":"browser"') || codexLbPostBootstrapAuth.includes('sk-test') || codexLbLoginCallsAfterBootstrap !== codexLbLoginCallsBeforeBootstrap) throw new Error('selftest: postinstall drift auth');
-  if (hasTopLevelCodexLbSelected(codexLbPostBootstrapConfig) || !codexLbPostBootstrapConfig.includes('[model_providers.codex-lb]') || !codexLbPostBootstrapConfig.includes('https://lb.example.test/backend-api/codex') || codexLbPostBootstrapConfig.includes('sk-test')) throw new Error('selftest: postinstall drift config');
+  if (!hasTopLevelCodexLbSelected(codexLbPostBootstrapConfig) || !codexLbPostBootstrapConfig.includes('[model_providers.codex-lb]') || !codexLbPostBootstrapConfig.includes('https://lb.example.test/backend-api/codex') || codexLbPostBootstrapConfig.includes('sk-test')) throw new Error('selftest: postinstall drift config');
   const doctorProject = tmpdir();
   await ensureDir(path.join(doctorProject, '.git'));
   await writeTextAtomic(path.join(doctorProject, 'package.json'), '{"name":"codex-lb-doctor-project","version":"0.0.0"}\n');
@@ -1325,7 +1326,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbDoctorJson = JSON.parse(codexLbDoctorRepair.stdout);
   const codexLbDoctorAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
   const codexLbDoctorConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
-  if (!codexLbDoctorJson.repair?.codex_lb?.ok || !codexLbDoctorJson.repair.codex_lb.config_repaired || !codexLbDoctorJson.codex_lb?.ok || !codexLbDoctorAuth.includes('"auth_mode":"browser"') || codexLbDoctorAuth.includes('sk-test') || hasTopLevelCodexLbSelected(codexLbDoctorConfig) || !codexLbDoctorConfig.includes('https://lb.example.test/backend-api/codex') || !hasCodexUnstableFeatureWarningSuppression(codexLbDoctorConfig)) throw new Error('selftest: doctor codex-lb');
+  if (!codexLbDoctorJson.repair?.codex_lb?.ok || !codexLbDoctorJson.repair.codex_lb.config_repaired || !codexLbDoctorJson.codex_lb?.ok || !codexLbDoctorAuth.includes('"auth_mode":"browser"') || codexLbDoctorAuth.includes('sk-test') || !hasTopLevelCodexLbSelected(codexLbDoctorConfig) || !codexLbDoctorConfig.includes('https://lb.example.test/backend-api/codex') || !hasCodexUnstableFeatureWarningSuppression(codexLbDoctorConfig)) throw new Error('selftest: doctor codex-lb');
   const codexLbContext7Bin = path.join(tmp, 'codex-lb-context7-bin');
   await ensureDir(codexLbContext7Bin);
   await writeTextAtomic(path.join(codexLbContext7Bin, 'codex'), '#!/bin/sh\nif [ "$1" = "--version" ]; then echo "codex-cli 99.0.0"; exit 0; fi\nif [ "$CODEX_LB_API_KEY" ]; then echo "context7 leaked CODEX_LB_API_KEY" >&2; exit 77; fi\nif [ "$1" = "mcp" ] && [ "$2" = "list" ]; then echo ""; exit 0; fi\nif [ "$1" = "mcp" ] && [ "$2" = "add" ]; then echo "context7 added"; exit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
@@ -1388,7 +1389,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbLegacyDoctorEnv = await safeReadText(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'));
   const codexLbLegacyDoctorConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   const codexLbLegacyDoctorAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
-  if (!codexLbLegacyDoctorJson.repair?.codex_lb?.ok || !codexLbLegacyDoctorJson.repair.codex_lb.legacy_auth_migrated || !codexLbLegacyDoctorEnv.includes("CODEX_LB_API_KEY='sk-legacy-doctor'") || !codexLbLegacyDoctorAuth.includes('"auth_mode":"apikey"') || !codexLbLegacyDoctorAuth.includes('sk-legacy-doctor') || hasTopLevelCodexLbSelected(codexLbLegacyDoctorConfig) || !codexLbLegacyDoctorConfig.includes('env_key = "CODEX_LB_API_KEY"')) throw new Error('selftest: legacy doctor codex-lb restore');
+  if (!codexLbLegacyDoctorJson.repair?.codex_lb?.ok || !codexLbLegacyDoctorJson.repair.codex_lb.legacy_auth_migrated || !codexLbLegacyDoctorEnv.includes("CODEX_LB_API_KEY='sk-legacy-doctor'") || !codexLbLegacyDoctorAuth.includes('"auth_mode":"apikey"') || !codexLbLegacyDoctorAuth.includes('sk-legacy-doctor') || !hasTopLevelCodexLbSelected(codexLbLegacyDoctorConfig) || !codexLbLegacyDoctorConfig.includes('env_key = "CODEX_LB_API_KEY"')) throw new Error('selftest: legacy doctor codex-lb restore');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'), "export CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'\n");
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), 'model = "gpt-5.5"\nservice_tier = "fast"\n');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'auth.json'), '{"auth_mode":"apikey","key":"sk-env-only"}\n');
@@ -1404,7 +1405,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbEnvOnlyPostinstallConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   const codexLbEnvOnlyPostinstallAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
   const codexLbLoginCallsAfterEnvOnlyPostinstall = await codexLbLoginCallCount(codexLbHome);
-  if (!String(codexLbEnvOnlyPostinstall.stdout || '').includes('codex-lb auth: restored from existing Codex login cache') || !codexLbEnvOnlyPostinstallEnv.includes("CODEX_LB_API_KEY='sk-env-only'") || !codexLbEnvOnlyPostinstallConfig.includes('env_key = "CODEX_LB_API_KEY"') || !codexLbEnvOnlyPostinstallAuth.includes('sk-env-only') || codexLbLoginCallsAfterEnvOnlyPostinstall !== codexLbLoginCallsBeforeEnvOnlyPostinstall) throw new Error('selftest: env-only codex-lb postinstall restore');
+  if (!String(codexLbEnvOnlyPostinstall.stdout || '').includes('codex-lb auth: restored from existing Codex login cache') || !codexLbEnvOnlyPostinstallEnv.includes("CODEX_LB_API_KEY='sk-env-only'") || !codexLbEnvOnlyPostinstallConfig.includes('env_key = "CODEX_LB_API_KEY"') || !hasTopLevelCodexLbSelected(codexLbEnvOnlyPostinstallConfig) || !codexLbEnvOnlyPostinstallAuth.includes('sk-env-only') || codexLbLoginCallsAfterEnvOnlyPostinstall !== codexLbLoginCallsBeforeEnvOnlyPostinstall) throw new Error('selftest: env-only codex-lb postinstall restore');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'), "export CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'\n");
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), 'model = "gpt-5.5"\nservice_tier = "fast"\n');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'auth.json'), '{"auth_mode":"apikey","key":"sk-env-only-doctor"}\n');
@@ -1422,7 +1423,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbEnvOnlyDoctorEnv = await safeReadText(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'));
   const codexLbEnvOnlyDoctorConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   const codexLbEnvOnlyDoctorAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
-  if (!codexLbEnvOnlyDoctorJson.repair?.codex_lb?.ok || !codexLbEnvOnlyDoctorJson.repair.codex_lb.legacy_auth_migrated || !codexLbEnvOnlyDoctorEnv.includes("CODEX_LB_API_KEY='sk-env-only-doctor'") || !codexLbEnvOnlyDoctorConfig.includes('env_key = "CODEX_LB_API_KEY"') || !codexLbEnvOnlyDoctorAuth.includes('sk-env-only-doctor')) throw new Error('selftest: env-only doctor codex-lb restore');
+  if (!codexLbEnvOnlyDoctorJson.repair?.codex_lb?.ok || !codexLbEnvOnlyDoctorJson.repair.codex_lb.legacy_auth_migrated || !codexLbEnvOnlyDoctorEnv.includes("CODEX_LB_API_KEY='sk-env-only-doctor'") || !codexLbEnvOnlyDoctorConfig.includes('env_key = "CODEX_LB_API_KEY"') || !hasTopLevelCodexLbSelected(codexLbEnvOnlyDoctorConfig) || !codexLbEnvOnlyDoctorAuth.includes('sk-env-only-doctor')) throw new Error('selftest: env-only doctor codex-lb restore');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'), "export CODEX_LB_API_KEY='sk-test'\n");
   const codexLbMissingCli = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'postinstall'], {
     cwd: tmp,
@@ -1527,7 +1528,7 @@ function hasTopLevelCodexModeLock(text = '') {
   const lines = String(text || '').split('\n');
   const firstTable = lines.findIndex((x) => /^\s*\[.+\]\s*$/.test(x));
   const top = (firstTable === -1 ? lines : lines.slice(0, firstTable)).join('\n');
-  return /(^|\n)\s*model_provider\s*=\s*"codex-lb"\s*(\n|$)/.test(top) || /(^|\n)\s*model_reasoning_effort\s*=/.test(top);
+  return /(^|\n)\s*model_reasoning_effort\s*=/.test(top);
 }
 
 function hasDeprecatedCodexHooksFeatureFlag(text = '') {

package/src/cli/main.mjs

@@ -1148,7 +1148,8 @@ async function codexLbCommand(action = 'status', args = []) {
     console.log(`Provider:   ${status.provider_configured ? 'yes' : 'no'}`);
     console.log(`Env file:   ${status.env_file ? status.env_path : 'missing'}`);
     if (status.base_url) console.log(`Base URL:   ${status.base_url}`);
-    if (!status.ok) console.log('\nRun: sks codex-lb setup --host <domain> --api-key <key>');
+    if (status.ok && !status.selected) console.log('\nRun: sks codex-lb repair to activate codex-lb for Codex App.');
+    else if (!status.ok) console.log('\nRun: sks codex-lb setup --host <domain> --api-key <key>');
     else console.log('\nRepair provider auth: sks codex-lb repair');
     return;
   }
@@ -1498,7 +1499,7 @@ function usage(args = []) {
     openclaw: ['OpenClaw', '', '  sks openclaw install', '  sks openclaw path', '  sks openclaw print SKILL.md', '', 'Installs an OpenClaw skill package under ~/.openclaw/skills/sneakoscope-codex so OpenClaw agents can attach skills: [sneakoscope-codex] with the shell tool and call local SKS commands from a project root.'],
     team: ['Team', '', '  sks team "task" executor:5 reviewer:6 user:1', '  sks team open-tmux latest', '  sks team watch latest', '  sks team lane latest --agent analysis_scout_1 --follow', '  sks team message latest --from analysis_scout_1 --to executor_1 --message "handoff note"', '  sks team cleanup-tmux latest', '', '$Team auto-seals a route contract, opens scout-first tmux lanes when available, then runs scouts -> TriWiki attention -> debate -> runtime graph/inbox -> fresh executors -> review -> cleanup -> reflection -> Honest.'],
     'qa-loop': ['QA-LOOP', '', '  sks qa-loop prepare "QA this app"', '  sks qa-loop answer <MISSION_ID> answers.json', '  sks qa-loop run <MISSION_ID> --max-cycles 8', '', 'Report: YYYY-MM-DD-v<version>-qa-report.md'],
-    ppt: ['PPT', '', '  $PPT 투자자용 피치덱을 HTML 기반 PDF로 만들어줘', '  $PPT 우리 SaaS 소개자료 만들어줘', '  sks ppt build latest --json', '  sks ppt status latest --json', '', '$PPT infers delivery context, audience profile, STP strategy, decision context, and 3+ pain-point/solution/aha mappings before source research, design-system work, HTML/PDF export, render QA, fact-ledger validation, and bounded review-loop validation. Independent strategy/render/file-write phases run in parallel where inputs allow and are recorded in ppt-parallel-report.json. The visual system must stay simple, restrained, and information-first; editable source HTML is kept under source-html/, PPT-only temporary build files are cleaned, and installed skills/MCPs outside the $PPT allowlist are ignored. Design uses getdesign-reference plus the built-in PPT design pipeline; Codex App $imagegen/gpt-image-2 and Context7 are conditional only when the sealed PPT contract needs raster assets, slide visual critique, or current external docs. Missing required $imagegen/gpt-image-2 output blocks instead of being simulated.'],
+    ppt: ['PPT', '', '  $PPT 투자자용 피치덱을 HTML 기반 PDF로 만들어줘', '  $PPT 우리 SaaS 소개자료 만들어줘', '  sks ppt build latest --json', '  sks ppt status latest --json', '', '$PPT infers delivery context, audience profile, STP strategy, decision context, and 3+ pain-point/solution/aha mappings before source research, design-system work, HTML/PDF export, render QA, fact-ledger validation, and bounded review-loop validation. Independent strategy/render/file-write phases run in parallel where inputs allow and are recorded in ppt-parallel-report.json. The visual system must stay simple, restrained, and information-first; editable source HTML is kept under source-html/, PPT-only temporary build files are cleaned, and installed skills/MCPs outside the $PPT allowlist are ignored. Design uses getdesign-reference plus the built-in PPT design pipeline; imagegen is a required PPT skill so any needed raster assets or generated slide visual critique must invoke Codex App $imagegen/gpt-image-2 and save real outputs into the mission assets/review evidence paths. Context7 is conditional only when the sealed PPT contract needs current external docs. Missing required $imagegen/gpt-image-2 output blocks instead of being simulated.'],
     'image-ux-review': ['Image UX Review', '', '  $Image-UX-Review localhost 화면을 이미지 생성 리뷰 루프로 검수해줘', '  $UX-Review 이 스크린샷을 gpt-image-2 콜아웃 리뷰로 분석하고 고쳐줘', '  sks image-ux-review status latest --json', '', '$Image-UX-Review captures or receives source UI screenshots, runs Codex App $imagegen/gpt-image-2 to create generated annotated review images with numbered callouts, then extracts those generated images into image-ux-issue-ledger.json. Text-only screenshot critique cannot pass image-ux-review-gate.json; missing generated review images remain an explicit blocker.'],
     goal: ['Goal', '', '  sks goal create "task"', '  sks goal status latest', '  sks goal pause latest', '  sks goal resume latest', '  sks goal clear latest'],
     'codex-app': ['Codex App', '', '  sks bootstrap', '  sks codex-app check', '  sks codex-app remote-control --status', '  sks dollar-commands', '  cat .codex/SNEAKOSCOPE.md'],
@@ -1731,7 +1732,7 @@ async function doctor(args) {
   const skillStatus = await checkRequiredSkills(root);
   const globalSkillStatus = await checkRequiredSkills(null, globalCodexSkillsRoot());
   const codexLb = await codexLbStatus();
-  const codexLbReady = (!codexLb.selected && !codexLb.provider_configured && !codexLb.env_file) || codexLb.ok;
+  const codexLbReady = (!codexLb.selected && !codexLb.provider_configured && !codexLb.env_file) || (codexLb.ok && codexLb.selected);
   const guardStatus = await harnessGuardStatus(root);
   const versioningInfo = await versioningStatus(root);
   const codexApp = await codexAppFilesStatus(root, skillStatus, versioningInfo);
@@ -3650,6 +3651,7 @@ async function selftest() {
   const pptRoute = routePrompt('$PPT 투자자용 피치덱 만들어줘');
   if (pptRoute?.id !== 'PPT') throw new Error('selftest: $PPT did not route to presentation pipeline');
   if (JSON.stringify(pptRoute.requiredSkills) !== JSON.stringify(PPT_PIPELINE_SKILL_ALLOWLIST)) throw new Error(`selftest: PPT route required skills are not allowlisted: ${pptRoute.requiredSkills.join(',')}`);
+  if (!pptRoute.requiredSkills.includes('imagegen')) throw new Error('selftest: PPT route must load imagegen so required PPT raster assets use Codex App $imagegen');
   if (pptRoute.requiredSkills.includes('design-artifact-expert') || pptRoute.requiredSkills.includes('design-ui-editor') || pptRoute.requiredSkills.includes('design-system-builder')) throw new Error('selftest: PPT route still requires generic design skills');
   const pptSchema = buildQuestionSchema('$PPT 투자자용 피치덱 만들어줘');
   const pptSlotIds = pptSchema.slots.map((s) => s.id);
@@ -3661,7 +3663,7 @@ async function selftest() {
   if (!pptSkillText.includes('simple, restrained, and information-first') || !pptSkillText.includes('over-designed decoration') || !pptSkillText.includes(CODEX_APP_IMAGE_GENERATION_DOC_URL) || !pptSkillText.includes(CODEX_IMAGEGEN_REQUIRED_POLICY) || !pptSkillText.includes(AWESOME_DESIGN_MD_REFERENCE.url) || !pptSkillText.includes('only design decision SSOT') || !pptSkillText.includes('instead of treating references as parallel authorities')) throw new Error('selftest: generated PPT skill missing restrained design/imagegen/fused-SSOT guidance');
   if (!pptSkillText.includes('PPT pipeline allowlist') || !pptSkillText.includes('ignore installed skills and MCPs') || !pptSkillText.includes('prevent AI-like generic presentation design') || !pptSkillText.includes('Do not use generic design skills such as design-artifact-expert')) throw new Error('selftest: generated PPT skill missing pipeline allowlist enforcement');
   if (!pptSkillText.includes('source-html/') || !pptSkillText.includes('temporary build files') || !pptSkillText.includes('ppt-parallel-report.json')) throw new Error('selftest: generated PPT skill missing source preservation/temp cleanup/parallel guidance');
-  if (!pptSkillText.includes('ppt-fact-ledger.json') || !pptSkillText.includes('ppt-image-asset-ledger.json') || !pptSkillText.includes('direct API fallback') || !pptSkillText.includes('ppt-review-ledger.json') || !pptSkillText.includes('ppt-iteration-report.json') || !pptSkillText.includes('never simulate missing gpt-image-2 output')) throw new Error('selftest: generated PPT skill missing fact/image/review loop anti-fake guidance');
+  if (!pptSkillText.includes('ppt-fact-ledger.json') || !pptSkillText.includes('ppt-image-asset-ledger.json') || !pptSkillText.includes('direct API fallback') || !pptSkillText.includes('ppt-review-ledger.json') || !pptSkillText.includes('ppt-iteration-report.json') || !pptSkillText.includes('never simulate missing gpt-image-2 output') || !pptSkillText.includes('always loads imagegen') || !pptSkillText.includes('immediately invoke Codex App `$imagegen`')) throw new Error('selftest: generated PPT skill missing fact/image/review loop anti-fake guidance');
   if (routeRequiresSubagents(pptRoute, '$PPT 투자자용 피치덱 만들어줘')) throw new Error('selftest: PPT route should not require subagents by default');
   if (!reflectionRequiredForRoute(pptRoute)) throw new Error('selftest: PPT route should require reflection');
   const pptMission = await createMission(tmp, { mode: 'ppt', prompt: '$PPT 투자자용 피치덱 만들어줘' });
@@ -3753,6 +3755,7 @@ async function selftest() {
   const requiredImageBuild = JSON.parse(requiredImageBuildResult.stdout);
   const requiredImageLedger = await readJson(path.join(requiredImagePptMission.dir, PPT_IMAGE_ASSET_LEDGER_ARTIFACT));
   if (requiredImageBuild.ok || requiredImageBuild.gate?.passed || !requiredImageBuild.gate?.image_asset_ledger_created || requiredImageBuild.gate?.image_asset_policy_satisfied !== false || !requiredImageLedger.required || requiredImageLedger.passed || !requiredImageLedger.blockers?.includes('missing_codex_app_imagegen_gpt_image_2_asset_evidence') || requiredImageLedger.generated_count !== 0) throw new Error('selftest: required PPT image assets were not blocked without Codex App imagegen evidence');
+  if (requiredImageLedger.imagegen_execution?.command !== '$imagegen' || requiredImageLedger.imagegen_execution?.required_skill !== 'imagegen' || !requiredImageLedger.assets?.every((asset) => asset.imagegen_invocation?.command === '$imagegen')) throw new Error('selftest: required PPT image assets did not carry Codex App $imagegen invocation instructions');
   const installUxSchema = buildQuestionSchema('SKS first install/bootstrap UX and Context7 MCP setup improvement');
   const installUxSlotIds = installUxSchema.slots.map((s) => s.id);
   if (installUxSchema.domain_hints.includes('uiux') || installUxSlotIds.includes('VISUAL_REGRESSION_REQUIRED')) throw new Error('selftest: CLI UX install prompt should not ask visual UI questions');
@@ -3825,20 +3828,20 @@ async function selftest() {
   if (!harnessReport.forgetting.fixture.passed || !harnessReport.tmux.views.includes('Harness Experiments View') || !harnessReport.reliability.tool_error_taxonomy.includes('Unknown')) throw new Error('selftest: harness growth fixture incomplete');
   const proofField = await proofFieldFixture();
   if (!proofField.validation.ok || !validateProofFieldReport(proofField.report).ok) throw new Error('selftest: proof field report invalid');
-  if (!proofField.checks.route_cone_selected || !proofField.checks.cli_cone_selected || !proofField.checks.catastrophic_guard_present || !proofField.checks.negative_release_work_recorded || !proofField.checks.outcome_rubric_present || !proofField.checks.adversarial_lenses_present || !proofField.checks.route_economy_present || !proofField.checks.simplicity_score_usable || !proofField.checks.execution_fast_lane_selected) throw new Error('selftest: proof field fixture checks incomplete');
+  if (!proofField.checks.route_cone_selected || !proofField.checks.cli_cone_selected || !proofField.checks.catastrophic_guard_present || !proofField.checks.negative_release_work_recorded || !proofField.checks.outcome_rubric_present || !proofField.checks.adversarial_lenses_present || !proofField.checks.route_economy_present || !proofField.checks.decision_lattice_present || !proofField.checks.decision_lattice_report_only || !proofField.checks.decision_lattice_selected_path || !proofField.checks.decision_lattice_frontier_present || !proofField.checks.decision_lattice_rejections_present || !proofField.checks.decision_lattice_scoring_formula_present || !proofField.checks.simplicity_score_usable || !proofField.checks.execution_fast_lane_selected) throw new Error('selftest: proof field fixture checks incomplete');
   if (!speedLanePolicyText().includes('proof_field_fast_lane') || !proofField.report.execution_lane?.skip_when_fast?.includes('planning_debate')) throw new Error('selftest: Proof Field speed lane policy missing');
   const fastPipelinePlan = buildPipelinePlan({ route: routePrompt('$Team small CLI help update'), task: 'small CLI help surface update', proofField: proofField.report });
   if (!validatePipelinePlan(fastPipelinePlan).ok || fastPipelinePlan.runtime_lane?.lane !== 'proof_field_fast_lane' || !fastPipelinePlan.skipped_stages.includes('planning_debate') || !fastPipelinePlan.invariants.includes('no_unrequested_fallback_code')) throw new Error('selftest: pipeline plan did not encode fast lane stage skips and fallback guard');
   const broadProofField = await buildProofField(tmp, { intent: 'database security route refactor', changedFiles: ['src/core/db-safety.mjs', 'src/core/routes.mjs', 'src/cli/main.mjs', 'README.md'] });
   const broadPipelinePlan = buildPipelinePlan({ route: routePrompt('$Team database security route refactor'), task: 'database security route refactor', proofField: broadProofField });
   if (!validatePipelinePlan(broadPipelinePlan).ok || broadPipelinePlan.runtime_lane?.lane === 'proof_field_fast_lane' || broadPipelinePlan.skipped_stages.includes('planning_debate')) throw new Error('selftest: pipeline plan did not fail closed for broad/security work');
-  if (broadPipelinePlan.route_economy?.mode !== 'report_only' || !broadPipelinePlan.route_economy.active_team_triggers?.includes('broad_change_set') || !broadPipelinePlan.route_economy.verification_stage_cache_key) throw new Error('selftest: route economy projection missing from pipeline plan');
+  if (broadPipelinePlan.route_economy?.mode !== 'report_only' || !broadPipelinePlan.route_economy.active_team_triggers?.includes('broad_change_set') || !broadPipelinePlan.route_economy.verification_stage_cache_key || !broadPipelinePlan.route_economy.decision_lattice?.report_only) throw new Error('selftest: route economy projection missing from pipeline plan');
   const workflowPerf = await runWorkflowPerfBench(tmp, {
     iterations: 2,
     intent: 'small CLI help surface update',
     changedFiles: ['src/cli/maintenance-commands.mjs', 'src/core/routes.mjs']
   });
-  if (!validateWorkflowPerfReport(workflowPerf).ok || workflowPerf.metrics.decision_mode !== 'fast_lane' || workflowPerf.metrics.execution_lane !== 'proof_field_fast_lane' || workflowPerf.metrics.pipeline_lane !== 'proof_field_fast_lane' || !workflowPerf.metrics.fast_lane_eligible || !workflowPerf.metrics.fast_lane_allowed || Number(workflowPerf.metrics.simplicity_score) < 0.75 || Number(workflowPerf.metrics.outcome_criteria_passed) < 3) throw new Error('selftest: workflow perf proof field did not produce a valid outcome-scored fast lane report');
+  if (!validateWorkflowPerfReport(workflowPerf).ok || workflowPerf.metrics.decision_mode !== 'fast_lane' || workflowPerf.metrics.execution_lane !== 'proof_field_fast_lane' || workflowPerf.metrics.pipeline_lane !== 'proof_field_fast_lane' || !workflowPerf.metrics.fast_lane_eligible || !workflowPerf.metrics.fast_lane_allowed || !workflowPerf.metrics.decision_lattice_valid || Number(workflowPerf.metrics.decision_lattice_frontier_count) < 1 || Number(workflowPerf.metrics.simplicity_score) < 0.75 || Number(workflowPerf.metrics.outcome_criteria_passed) < 3) throw new Error('selftest: workflow perf proof field did not produce a valid outcome-scored fast lane report');
   if (classifyToolError({ message: 'operation timed out' }) !== 'Timeout' || classifyToolError({ message: 'unclassified weirdness' }) !== 'Unknown') throw new Error('selftest: tool error taxonomy classification');
   const coord = rgbaToWikiCoord({ r: 12, g: 34, b: 56, a: 255 });
   if (coord.schema !== 'sks.wiki-coordinate.v1' || coord.xyzw.length !== 4) throw new Error('selftest: RGBA wiki coordinate conversion');

package/src/cli/maintenance-commands.mjs

@@ -969,6 +969,9 @@ export async function proofFieldCommand(sub, args = []) {
   console.log(`Workflow complexity: ${report.workflow_complexity.band} (${report.workflow_complexity.score})`);
   if (report.team_trigger_matrix.active_triggers.length) console.log(`Team triggers: ${report.team_trigger_matrix.active_triggers.join(', ')}`);
   console.log(`Proof cones: ${report.proof_cones.map((cone) => cone.id).join(', ')}`);
+  if (report.decision_lattice?.selected_path?.id) {
+    console.log(`Decision lattice: ${report.decision_lattice.selected_path.id} f=${report.decision_lattice.selected_path.cost?.f ?? 'n/a'} frontier=${report.decision_lattice.frontier?.expanded_order?.length || 0} rejected=${report.decision_lattice.rejected_alternatives?.length || 0}`);
+  }
   console.log(`Verification: ${report.fast_lane_decision.verification.join('; ')}`);
   console.log(`Report: ${path.relative(root, report.report_path)}`);
 }

package/src/core/codex-app.mjs

@@ -401,7 +401,6 @@ async function codexFastModeConfigStatus(opts = {}) {
     if (!config.text) continue;
     const topLevel = topLevelToml(config.text);
     if (/(^|\n)\s*model_reasoning_effort\s*=/.test(topLevel)) blockers.push(`${config.scope}:top_level_model_reasoning_effort`);
-    if (/(^|\n)\s*model_provider\s*=\s*"codex-lb"\s*(?:#.*)?(?=\n|$)/.test(topLevel)) blockers.push(`${config.scope}:top_level_codex_lb_provider`);
     if (/(^|\n)\s*fast_default_opt_out\s*=\s*true\s*(?:#.*)?(?=\n|$)/.test(tomlTable(config.text, 'notice'))) blockers.push(`${config.scope}:fast_default_opt_out`);
   }
   const merged = configs.map((config) => config.text).join('\n');

package/src/core/decision-lattice.mjs

@@ -0,0 +1,481 @@
+export const DECISION_LATTICE_SCHEMA_VERSION = 1;
+
+export const DEFAULT_LATTICE_WEIGHTS = Object.freeze({
+  step: 1,
+  proof_debt: 3,
+  risk: 1,
+  friction: 1,
+  info_gain: 1
+});
+
+const AXES = Object.freeze(['contract', 'context', 'implementation', 'verification', 'review']);
+
+const DEFAULT_START = Object.freeze({
+  contract: 0,
+  context: 0,
+  implementation: 0,
+  verification: 0,
+  review: 0
+});
+
+const DEFAULT_GOAL = Object.freeze({
+  contract: 2,
+  context: 2,
+  implementation: 2,
+  verification: 2,
+  review: 1
+});
+
+const DEFAULT_ACTIONS = Object.freeze([
+  {
+    id: 'seal_contract',
+    label: 'Seal decision contract',
+    delta: { contract: 2 },
+    risk: 0.05,
+    friction: 0.25,
+    info_gain: 0.9,
+    notes: ['Removes ambiguity before route selection.']
+  },
+  {
+    id: 'read_triwiki',
+    label: 'Read bounded TriWiki context',
+    delta: { context: 1 },
+    risk: 0.05,
+    friction: 0.2,
+    info_gain: 0.7,
+    notes: ['Uses compact high-trust recall before editing.']
+  },
+  {
+    id: 'proof_field_scan',
+    label: 'Run proof-field scan',
+    delta: { context: 2, verification: 1 },
+    risk: 0.1,
+    friction: 0.35,
+    info_gain: 0.95,
+    notes: ['Scores route surface and escalation triggers.']
+  },
+  {
+    id: 'minimal_patch',
+    label: 'Implement smallest scoped change',
+    delta: { implementation: 2 },
+    risk: 0.35,
+    friction: 0.35,
+    info_gain: 0.4,
+    notes: ['Touches only the selected proof cone.']
+  },
+  {
+    id: 'focused_verification',
+    label: 'Run focused verification',
+    delta: { verification: 1 },
+    risk: 0.12,
+    friction: 0.45,
+    info_gain: 0.85,
+    notes: ['Checks syntax and behavior for the changed module.']
+  },
+  {
+    id: 'five_lane_review',
+    label: 'Collect five-lane Team review',
+    delta: { review: 1 },
+    risk: 0.2,
+    friction: 1.1,
+    info_gain: 1,
+    notes: ['Satisfies Team review gate for broad missions.']
+  },
+  {
+    id: 'honest_mode',
+    label: 'Run Honest Mode closeout',
+    delta: { verification: 1 },
+    risk: 0.05,
+    friction: 0.2,
+    info_gain: 0.65,
+    notes: ['Binds final claims to evidence and gaps.']
+  }
+]);
+
+const DEFAULT_ROUTE_PATHS = Object.freeze([
+  {
+    id: 'proof_field_fast_lane',
+    label: 'Proof Field Fast Lane',
+    action_ids: ['seal_contract', 'read_triwiki', 'proof_field_scan', 'minimal_patch', 'focused_verification', 'honest_mode'],
+    notes: ['Lowest friction when scope is narrow and risk flags stay low.']
+  },
+  {
+    id: 'balanced_team_lane',
+    label: 'Balanced Team Lane',
+    action_ids: ['seal_contract', 'read_triwiki', 'proof_field_scan', 'minimal_patch', 'focused_verification', 'five_lane_review', 'honest_mode'],
+    notes: ['Adds review evidence while preserving a compact change surface.']
+  },
+  {
+    id: 'full_team_honest_path',
+    label: 'Full Team Honest Path',
+    action_ids: ['seal_contract', 'read_triwiki', 'proof_field_scan', 'five_lane_review', 'minimal_patch', 'focused_verification', 'five_lane_review', 'honest_mode'],
+    notes: ['Heaviest default for broad or release-sensitive missions.']
+  }
+]);
+
+export function buildDecisionLatticeReport(input = {}) {
+  const weights = normalizeWeights(input.weights);
+  const start = normalizeState(input.start_state || input.start || DEFAULT_START);
+  const goal = normalizeState(input.goal_state || input.target_state || input.target || inferredGoal(input));
+  const actions = normalizeActions(input.actions || DEFAULT_ACTIONS);
+  const routePaths = normalizeRoutePaths(input.route_paths || input.candidate_route_paths || DEFAULT_ROUTE_PATHS, actions);
+  const grid = buildConceptualGrid(start, goal, actions);
+  const search = runAStar({ start, goal, actions, weights });
+  const routeCandidates = routePaths.map((routePath, index) => evaluateRoutePath(routePath, index, { start, goal, actions, weights }));
+  const candidates = routeCandidates.concat([{ ...search.selected_path, rank_hint: routeCandidates.length }]).sort(compareCandidates);
+  const selected = selectPath(candidates, search.selected_path);
+  const rejected = candidates
+    .filter((candidate) => candidate.id !== selected.id)
+    .map((candidate) => ({
+      id: candidate.id,
+      label: candidate.label,
+      f: candidate.cost.f,
+      delta_from_selected: round(candidate.cost.f - selected.cost.f),
+      rejection_reasons: rejectionReasons(candidate, selected)
+    }));
+  const report = {
+    schema_version: DECISION_LATTICE_SCHEMA_VERSION,
+    report_only: true,
+    deterministic: true,
+    module: 'decision-lattice',
+    scoring_formula: String(input.scoring_formula || 'f = g + h + risk + friction - info_gain'),
+    research_basis: {
+      model: 'Decision Lattice A* planner',
+      scoring_formula: 'f = g + h + risk + friction - info_gain',
+      proof_debt_heuristic: 'h is weighted remaining lattice debt across contract, context, implementation, verification, and review axes.'
+    },
+    input_summary: {
+      intent: String(input.intent || input.goal || '').trim() || null,
+      weights,
+      start_state: start,
+      goal_state: goal,
+      action_count: actions.length,
+      route_path_count: routePaths.length
+    },
+    heuristic: {
+      id: 'proof_debt',
+      h_start: proofDebt(start, goal, weights),
+      axes: AXES.map((axis) => ({
+        axis,
+        start: start[axis],
+        goal: goal[axis],
+        debt: debtForAxis(start, goal, axis),
+        weighted_debt: round(debtForAxis(start, goal, axis) * weights.proof_debt)
+      }))
+    },
+    conceptual_grid: grid,
+    frontier: search.frontier,
+    candidate_paths: candidates,
+    selected_path: selected,
+    rejected_alternatives: rejected,
+    validation: null
+  };
+  report.validation = validateDecisionLatticeReport(report);
+  return report;
+}
+
+function inferredGoal(input = {}) {
+  const goal = { ...DEFAULT_GOAL };
+  if (input.execution_lane?.fast_lane_allowed === true && !(input.team_trigger_matrix?.active_triggers || []).length) {
+    goal.review = 0;
+  }
+  return goal;
+}
+
+export function validateDecisionLatticeReport(report = {}) {
+  const issues = [];
+  if (report.schema_version !== DECISION_LATTICE_SCHEMA_VERSION) issues.push('schema_version');
+  if (report.report_only !== true) issues.push('report_only');
+  if (report.deterministic !== true) issues.push('deterministic');
+  if (report.research_basis?.scoring_formula !== 'f = g + h + risk + friction - info_gain') issues.push('scoring_formula');
+  if (!Array.isArray(report.heuristic?.axes) || report.heuristic.axes.length !== AXES.length) issues.push('heuristic_axes');
+  if (!Number.isFinite(Number(report.heuristic?.h_start))) issues.push('heuristic_h_start');
+  if (!Array.isArray(report.conceptual_grid?.cells) || report.conceptual_grid.cells.length < 1) issues.push('conceptual_grid');
+  if (!Array.isArray(report.frontier?.expanded_order) || report.frontier.expanded_order.length < 1) issues.push('frontier_expanded_order');
+  if (!Array.isArray(report.candidate_paths) || report.candidate_paths.length < 1) issues.push('candidate_paths');
+  if (!report.selected_path?.id || !Array.isArray(report.selected_path?.steps)) issues.push('selected_path');
+  if (!Array.isArray(report.rejected_alternatives)) issues.push('rejected_alternatives');
+  if (report.candidate_paths?.some((candidate) => !Number.isFinite(Number(candidate?.cost?.f)))) issues.push('candidate_costs');
+  if (report.selected_path?.cost?.f !== Math.min(...(report.candidate_paths || []).map((candidate) => candidate.cost.f))) issues.push('selected_path_not_min_f');
+  return { ok: issues.length === 0, issues };
+}
+
+function normalizeWeights(input = {}) {
+  return {
+    step: positiveNumber(input.step, DEFAULT_LATTICE_WEIGHTS.step),
+    proof_debt: positiveNumber(input.proof_debt, DEFAULT_LATTICE_WEIGHTS.proof_debt),
+    risk: positiveNumber(input.risk, DEFAULT_LATTICE_WEIGHTS.risk),
+    friction: positiveNumber(input.friction, DEFAULT_LATTICE_WEIGHTS.friction),
+    info_gain: positiveNumber(input.info_gain, DEFAULT_LATTICE_WEIGHTS.info_gain)
+  };
+}
+
+function normalizeState(input = {}) {
+  const state = {};
+  for (const axis of AXES) state[axis] = clampInt(input[axis], 0, 3);
+  return state;
+}
+
+function normalizeActions(input = []) {
+  return input
+    .map((action, index) => ({
+      id: safeId(action.id || `action_${index + 1}`),
+      label: String(action.label || action.id || `Action ${index + 1}`),
+      delta: normalizeDelta(action.delta || {}),
+      risk: nonNegativeNumber(action.risk, 0),
+      friction: nonNegativeNumber(action.friction, 0),
+      info_gain: nonNegativeNumber(action.info_gain, 0),
+      notes: arrayOfStrings(action.notes)
+    }))
+    .filter((action) => AXES.some((axis) => action.delta[axis] > 0))
+    .sort(compareById);
+}
+
+function normalizeRoutePaths(input = [], actions = []) {
+  const actionIds = new Set(actions.map((action) => action.id));
+  return input
+    .map((routePath, index) => ({
+      id: safeId(routePath.id || `route_path_${index + 1}`),
+      label: String(routePath.label || routePath.id || `Route Path ${index + 1}`),
+      action_ids: arrayOfStrings(routePath.action_ids || routePath.actions).map(safeId).filter((id) => actionIds.has(id)),
+      notes: arrayOfStrings(routePath.notes)
+    }))
+    .filter((routePath) => routePath.action_ids.length > 0)
+    .sort(compareById);
+}
+
+function normalizeDelta(delta = {}) {
+  const out = {};
+  for (const axis of AXES) out[axis] = clampInt(delta[axis], 0, 3);
+  return out;
+}
+
+function runAStar({ start, goal, actions, weights }) {
+  const open = [nodeForState(start, { g: 0, h: proofDebt(start, goal, weights), risk: 0, friction: 0, info_gain: 0, steps: [] })];
+  const best = new Map([[stateKey(start), 0]]);
+  const closed = [];
+  const snapshots = [];
+  let selected = open[0];
+
+  while (open.length > 0 && closed.length < 64) {
+    open.sort(compareNodes);
+    const current = open.shift();
+    closed.push(current);
+    snapshots.push({ step: closed.length, current: current.key, f: current.f, open: open.map((node) => node.key).sort() });
+    if (isGoal(current.state, goal)) {
+      selected = current;
+      break;
+    }
+    for (const action of actions) {
+      const nextState = applyAction(current.state, action, goal);
+      const key = stateKey(nextState);
+      const g = round(current.g + weights.step);
+      if (best.has(key) && best.get(key) <= g) continue;
+      best.set(key, g);
+      const risk = round(current.risk + action.risk * weights.risk);
+      const friction = round(current.friction + action.friction * weights.friction);
+      const infoGain = round(current.info_gain + action.info_gain * weights.info_gain);
+      const h = proofDebt(nextState, goal, weights);
+      open.push(nodeForState(nextState, {
+        g,
+        h,
+        risk,
+        friction,
+        info_gain: infoGain,
+        steps: current.steps.concat([stepFromAction(action, nextState)])
+      }));
+    }
+  }
+
+  return {
+    selected_path: pathFromNode('astar_frontier_path', 'A* Frontier Path', selected),
+    frontier: {
+      expanded_order: closed.map((node, index) => ({ index, key: node.key, f: node.f, h: node.h, steps: node.steps.map((step) => step.id) })),
+      open_nodes: open.sort(compareNodes).slice(0, 12).map((node) => ({ key: node.key, f: node.f, h: node.h })),
+      closed_nodes: closed.map((node) => node.key),
+      snapshots
+    }
+  };
+}
+
+function evaluateRoutePath(routePath, index, { start, goal, actions, weights }) {
+  const actionById = new Map(actions.map((action) => [action.id, action]));
+  let state = { ...start };
+  let g = 0;
+  let risk = 0;
+  let friction = 0;
+  let infoGain = 0;
+  const steps = [];
+  for (const id of routePath.action_ids) {
+    const action = actionById.get(id);
+    if (!action) continue;
+    g = round(g + weights.step);
+    risk = round(risk + action.risk * weights.risk);
+    friction = round(friction + action.friction * weights.friction);
+    infoGain = round(infoGain + action.info_gain * weights.info_gain);
+    state = applyAction(state, action, goal);
+    steps.push(stepFromAction(action, state));
+  }
+  const h = proofDebt(state, goal, weights);
+  const f = round(g + h + risk + friction - infoGain);
+  return {
+    id: routePath.id,
+    label: routePath.label,
+    rank_hint: index,
+    route: routePath.action_ids,
+    steps,
+    final_state: state,
+    proof_debt: h,
+    complete: isGoal(state, goal),
+    cost: { g, h, risk, friction, info_gain: infoGain, f },
+    notes: routePath.notes
+  };
+}
+
+function selectPath(candidates, astarPath) {
+  const complete = candidates.filter((candidate) => candidate.complete);
+  const pool = complete.length ? complete : candidates;
+  const selected = pool.slice().sort(compareCandidates)[0] || astarPath;
+  return selected.cost.f <= astarPath.cost.f ? selected : astarPath;
+}
+
+function pathFromNode(id, label, node) {
+  return {
+    id,
+    label,
+    route: node.steps.map((step) => step.id),
+    steps: node.steps,
+    final_state: node.state,
+    proof_debt: node.h,
+    complete: node.h === 0,
+    cost: {
+      g: node.g,
+      h: node.h,
+      risk: node.risk,
+      friction: node.friction,
+      info_gain: node.info_gain,
+      f: node.f
+    },
+    notes: ['Generated by A* frontier expansion over the conceptual lattice.']
+  };
+}
+
+function nodeForState(state, input) {
+  const f = round(input.g + input.h + input.risk + input.friction - input.info_gain);
+  return { ...input, state, key: stateKey(state), f };
+}
+
+function applyAction(state, action, goal) {
+  const next = {};
+  for (const axis of AXES) next[axis] = Math.min(goal[axis], state[axis] + action.delta[axis]);
+  return next;
+}
+
+function proofDebt(state, goal, weights) {
+  return round(AXES.reduce((sum, axis) => sum + debtForAxis(state, goal, axis), 0) * weights.proof_debt);
+}
+
+function debtForAxis(state, goal, axis) {
+  return Math.max(0, Number(goal[axis] || 0) - Number(state[axis] || 0));
+}
+
+function buildConceptualGrid(start, goal, actions) {
+  return {
+    axes: AXES.map((axis) => ({ axis, start: start[axis], goal: goal[axis], span: Math.max(0, goal[axis] - start[axis]) })),
+    cells: AXES.map((axis) => ({
+      id: `axis_${axis}`,
+      axis,
+      start: start[axis],
+      goal: goal[axis],
+      candidate_actions: actions.filter((action) => action.delta[axis] > 0).map((action) => action.id)
+    })),
+    legend: {
+      g: 'path steps already paid',
+      h: 'remaining proof debt',
+      risk: 'expected safety and integration exposure',
+      friction: 'coordination and verification drag',
+      info_gain: 'uncertainty removed by the step'
+    }
+  };
+}
+
+function rejectionReasons(candidate, selected) {
+  const reasons = [];
+  if (!candidate.complete) reasons.push('remaining_proof_debt');
+  if (candidate.cost.risk > selected.cost.risk) reasons.push('higher_risk');
+  if (candidate.cost.friction > selected.cost.friction) reasons.push('higher_friction');
+  if (candidate.cost.info_gain < selected.cost.info_gain) reasons.push('lower_info_gain');
+  if (candidate.cost.f > selected.cost.f) reasons.push('higher_total_f');
+  return reasons.length ? reasons : ['tie_broken_by_deterministic_order'];
+}
+
+function compareCandidates(a, b) {
+  return (a.cost.f - b.cost.f)
+    || (a.cost.h - b.cost.h)
+    || (a.cost.risk - b.cost.risk)
+    || (a.cost.friction - b.cost.friction)
+    || (b.cost.info_gain - a.cost.info_gain)
+    || a.id.localeCompare(b.id);
+}
+
+function compareNodes(a, b) {
+  return (a.f - b.f)
+    || (a.h - b.h)
+    || (a.risk - b.risk)
+    || (a.friction - b.friction)
+    || (b.info_gain - a.info_gain)
+    || a.key.localeCompare(b.key);
+}
+
+function compareById(a, b) {
+  return a.id.localeCompare(b.id);
+}
+
+function stateKey(state) {
+  return AXES.map((axis) => `${axis}:${state[axis]}`).join('|');
+}
+
+function isGoal(state, goal) {
+  return AXES.every((axis) => state[axis] >= goal[axis]);
+}
+
+function stepFromAction(action, state) {
+  return {
+    id: action.id,
+    label: action.label,
+    state_after: state,
+    risk: action.risk,
+    friction: action.friction,
+    info_gain: action.info_gain,
+    notes: action.notes
+  };
+}
+
+function arrayOfStrings(value) {
+  if (!Array.isArray(value)) return [];
+  return value.map((item) => String(item || '').trim()).filter(Boolean);
+}
+
+function safeId(value) {
+  return String(value || 'item').trim().toLowerCase().replace(/[^a-z0-9_./-]+/g, '_').replace(/^_+|_+$/g, '') || 'item';
+}
+
+function clampInt(value, min, max) {
+  const number = Number(value);
+  if (!Number.isFinite(number)) return min;
+  return Math.max(min, Math.min(max, Math.floor(number)));
+}
+
+function positiveNumber(value, fallback) {
+  const number = Number(value);
+  return Number.isFinite(number) && number > 0 ? number : fallback;
+}
+
+function nonNegativeNumber(value, fallback) {
+  const number = Number(value);
+  return Number.isFinite(number) && number >= 0 ? number : fallback;
+}
+
+function round(value) {
+  return Math.round(Number(value || 0) * 1000) / 1000;
+}

package/src/core/fsx.mjs

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 
-export const PACKAGE_VERSION = '0.8.5';
+export const PACKAGE_VERSION = '0.9.0';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
 

package/src/core/init.mjs

@@ -48,7 +48,7 @@ export function hasTopLevelCodexModeLock(text = '') {
   const firstTable = lines.findIndex((x) => /^\s*\[.+\]\s*$/.test(x));
   const top = (firstTable === -1 ? lines : lines.slice(0, firstTable)).join('\n');
   const model = top.match(/^model\s*=\s*"([^"]+)"/m)?.[1];
-  return (Boolean(model) && model !== 'gpt-5.5') || /^model_reasoning_effort\s*=/m.test(top) || /^model_provider\s*=\s*"codex-lb"/m.test(top);
+  return (Boolean(model) && model !== 'gpt-5.5') || /^model_reasoning_effort\s*=/m.test(top);
 }
 
 export function hasDeprecatedCodexHooksFeatureFlag(text = '') {
@@ -502,7 +502,6 @@ function installPolicy(scope, commandPrefix) {
 
 function mergeManagedCodexConfigToml(existingContent = '') {
   let next = removeLegacyTopLevelCodexModeLocks(String(existingContent || '').trimEnd());
-  next = removeTopLevelTomlKeyIfValue(next, 'model_provider', 'codex-lb');
   next = removeTomlTableKey(next, 'notice', 'fast_default_opt_out');
   next = removeTomlTableKey(next, 'features', 'codex_hooks');
   next = upsertTopLevelTomlString(next, 'model', 'gpt-5.5');
@@ -548,14 +547,14 @@ async function mergeGlobalCodexConfigIfAvailable(configText = '', configPath = '
   let next = mergeGlobalMcpServers(configText, globalConfig);
   next = mergeGlobalCodexAppRuntimeTables(next, globalConfig);
   if (selectedRe.test(next) && /\[model_providers\.codex-lb\]/.test(next)) {
-    return `${removeTopLevelTomlKeyIfValue(next, 'model_provider', 'codex-lb').trim()}\n`;
+    return `${next.trim()}\n`;
   }
   const envPath = path.join(home, '.codex', 'sks-codex-lb.env');
   if (!(await exists(envPath))) return next;
   const envText = await readText(envPath, '');
   const baseUrl = globalConfig.match(/(^|\n)\[model_providers\.codex-lb\][\s\S]*?\n\s*base_url\s*=\s*"([^"]+)"/)?.[2] || parseCodexLbEnvBaseUrl(envText);
-  if (!parseCodexLbEnvKey(envText) || !baseUrl || (!selectedRe.test(globalConfig) && !parseCodexLbEnvBaseUrl(envText))) return next;
-  next = removeTopLevelTomlKeyIfValue(next, 'model_provider', 'codex-lb');
+  if (!parseCodexLbEnvKey(envText) || !baseUrl) return next;
+  next = upsertTopLevelTomlString(next, 'model_provider', 'codex-lb');
   next = upsertTomlTable(next, 'model_providers.codex-lb', `[model_providers.codex-lb]\nname = "OpenAI"\nbase_url = "${baseUrl}"\nwire_api = "responses"\nenv_key = "CODEX_LB_API_KEY"\nsupports_websockets = true\nrequires_openai_auth = true`);
   return `${next.trim()}\n`;
 }
@@ -916,7 +915,7 @@ export async function installSkills(root) {
     'team': `---\nname: team\ndescription: SKS Team orchestration for $Team/code work; $From-Chat-IMG is the explicit chat-image alias.\n---\n\nUse for $Team/code work. Auto-seal the route contract from prompt, TriWiki/current-code defaults, and conservative policy; do not surface a prequestion sheet. Read pipeline-plan.json or run sks pipeline plan to see the runtime lane, kept/skipped stages, and verification before implementation. Write team-roster.json; team-gate.json needs team_roster_confirmed=true. executor:N means N scouts, N debate voices, then fresh N executors. ${MIN_TEAM_REVIEW_POLICY_TEXT} After consensus, compile team-graph.json, team-runtime-tasks.json, team-decomposition-report.json, and team-inbox/ so worker handoff uses concrete runtime task ids with role/path/domain/lane hints. Refresh/validate TriWiki before debate, implementation, review, and final; consume attention.use_first and hydrate attention.hydrate_first before risky decisions. ${outcomeRubricPolicyText()} ${speedLanePolicyText()} ${solutionScoutPolicyText('fix this broken behavior')} ${skillDreamPolicyText()} Log events and use sks team message for bounded inter-agent communication in transcript/lane panes. Color-coded tmux lanes distinguish overview/scout/planning/execution/review/safety sessions in one tmux window using split panes when tmux is available. $Team/$team plus sks --mad uses the MAD-SKS permission gate module: live server work, normal DB writes, Supabase MCP writes, direct SQL, schema cleanup, and needed migrations are open for the active invocation; only catastrophic DB wipe/all-row/project-management guards remain. End with cleanup-tmux or a cleanup event so follow panes show cleanup and stop; pass team-session-cleanup.json, then reflection and Honest Mode. Parent integrates/verifies.\n\n${chatCaptureIntakeText()}\n`,
     'from-chat-img': `---\nname: from-chat-img\ndescription: Explicit $From-Chat-IMG Team alias for chat screenshot plus attachment analysis.\n---\n\nUse only for From-Chat-IMG/$From-Chat-IMG. It enters the normal Team pipeline. Treat uploads as chat screenshot plus originals. Use Codex Computer Use visual inspection when available, list requirements first, match regions to attachments with confidence, write ${FROM_CHAT_IMG_COVERAGE_ARTIFACT}, ${FROM_CHAT_IMG_CHECKLIST_ARTIFACT}, ${FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT}, and ${FROM_CHAT_IMG_QA_LOOP_ARTIFACT}, then continue Team gates, review, reflection, and Honest Mode. ${CODEX_COMPUTER_USE_ONLY_POLICY} The ledger must account for every visible customer request, screenshot image region, and separate attachment; ${FROM_CHAT_IMG_CHECKLIST_ARTIFACT} must have a checked item for each request, image-region/attachment match, work item, scoped QA-LOOP, and verification step; ${FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT} stores temporary TriWiki-backed session context with expires_after_sessions=${FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS}. ${FROM_CHAT_IMG_QA_LOOP_ARTIFACT} must prove QA-LOOP ran over the exact customer-request work-order range after implementation, with every work item covered, post-fix verification complete, and zero unresolved findings. team-gate.json cannot pass From-Chat-IMG completion until unresolved_items is empty, every checklist box is checked, and scoped_qa_loop_completed=true.\n`,
     'qa-loop': `---\nname: qa-loop\ndescription: $QA-LOOP dogfoods UI/API as human proxy with safety gates, Codex Computer Use-only UI evidence, safe fixes, rechecks, and a QA report.\n---\n\nUse only $QA-LOOP. Infer scope, target, mutation policy, and login boundary from the prompt plus TriWiki/current-code defaults; do not surface a prequestion sheet. Credentials are runtime-only; never save secrets. UI-level E2E needs official Codex Computer Use evidence or must be marked unverified; Chrome MCP, Browser Use, Playwright, Selenium, Puppeteer, and other browser automation do not satisfy UI/browser verification. Deployed targets are read-only; destructive removal is forbidden. After answer/run, dogfood real flows, apply safe contract-allowed code/test/docs fixes, recheck, and do not pass qa-gate.json with unresolved findings or without post_fix_verification_complete. Finish qa-ledger, date/version report, gate, completion summary, and Honest Mode.\n`,
-    'ppt': `---\nname: ppt\ndescription: $PPT information-first HTML/PDF presentation pipeline with inferred STP, audience, pain-point, format, research, design-system, and verification contract.\n---\n\nUse only when the user invokes $PPT or asks to create a presentation, deck, slides, pitch deck, proposal deck, HTML presentation, or PDF presentation artifact. Before artifact work, auto-seal presentation-specific answers from prompt, TriWiki/current-code defaults, and conservative policy: delivery context, target audience profile including role/average age/job/industry/topic familiarity/decision power, STP strategy, decision context and objections, and 3+ pain-point to solution mappings with expected aha moments. Do not surface a prequestion sheet. Presentation design must be simple, restrained, and information-first: avoid over-designed decoration, ornamental gradients, nested cards, and effects that compete with the message. Design detail should be embedded through typography hierarchy, spacing, alignment, thin rules, source clarity, and subtle accents. ${pptPipelineAllowlistPolicyText()} Use design.md as the only design decision SSOT. If design.md is missing, use docs/Design-Sys-Prompt.md plus getdesign-reference and curated DESIGN.md examples from ${AWESOME_DESIGN_MD_REFERENCE.url} only as source inputs, then fuse them into route-local PPT style tokens with a recorded design_ssot instead of treating references as parallel authorities. If generated image assets or slide visual critique are needed, use Codex App $imagegen/gpt-image-2 only when that asset/review need is explicitly sealed in the $PPT contract; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY} Use web or Context7 evidence only when external facts/libraries/current docs are required by the PPT contract, record verified claims in ppt-fact-ledger.json, record generated image asset plans/results/blockers in ppt-image-asset-ledger.json, then create the PDF plus editable source HTML under source-html/, keep independent strategy/render/file-write phases parallel where inputs allow, record ppt-parallel-report.json, run the bounded ppt-review-policy/ppt-review-ledger/ppt-iteration-report loop, and verify readability, overlap, format fit, source coverage, export state, unsupported-claim status, image-asset completion, review-loop termination, and temporary build files cleanup. Finish with reflection and Honest Mode.\n`,
+    'ppt': `---\nname: ppt\ndescription: $PPT information-first HTML/PDF presentation pipeline with inferred STP, audience, pain-point, format, research, design-system, and verification contract.\n---\n\nUse only when the user invokes $PPT or asks to create a presentation, deck, slides, pitch deck, proposal deck, HTML presentation, or PDF presentation artifact. Before artifact work, auto-seal presentation-specific answers from prompt, TriWiki/current-code defaults, and conservative policy: delivery context, target audience profile including role/average age/job/industry/topic familiarity/decision power, STP strategy, decision context and objections, and 3+ pain-point to solution mappings with expected aha moments. Do not surface a prequestion sheet. Presentation design must be simple, restrained, and information-first: avoid over-designed decoration, ornamental gradients, nested cards, and effects that compete with the message. Design detail should be embedded through typography hierarchy, spacing, alignment, thin rules, source clarity, and subtle accents. ${pptPipelineAllowlistPolicyText()} Use design.md as the only design decision SSOT. If design.md is missing, use docs/Design-Sys-Prompt.md plus getdesign-reference and curated DESIGN.md examples from ${AWESOME_DESIGN_MD_REFERENCE.url} only as source inputs, then fuse them into route-local PPT style tokens with a recorded design_ssot instead of treating references as parallel authorities. The $PPT route always loads imagegen as a required skill. When the sealed contract needs a generated raster asset or generated slide visual critique, immediately invoke Codex App \`$imagegen\` with gpt-image-2, move/copy the selected output into the mission assets or review evidence path, and record the real file path in ppt-image-asset-ledger.json or ppt-review-ledger.json before building or passing the gate. Direct API fallback, placeholder files, HTML/CSS stand-ins, and prose-only substitutes do not satisfy the route gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY} Use web or Context7 evidence only when external facts/libraries/current docs are required by the PPT contract, record verified claims in ppt-fact-ledger.json, record generated image asset plans/results/blockers in ppt-image-asset-ledger.json, then create the PDF plus editable source HTML under source-html/, keep independent strategy/render/file-write phases parallel where inputs allow, record ppt-parallel-report.json, run the bounded ppt-review-policy/ppt-review-ledger/ppt-iteration-report loop, and verify readability, overlap, format fit, source coverage, export state, unsupported-claim status, image-asset completion, review-loop termination, and temporary build files cleanup. Finish with reflection and Honest Mode.\n`,
     'computer-use-fast': `---\nname: computer-use-fast\ndescription: Alias for the maximum-speed $Computer-Use/$CU Codex Computer Use lane.\n---\n\nUse the same rules as computer-use: skip Team debate, QA-LOOP clarification, upfront TriWiki refresh, Context7, subagents, and reflection unless explicitly requested. Use Codex Computer Use directly; never substitute Playwright, Chrome MCP, Browser Use, Selenium, Puppeteer, or other browser automation for UI/browser evidence. At the end only, refresh/pack TriWiki, validate it, then provide a concise completion summary plus Honest Mode.\n`,
     'cu': `---\nname: cu\ndescription: Short alias for the maximum-speed $Computer-Use Codex Computer Use lane.\n---\n\nUse the same rules as computer-use. This is a speed lane for focused UI/browser/visual tasks that require Codex Computer Use evidence, with TriWiki refresh/validate and Honest Mode deferred to final closeout.\n`,
     'goal': `---\nname: goal\ndescription: Fast $Goal/$goal bridge overlay for Codex native persisted /goal workflows.\n---\n\nUse when the user invokes $Goal/$goal or asks to persist a workflow with Codex native /goal continuation. Prepare with sks goal create or the $Goal route, write only the lightweight bridge artifacts, then use native Codex /goal create, pause, resume, and clear controls where available. Goal does not replace Team, QA, DB, or other SKS execution routes; continue implementation through the selected route and use Context7 only when external API/library docs are involved. Do not recreate the old no-question loop.\n`,

package/src/core/perf-bench.mjs

@@ -110,6 +110,11 @@ export async function runWorkflowPerfBench(root, opts = {}) {
       workflow_complexity_band: proofField?.workflow_complexity?.band || null,
       team_trigger_count: proofField?.team_trigger_matrix?.active_triggers?.length || 0,
       verification_stage_cache_key: proofField?.verification_stage_cache?.cache_key || null,
+      decision_lattice_selected_path: proofField?.decision_lattice?.selected_path?.id || null,
+      decision_lattice_frontier_count: proofField?.decision_lattice?.frontier?.expanded_order?.length || 0,
+      decision_lattice_rejected_alternative_count: proofField?.decision_lattice?.rejected_alternatives?.length || 0,
+      decision_lattice_scoring_formula: proofField?.decision_lattice?.scoring_formula || null,
+      decision_lattice_valid: Boolean(proofField?.decision_lattice?.report_only) && proofValidation.ok,
       outcome_criteria_passed: (proofField?.simplicity_scorecard?.criteria || []).filter((item) => item.passed).length,
       proof_field_valid: proofValidation.ok,
       pipeline_plan_valid: planValidation.ok
@@ -138,7 +143,19 @@ export function validateWorkflowPerfReport(report = {}) {
   if (!Number.isFinite(Number(report.metrics?.workflow_complexity_score))) issues.push('workflow_complexity_score');
   if (!report.metrics?.workflow_complexity_band) issues.push('workflow_complexity_band');
   if (!report.metrics?.verification_stage_cache_key) issues.push('verification_stage_cache_key');
+  if (!report.metrics?.decision_lattice_selected_path) issues.push('decision_lattice_selected_path');
+  if (!Number.isFinite(Number(report.metrics?.decision_lattice_frontier_count))) issues.push('decision_lattice_frontier_count');
+  if (!Number.isFinite(Number(report.metrics?.decision_lattice_rejected_alternative_count))) issues.push('decision_lattice_rejected_alternative_count');
+  if (!report.metrics?.decision_lattice_scoring_formula) issues.push('decision_lattice_scoring_formula');
+  if (report.metrics?.decision_lattice_valid !== true) issues.push('decision_lattice_valid');
   if (!report.proof_field || !validateProofFieldReport(report.proof_field).ok) issues.push('proof_field');
+  else {
+    const lattice = report.proof_field.decision_lattice;
+    if (report.metrics.decision_lattice_selected_path !== lattice?.selected_path?.id) issues.push('decision_lattice_selected_path_mismatch');
+    if (Number(report.metrics.decision_lattice_frontier_count) !== Number(lattice?.frontier?.expanded_order?.length || 0)) issues.push('decision_lattice_frontier_count_mismatch');
+    if (Number(report.metrics.decision_lattice_rejected_alternative_count) !== Number(lattice?.rejected_alternatives?.length || 0)) issues.push('decision_lattice_rejected_alternative_count_mismatch');
+    if (report.metrics.decision_lattice_scoring_formula !== lattice?.scoring_formula) issues.push('decision_lattice_scoring_formula_mismatch');
+  }
   if (!report.pipeline_plan || !validatePipelinePlan(report.pipeline_plan).ok) issues.push('pipeline_plan');
   if (!report.recommendation?.mode) issues.push('recommendation');
   return { ok: issues.length === 0, issues };

package/src/core/pipeline.mjs

@@ -135,11 +135,32 @@ export function validatePipelinePlan(plan = {}) {
   if (!Array.isArray(plan.stages) || !plan.stages.length) issues.push('stages');
   if (!Array.isArray(plan.verification) || !plan.verification.length) issues.push('verification');
   if (!plan.route_economy?.mode) issues.push('route_economy');
+  const routeEconomyLatticeIssues = validateRouteEconomyDecisionLattice(plan.route_economy, plan.proof_field);
+  if (routeEconomyLatticeIssues.length) issues.push(...routeEconomyLatticeIssues.map((issue) => `route_economy.decision_lattice:${issue}`));
   if (plan.no_unrequested_fallback_code !== true || !plan.invariants?.includes('no_unrequested_fallback_code')) issues.push('fallback_guard');
   if (!plan.next_actions?.length) issues.push('next_actions');
   return { ok: issues.length === 0, issues };
 }
 
+function validateRouteEconomyDecisionLattice(routeEconomy = {}, proof = {}) {
+  const lattice = routeEconomy.decision_lattice;
+  if (!lattice) return [];
+  const issues = [];
+  if (routeEconomy.report_only !== true || routeEconomy.mode !== 'report_only') issues.push('requires_report_only_route_economy');
+  if (lattice.report_only !== true) issues.push('report_only');
+  if (!lattice.selected_path) issues.push('selected_path');
+  if (!Number.isFinite(Number(lattice.selected_f_score))) issues.push('selected_f_score');
+  if (!Number.isFinite(Number(lattice.frontier_count)) || Number(lattice.frontier_count) < 1) issues.push('frontier_count');
+  if (!Number.isFinite(Number(lattice.rejected_alternatives_count))) issues.push('rejected_alternatives_count');
+  if (proof?.attached && proof.decision_lattice) {
+    const source = proof.decision_lattice;
+    if (lattice.selected_path !== source.selected_path?.id) issues.push('selected_path_mismatch');
+    if (Number(lattice.frontier_count) !== Number(source.frontier?.expanded_order?.length || 0)) issues.push('frontier_count_mismatch');
+    if (Number(lattice.rejected_alternatives_count) !== Number(source.rejected_alternatives?.length || 0)) issues.push('rejected_alternatives_count_mismatch');
+  }
+  return issues;
+}
+
 function normalizeAmbiguity(value = {}, route) {
   const required = value.required ?? !CLARIFICATION_BYPASS_ROUTES.has(route?.id);
   const slots = Number(value.slots || 0);
@@ -173,7 +194,8 @@ function normalizeProofField(report) {
     contract_clarity: report.contract_clarity || null,
     workflow_complexity: report.workflow_complexity || null,
     team_trigger_matrix: report.team_trigger_matrix || null,
-    verification_stage_cache: report.verification_stage_cache || null
+    verification_stage_cache: report.verification_stage_cache || null,
+    decision_lattice: report.decision_lattice || null
   };
 }
 
@@ -199,6 +221,13 @@ function routeEconomyPlan(proof = {}) {
     team_trigger_count: triggers.length,
     active_team_triggers: triggers,
     verification_stage_cache_key: proof.verification_stage_cache?.cache_key || null,
+    decision_lattice: proof.decision_lattice ? {
+      selected_path: proof.decision_lattice.selected_path?.id || null,
+      selected_f_score: proof.decision_lattice.selected_path?.cost?.f ?? null,
+      frontier_count: proof.decision_lattice.frontier?.expanded_order?.length || 0,
+      rejected_alternatives_count: proof.decision_lattice.rejected_alternatives?.length || 0,
+      report_only: proof.decision_lattice.report_only === true
+    } : null,
     deletion_policy: 'do_not_delete_or_skip_pipeline_stages_until_report_only_metrics_are_calibrated'
   };
 }
@@ -313,7 +342,7 @@ export function promptPipelineContext(prompt, route = null) {
   if (reflectionRequiredForRoute(route)) lines.push(reflectionInstructionText());
   if (route?.id === 'Team') lines.push(`Team route: scouts, TriWiki refresh, debate, consensus, runtime graph compile with concrete task ids and worker inboxes, close planning agents, fresh executors, minimum ${MIN_TEAM_REVIEWER_LANES}-lane review/integration, ${TEAM_SESSION_CLEANUP_ARTIFACT}, reflection, and Honest Mode. ${MIN_TEAM_REVIEW_POLICY_TEXT}`);
   if (route?.id === 'Goal') lines.push('Goal route: write SKS goal bridge artifacts, then use Codex native /goal persistence for create, pause, resume, and clear continuation controls.');
-  if (route?.id === 'PPT') lines.push(`PPT route: before design or PDF work, infer and seal delivery context, audience profile including average age/job/industry, STP strategy, decision context, and at least three pain-point to solution mappings from the prompt, TriWiki/current-code defaults, and conservative policy. Keep the visual system simple, restrained, and information-first; design detail should come from hierarchy, spacing, alignment, rules, and subtle accents rather than decorative overdesign. ${pptPipelineAllowlistPolicyText()} If generated image assets or slide visual critique are needed, required evidence must come from Codex App $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}); direct API fallback, placeholders, and prose-only substitutes do not satisfy the route gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY} Then build source ledger, fact ledger, image asset ledger, storyboard with aha moments, style tokens, editable source HTML under source-html/, PDF artifact, render QA, bounded review ledger/iteration report, PPT-only temporary build file cleanup, and ppt-parallel-report.json so independent strategy/render/file-write phases stay parallel-friendly, then reflection and Honest Mode.`);
+  if (route?.id === 'PPT') lines.push(`PPT route: before design or PDF work, infer and seal delivery context, audience profile including average age/job/industry, STP strategy, decision context, and at least three pain-point to solution mappings from the prompt, TriWiki/current-code defaults, and conservative policy. Keep the visual system simple, restrained, and information-first; design detail should come from hierarchy, spacing, alignment, rules, and subtle accents rather than decorative overdesign. ${pptPipelineAllowlistPolicyText()} If generated image assets or slide visual critique are needed, actively invoke the loaded imagegen skill through Codex App $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}), save the selected raster output into the mission assets/review evidence path, and record that real path before build/final. Direct API fallback, placeholders, HTML/CSS stand-ins, and prose-only substitutes do not satisfy the route gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY} Then build source ledger, fact ledger, image asset ledger, storyboard with aha moments, style tokens, editable source HTML under source-html/, PDF artifact, render QA, bounded review ledger/iteration report, PPT-only temporary build file cleanup, and ppt-parallel-report.json so independent strategy/render/file-write phases stay parallel-friendly, then reflection and Honest Mode.`);
   if (route?.id === 'ImageUXReview') lines.push(`Image UX Review route: ${imageUxReviewPipelinePolicyText()} Use ${IMAGE_UX_REVIEW_POLICY_ARTIFACT}, ${IMAGE_UX_REVIEW_SCREEN_INVENTORY_ARTIFACT}, ${IMAGE_UX_REVIEW_GENERATED_REVIEW_LEDGER_ARTIFACT}, ${IMAGE_UX_REVIEW_ISSUE_LEDGER_ARTIFACT}, ${IMAGE_UX_REVIEW_ITERATION_REPORT_ARTIFACT}, and ${IMAGE_UX_REVIEW_GATE_ARTIFACT} as the route evidence set. The route may suggest safe fixes only when the user requested fixing; otherwise report findings and blockers.`);
   if (route?.id === 'AutoResearch') lines.push('AutoResearch route: load autoresearch-loop plus seo-geo-optimizer when SEO/GEO, discoverability, README, npm, GitHub stars, ranking, or AI-search visibility is relevant.');
   if (route?.id === 'DB') lines.push('DB route: scan/check database risk first; destructive DB operations remain forbidden.');

package/src/core/ppt.mjs

@@ -1,7 +1,7 @@
 import path from 'node:path';
 import fsp from 'node:fs/promises';
 import { nowIso, readJson, sha256, writeJsonAtomic, writeTextAtomic } from './fsx.mjs';
-import { AWESOME_DESIGN_MD_REFERENCE, DESIGN_SYSTEM_SSOT, GETDESIGN_REFERENCE, PPT_CONDITIONAL_SKILL_ALLOWLIST, PPT_PIPELINE_MCP_ALLOWLIST, PPT_PIPELINE_SKILL_ALLOWLIST } from './routes.mjs';
+import { AWESOME_DESIGN_MD_REFERENCE, CODEX_APP_IMAGE_GENERATION_DOC_URL, CODEX_IMAGEGEN_EVIDENCE_SOURCE, DESIGN_SYSTEM_SSOT, GETDESIGN_REFERENCE, PPT_CONDITIONAL_SKILL_ALLOWLIST, PPT_PIPELINE_MCP_ALLOWLIST, PPT_PIPELINE_SKILL_ALLOWLIST } from './routes.mjs';
 
 export const PPT_AUDIENCE_STRATEGY_ARTIFACT = 'ppt-audience-strategy.json';
 export const PPT_GATE_ARTIFACT = 'ppt-gate.json';
@@ -482,18 +482,30 @@ export function planPptImageAssets(contract = {}, storyboard = buildPptStoryboar
     ].filter(Boolean);
   return selected.slice(0, maxAssets).map(({ request, page }, index) => {
     const id = compactId('ppt-image', `${index + 1}:${request || page?.claim || page?.kind}`);
+    const prompt = buildImageAssetPrompt({ contract, page, request, styleTokens });
+    const relPath = path.join(PPT_ASSET_DIR, `${safeFileSlug(id)}.png`);
     return {
       id,
       slide: page?.number || index + 1,
       role: index === 0 ? 'hero_visual' : 'supporting_visual',
       status: 'planned',
-      prompt: buildImageAssetPrompt({ contract, page, request, styleTokens }),
+      prompt,
       model: 'gpt-image-2',
       size: cleanText(contract.answers?.PRESENTATION_IMAGE_SIZE, '1536x1024'),
       quality: cleanText(contract.answers?.PRESENTATION_IMAGE_QUALITY, 'medium'),
       output_format: 'png',
-      rel_path: path.join(PPT_ASSET_DIR, `${safeFileSlug(id)}.png`),
-      html_src: `../${path.join(PPT_ASSET_DIR, `${safeFileSlug(id)}.png`)}`
+      rel_path: relPath,
+      html_src: `../${relPath}`,
+      imagegen_invocation: {
+        required_skill: 'imagegen',
+        command: '$imagegen',
+        surface: 'codex_app_builtin_image_generation',
+        evidence_source: CODEX_IMAGEGEN_EVIDENCE_SOURCE,
+        model: 'gpt-image-2',
+        tool_mode: 'built_in_image_gen',
+        prompt,
+        save_policy: `After generation, move or copy the selected output into ${relPath} and record output_path.`
+      }
     };
   });
 }
@@ -541,7 +553,16 @@ export async function buildPptImageAssetLedger(dir, contract = {}, storyboard =
     contract_hash: contract.sealed_hash || null,
     required,
     policy: 'Required PPT image resources must be generated through Codex App $imagegen/gpt-image-2 and recorded as real output files; direct API fallback, fabricated files, and placeholder ledgers do not satisfy this gate.',
-    codex_app_imagegen_doc: 'https://developers.openai.com/codex/app/features#image-generation',
+    codex_app_imagegen_doc: CODEX_APP_IMAGE_GENERATION_DOC_URL,
+    imagegen_execution: {
+      required_skill: 'imagegen',
+      command: '$imagegen',
+      surface: 'codex_app_builtin_image_generation',
+      evidence_source: CODEX_IMAGEGEN_EVIDENCE_SOURCE,
+      model: 'gpt-image-2',
+      tool_mode: 'built_in_image_gen',
+      output_requirement: 'Generated raster files must be copied into the mission assets/ directory and referenced by output_path.'
+    },
     provider: {
       model: 'gpt-image-2',
       surface: 'codex_app_$imagegen',
@@ -559,7 +580,7 @@ export async function buildPptImageAssetLedger(dir, contract = {}, storyboard =
       required
         ? 'The sealed PPT contract requires generated image assets; missing Codex App $imagegen/gpt-image-2 output blocks the PPT gate.'
         : 'No generated image asset requirement was detected; assets remain optional and are not generated to avoid unrequested API cost.',
-      'Run Codex App $imagegen/gpt-image-2 for each blocked asset, place the generated raster under assets/, then rerun the PPT build so existing generated files are verified.'
+      'Invoke the loaded imagegen skill with Codex App $imagegen/gpt-image-2 for each blocked asset, place the generated raster under assets/, then rerun the PPT build so existing generated files are verified.'
     ]
   };
 }
@@ -592,8 +613,12 @@ export function buildPptReviewPolicy(contract = {}, storyboard = buildPptStorybo
     },
     visual_review: {
       model: 'gpt-image-2',
+      required_skill: 'imagegen',
+      command: '$imagegen',
+      surface: 'codex_app_builtin_image_generation',
+      evidence_source: CODEX_IMAGEGEN_EVIDENCE_SOURCE,
       persona: '대한민국 TOSS UI/UX 시니어 총괄 디자이너',
-      codex_app_imagegen_doc: 'https://developers.openai.com/codex/app/features#image-generation',
+      codex_app_imagegen_doc: CODEX_APP_IMAGE_GENERATION_DOC_URL,
       model_doc: 'https://developers.openai.com/api/docs/models/gpt-image-2',
       mode: explicitlyRequired ? 'required_by_contract' : 'codex_app_when_available',
       required_for_gate: explicitlyRequired,
@@ -685,7 +710,7 @@ export function buildPptReviewLedger({ contract = {}, storyboard, styleTokens, f
       title: 'Required gpt-image-2 visual review evidence missing',
       detail: 'The sealed PPT contract explicitly requested image/gpt-image-2 visual critique, but no Codex App imagegen review evidence was supplied.',
       source: 'codex_app_imagegen_gate',
-      action: 'Run the bounded gpt-image-2 slide review loop in Codex App and record evidence paths before final output.'
+      action: 'Invoke the loaded imagegen skill through Codex App $imagegen/gpt-image-2, run the bounded slide review loop, and record evidence paths before final output.'
     }));
   }
   const blocking = issues.filter((issue) => ['P0', 'P1'].includes(issue.severity));

package/src/core/proof-field.mjs

@@ -1,5 +1,6 @@
 import path from 'node:path';
 import { nowIso, readText, rel, runProcess, sha256, writeJsonAtomic } from './fsx.mjs';
+import { buildDecisionLatticeReport, validateDecisionLatticeReport } from './decision-lattice.mjs';
 
 export const PROOF_FIELD_SCHEMA_VERSION = 1;
 export const FAST_LANE_MIN_SCORE = 0.75;
@@ -88,6 +89,20 @@ export async function buildProofField(root, opts = {}) {
   const verificationStageCache = verificationStageCachePlan({ sourceHash, changedFiles, verification: fastLane.verification });
   const simplicity = outcomeScorecard({ intent, changedFiles, selectedCones, risk, negativeWork, fastLane, workflowComplexity });
   const executionLane = executionLaneDecision({ fastLane, simplicity, workflowComplexity, teamTriggerMatrix });
+  const decisionLattice = normalizeDecisionLatticeReport(await buildDecisionLatticeReport({
+    intent,
+    changed_files: changedFiles,
+    proof_cones: selectedCones,
+    risk,
+    contract_clarity: contractClarity,
+    workflow_complexity: workflowComplexity,
+    team_trigger_matrix: teamTriggerMatrix,
+    verification_stage_cache: verificationStageCache,
+    simplicity_scorecard: simplicity,
+    fast_lane_decision: fastLane,
+    execution_lane: executionLane,
+    scoring_formula: 'simplicity_scorecard.score + contract_clarity.score - workflow_complexity.score - active_team_trigger_penalty'
+  }));
   return {
     schema_version: PROOF_FIELD_SCHEMA_VERSION,
     generated_at: nowIso(),
@@ -102,6 +117,7 @@ export async function buildProofField(root, opts = {}) {
     workflow_complexity: workflowComplexity,
     team_trigger_matrix: teamTriggerMatrix,
     verification_stage_cache: verificationStageCache,
+    decision_lattice: decisionLattice,
     simplicity_scorecard: simplicity,
     execution_lane: executionLane,
     proof_cones: selectedCones,
@@ -133,6 +149,8 @@ export function validateProofFieldReport(report = {}) {
   if (!Number.isFinite(Number(report.workflow_complexity?.score))) issues.push('workflow_complexity');
   if (!Array.isArray(report.team_trigger_matrix?.triggers)) issues.push('team_trigger_matrix');
   if (report.verification_stage_cache?.report_only !== true || !report.verification_stage_cache?.cache_key) issues.push('verification_stage_cache');
+  const latticeValidation = validateDecisionLatticeReport(report.decision_lattice);
+  if (!latticeValidation.ok) issues.push(`decision_lattice:${latticeValidation.issues.join('|')}`);
   if (!report.execution_lane?.lane) issues.push('execution_lane');
   if (report.execution_lane?.lane === SPEED_LANE_POLICY.fast_lane && report.execution_lane?.score < FAST_LANE_MIN_SCORE) issues.push('execution_lane_score');
   if (!Array.isArray(report.proof_cones)) issues.push('proof_cones');
@@ -158,12 +176,25 @@ export async function proofFieldFixture() {
       outcome_rubric_present: report.outcome_rubric.length === OUTCOME_RUBRIC.length,
       adversarial_lenses_present: report.outcome_rubric.every((item) => item.adversarial_lens) && report.simplicity_scorecard.criteria.every((item) => item.adversarial_lens),
       route_economy_present: report.contract_clarity?.report_only === true && report.workflow_complexity?.report_only === true && report.team_trigger_matrix?.report_only === true && report.verification_stage_cache?.report_only === true,
+      decision_lattice_present: validateDecisionLatticeReport(report.decision_lattice).ok,
+      decision_lattice_report_only: report.decision_lattice?.report_only === true,
+      decision_lattice_selected_path: Boolean(report.decision_lattice?.selected_path?.id),
+      decision_lattice_frontier_present: Array.isArray(report.decision_lattice?.frontier?.expanded_order) && report.decision_lattice.frontier.expanded_order.length > 0,
+      decision_lattice_rejections_present: Array.isArray(report.decision_lattice?.rejected_alternatives),
+      decision_lattice_scoring_formula_present: Boolean(report.decision_lattice?.scoring_formula),
       simplicity_score_usable: Number(report.simplicity_scorecard?.score) >= FAST_LANE_MIN_SCORE,
       execution_fast_lane_selected: report.execution_lane?.lane === SPEED_LANE_POLICY.fast_lane
     }
   };
 }
 
+function normalizeDecisionLatticeReport(report = {}) {
+  return {
+    ...report,
+    scoring_formula: report.scoring_formula || report.research_basis?.scoring_formula || null
+  };
+}
+
 async function gitChangedFiles(root) {
   const result = await runProcess('git', ['diff', '--name-only', 'HEAD', '--'], { cwd: root, timeoutMs: 10000, maxOutputBytes: 128 * 1024 });
   if (result.code !== 0) return [];

package/src/core/routes.mjs

@@ -92,18 +92,14 @@ export const RECOMMENDED_DESIGN_REFERENCES = [GETDESIGN_REFERENCE, AWESOME_DESIG
 
 export const PPT_PIPELINE_SKILL_ALLOWLIST = Object.freeze([
   'ppt',
+  'imagegen',
   'getdesign-reference',
   'prompt-pipeline',
   REFLECTION_SKILL_NAME,
   'honest-mode'
 ]);
 
-export const PPT_CONDITIONAL_SKILL_ALLOWLIST = Object.freeze([
-  {
-    skill: 'imagegen',
-    condition: 'only_when_the_sealed_ppt_contract_explicitly_requires_generated_raster_assets'
-  }
-]);
+export const PPT_CONDITIONAL_SKILL_ALLOWLIST = Object.freeze([]);
 
 export const PPT_PIPELINE_MCP_ALLOWLIST = Object.freeze([
   {
@@ -113,7 +109,10 @@ export const PPT_PIPELINE_MCP_ALLOWLIST = Object.freeze([
 ]);
 
 export function pptPipelineAllowlistPolicyText() {
-  return `PPT pipeline allowlist: during $PPT design/render work, ignore installed skills and MCPs that are not explicitly part of the $PPT pipeline. The purpose is to prevent AI-like generic presentation design: decorative gradients, nested cards, vague SaaS visuals, and style choices not grounded in the audience, source material, getdesign reference, or the project design SSOT. Required skills are ${PPT_PIPELINE_SKILL_ALLOWLIST.join(', ')}. Do not use generic design skills such as design-artifact-expert, design-ui-editor, or design-system-builder for $PPT just because they are installed. $PPT design must use getdesign-reference plus the built-in PPT design implementation pipeline: ${DESIGN_SYSTEM_SSOT.authority_file} when present, ${DESIGN_SYSTEM_SSOT.builder_prompt} as the builder prompt when missing, and route-local ppt-style-tokens.json as the fused design projection. Conditional skills/MCPs are allowed only when their condition is sealed in the contract: ${PPT_CONDITIONAL_SKILL_ALLOWLIST.map((entry) => `${entry.skill}=${entry.condition}`).join('; ')}; ${PPT_PIPELINE_MCP_ALLOWLIST.map((entry) => `${entry.mcp}=${entry.condition}`).join('; ')}. Fact, image, and review evidence are first-class artifacts: gather user-provided context and required web/Context7 evidence into ppt-fact-ledger.json, block unsupported critical external claims, plan required image resources through ppt-image-asset-ledger.json, then run a bounded review loop recorded in ppt-review-policy.json, ppt-review-ledger.json, and ppt-iteration-report.json. Required raster asset or generated visual-review evidence must come from Codex App $imagegen/gpt-image-2; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. The review loop caps full-deck passes at 2, slide retries at 2, requires P0/P1 issue count to be zero, targets score >= 0.88, and stops when improvement delta is below 0.03 or evidence is missing. For Codex App visual critique, use imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) when required or available; never simulate missing gpt-image-2 output. If required image-review evidence is unavailable, record the blocker instead of passing the gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
+  const conditionalSkills = PPT_CONDITIONAL_SKILL_ALLOWLIST.length
+    ? PPT_CONDITIONAL_SKILL_ALLOWLIST.map((entry) => `${entry.skill}=${entry.condition}`).join('; ')
+    : 'none';
+  return `PPT pipeline allowlist: during $PPT design/render work, ignore installed skills and MCPs that are not explicitly part of the $PPT pipeline. The purpose is to prevent AI-like generic presentation design: decorative gradients, nested cards, vague SaaS visuals, and style choices not grounded in the audience, source material, getdesign reference, or the project design SSOT. Required skills are ${PPT_PIPELINE_SKILL_ALLOWLIST.join(', ')}. The imagegen skill is required for $PPT so Codex App can invoke official built-in $imagegen/gpt-image-2 for every generated raster asset or generated visual-review image; do not route PPT imagery through direct API fallback. Do not use generic design skills such as design-artifact-expert, design-ui-editor, or design-system-builder for $PPT just because they are installed. $PPT design must use getdesign-reference plus the built-in PPT design implementation pipeline: ${DESIGN_SYSTEM_SSOT.authority_file} when present, ${DESIGN_SYSTEM_SSOT.builder_prompt} as the builder prompt when missing, and route-local ppt-style-tokens.json as the fused design projection. Conditional skills/MCPs are allowed only when their condition is sealed in the contract: ${conditionalSkills}; ${PPT_PIPELINE_MCP_ALLOWLIST.map((entry) => `${entry.mcp}=${entry.condition}`).join('; ')}. Fact, image, and review evidence are first-class artifacts: gather user-provided context and required web/Context7 evidence into ppt-fact-ledger.json, block unsupported critical claims, plan required image resources through ppt-image-asset-ledger.json, then run a bounded review loop recorded in ppt-review-policy.json, ppt-review-ledger.json, and ppt-iteration-report.json. Required raster asset or generated visual-review evidence must come from Codex App $imagegen/gpt-image-2; direct API fallback, placeholder files, and prose-only substitutes do not satisfy the route gate. The review loop caps full-deck passes at 2, slide retries at 2, requires P0/P1 issue count to be zero, targets score >= 0.88, and stops when improvement delta is below 0.03 or evidence is missing. For Codex App visual critique, invoke $imagegen/gpt-image-2 (${CODEX_APP_IMAGE_GENERATION_DOC_URL}) when required; never simulate missing gpt-image-2 output. If required image-review evidence is unavailable, record the blocker instead of passing the gate. ${CODEX_IMAGEGEN_REQUIRED_POLICY}`;
 }
 
 export function getdesignReferencePolicyText() {