sneakoscope 0.8.6 → 0.9.1

package/README.md

@@ -59,6 +59,19 @@ Research scouts now use named persona-inspired cognitive lenses: Einstein Scout,
 
 For existing 0.7.x users, the visible change is new report-only evidence, not a route personality rewrite. Team still feels like Team, DFix stays ultralight, DB remains conservative, QA-LOOP still dogfoods, PPT stays information-first, imagegen still requires real raster evidence, and Honest Mode remains the final truth pass. The original strong reminder idea became neutral RecallPulse so user-facing prompts stay short, professional, and non-repetitive; hook messages can point at status, but `mission-status-ledger.json` is the durable source when app-visible text disappears. The planning source is `docs/RECALLPULSE_0_8_0_TASKS.md`, and implementation is designed to land in safe task-sized slices before any enforcement promotion.
 
+## 0.9.0 Report-Only Decision Lattice
+
+Sneakoscope 0.9.0 adds a report-only Decision Lattice planner that uses A* over proof-debt signals to explain which route or verification path the pipeline would prefer. It is an evidence and planning surface, not a runtime shortcut: SKS must not claim speedup, fast-lane accuracy, or reduced verification cost from the lattice until replay or scored eval evidence demonstrates those outcomes.
+
+The lattice integrates with the existing proof-field and `sks pipeline plan` surfaces. Its reports are expected to show the explored frontier, the selected path, and rejected paths with their proof-debt reasons, so reviewers can audit why a route stayed on the full Team/Honest path or why a smaller verification plan was only proposed. Like RecallPulse, this is designed to land as report-only evidence first; route enforcement and performance claims remain gated by later validation.
+
+Quick checks:
+
+```bash
+sks proof-field scan --json --intent "small CLI change"
+sks pipeline plan latest --proof-field --json
+```
+
 ## Requirements
 
 - Node.js `>=20.11`
@@ -174,7 +187,7 @@ sks codex-lb repair
 sks
 ```
 
-Bare `sks` can also prompt for codex-lb auth; SKS stores the base URL/key in `~/.codex/sks-codex-lb.env`, writes `model_provider = "codex-lb"` into `~/.codex/config.toml` for Codex App routing, loads the provider env key for tmux launches, and syncs the macOS user launch environment so the Codex App can see `CODEX_LB_API_KEY` after restart. npm postinstall upgrades resync that stored env file and restore the Codex App provider selection when postinstall is not stopped by a hard harness conflict, and `sks doctor --fix` does the same during repair. If an older SKS release left the codex-lb dashboard key only in the shared Codex `auth.json` login cache, SKS migrates that key back into `~/.codex/sks-codex-lb.env` when a codex-lb provider or env base URL is already recoverable. It does not rewrite the shared Codex `auth.json` login cache by default; set `SKS_CODEX_LB_SYNC_CODEX_LOGIN=1` only if you intentionally want the old API-key login-cache behavior. When codex-lb is active, SKS opens a fresh `sks-codex-lb-*` tmux session and sweeps older detached codex-lb sessions for the same repo before launch so stale Responses API chains are not reused. Configured launch paths, including non-interactive runs, verify that codex-lb can continue a Responses API chain with `previous_response_id`; if that check fails, SKS bypasses codex-lb for that launch with `model_provider="openai"` instead of letting the Codex session fail mid-work.
+Bare `sks` can also prompt for codex-lb auth; SKS stores the base URL/key in `~/.codex/sks-codex-lb.env`, writes the upstream codex-lb Codex CLI / IDE Extension provider block into `~/.codex/config.toml` for Codex App routing, loads the provider env key for tmux launches, and syncs the macOS user launch environment so the Codex App can see `CODEX_LB_API_KEY` after restart. If the provider block disappears but the stored env file is still recoverable, bare `sks`, npm postinstall upgrades, `sks doctor --fix`, and `sks codex-lb repair` restore it with `env_key = "CODEX_LB_API_KEY"`, `supports_websockets = true`, and `requires_openai_auth = true` as documented by codex-lb. If an older SKS release left the codex-lb dashboard key only in the shared Codex `auth.json` login cache, SKS migrates that key back into `~/.codex/sks-codex-lb.env` when a codex-lb provider or env base URL is already recoverable. It does not rewrite the shared Codex `auth.json` login cache by default; set `SKS_CODEX_LB_SYNC_CODEX_LOGIN=1` only if you intentionally want the old API-key login-cache behavior. When codex-lb is active, SKS opens a fresh `sks-codex-lb-*` tmux session and sweeps older detached codex-lb sessions for the same repo before launch so stale Responses API chains are not reused. Configured launch paths, including non-interactive runs, verify that codex-lb can continue a Responses API chain with `previous_response_id`; if that check fails, SKS bypasses codex-lb for that launch with `model_provider="openai"` instead of letting the Codex session fail mid-work.
 
 If codex-lb provider auth drifts after launch/reinstall, run `sks doctor --fix` or `sks codex-lb repair`; to replace it, run `sks codex-lb reconfigure --host <domain> --api-key <key>`.
 
@@ -239,7 +252,7 @@ sks code-structure scan --json
 
 `sks recallpulse` is the 0.8.0 report-only RecallPulse utility. It writes `recallpulse-decision.json`, `mission-status-ledger.json`, `route-proof-capsule.json`, `evidence-envelope.json`, `recallpulse-governance-report.json`, `recallpulse-task-goal-ledger.json`, and `recallpulse-eval-report.json` for the current mission. RecallPulse does not replace route gates, Honest Mode, DB safety, imagegen evidence, or TriWiki validation; it records cache hits, hydration needs, duplicate suppression, route-governance risks, and final-summary-ready durable status so later releases can promote only measured improvements. Checklist updates are sequential: every `Txxx` row is treated as a child `$Goal` checkpoint, and `sks recallpulse checklist ... --task T001 --apply` refuses out-of-order checks unless explicitly overridden.
 
-`sks pipeline plan` shows the active route lane, kept/skipped stages, verification commands, and no-unrequested-fallback invariant. `sks proof-field scan` is the lightweight rubric for small changes; risky or broad signals return to the full Team/Honest path.
+`sks pipeline plan` shows the active route lane, kept/skipped stages, verification commands, and no-unrequested-fallback invariant. The 0.9.0 Decision Lattice augments this planning surface with report-only A*/proof-debt evidence: frontier paths considered, the selected path, and rejected paths with rejection reasons. `sks proof-field scan` remains the lightweight rubric for small changes; risky or broad signals return to the full Team/Honest path, and no speedup claim is valid without replay or eval evidence.
 
 ### Ambiguity Questions
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.8.6",
+  "version": "0.9.1",
   "description": "Sneakoscope Codex: database-safe Codex CLI/App harness with Team, Goal, AutoResearch, TriWiki, and Honest Mode.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",

package/src/cli/install-helpers.mjs

@@ -230,11 +230,13 @@ export async function codexLbStatus(opts = {}) {
   const providerConfigured = /\[model_providers\.codex-lb\]/.test(config);
   const selected = hasTopLevelCodexLbSelected(config);
   const baseUrl = codexLbProviderBaseUrl(config) || parseCodexLbEnvBaseUrl(envText) || null;
+  const providerRequiresOpenAiAuth = codexLbProviderRequiresOpenAiAuth(config);
   return {
-    ok: providerConfigured && envKeyConfigured && Boolean(baseUrl),
+    ok: providerConfigured && envKeyConfigured && Boolean(baseUrl) && providerRequiresOpenAiAuth,
     config_path: configPath,
     env_path: envPath,
     provider_configured: providerConfigured,
+    provider_requires_openai_auth: providerRequiresOpenAiAuth,
     selected,
     env_file: envExists,
     env_key_configured: envKeyConfigured,
@@ -373,6 +375,11 @@ function codexLbProviderBaseUrl(text = '') {
   return block.match(/(^|\n)\s*base_url\s*=\s*"([^"]+)"/)?.[2] || '';
 }
 
+function codexLbProviderRequiresOpenAiAuth(text = '') {
+  const block = String(text || '').match(/(^|\n)\[model_providers\.codex-lb\]([\s\S]*?)(?=\n\[[^\]]+\]|\s*$)/)?.[2] || '';
+  return /(^|\n)\s*requires_openai_auth\s*=\s*true\s*(?:#.*)?(?=\n|$)/.test(block);
+}
+
 export async function repairCodexLbAuth(opts = {}) {
   let status = await codexLbStatus(opts);
   let configRepaired = false;
@@ -387,7 +394,7 @@ export async function repairCodexLbAuth(opts = {}) {
       status = await codexLbStatus(opts);
     }
   }
-  if (status.env_key_configured && status.base_url && (!status.ok || !status.selected || legacyAuthMigrated || hasTopLevelCodexModeLock(currentConfig))) {
+  if (status.env_key_configured && status.base_url && (!status.ok || !status.selected || !status.provider_requires_openai_auth || legacyAuthMigrated || hasTopLevelCodexModeLock(currentConfig))) {
     await ensureDir(path.dirname(status.config_path));
     const next = normalizeCodexFastModeUiConfig(upsertCodexLbConfig(currentConfig, status.base_url));
     await writeTextAtomic(status.config_path, next);
@@ -426,7 +433,7 @@ export async function ensureCodexLbAuthDuringInstall(opts = {}) {
   if (process.env.SKS_SKIP_POSTINSTALL_CODEX_LB_AUTH === '1' && !opts.force) return { status: 'skipped', reason: 'SKS_SKIP_POSTINSTALL_CODEX_LB_AUTH=1' };
   const status = await codexLbStatus(opts);
   if (!status.selected && !status.provider_configured && !status.env_file) return { status: 'not_configured', codex_lb: status };
-  if (status.ok && !status.selected) return repairCodexLbAuth(opts);
+  if (status.ok && (!status.selected || !status.provider_requires_openai_auth)) return repairCodexLbAuth(opts);
   if (!status.ok) {
     if (status.base_url && (status.env_key_configured || status.provider_configured || status.selected || status.env_base_url_configured)) return repairCodexLbAuth(opts);
     return { status: status.env_key_configured ? 'missing_base_url' : 'missing_env_key', codex_lb: status, config_path: status.config_path, env_path: status.env_path };
@@ -465,7 +472,21 @@ async function restoreCodexLbEnvFromSharedLogin(status = {}, opts = {}) {
 
 export async function maybePromptCodexLbSetupForLaunch(args = [], opts = {}) {
   if (args.includes('--json') || args.includes('--skip-codex-lb') || process.env.SKS_SKIP_CODEX_LB_PROMPT === '1') return { status: 'skipped' };
-  const status = await codexLbStatus(opts);
+  let status = await codexLbStatus(opts);
+  if (status.env_key_configured && status.base_url && (!status.provider_configured || !status.selected || !status.provider_requires_openai_auth)) {
+    let promptedRestore = false;
+    if (!status.provider_configured && canAskYesNo()) {
+      promptedRestore = true;
+      const restore = (await askPostinstallQuestion('\ncodex-lb provider section is missing, but stored auth exists. Restore and route Codex through codex-lb? [Y/n] ')).trim();
+      if (/^(n|no|아니|아니요|ㄴ)$/i.test(restore)) return { status: 'continued_to_codex', codex_lb: status };
+    }
+    const repaired = await repairCodexLbAuth(opts);
+    status = await codexLbStatus(opts);
+    if (!status.ok) return { status: 'repair_failed', ok: false, repair: repaired, codex_lb: status };
+    if (!repaired.ok && repaired.error && promptedRestore) console.log(`codex-lb provider restored, but launch environment sync reported: ${repaired.error}`);
+    else if (!repaired.ok && promptedRestore) console.log(`codex-lb provider restored, but provider auth sync reported: ${repaired.status}`);
+    else if (repaired.config_repaired && promptedRestore) console.log(`codex-lb provider restored: ${status.base_url}`);
+  }
   if (status.ok) {
     const codexEnvironment = await syncCodexLbProviderEnvironment(status, opts);
     if (codexEnvironment.status === 'synced') console.log('codex-lb provider auth synced for this user session.');
@@ -480,7 +501,7 @@ export async function maybePromptCodexLbSetupForLaunch(args = [], opts = {}) {
     return { status: 'present', ...status, codex_environment: codexEnvironment, codex_login: codexLogin, chain_health: chainHealth };
   }
   if (!canAskYesNo()) return { status: 'non_interactive', codex_lb: status };
-  const useCodexLb = (await askPostinstallQuestion('\nAuthenticate and route Codex through codex-lb? [y/N] ')).trim();
+  const useCodexLb = (await askPostinstallQuestion('\ncodex-lb is not configured for this Codex App profile. Configure and route Codex through codex-lb now? [y/N] ')).trim();
   if (!/^(y|yes|예|네|응)$/i.test(useCodexLb)) return { status: 'continued_to_codex' };
   const host = (await askPostinstallQuestion('codex-lb host domain [http://127.0.0.1:2455]: ')).trim() || 'http://127.0.0.1:2455';
   const apiKey = (await askPostinstallQuestion('codex-lb API key: ')).trim();
@@ -1235,6 +1256,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbEnv = await safeReadText(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'));
   const codexLbAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
   if (!codexLbSetupJson.ok || codexLbSetupJson.base_url !== 'https://lb.example.test/backend-api/codex' || !hasTopLevelCodexLbSelected(codexLbConfig) || !codexLbConfig.includes('[model_providers.codex-lb]') || !codexLbEnv.includes("CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'") || !codexLbEnv.includes("CODEX_LB_API_KEY='sk-test'") || codexLbSetupJson.codex_environment?.ok !== true || codexLbSetupJson.codex_login?.status !== 'skipped' || codexLbAuth.trim()) throw new Error('selftest: codex-lb setup');
+  if (!codexLbConfig.includes('requires_openai_auth = true')) throw new Error('selftest: codex-lb setup did not write upstream-required requires_openai_auth');
   const codexLbFailLaunchctl = path.join(codexLbFakeBin, 'launchctl-fail');
   await writeTextAtomic(codexLbFailLaunchctl, '#!/bin/sh\necho "launchctl denied" >&2\nexit 7\n');
   await fsp.chmod(codexLbFailLaunchctl, 0o755);
@@ -1244,6 +1266,7 @@ export async function selftestCodexLb(tmp) {
   await initProject(codexLbHome, { installScope: 'global', force: true, repair: true });
   const codexLbRepairSetupConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   if (!hasTopLevelCodexLbSelected(codexLbRepairSetupConfig) || !codexLbRepairSetupConfig.includes('[model_providers.codex-lb]') || !codexLbRepairSetupConfig.includes('https://lb.example.test/backend-api/codex') || codexLbRepairSetupConfig.includes('sk-test')) throw new Error('selftest: init codex-lb');
+  if (!codexLbRepairSetupConfig.includes('requires_openai_auth = true')) throw new Error('selftest: init codex-lb did not preserve upstream-required requires_openai_auth');
   if (!hasCodexUnstableFeatureWarningSuppression(codexLbRepairSetupConfig)) throw new Error('selftest: init codex-lb did not suppress Codex unstable feature warning');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), `${codexLbConfig}\n[mcp_servers.supabase]\nurl = "https://mcp.supabase.com/mcp?project_ref=ref&read_only=true&features=database,docs"\n`);
   const ptmp = path.join(tmp, 'codex-lb-project-config'), prevHome = process.env.HOME;
@@ -1251,6 +1274,7 @@ export async function selftestCodexLb(tmp) {
   finally { if (prevHome === undefined) delete process.env.HOME; else process.env.HOME = prevHome; }
   const pcfg = await safeReadText(path.join(ptmp, '.codex', 'config.toml'));
   if (!hasTopLevelCodexLbSelected(pcfg) || !pcfg.includes('[model_providers.codex-lb]') || !pcfg.includes('[mcp_servers.supabase]') || !pcfg.includes('read_only=true')) throw new Error('selftest: project codex-lb');
+  if (!pcfg.includes('requires_openai_auth = true')) throw new Error('selftest: project codex-lb did not copy upstream-required requires_openai_auth');
   if (!hasCodexUnstableFeatureWarningSuppression(pcfg)) throw new Error('selftest: project codex-lb config did not suppress Codex unstable feature warning');
   await writeTextAtomic(path.join(codexLbHome, '.codex', 'auth.json'), '{"auth_mode":"browser"}\n');
   const codexLbRepair = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'auth', 'repair', '--json'], { cwd: tmp, env: codexLbEnvForSelftest, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
@@ -1310,6 +1334,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbLoginCallsAfterBootstrap = await codexLbLoginCallCount(codexLbHome);
   if (!codexLbPostBootstrapAuth.includes('"auth_mode":"browser"') || codexLbPostBootstrapAuth.includes('sk-test') || codexLbLoginCallsAfterBootstrap !== codexLbLoginCallsBeforeBootstrap) throw new Error('selftest: postinstall drift auth');
   if (!hasTopLevelCodexLbSelected(codexLbPostBootstrapConfig) || !codexLbPostBootstrapConfig.includes('[model_providers.codex-lb]') || !codexLbPostBootstrapConfig.includes('https://lb.example.test/backend-api/codex') || codexLbPostBootstrapConfig.includes('sk-test')) throw new Error('selftest: postinstall drift config');
+  if (!codexLbPostBootstrapConfig.includes('requires_openai_auth = true')) throw new Error('selftest: postinstall drift config did not restore upstream-required requires_openai_auth');
   const doctorProject = tmpdir();
   await ensureDir(path.join(doctorProject, '.git'));
   await writeTextAtomic(path.join(doctorProject, 'package.json'), '{"name":"codex-lb-doctor-project","version":"0.0.0"}\n');
@@ -1327,6 +1352,7 @@ export async function selftestCodexLb(tmp) {
   const codexLbDoctorAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
   const codexLbDoctorConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
   if (!codexLbDoctorJson.repair?.codex_lb?.ok || !codexLbDoctorJson.repair.codex_lb.config_repaired || !codexLbDoctorJson.codex_lb?.ok || !codexLbDoctorAuth.includes('"auth_mode":"browser"') || codexLbDoctorAuth.includes('sk-test') || !hasTopLevelCodexLbSelected(codexLbDoctorConfig) || !codexLbDoctorConfig.includes('https://lb.example.test/backend-api/codex') || !hasCodexUnstableFeatureWarningSuppression(codexLbDoctorConfig)) throw new Error('selftest: doctor codex-lb');
+  if (!codexLbDoctorConfig.includes('requires_openai_auth = true')) throw new Error('selftest: doctor codex-lb did not restore upstream-required requires_openai_auth');
   const codexLbContext7Bin = path.join(tmp, 'codex-lb-context7-bin');
   await ensureDir(codexLbContext7Bin);
   await writeTextAtomic(path.join(codexLbContext7Bin, 'codex'), '#!/bin/sh\nif [ "$1" = "--version" ]; then echo "codex-cli 99.0.0"; exit 0; fi\nif [ "$CODEX_LB_API_KEY" ]; then echo "context7 leaked CODEX_LB_API_KEY" >&2; exit 77; fi\nif [ "$1" = "mcp" ] && [ "$2" = "list" ]; then echo ""; exit 0; fi\nif [ "$1" = "mcp" ] && [ "$2" = "add" ]; then echo "context7 added"; exit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
@@ -1468,6 +1494,7 @@ export async function selftestCodexLb(tmp) {
     home: codexLbHome,
     apiKey: 'sk-test',
     codexBin: path.join(codexLbFakeBin, 'codex'),
+    syncLaunchEnv: false,
     timeoutMs: 1000,
     fetch: async (url, init) => {
       nonInteractiveLaunchChainCalls.push({ url, body: JSON.parse(init.body) });
@@ -1479,6 +1506,7 @@ export async function selftestCodexLb(tmp) {
     home: codexLbHome,
     apiKey: 'sk-test',
     codexBin: path.join(codexLbFakeBin, 'codex'),
+    syncLaunchEnv: false,
     timeoutMs: 1000,
     fetch: async (_url, init) => {
       const body = JSON.parse(init.body);
@@ -1487,6 +1515,22 @@ export async function selftestCodexLb(tmp) {
     }
   });
   if (nonInteractiveBrokenLaunch.status !== 'chain_unhealthy' || nonInteractiveBrokenLaunch.bypass_codex_lb !== true || nonInteractiveBrokenLaunch.chain_health?.status !== 'previous_response_not_found') throw new Error('selftest: non-interactive codex-lb launch path did not bypass on previous_response_not_found');
+  await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), 'model = "gpt-5.5"\nservice_tier = "fast"\n');
+  await writeTextAtomic(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'), "export CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'\nexport CODEX_LB_API_KEY='sk-test'\n");
+  const missingProviderLaunchCalls = [];
+  const missingProviderLaunch = await maybePromptCodexLbSetupForLaunch([], {
+    home: codexLbHome,
+    apiKey: 'sk-test',
+    codexBin: path.join(codexLbFakeBin, 'codex'),
+    syncLaunchEnv: false,
+    timeoutMs: 1000,
+    fetch: async (url, init) => {
+      missingProviderLaunchCalls.push({ url, body: JSON.parse(init.body) });
+      return new Response(JSON.stringify({ id: missingProviderLaunchCalls.length === 1 ? 'resp_missing_provider_1' : 'resp_missing_provider_2' }), { status: 200, headers: { 'content-type': 'application/json' } });
+    }
+  });
+  const missingProviderRepairedConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
+  if (!missingProviderLaunch.ok || missingProviderLaunch.status !== 'present' || missingProviderLaunch.chain_health?.status !== 'chain_ok' || missingProviderLaunchCalls.length !== 2 || !hasTopLevelCodexLbSelected(missingProviderRepairedConfig) || !missingProviderRepairedConfig.includes('[model_providers.codex-lb]') || !missingProviderRepairedConfig.includes('env_key = "CODEX_LB_API_KEY"') || !missingProviderRepairedConfig.includes('supports_websockets = true') || !missingProviderRepairedConfig.includes('requires_openai_auth = true')) throw new Error('selftest: bare sks launch did not restore missing upstream codex-lb provider block from stored env');
   const chainCalls = [];
   const okChain = await checkCodexLbResponseChain(
     { base_url: 'https://lb.example.test/backend-api/codex', env_path: path.join(codexLbHome, '.codex', 'sks-codex-lb.env') },

package/src/cli/main.mjs

@@ -1146,9 +1146,11 @@ async function codexLbCommand(action = 'status', args = []) {
     console.log(`Configured: ${status.ok ? 'yes' : 'no'}`);
     console.log(`Selected:   ${status.selected ? 'yes' : 'no'}`);
     console.log(`Provider:   ${status.provider_configured ? 'yes' : 'no'}`);
+    console.log(`Codex App auth: ${status.provider_requires_openai_auth ? 'yes' : 'missing'}`);
     console.log(`Env file:   ${status.env_file ? status.env_path : 'missing'}`);
     if (status.base_url) console.log(`Base URL:   ${status.base_url}`);
     if (status.ok && !status.selected) console.log('\nRun: sks codex-lb repair to activate codex-lb for Codex App.');
+    else if (!status.ok && status.base_url && status.env_key_configured) console.log('\nRun: sks codex-lb repair to restore the upstream codex-lb provider block.');
     else if (!status.ok) console.log('\nRun: sks codex-lb setup --host <domain> --api-key <key>');
     else console.log('\nRepair provider auth: sks codex-lb repair');
     return;
@@ -2103,14 +2105,18 @@ async function selftest() {
   await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'agent-team', 'SKILL.md'), '---\nname: agent-team\ndescription: Fallback Codex App picker alias for $Team.\n---\n');
   await ensureDir(path.join(repairTmp, '.agents', 'skills', 'stale-sks-generated'));
   await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'stale-sks-generated', 'SKILL.md'), '---\nname: stale-sks-generated\ndescription: Old SKS generated skill that should disappear on update.\n---\n');
-  await ensureDir(path.join(repairTmp, '.agents', 'skills', 'computer-use'));
-  await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', 'computer-use', 'SKILL.md'), '---\nname: computer-use\ndescription: Maximum-speed $Computer-Use/$CU lane for Codex Computer Use UI/browser/visual tasks.\n---\n');
+  const stalePluginSkillNames = ['browser', 'browser-use', 'computer-use', 'chrome', 'documents', 'presentations', 'spreadsheets', 'latex'];
+  const stalePluginSkillContent = (name) => `---\nname: ${name}\ndescription: Sneakoscope generated stale plugin collision for selftest.\n---\n\nCodex App pipeline activation:\n- stale selftest marker\n`;
+  for (const name of stalePluginSkillNames) {
+    await ensureDir(path.join(repairTmp, '.agents', 'skills', name));
+    await writeTextAtomic(path.join(repairTmp, '.agents', 'skills', name, 'SKILL.md'), stalePluginSkillContent(name));
+  }
   await writeJsonAtomic(path.join(repairTmp, '.agents', 'skills', '.sks-generated.json'), {
     schema_version: 1,
     generated_by: 'sneakoscope',
     version: '0.0.1',
-    skills: ['team', 'stale-sks-generated', 'computer-use'],
-    files: ['.agents/skills/team/SKILL.md', '.agents/skills/stale-sks-generated/SKILL.md', '.agents/skills/computer-use/SKILL.md']
+    skills: ['team', 'stale-sks-generated', ...stalePluginSkillNames],
+    files: ['.agents/skills/team/SKILL.md', '.agents/skills/stale-sks-generated/SKILL.md', ...stalePluginSkillNames.map((name) => `.agents/skills/${name}/SKILL.md`)]
   });
   const staleCodexAgentRel = '.codex/agents/stale-generated.toml';
   await writeTextAtomic(path.join(repairTmp, staleCodexAgentRel), 'name = "stale_generated"\n');
@@ -2131,8 +2137,6 @@ async function selftest() {
   await writeJsonAtomic(path.join(repairTmp, '.sneakoscope', 'policy.json'), { broken: true });
   const existingAgentsMd = await safeReadText(path.join(repairTmp, 'AGENTS.md'));
   await writeTextAtomic(path.join(repairTmp, 'AGENTS.md'), existingAgentsMd.replace(/<!-- BEGIN Sneakoscope Codex GX MANAGED BLOCK -->[\s\S]*?<!-- END Sneakoscope Codex GX MANAGED BLOCK -->\n?/, '<!-- BEGIN Sneakoscope Codex GX MANAGED BLOCK -->\ntampered managed block\n<!-- END Sneakoscope Codex GX MANAGED BLOCK -->\n'));
-  const stalePluginSkillNames = ['computer-use', 'browser-use', 'browser'];
-  const stalePluginSkillContent = (name) => `---\nname: ${name}\ndescription: Sneakoscope generated stale plugin collision for selftest.\n---\n\nCodex App pipeline activation:\n- stale selftest marker\n`;
   const doctorRepair = await runProcess(process.execPath, [path.join(packageRoot(), 'bin', 'sks.mjs'), 'doctor', '--fix', '--local-only', '--json'], {
     cwd: repairTmp,
     env: { HOME: path.join(repairTmp, 'home'), SKS_DISABLE_UPDATE_CHECK: '1' },
@@ -2150,7 +2154,9 @@ async function selftest() {
   if (!repairedTeamSkill.includes('SKS Team orchestration') || repairedTeamSkill.includes('tampered')) throw new Error('selftest: doctor repair did not regenerate team skill');
   if (await exists(path.join(repairTmp, '.agents', 'skills', 'agent-team', 'SKILL.md'))) throw new Error('selftest: doctor repair did not remove deprecated agent-team alias skill');
   if (await exists(path.join(repairTmp, '.agents', 'skills', 'stale-sks-generated', 'SKILL.md'))) throw new Error('selftest: doctor repair did not prune stale generated skill from previous SKS manifest');
-  if (await exists(path.join(repairTmp, '.agents', 'skills', 'computer-use', 'SKILL.md'))) throw new Error('selftest: computer-use shadow');
+  for (const name of stalePluginSkillNames) {
+    if (await exists(path.join(repairTmp, '.agents', 'skills', name, 'SKILL.md'))) throw new Error(`selftest: doctor repair left stale generated ${name} plugin shadow skill`);
+  }
   if (await exists(path.join(repairTmp, staleCodexAgentRel))) throw new Error('selftest: doctor repair did not prune stale generated agent file from previous SKS manifest');
   if (!doctorRepairJson.repair?.project?.skill_install?.removed_stale_generated_skills?.includes('.agents/skills/stale-sks-generated')) throw new Error('selftest: stale skill report');
   const generatedCleanupReport = doctorRepairJson.repair?.project?.generated_cleanup || {};
@@ -2169,6 +2175,8 @@ async function selftest() {
   await writeJsonAtomic(path.join(doctorGlobalTmp, 'package.json'), { name: 'doctor-global-skill-repair-smoke', version: '0.0.0' });
   await initProject(doctorGlobalTmp, { installScope: 'global' });
   const doctorGlobalHome = path.join(doctorGlobalTmp, 'home');
+  await ensureDir(path.join(doctorGlobalHome, '.codex'));
+  await writeTextAtomic(path.join(doctorGlobalHome, '.codex', 'config.toml'), 'model = "gpt-5.5"\nmodel_reasoning_effort = "high"\nservice_tier = "fast"\n\n[features]\nplugins = false\napps = false\n');
   for (const name of stalePluginSkillNames) {
     await ensureDir(path.join(doctorGlobalHome, '.agents', 'skills', name));
     await writeTextAtomic(path.join(doctorGlobalHome, '.agents', 'skills', name, 'SKILL.md'), stalePluginSkillContent(name));
@@ -2184,6 +2192,7 @@ async function selftest() {
   const doctorGlobalCodexConfig = await safeReadText(path.join(doctorGlobalHome, '.codex', 'config.toml'));
   if (!doctorGlobalRepairJson.repair?.global_codex_config) throw new Error('selftest: doctor global config repair missing');
   assertCodexWarn(doctorGlobalCodexConfig, 'doctor global config');
+  if (hasTopLevelCodexModeLock(doctorGlobalCodexConfig)) throw new Error('selftest: doctor global config repair left top-level model_reasoning_effort lock that can hide Codex App plugin UI');
   if (missingGeneratedCodexAppFeatureFlags(doctorGlobalCodexConfig).length || hasDeprecatedCodexHooksFeatureFlag(doctorGlobalCodexConfig) || !hasResearchProfileConfig(doctorGlobalCodexConfig)) throw new Error('selftest: doctor global config repair did not restore Codex App feature flags and Research xhigh profiles');
   for (const name of stalePluginSkillNames) {
     if (await exists(path.join(doctorGlobalHome, '.agents', 'skills', name, 'SKILL.md'))) throw new Error(`selftest: doctor --fix did not remove global generated ${name} plugin shadow skill`);
@@ -3068,12 +3077,32 @@ async function selftest() {
   await ensureDir(fakeCodexApp);
   await ensureDir(fakeCodexBinDir);
   await ensureDir(path.join(appFeatureTmp, '.codex'));
-  await writeTextAtomic(path.join(appFeatureTmp, '.codex', 'config.toml'), codexConfigText);
+  const codexAppFixtureConfigText = codexConfigText.replace(/(?:^|\n)\[marketplaces\.[^\]\r\n]+\][\s\S]*?(?=\n\[[^\]]+\]|\s*$)/g, '\n').replace(/\n{3,}/g, '\n\n');
+  await writeTextAtomic(path.join(appFeatureTmp, '.codex', 'config.toml'), codexAppFixtureConfigText);
+  const fakeDefaultPluginCacheNames = ['browser', 'chrome', 'computer-use', 'latex', 'documents', 'presentations', 'spreadsheets'];
+  for (const name of fakeDefaultPluginCacheNames) await ensureDir(path.join(appFeatureTmp, '.codex', 'plugins', 'cache', name));
   const fakeCodex = path.join(fakeCodexBinDir, 'codex');
   await writeTextAtomic(fakeCodex, '#!/bin/sh\nif [ "$1" = "mcp" ] && [ "$2" = "list" ]; then printf "%s\\n" "computer-use enabled" "browser-use enabled"; exit 0; fi\nif [ "$1" = "features" ] && [ "$2" = "list" ]; then cat <<EOF\napps                                    stable             true\nbrowser_use                             stable             true\nbrowser_use_external                    stable             true\ncodex_git_commit                        under development  true\ncomputer_use                            stable             true\nfast_mode                               stable             true\nguardian_approval                       stable             true\nhooks                                   stable             true\nimage_generation                        stable             true\nin_app_browser                          stable             true\nplugins                                 stable             true\nremote_control                          under development  true\ntool_suggest                            stable             true\nEOF\nexit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
   await fsp.chmod(fakeCodex, 0o755);
-  const codexAppFeatureStatus = await codexAppIntegrationStatus({ codex: { bin: fakeCodex, version: 'codex-cli 99.0.0' }, home: appFeatureTmp, env: { SKS_CODEX_APP_PATH: fakeCodexApp } });
+  const codexAppFixtureOpts = { codex: { bin: fakeCodex, version: 'codex-cli 99.0.0' }, home: appFeatureTmp, cwd: appFeatureTmp, env: { SKS_CODEX_APP_PATH: fakeCodexApp } };
+  const codexAppFeatureStatus = await codexAppIntegrationStatus(codexAppFixtureOpts);
   if (!codexAppFeatureStatus.ok || !codexAppFeatureStatus.features?.required_flags_ok || !codexAppFeatureStatus.features?.codex_git_commit || !codexAppFeatureStatus.features?.remote_control || !codexAppFeatureStatus.features?.fast_mode_config?.ok) throw new Error('selftest: codex-app check did not accept required app feature flags, remote_control, and unlocked Fast UI config');
+  const missingDefaultPluginTmp = tmpdir();
+  await ensureDir(path.join(missingDefaultPluginTmp, '.codex'));
+  const codexConfigWithoutMarketplaceSources = codexConfigText.replace(/(?:^|\n)\[marketplaces\.[^\]\r\n]+\][\s\S]*?(?=\n\[[^\]]+\]|\s*$)/g, '').trim();
+  await writeTextAtomic(path.join(missingDefaultPluginTmp, '.codex', 'config.toml'), `${codexConfigWithoutMarketplaceSources}\n`);
+  const codexAppMissingDefaultPluginStatus = await codexAppIntegrationStatus({ codex: { bin: fakeCodex, version: 'codex-cli 99.0.0' }, home: missingDefaultPluginTmp, cwd: missingDefaultPluginTmp, env: { SKS_CODEX_APP_PATH: fakeCodexApp } });
+  if (codexAppMissingDefaultPluginStatus.ok || codexAppMissingDefaultPluginStatus.plugins?.default_plugins?.ok || codexAppMissingDefaultPluginStatus.plugins?.picker?.ok || !codexAppMissingDefaultPluginStatus.plugins?.default_plugins?.missing_installed?.includes('browser@openai-bundled') || !codexAppMissingDefaultPluginStatus.guidance.some((line) => line.includes('default plugin source'))) throw new Error('selftest: codex-app check did not block missing default plugin source');
+  await ensureDir(path.join(appFeatureTmp, '.agents', 'skills', 'browser'));
+  await writeTextAtomic(path.join(appFeatureTmp, '.agents', 'skills', 'browser', 'SKILL.md'), stalePluginSkillContent('browser'));
+  const codexAppShadowStatus = await codexAppIntegrationStatus(codexAppFixtureOpts);
+  if (codexAppShadowStatus.ok || codexAppShadowStatus.plugins?.picker?.ok || codexAppShadowStatus.plugins?.skill_shadows?.blocking?.[0]?.name !== 'browser' || codexAppShadowStatus.plugins?.skill_shadows?.generated?.[0]?.name !== 'browser' || !codexAppShadowStatus.guidance.some((line) => line.includes('plugin picker generated skill shadow'))) throw new Error('selftest: codex-app check did not block generated skill shadow that can hide @ plugin picker entries');
+  await fsp.rm(path.join(appFeatureTmp, '.agents', 'skills', 'browser'), { recursive: true, force: true });
+  await ensureDir(path.join(appFeatureTmp, '.agents', 'skills', 'browser'));
+  await writeTextAtomic(path.join(appFeatureTmp, '.agents', 'skills', 'browser', 'SKILL.md'), '---\nname: browser\ndescription: User custom skill, not generated by SKS.\n---\n');
+  const codexAppCustomShadowStatus = await codexAppIntegrationStatus(codexAppFixtureOpts);
+  if (codexAppCustomShadowStatus.ok || codexAppCustomShadowStatus.plugins?.picker?.ok || codexAppCustomShadowStatus.plugins?.skill_shadows?.custom?.[0]?.name !== 'browser' || codexAppCustomShadowStatus.plugins?.skill_shadows?.generated?.length || !codexAppCustomShadowStatus.guidance.some((line) => line.includes('user-owned reserved skill name')) || codexAppCustomShadowStatus.guidance.some((line) => line.includes('plugin picker generated skill shadow'))) throw new Error('selftest: codex-app check did not distinguish user-owned reserved plugin skill names from generated shadows');
+  await fsp.rm(path.join(appFeatureTmp, '.agents', 'skills', 'browser'), { recursive: true, force: true });
   const fakeCodexMissing = path.join(fakeCodexBinDir, 'codex-missing-git-commit');
   await writeTextAtomic(fakeCodexMissing, '#!/bin/sh\nif [ "$1" = "mcp" ] && [ "$2" = "list" ]; then printf "%s\\n" "computer-use enabled" "browser-use enabled"; exit 0; fi\nif [ "$1" = "features" ] && [ "$2" = "list" ]; then cat <<EOF\napps                                    stable             true\nbrowser_use                             stable             true\nbrowser_use_external                    stable             true\ncodex_git_commit                        under development  false\ncomputer_use                            stable             true\nfast_mode                               stable             true\nguardian_approval                       stable             true\nhooks                                   stable             true\nimage_generation                        stable             true\nin_app_browser                          stable             true\nplugins                                 stable             true\nremote_control                          under development  true\ntool_suggest                            stable             true\nEOF\nexit 0; fi\necho "unexpected codex $*" >&2\nexit 2\n');
   await fsp.chmod(fakeCodexMissing, 0o755);
@@ -3828,20 +3857,20 @@ async function selftest() {
   if (!harnessReport.forgetting.fixture.passed || !harnessReport.tmux.views.includes('Harness Experiments View') || !harnessReport.reliability.tool_error_taxonomy.includes('Unknown')) throw new Error('selftest: harness growth fixture incomplete');
   const proofField = await proofFieldFixture();
   if (!proofField.validation.ok || !validateProofFieldReport(proofField.report).ok) throw new Error('selftest: proof field report invalid');
-  if (!proofField.checks.route_cone_selected || !proofField.checks.cli_cone_selected || !proofField.checks.catastrophic_guard_present || !proofField.checks.negative_release_work_recorded || !proofField.checks.outcome_rubric_present || !proofField.checks.adversarial_lenses_present || !proofField.checks.route_economy_present || !proofField.checks.simplicity_score_usable || !proofField.checks.execution_fast_lane_selected) throw new Error('selftest: proof field fixture checks incomplete');
+  if (!proofField.checks.route_cone_selected || !proofField.checks.cli_cone_selected || !proofField.checks.catastrophic_guard_present || !proofField.checks.negative_release_work_recorded || !proofField.checks.outcome_rubric_present || !proofField.checks.adversarial_lenses_present || !proofField.checks.route_economy_present || !proofField.checks.decision_lattice_present || !proofField.checks.decision_lattice_report_only || !proofField.checks.decision_lattice_selected_path || !proofField.checks.decision_lattice_frontier_present || !proofField.checks.decision_lattice_rejections_present || !proofField.checks.decision_lattice_scoring_formula_present || !proofField.checks.simplicity_score_usable || !proofField.checks.execution_fast_lane_selected) throw new Error('selftest: proof field fixture checks incomplete');
   if (!speedLanePolicyText().includes('proof_field_fast_lane') || !proofField.report.execution_lane?.skip_when_fast?.includes('planning_debate')) throw new Error('selftest: Proof Field speed lane policy missing');
   const fastPipelinePlan = buildPipelinePlan({ route: routePrompt('$Team small CLI help update'), task: 'small CLI help surface update', proofField: proofField.report });
   if (!validatePipelinePlan(fastPipelinePlan).ok || fastPipelinePlan.runtime_lane?.lane !== 'proof_field_fast_lane' || !fastPipelinePlan.skipped_stages.includes('planning_debate') || !fastPipelinePlan.invariants.includes('no_unrequested_fallback_code')) throw new Error('selftest: pipeline plan did not encode fast lane stage skips and fallback guard');
   const broadProofField = await buildProofField(tmp, { intent: 'database security route refactor', changedFiles: ['src/core/db-safety.mjs', 'src/core/routes.mjs', 'src/cli/main.mjs', 'README.md'] });
   const broadPipelinePlan = buildPipelinePlan({ route: routePrompt('$Team database security route refactor'), task: 'database security route refactor', proofField: broadProofField });
   if (!validatePipelinePlan(broadPipelinePlan).ok || broadPipelinePlan.runtime_lane?.lane === 'proof_field_fast_lane' || broadPipelinePlan.skipped_stages.includes('planning_debate')) throw new Error('selftest: pipeline plan did not fail closed for broad/security work');
-  if (broadPipelinePlan.route_economy?.mode !== 'report_only' || !broadPipelinePlan.route_economy.active_team_triggers?.includes('broad_change_set') || !broadPipelinePlan.route_economy.verification_stage_cache_key) throw new Error('selftest: route economy projection missing from pipeline plan');
+  if (broadPipelinePlan.route_economy?.mode !== 'report_only' || !broadPipelinePlan.route_economy.active_team_triggers?.includes('broad_change_set') || !broadPipelinePlan.route_economy.verification_stage_cache_key || !broadPipelinePlan.route_economy.decision_lattice?.report_only) throw new Error('selftest: route economy projection missing from pipeline plan');
   const workflowPerf = await runWorkflowPerfBench(tmp, {
     iterations: 2,
     intent: 'small CLI help surface update',
     changedFiles: ['src/cli/maintenance-commands.mjs', 'src/core/routes.mjs']
   });
-  if (!validateWorkflowPerfReport(workflowPerf).ok || workflowPerf.metrics.decision_mode !== 'fast_lane' || workflowPerf.metrics.execution_lane !== 'proof_field_fast_lane' || workflowPerf.metrics.pipeline_lane !== 'proof_field_fast_lane' || !workflowPerf.metrics.fast_lane_eligible || !workflowPerf.metrics.fast_lane_allowed || Number(workflowPerf.metrics.simplicity_score) < 0.75 || Number(workflowPerf.metrics.outcome_criteria_passed) < 3) throw new Error('selftest: workflow perf proof field did not produce a valid outcome-scored fast lane report');
+  if (!validateWorkflowPerfReport(workflowPerf).ok || workflowPerf.metrics.decision_mode !== 'fast_lane' || workflowPerf.metrics.execution_lane !== 'proof_field_fast_lane' || workflowPerf.metrics.pipeline_lane !== 'proof_field_fast_lane' || !workflowPerf.metrics.fast_lane_eligible || !workflowPerf.metrics.fast_lane_allowed || !workflowPerf.metrics.decision_lattice_valid || Number(workflowPerf.metrics.decision_lattice_frontier_count) < 1 || Number(workflowPerf.metrics.simplicity_score) < 0.75 || Number(workflowPerf.metrics.outcome_criteria_passed) < 3) throw new Error('selftest: workflow perf proof field did not produce a valid outcome-scored fast lane report');
   if (classifyToolError({ message: 'operation timed out' }) !== 'Timeout' || classifyToolError({ message: 'unclassified weirdness' }) !== 'Unknown') throw new Error('selftest: tool error taxonomy classification');
   const coord = rgbaToWikiCoord({ r: 12, g: 34, b: 56, a: 255 });
   if (coord.schema !== 'sks.wiki-coordinate.v1' || coord.xyzw.length !== 4) throw new Error('selftest: RGBA wiki coordinate conversion');

package/src/cli/maintenance-commands.mjs

@@ -969,6 +969,9 @@ export async function proofFieldCommand(sub, args = []) {
   console.log(`Workflow complexity: ${report.workflow_complexity.band} (${report.workflow_complexity.score})`);
   if (report.team_trigger_matrix.active_triggers.length) console.log(`Team triggers: ${report.team_trigger_matrix.active_triggers.join(', ')}`);
   console.log(`Proof cones: ${report.proof_cones.map((cone) => cone.id).join(', ')}`);
+  if (report.decision_lattice?.selected_path?.id) {
+    console.log(`Decision lattice: ${report.decision_lattice.selected_path.id} f=${report.decision_lattice.selected_path.cost?.f ?? 'n/a'} frontier=${report.decision_lattice.frontier?.expanded_order?.length || 0} rejected=${report.decision_lattice.rejected_alternatives?.length || 0}`);
+  }
   console.log(`Verification: ${report.fast_lane_decision.verification.join('; ')}`);
   console.log(`Report: ${path.relative(root, report.report_path)}`);
 }

package/src/core/codex-app.mjs

@@ -3,6 +3,7 @@ import os from 'node:os';
 import fsp from 'node:fs/promises';
 import { exists, runProcess } from './fsx.mjs';
 import { getCodexInfo } from './codex-adapter.mjs';
+import { DEFAULT_CODEX_APP_PLUGINS as DEFAULT_CODEX_APP_PLUGIN_TUPLES, RESERVED_CODEX_PLUGIN_SKILL_NAMES } from './routes.mjs';
 
 export const CODEX_APP_DOCS_URL = 'https://developers.openai.com/codex/app/features';
 export const CODEX_CHANGELOG_URL = 'https://developers.openai.com/codex/changelog';
@@ -22,15 +23,7 @@ const REQUIRED_CODEX_APP_FEATURE_FLAGS = [
   'apps',
   'plugins'
 ];
-const DEFAULT_CODEX_APP_PLUGINS = [
-  { name: 'browser', marketplace: 'openai-bundled' },
-  { name: 'chrome', marketplace: 'openai-bundled' },
-  { name: 'computer-use', marketplace: 'openai-bundled' },
-  { name: 'latex', marketplace: 'openai-bundled' },
-  { name: 'documents', marketplace: 'openai-primary-runtime' },
-  { name: 'presentations', marketplace: 'openai-primary-runtime' },
-  { name: 'spreadsheets', marketplace: 'openai-primary-runtime' }
-];
+const DEFAULT_CODEX_APP_PLUGINS = DEFAULT_CODEX_APP_PLUGIN_TUPLES.map(([name, marketplace]) => ({ name, marketplace }));
 
 export function codexAppCandidatePaths(home = os.homedir(), env = process.env) {
   const candidates = [];
@@ -128,6 +121,7 @@ export async function codexAppIntegrationStatus(opts = {}) {
   const browserUsePath = await findPluginCache('browser-use', opts);
   const computerUsePath = await findPluginCache('computer-use', opts);
   const defaultPlugins = await codexDefaultPluginStatus(opts);
+  const pluginSkillShadows = await codexPluginSkillShadowStatus(opts);
   const fastModeConfig = await codexFastModeConfigStatus(opts);
   const computerUseMcpListed = /computer[-_ ]?use/i.test(mcpText);
   const browserUseMcpListed = /browser[-_ ]?use/i.test(mcpText);
@@ -140,7 +134,8 @@ export async function codexAppIntegrationStatus(opts = {}) {
   const browserUseReady = browserUseMcpListed || Boolean(browserUsePath);
   const browserToolReady = inAppBrowserReady || browserUseFeatureReady || browserUseReady;
   const appInstalled = Boolean(appPath);
-  const ready = appInstalled && Boolean(codex.bin) && mcpList.ok && featureList.ok && requiredFeatureFlagsOk && defaultPlugins.ok && fastModeConfig.ok && imageGenerationReady && computerUseReady && browserToolReady;
+  const pluginPickerReady = requiredFeatureFlags.tool_suggest && requiredFeatureFlags.plugins && requiredFeatureFlags.apps && defaultPlugins.ok && pluginSkillShadows.ok && fastModeConfig.ok;
+  const ready = appInstalled && Boolean(codex.bin) && mcpList.ok && featureList.ok && requiredFeatureFlagsOk && pluginPickerReady && fastModeConfig.ok && imageGenerationReady && computerUseReady && browserToolReady;
   return {
     ok: ready,
     app: {
@@ -191,9 +186,17 @@ export async function codexAppIntegrationStatus(opts = {}) {
     plugins: {
       computer_use_cache: computerUsePath,
       browser_use_cache: browserUsePath,
-      default_plugins: defaultPlugins
+      default_plugins: defaultPlugins,
+      skill_shadows: pluginSkillShadows,
+      picker: {
+        ok: pluginPickerReady,
+        required_flags_ok: Boolean(requiredFeatureFlags.tool_suggest && requiredFeatureFlags.plugins && requiredFeatureFlags.apps),
+        default_plugins_ok: defaultPlugins.ok,
+        skill_shadows_ok: pluginSkillShadows.ok,
+        fast_mode_config_ok: fastModeConfig.ok
+      }
     },
-    guidance: codexAppGuidance({ appInstalled, codex, mcpList, featureList, requiredFeatureFlags, requiredFeatureFlagsOk, defaultPlugins, fastModeConfig, imageGenerationReady, inAppBrowserReady, browserUseFeatureReady, computerUseReady, browserUseReady, browserToolReady, computerUseMcpListed, browserUseMcpListed, remoteControl })
+    guidance: codexAppGuidance({ appInstalled, codex, mcpList, featureList, requiredFeatureFlags, requiredFeatureFlagsOk, defaultPlugins, pluginSkillShadows, fastModeConfig, imageGenerationReady, inAppBrowserReady, browserUseFeatureReady, computerUseReady, browserUseReady, browserToolReady, computerUseMcpListed, browserUseMcpListed, remoteControl })
   };
 }
 
@@ -248,7 +251,7 @@ export function formatCodexRemoteControlStatus(status) {
   return lines.filter(Boolean).join('\n');
 }
 
-export function codexAppGuidance({ appInstalled, codex, mcpList, featureList, requiredFeatureFlags = {}, requiredFeatureFlagsOk = true, defaultPlugins = { ok: true, missing_enabled: [] }, fastModeConfig = { ok: true, blockers: [] }, imageGenerationReady, inAppBrowserReady, browserUseFeatureReady, computerUseReady, browserUseReady, browserToolReady, computerUseMcpListed, browserUseMcpListed, remoteControl }) {
+export function codexAppGuidance({ appInstalled, codex, mcpList, featureList, requiredFeatureFlags = {}, requiredFeatureFlagsOk = true, defaultPlugins = { ok: true, missing_enabled: [] }, pluginSkillShadows = { ok: true, blocking: [] }, fastModeConfig = { ok: true, blockers: [] }, imageGenerationReady, inAppBrowserReady, browserUseFeatureReady, computerUseReady, browserUseReady, browserToolReady, computerUseMcpListed, browserUseMcpListed, remoteControl }) {
   const lines = [];
   if (!appInstalled) {
     lines.push('Install and open Codex App for first-party MCP/plugin tools. SKS tmux launch can still run with Codex CLI alone, but Codex Computer Use and imagegen/gpt-image-2 evidence will be unavailable until Codex App is ready.');
@@ -278,6 +281,19 @@ export function codexAppGuidance({ appInstalled, codex, mcpList, featureList, re
     lines.push(`Codex default plugin(s) installed but not enabled: ${defaultPlugins.missing_enabled.join(', ')}. Composer/tool UI can hide built-in surfaces even while feature flags look green.`);
     lines.push('Run: sks doctor --fix');
   }
+  if (defaultPlugins?.missing_installed?.length) {
+    lines.push(`Codex default plugin source(s) missing: ${defaultPlugins.missing_installed.join(', ')}. The @ plugin picker can hide built-in surfaces when plugin files are absent even if config says enabled.`);
+    lines.push('Run: sks doctor --fix, then restart Codex App if the plugin cache was just restored.');
+  }
+  if (pluginSkillShadows?.generated?.length) {
+    const names = pluginSkillShadows.generated.map((entry) => `${entry.name}:${entry.scope}`).join(', ');
+    lines.push(`Codex plugin picker generated skill shadow(s) detected: ${names}. Generated SKS skills with first-party plugin names can hide @ plugin entries after upgrades.`);
+    lines.push('Run: sks doctor --fix');
+  }
+  if (pluginSkillShadows?.custom?.length) {
+    const names = pluginSkillShadows.custom.map((entry) => `${entry.name}:${entry.scope}`).join(', ');
+    lines.push(`Codex plugin picker user-owned reserved skill name(s) detected: ${names}. Rename or remove these custom skills to avoid hiding first-party @ plugin entries; SKS doctor will not delete user-owned skills.`);
+  }
   if (fastModeConfig?.blockers?.length) {
     lines.push(`Codex App speed selector can be hidden or locked by config: ${fastModeConfig.blockers.join(', ')}.`);
     lines.push('Run: sks doctor --fix');
@@ -315,7 +331,8 @@ export function formatCodexAppStatus(status, { includeRaw = false } = {}) {
     `Remote Ctrl: ${status.remote_control?.ok ? 'ok' : 'missing'}${status.remote_control?.codex_cli?.version_number ? ` min ${status.remote_control.min_version}` : ''}`,
     `App Flags:  ${status.features?.required_flags_ok ? 'ok' : `missing ${missingRequiredFeatureFlags(status.features?.required_flags).join(', ') || 'required flags'}`}`,
     `Fast UI:    ${status.features?.fast_mode_config?.ok ? 'ok' : `locked ${(status.features?.fast_mode_config?.blockers || []).join(', ') || 'config'}`}`,
-    `Default Plugins:${status.plugins?.default_plugins?.ok ? ' ok' : ` missing ${(status.plugins?.default_plugins?.missing_enabled || []).join(', ') || 'enabled plugin config'}`}`,
+    `Default Plugins:${status.plugins?.default_plugins?.ok ? ' ok' : ` missing ${defaultPluginMissingSummary(status.plugins?.default_plugins) || 'plugin install/config'}`}`,
+    `Plugin Picker:${status.plugins?.picker?.ok ? ' ok' : ` blocked ${pluginPickerBlockers(status).join(', ') || 'config'}`}`,
     `Computer Use:${status.mcp.has_computer_use ? status.mcp.computer_use_source === 'plugin_cache' ? ' installed (verify @Computer in thread)' : ' ok' : ' missing'}`,
     `Browser:     ${status.features?.browser_tool_ready ? `ok (${status.features.browser_tool_source})` : status.mcp.has_browser_use ? status.mcp.browser_use_source === 'plugin_cache' ? 'installed (plugin scoped)' : 'ok' : 'missing'}`,
     `Image Gen:   ${status.features?.image_generation ? 'ok ($imagegen/gpt-image-2)' : status.features?.checked ? 'missing' : 'not checked'}`,
@@ -376,15 +393,56 @@ async function codexDefaultPluginStatus(opts = {}) {
     });
   }
   const installed = entries.filter((entry) => entry.installed);
+  const missingInstalled = entries.filter((entry) => !entry.installed).map((entry) => entry.id);
   const missingEnabled = installed.filter((entry) => !entry.enabled).map((entry) => entry.id);
   return {
-    ok: missingEnabled.length === 0,
+    ok: missingInstalled.length === 0 && missingEnabled.length === 0,
     checked: true,
     entries,
+    missing_installed: missingInstalled,
     missing_enabled: missingEnabled
   };
 }
 
+async function codexPluginSkillShadowStatus(opts = {}) {
+  const home = opts.home || os.homedir();
+  const cwd = opts.cwd || process.cwd();
+  const roots = [
+    { scope: 'global', root: path.join(home || '', '.agents', 'skills') }
+  ];
+  const projectRoot = path.join(cwd || '', '.agents', 'skills');
+  if (path.resolve(projectRoot) !== path.resolve(roots[0].root)) roots.push({ scope: 'project', root: projectRoot });
+  const entries = [];
+  for (const root of roots) {
+    for (const name of RESERVED_CODEX_PLUGIN_SKILL_NAMES) {
+      const skillPath = path.join(root.root, name, 'SKILL.md');
+      if (!(await exists(skillPath))) continue;
+      const text = await readTextIfExists(skillPath);
+      entries.push({
+        name,
+        scope: root.scope,
+        path: skillPath,
+        generated: isGeneratedSksPluginShadow(text, name)
+      });
+    }
+  }
+  return {
+    ok: entries.length === 0,
+    checked: true,
+    reserved_names: RESERVED_CODEX_PLUGIN_SKILL_NAMES,
+    blocking: entries,
+    generated: entries.filter((entry) => entry.generated),
+    custom: entries.filter((entry) => !entry.generated)
+  };
+}
+
+function isGeneratedSksPluginShadow(text = '', name = '') {
+  const s = String(text || '');
+  if (!new RegExp(`^name:\\s*${escapeRegExp(name)}\\s*$`, 'm').test(s)) return false;
+  if (/\bnot generated by SKS\b/i.test(s)) return false;
+  return /Sneakoscope generated|Codex App pipeline activation:|Dollar-command route generated by SKS|stale plugin collision/i.test(s);
+}
+
 async function codexFastModeConfigStatus(opts = {}) {
   const home = opts.home || os.homedir();
   const cwd = opts.cwd || process.cwd();
@@ -451,6 +509,22 @@ function codexPluginEnabled(configText = '', plugin = {}) {
   return /(?:^|\n)\s*enabled\s*=\s*true\s*(?:#.*)?(?=\n|$)/.test(block);
 }
 
+function pluginPickerBlockers(status = {}) {
+  const out = [];
+  if (!status.plugins?.picker?.required_flags_ok) out.push('tool_suggest/plugins/apps');
+  if (!status.plugins?.picker?.default_plugins_ok) out.push('default_plugins');
+  if (!status.plugins?.picker?.skill_shadows_ok) out.push('skill_shadows');
+  if (!status.plugins?.picker?.fast_mode_config_ok) out.push('fast_mode_config');
+  return out;
+}
+
+function defaultPluginMissingSummary(defaultPlugins = {}) {
+  return [
+    ...(defaultPlugins?.missing_installed || []),
+    ...(defaultPlugins?.missing_enabled || [])
+  ].join(', ');
+}
+
 function topLevelToml(text = '') {
   const lines = String(text || '').split('\n');
   const firstTable = lines.findIndex((line) => /^\s*\[.+\]\s*$/.test(line));

package/src/core/decision-lattice.mjs

@@ -0,0 +1,481 @@
+export const DECISION_LATTICE_SCHEMA_VERSION = 1;
+
+export const DEFAULT_LATTICE_WEIGHTS = Object.freeze({
+  step: 1,
+  proof_debt: 3,
+  risk: 1,
+  friction: 1,
+  info_gain: 1
+});
+
+const AXES = Object.freeze(['contract', 'context', 'implementation', 'verification', 'review']);
+
+const DEFAULT_START = Object.freeze({
+  contract: 0,
+  context: 0,
+  implementation: 0,
+  verification: 0,
+  review: 0
+});
+
+const DEFAULT_GOAL = Object.freeze({
+  contract: 2,
+  context: 2,
+  implementation: 2,
+  verification: 2,
+  review: 1
+});
+
+const DEFAULT_ACTIONS = Object.freeze([
+  {
+    id: 'seal_contract',
+    label: 'Seal decision contract',
+    delta: { contract: 2 },
+    risk: 0.05,
+    friction: 0.25,
+    info_gain: 0.9,
+    notes: ['Removes ambiguity before route selection.']
+  },
+  {
+    id: 'read_triwiki',
+    label: 'Read bounded TriWiki context',
+    delta: { context: 1 },
+    risk: 0.05,
+    friction: 0.2,
+    info_gain: 0.7,
+    notes: ['Uses compact high-trust recall before editing.']
+  },
+  {
+    id: 'proof_field_scan',
+    label: 'Run proof-field scan',
+    delta: { context: 2, verification: 1 },
+    risk: 0.1,
+    friction: 0.35,
+    info_gain: 0.95,
+    notes: ['Scores route surface and escalation triggers.']
+  },
+  {
+    id: 'minimal_patch',
+    label: 'Implement smallest scoped change',
+    delta: { implementation: 2 },
+    risk: 0.35,
+    friction: 0.35,
+    info_gain: 0.4,
+    notes: ['Touches only the selected proof cone.']
+  },
+  {
+    id: 'focused_verification',
+    label: 'Run focused verification',
+    delta: { verification: 1 },
+    risk: 0.12,
+    friction: 0.45,
+    info_gain: 0.85,
+    notes: ['Checks syntax and behavior for the changed module.']
+  },
+  {
+    id: 'five_lane_review',
+    label: 'Collect five-lane Team review',
+    delta: { review: 1 },
+    risk: 0.2,
+    friction: 1.1,
+    info_gain: 1,
+    notes: ['Satisfies Team review gate for broad missions.']
+  },
+  {
+    id: 'honest_mode',
+    label: 'Run Honest Mode closeout',
+    delta: { verification: 1 },
+    risk: 0.05,
+    friction: 0.2,
+    info_gain: 0.65,
+    notes: ['Binds final claims to evidence and gaps.']
+  }
+]);
+
+const DEFAULT_ROUTE_PATHS = Object.freeze([
+  {
+    id: 'proof_field_fast_lane',
+    label: 'Proof Field Fast Lane',
+    action_ids: ['seal_contract', 'read_triwiki', 'proof_field_scan', 'minimal_patch', 'focused_verification', 'honest_mode'],
+    notes: ['Lowest friction when scope is narrow and risk flags stay low.']
+  },
+  {
+    id: 'balanced_team_lane',
+    label: 'Balanced Team Lane',
+    action_ids: ['seal_contract', 'read_triwiki', 'proof_field_scan', 'minimal_patch', 'focused_verification', 'five_lane_review', 'honest_mode'],
+    notes: ['Adds review evidence while preserving a compact change surface.']
+  },
+  {
+    id: 'full_team_honest_path',
+    label: 'Full Team Honest Path',
+    action_ids: ['seal_contract', 'read_triwiki', 'proof_field_scan', 'five_lane_review', 'minimal_patch', 'focused_verification', 'five_lane_review', 'honest_mode'],
+    notes: ['Heaviest default for broad or release-sensitive missions.']
+  }
+]);
+
+export function buildDecisionLatticeReport(input = {}) {
+  const weights = normalizeWeights(input.weights);
+  const start = normalizeState(input.start_state || input.start || DEFAULT_START);
+  const goal = normalizeState(input.goal_state || input.target_state || input.target || inferredGoal(input));
+  const actions = normalizeActions(input.actions || DEFAULT_ACTIONS);
+  const routePaths = normalizeRoutePaths(input.route_paths || input.candidate_route_paths || DEFAULT_ROUTE_PATHS, actions);
+  const grid = buildConceptualGrid(start, goal, actions);
+  const search = runAStar({ start, goal, actions, weights });
+  const routeCandidates = routePaths.map((routePath, index) => evaluateRoutePath(routePath, index, { start, goal, actions, weights }));
+  const candidates = routeCandidates.concat([{ ...search.selected_path, rank_hint: routeCandidates.length }]).sort(compareCandidates);
+  const selected = selectPath(candidates, search.selected_path);
+  const rejected = candidates
+    .filter((candidate) => candidate.id !== selected.id)
+    .map((candidate) => ({
+      id: candidate.id,
+      label: candidate.label,
+      f: candidate.cost.f,
+      delta_from_selected: round(candidate.cost.f - selected.cost.f),
+      rejection_reasons: rejectionReasons(candidate, selected)
+    }));
+  const report = {
+    schema_version: DECISION_LATTICE_SCHEMA_VERSION,
+    report_only: true,
+    deterministic: true,
+    module: 'decision-lattice',
+    scoring_formula: String(input.scoring_formula || 'f = g + h + risk + friction - info_gain'),
+    research_basis: {
+      model: 'Decision Lattice A* planner',
+      scoring_formula: 'f = g + h + risk + friction - info_gain',
+      proof_debt_heuristic: 'h is weighted remaining lattice debt across contract, context, implementation, verification, and review axes.'
+    },
+    input_summary: {
+      intent: String(input.intent || input.goal || '').trim() || null,
+      weights,
+      start_state: start,
+      goal_state: goal,
+      action_count: actions.length,
+      route_path_count: routePaths.length
+    },
+    heuristic: {
+      id: 'proof_debt',
+      h_start: proofDebt(start, goal, weights),
+      axes: AXES.map((axis) => ({
+        axis,
+        start: start[axis],
+        goal: goal[axis],
+        debt: debtForAxis(start, goal, axis),
+        weighted_debt: round(debtForAxis(start, goal, axis) * weights.proof_debt)
+      }))
+    },
+    conceptual_grid: grid,
+    frontier: search.frontier,
+    candidate_paths: candidates,
+    selected_path: selected,
+    rejected_alternatives: rejected,
+    validation: null
+  };
+  report.validation = validateDecisionLatticeReport(report);
+  return report;
+}
+
+function inferredGoal(input = {}) {
+  const goal = { ...DEFAULT_GOAL };
+  if (input.execution_lane?.fast_lane_allowed === true && !(input.team_trigger_matrix?.active_triggers || []).length) {
+    goal.review = 0;
+  }
+  return goal;
+}
+
+export function validateDecisionLatticeReport(report = {}) {
+  const issues = [];
+  if (report.schema_version !== DECISION_LATTICE_SCHEMA_VERSION) issues.push('schema_version');
+  if (report.report_only !== true) issues.push('report_only');
+  if (report.deterministic !== true) issues.push('deterministic');
+  if (report.research_basis?.scoring_formula !== 'f = g + h + risk + friction - info_gain') issues.push('scoring_formula');
+  if (!Array.isArray(report.heuristic?.axes) || report.heuristic.axes.length !== AXES.length) issues.push('heuristic_axes');
+  if (!Number.isFinite(Number(report.heuristic?.h_start))) issues.push('heuristic_h_start');
+  if (!Array.isArray(report.conceptual_grid?.cells) || report.conceptual_grid.cells.length < 1) issues.push('conceptual_grid');
+  if (!Array.isArray(report.frontier?.expanded_order) || report.frontier.expanded_order.length < 1) issues.push('frontier_expanded_order');
+  if (!Array.isArray(report.candidate_paths) || report.candidate_paths.length < 1) issues.push('candidate_paths');
+  if (!report.selected_path?.id || !Array.isArray(report.selected_path?.steps)) issues.push('selected_path');
+  if (!Array.isArray(report.rejected_alternatives)) issues.push('rejected_alternatives');
+  if (report.candidate_paths?.some((candidate) => !Number.isFinite(Number(candidate?.cost?.f)))) issues.push('candidate_costs');
+  if (report.selected_path?.cost?.f !== Math.min(...(report.candidate_paths || []).map((candidate) => candidate.cost.f))) issues.push('selected_path_not_min_f');
+  return { ok: issues.length === 0, issues };
+}
+
+function normalizeWeights(input = {}) {
+  return {
+    step: positiveNumber(input.step, DEFAULT_LATTICE_WEIGHTS.step),
+    proof_debt: positiveNumber(input.proof_debt, DEFAULT_LATTICE_WEIGHTS.proof_debt),
+    risk: positiveNumber(input.risk, DEFAULT_LATTICE_WEIGHTS.risk),
+    friction: positiveNumber(input.friction, DEFAULT_LATTICE_WEIGHTS.friction),
+    info_gain: positiveNumber(input.info_gain, DEFAULT_LATTICE_WEIGHTS.info_gain)
+  };
+}
+
+function normalizeState(input = {}) {
+  const state = {};
+  for (const axis of AXES) state[axis] = clampInt(input[axis], 0, 3);
+  return state;
+}
+
+function normalizeActions(input = []) {
+  return input
+    .map((action, index) => ({
+      id: safeId(action.id || `action_${index + 1}`),
+      label: String(action.label || action.id || `Action ${index + 1}`),
+      delta: normalizeDelta(action.delta || {}),
+      risk: nonNegativeNumber(action.risk, 0),
+      friction: nonNegativeNumber(action.friction, 0),
+      info_gain: nonNegativeNumber(action.info_gain, 0),
+      notes: arrayOfStrings(action.notes)
+    }))
+    .filter((action) => AXES.some((axis) => action.delta[axis] > 0))
+    .sort(compareById);
+}
+
+function normalizeRoutePaths(input = [], actions = []) {
+  const actionIds = new Set(actions.map((action) => action.id));
+  return input
+    .map((routePath, index) => ({
+      id: safeId(routePath.id || `route_path_${index + 1}`),
+      label: String(routePath.label || routePath.id || `Route Path ${index + 1}`),
+      action_ids: arrayOfStrings(routePath.action_ids || routePath.actions).map(safeId).filter((id) => actionIds.has(id)),
+      notes: arrayOfStrings(routePath.notes)
+    }))
+    .filter((routePath) => routePath.action_ids.length > 0)
+    .sort(compareById);
+}
+
+function normalizeDelta(delta = {}) {
+  const out = {};
+  for (const axis of AXES) out[axis] = clampInt(delta[axis], 0, 3);
+  return out;
+}
+
+function runAStar({ start, goal, actions, weights }) {
+  const open = [nodeForState(start, { g: 0, h: proofDebt(start, goal, weights), risk: 0, friction: 0, info_gain: 0, steps: [] })];
+  const best = new Map([[stateKey(start), 0]]);
+  const closed = [];
+  const snapshots = [];
+  let selected = open[0];
+
+  while (open.length > 0 && closed.length < 64) {
+    open.sort(compareNodes);
+    const current = open.shift();
+    closed.push(current);
+    snapshots.push({ step: closed.length, current: current.key, f: current.f, open: open.map((node) => node.key).sort() });
+    if (isGoal(current.state, goal)) {
+      selected = current;
+      break;
+    }
+    for (const action of actions) {
+      const nextState = applyAction(current.state, action, goal);
+      const key = stateKey(nextState);
+      const g = round(current.g + weights.step);
+      if (best.has(key) && best.get(key) <= g) continue;
+      best.set(key, g);
+      const risk = round(current.risk + action.risk * weights.risk);
+      const friction = round(current.friction + action.friction * weights.friction);
+      const infoGain = round(current.info_gain + action.info_gain * weights.info_gain);
+      const h = proofDebt(nextState, goal, weights);
+      open.push(nodeForState(nextState, {
+        g,
+        h,
+        risk,
+        friction,
+        info_gain: infoGain,
+        steps: current.steps.concat([stepFromAction(action, nextState)])
+      }));
+    }
+  }
+
+  return {
+    selected_path: pathFromNode('astar_frontier_path', 'A* Frontier Path', selected),
+    frontier: {
+      expanded_order: closed.map((node, index) => ({ index, key: node.key, f: node.f, h: node.h, steps: node.steps.map((step) => step.id) })),
+      open_nodes: open.sort(compareNodes).slice(0, 12).map((node) => ({ key: node.key, f: node.f, h: node.h })),
+      closed_nodes: closed.map((node) => node.key),
+      snapshots
+    }
+  };
+}
+
+function evaluateRoutePath(routePath, index, { start, goal, actions, weights }) {
+  const actionById = new Map(actions.map((action) => [action.id, action]));
+  let state = { ...start };
+  let g = 0;
+  let risk = 0;
+  let friction = 0;
+  let infoGain = 0;
+  const steps = [];
+  for (const id of routePath.action_ids) {
+    const action = actionById.get(id);
+    if (!action) continue;
+    g = round(g + weights.step);
+    risk = round(risk + action.risk * weights.risk);
+    friction = round(friction + action.friction * weights.friction);
+    infoGain = round(infoGain + action.info_gain * weights.info_gain);
+    state = applyAction(state, action, goal);
+    steps.push(stepFromAction(action, state));
+  }
+  const h = proofDebt(state, goal, weights);
+  const f = round(g + h + risk + friction - infoGain);
+  return {
+    id: routePath.id,
+    label: routePath.label,
+    rank_hint: index,
+    route: routePath.action_ids,
+    steps,
+    final_state: state,
+    proof_debt: h,
+    complete: isGoal(state, goal),
+    cost: { g, h, risk, friction, info_gain: infoGain, f },
+    notes: routePath.notes
+  };
+}
+
+function selectPath(candidates, astarPath) {
+  const complete = candidates.filter((candidate) => candidate.complete);
+  const pool = complete.length ? complete : candidates;
+  const selected = pool.slice().sort(compareCandidates)[0] || astarPath;
+  return selected.cost.f <= astarPath.cost.f ? selected : astarPath;
+}
+
+function pathFromNode(id, label, node) {
+  return {
+    id,
+    label,
+    route: node.steps.map((step) => step.id),
+    steps: node.steps,
+    final_state: node.state,
+    proof_debt: node.h,
+    complete: node.h === 0,
+    cost: {
+      g: node.g,
+      h: node.h,
+      risk: node.risk,
+      friction: node.friction,
+      info_gain: node.info_gain,
+      f: node.f
+    },
+    notes: ['Generated by A* frontier expansion over the conceptual lattice.']
+  };
+}
+
+function nodeForState(state, input) {
+  const f = round(input.g + input.h + input.risk + input.friction - input.info_gain);
+  return { ...input, state, key: stateKey(state), f };
+}
+
+function applyAction(state, action, goal) {
+  const next = {};
+  for (const axis of AXES) next[axis] = Math.min(goal[axis], state[axis] + action.delta[axis]);
+  return next;
+}
+
+function proofDebt(state, goal, weights) {
+  return round(AXES.reduce((sum, axis) => sum + debtForAxis(state, goal, axis), 0) * weights.proof_debt);
+}
+
+function debtForAxis(state, goal, axis) {
+  return Math.max(0, Number(goal[axis] || 0) - Number(state[axis] || 0));
+}
+
+function buildConceptualGrid(start, goal, actions) {
+  return {
+    axes: AXES.map((axis) => ({ axis, start: start[axis], goal: goal[axis], span: Math.max(0, goal[axis] - start[axis]) })),
+    cells: AXES.map((axis) => ({
+      id: `axis_${axis}`,
+      axis,
+      start: start[axis],
+      goal: goal[axis],
+      candidate_actions: actions.filter((action) => action.delta[axis] > 0).map((action) => action.id)
+    })),
+    legend: {
+      g: 'path steps already paid',
+      h: 'remaining proof debt',
+      risk: 'expected safety and integration exposure',
+      friction: 'coordination and verification drag',
+      info_gain: 'uncertainty removed by the step'
+    }
+  };
+}
+
+function rejectionReasons(candidate, selected) {
+  const reasons = [];
+  if (!candidate.complete) reasons.push('remaining_proof_debt');
+  if (candidate.cost.risk > selected.cost.risk) reasons.push('higher_risk');
+  if (candidate.cost.friction > selected.cost.friction) reasons.push('higher_friction');
+  if (candidate.cost.info_gain < selected.cost.info_gain) reasons.push('lower_info_gain');
+  if (candidate.cost.f > selected.cost.f) reasons.push('higher_total_f');
+  return reasons.length ? reasons : ['tie_broken_by_deterministic_order'];
+}
+
+function compareCandidates(a, b) {
+  return (a.cost.f - b.cost.f)
+    || (a.cost.h - b.cost.h)
+    || (a.cost.risk - b.cost.risk)
+    || (a.cost.friction - b.cost.friction)
+    || (b.cost.info_gain - a.cost.info_gain)
+    || a.id.localeCompare(b.id);
+}
+
+function compareNodes(a, b) {
+  return (a.f - b.f)
+    || (a.h - b.h)
+    || (a.risk - b.risk)
+    || (a.friction - b.friction)
+    || (b.info_gain - a.info_gain)
+    || a.key.localeCompare(b.key);
+}
+
+function compareById(a, b) {
+  return a.id.localeCompare(b.id);
+}
+
+function stateKey(state) {
+  return AXES.map((axis) => `${axis}:${state[axis]}`).join('|');
+}
+
+function isGoal(state, goal) {
+  return AXES.every((axis) => state[axis] >= goal[axis]);
+}
+
+function stepFromAction(action, state) {
+  return {
+    id: action.id,
+    label: action.label,
+    state_after: state,
+    risk: action.risk,
+    friction: action.friction,
+    info_gain: action.info_gain,
+    notes: action.notes
+  };
+}
+
+function arrayOfStrings(value) {
+  if (!Array.isArray(value)) return [];
+  return value.map((item) => String(item || '').trim()).filter(Boolean);
+}
+
+function safeId(value) {
+  return String(value || 'item').trim().toLowerCase().replace(/[^a-z0-9_./-]+/g, '_').replace(/^_+|_+$/g, '') || 'item';
+}
+
+function clampInt(value, min, max) {
+  const number = Number(value);
+  if (!Number.isFinite(number)) return min;
+  return Math.max(min, Math.min(max, Math.floor(number)));
+}
+
+function positiveNumber(value, fallback) {
+  const number = Number(value);
+  return Number.isFinite(number) && number > 0 ? number : fallback;
+}
+
+function nonNegativeNumber(value, fallback) {
+  const number = Number(value);
+  return Number.isFinite(number) && number >= 0 ? number : fallback;
+}
+
+function round(value) {
+  return Math.round(Number(value || 0) * 1000) / 1000;
+}

package/src/core/fsx.mjs

@@ -5,7 +5,7 @@ import os from 'node:os';
 import crypto from 'node:crypto';
 import { spawn } from 'node:child_process';
 
-export const PACKAGE_VERSION = '0.8.6';
+export const PACKAGE_VERSION = '0.9.1';
 export const DEFAULT_PROCESS_TAIL_BYTES = 256 * 1024;
 export const DEFAULT_PROCESS_TIMEOUT_MS = 30 * 60 * 1000;
 

package/src/core/init.mjs

@@ -7,7 +7,7 @@ import { isHarnessSourceProject, writeHarnessGuardPolicy } from './harness-guard
 import { repairSksGeneratedArtifacts } from './harness-conflicts.mjs';
 import { disableVersionGitHook } from './version-manager.mjs';
 import { MIN_TEAM_REVIEWER_LANES, MIN_TEAM_REVIEW_POLICY_TEXT } from './team-review-policy.mjs';
-import { AWESOME_DESIGN_MD_REFERENCE, CODEX_APP_IMAGE_GENERATION_DOC_URL, CODEX_COMPUTER_USE_ONLY_POLICY, CODEX_IMAGEGEN_REQUIRED_POLICY, DESIGN_SYSTEM_SSOT, DOLLAR_COMMANDS, DOLLAR_COMMAND_ALIASES, DOLLAR_SKILL_NAMES, FROM_CHAT_IMG_CHECKLIST_ARTIFACT, FROM_CHAT_IMG_COVERAGE_ARTIFACT, FROM_CHAT_IMG_QA_LOOP_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS, GETDESIGN_REFERENCE, PPT_CONDITIONAL_SKILL_ALLOWLIST, PPT_PIPELINE_MCP_ALLOWLIST, PPT_PIPELINE_SKILL_ALLOWLIST, RECOMMENDED_DESIGN_REFERENCES, RECOMMENDED_MCP_SERVERS, RECOMMENDED_SKILLS, RESERVED_CODEX_PLUGIN_SKILL_NAMES, SOLUTION_SCOUT_SKILL_NAME, chatCaptureIntakeText, context7ConfigToml, getdesignReferencePolicyText, imageUxReviewPipelinePolicyText, outcomeRubricPolicyText, pptPipelineAllowlistPolicyText, solutionScoutPolicyText, speedLanePolicyText, stackCurrentDocsPolicyText, triwikiContextTracking, triwikiContextTrackingText, triwikiStagePolicyText } from './routes.mjs';
+import { AWESOME_DESIGN_MD_REFERENCE, CODEX_APP_IMAGE_GENERATION_DOC_URL, CODEX_COMPUTER_USE_ONLY_POLICY, CODEX_IMAGEGEN_REQUIRED_POLICY, DEFAULT_CODEX_APP_PLUGINS, DESIGN_SYSTEM_SSOT, DOLLAR_COMMANDS, DOLLAR_COMMAND_ALIASES, DOLLAR_SKILL_NAMES, FROM_CHAT_IMG_CHECKLIST_ARTIFACT, FROM_CHAT_IMG_COVERAGE_ARTIFACT, FROM_CHAT_IMG_QA_LOOP_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_ARTIFACT, FROM_CHAT_IMG_TEMP_TRIWIKI_SESSIONS, GETDESIGN_REFERENCE, PPT_CONDITIONAL_SKILL_ALLOWLIST, PPT_PIPELINE_MCP_ALLOWLIST, PPT_PIPELINE_SKILL_ALLOWLIST, RECOMMENDED_DESIGN_REFERENCES, RECOMMENDED_MCP_SERVERS, RECOMMENDED_SKILLS, RESERVED_CODEX_PLUGIN_SKILL_NAMES, SOLUTION_SCOUT_SKILL_NAME, chatCaptureIntakeText, context7ConfigToml, getdesignReferencePolicyText, imageUxReviewPipelinePolicyText, outcomeRubricPolicyText, pptPipelineAllowlistPolicyText, solutionScoutPolicyText, speedLanePolicyText, stackCurrentDocsPolicyText, triwikiContextTracking, triwikiContextTrackingText, triwikiStagePolicyText } from './routes.mjs';
 import { SKILL_DREAM_POLICY, skillDreamPolicyText } from './skill-forge.mjs';
 
 const REFLECTION_MEMORY_PATH = '.sneakoscope/memory/q2_facts/post-route-reflection.md';
@@ -33,16 +33,6 @@ export const REQUIRED_GENERATED_CODEX_APP_FEATURE_FLAGS = [
   'plugins'
 ];
 
-const DEFAULT_CODEX_APP_PLUGINS = [
-  ['browser', 'openai-bundled'],
-  ['chrome', 'openai-bundled'],
-  ['computer-use', 'openai-bundled'],
-  ['latex', 'openai-bundled'],
-  ['documents', 'openai-primary-runtime'],
-  ['presentations', 'openai-primary-runtime'],
-  ['spreadsheets', 'openai-primary-runtime']
-];
-
 export function hasTopLevelCodexModeLock(text = '') {
   const lines = String(text || '').split('\n');
   const firstTable = lines.findIndex((x) => /^\s*\[.+\]\s*$/.test(x));

package/src/core/perf-bench.mjs

@@ -110,6 +110,11 @@ export async function runWorkflowPerfBench(root, opts = {}) {
       workflow_complexity_band: proofField?.workflow_complexity?.band || null,
       team_trigger_count: proofField?.team_trigger_matrix?.active_triggers?.length || 0,
       verification_stage_cache_key: proofField?.verification_stage_cache?.cache_key || null,
+      decision_lattice_selected_path: proofField?.decision_lattice?.selected_path?.id || null,
+      decision_lattice_frontier_count: proofField?.decision_lattice?.frontier?.expanded_order?.length || 0,
+      decision_lattice_rejected_alternative_count: proofField?.decision_lattice?.rejected_alternatives?.length || 0,
+      decision_lattice_scoring_formula: proofField?.decision_lattice?.scoring_formula || null,
+      decision_lattice_valid: Boolean(proofField?.decision_lattice?.report_only) && proofValidation.ok,
       outcome_criteria_passed: (proofField?.simplicity_scorecard?.criteria || []).filter((item) => item.passed).length,
       proof_field_valid: proofValidation.ok,
       pipeline_plan_valid: planValidation.ok
@@ -138,7 +143,19 @@ export function validateWorkflowPerfReport(report = {}) {
   if (!Number.isFinite(Number(report.metrics?.workflow_complexity_score))) issues.push('workflow_complexity_score');
   if (!report.metrics?.workflow_complexity_band) issues.push('workflow_complexity_band');
   if (!report.metrics?.verification_stage_cache_key) issues.push('verification_stage_cache_key');
+  if (!report.metrics?.decision_lattice_selected_path) issues.push('decision_lattice_selected_path');
+  if (!Number.isFinite(Number(report.metrics?.decision_lattice_frontier_count))) issues.push('decision_lattice_frontier_count');
+  if (!Number.isFinite(Number(report.metrics?.decision_lattice_rejected_alternative_count))) issues.push('decision_lattice_rejected_alternative_count');
+  if (!report.metrics?.decision_lattice_scoring_formula) issues.push('decision_lattice_scoring_formula');
+  if (report.metrics?.decision_lattice_valid !== true) issues.push('decision_lattice_valid');
   if (!report.proof_field || !validateProofFieldReport(report.proof_field).ok) issues.push('proof_field');
+  else {
+    const lattice = report.proof_field.decision_lattice;
+    if (report.metrics.decision_lattice_selected_path !== lattice?.selected_path?.id) issues.push('decision_lattice_selected_path_mismatch');
+    if (Number(report.metrics.decision_lattice_frontier_count) !== Number(lattice?.frontier?.expanded_order?.length || 0)) issues.push('decision_lattice_frontier_count_mismatch');
+    if (Number(report.metrics.decision_lattice_rejected_alternative_count) !== Number(lattice?.rejected_alternatives?.length || 0)) issues.push('decision_lattice_rejected_alternative_count_mismatch');
+    if (report.metrics.decision_lattice_scoring_formula !== lattice?.scoring_formula) issues.push('decision_lattice_scoring_formula_mismatch');
+  }
   if (!report.pipeline_plan || !validatePipelinePlan(report.pipeline_plan).ok) issues.push('pipeline_plan');
   if (!report.recommendation?.mode) issues.push('recommendation');
   return { ok: issues.length === 0, issues };

package/src/core/pipeline.mjs

@@ -135,11 +135,32 @@ export function validatePipelinePlan(plan = {}) {
   if (!Array.isArray(plan.stages) || !plan.stages.length) issues.push('stages');
   if (!Array.isArray(plan.verification) || !plan.verification.length) issues.push('verification');
   if (!plan.route_economy?.mode) issues.push('route_economy');
+  const routeEconomyLatticeIssues = validateRouteEconomyDecisionLattice(plan.route_economy, plan.proof_field);
+  if (routeEconomyLatticeIssues.length) issues.push(...routeEconomyLatticeIssues.map((issue) => `route_economy.decision_lattice:${issue}`));
   if (plan.no_unrequested_fallback_code !== true || !plan.invariants?.includes('no_unrequested_fallback_code')) issues.push('fallback_guard');
   if (!plan.next_actions?.length) issues.push('next_actions');
   return { ok: issues.length === 0, issues };
 }
 
+function validateRouteEconomyDecisionLattice(routeEconomy = {}, proof = {}) {
+  const lattice = routeEconomy.decision_lattice;
+  if (!lattice) return [];
+  const issues = [];
+  if (routeEconomy.report_only !== true || routeEconomy.mode !== 'report_only') issues.push('requires_report_only_route_economy');
+  if (lattice.report_only !== true) issues.push('report_only');
+  if (!lattice.selected_path) issues.push('selected_path');
+  if (!Number.isFinite(Number(lattice.selected_f_score))) issues.push('selected_f_score');
+  if (!Number.isFinite(Number(lattice.frontier_count)) || Number(lattice.frontier_count) < 1) issues.push('frontier_count');
+  if (!Number.isFinite(Number(lattice.rejected_alternatives_count))) issues.push('rejected_alternatives_count');
+  if (proof?.attached && proof.decision_lattice) {
+    const source = proof.decision_lattice;
+    if (lattice.selected_path !== source.selected_path?.id) issues.push('selected_path_mismatch');
+    if (Number(lattice.frontier_count) !== Number(source.frontier?.expanded_order?.length || 0)) issues.push('frontier_count_mismatch');
+    if (Number(lattice.rejected_alternatives_count) !== Number(source.rejected_alternatives?.length || 0)) issues.push('rejected_alternatives_count_mismatch');
+  }
+  return issues;
+}
+
 function normalizeAmbiguity(value = {}, route) {
   const required = value.required ?? !CLARIFICATION_BYPASS_ROUTES.has(route?.id);
   const slots = Number(value.slots || 0);
@@ -173,7 +194,8 @@ function normalizeProofField(report) {
     contract_clarity: report.contract_clarity || null,
     workflow_complexity: report.workflow_complexity || null,
     team_trigger_matrix: report.team_trigger_matrix || null,
-    verification_stage_cache: report.verification_stage_cache || null
+    verification_stage_cache: report.verification_stage_cache || null,
+    decision_lattice: report.decision_lattice || null
   };
 }
 
@@ -199,6 +221,13 @@ function routeEconomyPlan(proof = {}) {
     team_trigger_count: triggers.length,
     active_team_triggers: triggers,
     verification_stage_cache_key: proof.verification_stage_cache?.cache_key || null,
+    decision_lattice: proof.decision_lattice ? {
+      selected_path: proof.decision_lattice.selected_path?.id || null,
+      selected_f_score: proof.decision_lattice.selected_path?.cost?.f ?? null,
+      frontier_count: proof.decision_lattice.frontier?.expanded_order?.length || 0,
+      rejected_alternatives_count: proof.decision_lattice.rejected_alternatives?.length || 0,
+      report_only: proof.decision_lattice.report_only === true
+    } : null,
     deletion_policy: 'do_not_delete_or_skip_pipeline_stages_until_report_only_metrics_are_calibrated'
   };
 }

package/src/core/proof-field.mjs

@@ -1,5 +1,6 @@
 import path from 'node:path';
 import { nowIso, readText, rel, runProcess, sha256, writeJsonAtomic } from './fsx.mjs';
+import { buildDecisionLatticeReport, validateDecisionLatticeReport } from './decision-lattice.mjs';
 
 export const PROOF_FIELD_SCHEMA_VERSION = 1;
 export const FAST_LANE_MIN_SCORE = 0.75;
@@ -88,6 +89,20 @@ export async function buildProofField(root, opts = {}) {
   const verificationStageCache = verificationStageCachePlan({ sourceHash, changedFiles, verification: fastLane.verification });
   const simplicity = outcomeScorecard({ intent, changedFiles, selectedCones, risk, negativeWork, fastLane, workflowComplexity });
   const executionLane = executionLaneDecision({ fastLane, simplicity, workflowComplexity, teamTriggerMatrix });
+  const decisionLattice = normalizeDecisionLatticeReport(await buildDecisionLatticeReport({
+    intent,
+    changed_files: changedFiles,
+    proof_cones: selectedCones,
+    risk,
+    contract_clarity: contractClarity,
+    workflow_complexity: workflowComplexity,
+    team_trigger_matrix: teamTriggerMatrix,
+    verification_stage_cache: verificationStageCache,
+    simplicity_scorecard: simplicity,
+    fast_lane_decision: fastLane,
+    execution_lane: executionLane,
+    scoring_formula: 'simplicity_scorecard.score + contract_clarity.score - workflow_complexity.score - active_team_trigger_penalty'
+  }));
   return {
     schema_version: PROOF_FIELD_SCHEMA_VERSION,
     generated_at: nowIso(),
@@ -102,6 +117,7 @@ export async function buildProofField(root, opts = {}) {
     workflow_complexity: workflowComplexity,
     team_trigger_matrix: teamTriggerMatrix,
     verification_stage_cache: verificationStageCache,
+    decision_lattice: decisionLattice,
     simplicity_scorecard: simplicity,
     execution_lane: executionLane,
     proof_cones: selectedCones,
@@ -133,6 +149,8 @@ export function validateProofFieldReport(report = {}) {
   if (!Number.isFinite(Number(report.workflow_complexity?.score))) issues.push('workflow_complexity');
   if (!Array.isArray(report.team_trigger_matrix?.triggers)) issues.push('team_trigger_matrix');
   if (report.verification_stage_cache?.report_only !== true || !report.verification_stage_cache?.cache_key) issues.push('verification_stage_cache');
+  const latticeValidation = validateDecisionLatticeReport(report.decision_lattice);
+  if (!latticeValidation.ok) issues.push(`decision_lattice:${latticeValidation.issues.join('|')}`);
   if (!report.execution_lane?.lane) issues.push('execution_lane');
   if (report.execution_lane?.lane === SPEED_LANE_POLICY.fast_lane && report.execution_lane?.score < FAST_LANE_MIN_SCORE) issues.push('execution_lane_score');
   if (!Array.isArray(report.proof_cones)) issues.push('proof_cones');
@@ -158,12 +176,25 @@ export async function proofFieldFixture() {
       outcome_rubric_present: report.outcome_rubric.length === OUTCOME_RUBRIC.length,
       adversarial_lenses_present: report.outcome_rubric.every((item) => item.adversarial_lens) && report.simplicity_scorecard.criteria.every((item) => item.adversarial_lens),
       route_economy_present: report.contract_clarity?.report_only === true && report.workflow_complexity?.report_only === true && report.team_trigger_matrix?.report_only === true && report.verification_stage_cache?.report_only === true,
+      decision_lattice_present: validateDecisionLatticeReport(report.decision_lattice).ok,
+      decision_lattice_report_only: report.decision_lattice?.report_only === true,
+      decision_lattice_selected_path: Boolean(report.decision_lattice?.selected_path?.id),
+      decision_lattice_frontier_present: Array.isArray(report.decision_lattice?.frontier?.expanded_order) && report.decision_lattice.frontier.expanded_order.length > 0,
+      decision_lattice_rejections_present: Array.isArray(report.decision_lattice?.rejected_alternatives),
+      decision_lattice_scoring_formula_present: Boolean(report.decision_lattice?.scoring_formula),
       simplicity_score_usable: Number(report.simplicity_scorecard?.score) >= FAST_LANE_MIN_SCORE,
       execution_fast_lane_selected: report.execution_lane?.lane === SPEED_LANE_POLICY.fast_lane
     }
   };
 }
 
+function normalizeDecisionLatticeReport(report = {}) {
+  return {
+    ...report,
+    scoring_formula: report.scoring_formula || report.research_basis?.scoring_formula || null
+  };
+}
+
 async function gitChangedFiles(root) {
   const result = await runProcess('git', ['diff', '--name-only', 'HEAD', '--'], { cwd: root, timeoutMs: 10000, maxOutputBytes: 128 * 1024 });
   if (result.code !== 0) return [];

package/src/core/routes.mjs

@@ -35,7 +35,19 @@ export const CODEX_APP_IMAGE_GENERATION_DOC_URL = 'https://developers.openai.com
 export const OPENAI_IMAGE_GENERATION_DOC_URL = 'https://developers.openai.com/api/docs/guides/image-generation';
 export const CODEX_COMPUTER_USE_ONLY_POLICY = 'Pipeline UI/browser verification and visual inspection must use Codex Computer Use only. Do not use or install Playwright packages, Chrome MCP, Browser Use, Selenium, Puppeteer, or any other browser automation substitute; if Codex Computer Use is unavailable for the target UI, mark the UI/browser evidence unverified instead of substituting another tool. Codex App readiness/config verification is not target-UI evidence: use the Codex-provided control surfaces `codex features list`, `codex mcp list`, `sks codex-app check`, remote-control status, and plugin/tool exposure, not direct OS Accessibility control of the Codex App bundle. In Codex App prompts, invoke @Computer or @AppName in a new thread when live Computer Use tools are needed for the actual target app or screen; SKS hooks and skills can require the policy but cannot attach missing host tools to an already-started turn.';
 export const CODEX_IMAGEGEN_REQUIRED_POLICY = 'Pipeline image generation, raster asset creation/editing, and generated image-review evidence must use real Codex App imagegen/$imagegen with gpt-image-2 when that evidence is required. Do not substitute placeholder SVG/HTML/CSS, prose-only critique, stock-like stand-ins, manually fabricated files, or missing-output ledgers for requested/generated raster assets or required generated review images. If imagegen/gpt-image-2 is unavailable, record the blocker and mark the image asset or review evidence unverified instead of passing the gate. In Codex App prompts, invoke $imagegen when live image generation is needed; SKS hooks and skills can require the policy but cannot attach missing host image-generation tools to an already-started turn.';
-export const RESERVED_CODEX_PLUGIN_SKILL_NAMES = Object.freeze(['computer-use', 'browser', 'browser-use']);
+export const DEFAULT_CODEX_APP_PLUGINS = Object.freeze([
+  ['browser', 'openai-bundled'],
+  ['chrome', 'openai-bundled'],
+  ['computer-use', 'openai-bundled'],
+  ['latex', 'openai-bundled'],
+  ['documents', 'openai-primary-runtime'],
+  ['presentations', 'openai-primary-runtime'],
+  ['spreadsheets', 'openai-primary-runtime']
+]);
+export const RESERVED_CODEX_PLUGIN_SKILL_NAMES = Object.freeze([
+  'browser-use',
+  ...DEFAULT_CODEX_APP_PLUGINS.map(([name]) => name)
+].sort());
 export const FORBIDDEN_BROWSER_AUTOMATION_RE = /\b(playwright|chrome\s+mcp|browser\s+use|selenium|puppeteer)\b/i;
 
 export function evidenceMentionsForbiddenBrowserAutomation(value, seen = new Set()) {
@@ -499,10 +511,8 @@ export const DOLLAR_COMMANDS = ROUTES.flatMap(({ command, route, description, do
 ]);
 export function routeAppSkillNames(route) {
   const canonical = dollarSkillName(route.command);
-  return [
-    ...(RESERVED_CODEX_PLUGIN_SKILL_NAMES.includes(canonical) ? [] : [canonical]),
-    ...(route.appSkillAliases || [])
-  ];
+  const reserved = new Set(RESERVED_CODEX_PLUGIN_SKILL_NAMES);
+  return [canonical, ...(route.appSkillAliases || [])].filter((name) => !reserved.has(name));
 }
 
 export const DOLLAR_SKILL_NAMES = ROUTES.flatMap((route) => routeAppSkillNames(route));