sneakoscope 0.9.18 → 0.9.20

package/README.md

@@ -2,22 +2,37 @@
 
 Fast legacy-free proof-first Codex trust layer with image-based Voxel TriWiki.
 
-Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex work auditable. `0.9.18` makes route execution hermetic and evidence-strict: Five-Scout intake can use real Codex/tmux engines when available, route E2E runs in temp project roots, feature fixtures no longer receive implicit static-pass fallback, and pipeline planning is exposed through split policy modules with a facade compatibility layer.
+Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex work auditable. `0.9.20` adds the SKS Trust Kernel: serious route finalization now writes Completion Proof, a route completion contract, an evidence index, and a trust report through one release-gated core loop.
+
+SKS does not try to clone every other harness. It focuses on one thing: making Codex work auditable, visual-evidence-bound, safety-gated, and reproducible through Completion Proof.
 
 ![Sneakoscope Codex architecture and pipeline](https://raw.githubusercontent.com/mandarange/Sneakoscope-Codex/dev/docs/assets/sneakoscope-architecture-pipeline.jpg)
 
-## 0.9.18 Current Release
+## 0.9.20 Current Release
+
+0.9.20 strengthens the core trust loop instead of expanding route names. The new `sks trust` surface validates `route-completion-contract.json`, `evidence-index.json`, stale/mock/static evidence rules, and Completion Proof status. `sks run` and `sks status` give novices a smaller control surface while preserving the existing Team, QA, Research, PPT, Image UX, DB, Wiki, GX, and Goal routes.
+
+Highlights:
+
+- `sks trust report latest --json`, `sks trust validate latest --json`, and `sks trust explain latest` expose the route trust kernel.
+- Route finalization writes mission-local `route-completion-contract.json`, `evidence-index.json`, `evidence.jsonl`, and `trust-report.json`.
+- Mock/static evidence stays `verified_partial` or lower; it cannot support a real `verified` route claim.
+- Visual route validation blocks stale image/voxel anchors.
+- `sks bench core --json` writes `.sneakoscope/reports/performance/core-bench.json` and `.md`.
+- `sks paths managed --json` and `sks rollback list --json` document SKS-owned project paths and explicit rollback actions.
+
+## 0.9.19 Release
 
-0.9.18 makes SKS route execution hermetic and evidence-strict. Five-Scout intake can run through real Codex/tmux engines when available, falls back honestly when not, and never claims speedup from mock/static evidence. E2E route tests run in isolated temp project roots. Feature fixtures no longer receive implicit static-pass fallback; every feature declares an explicit fixture. Pipeline architecture is split into stage policy, scout policy, prompt context, active context, and stop-gate modules.
+0.9.19 makes SKS Scout evidence parse-bound and package-install verified. Real Codex/tmux/Codex App subagent engines must write parseable scout output before consensus can use them as primary evidence. If an engine is unavailable or output cannot be parsed, SKS records a blocked or verified-partial result instead of substituting static evidence. Packed package checks now cover temp install, npx one-shot, and global shim behavior.
 
 Highlights:
 
-- Serious route mock/fixture commands call `maybeFinalizeRoute`, so Team, QA-LOOP, Research, PPT, Image UX Review, Computer Use, DB, Wiki, and GX fixtures produce route-local `completion-proof.json` without a separate repair/finalize step.
-- `sks scouts engines --json` reports Codex exec, tmux, Codex App subagent, local static, and sequential fallback availability with blockers.
-- Scout read-only guards snapshot source state and allow only mission-local `scout-*` artifacts plus scout reports.
-- E2E route tests run actual route commands inside isolated temp roots instead of sharing the source checkout `.sneakoscope`.
-- Feature fixtures execute deterministic allowlisted commands in hermetic temp roots and validate artifacts generated by those commands, including mission-local proof, visual ledgers, DB reports, and GX/Wiki evidence.
-- `npm run release:check` includes `pipeline-budget:check`, `scout-engines:check`, strict scout validation, and hermetic fixture execution.
+- Real Scout outputs are parsed from pure JSON, fenced JSON, `SCOUT_RESULT_JSON:` markdown, or final JSON blocks into `sks.scout-result.v1`.
+- `scout-consensus.json` records whether primary evidence came from parsed real outputs or local static fixtures.
+- `tmux-lanes` has an opt-in session/window/watcher/cleanup path; release gates skip or block honestly when live tmux/Codex is unavailable.
+- Codex App subagents require a local `sks.codex-app-subagents-capability.v1` descriptor; `SKS_CODEX_APP_SUBAGENTS=1` alone is not enough.
+- `npm run release:check` includes `pipeline-runtime:check`, `feature-quality:check`, `scouts:parser-check`, and `blackbox:check`.
+- Feature fixtures report `runtime_verified`, `runtime_mock_verified`, `integration_optional`, `static_contract`, and `missing` counts.
 - `sks rust status|smoke --json` reports optional Rust availability, detects stale native binaries, and proves JS fallback parity when native Rust is missing or version-mismatched.
 - `npm run release:check` includes `route-modularity:check`, `command-budget:check`, and `feature-fixtures:strict`.
 
@@ -34,10 +49,16 @@ Highlights:
 
 Learn more:
 - Completion Proof: [docs/completion-proof.md](docs/completion-proof.md)
+- Trust Kernel: [docs/trust-kernel.md](docs/trust-kernel.md)
+- Core dominance: [docs/core-dominance.md](docs/core-dominance.md)
+- Performance budgets: [docs/performance-budgets.md](docs/performance-budgets.md)
 - Five-Scout Pipeline: [docs/five-scout-pipeline.md](docs/five-scout-pipeline.md)
 - Image Voxel TriWiki: [docs/image-voxel-ledger.md](docs/image-voxel-ledger.md)
 - Route finalization: [docs/route-finalization.md](docs/route-finalization.md)
 - Feature fixtures: [docs/feature-fixtures.md](docs/feature-fixtures.md)
+- Managed paths: [docs/managed-paths.md](docs/managed-paths.md)
+- Rollback: [docs/rollback.md](docs/rollback.md)
+- Known gaps: [docs/known-gaps.md](docs/known-gaps.md)
 - Scout engines: [docs/scout-engines.md](docs/scout-engines.md)
 - Hermetic E2E: [docs/testing-hermetic-e2e.md](docs/testing-hermetic-e2e.md)
 - Pipeline architecture: [docs/pipeline-architecture.md](docs/pipeline-architecture.md)
@@ -51,6 +72,8 @@ Learn more:
 npm i -g sneakoscope
 sks root
 sks doctor
+sks status
+sks trust report latest
 sks codex-app check
 sks selftest --mock
 sks rust smoke --json
@@ -60,7 +83,7 @@ sks rust smoke --json
 
 1. Completion Proof for every serious route
 2. Image Voxel TriWiki anchors and relations for every visual route
-3. Codex App, codex-lb, hooks, Rust fallback parity, DB, route modularity, and generated fixtures verified by release gates
+3. Route contracts, evidence indexes, trust reports, Codex App, codex-lb, hooks, Rust fallback parity, DB, route modularity, and generated fixtures verified by release gates
 
 ## Install Options
 

package/bin/sks.mjs

@@ -1,8 +1,25 @@
 #!/usr/bin/env node
-import { main } from '../src/cli/main.mjs';
 
-main(process.argv.slice(2)).catch((err) => {
+const FAST_PACKAGE_VERSION = '0.9.20';
+const args = process.argv.slice(2);
+
+try {
+  if (args[0] === '--version' || args[0] === '-v' || args[0] === 'version') {
+    console.log(`sneakoscope ${FAST_PACKAGE_VERSION}`);
+  } else if (args[0] === 'help' || args[0] === '--help' || args[0] === '-h') {
+    if (args.length > 1) {
+      const { helpCommand } = await import('../src/core/commands/basic-cli.mjs');
+      await helpCommand(args.slice(1));
+    } else {
+      const { helpFast } = await import('../src/cli/help-fast.mjs');
+      helpFast();
+    }
+  } else {
+    const { main } = await import('../src/cli/main.mjs');
+    await main(args);
+  }
+} catch (err) {
   const message = err && err.stack ? err.stack : String(err);
   console.error(message);
   process.exitCode = 1;
-});
+}

package/crates/sks-core/Cargo.lock

@@ -76,7 +76,7 @@ dependencies = [
 
 [[package]]
 name = "sks-core"
-version = "0.9.18"
+version = "0.9.20"
 dependencies = [
  "serde_json",
 ]

package/crates/sks-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sks-core"
-version = "0.9.18"
+version = "0.9.20"
 edition = "2021"
 
 [dependencies]

package/crates/sks-core/src/main.rs

@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
 fn main() {
     let mut args = std::env::args().skip(1);
     match args.next().as_deref() {
-        Some("--version") => println!("sks-rs 0.9.18"),
+        Some("--version") => println!("sks-rs 0.9.20"),
         Some("compact-info") => {
             let mut input = String::new();
             let _ = io::stdin().read_to_string(&mut input);
@@ -28,7 +28,7 @@ fn main() {
                 }
             }
         }
-        Some("image-hash") => {
+        Some("image-hash") | Some("image-voxel-index") => {
             let path = args.next().unwrap_or_default();
             match image_hash(&path) {
                 Ok((sha, bytes)) => println!("{{\"ok\":true,\"engine\":\"rust\",\"path\":\"{}\",\"sha256\":\"{}\",\"bytes\":{}}}", json_escape(&path), sha, bytes),
@@ -38,7 +38,7 @@ fn main() {
                 }
             }
         }
-        Some("voxel-validate") => {
+        Some("voxel-validate") | Some("image-voxel-validate-fast") => {
             let path = args.next().unwrap_or_default();
             let mut require_anchors = false;
             let mut require_relations = false;
@@ -58,7 +58,7 @@ fn main() {
                 }
             }
         }
-        Some("secret-scan") => {
+        Some("secret-scan") | Some("evidence-secret-scan") => {
             let path = args.next().unwrap_or_default();
             match std::fs::read_to_string(&path) {
                 Ok(text) => {
@@ -75,7 +75,7 @@ fn main() {
             }
         }
         _ => {
-            eprintln!("sks-rs optional accelerator. Commands: --version, compact-info, jsonl-tail, secret-scan, image-hash, voxel-validate");
+            eprintln!("sks-rs optional accelerator. Commands: --version, compact-info, jsonl-tail, secret-scan, evidence-secret-scan, image-hash, image-voxel-index, voxel-validate, image-voxel-validate-fast");
             std::process::exit(2);
         }
     }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sneakoscope",
   "displayName": "ㅅㅋㅅ",
-  "version": "0.9.18",
+  "version": "0.9.20",
   "description": "Sneakoscope Codex: fast proof-first Codex trust layer with image-based Voxel TriWiki.",
   "type": "module",
   "homepage": "https://github.com/mandarange/Sneakoscope-Codex#readme",
@@ -23,6 +23,49 @@
   "files": [
     "bin",
     "src",
+    "!src/commands/aliases.mjs",
+    "!src/commands/autoresearch.mjs",
+    "!src/commands/bench.mjs",
+    "!src/commands/bootstrap.mjs",
+    "!src/commands/code-structure.mjs",
+    "!src/commands/commands.mjs",
+    "!src/commands/computer-use.mjs",
+    "!src/commands/context7.mjs",
+    "!src/commands/db.mjs",
+    "!src/commands/deps.mjs",
+    "!src/commands/dfix.mjs",
+    "!src/commands/dollar-commands.mjs",
+    "!src/commands/eval.mjs",
+    "!src/commands/fix-path.mjs",
+    "!src/commands/gc.mjs",
+    "!src/commands/goal.mjs",
+    "!src/commands/gx.mjs",
+    "!src/commands/harness.mjs",
+    "!src/commands/image-ux-review.mjs",
+    "!src/commands/init.mjs",
+    "!src/commands/memory.mjs",
+    "!src/commands/paths.mjs",
+    "!src/commands/postinstall.mjs",
+    "!src/commands/ppt.mjs",
+    "!src/commands/qa-loop.mjs",
+    "!src/commands/quickstart.mjs",
+    "!src/commands/reasoning.mjs",
+    "!src/commands/research.mjs",
+    "!src/commands/rollback.mjs",
+    "!src/commands/run.mjs",
+    "!src/commands/selftest.mjs",
+    "!src/commands/setup.mjs",
+    "!src/commands/skill-dream.mjs",
+    "!src/commands/stats.mjs",
+    "!src/commands/status.mjs",
+    "!src/commands/team.mjs",
+    "!src/commands/trust.mjs",
+    "!src/commands/update-check.mjs",
+    "!src/commands/usage.mjs",
+    "!src/commands/validate-artifacts.mjs",
+    "!src/core/pipeline/route-prep-*.mjs",
+    "!src/core/pipeline/prompt-context-*.mjs",
+    "!src/core/pipeline/stop-gate-*.mjs",
     "crates/sks-core/Cargo.lock",
     "crates/sks-core/Cargo.toml",
     "crates/sks-core/src",
@@ -41,18 +84,27 @@
     "changelog:check": "node ./scripts/changelog-check.mjs",
     "cli-entrypoint:check": "node ./scripts/check-cli-entrypoint.mjs",
     "legacy-free:check": "node ./scripts/check-legacy-free.mjs",
+    "architecture:check": "node ./scripts/check-architecture.mjs",
     "route-modularity:check": "node ./scripts/check-route-modularity.mjs",
     "command-budget:check": "node ./scripts/check-command-module-budget.mjs",
     "pipeline-budget:check": "node ./scripts/check-pipeline-budget.mjs",
+    "pipeline-runtime:check": "node ./scripts/check-pipeline-runtime.mjs",
     "sizecheck": "node ./scripts/sizecheck.mjs",
     "registry:check": "node ./scripts/release-registry-check.mjs",
     "feature:check": "node ./bin/sks.mjs features check --json",
+    "feature-quality:check": "node ./scripts/check-feature-quality.mjs",
     "all-features:selftest": "node ./bin/sks.mjs all-features selftest --mock --json",
     "all-features:execute-fixtures": "node ./bin/sks.mjs all-features selftest --mock --execute-fixtures --strict-artifacts --json",
     "feature-fixtures:strict": "node ./bin/sks.mjs all-features selftest --mock --execute-fixtures --strict-artifacts --hermetic --json",
     "scout-engines:check": "node ./bin/sks.mjs scouts engines --json",
+    "scouts:parser-check": "node --test \"test/unit/scout-output-parser.test.mjs\"",
     "scouts:selftest": "node ./bin/sks.mjs scouts run latest --engine local-static --mock --json",
     "scouts:check": "node ./bin/sks.mjs scouts validate latest --strict --json",
+    "trust:check": "node ./bin/sks.mjs trust validate latest --json || node ./scripts/trust-fixture-check.mjs",
+    "evidence:check": "node ./scripts/evidence-fixture-check.mjs",
+    "safety:check": "node ./scripts/safety-check.mjs",
+    "chaos:check": "node --test \"test/chaos/**/*.test.mjs\"",
+    "bench:core": "node ./bin/sks.mjs bench core --json",
     "perf:cold-start": "node ./bin/sks.mjs perf cold-start --json",
     "perf:gate": "node ./scripts/perf-gate.mjs",
     "test": "node --test \"test/**/*.test.mjs\"",
@@ -60,10 +112,15 @@
     "test:integration:mock": "node --test \"test/integration/**/*.test.mjs\"",
     "test:e2e:mock": "node --test \"test/e2e/**/*.test.mjs\"",
     "test:real-scouts": "node --test \"test/real/**/*.test.mjs\"",
+    "blackbox:pack-install": "node ./scripts/blackbox-pack-install.mjs",
+    "blackbox:npx": "node ./scripts/blackbox-npx-one-shot.mjs",
+    "blackbox:global-shim": "node ./scripts/blackbox-global-shim.mjs",
+    "blackbox:matrix": "node ./scripts/blackbox-matrix.mjs",
+    "blackbox:check": "npm run blackbox:pack-install && npm run blackbox:npx && npm run blackbox:global-shim",
     "rust:check": "cargo check --manifest-path crates/sks-core/Cargo.toml",
     "rust:smoke": "node ./scripts/rust-smoke.mjs",
     "coverage": "node --experimental-test-coverage --test \"test/**/*.test.mjs\"",
-    "release:check": "npm run repo-audit && npm run changelog:check && npm run cli-entrypoint:check && npm run legacy-free:check && npm run route-modularity:check && npm run command-budget:check && npm run pipeline-budget:check && npm run packcheck && npm run feature:check && npm run all-features:selftest && npm run scout-engines:check && npm run scouts:selftest && npm run scouts:check && npm run feature-fixtures:strict && npm run selftest && npm run test:unit && npm run test:integration:mock && npm run test:e2e:mock && npm run rust:check && npm run rust:smoke && npm run perf:gate && npm run sizecheck && npm run registry:check",
+    "release:check": "npm run repo-audit && npm run changelog:check && npm run cli-entrypoint:check && npm run legacy-free:check && npm run architecture:check && npm run route-modularity:check && npm run command-budget:check && npm run pipeline-budget:check && npm run pipeline-runtime:check && npm run packcheck && npm run feature:check && npm run feature-quality:check && npm run all-features:selftest && npm run scout-engines:check && npm run scouts:parser-check && npm run scouts:selftest && npm run scouts:check && npm run trust:check && npm run evidence:check && npm run safety:check && npm run chaos:check && npm run bench:core && npm run feature-fixtures:strict && npm run selftest && npm run test:unit && npm run test:integration:mock && npm run test:e2e:mock && npm run rust:check && npm run rust:smoke && npm run perf:gate && npm run blackbox:matrix && npm run blackbox:check && npm run sizecheck && npm run registry:check",
     "publish:dry": "npm run release:check && npm --cache /tmp/sks-npm-cache publish --dry-run --registry https://registry.npmjs.org/ --access public",
     "publish:npm": "npm --cache /tmp/sks-npm-cache publish --registry https://registry.npmjs.org/ --access public",
     "prepublishOnly": "npm run release:check && node ./scripts/release-registry-check.mjs --require-unpublished"

package/src/cli/command-registry.mjs

@@ -1,19 +1,60 @@
+function argsCommand(loader, exportName) {
+  return async () => {
+    const mod = await loader();
+    return { run: (_command, args = []) => mod[exportName](args) };
+  };
+}
+
+function noArgsCommand(loader, exportName) {
+  return async () => {
+    const mod = await loader();
+    return { run: () => mod[exportName]() };
+  };
+}
+
+function commandArgsCommand(loader, exportName) {
+  return async () => {
+    const mod = await loader();
+    return { run: (command, args = []) => mod[exportName](command, args) };
+  };
+}
+
+function subcommand(loader, exportName, fallbackSubcommand) {
+  return async () => {
+    const mod = await loader();
+    return {
+      run: (_command, args = []) => {
+        const [subcommandName = fallbackSubcommand, ...rest] = args;
+        return mod[exportName](subcommandName, rest);
+      }
+    };
+  };
+}
+
+const basicArgs = (exportName) => argsCommand(() => import('../core/commands/basic-cli.mjs'), exportName);
+const basicNoArgs = (exportName) => noArgsCommand(() => import('../core/commands/basic-cli.mjs'), exportName);
+const gcArgs = (exportName) => argsCommand(() => import('../core/commands/gc-command.mjs'), exportName);
+
 export const COMMANDS = {
   help: { maturity: 'stable', summary: 'Show SKS help', lazy: () => import('../commands/help.mjs') },
   version: { maturity: 'stable', summary: 'Show SKS version', lazy: () => import('../commands/version.mjs') },
-  commands: { maturity: 'stable', summary: 'List SKS commands', lazy: () => import('../commands/commands.mjs') },
+  commands: { maturity: 'stable', summary: 'List SKS commands', lazy: basicArgs('commandsCommand') },
+  run: { maturity: 'beta', summary: 'Classify and start a task through the SKS trust kernel', lazy: argsCommand(() => import('../core/commands/run-command.mjs'), 'runCommand') },
+  status: { maturity: 'stable', summary: 'Show concise active mission and trust status', lazy: argsCommand(() => import('../core/commands/status-command.mjs'), 'statusCommand') },
   root: { maturity: 'stable', summary: 'Show active SKS root', lazy: () => import('../commands/root.mjs') },
-  'update-check': { maturity: 'stable', summary: 'Check npm package freshness', lazy: () => import('../commands/update-check.mjs') },
-  wizard: { maturity: 'stable', summary: 'Open setup wizard help', lazy: () => import('../commands/quickstart.mjs') },
-  usage: { maturity: 'stable', summary: 'Show focused usage topic', lazy: () => import('../commands/usage.mjs') },
-  quickstart: { maturity: 'stable', summary: 'Show quickstart flow', lazy: () => import('../commands/quickstart.mjs') },
-  setup: { maturity: 'stable', summary: 'Initialize SKS state', lazy: () => import('../commands/setup.mjs') },
-  bootstrap: { maturity: 'stable', summary: 'Initialize SKS project files', lazy: () => import('../commands/bootstrap.mjs') },
-  init: { maturity: 'stable', summary: 'Initialize local control surface', lazy: () => import('../commands/init.mjs') },
-  deps: { maturity: 'stable', summary: 'Check local dependencies', lazy: () => import('../commands/deps.mjs') },
-  'fix-path': { maturity: 'stable', summary: 'Repair hook command paths', lazy: () => import('../commands/fix-path.mjs') },
+  'update-check': { maturity: 'stable', summary: 'Check npm package freshness', lazy: basicArgs('updateCheckCommand') },
+  wizard: { maturity: 'stable', summary: 'Open setup wizard help', lazy: basicNoArgs('quickstartCommand') },
+  usage: { maturity: 'stable', summary: 'Show focused usage topic', lazy: basicArgs('usageCommand') },
+  quickstart: { maturity: 'stable', summary: 'Show quickstart flow', lazy: basicNoArgs('quickstartCommand') },
+  setup: { maturity: 'stable', summary: 'Initialize SKS state', lazy: basicArgs('setupCommand') },
+  bootstrap: { maturity: 'stable', summary: 'Initialize SKS project files', lazy: basicArgs('bootstrapCommand') },
+  init: { maturity: 'stable', summary: 'Initialize local control surface', lazy: basicArgs('initCommand') },
+  deps: { maturity: 'stable', summary: 'Check local dependencies', lazy: subcommand(() => import('../core/commands/basic-cli.mjs'), 'depsCommand', 'check') },
+  'fix-path': { maturity: 'stable', summary: 'Repair hook command paths', lazy: basicArgs('fixPathCommand') },
   doctor: { maturity: 'stable', summary: 'Check and repair SKS install', lazy: () => import('../commands/doctor.mjs') },
-  postinstall: { maturity: 'stable', summary: 'Run postinstall bootstrap', lazy: () => import('../commands/postinstall.mjs') },
+  paths: { maturity: 'beta', summary: 'Inspect SKS managed paths', lazy: argsCommand(() => import('../core/commands/paths-command.mjs'), 'pathsCommand') },
+  rollback: { maturity: 'beta', summary: 'List or apply managed-path rollback actions', lazy: argsCommand(() => import('../core/commands/rollback-command.mjs'), 'rollbackCommand') },
+  postinstall: { maturity: 'stable', summary: 'Run postinstall bootstrap', lazy: basicArgs('postinstallCommand') },
   'codex-app': { maturity: 'beta', summary: 'Check Codex App readiness', lazy: () => import('../commands/codex-app.mjs') },
   'codex-lb': { maturity: 'beta', summary: 'Inspect codex-lb status and circuit health', lazy: () => import('../commands/codex-lb.mjs') },
   auth: { maturity: 'beta', summary: 'Alias for codex-lb auth commands', lazy: () => import('../commands/codex-lb.mjs') },
@@ -24,24 +65,24 @@ export const COMMANDS = {
   'mad-sks': { maturity: 'beta', summary: 'MAD-SKS scoped permission modifier', lazy: () => import('../commands/mad-sks.mjs') },
   'auto-review': { maturity: 'beta', summary: 'Manage auto-review profile', lazy: () => import('../commands/auto-review.mjs') },
   autoreview: { maturity: 'beta', summary: 'Alias for auto-review', lazy: () => import('../commands/auto-review.mjs') },
-  'dollar-commands': { maturity: 'stable', summary: 'List Codex App dollar commands', lazy: () => import('../commands/dollar-commands.mjs') },
-  dollars: { maturity: 'stable', summary: 'Alias for dollar-commands', lazy: () => import('../commands/dollar-commands.mjs') },
-  '$': { maturity: 'stable', summary: 'Alias for dollar-commands', lazy: () => import('../commands/dollar-commands.mjs') },
+  'dollar-commands': { maturity: 'stable', summary: 'List Codex App dollar commands', lazy: basicArgs('dollarCommandsCommand') },
+  dollars: { maturity: 'stable', summary: 'Alias for dollar-commands', lazy: basicArgs('dollarCommandsCommand') },
+  '$': { maturity: 'stable', summary: 'Alias for dollar-commands', lazy: basicArgs('dollarCommandsCommand') },
   commit: { maturity: 'stable', summary: 'Create a simple git commit', lazy: () => import('../commands/commit.mjs') },
   'commit-and-push': { maturity: 'stable', summary: 'Create a simple git commit and push', lazy: () => import('../commands/commit-and-push.mjs') },
-  dfix: { maturity: 'stable', summary: 'Explain DFix route', lazy: () => import('../commands/dfix.mjs') },
-  team: { maturity: 'beta', summary: 'Create and observe Team missions', lazy: () => import('../commands/team.mjs') },
-  'qa-loop': { maturity: 'beta', summary: 'Run QA loop missions', lazy: () => import('../commands/qa-loop.mjs') },
-  research: { maturity: 'labs', summary: 'Run research missions', lazy: () => import('../commands/research.mjs') },
-  autoresearch: { maturity: 'labs', summary: 'Alias for research/autoresearch route', lazy: () => import('../commands/autoresearch.mjs') },
-  ppt: { maturity: 'labs', summary: 'Inspect/build PPT artifacts', lazy: () => import('../commands/ppt.mjs') },
-  'image-ux-review': { maturity: 'labs', summary: 'Inspect image UX artifacts', lazy: () => import('../commands/image-ux-review.mjs') },
-  'ux-review': { maturity: 'labs', summary: 'Alias for image UX review', lazy: () => import('../commands/image-ux-review.mjs') },
-  'visual-review': { maturity: 'labs', summary: 'Alias for image UX review', lazy: () => import('../commands/image-ux-review.mjs') },
-  'ui-ux-review': { maturity: 'labs', summary: 'Alias for image UX review', lazy: () => import('../commands/image-ux-review.mjs') },
-  'computer-use': { maturity: 'beta', summary: 'Record Computer Use visual evidence', lazy: () => import('../commands/computer-use.mjs') },
-  cu: { maturity: 'beta', summary: 'Alias for Computer Use', lazy: () => import('../commands/computer-use.mjs') },
-  context7: { maturity: 'beta', summary: 'Context7 checks and docs', lazy: () => import('../commands/context7.mjs') },
+  dfix: { maturity: 'stable', summary: 'Explain DFix route', lazy: basicNoArgs('dfixCommand') },
+  team: { maturity: 'beta', summary: 'Create and observe Team missions', lazy: argsCommand(() => import('../core/commands/team-command.mjs'), 'team') },
+  'qa-loop': { maturity: 'beta', summary: 'Run QA loop missions', lazy: subcommand(() => import('../core/commands/qa-loop-command.mjs'), 'qaLoopCommand') },
+  research: { maturity: 'labs', summary: 'Run research missions', lazy: subcommand(() => import('../core/commands/research-command.mjs'), 'researchCommand') },
+  autoresearch: { maturity: 'labs', summary: 'Alias for research/autoresearch route', lazy: subcommand(() => import('../core/commands/autoresearch-command.mjs'), 'autoresearchCommand', 'status') },
+  ppt: { maturity: 'labs', summary: 'Inspect/build PPT artifacts', lazy: commandArgsCommand(() => import('../core/commands/ppt-command.mjs'), 'pptCommand') },
+  'image-ux-review': { maturity: 'labs', summary: 'Inspect image UX artifacts', lazy: commandArgsCommand(() => import('../core/commands/image-ux-review-command.mjs'), 'imageUxReviewCommand') },
+  'ux-review': { maturity: 'labs', summary: 'Alias for image UX review', lazy: commandArgsCommand(() => import('../core/commands/image-ux-review-command.mjs'), 'imageUxReviewCommand') },
+  'visual-review': { maturity: 'labs', summary: 'Alias for image UX review', lazy: commandArgsCommand(() => import('../core/commands/image-ux-review-command.mjs'), 'imageUxReviewCommand') },
+  'ui-ux-review': { maturity: 'labs', summary: 'Alias for image UX review', lazy: commandArgsCommand(() => import('../core/commands/image-ux-review-command.mjs'), 'imageUxReviewCommand') },
+  'computer-use': { maturity: 'beta', summary: 'Record Computer Use visual evidence', lazy: commandArgsCommand(() => import('../core/commands/computer-use-command.mjs'), 'computerUseCommand') },
+  cu: { maturity: 'beta', summary: 'Alias for Computer Use', lazy: commandArgsCommand(() => import('../core/commands/computer-use-command.mjs'), 'computerUseCommand') },
+  context7: { maturity: 'beta', summary: 'Context7 checks and docs', lazy: subcommand(() => import('./context7-command.mjs'), 'context7Command', 'check') },
   recallpulse: { maturity: 'labs', summary: 'RecallPulse evidence route', lazy: () => import('../commands/recallpulse.mjs') },
   pipeline: { maturity: 'beta', summary: 'Inspect pipeline missions', lazy: () => import('../commands/pipeline.mjs') },
   scouts: { maturity: 'beta', summary: 'Run the default read-only 5-scout intake phase', lazy: () => import('../commands/scouts.mjs') },
@@ -49,30 +90,32 @@ export const COMMANDS = {
   guard: { maturity: 'beta', summary: 'Check harness guard', lazy: () => import('../commands/guard.mjs') },
   conflicts: { maturity: 'beta', summary: 'Check harness conflicts', lazy: () => import('../commands/conflicts.mjs') },
   versioning: { maturity: 'stable', summary: 'Manage release version metadata', lazy: () => import('../commands/versioning.mjs') },
-  reasoning: { maturity: 'labs', summary: 'Show reasoning route', lazy: () => import('../commands/reasoning.mjs') },
-  aliases: { maturity: 'stable', summary: 'Show command aliases', lazy: () => import('../commands/aliases.mjs') },
-  selftest: { maturity: 'stable', summary: 'Run local mock selftest', lazy: () => import('../commands/selftest.mjs') },
-  goal: { maturity: 'beta', summary: 'Manage Goal bridge workflow', lazy: () => import('../commands/goal.mjs') },
+  reasoning: { maturity: 'labs', summary: 'Show reasoning route', lazy: basicArgs('reasoningCommand') },
+  aliases: { maturity: 'stable', summary: 'Show command aliases', lazy: basicNoArgs('aliasesCommand') },
+  selftest: { maturity: 'stable', summary: 'Run local mock selftest', lazy: basicArgs('selftestCommand') },
+  goal: { maturity: 'beta', summary: 'Manage Goal bridge workflow', lazy: subcommand(() => import('../core/commands/goal-command.mjs'), 'goalCommand') },
   hook: { maturity: 'beta', summary: 'Codex hook entrypoint', lazy: () => import('../commands/hook.mjs') },
   profile: { maturity: 'labs', summary: 'Inspect/set profile', lazy: () => import('../commands/profile.mjs') },
   hproof: { maturity: 'beta', summary: 'Evaluate H-Proof gate', lazy: () => import('../commands/hproof.mjs') },
-  'validate-artifacts': { maturity: 'beta', summary: 'Validate mission artifacts', lazy: () => import('../commands/validate-artifacts.mjs') },
+  'validate-artifacts': { maturity: 'beta', summary: 'Validate mission artifacts', lazy: argsCommand(() => import('../core/commands/validate-artifacts-command.mjs'), 'validateArtifactsCommand') },
   proof: { maturity: 'beta', summary: 'Show and validate completion proof', lazy: () => import('../commands/proof.mjs') },
+  trust: { maturity: 'beta', summary: 'Report and validate route trust kernel evidence', lazy: argsCommand(() => import('../core/commands/trust-command.mjs'), 'trustCommand') },
   'proof-field': { maturity: 'beta', summary: 'Scan proof field', lazy: () => import('../commands/proof-field.mjs') },
-  'skill-dream': { maturity: 'labs', summary: 'Track skill dream counters', lazy: () => import('../commands/skill-dream.mjs') },
-  'code-structure': { maturity: 'labs', summary: 'Scan source structure', lazy: () => import('../commands/code-structure.mjs') },
+  'skill-dream': { maturity: 'labs', summary: 'Track skill dream counters', lazy: subcommand(() => import('../core/commands/skill-dream-command.mjs'), 'skillDreamCommand', 'status') },
+  'code-structure': { maturity: 'labs', summary: 'Scan source structure', lazy: subcommand(() => import('../core/commands/code-structure-command.mjs'), 'codeStructureCommand', 'scan') },
   rust: { maturity: 'beta', summary: 'Inspect optional Rust accelerator status and smoke parity', lazy: () => import('../commands/rust.mjs') },
-  memory: { maturity: 'labs', summary: 'Run retention checks', lazy: () => import('../commands/memory.mjs') },
-  gx: { maturity: 'labs', summary: 'Render/validate GX cartridges', lazy: () => import('../commands/gx.mjs') },
-  db: { maturity: 'beta', summary: 'Inspect DB safety policy', lazy: () => import('../commands/db.mjs') },
-  eval: { maturity: 'labs', summary: 'Run eval reports', lazy: () => import('../commands/eval.mjs') },
-  harness: { maturity: 'labs', summary: 'Run harness fixtures', lazy: () => import('../commands/harness.mjs') },
+  memory: { maturity: 'labs', summary: 'Run retention checks', lazy: subcommand(() => import('../core/commands/gc-command.mjs'), 'memoryCommand') },
+  gx: { maturity: 'labs', summary: 'Render/validate GX cartridges', lazy: subcommand(() => import('../core/commands/gx-command.mjs'), 'gxCommand', 'validate') },
+  db: { maturity: 'beta', summary: 'Inspect DB safety policy', lazy: subcommand(() => import('../core/commands/db-command.mjs'), 'dbCommand', 'policy') },
+  eval: { maturity: 'labs', summary: 'Run eval reports', lazy: subcommand(() => import('../core/commands/eval-command.mjs'), 'evalCommand', 'run') },
+  harness: { maturity: 'labs', summary: 'Run harness fixtures', lazy: subcommand(() => import('../core/commands/harness-command.mjs'), 'harnessCommand', 'fixture') },
   wiki: { maturity: 'beta', summary: 'Manage TriWiki and image voxel ledgers', lazy: () => import('../commands/wiki.mjs') },
-  gc: { maturity: 'labs', summary: 'Compact/prune runtime state', lazy: () => import('../commands/gc.mjs') },
-  stats: { maturity: 'labs', summary: 'Show storage stats', lazy: () => import('../commands/stats.mjs') },
+  gc: { maturity: 'labs', summary: 'Compact/prune runtime state', lazy: gcArgs('gcCommand') },
+  stats: { maturity: 'labs', summary: 'Show storage stats', lazy: gcArgs('statsCommand') },
   features: { maturity: 'beta', summary: 'Validate feature registry', lazy: () => import('../commands/features.mjs') },
   'all-features': { maturity: 'beta', summary: 'Run all-features selftest', lazy: () => import('../commands/all-features.mjs') },
-  perf: { maturity: 'beta', summary: 'Run performance checks', lazy: () => import('../commands/perf.mjs') }
+  perf: { maturity: 'beta', summary: 'Run performance checks', lazy: () => import('../commands/perf.mjs') },
+  bench: { maturity: 'beta', summary: 'Run core trust-kernel benchmark budgets', lazy: argsCommand(() => import('../core/commands/bench-command.mjs'), 'benchCommand') }
 };
 
 export const COMMAND_ALIASES = {

package/src/cli/help-fast.mjs

@@ -0,0 +1,31 @@
+import { COMMANDS } from './command-registry.mjs';
+import { PACKAGE_VERSION } from '../core/version.mjs';
+import { COMMAND_CATALOG } from '../core/routes.mjs';
+
+export function helpFast() {
+  console.log(`SKS
+SNEAKOSCOPE CODEX v${PACKAGE_VERSION}
+
+Usage
+
+  sks
+  sks help [topic]
+  sks commands [--json]
+  sks dollar-commands [--json]
+  sks proof show --json
+`);
+  for (const row of commandRows().filter((entry) => entry.maturity !== 'labs')) {
+    console.log(`  ${row.usage.padEnd(58)} ${row.description}`);
+  }
+  console.log('\nThree core promises: Completion Proof for serious routes, Image Voxel TriWiki for visual routes, and release-gated Codex App/codex-lb/hooks/Rust evidence.');
+}
+
+function commandRows() {
+  const registry = new Map(Object.entries(COMMANDS).map(([name, meta]) => [name, meta]));
+  return COMMAND_CATALOG.map((entry) => ({
+    name: entry.name,
+    usage: entry.usage,
+    description: entry.description,
+    maturity: registry.get(entry.name)?.maturity || entry.maturity || 'labs'
+  })).sort((a, b) => a.name.localeCompare(b.name));
+}

package/src/core/bench.mjs

@@ -0,0 +1,97 @@
+import path from 'node:path';
+import { performance } from 'node:perf_hooks';
+import { ensureDir, nowIso, packageRoot, projectRoot, runProcess, writeJsonAtomic, writeTextAtomic } from './fsx.mjs';
+import { percentile } from './perf-bench.mjs';
+
+export const CORE_BENCH_BUDGETS = Object.freeze({
+  'sks --version': 50,
+  'sks help': 80,
+  'sks root --json': 80,
+  'sks commands --json': 120,
+  'sks proof validate --json': 250,
+  'sks trust validate latest --json': 300,
+  'sks wiki image-validate --json': 300,
+  'sks features check --json': 1200,
+  'sks scouts engines --json': 1000
+});
+
+const CORE_COMMANDS = Object.freeze([
+  ['sks --version', ['--version']],
+  ['sks help', ['help']],
+  ['sks root --json', ['root', '--json']],
+  ['sks commands --json', ['commands', '--json']],
+  ['sks proof validate --json', ['proof', 'validate', '--json']],
+  ['sks trust validate latest --json', ['trust', 'validate', 'latest', '--json']],
+  ['sks wiki image-validate --json', ['wiki', 'image-validate', '--json']],
+  ['sks features check --json', ['features', 'check', '--json']],
+  ['sks scouts engines --json', ['scouts', 'engines', '--json']]
+]);
+
+export async function runCoreBench(root = process.cwd(), { iterations = 3 } = {}) {
+  const script = path.join(packageRoot(), 'bin', 'sks.mjs');
+  await ensureBenchTrustMission(root, script);
+  const rows = [];
+  for (const [label, args] of CORE_COMMANDS) {
+    const values = [];
+    const failures = [];
+    for (let i = 0; i < Math.max(1, Number(iterations) || 1); i += 1) {
+      const t0 = performance.now();
+      const result = await runProcess(process.execPath, [script, ...args], {
+        cwd: root,
+        timeoutMs: 30_000,
+        maxOutputBytes: 256 * 1024,
+        env: { SKS_SKIP_NPM_FRESHNESS_CHECK: '1', SKS_DISABLE_UPDATE_CHECK: '1', CI: 'true' }
+      });
+      values.push(performance.now() - t0);
+      if (result.code !== 0) failures.push({ code: result.code, stderr_tail: result.stderr.slice(-400), stdout_tail: result.stdout.slice(-400) });
+    }
+    const p95 = Math.round(percentile(values, 95));
+    rows.push({
+      command: label,
+      budget_p95_ms: CORE_BENCH_BUDGETS[label],
+      p95_ms: p95,
+      ok: failures.length === 0 && p95 <= CORE_BENCH_BUDGETS[label],
+      failures,
+      raw_ms: values.map((value) => Math.round(value))
+    });
+  }
+  const report = {
+    schema: 'sks.core-bench.v1',
+    generated_at: nowIso(),
+    iterations: Math.max(1, Number(iterations) || 1),
+    ok: rows.every((row) => row.ok),
+    commands: rows
+  };
+  await writeCoreBenchArtifacts(root, report);
+  return report;
+}
+
+async function ensureBenchTrustMission(root, script) {
+  await runProcess(process.execPath, [script, 'run', 'bench trust fixture', '--mock', '--json'], {
+    cwd: root,
+    timeoutMs: 60_000,
+    maxOutputBytes: 256 * 1024,
+    env: { SKS_SKIP_NPM_FRESHNESS_CHECK: '1', SKS_DISABLE_UPDATE_CHECK: '1', CI: 'true' }
+  });
+}
+
+export async function writeCoreBenchArtifacts(root, report) {
+  const dir = path.join(root, '.sneakoscope', 'reports', 'performance');
+  await ensureDir(dir);
+  await writeJsonAtomic(path.join(dir, 'core-bench.json'), report);
+  const lines = [
+    '# SKS Core Bench',
+    '',
+    `Generated: ${report.generated_at}`,
+    `Status: ${report.ok ? 'pass' : 'verified_partial_or_blocked'}`,
+    '',
+    '| Command | Budget p95 | Result p95 | Status |',
+    '| --- | ---: | ---: | --- |'
+  ];
+  for (const row of report.commands) lines.push(`| \`${row.command}\` | ${row.budget_p95_ms}ms | ${row.p95_ms}ms | ${row.ok ? 'pass' : 'blocked'} |`);
+  await writeTextAtomic(path.join(dir, 'core-bench.md'), `${lines.join('\n')}\n`);
+}
+
+export async function benchRoot() {
+  return projectRoot();
+}