sneakoscope 1.0.8 → 1.10.0

package/README.md

@@ -4,6 +4,10 @@ Fast legacy-free proof-first Codex trust layer with image-based Voxel TriWiki.
 
 Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex work auditable.
 
+SKS **1.10.0** is the Function-Only Update Check release: `sks update-check` and the pre-work update gate now share a lightweight npm freshness function that reports `route_required: false` and `pipeline_required: false`, so checking for a newer SKS package never starts Team, setup, doctor, or any execution pipeline.
+
+SKS **1.0.9** is the Official Docs Ultimate Kernel: Codex CLI `rust-v0.132.0` structured resume output is now an actual runner, `gpt-image-2` review generation uses Codex App `$imagegen` evidence or an optional OpenAI Images API fallback, Structured Outputs strict schemas are the extraction fallback, and `$UX-Review this screenshot with gpt-image-2 callouts, then fix the issues` blocks fake callouts until generated image pixels are schema-extracted, patched, recaptured, and re-reviewed.
+
 SKS **1.0.8** is the Codex 0.132 UX-Review Seal: Codex CLI `rust-v0.132.0` compatibility is explicit, `codex exec resume --output-schema` is the preferred structured-output path, and `$UX-Review this screenshot with gpt-image-2 callouts, then fix the issues` is a real visual trust loop from source screenshot fidelity to generated callout ingestion, issue ledger extraction, bounded safe fixes, recapture/re-review, Image Voxel relations, Wrongness, Completion Proof, and Trust Report gates.
 
 SKS **1.0.7** is the Ultimate Final Completion seal for the Codex trust harness: Computer Use live evidence is an opt-in, local-only macOS evidence path with explicit `probe_only`, `live_capture_attempted`, `live_capture_success`, and `live_capture_blocked` modes; `codex-lb setup` reports durable persistence versus `process_only_ephemeral` honestly; and docs/release readiness checks block mock/probe/live overclaims.
@@ -27,6 +31,32 @@ SKS does not try to clone every other harness. It focuses on one thing: making C
 ![Sneakoscope Codex Trust Layer](docs/assets/sneakoscope-architecture-pipeline.jpg)
 
 
+## 1.10.0 Function-Only Update Check
+
+1.10.0 keeps the update freshness check out of the SKS mission pipeline. The shared `runSksUpdateCheck` function performs only an npm `view sneakoscope version` lookup, honors `SKS_NPM_VIEW_SNEAKOSCOPE_VERSION` for hermetic tests, and returns explicit `mode: "function"`, `route_required: false`, and `pipeline_required: false` evidence for CLI JSON output and hook-gate reuse.
+
+```bash
+sks update-check --json
+```
+
+Release checks now write `.sneakoscope/reports/official-docs-compat-1.10.0.json` plus `.sneakoscope/reports/release-readiness-1.10.0.json`.
+
+## 1.0.9 Official Docs Ultimate Kernel
+
+1.0.9 closes the remaining policy-vs-run-path gap. Attached generated images are recorded with `callout_extraction_status: pending` and empty callouts until `codex exec resume --output-schema` or the OpenAI Structured Outputs fallback returns a schema-valid issue ledger. Real `gpt-image-2` generation records request/response artifacts, source SHA-256, high-fidelity automatic input metadata, output hashes, local-only privacy, and blockers instead of substituting prose or generic callouts.
+
+```bash
+sks ux-review run --image ./screenshot.png --generate-callouts --json
+sks ux-review attach-generated latest --image ./generated-callouts.png --json
+sks ux-review extract-issues --generated-image ./generated-callouts.png --json
+sks ux-review attach-after latest --image ./after.png --json
+sks ux-review proof latest --json
+sks ux-review explain latest
+npm run official-docs:compat
+```
+
+Release checks now include `npm run official-docs:compat` and write `.sneakoscope/reports/official-docs-compat-1.0.9.json` plus `.sneakoscope/reports/release-readiness-1.0.9.json`.
+
 ## 1.0.8 Codex 0.132 UX-Review Seal
 
 1.0.8 makes UX-Review the representative SKS visual trust harness rather than a policy-only fixture. The CLI/App route now records source screenshot original-resolution metadata, requires real `gpt-image-2` generated callout images before verified UX claims, extracts visible callouts into `schemas/codex/image-ux-issue-ledger.schema.json`, plans bounded P0/P1-first fixes, and requires recapture/re-review before visual fix verification.

package/crates/sks-core/Cargo.lock

@@ -76,7 +76,7 @@ dependencies = [
 
 [[package]]
 name = "sks-core"
-version = "1.0.8"
+version = "1.10.0"
 dependencies = [
  "serde_json",
 ]

package/crates/sks-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sks-core"
-version = "1.0.8"
+version = "1.10.0"
 edition = "2021"
 
 [dependencies]

package/crates/sks-core/src/main.rs

@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
 fn main() {
     let mut args = std::env::args().skip(1);
     match args.next().as_deref() {
-        Some("--version") => println!("sks-rs 1.0.8"),
+        Some("--version") => println!("sks-rs 1.10.0"),
         Some("compact-info") => {
             let mut input = String::new();
             let _ = io::stdin().read_to_string(&mut input);

package/dist/bin/sks.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const FAST_PACKAGE_VERSION = '1.0.8';
+const FAST_PACKAGE_VERSION = '1.10.0';
 const args = process.argv.slice(2);
 try {
     if (args[0] === '--version' || args[0] === '-v' || args[0] === 'version') {

package/dist/build-manifest.json

@@ -1,6 +1,6 @@
 {
   "schema": "sks.dist-build.v2",
-  "version": "1.0.8",
+  "version": "1.10.0",
   "typescript": true,
   "mjs_runtime_files": 0,
   "files": [
@@ -382,6 +382,10 @@
     "core/image-ux-review/fix-task-planner.js",
     "core/image-ux-review/imagegen-adapter.d.ts",
     "core/image-ux-review/imagegen-adapter.js",
+    "core/image-ux-review/patch-handoff.d.ts",
+    "core/image-ux-review/patch-handoff.js",
+    "core/image-ux-review/real-callout-extractor.d.ts",
+    "core/image-ux-review/real-callout-extractor.js",
     "core/image-ux-review/recapture.d.ts",
     "core/image-ux-review/recapture.js",
     "core/init.d.ts",
@@ -567,6 +571,8 @@
     "core/secret-redaction.js",
     "core/skill-forge.d.ts",
     "core/skill-forge.js",
+    "core/structured-output-adapter.d.ts",
+    "core/structured-output-adapter.js",
     "core/team-dag.d.ts",
     "core/team-dag.js",
     "core/team-dashboard-renderer.d.ts",
@@ -611,6 +617,8 @@
     "core/trust-kernel/trust-report.js",
     "core/trust-kernel/trust-status.d.ts",
     "core/trust-kernel/trust-status.js",
+    "core/update-check.d.ts",
+    "core/update-check.js",
     "core/validators/completion-proof-validator.d.ts",
     "core/validators/completion-proof-validator.js",
     "core/validators/evidence-validator.d.ts",

package/dist/commands/bench.d.ts

@@ -60,6 +60,18 @@ export declare function run(_command: any, args?: any): Promise<void | {
             'sks scouts engines --json': number;
         };
     }>;
+    ux_review_staged_latency_budgets: Readonly<{
+        source_screenshot_ingest: 500;
+        gpt_image_2_generation: 120000;
+        callout_extraction: 120000;
+        fix_task_planning: 500;
+        recapture_re_review: 120000;
+        image_voxel_relation_validation: 800;
+        codex_compat_probe_batch: 5000;
+        computer_use_status_probe_batch: 5000;
+        codex_lb_status_probe_batch: 5000;
+        scout_engine_probe_batch: 5000;
+    }>;
     ok: boolean;
     commands: any[];
 } | {
@@ -127,6 +139,18 @@ export declare function run(_command: any, args?: any): Promise<void | {
                 'sks scouts engines --json': number;
             };
         }>;
+        ux_review_staged_latency_budgets: Readonly<{
+            source_screenshot_ingest: 500;
+            gpt_image_2_generation: 120000;
+            callout_extraction: 120000;
+            fix_task_planning: 500;
+            recapture_re_review: 120000;
+            image_voxel_relation_validation: 800;
+            codex_compat_probe_batch: 5000;
+            computer_use_status_probe_batch: 5000;
+            codex_lb_status_probe_batch: 5000;
+            scout_engine_probe_batch: 5000;
+        }>;
         ok: boolean;
         commands: any[];
     };

package/dist/commands/image-ux-review.d.ts

@@ -47,6 +47,8 @@ export declare function run(command: any, args?: any): Promise<void | {
                 codex_app_imagegen_doc: string;
                 api_image_generation_doc: string;
                 gpt_image_2_model_doc: string;
+                image_input_fidelity_note: string;
+                unsupported_parameters_omitted: string[];
                 required_policy: string;
                 output_artifact: string;
                 anti_substitution_rule: string;
@@ -57,6 +59,8 @@ export declare function run(command: any, args?: any): Promise<void | {
                 input_artifact: string;
                 output_artifact: string;
                 preferred_path: string;
+                fallback_path: string;
+                structured_outputs_doc: string;
                 fallback_cap: string;
                 required_issue_fields: string[];
             };
@@ -100,6 +104,8 @@ export declare function run(command: any, args?: any): Promise<void | {
             created_at: string;
             model: string;
             surface: string;
+            endpoint: string;
+            api_docs: string;
             privacy: string;
             requests: any;
             blocker_if_unavailable: {
@@ -111,6 +117,26 @@ export declare function run(command: any, args?: any): Promise<void | {
                 guidance: string;
             };
         };
+        imagegen_response: {
+            schema: string;
+            created_at: string;
+            provider: any;
+            model: string;
+            ok: boolean;
+            status: string;
+            output_image_path: any;
+            output_image_sha256: any;
+            output_id: any;
+            dimensions: {
+                width: any;
+                height: any;
+                format: any;
+            } | null;
+            latency_ms: any;
+            token_cost_metadata: any;
+            local_only: boolean;
+            blockers: any;
+        };
         generated_review_ledger: {
             schema: string;
             schema_version: number;
@@ -155,6 +181,7 @@ export declare function run(command: any, args?: any): Promise<void | {
             schema_version: number;
             extraction_source: string;
             extraction_method: string;
+            extraction_schema: string;
             extracted_from_generated_callout: boolean;
             issues: any;
             blocking_issue_count: any;
@@ -182,6 +209,14 @@ export declare function run(command: any, args?: any): Promise<void | {
             dirty_status_before_patch: any;
             changed_files: any;
             patch_commands: any;
+            patch_results: any;
+            counts: {
+                before: any;
+                open: any;
+                fixed: any;
+                remains_open: any;
+                regression: number;
+            };
             patchable_tasks: any;
             risky_tasks_blocked: any;
             repeated_blocker: {
@@ -213,6 +248,17 @@ export declare function run(command: any, args?: any): Promise<void | {
             before_after_relation_required: boolean;
             gpt_image_2_re_review_required: boolean;
             output_schema_recheck_required: boolean;
+            attach_after_command: string;
+            after_screenshot: {
+                path: any;
+                sha256: any;
+                dimensions: any;
+                privacy: string;
+            } | null;
+            before_after_relation_created: boolean;
+            re_review_required: boolean;
+            re_review_issue_ledger_required: boolean;
+            regression_blocker: string | null;
             changed_screens_rechecked_or_not_applicable: boolean;
             blockers: string[];
             passed: boolean;
@@ -284,6 +330,7 @@ export declare function run(command: any, args?: any): Promise<void | {
 } | {
     schema: string;
     ok: any;
+    status: string;
     mission_id: any;
     issue_ledger: {
         contract_hash: any;
@@ -298,6 +345,7 @@ export declare function run(command: any, args?: any): Promise<void | {
         schema_version: number;
         extraction_source: string;
         extraction_method: string;
+        extraction_schema: string;
         extracted_from_generated_callout: boolean;
         issues: any;
         blocking_issue_count: any;
@@ -310,6 +358,140 @@ export declare function run(command: any, args?: any): Promise<void | {
         };
     };
     proof: any;
+} | {
+    schema: string;
+    ok: boolean;
+    mission_id: any;
+    generated_review_ledger: {
+        schema: string;
+        schema_version: number;
+        created_at: string;
+        provider: {
+            model: string;
+            preferred_surface: string;
+        };
+        generated_review_images: {
+            source_screen_id: string;
+            status: string;
+            image_voxel_relation: string;
+            callout_extraction_status: string;
+            callouts: {
+                id: string;
+                callout_id: string;
+                severity: string;
+                bbox: number[];
+                region: string;
+                title: string;
+                detail: string;
+                fix_action: string;
+                status: string;
+                source: string;
+                confidence: number;
+                extraction_provider: string;
+                extraction_schema: string;
+                generated_image_sha256: any;
+                bbox_coordinate_space: string;
+                bbox_confidence: number;
+                severity_visible: boolean;
+                callout_number_visible: boolean;
+                text_ocr_confidence: number;
+                fix_verification_status: string;
+                post_fix_recheck_issue_id: null;
+            }[];
+            id: any;
+            path: string;
+            sha256: any;
+            width: number | null;
+            height: number | null;
+            format: string;
+            provider_model: string;
+            provider_surface: any;
+            requested_fidelity: string;
+            image_input_fidelity_note: string;
+            privacy: string;
+            output_id: any;
+            created_at: any;
+            real_generated: boolean;
+            mock: boolean;
+            callout_extraction_required: boolean;
+            source: string;
+        }[];
+        generated_count: number;
+        required_count: number;
+        blockers: never[];
+        passed: boolean;
+        contract_hash: any;
+    };
+    gate: {
+        passed: boolean;
+        schema: string;
+        schema_version: number;
+        created_at: string;
+        contract_hash: any;
+        real_source_screenshot_present: boolean;
+        computer_use_or_user_screenshot_source: any;
+        gpt_image_2_callout_generated: boolean;
+        generated_image_ingested: boolean;
+        callout_extraction_schema_valid: boolean;
+        issue_ledger_from_generated_callout: boolean;
+        p0_p1_zero_after_fix: boolean;
+        fix_loop_executed_or_not_needed: boolean;
+        changed_screens_rechecked: boolean;
+        image_voxel_relations_created: boolean;
+        wrongness_checked: boolean;
+        honest_mode_complete: boolean;
+        required_artifacts: string[];
+        blockers: any[];
+        verification_caps: {
+            text_only_review: string;
+            mock_fixture: string;
+            codex_less_than_0_132_fallback: string;
+        };
+        notes: string[];
+    };
+} | {
+    schema: string;
+    ok: boolean;
+    mission_id: any;
+    after_screenshot: {
+        path: string;
+        sha256: any;
+        dimensions: {
+            width: null;
+            height: null;
+            format: string;
+        } | {
+            width: number;
+            height: number;
+            format: string;
+        };
+        privacy: string;
+    };
+    recapture_plan: {
+        schema: string;
+        changed_screens_only: boolean;
+        recapture_required: boolean;
+        recapture_source: string;
+        recaptured_screenshot_sha256: any;
+        recaptured_screenshot_dimensions: any;
+        before_after_relation_required: boolean;
+        gpt_image_2_re_review_required: boolean;
+        output_schema_recheck_required: boolean;
+        attach_after_command: string;
+        after_screenshot: {
+            path: any;
+            sha256: any;
+            dimensions: any;
+            privacy: string;
+        } | null;
+        before_after_relation_created: boolean;
+        re_review_required: boolean;
+        re_review_issue_ledger_required: boolean;
+        regression_blocker: string | null;
+        changed_screens_rechecked_or_not_applicable: boolean;
+        blockers: string[];
+        passed: boolean;
+    };
 } | {
     schema: string;
     ok: boolean;

package/dist/commands/wiki.d.ts

@@ -15,7 +15,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
     };
     active_records: {
         id: string;
-        kind: "incorrect_claim" | "overconfident_claim" | "stale_evidence" | "missing_evidence" | "test_failure" | "route_misclassification" | "scout_error" | "visual_anchor_error" | "image_bbox_error" | "db_safety_false_positive" | "db_safety_false_negative" | "hook_policy_mismatch" | "hook_semantic_mismatch" | "hook_strict_subset_misclassified" | "codex_lb_health_misread" | "codex_lb_missing_env_raw_message" | "codex_lb_setup_choice_drift" | "codex_lb_env_persistence_failure" | "computer_use_policy_misclassification" | "computer_use_live_smoke_mismatch" | "computer_use_external_block_overclaimed" | "mock_real_confusion" | "user_intent_misread" | "artifact_schema_error" | "trust_status_overclaim" | "ux_review_text_only_fallback" | "gpt_image_2_callout_generation_failed" | "callout_extraction_schema_failed" | "callout_bbox_out_of_bounds" | "fix_loop_noop_patch" | "visual_fix_not_rechecked" | "post_fix_regression_detected" | "repeated_blocker_stop";
+        kind: "callout_extraction_schema_failed" | "missing_evidence" | "incorrect_claim" | "overconfident_claim" | "stale_evidence" | "test_failure" | "route_misclassification" | "scout_error" | "visual_anchor_error" | "image_bbox_error" | "db_safety_false_positive" | "db_safety_false_negative" | "hook_policy_mismatch" | "hook_semantic_mismatch" | "hook_strict_subset_misclassified" | "codex_lb_health_misread" | "codex_lb_missing_env_raw_message" | "codex_lb_setup_choice_drift" | "codex_lb_env_persistence_failure" | "computer_use_policy_misclassification" | "computer_use_live_smoke_mismatch" | "computer_use_external_block_overclaimed" | "mock_real_confusion" | "user_intent_misread" | "artifact_schema_error" | "trust_status_overclaim" | "ux_review_text_only_fallback" | "ux_generated_image_not_real" | "ux_fake_generic_callout_detected" | "ux_callout_ocr_uncertain" | "gpt_image_2_callout_generation_failed" | "callout_bbox_out_of_bounds" | "ux_patch_applied_without_recheck" | "ux_after_recheck_regression" | "ux_image_fidelity_mismatch" | "ux_output_schema_unavailable_fallback" | "fix_loop_noop_patch" | "visual_fix_not_rechecked" | "post_fix_regression_detected" | "repeated_blocker_stop";
         severity: "high" | "low" | "medium" | "critical";
         route: string | null;
         claim: string;

package/dist/core/bench.d.ts

@@ -66,6 +66,18 @@ export declare const CORE_BENCH_BUDGETS: {
     'sks features check --json': number;
     'sks scouts engines --json': number;
 };
+export declare const UX_REVIEW_STAGED_LATENCY_BUDGETS: Readonly<{
+    source_screenshot_ingest: 500;
+    gpt_image_2_generation: 120000;
+    callout_extraction: 120000;
+    fix_task_planning: 500;
+    recapture_re_review: 120000;
+    image_voxel_relation_validation: 800;
+    codex_compat_probe_batch: 5000;
+    computer_use_status_probe_batch: 5000;
+    codex_lb_status_probe_batch: 5000;
+    scout_engine_probe_batch: 5000;
+}>;
 export declare function runCoreBench(root?: any, { iterations, tier }?: any): Promise<{
     schema: string;
     generated_at: string;
@@ -128,6 +140,18 @@ export declare function runCoreBench(root?: any, { iterations, tier }?: any): Pr
             'sks scouts engines --json': number;
         };
     }>;
+    ux_review_staged_latency_budgets: Readonly<{
+        source_screenshot_ingest: 500;
+        gpt_image_2_generation: 120000;
+        callout_extraction: 120000;
+        fix_task_planning: 500;
+        recapture_re_review: 120000;
+        image_voxel_relation_validation: 800;
+        codex_compat_probe_batch: 5000;
+        computer_use_status_probe_batch: 5000;
+        codex_lb_status_probe_batch: 5000;
+        scout_engine_probe_batch: 5000;
+    }>;
     ok: boolean;
     commands: any[];
 }>;

package/dist/core/bench.js

@@ -60,6 +60,18 @@ export const CORE_BENCH_BUDGET_TIERS = Object.freeze({
     }
 });
 export const CORE_BENCH_BUDGETS = CORE_BENCH_BUDGET_TIERS['source-local'];
+export const UX_REVIEW_STAGED_LATENCY_BUDGETS = Object.freeze({
+    source_screenshot_ingest: 500,
+    gpt_image_2_generation: 120_000,
+    callout_extraction: 120_000,
+    fix_task_planning: 500,
+    recapture_re_review: 120_000,
+    image_voxel_relation_validation: 800,
+    codex_compat_probe_batch: 5_000,
+    computer_use_status_probe_batch: 5_000,
+    codex_lb_status_probe_batch: 5_000,
+    scout_engine_probe_batch: 5_000
+});
 const CORE_COMMANDS = Object.freeze([
     ['sks --version', ['--version']],
     ['sks help', ['help']],
@@ -107,6 +119,7 @@ export async function runCoreBench(root = process.cwd(), { iterations = 3, tier
         tier,
         iterations: Math.max(1, Number(iterations) || 1),
         budget_tiers: CORE_BENCH_BUDGET_TIERS,
+        ux_review_staged_latency_budgets: UX_REVIEW_STAGED_LATENCY_BUDGETS,
         ok: rows.every((row) => row.ok),
         commands: rows
     };

package/dist/core/codex-exec-output-schema.d.ts

@@ -16,6 +16,24 @@ export interface CodexResumeOutputSchemaCommandInput {
     json?: boolean;
     extraArgs?: readonly string[];
 }
+export interface CodexExecResumeOutputSchemaRunResult {
+    schema: 'sks.codex-exec-output-schema-run.v1';
+    ok: boolean;
+    status: 'parsed' | 'blocked' | 'integration_optional' | 'degraded_supported';
+    args: string[];
+    codex_bin: string | null;
+    output_file: string | null;
+    parsed_json: unknown | null;
+    blocker: ReturnType<typeof structuredOutputBlocker> | null;
+    validation: {
+        ok: boolean;
+        issues: string[];
+    };
+    stdout_tail: string;
+    stderr_tail: string;
+    timed_out: boolean;
+    exit_code: number | null;
+}
 export declare function detectCodexExecResumeOutputSchema(opts?: any): Promise<CodexExecResumeOutputSchemaAvailability>;
 export declare function codexSchemaPath(name: string): Promise<string>;
 export declare function assertCodexSchemaFile(schemaPath: string): Promise<{
@@ -25,6 +43,13 @@ export declare function assertCodexSchemaFile(schemaPath: string): Promise<{
     issues: string[];
 }>;
 export declare function buildCodexExecResumeOutputSchemaArgs(input: CodexResumeOutputSchemaCommandInput): Promise<string[]>;
+export declare function runCodexExecResumeWithOutputSchema(input: CodexResumeOutputSchemaCommandInput, opts?: {
+    codexBin?: string | null;
+    timeoutMs?: number;
+    maxOutputBytes?: number;
+    cwd?: string;
+    env?: NodeJS.ProcessEnv;
+}): Promise<CodexExecResumeOutputSchemaRunResult>;
 export declare function parseStructuredCodexOutput(text: unknown): {
     ok: boolean;
     value: unknown | null;

package/dist/core/codex-exec-output-schema.js

@@ -1,5 +1,6 @@
 import path from 'node:path';
-import { exists, packageRoot, readJson, runProcess, which } from './fsx.js';
+import fsp from 'node:fs/promises';
+import { ensureDir, exists, packageRoot, readJson, runProcess, which } from './fsx.js';
 import { codexVersionPolicy, compareSemverLike, parseCodexVersionText } from './codex-compat/codex-version-policy.js';
 export async function detectCodexExecResumeOutputSchema(opts = {}) {
     const codexBin = opts.codexBin || await which('codex').catch(() => null);
@@ -83,6 +84,64 @@ export async function buildCodexExecResumeOutputSchemaArgs(input) {
         args.push(String(input.prompt));
     return args;
 }
+export async function runCodexExecResumeWithOutputSchema(input, opts = {}) {
+    const availability = await detectCodexExecResumeOutputSchema({ codexBin: opts.codexBin || undefined });
+    if (!availability.codex_bin || availability.status !== 'available' || !availability.output_schema_supported) {
+        const status = availability.status === 'available' ? 'degraded_supported' : availability.status;
+        return {
+            schema: 'sks.codex-exec-output-schema-run.v1',
+            ok: false,
+            status,
+            args: [],
+            codex_bin: availability.codex_bin,
+            output_file: null,
+            parsed_json: null,
+            blocker: structuredOutputBlocker('output_schema_unavailable', availability.warnings.join('; ') || 'codex exec resume --output-schema unavailable'),
+            validation: { ok: false, issues: ['output_schema_unavailable'] },
+            stdout_tail: '',
+            stderr_tail: '',
+            timed_out: false,
+            exit_code: null
+        };
+    }
+    const outputFile = input.outputFile
+        ? path.resolve(input.outputFile)
+        : path.join(packageRoot(), '.sneakoscope', 'tmp', `codex-output-schema-${Date.now()}.json`);
+    await ensureDir(path.dirname(outputFile));
+    const args = await buildCodexExecResumeOutputSchemaArgs({ ...input, outputFile });
+    const runOpts = {
+        cwd: opts.cwd || packageRoot(),
+        timeoutMs: opts.timeoutMs || 120_000,
+        maxOutputBytes: opts.maxOutputBytes || 256 * 1024
+    };
+    if (opts.env)
+        runOpts.env = opts.env;
+    const result = await runProcess(availability.codex_bin, args, runOpts);
+    const outputText = await readOutputText(outputFile, result.stdout);
+    const parsed = parseStructuredCodexOutput(outputText);
+    const schema = await readJson(path.resolve(input.outputSchemaPath), null);
+    const validation = parsed.ok ? validateStructuredOutput(parsed.value, schema) : { ok: false, issues: ['json_parse_failed'] };
+    const blocker = !parsed.ok
+        ? parsed.blocker
+        : validation.ok
+            ? null
+            : structuredOutputBlocker('schema_validation_failed', validation.issues.join(', '));
+    return {
+        schema: 'sks.codex-exec-output-schema-run.v1',
+        ok: result.code === 0 && parsed.ok && validation.ok,
+        status: result.code === 0 && parsed.ok && validation.ok ? 'parsed' : 'blocked',
+        args,
+        codex_bin: availability.codex_bin,
+        output_file: outputFile,
+        parsed_json: parsed.ok ? parsed.value : null,
+        blocker,
+        validation,
+        stdout_tail: redactCodexOutput(result.stdout).slice(-12_000),
+        stderr_tail: redactCodexOutput(result.stderr).slice(-12_000),
+        timed_out: result.timedOut,
+        exit_code: result.code
+    };
+}
 export function parseStructuredCodexOutput(text) {
     const raw = String(text || '').trim();
     if (!raw) {
@@ -105,6 +164,13 @@ export function validateStructuredOutput(value, schema) {
         if (!row || !Object.hasOwn(row, key))
             issues.push(`required:${key}`);
     }
+    if (schema?.additionalProperties === false && row) {
+        const allowed = new Set(Object.keys(schema.properties || {}));
+        for (const key of Object.keys(row)) {
+            if (!allowed.has(key))
+                issues.push(`additional:${key}`);
+        }
+    }
     return { ok: issues.length === 0, issues };
 }
 export function structuredOutputBlocker(reason, detail) {
@@ -128,4 +194,13 @@ function sanitizeResumeId(value) {
         throw new Error('Unsafe Codex resume session id');
     return id;
 }
+async function readOutputText(outputFile, stdout) {
+    try {
+        const text = await fsp.readFile(outputFile, 'utf8');
+        if (text.trim())
+            return text;
+    }
+    catch { }
+    return stdout;
+}
 //# sourceMappingURL=codex-exec-output-schema.js.map