sneakoscope 1.10.0 → 1.12.0

package/README.md

@@ -4,248 +4,25 @@ Fast legacy-free proof-first Codex trust layer with image-based Voxel TriWiki.
 
 Sneakoscope Codex (`sks`) is a Codex CLI/App harness that makes repeatable Codex work auditable.
 
-SKS **1.10.0** is the Function-Only Update Check release: `sks update-check` and the pre-work update gate now share a lightweight npm freshness function that reports `route_required: false` and `pipeline_required: false`, so checking for a newer SKS package never starts Team, setup, doctor, or any execution pipeline.
-
-SKS **1.0.9** is the Official Docs Ultimate Kernel: Codex CLI `rust-v0.132.0` structured resume output is now an actual runner, `gpt-image-2` review generation uses Codex App `$imagegen` evidence or an optional OpenAI Images API fallback, Structured Outputs strict schemas are the extraction fallback, and `$UX-Review this screenshot with gpt-image-2 callouts, then fix the issues` blocks fake callouts until generated image pixels are schema-extracted, patched, recaptured, and re-reviewed.
-
-SKS **1.0.8** is the Codex 0.132 UX-Review Seal: Codex CLI `rust-v0.132.0` compatibility is explicit, `codex exec resume --output-schema` is the preferred structured-output path, and `$UX-Review this screenshot with gpt-image-2 callouts, then fix the issues` is a real visual trust loop from source screenshot fidelity to generated callout ingestion, issue ledger extraction, bounded safe fixes, recapture/re-review, Image Voxel relations, Wrongness, Completion Proof, and Trust Report gates.
-
-SKS **1.0.7** is the Ultimate Final Completion seal for the Codex trust harness: Computer Use live evidence is an opt-in, local-only macOS evidence path with explicit `probe_only`, `live_capture_attempted`, `live_capture_success`, and `live_capture_blocked` modes; `codex-lb setup` reports durable persistence versus `process_only_ephemeral` honestly; and docs/release readiness checks block mock/probe/live overclaims.
-
-SKS **1.0.6** is the final precision polish for the Codex trust harness: hook compatibility is classified as upstream schema plus an SKS zero-warning strict subset, `sks codex-lb setup` previews and applies the exact choices the user selected, and Computer Use has an optional live smoke surface for macOS capability/evidence status.
-
-SKS **1.0.5** sealed the prior trust harness: hook outputs were validated against both vendored OpenAI Codex CLI `rust-v0.131.0` schemas and runtime semantic parser rules, codex-lb setup survived macOS user-session launches through env-file/Keychain/launchctl-aware repair surfaces, and Computer Use became the preferred macOS visual evidence capability when available.
-
-SKS **1.0.4** introduced the `rust-v0.131.0` schema snapshot, guided codex-lb setup path, and Computer Use/MAD-SKS separation that 1.0.5 now hardens into release gates.
-
-SKS **1.0.3** adds git-collaboration hygiene for shared TriWiki memory: `sks git ...`, tracked shared shards under `.sneakoscope/wiki/**`, runtime-only ignores, shared wrongness publish/sync, and Codex App hook trust-state generation for current hook trust syntax.
-
-SKS **1.0.2** removed the last blanket TypeScript suppressions from runtime sources (`@ts-nocheck`/`@ts-ignore` are gated out by `npm run typecheck:suppressions`). The package remains `dist`-only, the typed command registry is still the genuine runtime registry, and release checks additionally block stray `.mjs` under `dist`, command-registry import drift (`blackbox:command-import-smoke`), typed contract probes, plus suppression + migration summaries.
-
-SKS **1.0.2** also adds TriWiki Wrongness Memory: `sks wrongness ...` records negative evidence for wrong claims, stale or missing proof, test failures, image anchor mistakes, DB safety mismatches, hook policy mismatches, mock-real confusion, and trust overclaims. Active wrongness is retrieved by TriWiki/scouts and lowers or blocks trust until corrected.
-
-Hybrid-free **`1.0.1`** already delivered the CLI entrypoint/router/registry/Trust Kernel/Evidence/Proof/Voxel/Scout TypeScript builds, packed installs that smoke-test every lazy import, and **`sks run --execute`** / **`--auto`** paths for safe/mock routes (destructive DB and missing visual proof stay blocked—these are mock/safe-heavy, not universally live executions).
-
 SKS does not try to clone every other harness. It focuses on one thing: making Codex work auditable, visual-evidence-bound, safety-gated, and reproducible through Completion Proof.
 
 ![Sneakoscope Codex Trust Layer](docs/assets/sneakoscope-architecture-pipeline.jpg)
 
+## Current Release
 
-## 1.10.0 Function-Only Update Check
-
-1.10.0 keeps the update freshness check out of the SKS mission pipeline. The shared `runSksUpdateCheck` function performs only an npm `view sneakoscope version` lookup, honors `SKS_NPM_VIEW_SNEAKOSCOPE_VERSION` for hermetic tests, and returns explicit `mode: "function"`, `route_required: false`, and `pipeline_required: false` evidence for CLI JSON output and hook-gate reuse.
+SKS **1.12.0** focuses on real execution closure: UX-Review, PPT Imagegen Review, DFix, and all-feature completion now require command-path wiring, extraction reports, proof/trust/wrongness evidence, mock/real separation, and release gates that block static-only or fake evidence paths.
 
 ```bash
-sks update-check --json
+sks features complete --json
+sks ux-review run --image <path> --generate-callouts --json
+sks ppt fixture --mock --json
+sks dfix fixture --json
 ```
 
-Release checks now write `.sneakoscope/reports/official-docs-compat-1.10.0.json` plus `.sneakoscope/reports/release-readiness-1.10.0.json`.
-
-## 1.0.9 Official Docs Ultimate Kernel
-
-1.0.9 closes the remaining policy-vs-run-path gap. Attached generated images are recorded with `callout_extraction_status: pending` and empty callouts until `codex exec resume --output-schema` or the OpenAI Structured Outputs fallback returns a schema-valid issue ledger. Real `gpt-image-2` generation records request/response artifacts, source SHA-256, high-fidelity automatic input metadata, output hashes, local-only privacy, and blockers instead of substituting prose or generic callouts.
-
-```bash
-sks ux-review run --image ./screenshot.png --generate-callouts --json
-sks ux-review attach-generated latest --image ./generated-callouts.png --json
-sks ux-review extract-issues --generated-image ./generated-callouts.png --json
-sks ux-review attach-after latest --image ./after.png --json
-sks ux-review proof latest --json
-sks ux-review explain latest
-npm run official-docs:compat
-```
-
-Release checks now include `npm run official-docs:compat` and write `.sneakoscope/reports/official-docs-compat-1.0.9.json` plus `.sneakoscope/reports/release-readiness-1.0.9.json`.
-
-## 1.0.8 Codex 0.132 UX-Review Seal
-
-1.0.8 makes UX-Review the representative SKS visual trust harness rather than a policy-only fixture. The CLI/App route now records source screenshot original-resolution metadata, requires real `gpt-image-2` generated callout images before verified UX claims, extracts visible callouts into `schemas/codex/image-ux-issue-ledger.schema.json`, plans bounded P0/P1-first fixes, and requires recapture/re-review before visual fix verification.
-
-```bash
-sks codex compatibility --json
-sks ux-review run --image ./screenshot.png --fix --json
-sks ux-review callouts --image ./screenshot.png --json
-sks ux-review extract-issues --generated-image ./generated-callouts.png --json
-sks ux-review fix latest --json
-sks ux-review recapture latest --json
-sks ux-review recheck latest --json
-sks ux-review status latest --json
-```
-
-Release checks now include:
-
-- `npm run codex:0.132-compat`
-- `npm run codex:output-schema-fixture`
-- `npm run image-fidelity:check`
-- `npm run ux-review:real-loop-fixture`
-- `npm run ux-review:no-text-fallback`
-- `npm run ux-review:image-voxel-relations`
-- `npm run memory-summary:rebuild-check`
-- `npm run loop-blocker:check`
-
-`gpt-image-2` output is local-only by default. Text-only critique is blocked, mock fixtures stay `verified_partial` or lower, screenshot binaries are not automatically published to shared TriWiki, and unavailable Codex/App image-generation capability is recorded as a blocker instead of being faked.
-
-## 1.0.7 Ultimate Final Completion
-
-1.0.7 does not add a new route, skill, or competing harness. It closes the last trust gaps around live visual evidence, persistence truth, and release documentation.
-
-Computer Use live evidence stays optional and explicit:
-
-```bash
-sks computer-use smoke --json
-sks computer-use smoke --real --capture-screenshot --json
-sks computer-use smoke --real --require-real --json
-npm run computer-use:live-evidence
-```
-
-Default smoke is `probe_only` and never attempts screen capture. Real mode records `live_capture_attempted`, `live_capture_success`, or `live_capture_blocked`; if Codex App, macOS permission, or the official Computer Use capture surface is unavailable, SKS writes a structured blocker instead of fabricated evidence. Browser Use evidence and manual screenshots remain separate sources. Computer Use screenshots are local-only by default, carry SHA-256 metadata, and link to Image Voxel only when a mission-local anchor can be made.
-
-codex-lb setup now reports the exact persistence truth:
-
-```bash
-sks codex-lb setup --host lb.example.com --api-key-stdin --plan --json
-sks codex-lb setup --host lb.example.com --api-key-stdin --yes --no-env-file --no-keychain --no-launchctl --shell-profile skip --json
-npm run codex-lb:persistence-truth
-```
-
-Durable modes are `durable_env_file`, `durable_keychain`, `durable_launchctl`, and `shell_profile`. If all durable modes are disabled, setup is classified as `process_only_ephemeral`, emits `next_shell_requires_setup_or_env`, and warns that Codex App GUI launches may not see credentials. Use `sks codex-lb setup --write-env-file --keychain --launchctl` to recover durable persistence.
-
-Documentation truthfulness is now a release invariant:
-
-```bash
-npm run docs:truthfulness
-npm run release:readiness
-```
-
-The hook compatibility surface remains the upstream schema plus the SKS zero-warning strict subset; SKS does not claim to mirror every upstream runtime parser rule or guarantee universal Computer Use availability.
-
-## 1.0.6 Final Precision Polish
-
-SKS validates Codex hooks against the OpenAI Codex `rust-v0.131.0` schema and enforces a stricter SKS zero-warning subset. Some fields may be accepted by upstream but are intentionally disallowed by SKS to avoid user-facing hook warnings and release drift. `sks hooks warning-check --json` now reports `schema_violation`, `upstream_semantic_unsupported`, `sks_zero_warning_disallowed`, `legacy_shape`, and `policy_disallowed` category counts.
-
-`sks codex-lb setup` is now a two-phase plan/apply wizard. Every question maps to an actual action: provider selection, env file writing, Keychain storage, launchctl sync, shell profile snippets, and health checks.
-
-```bash
-sks codex-lb setup --host lb.example.com --api-key-stdin --plan --json
-sks codex-lb setup --host lb.example.com --api-key-stdin --yes --no-default-provider --no-env-file --json
-npm run codex-lb:setup-truthfulness
-```
-
-Computer Use live validation is optional and opt-in. On macOS, `SKS_TEST_REAL_COMPUTER_USE=1 sks computer-use smoke --real --json` attempts a non-destructive capability/evidence check. If Codex App or macOS denies the capability, SKS records a structured blocker and does not fabricate visual evidence.
-
-```bash
-sks computer-use smoke --json
-SKS_TEST_REAL_COMPUTER_USE=1 sks computer-use smoke --real --json
-npm run computer-use:live-optional
-```
-
-## 1.0.5 Ultimate Harness Seal
-
-SKS 1.0.5 treats Codex hook semantic compatibility as stricter than schema compatibility. `sks hooks warning-check --json` and `npm run hooks:semantic-check` fail if an output uses `permissionDecision:"ask"`, PreToolUse `allow` without `updatedInput`, Stop `continue:false`, `stopReason`, `suppressOutput`, snake_case keys, unknown fields, or legacy top-level hook decisions.
-
-codex-lb setup now has a durable setup/repair path:
-
-```bash
-sks codex-lb setup --host lb.example.com --api-key-stdin --yes --json
-sks codex-lb status --json
-sks codex-lb doctor --deep --json
-npm run codex-lb:missing-env-regression
-```
-
-The API key is written only to redacted status surfaces. The env file is `~/.codex/sks-codex-lb.env`, metadata is `~/.codex/sks-codex-lb.json`, and reports expose only a redacted presence state plus a fingerprint. Raw `CODEX_LB_API_KEY` missing-env errors are release failures.
-
-Computer Use is a Codex App/macOS capability, not a MAD-SKS or DB permission. Visual routes use:
-
-```bash
-sks computer-use status --json
-sks computer-use require --route '$QA-LOOP' --json
-npm run computer-use:visual-route-fixture
-```
-
-If Codex App or macOS blocks the capability, SKS records `external_capability_blocked`, `codex_app_missing`, `macos_permission_missing`, or the closest structured status and does not fabricate UI evidence.
-
-## 1.0.4 Codex CLI Compatibility
-
-SKS 1.0.4 targets OpenAI Codex CLI `rust-v0.131.0`. Hook outputs are validated against vendored upstream schemas, so SKS fails release checks if it emits deprecated hook shapes or unknown fields. `sks codex-lb setup` now guides users through domain/base URL and API key setup, stores secrets securely, and prevents raw `CODEX_LB_API_KEY` missing messages. On macOS, Computer Use is treated as a first-class Codex App visual evidence capability and is never blocked by MAD-SKS or a generic SKS safety policy.
-
-If the Codex App or OS itself denies Computer Use capability, SKS records `external_capability_blocked` and does not fabricate UI evidence.
-
-New checks:
-
-- `sks codex compatibility --json`
-- `sks codex doctor --json`
-- `sks hooks codex-validate --json`
-- `sks hooks warning-check --json`
-- `sks codex-lb setup --host <domain> --api-key-stdin --yes --json`
-- `sks computer-use status --json`
-
-## 1.0.3 Previous Release Notes
-
-SKS **1.0.3 makes TriWiki collaboration git-safe.** Shared claims, wrongness records, image voxels, and avoidance rules publish to one-record JSON shards; generated indexes are ignored and rebuilt. `.gitignore` no longer hides all of `.sneakoscope/`, so shared memory can be committed while missions, logs, reports, caches, and temporary packs stay local.
-
-New commands:
-
-- `sks git policy|install|status|doctor|precommit|publish-plan|summary`
-- `sks wiki publish latest --shared`
-- `sks wrongness publish latest --shared`
-- `sks wiki rebuild-index --json`
-- `sks wiki validate-shared --json`
-
-Codex App setup now writes hook trust-state hashes into `.codex/config.toml` for the managed `.codex/hooks.json`, matching the current Codex hook trust model.
-
-## 1.0.2 Previous Release Notes
-
-SKS **1.0.2 removes the blanket `@ts-nocheck` / `@ts-ignore` layer from runtime TypeScript.** The shipped package stays `dist`-only, keeps the typed command registry as the real runtime dispatcher, runs `npm run typecheck:suppressions` ahead of builds in `release:check`, and records migration counters under `.sneakoscope/reports/typescript-migration.*`.
-
-`npm run dist:check` now pairs the existing filesystem `.mjs` hunt with **`sks.dist-build.v2`** metadata that records `mjs_runtime_files = 0` plus the semver captured at build time—guarding accidental hybrid drift.
-
-`npm run typecheck`, `npm run typecheck:suppressions`, `npm run typecheck:contracts`, `npm run test:types`, and `npm run release:check` are the release proof for the 1.0.2 strict TypeScript seal.
-
-## 1.0.1 Previous Release
-
-1.0.1 removes the package/runtime hybrid boundary. The TypeScript command registry is the actual CLI runtime registry, `npm run build` no longer copies `src/**/*.mjs` into `dist`, and `npm run dist:check` blocks `dist/**/*.mjs`, `.mjs` imports, and contract-only registry markers.
-
-Highlights:
-
-- `npm run build`, `npm run typecheck`, `npm run typecheck:contracts`, and `npm run schema:check` are release invariants.
-- `npm run dist:check` proves the built runtime is `dist`-only JavaScript generated from TypeScript.
-- `npm run package-boundary:check` and `npm run blackbox:command-import-smoke` verify the packed package, not just the source checkout.
-- `npm run blackbox:matrix` runs real pack install, npx one-shot, global shim, no-git, spaces, and Korean/Unicode path checks by default.
-- `sks run "task" --execute --json` and `sks run "task" --auto --json` execute safe routes; visual evidence gaps and destructive DB prompts block with explicit recovery.
-- `sks trust report latest --json`, `sks trust validate latest --json`, and `sks trust explain latest` expose the route trust kernel.
-- Route finalization writes mission-local `route-completion-contract.json`, `evidence-index.json`, `evidence.jsonl`, and `trust-report.json`.
-- Mock/static evidence stays `verified_partial` or lower; static contracts cannot satisfy runtime route contracts.
-- Visual route validation blocks stale image/voxel anchors.
-- `sks bench core --tier source-ci --json` writes `.sneakoscope/reports/performance/core-bench.json` and `.md` using tiered budgets.
-- `sks paths managed --json` and `sks rollback list --json` document SKS-owned project paths and explicit rollback actions.
-
-## 0.9.19 Release
-
-0.9.19 makes SKS Scout evidence parse-bound and package-install verified. Real Codex/tmux/Codex App subagent engines must write parseable scout output before consensus can use them as primary evidence. If an engine is unavailable or output cannot be parsed, SKS records a blocked or verified-partial result instead of substituting static evidence. Packed package checks now cover temp install, npx one-shot, and global shim behavior.
-
-Highlights:
-
-- Real Scout outputs are parsed from pure JSON, fenced JSON, `SCOUT_RESULT_JSON:` markdown, or final JSON blocks into `sks.scout-result.v1`.
-- `scout-consensus.json` records whether primary evidence came from parsed real outputs or local static fixtures.
-- `tmux-lanes` has an opt-in session/window/watcher/cleanup path; release gates skip or block honestly when live tmux/Codex is unavailable.
-- Codex App subagents require a local `sks.codex-app-subagents-capability.v1` descriptor; `SKS_CODEX_APP_SUBAGENTS=1` alone is not enough.
-- `npm run release:check` includes `pipeline-runtime:check`, `feature-quality:check`, `scouts:parser-check`, and `blackbox:check`.
-- Feature fixtures report `runtime_verified`, `runtime_mock_verified`, `integration_optional`, `static_contract`, and `missing` counts.
-- `sks rust status|smoke --json` reports optional Rust availability, detects stale native binaries, and proves JS fallback parity when native Rust is missing or version-mismatched.
-- `npm run release:check` includes `route-modularity:check`, `command-budget:check`, and `feature-fixtures:strict`.
-
-`0.9.14` turned SKS into a legacy-free proof-first trust layer for Codex work:
+Detailed release history lives in [CHANGELOG.md](CHANGELOG.md). Current release gate status lives in [docs/release-readiness.md](docs/release-readiness.md).
 
-- Command registry entries load independent command modules without runtime fallback to archived 0.9.13 CLI bundles.
-- Serious routes write Completion Proof through the central route finalizer before completion is claimed.
-- Visual/UI routes require Image Voxel TriWiki anchors, with before/after relations for visual fix claims.
-- Executable feature fixtures validate expected artifact existence and schema contracts.
-- Hook replay strictly matches decision, reason, gate, issues, continuation, and redaction policy.
-- codex-lb launch failures feed both global and active-project circuit health; stateless `previous_response_not_found` stays a warning.
-- Rust `image-hash` and semantic `voxel-validate` commands match JS fallback behavior.
-- `$Commit` and `$Commit-And-Push` provide a simple git-only route for staging, committing, and optionally pushing without the full SKS pipeline.
+## Documentation
 
-Learn more:
 - Completion Proof: [docs/completion-proof.md](docs/completion-proof.md)
 - TypeScript architecture: [docs/typescript-architecture.md](docs/typescript-architecture.md)
 - Trust Kernel: [docs/trust-kernel.md](docs/trust-kernel.md)

package/crates/sks-core/Cargo.lock

@@ -76,7 +76,7 @@ dependencies = [
 
 [[package]]
 name = "sks-core"
-version = "1.10.0"
+version = "1.12.0"
 dependencies = [
  "serde_json",
 ]

package/crates/sks-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sks-core"
-version = "1.10.0"
+version = "1.12.0"
 edition = "2021"
 
 [dependencies]

package/crates/sks-core/src/main.rs

@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
 fn main() {
     let mut args = std::env::args().skip(1);
     match args.next().as_deref() {
-        Some("--version") => println!("sks-rs 1.10.0"),
+        Some("--version") => println!("sks-rs 1.12.0"),
         Some("compact-info") => {
             let mut input = String::new();
             let _ = io::stdin().read_to_string(&mut input);

package/dist/bin/sks.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const FAST_PACKAGE_VERSION = '1.10.0';
+const FAST_PACKAGE_VERSION = '1.12.0';
 const args = process.argv.slice(2);
 try {
     if (args[0] === '--version' || args[0] === '-v' || args[0] === 'version') {

package/dist/build-manifest.json

@@ -1,6 +1,6 @@
 {
   "schema": "sks.dist-build.v2",
-  "version": "1.10.0",
+  "version": "1.12.0",
   "typescript": true,
   "mjs_runtime_files": 0,
   "files": [
@@ -232,6 +232,8 @@
     "core/commands/computer-use-command.js",
     "core/commands/db-command.d.ts",
     "core/commands/db-command.js",
+    "core/commands/dfix-command.d.ts",
+    "core/commands/dfix-command.js",
     "core/commands/eval-command.d.ts",
     "core/commands/eval-command.js",
     "core/commands/gc-command.d.ts",
@@ -302,6 +304,8 @@
     "core/decision-contract.js",
     "core/decision-lattice.d.ts",
     "core/decision-lattice.js",
+    "core/dfix.d.ts",
+    "core/dfix.js",
     "core/dogfood-loop.d.ts",
     "core/dogfood-loop.js",
     "core/effort-orchestrator.d.ts",
@@ -328,6 +332,8 @@
     "core/feature-fixtures.js",
     "core/feature-registry.d.ts",
     "core/feature-registry.js",
+    "core/features/feature-completion.d.ts",
+    "core/features/feature-completion.js",
     "core/features/feature-fixtures.d.ts",
     "core/features/feature-fixtures.js",
     "core/features/feature-registry.d.ts",
@@ -390,6 +396,8 @@
     "core/image-ux-review/recapture.js",
     "core/init.d.ts",
     "core/init.js",
+    "core/json-schema-validator.d.ts",
+    "core/json-schema-validator.js",
     "core/language-preference.d.ts",
     "core/language-preference.js",
     "core/loop-blocker.d.ts",
@@ -467,6 +475,24 @@
     "core/pipeline/stop-gate.js",
     "core/pipeline/validation.d.ts",
     "core/pipeline/validation.js",
+    "core/ppt-imagegen-review.d.ts",
+    "core/ppt-imagegen-review.js",
+    "core/ppt-review/deck-issue-ledger.d.ts",
+    "core/ppt-review/deck-issue-ledger.js",
+    "core/ppt-review/index.d.ts",
+    "core/ppt-review/index.js",
+    "core/ppt-review/ppt-fix-task-planner.d.ts",
+    "core/ppt-review/ppt-fix-task-planner.js",
+    "core/ppt-review/ppt-patch-handoff.d.ts",
+    "core/ppt-review/ppt-patch-handoff.js",
+    "core/ppt-review/reexport-rereview.d.ts",
+    "core/ppt-review/reexport-rereview.js",
+    "core/ppt-review/slide-exporter.d.ts",
+    "core/ppt-review/slide-exporter.js",
+    "core/ppt-review/slide-imagegen-review.d.ts",
+    "core/ppt-review/slide-imagegen-review.js",
+    "core/ppt-review/slide-issue-extraction.d.ts",
+    "core/ppt-review/slide-issue-extraction.js",
     "core/ppt.d.ts",
     "core/ppt.js",
     "core/prompt-context-builder.d.ts",

package/dist/cli/command-registry.js

@@ -110,7 +110,7 @@ export const COMMANDS = {
     '$': entry('stable', 'Alias for dollar-commands', 'dist/core/commands/basic-cli.js', basicArgs('dollarCommandsCommand')),
     commit: entry('stable', 'Create a simple git commit', 'dist/commands/commit.js', directCommand(() => import('../commands/commit.js'), 'dist/commands/commit.js')),
     'commit-and-push': entry('stable', 'Create a simple git commit and push', 'dist/commands/commit-and-push.js', directCommand(() => import('../commands/commit-and-push.js'), 'dist/commands/commit-and-push.js')),
-    dfix: entry('stable', 'Explain DFix route', 'dist/core/commands/basic-cli.js', basicNoArgs('dfixCommand')),
+    dfix: entry('stable', 'Run DFix diagnose/plan/patch/verify loop', 'dist/core/commands/dfix-command.js', commandArgsCommand(() => import('../core/commands/dfix-command.js'), 'dfixCommand', 'dist/core/commands/dfix-command.js')),
     team: entry('beta', 'Create and observe Team missions', 'dist/core/commands/team-command.js', argsCommand(() => import('../core/commands/team-command.js'), 'team', 'dist/core/commands/team-command.js')),
     'qa-loop': entry('beta', 'Run QA loop missions', 'dist/core/commands/qa-loop-command.js', subcommand(() => import('../core/commands/qa-loop-command.js'), 'qaLoopCommand', 'dist/core/commands/qa-loop-command.js')),
     research: entry('labs', 'Run research missions', 'dist/core/commands/research-command.js', subcommand(() => import('../core/commands/research-command.js'), 'researchCommand', 'dist/core/commands/research-command.js')),

package/dist/cli/feature-commands.js

@@ -5,7 +5,7 @@ import { exists, projectRoot, readJson, writeJsonAtomic } from '../core/fsx.js';
 import { CODEX_ACCESS_TOKENS_DOCS_URL } from '../core/codex-app.js';
 import { redactSecrets } from '../core/secret-redaction.js';
 import { evaluateHookPayload } from '../core/hooks-runtime.js';
-import { buildAllFeaturesSelftest, buildFeatureRegistry, validateFeatureRegistry, writeFeatureInventoryDocs } from '../core/feature-registry.js';
+import { buildAllFeaturesSelftest, buildFeatureRegistry, validateFeatureRegistry, writeAllFeatureCompletionReport, writeFeatureInventoryDocs } from '../core/feature-registry.js';
 import { recordHookPolicyMismatchWrongness } from '../core/triwiki-wrongness/wrongness-ledger.js';
 import { codexSchemaSnapshotReport } from '../core/codex-compat/codex-schema-snapshot.js';
 import { validateCodexFixtureOutputs } from '../core/codex-compat/codex-hook-schema.js';
@@ -49,13 +49,36 @@ export async function featuresCommand(sub = 'list', args = []) {
             process.exitCode = 1;
         return;
     }
-    console.error('Usage: sks features list|check|inventory [--json] [--write-docs]');
+    if (action === 'complete') {
+        const report = await writeAllFeatureCompletionReport({ root });
+        if (flag(args, '--json'))
+            console.log(JSON.stringify(report, null, 2));
+        else {
+            console.log(`All feature completion: ${report.status}`);
+            console.log(`Report: ${path.relative(root, report.files.json)}`);
+        }
+        if (!report.ok)
+            process.exitCode = 1;
+        return;
+    }
+    console.error('Usage: sks features list|check|inventory|complete [--json] [--write-docs]');
     process.exitCode = 1;
 }
 export async function allFeaturesCommand(sub = 'selftest', args = []) {
     const action = sub || 'selftest';
+    if (action === 'complete' || action === 'completion') {
+        const root = await projectRoot();
+        const report = await writeAllFeatureCompletionReport({ root });
+        if (flag(args, '--json'))
+            return console.log(JSON.stringify(report, null, 2));
+        console.log(`All feature completion: ${report.status}`);
+        console.log(`Report: ${path.relative(root, report.files.json)}`);
+        if (!report.ok)
+            process.exitCode = 1;
+        return;
+    }
     if (action !== 'selftest') {
-        console.error('Usage: sks all-features selftest --mock [--execute-fixtures] [--json]');
+        console.error('Usage: sks all-features selftest|complete --mock [--execute-fixtures] [--json]');
         process.exitCode = 1;
         return;
     }

package/dist/commands/bench.d.ts

@@ -3,6 +3,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
     generated_at: string;
     tier: any;
     iterations: number;
+    warmup_iterations: number;
     budget_tiers: Readonly<{
         'source-local': {
             'sks --version': number;
@@ -10,7 +11,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
             'sks root --json': number;
             'sks commands --json': number;
             'sks proof validate --json': number;
-            'sks trust validate latest --json': number;
+            'sks trust validate bench-fixture --json': number;
             'sks wiki image-validate --json': number;
             'sks features check --json': number;
             'sks scouts engines --json': number;
@@ -21,7 +22,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
             'sks root --json': number;
             'sks commands --json': number;
             'sks proof validate --json': number;
-            'sks trust validate latest --json': number;
+            'sks trust validate bench-fixture --json': number;
             'sks wiki image-validate --json': number;
             'sks features check --json': number;
             'sks scouts engines --json': number;
@@ -32,7 +33,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
             'sks root --json': number;
             'sks commands --json': number;
             'sks proof validate --json': number;
-            'sks trust validate latest --json': number;
+            'sks trust validate bench-fixture --json': number;
             'sks wiki image-validate --json': number;
             'sks features check --json': number;
             'sks scouts engines --json': number;
@@ -43,7 +44,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
             'sks root --json': number;
             'sks commands --json': number;
             'sks proof validate --json': number;
-            'sks trust validate latest --json': number;
+            'sks trust validate bench-fixture --json': number;
             'sks wiki image-validate --json': number;
             'sks features check --json': number;
             'sks scouts engines --json': number;
@@ -54,7 +55,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
             'sks root --json': number;
             'sks commands --json': number;
             'sks proof validate --json': number;
-            'sks trust validate latest --json': number;
+            'sks trust validate bench-fixture --json': number;
             'sks wiki image-validate --json': number;
             'sks features check --json': number;
             'sks scouts engines --json': number;
@@ -82,6 +83,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
         generated_at: string;
         tier: any;
         iterations: number;
+        warmup_iterations: number;
         budget_tiers: Readonly<{
             'source-local': {
                 'sks --version': number;
@@ -89,7 +91,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
                 'sks root --json': number;
                 'sks commands --json': number;
                 'sks proof validate --json': number;
-                'sks trust validate latest --json': number;
+                'sks trust validate bench-fixture --json': number;
                 'sks wiki image-validate --json': number;
                 'sks features check --json': number;
                 'sks scouts engines --json': number;
@@ -100,7 +102,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
                 'sks root --json': number;
                 'sks commands --json': number;
                 'sks proof validate --json': number;
-                'sks trust validate latest --json': number;
+                'sks trust validate bench-fixture --json': number;
                 'sks wiki image-validate --json': number;
                 'sks features check --json': number;
                 'sks scouts engines --json': number;
@@ -111,7 +113,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
                 'sks root --json': number;
                 'sks commands --json': number;
                 'sks proof validate --json': number;
-                'sks trust validate latest --json': number;
+                'sks trust validate bench-fixture --json': number;
                 'sks wiki image-validate --json': number;
                 'sks features check --json': number;
                 'sks scouts engines --json': number;
@@ -122,7 +124,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
                 'sks root --json': number;
                 'sks commands --json': number;
                 'sks proof validate --json': number;
-                'sks trust validate latest --json': number;
+                'sks trust validate bench-fixture --json': number;
                 'sks wiki image-validate --json': number;
                 'sks features check --json': number;
                 'sks scouts engines --json': number;
@@ -133,7 +135,7 @@ export declare function run(_command: any, args?: any): Promise<void | {
                 'sks root --json': number;
                 'sks commands --json': number;
                 'sks proof validate --json': number;
-                'sks trust validate latest --json': number;
+                'sks trust validate bench-fixture --json': number;
                 'sks wiki image-validate --json': number;
                 'sks features check --json': number;
                 'sks scouts engines --json': number;