sneakoscope 1.17.0 → 1.18.1

package/README.md

@@ -10,7 +10,7 @@ SKS does not try to clone every other harness. It focuses on one thing: making C
 
 ## Current Release
 
-SKS **1.17.0** makes TypeScript the only runtime source of truth, moves package execution to built `dist/**/*.js`, adds Codex App agent cockpit artifacts, parallelizes release verification with a dependency DAG, and namespaces agent sessions by project hash plus mission id.
+SKS **1.18.1** adds Dynamic Agent Pool replenishment: `agents=5` now means keep up to five active worker slots running until the work queue drains, with immutable session generations, generation-aware terminal close reports, real/fake-tmux pane launch evidence, and Source Intelligence / Goal mode refs propagated to every generation.
 
 ```bash
 sks mad-sks plan --target-root <path> --json
@@ -20,6 +20,9 @@ sks mad-sks rollback-apply --rollback-plan <path> --yes --json
 sks features complete --json
 sks agent status latest --json
 sks agent run "release review" --agents 8 --concurrency 4 --mock --json
+npm run source-intelligence:all-modes
+npm run agent:background-terminals
+npm run agent:tmux-right-lanes
 npm run release:readiness
 ```
 
@@ -48,6 +51,14 @@ Detailed release history lives in [CHANGELOG.md](CHANGELOG.md). Current release
 - Core dominance: [docs/core-dominance.md](docs/core-dominance.md)
 - Performance budgets: [docs/performance-budgets.md](docs/performance-budgets.md)
 - Native Agent Kernel: [docs/native-agent-kernel.md](docs/native-agent-kernel.md)
+- Source Intelligence Layer: [docs/source-intelligence-layer.md](docs/source-intelligence-layer.md)
+- X AI / Context7 / Codex Web policy: [docs/xai-context7-codex-web-policy.md](docs/xai-context7-codex-web-policy.md)
+- Main no-Scout / worker Scout policy: [docs/main-no-scout-worker-scout-policy.md](docs/main-no-scout-worker-scout-policy.md)
+- Agent terminal lanes: [docs/agent-terminal-lanes.md](docs/agent-terminal-lanes.md)
+- tmux right-lane cockpit: [docs/tmux-right-lane-cockpit.md](docs/tmux-right-lane-cockpit.md)
+- Codex official Goal mode: [docs/codex-official-goal-mode.md](docs/codex-official-goal-mode.md)
+- Release parallel full coverage: [docs/release-parallel-full-coverage.md](docs/release-parallel-full-coverage.md)
+- Priority closure P0-P4: [docs/priority-closure-p0-p4.md](docs/priority-closure-p0-p4.md)
 - Image Voxel TriWiki: [docs/image-voxel-ledger.md](docs/image-voxel-ledger.md)
 - Image Wrongness: [docs/image-wrongness.md](docs/image-wrongness.md)
 - Route finalization: [docs/route-finalization.md](docs/route-finalization.md)
@@ -250,7 +261,7 @@ sks codex-lb repair
 sks
 ```
 
-Bare `sks` can also prompt for codex-lb auth; SKS stores the base URL/key in `~/.codex/sks-codex-lb.env`, writes the upstream codex-lb Codex CLI / IDE Extension provider block into `~/.codex/config.toml` for Codex App routing, loads the provider env key for tmux launches, and syncs the macOS user launch environment so the Codex App can see `CODEX_LB_API_KEY` after restart. If the provider block disappears but the stored env file is still recoverable, bare `sks`, npm postinstall upgrades, `sks doctor --fix`, and `sks codex-lb repair` restore it with `env_key = "CODEX_LB_API_KEY"`, `supports_websockets = true`, and `requires_openai_auth = true` as documented by codex-lb. If an older SKS release left the codex-lb dashboard key only in the shared Codex `auth.json` login cache, SKS migrates that key back into `~/.codex/sks-codex-lb.env` when a codex-lb provider or env base URL is already recoverable. It does not rewrite the shared Codex `auth.json` login cache by default; set `SKS_CODEX_LB_SYNC_CODEX_LOGIN=1` only if you intentionally want the old API-key login-cache behavior. When codex-lb is active, SKS opens a fresh `sks-codex-lb-*` tmux session and sweeps older detached codex-lb sessions for the same repo before launch so stale Responses API chains are not reused. Configured launch paths run a response-chain health check. `previous_response_not_found` is treated as a stateless-LB warning and keeps codex-lb active. Hard failures are surfaced to the user; SKS only bypasses codex-lb when the user chooses OAuth fallback or `SKS_CODEX_LB_AUTOBYPASS=1` is set.
+Bare `sks` can also prompt for codex-lb auth; SKS stores the base URL/key in `~/.codex/sks-codex-lb.env`, writes the codex-lb Codex CLI / IDE Extension provider block into `~/.codex/config.toml` for Codex App routing, loads the provider env key for tmux launches, and syncs the macOS user launch environment so the Codex App can see `CODEX_LB_API_KEY` after restart. If the provider block disappears but the stored env file is still recoverable, bare `sks`, npm postinstall upgrades, `sks doctor --fix`, and `sks codex-lb repair` restore it with `env_key = "CODEX_LB_API_KEY"`, `supports_websockets = true`, and `requires_openai_auth = false`; PPT/imagegen bridge checks treat that env-key provider as configured without requiring OpenAI OAuth. If an older SKS release left the codex-lb dashboard key only in the shared Codex `auth.json` login cache, SKS migrates that key back into `~/.codex/sks-codex-lb.env` when a codex-lb provider or env base URL is already recoverable. It does not rewrite the shared Codex `auth.json` login cache by default; set `SKS_CODEX_LB_SYNC_CODEX_LOGIN=1` only if you intentionally want the old API-key login-cache behavior. When codex-lb is active, SKS opens a fresh `sks-codex-lb-*` tmux session and sweeps older detached codex-lb sessions for the same repo before launch so stale Responses API chains are not reused. Configured launch paths run a response-chain health check. `previous_response_not_found` is treated as a stateless-LB warning and keeps codex-lb active. Hard failures are surfaced to the user; SKS only bypasses codex-lb when the user chooses OAuth fallback or `SKS_CODEX_LB_AUTOBYPASS=1` is set.
 
 If codex-lb provider auth drifts after launch/reinstall, run `sks doctor --fix` or `sks codex-lb repair`; to replace it, run `sks codex-lb reconfigure --host <domain> --api-key <key>`.
 
@@ -601,7 +612,7 @@ npm run release:check
 npm run publish:dry
 ```
 
-`release:check` runs the 1.17.0 parallel P0 DAG, writes a source digest stamp under `.sneakoscope/reports/`, then refreshes release readiness so publish commands can verify the same stamp. The DAG covers build, TS runtime source checks, dist parity, proof artifact structure, Codex App cockpit, janitor, multi-project isolation, parallel verification, typecheck, schema, release metadata, and release readiness. Broader live or historical gates remain explicit scripts such as `release:real-check`. Generate the human-readable registry with `sks features inventory --write-docs`. Plain `npm publish` uses the `latest` dist-tag. npm's `prepublishOnly` verifies the fresh release stamp instead of rerunning the full gate, and `prepack` only rebuilds `dist`; publish no longer repeats the expensive release suite during packaging. `npm run publish:dry` remains the explicit dry-run helper.
+`release:check` runs the 1.18.1 dynamic agent pool closure DAG, writes a source digest stamp under `.sneakoscope/reports/`, then refreshes release readiness so publish commands can verify the same stamp. The DAG preserves the 1.18 baseline gates and adds dynamic pool, backfill replenishment, scheduler proof, session generation, terminal generation, tmux real right-lane, dynamic cockpit, Source Intelligence propagation, and Goal mode propagation checks. Broader live or historical gates remain explicit scripts such as `release:real-check`. Generate the human-readable registry with `sks features inventory --write-docs`. Plain `npm publish` uses the `latest` dist-tag. npm's `prepublishOnly` verifies the fresh release stamp instead of rerunning the full gate, and `prepack` only rebuilds `dist`; publish no longer repeats the expensive release suite during packaging. `npm run publish:dry` remains the explicit dry-run helper.
 
 Version bumps are manual. Run `sks versioning bump` only when preparing release metadata; SKS will not create `.git/hooks/pre-commit` or auto-bump during ordinary commits.
 

package/crates/sks-core/Cargo.lock

@@ -76,7 +76,7 @@ dependencies = [
 
 [[package]]
 name = "sks-core"
-version = "1.17.0"
+version = "1.18.1"
 dependencies = [
  "serde_json",
 ]

package/crates/sks-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sks-core"
-version = "1.17.0"
+version = "1.18.1"
 edition = "2021"
 
 [dependencies]

package/crates/sks-core/src/main.rs

@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
 fn main() {
     let mut args = std::env::args().skip(1);
     match args.next().as_deref() {
-        Some("--version") => println!("sks-rs 1.17.0"),
+        Some("--version") => println!("sks-rs 1.18.1"),
         Some("compact-info") => {
             let mut input = String::new();
             let _ = io::stdin().read_to_string(&mut input);

package/dist/.sks-build-stamp.json

@@ -1,8 +1,8 @@
 {
   "schema": "sks.dist-build-stamp.v1",
   "package_name": "sneakoscope",
-  "package_version": "1.17.0",
-  "source_digest": "527177fcd408d00042f7263b37de99dd135af1fd2fdd0a8d79a220e747de03cb",
-  "source_file_count": 1515,
-  "built_at_source_time": 1779685135168
+  "package_version": "1.18.1",
+  "source_digest": "6df40e82722a56a4df2efafa956011204d7a96fd218b43d19aa10672bbd0842c",
+  "source_file_count": 1312,
+  "built_at_source_time": 1779722031788
 }

package/dist/bin/sks.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const FAST_PACKAGE_VERSION = '1.17.0';
+const FAST_PACKAGE_VERSION = '1.18.1';
 const args = process.argv.slice(2);
 try {
     if (args[0] === '--version' || args[0] === '-v' || args[0] === 'version') {

package/dist/build-manifest.json

@@ -1,16 +1,16 @@
 {
   "schema": "sks.dist-build.v2",
-  "version": "1.17.0",
-  "package_version": "1.17.0",
+  "version": "1.18.1",
+  "package_version": "1.18.1",
   "typescript": true,
   "mjs_runtime_files": 0,
-  "compiled_file_count": 828,
-  "compiled_js_count": 414,
-  "compiled_dts_count": 414,
-  "source_digest": "527177fcd408d00042f7263b37de99dd135af1fd2fdd0a8d79a220e747de03cb",
-  "source_file_count": 1515,
-  "source_files_hash": "137bd4f96d0913bd90ab4e74364e959627dd8fd29576dae9d57c89c38b9b009f",
-  "source_list_hash": "137bd4f96d0913bd90ab4e74364e959627dd8fd29576dae9d57c89c38b9b009f",
+  "compiled_file_count": 858,
+  "compiled_js_count": 429,
+  "compiled_dts_count": 429,
+  "source_digest": "6df40e82722a56a4df2efafa956011204d7a96fd218b43d19aa10672bbd0842c",
+  "source_file_count": 1312,
+  "source_files_hash": "fbe2aa994acefbdab214a17074d539960fa99369b928c3679442019ace20e7c6",
+  "source_list_hash": "fbe2aa994acefbdab214a17074d539960fa99369b928c3679442019ace20e7c6",
   "src_mjs_runtime_files": 0,
   "dist_stamp_schema": "sks.dist-build-stamp.v1",
   "files": [
@@ -234,22 +234,36 @@
     "core/agents/agent-runner-process.js",
     "core/agents/agent-runner-tmux.d.ts",
     "core/agents/agent-runner-tmux.js",
+    "core/agents/agent-scheduler.d.ts",
+    "core/agents/agent-scheduler.js",
     "core/agents/agent-schema.d.ts",
     "core/agents/agent-schema.js",
+    "core/agents/agent-session-generation.d.ts",
+    "core/agents/agent-session-generation.js",
     "core/agents/agent-session-rows.d.ts",
     "core/agents/agent-session-rows.js",
     "core/agents/agent-task-slicer.d.ts",
     "core/agents/agent-task-slicer.js",
+    "core/agents/agent-terminal-session.d.ts",
+    "core/agents/agent-terminal-session.js",
     "core/agents/agent-trust-report.d.ts",
     "core/agents/agent-trust-report.js",
     "core/agents/agent-work-partition.d.ts",
     "core/agents/agent-work-partition.js",
+    "core/agents/agent-work-queue.d.ts",
+    "core/agents/agent-work-queue.js",
     "core/agents/agent-worker-pipeline.d.ts",
     "core/agents/agent-worker-pipeline.js",
+    "core/agents/agent-worker-slot.d.ts",
+    "core/agents/agent-worker-slot.js",
     "core/agents/agent-wrongness.d.ts",
     "core/agents/agent-wrongness.js",
     "core/agents/route-collaboration-ledger.d.ts",
     "core/agents/route-collaboration-ledger.js",
+    "core/agents/scout-policy.d.ts",
+    "core/agents/scout-policy.js",
+    "core/agents/tmux-right-lane-cockpit.d.ts",
+    "core/agents/tmux-right-lane-cockpit.js",
     "core/agents/work-partition/conflict-detector.d.ts",
     "core/agents/work-partition/conflict-detector.js",
     "core/agents/work-partition/dependency-graph.d.ts",
@@ -332,6 +346,10 @@
     "core/codex-lb/codex-lb-setup.js",
     "core/codex-model-guard.d.ts",
     "core/codex-model-guard.js",
+    "core/codex/codex-web-search-adapter.d.ts",
+    "core/codex/codex-web-search-adapter.js",
+    "core/codex/official-goal-mode.d.ts",
+    "core/codex/official-goal-mode.js",
     "core/commands/agent-command.d.ts",
     "core/commands/agent-command.js",
     "core/commands/autoresearch-command.d.ts",
@@ -582,6 +600,10 @@
     "core/mad-sks/write-guard.js",
     "core/managed-paths.d.ts",
     "core/managed-paths.js",
+    "core/mcp/xai-mcp-detector.d.ts",
+    "core/mcp/xai-mcp-detector.js",
+    "core/mcp/xai-search-adapter.d.ts",
+    "core/mcp/xai-search-adapter.js",
     "core/memory-governor.d.ts",
     "core/memory-governor.js",
     "core/memory-summary.d.ts",
@@ -717,6 +739,8 @@
     "core/questions.js",
     "core/recallpulse.d.ts",
     "core/recallpulse.js",
+    "core/release-parallel-full-coverage.d.ts",
+    "core/release-parallel-full-coverage.js",
     "core/research.d.ts",
     "core/research.js",
     "core/retention.d.ts",
@@ -731,6 +755,12 @@
     "core/session/project-namespace.js",
     "core/skill-forge.d.ts",
     "core/skill-forge.js",
+    "core/source-intelligence/source-intelligence-policy.d.ts",
+    "core/source-intelligence/source-intelligence-policy.js",
+    "core/source-intelligence/source-intelligence-proof.d.ts",
+    "core/source-intelligence/source-intelligence-proof.js",
+    "core/source-intelligence/source-intelligence-runner.d.ts",
+    "core/source-intelligence/source-intelligence-runner.js",
     "core/structured-output-adapter.d.ts",
     "core/structured-output-adapter.js",
     "core/team-dag.d.ts",

package/dist/cli/install-helpers.d.ts

@@ -101,6 +101,9 @@ export declare function codexLbStatus(opts?: any): Promise<{
     env_path: any;
     provider_configured: boolean;
     provider_requires_openai_auth: boolean;
+    provider_openai_auth_disabled: boolean;
+    provider_env_key: string | null;
+    provider_uses_codex_lb_env_auth: boolean;
     selected: boolean;
     env_file: boolean;
     env_key_configured: boolean;
@@ -207,6 +210,9 @@ export declare function maybePromptCodexLbSetupForLaunch(args?: any, opts?: any)
     env_path: any;
     provider_configured: boolean;
     provider_requires_openai_auth: boolean;
+    provider_openai_auth_disabled: boolean;
+    provider_env_key: string | null;
+    provider_uses_codex_lb_env_auth: boolean;
     selected: boolean;
     env_file: boolean;
     env_key_configured: boolean;
@@ -245,6 +251,9 @@ export declare function maybePromptCodexLbSetupForLaunch(args?: any, opts?: any)
     env_path: any;
     provider_configured: boolean;
     provider_requires_openai_auth: boolean;
+    provider_openai_auth_disabled: boolean;
+    provider_env_key: string | null;
+    provider_uses_codex_lb_env_auth: boolean;
     selected: boolean;
     env_file: boolean;
     env_key_configured: boolean;

package/dist/cli/install-helpers.js

@@ -132,7 +132,7 @@ async function reportPostinstallCodexLbAuth() {
         console.log(`codex-lb auth: repair skipped (${codexLbAuth.status}${codexLbAuth.error ? `: ${codexLbAuth.error}` : ''}).`);
     const reconcile = codexLbAuth.auth_reconcile;
     if (reconcile?.status === 'oauth_preserved') {
-        console.log(`codex-lb auth: ChatGPT OAuth preserved for Codex App; codex-lb key stays in env_key (OAuth backup at ${reconcile.backup_path ?? 'unknown'}).`);
+        console.log(`codex-lb auth: ChatGPT OAuth preserved as backup; codex-lb key stays in env_key (OpenAI OAuth not required, backup at ${reconcile.backup_path ?? 'unknown'}).`);
     }
     else if (reconcile?.status === 'oauth_restored') {
         console.log(`codex-lb auth: restored ChatGPT OAuth from ${reconcile.backup_path ?? 'unknown'} while keeping codex-lb selected.`);
@@ -452,12 +452,19 @@ export async function codexLbStatus(opts = {}) {
     const selected = hasTopLevelCodexLbSelected(config);
     const baseUrl = codexLbProviderBaseUrl(config) || envLoad.base_url || null;
     const providerRequiresOpenAiAuth = codexLbProviderRequiresOpenAiAuth(config);
+    const providerOpenAiAuthDisabled = codexLbProviderOpenAiAuthDisabled(config);
+    const providerEnvKey = codexLbProviderEnvKey(config);
+    const providerUsesCodexLbEnvAuth = providerConfigured && providerEnvKey === 'CODEX_LB_API_KEY' && providerOpenAiAuthDisabled;
+    const codexAppUsableWithCodexLb = providerUsesCodexLbEnvAuth && envKeyConfigured && Boolean(baseUrl);
     return {
-        ok: providerConfigured && envKeyConfigured && Boolean(baseUrl) && providerRequiresOpenAiAuth,
+        ok: providerConfigured && envKeyConfigured && Boolean(baseUrl) && providerUsesCodexLbEnvAuth,
         config_path: configPath,
         env_path: envPath,
         provider_configured: providerConfigured,
         provider_requires_openai_auth: providerRequiresOpenAiAuth,
+        provider_openai_auth_disabled: providerOpenAiAuthDisabled,
+        provider_env_key: providerEnvKey || null,
+        provider_uses_codex_lb_env_auth: providerUsesCodexLbEnvAuth,
         selected,
         env_file: envExists,
         env_key_configured: envKeyConfigured,
@@ -474,8 +481,8 @@ export async function codexLbStatus(opts = {}) {
         base_url: baseUrl,
         auth_path: authPath,
         auth_mode: authMode.mode,
-        auth_usable_for_codex_app: authMode.codex_app_usable,
-        auth_summary: authMode.summary
+        auth_usable_for_codex_app: authMode.codex_app_usable || codexAppUsableWithCodexLb,
+        auth_summary: codexAppUsableWithCodexLb ? 'codex-lb provider uses CODEX_LB_API_KEY env_key; OpenAI OAuth not required' : authMode.summary
     };
 }
 export function formatCodexLbStatusText(status = {}, opts = {}) {
@@ -487,7 +494,7 @@ export function formatCodexLbStatusText(status = {}, opts = {}) {
         `Configured: ${status.ok ? 'yes' : 'no'}`,
         `Selected:   ${status.selected ? 'yes' : 'no'}`,
         `Provider:   ${status.provider_configured ? 'yes' : 'no'}`,
-        `Provider requires OpenAI auth: ${status.provider_requires_openai_auth ? 'yes' : 'missing'}`,
+        `Provider OpenAI OAuth: ${status.provider_openai_auth_disabled ? 'disabled for codex-lb env_key' : status.provider_requires_openai_auth ? 'required (repair recommended)' : 'missing explicit false'}`,
         `Codex App auth: ${status.auth_usable_for_codex_app ? 'ok' : 'needs sign-in/repair'} (${status.auth_mode || 'unknown'})`
     ];
     if (status.auth_summary)
@@ -521,7 +528,7 @@ export function formatCodexLbRepairResultText(result = {}) {
     if (result.auth_reconcile?.status === 'oauth_restored')
         lines.push(`Codex App auth: ChatGPT OAuth restored from ${result.auth_reconcile.backup_path}.`);
     else if (result.auth_reconcile?.status === 'oauth_preserved')
-        lines.push('Codex App auth: ChatGPT OAuth preserved; codex-lb will use CODEX_LB_API_KEY from env_key.');
+        lines.push('Codex App auth: ChatGPT OAuth preserved as backup; codex-lb will use CODEX_LB_API_KEY from env_key without OpenAI OAuth.');
     else if (result.auth_reconcile?.status === 'apikey_auth_active')
         lines.push('Codex App auth: API-key auth.json is still active. Sign in again if the App asks for ChatGPT OAuth.');
     return `${lines.join('\n')}\n`;
@@ -757,6 +764,14 @@ function codexLbProviderRequiresOpenAiAuth(text = '') {
     const block = String(text || '').match(/(^|\n)\[model_providers\.codex-lb\]([\s\S]*?)(?=\n\[[^\]]+\]|\s*$)/)?.[2] || '';
     return /(^|\n)\s*requires_openai_auth\s*=\s*true\s*(?:#.*)?(?=\n|$)/.test(block);
 }
+function codexLbProviderOpenAiAuthDisabled(text = '') {
+    const block = String(text || '').match(/(^|\n)\[model_providers\.codex-lb\]([\s\S]*?)(?=\n\[[^\]]+\]|\s*$)/)?.[2] || '';
+    return /(^|\n)\s*requires_openai_auth\s*=\s*false\s*(?:#.*)?(?=\n|$)/.test(block);
+}
+function codexLbProviderEnvKey(text = '') {
+    const block = String(text || '').match(/(^|\n)\[model_providers\.codex-lb\]([\s\S]*?)(?=\n\[[^\]]+\]|\s*$)/)?.[2] || '';
+    return block.match(/(^|\n)\s*env_key\s*=\s*"([^"]+)"/)?.[2] || '';
+}
 export async function repairCodexLbAuth(opts = {}) {
     let status = await codexLbStatus(opts);
     let configRepaired = false;
@@ -771,7 +786,7 @@ export async function repairCodexLbAuth(opts = {}) {
             status = await codexLbStatus(opts);
         }
     }
-    if (status.env_key_configured && status.base_url && (!status.ok || !status.selected || !status.provider_requires_openai_auth || legacyAuthMigrated || hasTopLevelCodexModeLock(currentConfig))) {
+    if (status.env_key_configured && status.base_url && (!status.ok || !status.selected || !status.provider_uses_codex_lb_env_auth || legacyAuthMigrated || hasTopLevelCodexModeLock(currentConfig))) {
         await ensureDir(path.dirname(status.config_path));
         const next = normalizeCodexFastModeUiConfig(upsertCodexLbConfig(currentConfig, status.base_url));
         await writeTextAtomic(status.config_path, next);
@@ -816,7 +831,7 @@ export async function ensureCodexLbAuthDuringInstall(opts = {}) {
     if (!status.selected && !status.provider_configured && !status.env_file)
         return { status: 'not_configured', codex_lb: status };
     await migrateCodexAuthKeyFormat({ home: opts.home });
-    if (status.ok && (!status.selected || !status.provider_requires_openai_auth))
+    if (status.ok && (!status.selected || !status.provider_uses_codex_lb_env_auth))
         return repairCodexLbAuth(opts);
     if (!status.ok) {
         if (status.base_url && (status.env_key_configured || status.provider_configured || status.selected || status.env_base_url_configured))
@@ -935,10 +950,9 @@ async function migrateCodexAuthKeyFormat(opts = {}) {
         return { status: 'skipped', reason: 'parse_error' };
     }
 }
-// Codex App needs a refreshable ChatGPT OAuth blob when a provider declares
-// requires_openai_auth=true. For codex-lb, the proxy key belongs in env_key
-// (CODEX_LB_API_KEY), so SKS preserves or restores OAuth by default and only
-// writes apikey auth.json when explicitly requested for CLI-only legacy use.
+// codex-lb authenticates through env_key (CODEX_LB_API_KEY) and explicitly
+// disables OpenAI OAuth on the provider. SKS still preserves existing OAuth
+// blobs, but OAuth is no longer a readiness requirement for codex-lb.
 export async function reconcileCodexLbAuthConflict(opts = {}) {
     const home = opts.home || process.env.HOME || os.homedir();
     const status = opts.status || await codexLbStatus({ ...opts, home });
@@ -979,7 +993,7 @@ export async function reconcileCodexLbAuthConflict(opts = {}) {
         if (process.env.SKS_CODEX_LB_FORCE_APIKEY_AUTH !== '1') {
             return {
                 status: 'oauth_preserved',
-                reason: 'codex_app_requires_refreshable_oauth',
+                reason: 'chatgpt_oauth_preserved_while_codex_lb_uses_env_key',
                 auth_path: authPath,
                 backup_path: backupPath
             };
@@ -1190,7 +1204,7 @@ export async function maybePromptCodexLbSetupForLaunch(args = [], opts = {}) {
     if (args.includes('--json') || args.includes('--skip-codex-lb') || process.env.SKS_SKIP_CODEX_LB_PROMPT === '1')
         return { status: 'skipped' };
     let status = await codexLbStatus(opts);
-    if (status.env_key_configured && status.base_url && (!status.provider_configured || !status.selected || !status.provider_requires_openai_auth)) {
+    if (status.env_key_configured && status.base_url && (!status.provider_configured || !status.selected || !status.provider_uses_codex_lb_env_auth)) {
         let promptedRestore = false;
         if (!status.provider_configured && canAskYesNo()) {
             promptedRestore = true;
@@ -1349,7 +1363,7 @@ function upsertCodexLbConfig(text = '', baseUrl, selectDefault = true) {
         'wire_api = "responses"',
         'env_key = "CODEX_LB_API_KEY"',
         'supports_websockets = true',
-        'requires_openai_auth = true'
+        'requires_openai_auth = false'
     ].join('\n');
     next = upsertTomlTable(next, 'model_providers.codex-lb', block);
     return `${next.trim()}\n`;
@@ -2248,8 +2262,8 @@ export async function selftestCodexLb(tmp) {
     const codexLbAuth = await safeReadText(path.join(codexLbHome, '.codex', 'auth.json'));
     if (!codexLbSetupJson.ok || codexLbSetupJson.base_url !== 'https://lb.example.test/backend-api/codex' || !hasTopLevelCodexLbSelected(codexLbConfig) || !codexLbConfig.includes('[model_providers.codex-lb]') || !codexLbEnv.includes("CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'") || !codexLbEnv.includes("CODEX_LB_API_KEY='sk-test'") || codexLbSetupJson.codex_environment?.ok !== true || codexLbSetupJson.codex_login?.status !== 'skipped' || codexLbAuth.trim())
         throw new Error('selftest: codex-lb setup');
-    if (!codexLbConfig.includes('requires_openai_auth = true'))
-        throw new Error('selftest: codex-lb setup did not write upstream-required requires_openai_auth');
+    if (!codexLbConfig.includes('requires_openai_auth = false'))
+        throw new Error('selftest: codex-lb setup did not disable OpenAI OAuth for codex-lb env_key auth');
     const codexLbFailLaunchctl = path.join(codexLbFakeBin, 'launchctl-fail');
     await writeTextAtomic(codexLbFailLaunchctl, '#!/bin/sh\necho "launchctl denied" >&2\nexit 7\n');
     await fsp.chmod(codexLbFailLaunchctl, 0o755);
@@ -2262,8 +2276,8 @@ export async function selftestCodexLb(tmp) {
     const codexLbRepairSetupConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
     if (!hasTopLevelCodexLbSelected(codexLbRepairSetupConfig) || !codexLbRepairSetupConfig.includes('[model_providers.codex-lb]') || !codexLbRepairSetupConfig.includes('https://lb.example.test/backend-api/codex') || codexLbRepairSetupConfig.includes('sk-test'))
         throw new Error('selftest: init codex-lb');
-    if (!codexLbRepairSetupConfig.includes('requires_openai_auth = true'))
-        throw new Error('selftest: init codex-lb did not preserve upstream-required requires_openai_auth');
+    if (!codexLbRepairSetupConfig.includes('requires_openai_auth = false'))
+        throw new Error('selftest: init codex-lb did not preserve OpenAI OAuth disablement');
     if (!hasCodexUnstableFeatureWarningSuppression(codexLbRepairSetupConfig))
         throw new Error('selftest: init codex-lb did not suppress Codex unstable feature warning');
     await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), `${codexLbConfig}\n[mcp_servers.supabase]\nurl = "https://mcp.supabase.com/mcp?project_ref=ref&read_only=true&features=database,docs"\n`);
@@ -2281,8 +2295,8 @@ export async function selftestCodexLb(tmp) {
     const pcfg = await safeReadText(path.join(ptmp, '.codex', 'config.toml'));
     if (!hasTopLevelCodexLbSelected(pcfg) || !pcfg.includes('[model_providers.codex-lb]') || !pcfg.includes('[mcp_servers.supabase]') || !pcfg.includes('read_only=true'))
         throw new Error('selftest: project codex-lb');
-    if (!pcfg.includes('requires_openai_auth = true'))
-        throw new Error('selftest: project codex-lb did not copy upstream-required requires_openai_auth');
+    if (!pcfg.includes('requires_openai_auth = false'))
+        throw new Error('selftest: project codex-lb did not copy OpenAI OAuth disablement');
     if (!hasCodexUnstableFeatureWarningSuppression(pcfg))
         throw new Error('selftest: project codex-lb config did not suppress Codex unstable feature warning');
     await writeTextAtomic(path.join(codexLbHome, '.codex', 'auth.json'), '{"auth_mode":"browser"}\n');
@@ -2356,8 +2370,8 @@ export async function selftestCodexLb(tmp) {
         throw new Error('selftest: postinstall drift auth');
     if (!hasTopLevelCodexLbSelected(codexLbPostBootstrapConfig) || !codexLbPostBootstrapConfig.includes('[model_providers.codex-lb]') || !codexLbPostBootstrapConfig.includes('https://lb.example.test/backend-api/codex') || codexLbPostBootstrapConfig.includes('sk-test'))
         throw new Error('selftest: postinstall drift config');
-    if (!codexLbPostBootstrapConfig.includes('requires_openai_auth = true'))
-        throw new Error('selftest: postinstall drift config did not restore upstream-required requires_openai_auth');
+    if (!codexLbPostBootstrapConfig.includes('requires_openai_auth = false'))
+        throw new Error('selftest: postinstall drift config did not restore OpenAI OAuth disablement');
     const doctorProject = tmpdir();
     await ensureDir(path.join(doctorProject, '.git'));
     await writeTextAtomic(path.join(doctorProject, 'package.json'), '{"name":"codex-lb-doctor-project","version":"0.0.0"}\n');
@@ -2377,8 +2391,8 @@ export async function selftestCodexLb(tmp) {
     const codexLbDoctorConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
     if (!codexLbDoctorJson.repair?.codex_lb?.ok || !codexLbDoctorJson.repair.codex_lb.config_repaired || !codexLbDoctorJson.codex_lb?.ok || !codexLbDoctorAuth.includes('"auth_mode":"browser"') || codexLbDoctorAuth.includes('sk-test') || !hasTopLevelCodexLbSelected(codexLbDoctorConfig) || !codexLbDoctorConfig.includes('https://lb.example.test/backend-api/codex') || !hasCodexUnstableFeatureWarningSuppression(codexLbDoctorConfig))
         throw new Error('selftest: doctor codex-lb');
-    if (!codexLbDoctorConfig.includes('requires_openai_auth = true'))
-        throw new Error('selftest: doctor codex-lb did not restore upstream-required requires_openai_auth');
+    if (!codexLbDoctorConfig.includes('requires_openai_auth = false'))
+        throw new Error('selftest: doctor codex-lb did not restore OpenAI OAuth disablement');
     // codex-lb auth: ChatGPT OAuth ↔ codex-lb env_key conflict reconciliation.
     const oauthAuthJson = JSON.stringify({
         auth_mode: 'chatgpt',
@@ -2387,7 +2401,7 @@ export async function selftestCodexLb(tmp) {
     });
     await writeTextAtomic(path.join(codexLbHome, '.codex', 'auth.json'), `${oauthAuthJson}\n`);
     await writeTextAtomic(path.join(codexLbHome, '.codex', 'sks-codex-lb.env'), "export CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'\nexport CODEX_LB_API_KEY='sk-test'\n");
-    await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), 'model_provider = "codex-lb"\n\n[model_providers.codex-lb]\nname = "OpenAI"\nbase_url = "https://lb.example.test/backend-api/codex"\nwire_api = "responses"\nenv_key = "CODEX_LB_API_KEY"\nsupports_websockets = true\nrequires_openai_auth = true\n');
+    await writeTextAtomic(path.join(codexLbHome, '.codex', 'config.toml'), 'model_provider = "codex-lb"\n\n[model_providers.codex-lb]\nname = "OpenAI"\nbase_url = "https://lb.example.test/backend-api/codex"\nwire_api = "responses"\nenv_key = "CODEX_LB_API_KEY"\nsupports_websockets = true\nrequires_openai_auth = false\n');
     await fsp.rm(path.join(codexLbHome, '.codex', 'auth.chatgpt-backup.json'), { force: true });
     const codexLbReconcileRepair = await runProcess(process.execPath, [packagedSksEntrypoint(), 'auth', 'repair', '--json'], { cwd: tmp, env: codexLbEnvForSelftest, timeoutMs: 15000, maxOutputBytes: 64 * 1024 });
     if (codexLbReconcileRepair.code !== 0)
@@ -2423,7 +2437,7 @@ export async function selftestCodexLb(tmp) {
     // codex-lb auth: release flow — restore ChatGPT OAuth from backup so the user can return to
     // the official ChatGPT account login. Default deselects model_provider; flags control whether
     // the provider stays selected and whether the backup file is removed after restore.
-    const codexLbReleaseConfig = 'model_provider = "codex-lb"\n\n[model_providers.codex-lb]\nname = "OpenAI"\nbase_url = "https://lb.example.test/backend-api/codex"\nwire_api = "responses"\nenv_key = "CODEX_LB_API_KEY"\nsupports_websockets = true\nrequires_openai_auth = true\n';
+    const codexLbReleaseConfig = 'model_provider = "codex-lb"\n\n[model_providers.codex-lb]\nname = "OpenAI"\nbase_url = "https://lb.example.test/backend-api/codex"\nwire_api = "responses"\nenv_key = "CODEX_LB_API_KEY"\nsupports_websockets = true\nrequires_openai_auth = false\n';
     const codexLbReleaseEnv = "export CODEX_LB_BASE_URL='https://lb.example.test/backend-api/codex'\nexport CODEX_LB_API_KEY='sk-test'\n";
     const codexLbReleaseApikeyAuth = '{"auth_mode":"apikey","OPENAI_API_KEY":"sk-test"}\n';
     const codexLbReleaseOauthBackup = `${oauthAuthJson}\n`;
@@ -2719,8 +2733,8 @@ export async function selftestCodexLb(tmp) {
         }
     });
     const missingProviderRepairedConfig = await safeReadText(path.join(codexLbHome, '.codex', 'config.toml'));
-    if (!missingProviderLaunch.ok || missingProviderLaunch.status !== 'present' || missingProviderLaunch.chain_health?.status !== 'chain_ok' || missingProviderLaunchCalls.length !== 2 || !hasTopLevelCodexLbSelected(missingProviderRepairedConfig) || !missingProviderRepairedConfig.includes('[model_providers.codex-lb]') || !missingProviderRepairedConfig.includes('env_key = "CODEX_LB_API_KEY"') || !missingProviderRepairedConfig.includes('supports_websockets = true') || !missingProviderRepairedConfig.includes('requires_openai_auth = true'))
-        throw new Error('selftest: bare sks launch did not restore missing upstream codex-lb provider block from stored env');
+    if (!missingProviderLaunch.ok || missingProviderLaunch.status !== 'present' || missingProviderLaunch.chain_health?.status !== 'chain_ok' || missingProviderLaunchCalls.length !== 2 || !hasTopLevelCodexLbSelected(missingProviderRepairedConfig) || !missingProviderRepairedConfig.includes('[model_providers.codex-lb]') || !missingProviderRepairedConfig.includes('env_key = "CODEX_LB_API_KEY"') || !missingProviderRepairedConfig.includes('supports_websockets = true') || !missingProviderRepairedConfig.includes('requires_openai_auth = false'))
+        throw new Error('selftest: bare sks launch did not restore codex-lb provider block from stored env with OpenAI OAuth disabled');
     const chainCalls = [];
     const okChain = await checkCodexLbResponseChain({ base_url: 'https://lb.example.test/backend-api/codex', env_path: path.join(codexLbHome, '.codex', 'sks-codex-lb.env') }, {
         apiKey: 'sk-test',

package/dist/commands/image-ux-review.d.ts

@@ -436,6 +436,28 @@ export declare function run(command: any, args?: any): Promise<void | {
                 lease_count: number;
                 blockers: string[];
             };
+            scheduler: {
+                schema: string;
+                ok: boolean;
+                state: import("../core/agents/agent-scheduler.js").AgentSchedulerState;
+                queue: import("../core/agents/agent-work-queue.js").AgentWorkQueue;
+                slots: import("../core/agents/agent-worker-slot.js").AgentWorkerSlot[];
+                results: any[];
+            };
+            source_intelligence: {
+                artifact: string;
+                ok: boolean;
+                mode: import("../core/source-intelligence/source-intelligence-policy.js").SourceIntelligenceMode;
+                cache_key: string;
+                proof_ok: boolean;
+            };
+            goal_mode: {
+                artifact: string;
+                ok: boolean;
+                mode: "official_goal_default" | "sks_goal_fallback";
+                official_goal_available: boolean;
+                default_enabled: boolean;
+            };
             results: any[];
             consensus: {
                 schema: string;
@@ -524,6 +546,15 @@ export declare function run(command: any, args?: any): Promise<void | {
                     no_overlap_ok: boolean;
                     ledger_hash_chain_ok: boolean;
                     all_sessions_closed: boolean;
+                    terminal_sessions_closed: any;
+                    terminal_close_report: string;
+                    target_active_slots: any;
+                    max_observed_active_slots: any;
+                    backfill_count: any;
+                    pending_queue_drained: any;
+                    generation_count: any;
+                    tmux_attach_command: string | null;
+                    tmux_lane_manifest: string;
                     output_schema_ok: boolean;
                     output_tail_report: string;
                     output_tail_records: number;
@@ -538,7 +569,7 @@ export declare function run(command: any, args?: any): Promise<void | {
                 generated_at: string;
                 records: {
                     schema: string;
-                    kind: "recursion_attempt" | "lease_conflict" | "session_not_closed" | "schema_invalid_output" | "stale_heartbeat" | "legacy_multiagent_runtime_usage_attempt";
+                    kind: "xai_available_not_used" | "context7_missing" | "codex_web_search_missing" | "recursion_attempt" | "lease_conflict" | "session_not_closed" | "terminal_missing" | "terminal_not_closed" | "scheduler_starvation" | "session_generation_missing" | "schema_invalid_output" | "stale_heartbeat" | "legacy_multiagent_runtime_usage_attempt";
                     blocker: string;
                     created_at: string;
                     status: string;
@@ -558,6 +589,29 @@ export declare function run(command: any, args?: any): Promise<void | {
                 all_sessions_closed: boolean;
                 launched_count: number;
                 closed_session_count: number;
+                terminal_sessions_closed: boolean;
+                terminal_session_count: number;
+                terminal_generation_count: number;
+                terminal_close_report_count: number;
+                terminal_close_report: string;
+                session_generation_count: number;
+                all_generations_closed: boolean;
+                scheduler_state: string;
+                target_active_slots: any;
+                max_observed_active_slots: any;
+                pending_queue_drained: boolean;
+                backfill_count: any;
+                expected_backfill_count: any;
+                slot_count: any;
+                generation_count: number;
+                all_slots_closed_after_drain: boolean;
+                generated_work_item_count: any;
+                source_intelligence_generation_refs_ok: boolean;
+                goal_mode_generation_refs_ok: boolean;
+                tmux_lane_manifest: string;
+                tmux_lane_manifest_ok: boolean;
+                tmux_pane_launch_ledger: string;
+                tmux_pane_launch_count: number;
                 ledger_hash_chain_ok: boolean;
                 no_overlap_ok: boolean;
                 consensus_ok: boolean;

package/dist/commands/ppt.d.ts

@@ -288,6 +288,28 @@ export declare function run(command: any, args?: any): Promise<void | {
                 lease_count: number;
                 blockers: string[];
             };
+            scheduler: {
+                schema: string;
+                ok: boolean;
+                state: import("../core/agents/agent-scheduler.js").AgentSchedulerState;
+                queue: import("../core/agents/agent-work-queue.js").AgentWorkQueue;
+                slots: import("../core/agents/agent-worker-slot.js").AgentWorkerSlot[];
+                results: any[];
+            };
+            source_intelligence: {
+                artifact: string;
+                ok: boolean;
+                mode: import("../core/source-intelligence/source-intelligence-policy.js").SourceIntelligenceMode;
+                cache_key: string;
+                proof_ok: boolean;
+            };
+            goal_mode: {
+                artifact: string;
+                ok: boolean;
+                mode: "official_goal_default" | "sks_goal_fallback";
+                official_goal_available: boolean;
+                default_enabled: boolean;
+            };
             results: any[];
             consensus: {
                 schema: string;
@@ -376,6 +398,15 @@ export declare function run(command: any, args?: any): Promise<void | {
                     no_overlap_ok: boolean;
                     ledger_hash_chain_ok: boolean;
                     all_sessions_closed: boolean;
+                    terminal_sessions_closed: any;
+                    terminal_close_report: string;
+                    target_active_slots: any;
+                    max_observed_active_slots: any;
+                    backfill_count: any;
+                    pending_queue_drained: any;
+                    generation_count: any;
+                    tmux_attach_command: string | null;
+                    tmux_lane_manifest: string;
                     output_schema_ok: boolean;
                     output_tail_report: string;
                     output_tail_records: number;
@@ -390,7 +421,7 @@ export declare function run(command: any, args?: any): Promise<void | {
                 generated_at: string;
                 records: {
                     schema: string;
-                    kind: "recursion_attempt" | "lease_conflict" | "session_not_closed" | "schema_invalid_output" | "stale_heartbeat" | "legacy_multiagent_runtime_usage_attempt";
+                    kind: "xai_available_not_used" | "context7_missing" | "codex_web_search_missing" | "recursion_attempt" | "lease_conflict" | "session_not_closed" | "terminal_missing" | "terminal_not_closed" | "scheduler_starvation" | "session_generation_missing" | "schema_invalid_output" | "stale_heartbeat" | "legacy_multiagent_runtime_usage_attempt";
                     blocker: string;
                     created_at: string;
                     status: string;
@@ -410,6 +441,29 @@ export declare function run(command: any, args?: any): Promise<void | {
                 all_sessions_closed: boolean;
                 launched_count: number;
                 closed_session_count: number;
+                terminal_sessions_closed: boolean;
+                terminal_session_count: number;
+                terminal_generation_count: number;
+                terminal_close_report_count: number;
+                terminal_close_report: string;
+                session_generation_count: number;
+                all_generations_closed: boolean;
+                scheduler_state: string;
+                target_active_slots: any;
+                max_observed_active_slots: any;
+                pending_queue_drained: boolean;
+                backfill_count: any;
+                expected_backfill_count: any;
+                slot_count: any;
+                generation_count: number;
+                all_slots_closed_after_drain: boolean;
+                generated_work_item_count: any;
+                source_intelligence_generation_refs_ok: boolean;
+                goal_mode_generation_refs_ok: boolean;
+                tmux_lane_manifest: string;
+                tmux_lane_manifest_ok: boolean;
+                tmux_pane_launch_ledger: string;
+                tmux_pane_launch_count: number;
                 ledger_hash_chain_ok: boolean;
                 no_overlap_ok: boolean;
                 consensus_ok: boolean;