sneakoscope 1.18.10 → 1.18.12

package/README.md

@@ -16,7 +16,7 @@ Set up this agent project with Sneakoscope Codex. Use [[mandarange/Sneakoscope-C
 
 ## Current Release
 
-SKS **1.18.10** hardens the Patch Swarm runtime closure: patch truth now requires route execution, transaction journal evidence, conflict rebase results, strict strategy-to-patch wiring, verification, rollback proof, and final proof rather than route flags alone. It also closes the Native CLI Session Swarm addendum: `--agents N` now means N real `sks --agent worker` child CLI processes, not Codex internal subagent/scout counts, and Fast mode is the default service tier for agent workers, Codex exec children, tmux workers, and MAD target workers unless explicitly disabled.
+SKS **1.18.12** adds Codex config EPERM self-heal, doctor real-fix proof, MAD launch preflight, and official Fast mode closure: doctor now proves `.codex/config.toml` is readable by a spawned child, project-local config is split away from ignored provider/profile/telemetry keys, MAD blocks tmux launch before unreadable config can crash Codex, and Codex children receive `-c service_tier=fast` with process-report evidence.
 
 ```bash
 sks mad-sks plan --target-root <path> --json
@@ -700,7 +700,7 @@ npm run release:check
 npm run publish:dry
 ```
 
-`release:check` runs the 1.18.10 route-truth closure DAG, writes a source digest stamp under `.sneakoscope/reports/`, then refreshes release readiness so publish commands can verify the same stamp. The DAG preserves the 1.18 baseline gates and adds patch swarm runtime truth, transaction journaling, serial conflict rebase, strict strategy-to-patch proof, rollback command proof, Native CLI Session Swarm 5/10/20-process proof, no-subagent-scaling proof, Fast mode default/worker/Codex/MAD propagation proof, Appshots attachment provenance, MCP runtime overlap evidence, Codex 0.134 runner truth, task graph expansion, schema-bound follow-up work, actual Agent/Team/Research/QA route blackboxes, scheduler proof hardening, tmux lane proof, Source Intelligence propagation, and Goal mode propagation checks. Broader live gates remain explicit scripts such as `release:real-check`; real Codex patch smoke is optional unless `SKS_REQUIRE_REAL_CODEX_PATCHES=1`. Generate the human-readable registry with `sks features inventory --write-docs`. Plain `npm publish` uses the `latest` dist-tag. npm's `prepublishOnly` verifies the fresh release stamp instead of rerunning the full gate, and `prepack` only rebuilds `dist`; publish no longer repeats the expensive release suite during packaging. `npm run publish:dry` remains the explicit dry-run helper.
+`release:check` runs the 1.18.12 route-truth closure DAG, writes a source digest stamp under `.sneakoscope/reports/`, then refreshes release readiness so publish commands can verify the same stamp. The DAG preserves the 1.18 baseline gates and adds patch swarm runtime truth, transaction journaling, serial conflict rebase, strict strategy-to-patch proof, rollback command proof, Native CLI Session Swarm 5/10/20-process proof, Real Worker Backend Router proof, Codex child overlap proof, model-authored patch-envelope separation, Warp/tmux right-lane physical UI proof, no-subagent-scaling proof, Fast mode default/worker/Codex/MAD propagation proof, Appshots attachment provenance, MCP runtime overlap evidence, Codex 0.134 runner truth, task graph expansion, schema-bound follow-up work, actual Agent/Team/Research/QA route blackboxes, scheduler proof hardening, tmux lane proof, Source Intelligence propagation, and Goal mode propagation checks. Broader live gates remain explicit scripts such as `release:real-check`; real Codex patch smoke and real Codex parallel worker proof are optional unless their `SKS_REQUIRE_REAL_*` environment variables are set. Generate the human-readable registry with `sks features inventory --write-docs`. Plain `npm publish` uses the `latest` dist-tag. npm's `prepublishOnly` verifies the fresh release stamp instead of rerunning the full gate, and `prepack` only rebuilds `dist`; publish no longer repeats the expensive release suite during packaging. `npm run publish:dry` remains the explicit dry-run helper.
 
 Version bumps are manual. Run `sks versioning bump` only when preparing release metadata; SKS will not create `.git/hooks/pre-commit` or auto-bump during ordinary commits.
 

package/crates/sks-core/Cargo.lock

@@ -76,7 +76,7 @@ dependencies = [
 
 [[package]]
 name = "sks-core"
-version = "1.18.10"
+version = "1.18.12"
 dependencies = [
  "serde_json",
 ]

package/crates/sks-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sks-core"
-version = "1.18.10"
+version = "1.18.12"
 edition = "2021"
 
 [dependencies]

package/crates/sks-core/src/main.rs

@@ -4,7 +4,7 @@ use std::io::{self, Read, Seek, SeekFrom};
 fn main() {
     let mut args = std::env::args().skip(1);
     match args.next().as_deref() {
-        Some("--version") => println!("sks-rs 1.18.10"),
+        Some("--version") => println!("sks-rs 1.18.12"),
         Some("compact-info") => {
             let mut input = String::new();
             let _ = io::stdin().read_to_string(&mut input);

package/dist/.sks-build-stamp.json

@@ -1,8 +1,8 @@
 {
   "schema": "sks.dist-build-stamp.v1",
   "package_name": "sneakoscope",
-  "package_version": "1.18.10",
-  "source_digest": "b3a6c859062e168fd7b9e3684deb0281a4fded2a083f823891a561b8a25ed234",
-  "source_file_count": 1588,
-  "built_at_source_time": 1779959794132
+  "package_version": "1.18.12",
+  "source_digest": "2cb365dedaaf3adf494af387fa19195a82c8dabc0e4436c4f8921120ab3627e7",
+  "source_file_count": 1630,
+  "built_at_source_time": 1779984628787
 }

package/dist/bin/sks.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-const FAST_PACKAGE_VERSION = '1.18.10';
+const FAST_PACKAGE_VERSION = '1.18.12';
 const args = process.argv.slice(2);
 try {
     if (args[0] === '--agent' && args[1] === 'worker') {

package/dist/build-manifest.json

@@ -1,16 +1,16 @@
 {
   "schema": "sks.dist-build.v2",
-  "version": "1.18.10",
-  "package_version": "1.18.10",
+  "version": "1.18.12",
+  "package_version": "1.18.12",
   "typescript": true,
   "mjs_runtime_files": 0,
-  "compiled_file_count": 924,
-  "compiled_js_count": 462,
-  "compiled_dts_count": 462,
-  "source_digest": "b3a6c859062e168fd7b9e3684deb0281a4fded2a083f823891a561b8a25ed234",
-  "source_file_count": 1588,
-  "source_files_hash": "a4275c20221e4bfb67b1de2fc810dc7b13369fbcc5336d5f4b2263a7df596202",
-  "source_list_hash": "a4275c20221e4bfb67b1de2fc810dc7b13369fbcc5336d5f4b2263a7df596202",
+  "compiled_file_count": 942,
+  "compiled_js_count": 471,
+  "compiled_dts_count": 471,
+  "source_digest": "2cb365dedaaf3adf494af387fa19195a82c8dabc0e4436c4f8921120ab3627e7",
+  "source_file_count": 1630,
+  "source_files_hash": "b777fa1c9f49a7269df34a856ac0c22d77537df0ce51e63efd02852e49309b8b",
+  "source_list_hash": "b777fa1c9f49a7269df34a856ac0c22d77537df0ce51e63efd02852e49309b8b",
   "src_mjs_runtime_files": 0,
   "dist_stamp_schema": "sks.dist-build-stamp.v1",
   "files": [
@@ -280,6 +280,8 @@
     "core/agents/agent-worker-slot.js",
     "core/agents/agent-wrongness.d.ts",
     "core/agents/agent-wrongness.js",
+    "core/agents/codex-exec-worker-adapter.d.ts",
+    "core/agents/codex-exec-worker-adapter.js",
     "core/agents/fast-mode-policy.d.ts",
     "core/agents/fast-mode-policy.js",
     "core/agents/intelligent-work-graph.d.ts",
@@ -290,8 +292,12 @@
     "core/agents/native-cli-session-swarm.js",
     "core/agents/native-cli-worker.d.ts",
     "core/agents/native-cli-worker.js",
+    "core/agents/native-worker-backend-router.d.ts",
+    "core/agents/native-worker-backend-router.js",
     "core/agents/no-subagent-scaling-policy.d.ts",
     "core/agents/no-subagent-scaling-policy.js",
+    "core/agents/real-codex-parallel-proof.d.ts",
+    "core/agents/real-codex-parallel-proof.js",
     "core/agents/route-collaboration-ledger.d.ts",
     "core/agents/route-collaboration-ledger.js",
     "core/agents/scout-policy.d.ts",
@@ -390,6 +396,14 @@
     "core/codex/appshots-operator-policy.js",
     "core/codex/codex-0-134-compat.d.ts",
     "core/codex/codex-0-134-compat.js",
+    "core/codex/codex-cli-syntax-builder.d.ts",
+    "core/codex/codex-cli-syntax-builder.js",
+    "core/codex/codex-config-eperm-repair.d.ts",
+    "core/codex/codex-config-eperm-repair.js",
+    "core/codex/codex-config-readability.d.ts",
+    "core/codex/codex-config-readability.js",
+    "core/codex/codex-project-config-policy.d.ts",
+    "core/codex/codex-project-config-policy.js",
     "core/codex/codex-web-search-adapter.d.ts",
     "core/codex/codex-web-search-adapter.js",
     "core/codex/managed-proxy-env.d.ts",
@@ -745,6 +759,8 @@
     "core/ppt-review/slide-issue-extraction.js",
     "core/ppt.d.ts",
     "core/ppt.js",
+    "core/preflight/parallel-preflight-engine.d.ts",
+    "core/preflight/parallel-preflight-engine.js",
     "core/prompt-context-builder.d.ts",
     "core/prompt-context-builder.js",
     "core/proof-field.d.ts",
@@ -837,6 +853,8 @@
     "core/team-review-policy.js",
     "core/tmux-ui.d.ts",
     "core/tmux-ui.js",
+    "core/tmux/warp-tmux-right-lane-layout.d.ts",
+    "core/tmux/warp-tmux-right-lane-layout.js",
     "core/triwiki-attention.d.ts",
     "core/triwiki-attention.js",
     "core/triwiki-wrongness/avoidance-rules.d.ts",

package/dist/commands/doctor.js

@@ -7,8 +7,10 @@ import { codexAppIntegrationStatus } from '../core/codex-app.js';
 import { codexLbMetrics, readCodexLbCircuit } from '../core/codex-lb-circuit.js';
 import { ensureGlobalCodexSkillsDuringInstall } from '../cli/install-helpers.js';
 import { normalizeInstallScope } from '../core/init.js';
+import { inspectCodexConfigReadability } from '../core/codex/codex-config-readability.js';
+import { repairCodexConfigEperm } from '../core/codex/codex-config-eperm-repair.js';
 export async function run(_command, args = []) {
-    let repair = null;
+    let setupRepair = null;
     if (flag(args, '--fix')) {
         const { setupCommand } = await import('../core/commands/basic-cli.js');
         const installScope = installScopeFromArgs(args);
@@ -16,7 +18,7 @@ export async function run(_command, args = []) {
         if (flag(args, '--local-only'))
             setupArgs.push('--local-only');
         await setupCommand(setupArgs);
-        repair = {
+        setupRepair = {
             install_scope: installScope,
             global_skills: installScope === 'global' && !flag(args, '--local-only')
                 ? await ensureGlobalCodexSkillsDuringInstall({ force: true })
@@ -24,6 +26,8 @@ export async function run(_command, args = []) {
         };
     }
     const root = await projectRoot();
+    const configRepair = flag(args, '--fix') ? await repairCodexConfigEperm(root, { fix: true }) : null;
+    const codexConfig = configRepair?.after || await inspectCodexConfigReadability(root);
     const codex = await getCodexInfo().catch(() => ({ bin: null, version: null, available: false }));
     const rust = await rustInfo().catch((err) => ({
         available: false,
@@ -35,18 +39,26 @@ export async function run(_command, args = []) {
     const codexApp = await codexAppIntegrationStatus({ codex }).catch((err) => ({ ok: false, error: err.message }));
     const codexLb = codexLbMetrics(await readCodexLbCircuit(root).catch(() => ({})));
     const pkgBytes = await dirSize(root).catch(() => 0);
+    const readyBlockers = [
+        ...(!codex.bin ? ['codex_cli_missing'] : []),
+        ...(!codexConfig.ok ? ['codex_config_unreadable', ...(codexConfig.blockers || [])] : []),
+        ...(!codexApp.ok ? ['codex_app_setup_incomplete'] : []),
+        ...(!codexLb.ok ? [`codex_lb_${codexLb.circuit?.state || 'blocked'}`] : [])
+    ];
     const result = {
         schema: 'sks.doctor-status.v1',
-        ok: Boolean(codex.bin) && codexApp.ok && codexLb.ok,
+        ok: Boolean(codex.bin) && codexConfig.ok && codexApp.ok && codexLb.ok,
         root,
         node: { ok: Number(process.versions.node.split('.')[0]) >= 20, version: process.version },
         codex,
+        codex_config: codexConfig,
         rust,
         codex_app: codexApp,
         codex_lb: codexLb,
+        ready: { ok: readyBlockers.length === 0, blockers: readyBlockers },
         sneakoscope: { ok: await exists(`${root}/.sneakoscope`) },
         package: { bytes: pkgBytes, human: formatBytes(pkgBytes) },
-        repair
+        repair: { setup: setupRepair, codex_config: configRepair }
     };
     if (flag(args, '--json')) {
         printJson(result);
@@ -58,10 +70,16 @@ export async function run(_command, args = []) {
     console.log(`Root:      ${root}`);
     console.log(`Node:      ${result.node.ok ? 'ok' : 'fail'} ${result.node.version}`);
     console.log(`Codex:     ${codex.bin ? 'ok' : 'missing'} ${codex.version || ''}`);
+    console.log(`Codex cfg: ${codexConfig.ok ? 'ok' : `blocked ${(codexConfig.blockers || []).join(', ') || 'unknown'}`}`);
     console.log(`Rust acc.: ${rust.mode || (rust.available ? 'rust_accelerated' : 'js_fallback')} ${rust.version || rust.status || ''}`);
     console.log(`Codex App: ${codexApp.ok ? 'ok' : 'needs setup'}`);
     console.log(`codex-lb:  ${codexLb.ok ? 'ok' : `blocked ${codexLb.circuit?.state || 'unknown'}`}`);
     console.log(`Ready:     ${result.ok ? 'yes' : 'no'}`);
+    if (!codexConfig.ok && codexConfig.operator_actions?.length) {
+        console.log('Config action:');
+        for (const action of codexConfig.operator_actions)
+            console.log(`- ${action}`);
+    }
     if (!result.ok)
         process.exitCode = 1;
 }

package/dist/commands/mad-sks.d.ts

@@ -49,5 +49,78 @@ export declare function run(_command: any, args?: any): Promise<void | {
     mode: string;
     mission_id: any;
     codex_lb_cleanup: any;
+} | {
+    schema: string;
+    generated_at: string;
+    root: string;
+    ok: boolean;
+    readonly: {
+        schema: string;
+        generated_at: string;
+        started_at: string;
+        ok: boolean;
+        results: {
+            id: string;
+            ok: boolean;
+            status: "fulfilled" | "rejected";
+            value: any;
+            error: string | null;
+        }[];
+        blockers: any[];
+        operator_actions: any[];
+    };
+    repair: {
+        schema: string;
+        generated_at: string;
+        root: string;
+        config_path: string;
+        ok: boolean;
+        fix: boolean;
+        before: import("../core/codex/codex-config-readability.js").CodexConfigReadabilityReport;
+        policy: {
+            schema: string;
+            generated_at: string;
+            root: string;
+            config_path: string;
+            codex_home: string;
+            ok: boolean;
+            status: string;
+            changed: boolean;
+            moved_keys: never[];
+            moved_tables: never[];
+            actions: never[];
+            blockers: never[];
+        } | {
+            schema: string;
+            generated_at: string;
+            root: string;
+            config_path: string;
+            codex_home: string;
+            ok: boolean;
+            changed: boolean;
+            applied: boolean;
+            backup_path: string | null;
+            user_config_path: string | null;
+            profile_config_path: string | null;
+            profile_name: any;
+            moved_keys: string[];
+            moved_tables: string[];
+            deprecated_approval_policy_fixed: boolean;
+            actions: string[];
+            blockers: never[];
+        };
+        repair_actions: any[];
+        after: import("../core/codex/codex-config-readability.js").CodexConfigReadabilityReport;
+        blockers: string[];
+        operator_actions: string[];
+    } | null;
+    fast_tier_proof: {
+        schema: string;
+        ok: boolean;
+        service_tier: any;
+        codex_args: string[];
+    };
+    blockers: any[];
+    operator_actions: any[];
 }>;
 //# sourceMappingURL=mad-sks.d.ts.map

package/dist/core/agents/agent-output-validator.d.ts

@@ -136,6 +136,9 @@ export declare const AGENT_RESULT_RUNTIME_SCHEMA: {
                     readonly schema: {
                         readonly const: "sks.agent-patch-envelope.v1";
                     };
+                    readonly source: {
+                        readonly enum: readonly ["fixture", "model_authored", "process_generated", "tmux_generated"];
+                    };
                     readonly mission_id: {
                         readonly type: "string";
                     };
@@ -167,6 +170,12 @@ export declare const AGENT_RESULT_RUNTIME_SCHEMA: {
                     readonly native_cli_process_id: {
                         readonly type: "number";
                     };
+                    readonly worker_process_id: {
+                        readonly type: "number";
+                    };
+                    readonly backend_child_process_id: {
+                        readonly type: "number";
+                    };
                     readonly fast_mode: {
                         readonly type: "boolean";
                     };
@@ -176,6 +185,24 @@ export declare const AGENT_RESULT_RUNTIME_SCHEMA: {
                     readonly lease_id: {
                         readonly type: "string";
                     };
+                    readonly allowed_paths: {
+                        readonly type: "array";
+                        readonly items: {
+                            readonly type: "string";
+                        };
+                    };
+                    readonly strategy_task_id: {
+                        readonly type: "string";
+                    };
+                    readonly micro_win_id: {
+                        readonly type: "string";
+                    };
+                    readonly verification_node_id: {
+                        readonly type: "string";
+                    };
+                    readonly rollback_node_id: {
+                        readonly type: "string";
+                    };
                     readonly lease_proof: {
                         readonly type: "object";
                         readonly properties: {
@@ -282,6 +309,32 @@ export declare const AGENT_RESULT_RUNTIME_SCHEMA: {
                 readonly type: "string";
             };
         };
+        readonly backend_router_report: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
+        readonly codex_child_report: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
+        readonly process_child_report: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
+        readonly tmux_child_report: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
+        readonly model_authored_patch_envelopes: {
+            readonly type: "boolean";
+        };
+        readonly fixture_patch_envelopes: {
+            readonly type: "boolean";
+        };
+        readonly no_patch_reason: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
         readonly follow_up_work_items: {
             readonly type: "array";
             readonly items: {

package/dist/core/agents/agent-output-validator.js

@@ -78,6 +78,7 @@ export const AGENT_RESULT_RUNTIME_SCHEMA = {
                 required: ['schema', 'agent_id', 'session_id', 'slot_id', 'generation_index', 'operations'],
                 properties: {
                     schema: { const: 'sks.agent-patch-envelope.v1' },
+                    source: { enum: ['fixture', 'model_authored', 'process_generated', 'tmux_generated'] },
                     mission_id: { type: 'string' },
                     route: { type: 'string' },
                     agent_id: { type: 'string', minLength: 1 },
@@ -87,9 +88,16 @@ export const AGENT_RESULT_RUNTIME_SCHEMA = {
                     task_slice_id: { type: 'string' },
                     native_cli_worker_session_id: { type: 'string' },
                     native_cli_process_id: { type: 'number' },
+                    worker_process_id: { type: 'number' },
+                    backend_child_process_id: { type: 'number' },
                     fast_mode: { type: 'boolean' },
                     service_tier: { enum: ['fast', 'standard'] },
                     lease_id: { type: 'string' },
+                    allowed_paths: { type: 'array', items: { type: 'string' } },
+                    strategy_task_id: { type: 'string' },
+                    micro_win_id: { type: 'string' },
+                    verification_node_id: { type: 'string' },
+                    rollback_node_id: { type: 'string' },
                     lease_proof: {
                         type: 'object',
                         properties: {
@@ -133,6 +141,13 @@ export const AGENT_RESULT_RUNTIME_SCHEMA = {
         patch_queue_refs: { type: 'array', items: { type: 'string' } },
         applied_patch_refs: { type: 'array', items: { type: 'string' } },
         rollback_refs: { type: 'array', items: { type: 'string' } },
+        backend_router_report: { type: 'object', additionalProperties: true },
+        codex_child_report: { type: 'object', additionalProperties: true },
+        process_child_report: { type: 'object', additionalProperties: true },
+        tmux_child_report: { type: 'object', additionalProperties: true },
+        model_authored_patch_envelopes: { type: 'boolean' },
+        fixture_patch_envelopes: { type: 'boolean' },
+        no_patch_reason: { type: 'object', additionalProperties: true },
         follow_up_work_items: {
             type: 'array',
             items: {

package/dist/core/agents/agent-patch-conflict-rebase.js

@@ -25,7 +25,10 @@ export async function executeAgentPatchConflictRebase(root, entries, merge, opts
             let attempt = 0;
             for (const entry of groupEntries) {
                 attempt += 1;
-                const applyResult = await applyAgentPatchQueueEntry(root, entry, { dryRun: opts.dryRun === true, ...(opts.artifactsDir ? { artifactsDir: opts.artifactsDir } : {}) });
+                const applyResult = await safelyApplySerialRebaseEntry(root, entry, {
+                    dryRun: opts.dryRun === true,
+                    ...(opts.artifactsDir ? { artifactsDir: opts.artifactsDir } : {})
+                });
                 const rollbackDryRun = applyResult?.ok === true
                     ? await runSerialRebaseRollbackDryRun(root, applyResult, opts.artifactsDir)
                     : null;
@@ -77,6 +80,30 @@ export async function executeAgentPatchConflictRebase(root, entries, merge, opts
         await writeJsonAtomic(path.join(opts.artifactsDir, AGENT_PATCH_CONFLICT_REBASE_ARTIFACT), result);
     return result;
 }
+async function safelyApplySerialRebaseEntry(root, entry, opts) {
+    try {
+        return await applyAgentPatchQueueEntry(root, entry, opts);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return {
+            schema: 'sks.agent-patch-apply-result.v1',
+            entry_id: entry.id,
+            agent_id: entry.agent_id,
+            lease_id: entry.lease_id || entry.envelope?.lease_id || entry.envelope?.lease_proof?.lease_id || null,
+            ok: false,
+            status: 'blocked',
+            dry_run: opts.dryRun === true,
+            changed_files: [],
+            rollback: [],
+            rollback_digest: null,
+            before_hashes: {},
+            after_hashes: {},
+            verification: { status: 'blocked', checks: ['serial-rebase-exception'] },
+            violations: [`serial_rebase_exception:${message}`]
+        };
+    }
+}
 function serialRetryAllowed(reason, opts) {
     if (/protected_path|lease_path_not_allowed|entry_not_pending/.test(reason))
         return false;

package/dist/core/agents/agent-patch-schema.d.ts

@@ -10,6 +10,7 @@ export interface AgentPatchOperation {
 }
 export interface AgentPatchEnvelope {
     schema: typeof AGENT_PATCH_SCHEMA;
+    source?: 'fixture' | 'model_authored' | 'process_generated' | 'tmux_generated';
     mission_id?: string;
     route?: string;
     agent_id: string;
@@ -19,9 +20,16 @@ export interface AgentPatchEnvelope {
     task_slice_id?: string;
     native_cli_worker_session_id?: string;
     native_cli_process_id?: number;
+    worker_process_id?: number;
+    backend_child_process_id?: number;
     fast_mode?: boolean;
     service_tier?: 'fast' | 'standard';
     lease_id?: string;
+    allowed_paths?: string[];
+    strategy_task_id?: string;
+    micro_win_id?: string;
+    verification_node_id?: string;
+    rollback_node_id?: string;
     lease_proof?: {
         lease_id?: string;
         owner_agent?: string;

package/dist/core/agents/agent-patch-schema.js

@@ -1,8 +1,10 @@
 export const AGENT_PATCH_SCHEMA = 'sks.agent-patch-envelope.v1';
 export function normalizeAgentPatchEnvelope(input) {
     const generationIndex = Number(input?.generation_index ?? input?.generationIndex);
+    const source = normalizeEnvelopeSource(input?.source);
     return {
         schema: AGENT_PATCH_SCHEMA,
+        ...(source ? { source } : {}),
         ...(input?.mission_id ? { mission_id: String(input.mission_id) } : {}),
         ...(input?.route ? { route: String(input.route) } : {}),
         agent_id: String(input?.agent_id || input?.agentId || 'unknown-agent'),
@@ -11,10 +13,17 @@ export function normalizeAgentPatchEnvelope(input) {
         generation_index: Number.isFinite(generationIndex) ? Math.floor(generationIndex) : -1,
         ...(input?.task_slice_id ? { task_slice_id: String(input.task_slice_id) } : {}),
         ...(input?.native_cli_worker_session_id ? { native_cli_worker_session_id: String(input.native_cli_worker_session_id) } : {}),
-        ...(Number.isFinite(Number(input?.native_cli_process_id)) ? { native_cli_process_id: Number(input.native_cli_process_id) } : {}),
+        ...(hasFiniteNumber(input?.native_cli_process_id) ? { native_cli_process_id: Number(input.native_cli_process_id) } : {}),
+        ...(hasFiniteNumber(input?.worker_process_id) ? { worker_process_id: Number(input.worker_process_id) } : {}),
+        ...(hasFiniteNumber(input?.backend_child_process_id) ? { backend_child_process_id: Number(input.backend_child_process_id) } : {}),
         ...(input?.fast_mode === undefined ? {} : { fast_mode: Boolean(input.fast_mode) }),
         ...(input?.service_tier === 'fast' || input?.service_tier === 'standard' ? { service_tier: input.service_tier } : {}),
         ...(input?.lease_id ? { lease_id: String(input.lease_id) } : {}),
+        ...(Array.isArray(input?.allowed_paths) ? { allowed_paths: input.allowed_paths.map(String) } : {}),
+        ...(input?.strategy_task_id === undefined ? {} : { strategy_task_id: String(input.strategy_task_id) }),
+        ...(input?.micro_win_id === undefined ? {} : { micro_win_id: String(input.micro_win_id) }),
+        ...(input?.verification_node_id === undefined ? {} : { verification_node_id: String(input.verification_node_id) }),
+        ...(input?.rollback_node_id === undefined ? {} : { rollback_node_id: String(input.rollback_node_id) }),
         ...(input?.lease_proof ? { lease_proof: normalizeLeaseProof(input.lease_proof) } : {}),
         ...(input?.rationale ? { rationale: String(input.rationale) } : {}),
         ...(input?.verification_hint ? { verification_hint: normalizeHint(input.verification_hint) } : {}),
@@ -38,6 +47,12 @@ export function validateAgentPatchEnvelope(envelope) {
         violations.push('lease_id_missing');
     if (!envelope.operations.length)
         violations.push('operations_missing');
+    if (envelope.source && !['fixture', 'model_authored', 'process_generated', 'tmux_generated'].includes(envelope.source))
+        violations.push('source_invalid');
+    if (envelope.source === 'model_authored' && !hasFiniteNumber(envelope.backend_child_process_id))
+        violations.push('model_authored_backend_child_process_id_missing');
+    if (envelope.source === 'fixture' && envelope.backend_child_process_id !== undefined)
+        violations.push('fixture_backend_child_process_id_present');
     for (const operation of envelope.operations) {
         if (!operation.path || operation.path.includes('\0') || operation.path.startsWith('/') || operation.path.split(/[\\/]/).includes('..')) {
             violations.push(`invalid_path:${operation.path || 'missing'}`);
@@ -48,12 +63,20 @@ export function validateAgentPatchEnvelope(envelope) {
             violations.push(`write_content_missing:${operation.path}`);
         if (operation.op === 'unified_diff' && typeof operation.diff !== 'string')
             violations.push(`unified_diff_missing:${operation.path}`);
-        if (envelope.lease_proof?.allowed_paths?.length && !pathAllowedByLease(operation.path, envelope.lease_proof.allowed_paths)) {
+        const allowedPaths = envelope.allowed_paths?.length ? envelope.allowed_paths : envelope.lease_proof?.allowed_paths;
+        if (allowedPaths?.length && !pathAllowedByLease(operation.path, allowedPaths)) {
             violations.push(`lease_path_not_allowed:${operation.path}`);
         }
     }
     return { ok: violations.length === 0, violations };
 }
+function normalizeEnvelopeSource(value) {
+    const text = String(value || '');
+    return text === 'fixture' || text === 'model_authored' || text === 'process_generated' || text === 'tmux_generated' ? text : null;
+}
+function hasFiniteNumber(value) {
+    return value !== null && value !== undefined && value !== '' && Number.isFinite(Number(value));
+}
 function normalizeOperation(input) {
     const op = input?.op === 'write' ? 'write' : input?.op === 'unified_diff' || input?.op === 'patch' ? 'unified_diff' : 'replace';
     return {

package/dist/core/agents/agent-runner-codex-exec.d.ts

@@ -1,6 +1,6 @@
 export declare function buildCodexExecAgentArgs(agent: any, prompt: string, opts?: any): {
     resultFile: any;
-    args: any[];
+    args: string[];
 };
 export declare function runCodexExecAgent(agent: any, slice: any, opts?: any): Promise<{
     status: string;
@@ -29,6 +29,13 @@ export declare function runCodexExecAgent(agent: any, slice: any, opts?: any): P
     patch_queue_refs?: string[];
     applied_patch_refs?: string[];
     rollback_refs?: string[];
+    backend_router_report?: Record<string, unknown>;
+    codex_child_report?: Record<string, unknown>;
+    process_child_report?: Record<string, unknown>;
+    tmux_child_report?: Record<string, unknown>;
+    model_authored_patch_envelopes?: boolean;
+    fixture_patch_envelopes?: boolean;
+    no_patch_reason?: Record<string, unknown>;
     source_intelligence_refs?: Record<string, unknown> | null;
     goal_mode_ref?: Record<string, unknown> | null;
     follow_up_work_items?: import("./agent-follow-up-work-items.js").AgentFollowUpWorkItem[];