@trac3er/oh-my-god 1.0.2

package/hooks/_memory.py

@@ -0,0 +1,103 @@
+#!/usr/bin/env python3
+import glob
+import os
+from datetime import datetime
+
+
+def save_memory(project_dir: str, session_id: str, content: str) -> str:
+    memory_dir = os.path.join(project_dir, ".omg", "state", "memory")
+    os.makedirs(memory_dir, exist_ok=True)
+    date_str = datetime.now().strftime("%Y-%m-%d")
+    session_short = session_id[:8] if len(session_id) > 8 else session_id
+    filename = f"{date_str}-{session_short}.md"
+    filepath = os.path.join(memory_dir, filename)
+    content = content[:500]
+    if os.path.exists(filepath):
+        with open(filepath, "a") as file_obj:
+            _ = file_obj.write("\n" + content)
+    else:
+        with open(filepath, "w") as file_obj:
+            _ = file_obj.write(content)
+    return filepath
+
+
+def get_recent_memories(
+    project_dir: str, max_files: int = 5, max_chars_total: int = 300
+) -> str:
+    memory_dir = os.path.join(project_dir, ".omg", "state", "memory")
+    if not os.path.exists(memory_dir):
+        return ""
+    files = sorted(glob.glob(os.path.join(memory_dir, "*.md")), reverse=True)
+    files = files[:max_files]
+    result: list[str] = []
+    total = 0
+    separator = "\n---\n"
+    for file_path in files:
+        try:
+            with open(file_path) as file_obj:
+                content = file_obj.read()
+            separator_len = len(separator) if result else 0
+            remaining = max_chars_total - total - separator_len
+            if remaining <= 0:
+                break
+            if len(content) > remaining:
+                content = content[:remaining]
+            if not content:
+                break
+            if result:
+                total += separator_len
+            result.append(content)
+            total += len(content)
+            if total >= max_chars_total:
+                break
+        except OSError:
+            continue
+    return separator.join(result)
+
+
+def rotate_memories(project_dir: str, max_files: int = 50) -> int:
+    memory_dir = os.path.join(project_dir, ".omg", "state", "memory")
+    if not os.path.exists(memory_dir):
+        return 0
+    files = sorted(glob.glob(os.path.join(memory_dir, "*.md")))
+    excess = len(files) - max_files
+    if excess <= 0:
+        return 0
+    for file_path in files[:excess]:
+        try:
+            os.remove(file_path)
+        except OSError:
+            pass
+    return excess
+
+
+
+def search_memories(project_dir: str, query_keywords: list, max_results: int = 3, max_chars: int = 200) -> str:
+    """Search memory files by keyword relevance. Returns formatted excerpt string."""
+    memory_dir = os.path.join(project_dir, '.omg', 'state', 'memory')
+    if not os.path.isdir(memory_dir):
+        return ''
+    results = []
+    for fname in sorted(os.listdir(memory_dir), reverse=True):
+        if not fname.endswith('.md'):
+            continue
+        fpath = os.path.join(memory_dir, fname)
+        try:
+            with open(fpath, 'r', encoding='utf-8', errors='ignore') as f:
+                content = f.read(2048)
+        except OSError:
+            continue
+        score = sum(1 for kw in query_keywords if kw.lower() in content.lower())
+        if score > 0:
+            results.append((score, fname, content))
+    results.sort(key=lambda x: -x[0])
+    summary_parts = []
+    chars_used = 0
+    for score, fname, content in results[:max_results]:
+        lines = [l.strip() for l in content.split('\n') if l.strip() and not l.startswith('#')]
+        excerpt = ' '.join(lines[:3])[:100]
+        if chars_used + len(excerpt) > max_chars:
+            break
+        summary_parts.append(f'[{fname}] {excerpt}')
+        chars_used += len(excerpt)
+    return '\n'.join(summary_parts)

package/hooks/circuit-breaker.py

@@ -0,0 +1,270 @@
+#!/usr/bin/env python3
+"""
+PostToolUse Hook: Circuit Breaker + Auto-Escalation (v4)
+Key v4 change: After 3 failures, automatically SUGGESTS Codex/Gemini escalation
+instead of just saying "stop". Actionable, not just blocking.
+"""
+import json, sys, os
+from datetime import datetime, timezone, timedelta
+
+HOOKS_DIR = os.path.dirname(__file__)
+if HOOKS_DIR not in sys.path:
+    sys.path.insert(0, HOOKS_DIR)
+
+from _common import setup_crash_handler, json_input, _resolve_project_dir
+from state_migration import resolve_state_dir
+
+setup_crash_handler("circuit-breaker", fail_closed=False)
+
+# Domain-aware routing hints: pattern prefix → suggested model
+DOMAIN_MODEL_HINTS = {
+    'Bash:pytest': 'codex',
+    'Bash:npm': 'codex',
+    'Bash:python': 'codex',
+    'Write:': 'codex',
+    'Edit:': 'codex',
+}
+
+
+def _get_domain_hint(pk: str) -> str:
+    """Return model hint for a pattern key, or empty string."""
+    for prefix, model in DOMAIN_MODEL_HINTS.items():
+        if pk.startswith(prefix):
+            return model
+    return ''
+
+data = json_input()
+
+tool = data.get("tool_name", "")
+tool_input = data.get("tool_input", {})
+tool_response = data.get("tool_response", {})
+project_dir = _resolve_project_dir()
+
+ledger_dir = resolve_state_dir(project_dir, "state/ledger", "ledger")
+tracker_path = os.path.join(ledger_dir, "failure-tracker.json")
+os.makedirs(os.path.dirname(tracker_path), exist_ok=True)
+
+# Determine failure
+is_failure = False
+if tool == "Bash":
+    ec = None
+    if isinstance(tool_response, dict):
+        ec = tool_response.get("exitCode", tool_response.get("exit_code"))
+    if ec is not None and ec != 0:
+        is_failure = True
+elif tool in ("Write", "Edit", "MultiEdit"):
+    if isinstance(tool_response, dict) and not tool_response.get("success", True):
+        is_failure = True
+
+# Pattern key — normalized to prevent duplicates
+# "npm test" and "npm run test" should be the same failure pattern
+pattern_key = tool
+if tool == "Bash":
+    cmd = tool_input.get("command", "").strip()
+    # Normalize: strip common prefixes, reduce to base command
+    cmd_clean = cmd
+    # Strip package manager prefixes: npx, pnpm, yarn, bunx
+    cmd_clean = cmd_clean.replace("npx ", "").replace("pnpm ", "npm ").replace("yarn ", "npm ").replace("bunx ", "")
+    # Strip python -m X → X (e.g., "python3 -m pytest" → "pytest")
+    if cmd_clean.startswith("python3 -m "):
+        cmd_clean = cmd_clean.replace("python3 -m ", "", 1)
+    elif cmd_clean.startswith("python -m "):
+        cmd_clean = cmd_clean.replace("python -m ", "", 1)
+    words = cmd_clean.split()[:3]  # first 3 words for more specificity
+    # Remove common noise: run, exec, --
+    words = [w for w in words if not w.startswith("-") and w not in ("run", "exec")][:2]
+    pattern_key = f"Bash:{' '.join(words)}" if words else f"Bash:{cmd[:30]}"
+elif tool in ("Write", "Edit", "MultiEdit"):
+    fp = tool_input.get("file_path", "")
+    # Normalize: use basename to avoid path-length variants
+    pattern_key = f"{tool}:{os.path.basename(fp)}" if fp else tool
+pattern_key = pattern_key[:120].replace("\n", " ")
+
+# Load tracker
+tracker = {}
+if os.path.exists(tracker_path):
+    try:
+        with open(tracker_path, "r") as f:
+            tracker = json.load(f)
+        if not isinstance(tracker, dict):
+            tracker = {}
+    except Exception:
+        tracker = {}
+
+# Evict stale (24h) + cap 100
+now = datetime.now(timezone.utc)
+cutoff = now - timedelta(hours=24)
+
+
+def _parse_ts(ts_str):
+    """Parse ISO timestamp string to datetime, returning None on failure."""
+    try:
+        # Handle both Z-suffix and +00:00 formats
+        ts = ts_str.replace("Z", "+00:00") if ts_str.endswith("Z") else ts_str
+        return datetime.fromisoformat(ts)
+    except (ValueError, TypeError, AttributeError):
+        return None
+
+
+def _effective_count(entry: dict[str, object], now: datetime) -> float:
+    """Apply time-decay: failures >30 min old count as 0.5x."""
+    last_failure = entry.get('last_failure', '')
+    last_ts = _parse_ts(last_failure if isinstance(last_failure, str) else '')
+    raw_count = entry.get('count', 0)
+    count_value = float(raw_count) if isinstance(raw_count, (int, float)) else 0.0
+    if last_ts is None:
+        return count_value
+    age_minutes = (now - last_ts).total_seconds() / 60
+    if age_minutes > 30:
+        return count_value * 0.5
+    return count_value
+
+
+tracker = {k: v for k, v in tracker.items()
+           if isinstance(v, dict) and (_parse_ts(v.get("last_failure", "")) or cutoff) >= cutoff}
+if len(tracker) > 100:
+    for k in sorted(tracker, key=lambda x: tracker[x].get("last_failure", ""))[:-100]:
+        del tracker[k]
+
+if is_failure:
+    entry_raw = tracker.get(pattern_key, {"count": 0, "errors": []})
+    if not isinstance(entry_raw, dict):
+        entry_raw = {"count": 0, "errors": []}
+    entry: dict[str, object] = dict(entry_raw)
+    entry_count = entry.get("count", 0)
+    count_value = entry_count if isinstance(entry_count, (int, float)) else 0
+    entry["count"] = count_value + 1
+    entry["last_failure"] = now.isoformat()
+
+    err = ""
+    if isinstance(tool_response, dict):
+        err = str(tool_response.get("stderr", tool_response.get("stdout", "")))[:200].strip()
+    errors = entry.get("errors", [])
+    if not isinstance(errors, list):
+        errors = []
+    # Deduplicate: don't store the same error message twice in a row
+    if err and (not errors or errors[-1] != err):
+        errors.append(err)
+    entry["errors"] = errors[-3:]  # keep last 3 unique errors
+    tracker[pattern_key] = entry
+
+    try:
+        import fcntl
+        # Open read+write without truncating, acquire lock, THEN truncate and write.
+        # This prevents data loss if lock acquisition fails after truncation.
+        fd = open(tracker_path, "a+")
+        fcntl.flock(fd.fileno(), fcntl.LOCK_EX | fcntl.LOCK_NB)
+        fd.seek(0)
+        fd.truncate()
+        json.dump(tracker, fd, indent=2)
+        fd.flush()
+        fcntl.flock(fd.fileno(), fcntl.LOCK_UN)
+        fd.close()
+    except (ImportError, BlockingIOError):
+        # Fallback: write without lock (better than losing data)
+        try:
+            with open(tracker_path, "w") as f:
+                json.dump(tracker, f, indent=2)
+        except Exception:
+            pass
+    except Exception:
+        pass
+
+    count = entry["count"]
+    effective_count = _effective_count(entry, now)
+    domain_hint = _get_domain_hint(pattern_key)
+    recent_errs = "\n".join(f"  - {e}" for e in entry["errors"] if e)
+
+    if effective_count >= 5:
+        print(
+            f"CIRCUIT BREAKER: '{pattern_key}' failed {count}x (effective {effective_count:.1f}x).\n"
+            f"STOP. This approach is broken.\n"
+            f"{recent_errs}\n\n"
+            f"Domain hint: {domain_hint or 'none'}\n"
+            f"ESCALATE NOW — pick one:\n"
+            f"  /OMG:escalate codex \"Debug: {pattern_key} fails with {entry['errors'][-1][:80]}\"\n"
+            f"  /OMG:escalate gemini \"Review: approach for {pattern_key}\"\n"
+            f"  Ask the user for a completely different approach\n"
+            f"  Skip this step: mark [!] in checklist and move on",
+            file=sys.stderr
+        )
+        # NOTE: exit(0), not exit(2). Non-zero exits crash sibling hooks
+        # ("Sibling tool call errored"). The warning is in stderr.
+        sys.exit(0)
+
+    elif effective_count >= 3:
+        print(
+            f"CIRCUIT BREAKER WARNING: '{pattern_key}' failed {count}x (effective {effective_count:.1f}x).\n"
+            f"Last error: {entry['errors'][-1][:150] if entry['errors'] else 'unknown'}\n\n"
+            f"Domain hint: {domain_hint or 'none'}\n"
+            f"STOP auto-retrying. Try:\n"
+            f"  1. Fundamentally different approach\n"
+            f"  2. /OMG:escalate codex \"Why does {pattern_key} keep failing?\"\n"
+            f"  3. Ask the user",
+            file=sys.stderr
+        )
+        sys.exit(0)
+
+else:
+    # On success, clear this pattern AND similar variants
+    # Helper to normalize a tracker key by re-normalizing the command part
+    def _normalize_tracker_key(pk):
+        """Normalize a tracker key by applying the same rules as pattern_key generation."""
+        if not pk.startswith("Bash:"):
+            return pk
+        
+        cmd = pk[5:]  # Remove "Bash:" prefix
+        # Apply the same normalization as in pattern_key generation
+        cmd_clean = cmd
+        cmd_clean = cmd_clean.replace("npx ", "").replace("pnpm ", "npm ").replace("yarn ", "npm ").replace("bunx ", "")
+        if cmd_clean.startswith("python3 -m "):
+            cmd_clean = cmd_clean.replace("python3 -m ", "", 1)
+        elif cmd_clean.startswith("python -m "):
+            cmd_clean = cmd_clean.replace("python -m ", "", 1)
+        words = cmd_clean.split()[:3]
+        words = [w for w in words if not w.startswith("-") and w not in ("run", "exec")][:2]
+        normalized_cmd = ' '.join(words) if words else cmd[:30]
+        return f"Bash:{normalized_cmd}"
+    
+    normalized_pattern_key = _normalize_tracker_key(pattern_key)
+    changed = False
+    keys_to_remove = []
+    
+    for k in tracker:
+        # Normalize both keys for comparison
+        normalized_k = _normalize_tracker_key(k)
+        if normalized_k == normalized_pattern_key:
+            keys_to_remove.append(k)
+    
+    for k in keys_to_remove:
+        del tracker[k]
+        changed = True
+    
+    if changed:
+        try:
+            with open(tracker_path, "w") as f:
+                json.dump(tracker, f, indent=2)
+        except Exception:
+            pass
+        _recovery_path = os.path.join(ledger_dir, 'recovery.jsonl')
+        try:
+            import json as _json
+            _rec = _json.dumps({
+                'pattern': pattern_key,
+                'recovered_at': now.isoformat(),
+                'cleared_count': len(keys_to_remove),
+            })
+            with open(_recovery_path, 'a') as _rf:
+                _rf.write(_rec + '\n')
+            try:
+                with open(_recovery_path, 'r') as _rf:
+                    _lines = _rf.readlines()
+                if len(_lines) > 200:
+                    with open(_recovery_path, 'w') as _rf:
+                        _rf.writelines(_lines[-200:])
+            except OSError:
+                pass
+        except Exception:
+            pass
+
+sys.exit(0)

package/hooks/config-guard.py

@@ -0,0 +1,163 @@
+#!/usr/bin/env python3
+"""ConfigChange Hook: Settings Tamper Detection + Trust Review
+
+Monitors Claude settings changes and writes Trust Review artifacts to
+.omg/trust/manifest.lock.json.
+"""
+import contextlib
+import json
+import os
+import sys
+
+HOOKS_DIR = os.path.dirname(__file__)
+if HOOKS_DIR not in sys.path:
+    sys.path.insert(0, HOOKS_DIR)
+
+from _common import setup_crash_handler, json_input, _resolve_project_dir
+
+# Compatibility marker for existing tests and policy docs.
+DANGEROUS_IN_ALLOW = [
+    "Bash(rm:*)", "Bash(sudo:*)", "Bash(curl:*)", "Bash(wget:*)",
+    "Bash(ssh:*)", "Bash(nc:*)", "Bash(ncat:*)",
+]
+
+setup_crash_handler("config-guard", fail_closed=False)
+
+try:
+    from trust_review import review_config_change, write_trust_manifest, format_review_summary
+except Exception as e:
+    print(f"[OMG] config-guard: trust_review import failed: {type(e).__name__}: {e}", file=sys.stderr)
+    sys.exit(0)
+
+data = json_input()
+
+def _decode_json_object(value):
+    if isinstance(value, dict):
+        return value
+    if isinstance(value, str):
+        raw = value.strip()
+        if not raw:
+            return None
+        try:
+            parsed = json.loads(raw)
+        except Exception:  # intentional: decode fallback
+            return None
+        return parsed if isinstance(parsed, dict) else None
+    return None
+
+
+def _extract_config_path(payload):
+    file_path = payload.get("file_path")
+    if isinstance(file_path, str) and file_path.strip():
+        return file_path
+
+    tool_input = payload.get("tool_input", {})
+    if isinstance(tool_input, dict):
+        legacy_path = tool_input.get("file_path")
+        if isinstance(legacy_path, str) and legacy_path.strip():
+            return legacy_path
+    return ""
+
+
+def _extract_config_object(payload, keys):
+    for key in keys:
+        parsed = _decode_json_object(payload.get(key))
+        if parsed is not None:
+            return parsed
+
+    tool_input = payload.get("tool_input", {})
+    if isinstance(tool_input, dict):
+        for key in keys:
+            parsed = _decode_json_object(tool_input.get(key))
+            if parsed is not None:
+                return parsed
+    return None
+
+
+def _is_watched_settings_path(path):
+    normalized = path.replace("\\", "/").rstrip("/")
+    return normalized == "settings.json" or normalized.endswith("/settings.json")
+
+
+config_path = _extract_config_path(data)
+if not config_path:
+    sys.exit(0)
+
+is_settings = _is_watched_settings_path(config_path)
+if not is_settings:
+    sys.exit(0)
+
+project_dir = _resolve_project_dir()
+new_path = config_path if os.path.isabs(config_path) else os.path.join(project_dir, config_path)
+if not os.path.exists(new_path):
+    sys.exit(0)
+
+try:
+    with open(new_path, "r", encoding="utf-8") as f:
+        new_config = json.load(f)
+        if not isinstance(new_config, dict):
+            sys.exit(0)
+except Exception as e:
+    print(f"[OMG] config-guard: config read failed: {type(e).__name__}: {e}", file=sys.stderr)
+    sys.exit(0)
+
+# Load previous settings snapshot for diff-based trust review.
+snapshot_dir = os.path.join(project_dir, ".omg", "trust")
+os.makedirs(snapshot_dir, exist_ok=True)
+snapshot_path = os.path.join(snapshot_dir, "last-settings.json")
+
+old_config = {}
+# Prefer explicit old config in payload if present.
+payload_old = _extract_config_object(
+    data,
+    ("old_config", "old_settings", "old_content", "before", "old_value"),
+)
+if isinstance(payload_old, dict):
+    old_config = payload_old
+elif os.path.exists(snapshot_path):
+    try:
+        with open(snapshot_path, "r", encoding="utf-8") as f:
+            old_config = json.load(f)
+            if not isinstance(old_config, dict):
+                old_config = {}
+    except Exception as e:
+        print(f"[OMG] config-guard: snapshot read failed: {type(e).__name__}: {e}", file=sys.stderr)
+        old_config = {}
+
+# Prefer explicit new config when the payload provides it.
+payload_new = _extract_config_object(
+    data,
+    ("new_config", "new_settings", "new_content", "after", "new_value"),
+)
+if isinstance(payload_new, dict):
+    new_config = payload_new
+
+review = review_config_change(config_path, old_config, new_config)
+write_trust_manifest(project_dir, review)
+
+# Keep a rolling snapshot for next review.
+with contextlib.suppress(OSError):  # intentional: cleanup
+    with open(snapshot_path, "w", encoding="utf-8") as f:
+        json.dump(new_config, f, indent=2, ensure_ascii=True)
+
+# Backward-compatibility variable expected by tests.
+hooks = new_config.get("hooks", {})
+hook_count = sum(len(v) if isinstance(v, list) else 0 for v in hooks.values())
+
+verdict = review.get("verdict", "allow")
+risk_level = review.get("risk_level", "low")
+summary = format_review_summary(review)
+
+if verdict == "deny":
+    msg = "⚠ SETTINGS CHANGE DETECTED (Trust Review)\n" + summary
+    msg += "\n\nBlocked because risk is critical."
+    json.dump({"decision": "block", "reason": msg}, sys.stdout)
+elif verdict == "ask":
+    # ConfigChange hook only supports block/pass. For high-risk changes,
+    # block and require explicit user re-apply after review.
+    msg = "⚠ SETTINGS CHANGE REQUIRES REVIEW\n" + summary
+    msg += "\n\nRe-apply after human approval."
+    if risk_level == "high":
+        json.dump({"decision": "block", "reason": msg}, sys.stdout)
+
+sys.exit(0)

package/hooks/context_pressure.py

@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+"""Context pressure estimation - importable module for OMG hooks."""
+
+import json
+import os
+from datetime import datetime, timezone
+
+_DEFAULT_THRESHOLD = 150
+
+
+def estimate_context_pressure(project_dir):
+    threshold = _DEFAULT_THRESHOLD
+    try:
+        settings_path = os.path.join(project_dir, "settings.json")
+        if os.path.exists(settings_path):
+            with open(settings_path, "r", encoding="utf-8") as settings_file:
+                settings = json.load(settings_file)
+            threshold = settings.get("_oal", {}).get("context_budget", {}).get(
+                "pressure_threshold", _DEFAULT_THRESHOLD
+            )
+    except Exception:
+        pass
+
+    tool_count = 0
+    ledger_path = os.path.join(project_dir, ".omg", "state", "ledger", "tool-ledger.jsonl")
+    if os.path.exists(ledger_path):
+        try:
+            with open(ledger_path, "r", encoding="utf-8", errors="ignore") as ledger_file:
+                for line in ledger_file:
+                    if line.strip():
+                        tool_count += 1
+        except Exception:
+            pass
+
+    is_high = tool_count >= threshold
+
+    try:
+        pressure_path = os.path.join(project_dir, ".omg", "state", ".context-pressure.json")
+        os.makedirs(os.path.dirname(pressure_path), exist_ok=True)
+        with open(pressure_path, "w", encoding="utf-8") as pressure_file:
+            json.dump(
+                {
+                    "tool_count": tool_count,
+                    "threshold": threshold,
+                    "is_high": is_high,
+                    "ts": datetime.now(timezone.utc).isoformat(),
+                },
+                pressure_file,
+            )
+    except Exception:
+        pass
+
+    return tool_count, threshold, is_high