@trac3er/oh-my-god 1.0.2

package/rules/contextual/outside-in.md

@@ -0,0 +1,13 @@
+# Outside-In — Debug from User's Perspective
+
+**When:** Debugging, investigating issues, or implementing features.
+
+**3 Questions (always ask in this order):**
+1. **User sees:** What does the user experience? What error/behavior?
+2. **System view:** Where in the architecture does this happen? What's the flow?
+3. **Code view:** What specific code is responsible? What does it do wrong?
+
+**Fix from outside in:** Start from the user-visible symptom, trace inward.
+Don't start from code and guess what the user sees.
+
+**Apply to features too:** "What will the user do? What will they see? Then: how to implement."

package/rules/contextual/persistent-mode.md

@@ -0,0 +1,24 @@
+# Persistent Work Mode (ulw / ralph)
+
+**When:** User says "ulw", "ultrawork", "ralph", "끝까지", "don't stop", "keep going", "until done", "finish everything"
+
+**Behavior:**
+- Do NOT stop after one subtask. Work through the ENTIRE task list.
+- If a checklist exists (.omg/state/_checklist.md), complete ALL items.
+- If blocked on one item, SKIP it (mark [!]) and continue to the next.
+- Return to skipped items after completing others.
+- Use /OMG:escalate codex for complex code tasks in parallel.
+- Use /OMG:escalate gemini for UI/visual tasks.
+- Verify each completed item before moving on (run tests, show output).
+
+**Completion:**
+Only stop when:
+1. All checklist items are [x] or [!] (with explanation for skipped)
+2. All tests pass
+3. Build succeeds
+4. A completion summary is provided
+
+**Anti-patterns:**
+- Don't stop after just one fix and ask "anything else?"
+- Don't skip verification to go faster
+- Don't modify test expectations instead of fixing source code

package/rules/contextual/research-mode.md

@@ -0,0 +1,9 @@
+# Research Mode
+
+When in research mode:
+- Prioritize reading and understanding over writing code
+- Use web_search for current information, library docs, best practices
+- Synthesize findings into clear summaries with sources
+- Do NOT modify code unless explicitly asked
+- Report findings with confidence levels (confirmed/likely/uncertain)
+- Suggest next steps after research is complete

package/rules/contextual/security-domains.md

@@ -0,0 +1,25 @@
+# Security-Critical Domains
+
+**When:** Touching auth, payment, database, user-data, or privacy-related code.
+
+**Detection signals:** File paths or content containing: auth, login, signup, session, token, password, payment, billing, checkout, stripe, database, migration, schema, user, profile, PII, GDPR, encryption, certificate.
+
+**Required actions:**
+1. Before making changes: Read the ENTIRE file, not just the target function. Security bugs hide in adjacent code.
+2. Check auth flow end-to-end: login → session creation → token validation → permission check → logout/expiry.
+3. Never hardcode: API keys, secrets, tokens, connection strings, passwords. Use env vars or secret manager.
+4. Validate all inputs: SQL injection, XSS, command injection, path traversal — check at EVERY entry point.
+5. After changes: Request `/OMG:escalate codex "deep security review of [file]: auth flow, injection, privilege escalation"`.
+6. Payment code: PCI-DSS awareness — no raw card numbers in logs, no sensitive data in URLs, encrypt at rest.
+7. Database code: Parameterized queries ONLY. No string concatenation for SQL. Check migration rollback safety.
+
+**URI hardening checklist (frontend + backend):**
+- HTTPS-only enforcement (no mixed content)
+- CORS whitelist (not wildcard `*` in production)
+- CSP headers configured
+- Rate limiting on auth/payment endpoints
+- Input sanitization before DB/template rendering
+- No sensitive data in URL parameters (use POST body or headers)
+- Redirect URLs validated against whitelist (open redirect prevention)
+
+**Evidence:** After touching security-critical code, you MUST run the security check AND note it in your completion message. Saying "looks fine" without verification is unacceptable.

package/rules/contextual/vision-detection.md

@@ -0,0 +1,27 @@
+# Vision / Screenshot Auto-Detection
+
+**When:** User mentions screenshots, visual bugs, images, UI comparison, or attaches media.
+
+**Detection signals:**
+- "screenshot", "screen", "look at this", "attached image", "visual bug"
+- "looks wrong", "looks broken", "compare before/after"
+- Korean: "스크린샷", "캡처", "화면", "이미지", "보여"
+- User attaches PNG/JPG/GIF files
+
+**Actions in Claude Code CLI:**
+1. If screenshot capability is available, capture the current UI state
+2. For visual bugs: capture BEFORE making changes
+3. After fix: capture AFTER to show comparison
+4. For UI review: /OMG:escalate gemini with the screenshot for visual analysis
+
+**Actions when images are attached:**
+1. Analyze the image content for context
+2. If it shows a UI: identify components, layout, colors
+3. If it shows an error: extract the error message and debug
+4. If it shows a design mockup: use as reference for implementation
+
+**Integration with Gemini:**
+Gemini excels at visual/design tasks. When vision context is detected:
+```
+/OMG:escalate gemini "Analyze this UI: [description]. Check: layout, accessibility, responsive behavior, visual consistency."
+```

package/rules/contextual/web-search.md

@@ -0,0 +1,25 @@
+# Web Search Integration
+
+**When:** User asks about current docs, latest API changes, version compatibility, or "look up" / "search for" / "find" something.
+
+**Detection signals:**
+- "search", "look up", "find", "latest", "current version", "docs", "documentation"
+- "how to", "best practice" + unfamiliar technology
+- Korean: "검색", "찾아", "최신", "현재", "문서", "공식"
+
+**When to suggest web_search:**
+- Unknown API or library version compatibility
+- Current best practices for a rapidly evolving tool
+- Error messages that don't match known patterns
+- Checking if a dependency is maintained/deprecated
+
+**How to use:**
+- `/OMG:escalate codex "search for [topic] and summarize findings"`
+- Direct web_search tool if available in the environment
+- Use `web_search` first for discovery, then use `chrome-devtools` MCP to validate findings on live pages when browser verification is needed
+- Check package registry (npm, PyPI) for version info
+
+**When NOT to search:**
+- Well-known, stable patterns (basic SQL, HTML, CSS fundamentals)
+- Information already in .omg/knowledge/
+- When the user hasn't asked and you already know the answer

package/rules/contextual/write-verify.md

@@ -0,0 +1,23 @@
+# Write/Edit Verification Rule
+
+When any file write or edit operation shows an error, warning, or hook error:
+
+1. **NEVER claim success** without reading the file to verify changes are present
+2. **Hook errors from external plugins** (e.g. security_reminder_hook.py) are warnings — the write may have succeeded. READ the file to check.
+3. **"Error editing file"** means the Edit tool failed. Use an alternative:
+   - Try `Write` tool (creates new file)
+   - Try Bash: `cat > path/to/file << 'EOF'\n[content]\nEOF`
+   - Try Bash: `tee path/to/file << 'EOF'\n[content]\nEOF`
+4. **"Error writing file"** (file already exists) — use `Edit` or Bash heredoc
+5. After ANY retry, READ the file again to confirm
+
+## Common Hook Error Pattern
+```
+Error: PreToolUse:Write hook error: [python3 .../security_reminder_hook.py]: ⚠️ Security Warning: ...
+```
+This means an external hook emitted a warning. The file write likely succeeded.
+**Action:** Read the file to verify, then continue. Do NOT retry blindly.
+
+## Anti-pattern: False Success
+❌ "I've updated the file successfully" (without reading it)
+✅ "Let me verify the changes were applied..." → [Read file] → "Confirmed, the changes are in place."

package/rules/core/00-truth.md

@@ -0,0 +1,20 @@
+# Rule 00 — Truth & Evidence
+
+NEVER claim a state you haven't verified. Period.
+
+**Before saying "done/fixed/works/passes":**
+1. Run the verification command
+2. Check exit code = 0
+3. Include evidence in your report
+
+**Report format (every completion):**
+- **Verified:** [commands run + exit codes]
+- **Unverified:** [what couldn't be tested + why]
+- **Assumptions:** [what you assumed without checking]
+
+**If tests not run:** Say "Tests: NOT RUN (reason: ...)"
+**If tests fail:** Show failing command + output + plan to fix
+
+Forbidden without evidence: "done", "LGTM", "fixed", "works now", "tests passed"
+
+> Enforced: stop-gate.py checks evidence. tool-ledger.py logs tool calls.

package/rules/core/01-surgical.md

@@ -0,0 +1,19 @@
+# Rule 01 — Surgical Changes & Active Planning
+
+## Change Budgets
+- **Bugfix / small:** ≤3 files OR ≤120 LOC
+- **Medium:** ≤8 files OR ≤400 LOC (set CHANGE_BUDGET=medium)
+- **Large:** explicit justification required
+
+## Refactor Ladder (smallest safe step first)
+1. Minimal fix in place
+2. Local refactor in same module
+3. Extract helper only if reused ≥2 places
+4. Cross-module refactor only with plan approval
+
+## Active Planning
+For 3+ file changes: create .omg/state/_plan.md + _checklist.md BEFORE coding.
+Mark [x] immediately as steps complete. Update plan when approach changes.
+If stuck 2x: STOP. Try different approach or /OMG:escalate.
+
+> Enforced: stop-gate.py checks diff budget. circuit-breaker.py catches loops.

package/rules/core/02-circuit-breaker.md

@@ -0,0 +1,22 @@
+# Rule 02 — Circuit Breaker & Collaborative Solving
+
+## 2-Strike Rule
+Same approach fails twice → STOP. Don't retry with slight variation.
+
+Options:
+1. Fundamentally different approach
+2. /OMG:escalate codex (for deep debugging)
+3. /OMG:escalate gemini (for UI/visual issues)
+4. Ask the user
+
+## Anti-Patterns (NEVER)
+- **Bulldozer:** Same approach with slight variation → fails → retry harder
+- **Lone Wolf:** 10 failed attempts before asking for help
+- **Assumer:** Build [X] without confirming user wants [X]
+- **Force-Fixer:** Immediately try to fix without understanding root cause
+
+## Auto-Escalation
+After 3 failures: circuit-breaker.py suggests /OMG:escalate with specific context.
+After 5 failures: HARD BLOCK. Must escalate or get user input.
+
+> Enforced: circuit-breaker.py tracks patterns + auto-escalates.

package/rules/core/03-ensemble.md

@@ -0,0 +1,28 @@
+# Rule 03 — Ensemble Collaboration
+
+## Who Does What
+- **Claude:** Orchestration, synthesis, integration, user communication
+- **Codex:** Backend logic, security audit, root cause, algorithms, deep debugging
+- **Gemini:** UI/UX review, visual comparison, accessibility, responsive design
+
+## When to Delegate (DO IT, don't just think about it)
+- Backend bug persists after 2 attempts → /OMG:escalate codex
+- Security/auth/crypto involved → /OMG:escalate codex
+- UI/visual change made → /OMG:escalate gemini
+- Change spans frontend + backend → /OMG:ccg (tri-model)
+- Stuck on anything for 3+ attempts → /OMG:escalate to relevant model
+
+## Auto-Detection
+prompt-enhancer.py detects keywords and suggests the right model.
+circuit-breaker.py auto-suggests escalation after failures.
+
+## Plugins & MCPs
+- Installed plugins: USE them (they're installed for a reason)
+- Available MCPs: SUGGEST with reasoning, wait for user confirmation
+- Context7 (if available): Use for up-to-date library docs
+
+## Natural Communication
+Say: "This touches auth — let me get Codex to check the security."
+NOT: "Invoking cross-model review protocol for backend analysis."
+
+> Enforced: prompt-enhancer.py + session-start.py detect available tools.

package/rules/core/04-testing.md

@@ -0,0 +1,30 @@
+# Rule 04 — User-Journey Testing
+
+## The Standard: Test What USERS Need
+
+Don't write boilerplate. Ask:
+1. What does the user expect to happen?
+2. What could go wrong for the user?
+3. What edge cases would a real user hit?
+
+Then write tests for THOSE scenarios.
+
+## Test Categories (consider all, run what applies)
+- **Happy path:** The main user flow works
+- **Error handling:** Bad input, unauthorized, network failure, timeout
+- **Edge cases:** Empty, null, max length, concurrent, boundary values
+- **Regression:** Existing behavior unchanged after this change
+- **Integration:** Components work together correctly
+
+## Forbidden Patterns
+- assert True / expect(true).toBe(true)
+- Only testing that functions exist (typeof checks)
+- Mocking the thing you're testing
+- 5+ tests but no error/edge cases
+
+## Quality Gate
+Every change runs: format → lint → typecheck (if typed) → test
+If quality-gate.json exists, quality-runner.py enforces this.
+
+> Enforced: test-validator.py catches fake/boilerplate tests.
+> quality-runner.py runs QA commands.

package/runtime/__init__.py

@@ -0,0 +1,32 @@
+"""Runtime package for OMG."""
+
+from .compat import (
+    build_compat_gap_report,
+    build_omc_gap_report,
+    dispatch_compat_skill,
+    dispatch_omc_skill,
+    get_compat_skill_contract,
+    get_omc_skill_contract,
+    list_compat_skill_contracts,
+    list_compat_skills,
+    list_omc_skill_contracts,
+    list_omc_skills,
+)
+from .ecosystem import ecosystem_status, list_ecosystem_repos, resolve_ecosystem_selection, sync_ecosystem_repos
+
+__all__ = [
+    "build_compat_gap_report",
+    "build_omc_gap_report",
+    "dispatch_compat_skill",
+    "dispatch_omc_skill",
+    "get_compat_skill_contract",
+    "get_omc_skill_contract",
+    "list_compat_skill_contracts",
+    "list_compat_skills",
+    "list_omc_skill_contracts",
+    "list_omc_skills",
+    "ecosystem_status",
+    "list_ecosystem_repos",
+    "resolve_ecosystem_selection",
+    "sync_ecosystem_repos",
+]

package/runtime/adapters/__init__.py

@@ -0,0 +1,13 @@
+"""Runtime adapters for OMG v1."""
+
+from .claude import ClaudeAdapter
+from .gpt import GPTAdapter
+from .local import LocalAdapter
+
+
+def get_adapters():
+    return {
+        "claude": ClaudeAdapter(),
+        "gpt": GPTAdapter(),
+        "local": LocalAdapter(),
+    }

package/runtime/adapters/claude.py

@@ -0,0 +1,60 @@
+"""Claude runtime adapter (v1 stub)."""
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from typing import Any
+
+
+class ClaudeAdapter:
+    runtime = "claude"
+
+    def plan(self, idea: dict[str, Any]) -> dict[str, Any]:
+        goal = str(idea.get("goal", "")).strip() or "unspecified-goal"
+        return {
+            "runtime": self.runtime,
+            "phase": "plan",
+            "status": "planned",
+            "goal": goal,
+            "steps": [
+                "analyze-goal",
+                "generate-plan",
+                "emit-checklist",
+            ],
+        }
+
+    def execute(self, plan: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "execute",
+            "status": "executed",
+            "operations": [
+                "apply-plan",
+                "collect-diff",
+            ],
+            "errors": [],
+        }
+
+    def verify(self, execution_result: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "verify",
+            "status": "verified",
+            "ok": True,
+            "checks": [
+                {"name": "tests", "passed": True},
+                {"name": "security", "passed": True},
+            ],
+        }
+
+    def collect_evidence(self, verify_result: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "evidence",
+            "status": "collected",
+            "created_at": datetime.now(timezone.utc).isoformat(),
+            "tests": verify_result.get("checks", []),
+            "security_scans": [],
+            "diff_summary": {},
+            "reproducibility": {"seed": "deterministic"},
+            "unresolved_risks": [],
+        }

package/runtime/adapters/gpt.py

@@ -0,0 +1,53 @@
+"""GPT runtime adapter (v1 stub)."""
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from typing import Any
+
+
+class GPTAdapter:
+    runtime = "gpt"
+
+    def plan(self, idea: dict[str, Any]) -> dict[str, Any]:
+        goal = str(idea.get("goal", "")).strip() or "unspecified-goal"
+        return {
+            "runtime": self.runtime,
+            "phase": "plan",
+            "status": "planned",
+            "goal": goal,
+            "steps": ["analyze-goal", "generate-plan", "emit-checklist"],
+        }
+
+    def execute(self, plan: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "execute",
+            "status": "executed",
+            "operations": ["apply-plan", "collect-diff"],
+            "errors": [],
+        }
+
+    def verify(self, execution_result: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "verify",
+            "status": "verified",
+            "ok": True,
+            "checks": [
+                {"name": "tests", "passed": True},
+                {"name": "security", "passed": True},
+            ],
+        }
+
+    def collect_evidence(self, verify_result: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "evidence",
+            "status": "collected",
+            "created_at": datetime.now(timezone.utc).isoformat(),
+            "tests": verify_result.get("checks", []),
+            "security_scans": [],
+            "diff_summary": {},
+            "reproducibility": {"seed": "deterministic"},
+            "unresolved_risks": [],
+        }

package/runtime/adapters/local.py

@@ -0,0 +1,53 @@
+"""Local model runtime adapter (v1 stub)."""
+from __future__ import annotations
+
+from datetime import datetime, timezone
+from typing import Any
+
+
+class LocalAdapter:
+    runtime = "local"
+
+    def plan(self, idea: dict[str, Any]) -> dict[str, Any]:
+        goal = str(idea.get("goal", "")).strip() or "unspecified-goal"
+        return {
+            "runtime": self.runtime,
+            "phase": "plan",
+            "status": "planned",
+            "goal": goal,
+            "steps": ["analyze-goal", "generate-plan", "emit-checklist"],
+        }
+
+    def execute(self, plan: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "execute",
+            "status": "executed",
+            "operations": ["apply-plan", "collect-diff"],
+            "errors": [],
+        }
+
+    def verify(self, execution_result: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "verify",
+            "status": "verified",
+            "ok": True,
+            "checks": [
+                {"name": "tests", "passed": True},
+                {"name": "security", "passed": True},
+            ],
+        }
+
+    def collect_evidence(self, verify_result: dict[str, Any]) -> dict[str, Any]:
+        return {
+            "runtime": self.runtime,
+            "phase": "evidence",
+            "status": "collected",
+            "created_at": datetime.now(timezone.utc).isoformat(),
+            "tests": verify_result.get("checks", []),
+            "security_scans": [],
+            "diff_summary": {},
+            "reproducibility": {"seed": "deterministic"},
+            "unresolved_risks": [],
+        }