@trac3er/oh-my-god 1.0.2

package/scripts/settings-merge.py

@@ -0,0 +1,224 @@
+#!/usr/bin/env python3
+"""
+settings-merge.py
+Merges v2 hooks + permissions INTO existing ~/.claude/settings.json
+without destroying existing non-OMG configuration.
+
+Strategy:
+- hooks{}: APPEND our matchers to each event (never replace existing)
+- permissions.allow[]: UNION (add ours, keep theirs)
+- permissions.deny[]: UNION
+- permissions.ask[]: UNION
+- Everything else: PRESERVE as-is
+"""
+import json
+import sys
+import os
+import shutil
+from datetime import datetime
+
+def load_json(path):
+    if not os.path.exists(path):
+        return {}
+    try:
+        with open(path, "r") as f:
+            return json.load(f)
+    except json.JSONDecodeError as e:
+        print(f"ERROR: {path} contains invalid JSON (line {e.lineno}, col {e.colno}):", file=sys.stderr)
+        print(f"  {e.msg}", file=sys.stderr)
+        print(f"  Fix the file manually or delete it to start fresh.", file=sys.stderr)
+        sys.exit(1)
+    except PermissionError:
+        print(f"ERROR: Cannot read {path} — permission denied.", file=sys.stderr)
+        sys.exit(1)
+    except Exception as e:
+        print(f"ERROR: Failed to read {path}: {e}", file=sys.stderr)
+        sys.exit(1)
+
+def merge_hooks(existing_hooks, new_hooks):
+    """Append new hook matchers to existing, avoiding duplicates."""
+    merged = dict(existing_hooks)  # shallow copy
+
+    def extract_commands(entry):
+        commands = set()
+        if not isinstance(entry, dict):
+            return commands
+        hooks = entry.get("hooks")
+        if isinstance(hooks, list):
+            for hook in hooks:
+                if not isinstance(hook, dict):
+                    continue
+                cmd = hook.get("command", "") or hook.get("prompt", "")
+                if cmd:
+                    commands.add(cmd)
+            return commands
+        cmd = entry.get("command", "") or entry.get("prompt", "")
+        if cmd:
+            commands.add(cmd)
+        return commands
+
+    for event, matchers in new_hooks.items():
+        if event not in merged:
+            merged[event] = matchers
+            continue
+
+        existing_matchers = merged[event]
+
+        for new_matcher in matchers:
+            new_cmds = extract_commands(new_matcher)
+
+            # Check if this exact matcher+command combo already exists
+            already_exists = False
+            for em in existing_matchers:
+                existing_cmds = extract_commands(em)
+                same_matcher = em.get("matcher") == new_matcher.get("matcher")
+                if new_cmds and same_matcher and (new_cmds & existing_cmds):
+                    already_exists = True
+                    break
+                if not new_cmds and em == new_matcher:
+                    already_exists = True
+                    break
+
+            if not already_exists:
+                existing_matchers.append(new_matcher)
+
+    return merged
+
+def merge_permission_list(existing, new):
+    """Union two permission lists, preserving order (existing first)."""
+    seen = set(existing)
+    merged = list(existing)
+    for item in new:
+        if item not in seen:
+            merged.append(item)
+            seen.add(item)
+    return merged
+
+
+def merge_mcp_servers(existing, new):
+    merged = dict(existing or {})
+    for name, config in (new or {}).items():
+        if name not in merged:
+            merged[name] = config
+            continue
+        existing_cfg = merged.get(name)
+        if isinstance(existing_cfg, dict) and isinstance(config, dict):
+            merged_cfg = dict(existing_cfg)
+            if "args" in config:
+                existing_args = merged_cfg.get("args", []) if isinstance(merged_cfg.get("args", []), list) else []
+                new_args = config.get("args", []) if isinstance(config.get("args", []), list) else []
+                merged_args = list(existing_args)
+                for arg in new_args:
+                    if arg not in merged_args:
+                        merged_args.append(arg)
+                merged_cfg["args"] = merged_args
+            if "env" in config and isinstance(config.get("env"), dict):
+                env = dict(merged_cfg.get("env", {})) if isinstance(merged_cfg.get("env"), dict) else {}
+                for key, value in config["env"].items():
+                    env.setdefault(key, value)
+                merged_cfg["env"] = env
+            for key, value in config.items():
+                merged_cfg.setdefault(key, value)
+            merged[name] = merged_cfg
+    return merged
+
+def merge_settings(existing, new):
+    """
+    Merge strategy:
+    - hooks: append per-event
+    - permissions: union per-category
+    - everything else in existing: preserve
+    - $schema: use new if not present
+    """
+    merged = dict(existing)
+
+    # Schema
+    if "$schema" not in merged and "$schema" in new:
+        merged["$schema"] = new["$schema"]
+
+    # Hooks
+    if "hooks" in new:
+        existing_hooks = merged.get("hooks", {})
+        merged["hooks"] = merge_hooks(existing_hooks, new["hooks"])
+
+    # Permissions
+    if "permissions" in new:
+        existing_perms = merged.get("permissions", {})
+        new_perms = new["permissions"]
+        merged_perms = dict(existing_perms)
+
+        for category in ("allow", "deny", "ask"):
+            if category in new_perms:
+                existing_list = existing_perms.get(category, [])
+                merged_perms[category] = merge_permission_list(
+                    existing_list, new_perms[category]
+                )
+
+        merged["permissions"] = merged_perms
+
+    if "mcpServers" in new:
+        merged["mcpServers"] = merge_mcp_servers(merged.get("mcpServers", {}), new.get("mcpServers", {}))
+
+    return merged
+
+def main():
+    if len(sys.argv) < 3:
+        print("Usage: settings-merge.py <existing.json> <new.json> [--dry-run]")
+        sys.exit(1)
+
+    existing_path = sys.argv[1]
+    new_path = sys.argv[2]
+    dry_run = "--dry-run" in sys.argv
+
+    existing = load_json(existing_path)
+    new = load_json(new_path)
+
+    merged = merge_settings(existing, new)
+
+    if dry_run:
+        print(json.dumps(merged, indent=2))
+        print(f"\n--- DRY RUN ---", file=sys.stderr)
+        # Show what was added
+        new_hooks = set()
+        for event, matchers in new.get("hooks", {}).items():
+            for m in matchers:
+                for h in m.get("hooks", []):
+                    cmd = h.get("command", "")
+                    if cmd:
+                        new_hooks.add(f"  {event}: {os.path.basename(cmd.split()[-1])}")
+        if new_hooks:
+            print(f"Hooks to add:", file=sys.stderr)
+            for h in sorted(new_hooks):
+                print(h, file=sys.stderr)
+
+        for cat in ("allow", "deny", "ask"):
+            existing_set = set(existing.get("permissions", {}).get(cat, []))
+            new_set = set(new.get("permissions", {}).get(cat, []))
+            added = new_set - existing_set
+            if added:
+                print(f"permissions.{cat} to add: {len(added)} rules", file=sys.stderr)
+        return
+
+    # Backup existing
+    if os.path.exists(existing_path):
+        ts = datetime.now().strftime("%Y%m%d_%H%M%S")
+        backup = f"{existing_path}.bak.{ts}"
+        shutil.copy2(existing_path, backup)
+        print(f"📦 Backed up: {backup}")
+
+    with open(existing_path, "w") as f:
+        json.dump(merged, f, indent=2)
+        f.write("\n")
+
+    print(f"✅ Merged into: {existing_path}")
+
+    # Summary
+    hook_events = list(merged.get("hooks", {}).keys())
+    allow_count = len(merged.get("permissions", {}).get("allow", []))
+    deny_count = len(merged.get("permissions", {}).get("deny", []))
+    ask_count = len(merged.get("permissions", {}).get("ask", []))
+    print(f"   Hooks: {', '.join(hook_events)}")
+    print(f"   Permissions: {allow_count} allow, {deny_count} deny, {ask_count} ask")
+
+if __name__ == "__main__":
+    main()

package/scripts/verify-no-omc.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+exec "$SCRIPT_DIR/verify-standalone.sh" "$@"

package/scripts/verify-standalone.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_DIR="${1:-$(mktemp -d)}"
+
+echo "[verify-standalone] source: $ROOT_DIR"
+echo "[verify-standalone] workdir: $TMP_DIR"
+
+tar --exclude="./.omc" --exclude="./.pytest_cache" -cf - -C "$ROOT_DIR" . | (cd "$TMP_DIR" && tar -xf -)
+
+cd "$TMP_DIR"
+python3 scripts/omg.py compat gate --max-bridge 0 --output .omg/evidence/omg-compat-gap.json
+
+if command -v pyenv >/dev/null 2>&1 && pyenv prefix 3.12.7 >/dev/null 2>&1; then
+  PYENV_VERSION=3.12.7 python -m pytest -q
+else
+  python3 -m pytest -q
+fi
+
+echo "[verify-standalone] passed"

package/templates/idea.yml

@@ -0,0 +1,30 @@
+# OMG Idea Contract
+# Single source of intent for Idea -> Evidence -> PR automation.
+
+goal: ""
+constraints:
+  - ""
+acceptance:
+  - ""
+risk:
+  security:
+    - ""
+  performance:
+    - ""
+  compatibility:
+    - ""
+evidence_required:
+  tests:
+    - ""
+  security_scans:
+    - ""
+  reproducibility:
+    - ""
+  artifacts:
+    - "diff"
+    - "summary"
+metadata:
+  owner: ""
+  priority: "medium"   # low | medium | high | critical
+  target_branch: ""
+  created_at: ""

package/templates/policy.yaml

@@ -0,0 +1,15 @@
+version: omg-v1
+mode: warn_and_run
+critical_always_block: true
+require_evidence_pack: true
+trust:
+  distrust_paths:
+    - ".claude/"
+    - ".omc/"
+    - ".omg/"
+  review_mcp_changes: true
+  review_hook_changes: true
+supply_chain:
+  require_signature: false
+  require_checksum: false
+  enforce_sandbox: true

package/templates/profile.yaml

@@ -0,0 +1,25 @@
+# .omc/profile.yaml — Project identity (injected every session)
+# Keep under 20 lines. This is a quick-reference, not documentation.
+
+name: ""
+description: ""
+repo: ""
+
+language: ""
+framework: ""
+database: ""
+infra: ""
+key_deps: []
+
+conventions:
+  naming: ""        # camelCase / snake_case / etc
+  test_cmd: ""      # npm test / pytest / cargo test
+  lint_cmd: ""      # eslint / ruff / clippy
+  format_cmd: ""    # prettier / ruff format / rustfmt
+
+ai_behavior:
+  communication: "direct, bilingual OK"
+  locale_hint: "auto"    # auto | ko | en | ja | zh — helps keyword detection
+  when_stuck: "Ask user after 2 failed attempts, or /escalate"
+  testing: "User-journey focused. No boilerplate."
+  code_style: "Match existing patterns. Don't introduce new frameworks."

package/templates/runtime.yaml

@@ -0,0 +1,12 @@
+version: omg-v1
+runtime_order:
+  - claude
+  - gpt
+  - local
+parity:
+  enforce_common_output_schema: true
+  fail_on_schema_mismatch: true
+timeouts:
+  plan_sec: 60
+  execute_sec: 900
+  verify_sec: 600

package/templates/working-memory.md

@@ -0,0 +1,17 @@
+# Working Memory
+Last updated: [date]
+
+## Current Gomg
+[What we're trying to achieve right now]
+
+## Progress
+[N/M steps] | Branch: [name]
+
+## Active Decisions
+- [Decision]: [rationale] (date)
+
+## Blockers
+- [None]
+
+## Don't Repeat (failed approaches)
+- [None yet]

package/tools/__init__.py

@@ -0,0 +1,2 @@
+# tools package
+"""OMG tools — LSP client, language configs, and related utilities."""

package/tools/browser_consent.py

@@ -0,0 +1,289 @@
+#!/usr/bin/env python3
+"""
+Browser Consent Manager for OMG
+
+Manages explicit user consent for browser stealth mode. Provides a ToS warning
+display, consent recording with timestamps, and persistent consent state.
+
+Consent file: .omg/state/browser_consent.json
+Format: {"consented": true/false, "acknowledged_at": "ISO timestamp", "version": "1.0"}
+
+IMPORTANT:
+  - show_warning() returns text; caller decides how to display
+  - record_consent() is the ONLY function that writes consent state
+  - No consent is stored without explicit user action
+  - import alone does NOT trigger any side effects
+"""
+
+import json
+import os
+import sys
+from datetime import datetime, timezone
+from typing import Any, Dict, Optional
+
+# --- Consent version ---
+CONSENT_VERSION = "1.0"
+
+# --- Consent file relative path ---
+CONSENT_REL_PATH = os.path.join(".omg", "state", "browser_consent.json")
+
+# --- Warning text ---
+_WARNING_TEXT = """\
+╔══════════════════════════════════════════════════════════════════╗
+║                        ⚠  WARNING  ⚠                          ║
+╠══════════════════════════════════════════════════════════════════╣
+║                                                                  ║
+║  You are about to enable Browser Stealth Mode.                   ║
+║                                                                  ║
+║  This feature modifies browser fingerprints and injects           ║
+║  JavaScript to evade bot-detection systems. Using stealth         ║
+║  plugins may violate the Terms of Service of websites you         ║
+║  visit.                                                           ║
+║                                                                  ║
+║  By granting explicit consent, you acknowledge that:              ║
+║                                                                  ║
+║    1. You understand the stealth plugins alter browser behavior   ║
+║    2. You accept responsibility for compliance with applicable    ║
+║       Terms of Service and laws                                   ║
+║    3. OMG provides these tools as-is, without warranty            ║
+║    4. You may revoke consent at any time                          ║
+║                                                                  ║
+║  Consent is required before any stealth plugin can be applied.    ║
+║                                                                  ║
+╚══════════════════════════════════════════════════════════════════╝"""
+
+# --- Lazy imports for hooks/_common.py ---
+
+_atomic_json_write = None
+
+
+def _ensure_imports():
+    """Lazy import atomic_json_write from hooks/_common.py."""
+    global _atomic_json_write
+    if _atomic_json_write is not None:
+        return
+    repo_root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+    hooks_dir = os.path.join(repo_root, "hooks")
+    if hooks_dir not in sys.path:
+        sys.path.insert(0, hooks_dir)
+    try:
+        from _common import atomic_json_write as _ajw
+        _atomic_json_write = _ajw
+    except ImportError:
+        pass
+
+
+def _write_consent_file(path: str, data: Dict[str, Any]) -> bool:
+    """Write consent data using atomic_json_write or fallback.
+
+    Returns True on success, False on failure.
+    """
+    _ensure_imports()
+    if _atomic_json_write is not None:
+        try:
+            _atomic_json_write(path, data)
+            return True
+        except Exception:
+            return False
+    # Fallback: direct write with makedirs
+    try:
+        parent = os.path.dirname(path)
+        if parent:
+            os.makedirs(parent, exist_ok=True)
+        with open(path, "w", encoding="utf-8") as f:
+            json.dump(data, f, separators=(",", ":"))
+        return True
+    except Exception:
+        return False
+
+
+def _read_consent_file(path: str) -> Optional[Dict[str, Any]]:
+    """Read and parse consent file. Returns None on any failure."""
+    try:
+        if not os.path.exists(path):
+            return None
+        with open(path, "r", encoding="utf-8") as f:
+            data = json.load(f)
+        if isinstance(data, dict):
+            return data
+        return None
+    except (json.JSONDecodeError, OSError, TypeError):
+        return None
+
+
+# =============================================================================
+# ConsentManager — manages browser stealth consent lifecycle
+# =============================================================================
+
+
+class ConsentManager:
+    """Manages user consent for browser stealth mode.
+
+    All consent state is persisted to .omg/state/browser_consent.json.
+    No consent is recorded without explicit calls to record_consent().
+
+    Attributes:
+        project_dir: Root directory containing the .omg/ state folder.
+    """
+
+    def __init__(self, project_dir: Optional[str] = None):
+        self.project_dir = project_dir or os.environ.get(
+            "CLAUDE_PROJECT_DIR", os.getcwd()
+        )
+
+    @property
+    def consent_path(self) -> str:
+        """Full path to the consent file."""
+        return os.path.join(self.project_dir, CONSENT_REL_PATH)
+
+    def show_warning(self) -> str:
+        """Return the ToS warning text for browser stealth mode.
+
+        Returns the multi-line warning string. Does NOT print it —
+        the caller decides how to display the warning.
+
+        Returns:
+            Multi-line warning string containing Terms of Service notice.
+        """
+        return _WARNING_TEXT
+
+    def record_consent(self, acknowledged: bool = True) -> bool:
+        """Record the user's consent decision.
+
+        Saves consent state to .omg/state/browser_consent.json with
+        a timestamp and version identifier.
+
+        Args:
+            acknowledged: True if user explicitly consented, False otherwise.
+
+        Returns:
+            True if consent was successfully written, False on failure.
+        """
+        data = {
+            "consented": acknowledged,
+            "acknowledged_at": datetime.now(timezone.utc).isoformat(),
+            "version": CONSENT_VERSION,
+        }
+        return _write_consent_file(self.consent_path, data)
+
+    def is_consented(self) -> bool:
+        """Check if user has given explicit consent for stealth plugins.
+
+        Reads .omg/state/browser_consent.json and checks for
+        ``{"consented": true}``.
+
+        Returns:
+            True if consent file exists and consented is True, False otherwise.
+        """
+        data = _read_consent_file(self.consent_path)
+        if data is None:
+            return False
+        return data.get("consented", False) is True
+
+    def revoke_consent(self) -> bool:
+        """Revoke previously granted consent.
+
+        Sets consented to False in the consent file while preserving
+        the timestamp of revocation.
+
+        Returns:
+            True if revocation was successfully written, False on failure.
+        """
+        data = {
+            "consented": False,
+            "acknowledged_at": datetime.now(timezone.utc).isoformat(),
+            "version": CONSENT_VERSION,
+        }
+        return _write_consent_file(self.consent_path, data)
+
+    def get_consent_status(self) -> Dict[str, Any]:
+        """Return the full consent record.
+
+        Returns:
+            Full consent dict if file exists and is valid,
+            otherwise {"consented": False}.
+        """
+        data = _read_consent_file(self.consent_path)
+        if data is None:
+            return {"consented": False}
+        return data
+
+
+# =============================================================================
+# Module-level convenience function
+# =============================================================================
+
+
+def is_consented(project_dir: Optional[str] = None) -> bool:
+    """Module-level convenience: check if consent has been granted.
+
+    Args:
+        project_dir: Root directory (auto-detected if None).
+
+    Returns:
+        True if consented, False otherwise.
+    """
+    return ConsentManager(project_dir=project_dir).is_consented()
+
+
+# =============================================================================
+# CLI Interface
+# =============================================================================
+
+
+def _cli_main():
+    """CLI entry point for browser_consent.py."""
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description="OMG Browser Consent — manage consent for browser stealth mode",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument(
+        "--status", action="store_true",
+        help="Show current consent status",
+    )
+    parser.add_argument(
+        "--show-warning", action="store_true",
+        help="Display the ToS warning text",
+    )
+    parser.add_argument(
+        "--grant", action="store_true",
+        help="Grant consent for stealth mode",
+    )
+    parser.add_argument(
+        "--revoke", action="store_true",
+        help="Revoke consent for stealth mode",
+    )
+    parser.add_argument(
+        "--project-dir", default=None,
+        help="Project directory (default: auto-detect)",
+    )
+
+    args = parser.parse_args()
+    manager = ConsentManager(project_dir=args.project_dir)
+
+    if args.show_warning:
+        print(manager.show_warning())
+        return
+
+    if args.grant:
+        success = manager.record_consent(acknowledged=True)
+        print(json.dumps({"granted": success}, indent=2))
+        return
+
+    if args.revoke:
+        success = manager.revoke_consent()
+        print(json.dumps({"revoked": success}, indent=2))
+        return
+
+    if args.status:
+        status = manager.get_consent_status()
+        print(json.dumps(status, indent=2))
+        return
+
+    parser.print_help()
+
+
+if __name__ == "__main__":
+    _cli_main()