@trac3er/oh-my-god 1.0.2

package/config/themes/tokyo-night.yaml

@@ -0,0 +1,14 @@
+name: "Tokyo Night"
+variant: "dark"
+colors:
+  background: "#1a1b26"
+  foreground: "#a9b1d6"
+  primary: "#7aa2f7"
+  secondary: "#565f89"
+  accent: "#bb9af7"
+  error: "#f7768e"
+  warning: "#e0af68"
+  success: "#9ece6a"
+metadata:
+  author: "Enkia"
+  url: "https://github.com/enkia/tokyo-night-vscode-theme"

package/control_plane/__init__.py

@@ -0,0 +1,2 @@
+"""Control plane package for OMG v1."""
+

package/control_plane/openapi.yaml

@@ -0,0 +1,109 @@
+openapi: 3.1.0
+info:
+  title: OMG Control Plane API
+  version: 1.0.0
+  description: Policy/trust/evidence/runtime/registry/lab endpoints for OMG v1.
+servers:
+  - url: https://api.omg.local
+paths:
+  /v1/policy/evaluate:
+    post:
+      summary: Evaluate policy decision
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PolicyInput'
+      responses:
+        '200':
+          description: Decision result
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PolicyDecision'
+  /v1/trust/review:
+    post:
+      summary: Review trust-sensitive config changes
+      responses:
+        '200':
+          description: Trust review report
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TrustReview'
+  /v1/evidence/ingest:
+    post:
+      summary: Ingest evidence pack
+      responses:
+        '202':
+          description: Accepted
+  /v1/runtime/dispatch:
+    post:
+      summary: Dispatch job to runtime adapter
+      responses:
+        '200':
+          description: Runtime dispatch result
+  /v1/registry/verify:
+    post:
+      summary: Verify supply-chain artifact
+      responses:
+        '200':
+          description: Verification decision
+  /v1/lab/jobs:
+    post:
+      summary: Create lab pipeline job
+      responses:
+        '201':
+          description: Created
+  /v1/scoreboard/baseline:
+    get:
+      summary: Return baseline scorecard
+      responses:
+        '200':
+          description: KPI baseline snapshot
+components:
+  schemas:
+    PolicyInput:
+      type: object
+      properties:
+        tool:
+          type: string
+        input:
+          type: object
+      additionalProperties: true
+    PolicyDecision:
+      type: object
+      required: [action, risk_level, reason, controls]
+      properties:
+        action:
+          type: string
+          enum: [allow, ask, deny]
+        risk_level:
+          type: string
+          enum: [low, med, high, critical]
+        reason:
+          type: string
+        controls:
+          type: array
+          items:
+            type: string
+    TrustReview:
+      type: object
+      required: [changed_files, mcp_changes, hook_changes, env_changes, risk_score, verdict]
+      properties:
+        changed_files:
+          type: array
+          items: { type: string }
+        mcp_changes:
+          type: array
+          items: { type: object }
+        hook_changes:
+          type: object
+        env_changes:
+          type: array
+          items: { type: object }
+        risk_score:
+          type: integer
+        verdict:
+          type: string

package/control_plane/server.py

@@ -0,0 +1,107 @@
+"""Lightweight HTTP server for OMG control-plane APIs."""
+from __future__ import annotations
+
+import argparse
+import sys
+from http.server import BaseHTTPRequestHandler, HTTPServer
+import json
+from typing import Any
+
+from control_plane.service import ControlPlaneService
+
+
+def _json_response(handler: BaseHTTPRequestHandler, status: int, payload: dict[str, Any]) -> None:
+    body = json.dumps(payload, ensure_ascii=True).encode("utf-8")
+    handler.send_response(status)
+    handler.send_header("Content-Type", "application/json")
+    handler.send_header("Content-Length", str(len(body)))
+    handler.end_headers()
+    handler.wfile.write(body)
+
+
+def _read_json(handler: BaseHTTPRequestHandler) -> dict[str, Any]:
+    length = int(handler.headers.get("Content-Length", "0"))
+    if length <= 0:
+        return {}
+    raw = handler.rfile.read(length)
+    if not raw:
+        return {}
+    try:
+        parsed = json.loads(raw.decode("utf-8"))
+        return parsed if isinstance(parsed, dict) else {}
+    except json.JSONDecodeError:
+        return {}
+
+
+def make_handler(service: ControlPlaneService):
+    class Handler(BaseHTTPRequestHandler):
+        def do_GET(self) -> None:  # noqa: N802
+            if self.path == "/v1/scoreboard/baseline":
+                status, payload = service.scoreboard_baseline()
+                _json_response(self, status, payload)
+                return
+            _json_response(self, 404, {"status": "error", "message": "Not found"})
+
+        def do_POST(self) -> None:  # noqa: N802
+            payload = _read_json(self)
+
+            if self.path == "/v1/policy/evaluate":
+                status, out = service.policy_evaluate(payload)
+                _json_response(self, status, out)
+                return
+            if self.path == "/v1/trust/review":
+                status, out = service.trust_review(payload)
+                _json_response(self, status, out)
+                return
+            if self.path == "/v1/evidence/ingest":
+                status, out = service.evidence_ingest(payload)
+                _json_response(self, status, out)
+                return
+            if self.path == "/v1/runtime/dispatch":
+                status, out = service.runtime_dispatch(payload)
+                _json_response(self, status, out)
+                return
+            if self.path == "/v1/registry/verify":
+                status, out = service.registry_verify(payload)
+                _json_response(self, status, out)
+                return
+            if self.path == "/v1/lab/jobs":
+                status, out = service.lab_jobs(payload)
+                _json_response(self, status, out)
+                return
+
+            _json_response(self, 404, {"status": "error", "message": "Not found"})
+
+        def log_message(self, format: str, *args: Any) -> None:  # noqa: A003
+            # Quiet default request logs; keep response JSON clean for local usage.
+            return
+
+    return Handler
+
+
+def run_server(host: str = "127.0.0.1", port: int = 8787, project_dir: str | None = None) -> None:
+    service = ControlPlaneService(project_dir=project_dir)
+    handler = make_handler(service)
+    server = HTTPServer((host, port), handler)
+    try:
+        server.serve_forever()
+    finally:
+        server.server_close()
+
+
+def _main() -> int:
+    parser = argparse.ArgumentParser(description="Run OMG control-plane API server")
+    parser.add_argument("--host", default="127.0.0.1")
+    parser.add_argument("--port", type=int, default=8787)
+    parser.add_argument("--project-dir", default=None)
+    args = parser.parse_args()
+    if args.host != "127.0.0.1":
+        print(f"⚠ WARNING: Binding to {args.host} exposes the control plane to the network. No authentication is configured.", file=sys.stderr)
+
+    run_server(args.host, args.port, args.project_dir)
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(_main())
+

package/control_plane/service.py

@@ -0,0 +1,148 @@
+"""Control plane service handlers for OMG v1."""
+from __future__ import annotations
+
+from datetime import datetime, timezone
+import os
+from typing import Any
+
+from hooks.policy_engine import (
+    evaluate_bash_command,
+    evaluate_file_access,
+    evaluate_supply_artifact,
+)
+from hooks.shadow_manager import create_evidence_pack
+from hooks.trust_review import review_config_change
+from lab.pipeline import run_pipeline
+from registry.verify_artifact import verify_artifact
+from runtime.dispatcher import dispatch_runtime
+
+
+class ControlPlaneService:
+    def __init__(self, project_dir: str | None = None):
+        self.project_dir = project_dir or os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd())
+
+    def policy_evaluate(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        tool = str(payload.get("tool", ""))
+        input_data = payload.get("input", {})
+
+        if tool == "Bash":
+            command = str((input_data or {}).get("command", ""))
+            decision = evaluate_bash_command(command)
+            return 200, decision.to_dict()
+
+        if tool in {"Read", "Write", "Edit", "MultiEdit"}:
+            file_path = str((input_data or {}).get("file_path", ""))
+            decision = evaluate_file_access(tool, file_path)
+            return 200, decision.to_dict()
+
+        if tool == "SupplyArtifact":
+            artifact = payload.get("artifact", {})
+            mode = str(payload.get("mode", "warn_and_run"))
+            decision = evaluate_supply_artifact(artifact, mode=mode)
+            return 200, decision.to_dict()
+
+        return 400, {
+            "status": "error",
+            "error_code": "INVALID_POLICY_INPUT",
+            "message": "Unsupported tool for policy evaluation",
+        }
+
+    def trust_review(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        file_path = str(payload.get("file_path", "settings.json"))
+        old_config = payload.get("old_config", {})
+        new_config = payload.get("new_config", {})
+        if not isinstance(old_config, dict) or not isinstance(new_config, dict):
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_TRUST_INPUT",
+                "message": "old_config and new_config must be objects",
+            }
+        review = review_config_change(file_path, old_config, new_config)
+        return 200, review
+
+    def evidence_ingest(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        run_id = str(payload.get("run_id", "")).strip()
+        required = ["tests", "security_scans", "diff_summary", "reproducibility", "unresolved_risks"]
+        missing = [key for key in required if key not in payload]
+
+        if not run_id:
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_EVIDENCE_INPUT",
+                "message": "run_id is required",
+            }
+        if missing:
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_EVIDENCE_INPUT",
+                "message": f"Missing required fields: {', '.join(missing)}",
+            }
+
+        path = create_evidence_pack(
+            self.project_dir,
+            run_id,
+            tests=payload.get("tests"),
+            security_scans=payload.get("security_scans"),
+            diff_summary=payload.get("diff_summary"),
+            reproducibility=payload.get("reproducibility"),
+            unresolved_risks=payload.get("unresolved_risks"),
+        )
+        return 202, {
+            "status": "accepted",
+            "run_id": run_id,
+            "evidence_path": os.path.relpath(path, self.project_dir),
+        }
+
+    def runtime_dispatch(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        runtime = str(payload.get("runtime", "")).strip()
+        idea = payload.get("idea", {})
+        if not runtime:
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_RUNTIME_INPUT",
+                "message": "runtime is required",
+            }
+        if not isinstance(idea, dict):
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_RUNTIME_INPUT",
+                "message": "idea must be an object",
+            }
+        result = dispatch_runtime(runtime, idea)
+        if result.get("status") == "error":
+            return 400, result
+        return 200, result
+
+    def registry_verify(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        artifact = payload.get("artifact", {})
+        mode = str(payload.get("mode", "warn_and_run"))
+        if not isinstance(artifact, dict):
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_REGISTRY_INPUT",
+                "message": "artifact must be an object",
+            }
+        decision = verify_artifact(artifact, mode=mode)
+        return 200, decision
+
+    def lab_jobs(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        if not isinstance(payload, dict):
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_LAB_INPUT",
+                "message": "job payload must be an object",
+            }
+        result = run_pipeline(payload)
+        return 201 if result.get("status") in {"ready", "failed_evaluation"} else 400, result
+
+    def scoreboard_baseline(self) -> tuple[int, dict[str, Any]]:
+        return 200, {
+            "generated_at": datetime.now(timezone.utc).isoformat(),
+            "baseline": {
+                "safe_autonomy_rate": 0.0,
+                "pr_throughput": 0.0,
+                "adoption_velocity": 0.0,
+            },
+            "target_policy": "non-regression-or-better",
+        }
+

package/crates/omg-natives/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "omg-natives"
+version = "0.1.0"
+edition = "2021"
+description = "Native Rust acceleration for OMG hot paths"
+license = "MIT"
+
+[lib]
+name = "omg_natives"
+crate-type = ["cdylib", "rlib"]
+
+[dependencies]
+pyo3 = { version = "0.21", features = ["extension-module"] }
+
+[profile.release]
+opt-level = 3
+lto = true

package/crates/omg-natives/src/clipboard.rs

@@ -0,0 +1,5 @@
+//! Clipboard access and manipulation.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/glob.rs

@@ -0,0 +1,15 @@
+//! Fast glob pattern matching for file discovery.
+
+use pyo3::prelude::*;
+
+/// Match files against a glob pattern starting from a base directory.
+#[pyfunction]
+pub fn glob_match(pattern: &str, base: &str) -> PyResult<Vec<String>> {
+    // Stub: full implementation will use globset crate
+    let _ = (pattern, base);
+    Ok(Vec::new())
+}
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/grep.rs

@@ -0,0 +1,15 @@
+//! Fast pattern matching for file content search.
+
+use pyo3::prelude::*;
+
+/// Search for a regex pattern in a file, returning matching lines.
+#[pyfunction]
+pub fn grep(pattern: &str, path: &str) -> PyResult<Vec<String>> {
+    // Stub: full implementation will use regex crate for ~10x speedup
+    let _ = (pattern, path);
+    Ok(Vec::new())
+}
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/highlight.rs

@@ -0,0 +1,15 @@
+//! Syntax highlighting for code snippets.
+
+use pyo3::prelude::*;
+
+/// Highlight source code with ANSI escape codes.
+#[pyfunction]
+pub fn highlight_syntax(code: &str, language: &str) -> PyResult<String> {
+    // Stub: will use tree-sitter or syntect for fast highlighting
+    let _ = language;
+    Ok(code.to_string())
+}
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/html.rs

@@ -0,0 +1,14 @@
+//! HTML parsing and tag stripping.
+
+use pyo3::prelude::*;
+
+/// Strip HTML tags from a string, returning plain text.
+#[pyfunction]
+pub fn strip_tags(html: &str) -> PyResult<String> {
+    // Stub: will use a fast state-machine parser
+    Ok(html.to_string())
+}
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/image.rs

@@ -0,0 +1,5 @@
+//! Image processing and thumbnail generation.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/keys.rs

@@ -0,0 +1,5 @@
+//! Key management and cryptographic utilities.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/lib.rs

@@ -0,0 +1,36 @@
+//! OMG Natives — Rust acceleration for OMG hot paths.
+//!
+//! This crate provides high-performance implementations of CPU-intensive
+//! operations used by OMG hooks and tools. When compiled and installed,
+//! the Python `omg_natives` package will automatically use these native
+//! implementations instead of the pure-Python fallbacks.
+
+use pyo3::prelude::*;
+
+pub mod grep;
+pub mod shell;
+pub mod text;
+pub mod keys;
+pub mod highlight;
+pub mod glob;
+pub mod task;
+pub mod ps;
+pub mod prof;
+pub mod image;
+pub mod clipboard;
+pub mod html;
+
+/// The main Python module entry point.
+///
+/// When built with `maturin develop` or `maturin build`, this creates
+/// the `omg_natives._native` extension module.
+#[pymodule]
+fn _native(m: &Bound<'_, PyModule>) -> PyResult<()> {
+    m.add("__version__", env!("CARGO_PKG_VERSION"))?;
+    m.add_function(wrap_pyfunction!(grep::grep, m)?)?;
+    m.add_function(wrap_pyfunction!(glob::glob_match, m)?)?;
+    m.add_function(wrap_pyfunction!(text::normalize, m)?)?;
+    m.add_function(wrap_pyfunction!(highlight::highlight_syntax, m)?)?;
+    m.add_function(wrap_pyfunction!(html::strip_tags, m)?)?;
+    Ok(())
+}

package/crates/omg-natives/src/prof.rs

@@ -0,0 +1,5 @@
+//! Profiling and performance measurement utilities.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/ps.rs

@@ -0,0 +1,5 @@
+//! Process inspection and management.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/shell.rs

@@ -0,0 +1,5 @@
+//! Shell command execution and output parsing.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/task.rs

@@ -0,0 +1,5 @@
+//! Task scheduling and parallel execution primitives.
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}

package/crates/omg-natives/src/text.rs

@@ -0,0 +1,14 @@
+//! Text normalization and processing utilities.
+
+use pyo3::prelude::*;
+
+/// Normalize text: strip whitespace, normalize line endings.
+#[pyfunction]
+pub fn normalize(text: &str) -> PyResult<String> {
+    // Stub: will provide fast Unicode normalization
+    Ok(text.to_string())
+}
+
+pub fn placeholder() -> &'static str {
+    "not implemented"
+}