@trac3er/oh-my-god 2.0.2 → 2.0.4

package/dist/public/bundle/settings.json

@@ -0,0 +1,366 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "_comment": "OMG 2.0.4 - project-level config with hook registrations, presets, and feature flags.",
+  "permissions": {
+    "allow": [
+      "Agent",
+      "Read",
+      "Write",
+      "Edit",
+      "MultiEdit",
+      "Grep",
+      "Glob",
+      "Bash(ls *)",
+      "Bash(cat *)",
+      "Bash(head *)",
+      "Bash(tail *)",
+      "Bash(wc *)",
+      "Bash(grep *)",
+      "Bash(find *)",
+      "Bash(which *)",
+      "Bash(echo *)",
+      "Bash(printf *)",
+      "Bash(pwd)",
+      "Bash(whoami)",
+      "Bash(date *)",
+      "Bash(basename *)",
+      "Bash(dirname *)",
+      "Bash(realpath *)",
+      "Bash(stat *)",
+      "Bash(file *)",
+      "Bash(diff *)",
+      "Bash(sort *)",
+      "Bash(uniq *)",
+      "Bash(awk *)",
+      "Bash(sed *)",
+      "Bash(tr *)",
+      "Bash(cut *)",
+      "Bash(tee *)",
+      "Bash(xargs *)",
+      "Bash(jq *)",
+      "Bash(yq *)",
+      "Bash(tree *)",
+      "Bash(du *)",
+      "Bash(df *)",
+      "Bash(type *)",
+      "Bash(command *)",
+      "Bash(test *)",
+      "Bash([ *)",
+      "Bash(mkdir *)",
+      "Bash(touch *)",
+      "Bash(ln *)",
+      "Bash(cp *)",
+      "Bash(mv *)",
+      "Bash(git *)",
+      "Bash(npm *)",
+      "Bash(npx *)",
+      "Bash(yarn *)",
+      "Bash(pnpm *)",
+      "Bash(bun *)",
+      "Bash(pip *)",
+      "Bash(pip3 *)",
+      "Bash(uv *)",
+      "Bash(go *)",
+      "Bash(cargo *)",
+      "Bash(rustc *)",
+      "Bash(tsc *)",
+      "Bash(eslint *)",
+      "Bash(prettier *)",
+      "Bash(mypy *)",
+      "Bash(ruff *)",
+      "Bash(ruff format *)",
+      "Bash(pytest *)",
+      "Bash(jest *)",
+      "Bash(vitest *)",
+      "Bash(shellcheck *)",
+      "Bash(terraform validate *)",
+      "Bash(terraform fmt *)",
+      "Bash(terraform plan *)",
+      "Bash(terraform show *)",
+      "Bash(terraform state list *)",
+      "Bash(tmux *)",
+      "Bash(zip *)",
+      "Bash(unzip *)",
+      "Bash(tar *)",
+      "Bash(gzip *)",
+      "Bash(rg *)",
+      "Bash(gh *)"
+    ],
+    "ask": [
+      "Bash(curl *)",
+      "Bash(wget *)",
+      "Bash(ssh *)",
+      "Bash(scp *)",
+      "Bash(rsync *)",
+      "Bash(rm *)",
+      "Bash(sudo *)",
+      "Bash(kill *)",
+      "Bash(pkill *)",
+      "Bash(systemctl *)",
+      "Bash(reboot)",
+      "Bash(shutdown *)",
+      "Bash(dd *)",
+      "Bash(fdisk *)",
+      "Bash(mkfs *)",
+      "Bash(mount *)",
+      "Bash(umount *)",
+      "Bash(iptables *)",
+      "Bash(ufw *)",
+      "Bash(terraform apply *)",
+      "Bash(terraform destroy *)",
+      "Bash(terraform import *)",
+      "Bash(env *)",
+      "Bash(node *)",
+      "Bash(python *)",
+      "Bash(python3 *)",
+      "Bash(chmod *)",
+      "Bash(chown *)",
+      "Bash(docker *)",
+      "Bash(docker-compose *)",
+      "Bash(kubectl get *)",
+      "Bash(kubectl describe *)",
+      "Bash(kubectl logs *)",
+      "Bash(kubectl apply *)",
+      "Bash(kubectl exec *)",
+      "Bash(kubectl edit *)",
+      "Bash(kubectl patch *)",
+      "Bash(kubectl rollout *)",
+      "Bash(kubectl scale *)",
+      "Bash(kubectl port-forward *)",
+      "Bash(kubectl config *)",
+      "Bash(kubectl top *)",
+      "Bash(kubectl delete *)"
+    ],
+    "deny": [
+      "Bash(rm -rf /)",
+      "Bash(rm -rf /*)",
+      "Bash(rm -rf ~)",
+      "Bash(rm -rf ~/*)",
+      "Bash(sudo rm *)",
+      "Bash(sudo dd *)",
+      "Bash(sudo mkfs *)",
+      "Bash(:(){ :|:& };:)",
+      "Read(./.env)",
+      "Read(./secrets/**)",
+      "Read(**/.env)",
+      "Read(**/secrets/**)",
+      "Read(**/.aws/credentials)",
+      "Read(**/.aws/config)",
+      "Read(**/.kube/config)",
+      "Read(**/.ssh/*)",
+      "Read(**/*.pem)",
+      "Read(**/*.key)",
+      "Read(**/*.p12)",
+      "Read(**/*.pfx)",
+      "Read(**/.npmrc)",
+      "Read(**/.pypirc)",
+      "Read(**/.netrc)",
+      "Read(**/id_rsa*)",
+      "Read(**/id_ed25519*)",
+      "Read(**/id_ecdsa*)",
+      "Write(./.env)",
+      "Read(./.env.*)",
+      "Read(**/.env.*)",
+      "Write(./.env.*)",
+      "Write(./secrets/**)"
+    ]
+  },
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/session-start.py\"",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "SessionEnd": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/session-end-capture.py\""
+          }
+        ]
+      }
+    ],
+    "PreToolUse": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/firewall.py\"",
+            "timeout": 10
+          }
+        ],
+        "matcher": "Bash"
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/secret-guard.py\"",
+            "timeout": 10
+          }
+        ],
+        "matcher": "Read|Write|Edit|MultiEdit"
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/pre-tool-inject.py\""
+          }
+        ],
+        "matcher": ""
+      }
+    ],
+    "PostToolUse": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/circuit-breaker.py\"",
+            "timeout": 10
+          }
+        ],
+        "matcher": "Bash"
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/tool-ledger.py\"",
+            "timeout": 10
+          }
+        ],
+        "matcher": "Write|Edit|MultiEdit"
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/test_generator_hook.py\"",
+            "timeout": 10
+          }
+        ],
+        "matcher": "Write|Edit|MultiEdit"
+      },
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/budget_governor.py\"",
+            "timeout": 10
+          }
+        ],
+        "matcher": ""
+      }
+    ],
+    "PostToolUseFailure": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/post-tool-failure.py\""
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 \"$HOME/.claude/hooks/stop_dispatcher.py\"",
+            "timeout": 90
+          }
+        ],
+        "matcher": ""
+      }
+    ]
+  },
+  "_omg": {
+    "_version": "2.0.4",
+    "preset": "safe",
+    "default_mode": "ulw+ralph",
+    "vision_auto": true,
+    "false_fix_detection": true,
+    "cost_budget": {
+      "session_limit_usd": 5.0,
+      "thresholds": [
+        50,
+        80,
+        95
+      ],
+      "pricing": {
+        "input_per_mtok": 3.0,
+        "output_per_mtok": 15.0
+      }
+    },
+    "context_budget": {
+      "session_start_max_chars": 2000,
+      "prompt_enhancer_max_chars": 800,
+      "prompt_enhancer_max_injections": 10,
+      "full_turns": 10,
+      "summarize_turns": 50,
+      "batch_size": 21
+    },
+    "credentials": {
+      "rotation_schedule_days": 90,
+      "expiry_warning_days": 14
+    },
+    "features": {
+      "memory": false,
+      "ralph_loop": true,
+      "planning_enforcement": true,
+      "compound_learning": false,
+      "simplifier": true,
+      "model_routing": true,
+      "agent_registry": true,
+      "circuit_breaker_v2": true,
+      "cognitive_modes": true,
+      "agent_routing": true,
+      "SETUP": false,
+      "SETUP_WIZARD": false,
+      "MEMORY_SERVER": false,
+      "MEMORY_AUTOSTART": false,
+      "COST_TRACKING": false,
+      "GIT_WORKFLOW": false,
+      "SESSION_ANALYTICS": false,
+      "TEST_GENERATION": false,
+      "DEP_HEALTH": false,
+      "CODEBASE_VIZ": false,
+      "CONTEXT_MANAGER": false
+    },
+    "generated": {
+      "contract_version": "2.0.4",
+      "channel": "public",
+      "required_bundles": [
+        "control-plane",
+        "hook-governor",
+        "mcp-fabric",
+        "lsp-pack",
+        "secure-worktree-pipeline"
+      ],
+      "protected_paths": [
+        ".omg/**",
+        ".agents/**",
+        ".codex/**",
+        ".claude/**"
+      ],
+      "emulated_events": [
+        "PreCompact",
+        "ConfigChange",
+        "WorktreeCreate",
+        "WorktreeRemove",
+        "SubagentStart",
+        "SubagentStop",
+        "TaskCompleted"
+      ]
+    }
+  }
+}

package/dist/public/manifest.json

@@ -0,0 +1,99 @@
+{
+  "schema": "OmgCompiledArtifactManifest",
+  "channel": "public",
+  "contract_version": "2.0.4",
+  "artifacts": [
+    {
+      "path": "bundle/.agents/skills/omg/AGENTS.fragment.md",
+      "sha256": "603430cb291632105fda7444ae018da521cc3a57c71c1a1c98179efea42ce0f2"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/codex-mcp.toml",
+      "sha256": "a56de208a369a2b318d2e66e150eef4cba1fac1ecf32bda6db1a1e4b65db7311"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/control-plane/SKILL.md",
+      "sha256": "fe281985ffbfb4d324d0ae421653c96d501bfda4ef1462865e2868276c40a3c2"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/control-plane/openai.yaml",
+      "sha256": "a7ba723d34839c6a444b6ee4416223103cd9b2bbd9caed0d4c0aa1e7d5a523fc"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/hook-governor/SKILL.md",
+      "sha256": "852df4b5f787f2a885e87cb8ad8dbb8d877e018e14083cfd5e5b98deb9dd19b5"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/hook-governor/openai.yaml",
+      "sha256": "8b4e219662bd9a12e89cdcd9a1828c1ff14810fa09cbfff9a6d9f932fb42ec85"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/lsp-pack/SKILL.md",
+      "sha256": "86890c6671441f8687ad7d71dedd7d61574c42aa6e109aa8dd6ceb4b6a139879"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/lsp-pack/openai.yaml",
+      "sha256": "14000aec9cc9ff630b7354ae101cc43ed90c4e1ecd0fa719013741ca14598142"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/mcp-fabric/SKILL.md",
+      "sha256": "e741baf4fa5f09957fe37349b79fe6831afe0352eefa945f3e53514ea313bc36"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/mcp-fabric/openai.yaml",
+      "sha256": "18dc35b4d6fb598b572ec933153e80de5449be9e07ef07178e4f875e39a8915c"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md",
+      "sha256": "1eebd557d77cc084161c3ffe11ed3a9ea5d78caa65b1021a992ac8b835fc6a0d"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml",
+      "sha256": "1f82a05b2fcad17c126e34541c995dedf3ed242fa499539ab693cc60a0d41c77"
+    },
+    {
+      "path": "bundle/.claude-plugin/marketplace.json",
+      "sha256": "cf1a17ce1e8db6814209126a79d5a05d057f354ef3ee49a74da4f18f2ec04597"
+    },
+    {
+      "path": "bundle/.claude-plugin/plugin.json",
+      "sha256": "6ad6db257f9e46528d94760ef895b6ffc87c78a8ec5ca05b430a46b46ee3dc08"
+    },
+    {
+      "path": "bundle/.mcp.json",
+      "sha256": "d8249fdd26e0df0a9b7cabcb34256d7e33578e1d0e9878cc91d43452a10f7c24"
+    },
+    {
+      "path": "bundle/OMG_COMPAT_CONTRACT.md",
+      "sha256": "fa91ec0dbff58d543df5a9e3a86a1fe1629104a383d4e1bd440a36cb5522189c"
+    },
+    {
+      "path": "bundle/registry/bundles/control-plane.yaml",
+      "sha256": "bb58e1d21a7f545548da10e7f9b83898d6ece8010a921b66d0f94a08c8ae0d8e"
+    },
+    {
+      "path": "bundle/registry/bundles/hook-governor.yaml",
+      "sha256": "93b13ea1e2098328349d33373595144f2f863274548bef47fd266d6cab210260"
+    },
+    {
+      "path": "bundle/registry/bundles/lsp-pack.yaml",
+      "sha256": "6c2ca235bdca31635d89c428c48a35a5414250e98c7349cd67ba900870203d9a"
+    },
+    {
+      "path": "bundle/registry/bundles/mcp-fabric.yaml",
+      "sha256": "2cb71fc331820b19c60c3275f521fb49d099ed7c31539fab9959a55d29ae0fe9"
+    },
+    {
+      "path": "bundle/registry/bundles/secure-worktree-pipeline.yaml",
+      "sha256": "b93e752cef8b5cbc76fb7aa32ebe80d30ce390193183bb0c79dedfa1ce89c4e9"
+    },
+    {
+      "path": "bundle/registry/omg-capability.schema.json",
+      "sha256": "b5a52c03c6d42c0ce0297a2d8c22f34ed1075062cc5434d3a85b9f4fa6a0f121"
+    },
+    {
+      "path": "bundle/settings.json",
+      "sha256": "60fb4f9e2bedd4d67af41a2e442ef37c9a89cd2077bf6dfe40761eec01586824"
+    }
+  ]
+}

package/hooks/policy_engine.py

@@ -115,6 +115,23 @@ ASK_PATTERNS = [
     (r"node\s+-e\s+", "Inline Node execution"),
 ]
 
+UNTRUSTED_MUTATION_PATTERNS = [
+    r"\bgit\s+(commit|push|tag)\b",
+    r"\bnpm\s+(install|publish)\b",
+    r"\bpython[23]?\s+.*\b(setup\.py|manage\.py)\b",
+    r"\b(mv|cp|tee|sed\s+-i|touch|mkdir)\b",
+]
+
+
+def _is_untrusted_content_mode_active() -> bool:
+    try:
+        from runtime.untrusted_content import is_untrusted_content_mode_active
+
+        project_dir = os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd())
+        return is_untrusted_content_mode_active(project_dir)
+    except Exception:
+        return False
+
 
 def evaluate_bash_command(cmd: str) -> PolicyDecision:
     if not cmd:
@@ -158,6 +175,15 @@ def evaluate_bash_command(cmd: str) -> PolicyDecision:
         if re.search(pat, cmd):
             return ask(f"{label}: {cmd[:120]}", "med", ["human-approval"])
 
+    if _is_untrusted_content_mode_active():
+        for pat in UNTRUSTED_MUTATION_PATTERNS:
+            if re.search(pat, cmd):
+                return ask(
+                    "Untrusted external content mode is active. Review before running state-changing commands.",
+                    "high",
+                    ["manual-approval", "review-provenance"],
+                )
+
     return allow("command allowed")
 
 
@@ -409,8 +435,8 @@ def evaluate_file_access(
 ) -> PolicyDecision:
     """Evaluate file access policy.
 
-    If an allowlist is provided, matching entries override deny decisions
-    for the given path and tool combination.
+    If an allowlist is provided, matching entries may override non-secret-file
+    deny decisions for the given path and tool combination.
     """
     if not file_path:
         return allow("no file")
@@ -424,11 +450,6 @@ def evaluate_file_access(
     basename = os.path.basename(normalized).lower()
     lowpath = normalized.lower()
 
-    # --- Allowlist check (before deny rules) ---
-    # Check allowlist early: if path+tool is allowlisted, override deny.
-    if allowlist and is_allowlisted(file_path, tool, allowlist):
-        return allow(f"Allowlisted: {file_path}")
-
     if basename in EXAMPLE_FILES and tool in ("Write", "Edit", "MultiEdit"):
         return deny(
             f"Modifying example env file blocked (Read is allowed): {file_path}",
@@ -451,6 +472,16 @@ def evaluate_file_access(
         if re.search(pat, lowpath):
             return deny(f"Sensitive path blocked: {file_path}", "critical", ["secret-access"])
 
+    if tool in {"Write", "Edit", "MultiEdit"} and _is_untrusted_content_mode_active():
+        return ask(
+            "Untrusted external content mode is active. Review before mutating files.",
+            "high",
+            ["manual-approval", "review-provenance"],
+        )
+
+    if allowlist and is_allowlisted(file_path, tool, allowlist):
+        return allow(f"Allowlisted: {file_path}")
+
     return allow("file allowed")
 
 

package/hooks/post-write.py

@@ -213,7 +213,7 @@ for i, line in enumerate(content.split("\n"), 1):
 
 if sec_warnings:
     msg = f"SECURITY WARNINGS in {file_path}:\n" + "\n".join(sec_warnings[:5])
-    msg += "\n\nConsider running /OMG:security-review for a full audit."
+    msg += "\n\nConsider running /OMG:security-check for the canonical audit pipeline."
     print(msg, file=sys.stderr)
 
 sys.exit(0)

package/hooks/prompt-enhancer.py

@@ -2,7 +2,7 @@
 """
 UserPromptSubmit Hook — OMG v1
 
-Inspired by oh-my-opencode's Sisyphus agent system. Key upgrades:
+Inspired by earlier OMG routing experiments. Key upgrades:
   1. Intent classification BEFORE acting (IntentGate)
   2. Discipline enforcement — never stop halfway
   3. Agent-aware routing — Codex/Gemini/Claude orchestration
@@ -386,7 +386,7 @@ SECURITY_SIGNALS = [
 ]
 if not route_lock and any(signal_matches_text(sig, prompt) for sig in SECURITY_SIGNALS) and budget_ok():
     if detected_intent in ("fix", "implement", "refactor"):
-        add("@security: CRITICAL DOMAIN — No hardcoded secrets. Run /OMG:security-review after.")
+        add("@security: CRITICAL DOMAIN — No hardcoded secrets. Run /OMG:security-check after.")
 
 # ═══════════════════════════════════════════════════════════
 # 5. VISION DETECTION

package/hooks/security_validators.py

@@ -0,0 +1,75 @@
+"""Shared validation helpers for security-sensitive filesystem and config writes."""
+from __future__ import annotations
+
+import re
+from pathlib import Path
+from urllib.parse import urlparse
+
+
+_OPAQUE_IDENTIFIER_RE = re.compile(r"^[A-Za-z0-9][A-Za-z0-9._-]*$")
+_SERVER_NAME_RE = re.compile(r"^[A-Za-z0-9][A-Za-z0-9_-]*$")
+
+
+def validate_opaque_identifier(value: str, field_name: str, max_length: int = 64) -> str:
+    """Validate an opaque identifier used in filenames or paths."""
+    if not isinstance(value, str):
+        raise ValueError(f"Invalid {field_name}: must be a string")
+
+    normalized = value.strip()
+    if not normalized:
+        raise ValueError(f"Invalid {field_name}: value is required")
+    if len(normalized) > max_length:
+        raise ValueError(f"Invalid {field_name}: exceeds {max_length} characters")
+    if ".." in normalized or not _OPAQUE_IDENTIFIER_RE.fullmatch(normalized):
+        raise ValueError(
+            f"Invalid {field_name}: use only ASCII letters, numbers, dot, underscore, and dash"
+        )
+    return normalized
+
+
+def ensure_path_within_dir(base_dir: str | Path, candidate_path: str | Path) -> str:
+    """Return a resolved path and reject traversal outside the intended base directory."""
+    base = Path(base_dir).resolve(strict=False)
+    candidate = Path(candidate_path).resolve(strict=False)
+    try:
+        candidate.relative_to(base)
+    except ValueError as exc:
+        raise ValueError(f"Resolved path escapes base directory: {candidate}") from exc
+    return str(candidate)
+
+
+def validate_server_name(server_name: str, max_length: int = 64) -> str:
+    """Validate an MCP server identifier suitable for JSON keys and TOML table names."""
+    if not isinstance(server_name, str):
+        raise ValueError("Invalid server_name: must be a string")
+
+    normalized = server_name.strip()
+    if not normalized:
+        raise ValueError("Invalid server_name: value is required")
+    if len(normalized) > max_length:
+        raise ValueError(f"Invalid server_name: exceeds {max_length} characters")
+    if not _SERVER_NAME_RE.fullmatch(normalized):
+        raise ValueError("Invalid server_name: use only ASCII letters, numbers, underscore, and dash")
+    return normalized
+
+
+def validate_server_url(server_url: str) -> str:
+    """Validate an MCP server URL and reject newline/control injection."""
+    if not isinstance(server_url, str):
+        raise ValueError("Invalid server_url: must be a string")
+
+    normalized = server_url.strip()
+    if not normalized:
+        raise ValueError("Invalid server_url: value is required")
+    if "\n" in normalized or "\r" in normalized:
+        raise ValueError("Invalid server_url: newline characters are not allowed")
+
+    parsed = urlparse(normalized)
+    if parsed.scheme not in {"http", "https"} or not parsed.netloc:
+        raise ValueError("Invalid server_url: must be an http or https URL")
+    return normalized
+
+
+def toml_quote_string(value: str) -> str:
+    """Escape TOML basic string content."""
+    return value.replace("\\", "\\\\").replace('"', '\\"')