@trac3er/oh-my-god 2.0.3 → 2.0.4

package/dist/public/manifest.json

@@ -0,0 +1,99 @@
+{
+  "schema": "OmgCompiledArtifactManifest",
+  "channel": "public",
+  "contract_version": "2.0.4",
+  "artifacts": [
+    {
+      "path": "bundle/.agents/skills/omg/AGENTS.fragment.md",
+      "sha256": "603430cb291632105fda7444ae018da521cc3a57c71c1a1c98179efea42ce0f2"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/codex-mcp.toml",
+      "sha256": "a56de208a369a2b318d2e66e150eef4cba1fac1ecf32bda6db1a1e4b65db7311"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/control-plane/SKILL.md",
+      "sha256": "fe281985ffbfb4d324d0ae421653c96d501bfda4ef1462865e2868276c40a3c2"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/control-plane/openai.yaml",
+      "sha256": "a7ba723d34839c6a444b6ee4416223103cd9b2bbd9caed0d4c0aa1e7d5a523fc"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/hook-governor/SKILL.md",
+      "sha256": "852df4b5f787f2a885e87cb8ad8dbb8d877e018e14083cfd5e5b98deb9dd19b5"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/hook-governor/openai.yaml",
+      "sha256": "8b4e219662bd9a12e89cdcd9a1828c1ff14810fa09cbfff9a6d9f932fb42ec85"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/lsp-pack/SKILL.md",
+      "sha256": "86890c6671441f8687ad7d71dedd7d61574c42aa6e109aa8dd6ceb4b6a139879"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/lsp-pack/openai.yaml",
+      "sha256": "14000aec9cc9ff630b7354ae101cc43ed90c4e1ecd0fa719013741ca14598142"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/mcp-fabric/SKILL.md",
+      "sha256": "e741baf4fa5f09957fe37349b79fe6831afe0352eefa945f3e53514ea313bc36"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/mcp-fabric/openai.yaml",
+      "sha256": "18dc35b4d6fb598b572ec933153e80de5449be9e07ef07178e4f875e39a8915c"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md",
+      "sha256": "1eebd557d77cc084161c3ffe11ed3a9ea5d78caa65b1021a992ac8b835fc6a0d"
+    },
+    {
+      "path": "bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml",
+      "sha256": "1f82a05b2fcad17c126e34541c995dedf3ed242fa499539ab693cc60a0d41c77"
+    },
+    {
+      "path": "bundle/.claude-plugin/marketplace.json",
+      "sha256": "cf1a17ce1e8db6814209126a79d5a05d057f354ef3ee49a74da4f18f2ec04597"
+    },
+    {
+      "path": "bundle/.claude-plugin/plugin.json",
+      "sha256": "6ad6db257f9e46528d94760ef895b6ffc87c78a8ec5ca05b430a46b46ee3dc08"
+    },
+    {
+      "path": "bundle/.mcp.json",
+      "sha256": "d8249fdd26e0df0a9b7cabcb34256d7e33578e1d0e9878cc91d43452a10f7c24"
+    },
+    {
+      "path": "bundle/OMG_COMPAT_CONTRACT.md",
+      "sha256": "fa91ec0dbff58d543df5a9e3a86a1fe1629104a383d4e1bd440a36cb5522189c"
+    },
+    {
+      "path": "bundle/registry/bundles/control-plane.yaml",
+      "sha256": "bb58e1d21a7f545548da10e7f9b83898d6ece8010a921b66d0f94a08c8ae0d8e"
+    },
+    {
+      "path": "bundle/registry/bundles/hook-governor.yaml",
+      "sha256": "93b13ea1e2098328349d33373595144f2f863274548bef47fd266d6cab210260"
+    },
+    {
+      "path": "bundle/registry/bundles/lsp-pack.yaml",
+      "sha256": "6c2ca235bdca31635d89c428c48a35a5414250e98c7349cd67ba900870203d9a"
+    },
+    {
+      "path": "bundle/registry/bundles/mcp-fabric.yaml",
+      "sha256": "2cb71fc331820b19c60c3275f521fb49d099ed7c31539fab9959a55d29ae0fe9"
+    },
+    {
+      "path": "bundle/registry/bundles/secure-worktree-pipeline.yaml",
+      "sha256": "b93e752cef8b5cbc76fb7aa32ebe80d30ce390193183bb0c79dedfa1ce89c4e9"
+    },
+    {
+      "path": "bundle/registry/omg-capability.schema.json",
+      "sha256": "b5a52c03c6d42c0ce0297a2d8c22f34ed1075062cc5434d3a85b9f4fa6a0f121"
+    },
+    {
+      "path": "bundle/settings.json",
+      "sha256": "60fb4f9e2bedd4d67af41a2e442ef37c9a89cd2077bf6dfe40761eec01586824"
+    }
+  ]
+}

package/hooks/policy_engine.py

@@ -115,6 +115,23 @@ ASK_PATTERNS = [
     (r"node\s+-e\s+", "Inline Node execution"),
 ]
 
+UNTRUSTED_MUTATION_PATTERNS = [
+    r"\bgit\s+(commit|push|tag)\b",
+    r"\bnpm\s+(install|publish)\b",
+    r"\bpython[23]?\s+.*\b(setup\.py|manage\.py)\b",
+    r"\b(mv|cp|tee|sed\s+-i|touch|mkdir)\b",
+]
+
+
+def _is_untrusted_content_mode_active() -> bool:
+    try:
+        from runtime.untrusted_content import is_untrusted_content_mode_active
+
+        project_dir = os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd())
+        return is_untrusted_content_mode_active(project_dir)
+    except Exception:
+        return False
+
 
 def evaluate_bash_command(cmd: str) -> PolicyDecision:
     if not cmd:
@@ -158,6 +175,15 @@ def evaluate_bash_command(cmd: str) -> PolicyDecision:
         if re.search(pat, cmd):
             return ask(f"{label}: {cmd[:120]}", "med", ["human-approval"])
 
+    if _is_untrusted_content_mode_active():
+        for pat in UNTRUSTED_MUTATION_PATTERNS:
+            if re.search(pat, cmd):
+                return ask(
+                    "Untrusted external content mode is active. Review before running state-changing commands.",
+                    "high",
+                    ["manual-approval", "review-provenance"],
+                )
+
     return allow("command allowed")
 
 
@@ -409,8 +435,8 @@ def evaluate_file_access(
 ) -> PolicyDecision:
     """Evaluate file access policy.
 
-    If an allowlist is provided, matching entries override deny decisions
-    for the given path and tool combination.
+    If an allowlist is provided, matching entries may override non-secret-file
+    deny decisions for the given path and tool combination.
     """
     if not file_path:
         return allow("no file")
@@ -424,11 +450,6 @@ def evaluate_file_access(
     basename = os.path.basename(normalized).lower()
     lowpath = normalized.lower()
 
-    # --- Allowlist check (before deny rules) ---
-    # Check allowlist early: if path+tool is allowlisted, override deny.
-    if allowlist and is_allowlisted(file_path, tool, allowlist):
-        return allow(f"Allowlisted: {file_path}")
-
     if basename in EXAMPLE_FILES and tool in ("Write", "Edit", "MultiEdit"):
         return deny(
             f"Modifying example env file blocked (Read is allowed): {file_path}",
@@ -451,6 +472,16 @@ def evaluate_file_access(
         if re.search(pat, lowpath):
             return deny(f"Sensitive path blocked: {file_path}", "critical", ["secret-access"])
 
+    if tool in {"Write", "Edit", "MultiEdit"} and _is_untrusted_content_mode_active():
+        return ask(
+            "Untrusted external content mode is active. Review before mutating files.",
+            "high",
+            ["manual-approval", "review-provenance"],
+        )
+
+    if allowlist and is_allowlisted(file_path, tool, allowlist):
+        return allow(f"Allowlisted: {file_path}")
+
     return allow("file allowed")
 
 

package/hooks/post-write.py

@@ -213,7 +213,7 @@ for i, line in enumerate(content.split("\n"), 1):
 
 if sec_warnings:
     msg = f"SECURITY WARNINGS in {file_path}:\n" + "\n".join(sec_warnings[:5])
-    msg += "\n\nConsider running /OMG:security-review for a full audit."
+    msg += "\n\nConsider running /OMG:security-check for the canonical audit pipeline."
     print(msg, file=sys.stderr)
 
 sys.exit(0)

package/hooks/prompt-enhancer.py

@@ -386,7 +386,7 @@ SECURITY_SIGNALS = [
 ]
 if not route_lock and any(signal_matches_text(sig, prompt) for sig in SECURITY_SIGNALS) and budget_ok():
     if detected_intent in ("fix", "implement", "refactor"):
-        add("@security: CRITICAL DOMAIN — No hardcoded secrets. Run /OMG:security-review after.")
+        add("@security: CRITICAL DOMAIN — No hardcoded secrets. Run /OMG:security-check after.")
 
 # ═══════════════════════════════════════════════════════════
 # 5. VISION DETECTION

package/hooks/security_validators.py

@@ -0,0 +1,75 @@
+"""Shared validation helpers for security-sensitive filesystem and config writes."""
+from __future__ import annotations
+
+import re
+from pathlib import Path
+from urllib.parse import urlparse
+
+
+_OPAQUE_IDENTIFIER_RE = re.compile(r"^[A-Za-z0-9][A-Za-z0-9._-]*$")
+_SERVER_NAME_RE = re.compile(r"^[A-Za-z0-9][A-Za-z0-9_-]*$")
+
+
+def validate_opaque_identifier(value: str, field_name: str, max_length: int = 64) -> str:
+    """Validate an opaque identifier used in filenames or paths."""
+    if not isinstance(value, str):
+        raise ValueError(f"Invalid {field_name}: must be a string")
+
+    normalized = value.strip()
+    if not normalized:
+        raise ValueError(f"Invalid {field_name}: value is required")
+    if len(normalized) > max_length:
+        raise ValueError(f"Invalid {field_name}: exceeds {max_length} characters")
+    if ".." in normalized or not _OPAQUE_IDENTIFIER_RE.fullmatch(normalized):
+        raise ValueError(
+            f"Invalid {field_name}: use only ASCII letters, numbers, dot, underscore, and dash"
+        )
+    return normalized
+
+
+def ensure_path_within_dir(base_dir: str | Path, candidate_path: str | Path) -> str:
+    """Return a resolved path and reject traversal outside the intended base directory."""
+    base = Path(base_dir).resolve(strict=False)
+    candidate = Path(candidate_path).resolve(strict=False)
+    try:
+        candidate.relative_to(base)
+    except ValueError as exc:
+        raise ValueError(f"Resolved path escapes base directory: {candidate}") from exc
+    return str(candidate)
+
+
+def validate_server_name(server_name: str, max_length: int = 64) -> str:
+    """Validate an MCP server identifier suitable for JSON keys and TOML table names."""
+    if not isinstance(server_name, str):
+        raise ValueError("Invalid server_name: must be a string")
+
+    normalized = server_name.strip()
+    if not normalized:
+        raise ValueError("Invalid server_name: value is required")
+    if len(normalized) > max_length:
+        raise ValueError(f"Invalid server_name: exceeds {max_length} characters")
+    if not _SERVER_NAME_RE.fullmatch(normalized):
+        raise ValueError("Invalid server_name: use only ASCII letters, numbers, underscore, and dash")
+    return normalized
+
+
+def validate_server_url(server_url: str) -> str:
+    """Validate an MCP server URL and reject newline/control injection."""
+    if not isinstance(server_url, str):
+        raise ValueError("Invalid server_url: must be a string")
+
+    normalized = server_url.strip()
+    if not normalized:
+        raise ValueError("Invalid server_url: value is required")
+    if "\n" in normalized or "\r" in normalized:
+        raise ValueError("Invalid server_url: newline characters are not allowed")
+
+    parsed = urlparse(normalized)
+    if parsed.scheme not in {"http", "https"} or not parsed.netloc:
+        raise ValueError("Invalid server_url: must be an http or https URL")
+    return normalized
+
+
+def toml_quote_string(value: str) -> str:
+    """Escape TOML basic string content."""
+    return value.replace("\\", "\\\\").replace('"', '\\"')

package/hooks/setup_wizard.py

@@ -22,9 +22,13 @@ if _PROJECT_ROOT not in sys.path:
 from runtime.cli_provider import get_provider, list_available_providers  # noqa: E402
 from runtime.mcp_config_writers import (  # noqa: E402
     write_claude_mcp_config,
+    write_claude_mcp_stdio_config,
     write_codex_mcp_config,
+    write_codex_mcp_stdio_config,
     write_gemini_mcp_config,
+    write_gemini_mcp_stdio_config,
     write_kimi_mcp_config,
+    write_kimi_mcp_stdio_config,
 )
 
 # Trigger provider auto-registration on import
@@ -41,6 +45,10 @@ from runtime.adoption import (  # noqa: E402
 
 _logger = logging.getLogger(__name__)
 
+OMG_CONTROL_COMMAND = "python3"
+OMG_CONTROL_ARGS = ["-m", "runtime.omg_mcp_server"]
+OMG_CONTROL_SERVER_NAME = "omg-control"
+
 _INSTALL_HINTS: dict[str, str] = {
     "codex": "npm install -g @openai/codex",
     "gemini": "npm install -g @google/gemini-cli",
@@ -109,6 +117,15 @@ MCP_CATALOG: list[dict[str, Any]] = [
         "default": True,
         "category": "memory",
     },
+    {
+        "id": OMG_CONTROL_SERVER_NAME,
+        "name": "OMG Control",
+        "description": "OMG control plane MCP server via stdio",
+        "command": OMG_CONTROL_COMMAND,
+        "args": OMG_CONTROL_ARGS,
+        "default": True,
+        "category": "control",
+    },
     {
         "id": "github",
         "name": "GitHub",
@@ -371,8 +388,11 @@ def configure_mcp(
     detected_clis: dict[str, Any],
     server_url: str = "http://127.0.0.1:8765/mcp",
     server_name: str = "omg-memory",
+    control_command: str = OMG_CONTROL_COMMAND,
+    control_args: list[str] | None = None,
+    control_server_name: str = OMG_CONTROL_SERVER_NAME,
 ) -> dict[str, Any]:
-    """Configure MCP memory server for authenticated CLIs.
+    """Configure OMG MCP servers for authenticated CLIs.
 
     For each CLI in detected_clis where detected_clis[cli]["detected"] == True,
     calls the appropriate writer from runtime.mcp_config_writers.
@@ -382,6 +402,9 @@ def configure_mcp(
         detected_clis: Dict of CLI detection results from detect_clis().
         server_url: MCP server URL (default: http://127.0.0.1:8765/mcp).
         server_name: MCP server name (default: omg-memory).
+        control_command: stdio command for the OMG control MCP server.
+        control_args: stdio args for the OMG control MCP server.
+        control_server_name: MCP server name for the OMG control surface.
 
     Returns:
         Dict with keys:
@@ -391,28 +414,40 @@ def configure_mcp(
     """
     configured: list[str] = []
     errors: dict[str, str] = {}
+    resolved_control_args = list(control_args or OMG_CONTROL_ARGS)
 
-    # Always write Claude config
+    # Always write Claude project config for both memory and control surfaces.
     try:
         write_claude_mcp_config(project_dir, server_url, server_name)
+        write_claude_mcp_stdio_config(
+            project_dir,
+            command=control_command,
+            args=resolved_control_args,
+            server_name=control_server_name,
+        )
     except Exception as exc:
         _logger.warning("Failed to write Claude MCP config: %s", exc)
         errors["claude"] = str(exc)
 
-    # Write configs for detected CLIs
+    # Write both memory and control surfaces for detected external CLIs.
     cli_writers = {
-        "codex": write_codex_mcp_config,
-        "gemini": write_gemini_mcp_config,
-        "kimi": write_kimi_mcp_config,
+        "codex": (write_codex_mcp_config, write_codex_mcp_stdio_config),
+        "gemini": (write_gemini_mcp_config, write_gemini_mcp_stdio_config),
+        "kimi": (write_kimi_mcp_config, write_kimi_mcp_stdio_config),
     }
 
-    for cli_name, writer_func in cli_writers.items():
+    for cli_name, (http_writer, stdio_writer) in cli_writers.items():
         cli_info = detected_clis.get(cli_name, {})
         if not cli_info.get("detected", False):
             continue
 
         try:
-            writer_func(server_url, server_name)
+            http_writer(server_url, server_name)
+            stdio_writer(
+                command=control_command,
+                args=resolved_control_args,
+                server_name=control_server_name,
+            )
             configured.append(cli_name)
         except Exception as exc:
             _logger.warning("Failed to write %s MCP config: %s", cli_name, exc)

package/hooks/shadow_manager.py

@@ -17,6 +17,7 @@ HOOKS_DIR = os.path.dirname(__file__)
 if HOOKS_DIR not in sys.path:
     sys.path.insert(0, HOOKS_DIR)
 from _common import _resolve_project_dir
+from security_validators import ensure_path_within_dir, validate_opaque_identifier
 
 
 def _project_dir() -> str:
@@ -43,6 +44,10 @@ def _new_run_id() -> str:
     return datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%S%fZ")
 
 
+def _validated_run_id(run_id: str) -> str:
+    return validate_opaque_identifier(run_id, "run_id")
+
+
 def _hash_file(path: str) -> str:
     h = hashlib.sha256()
     with open(path, "rb") as f:
@@ -61,6 +66,7 @@ def ensure_shadow_dirs(project_dir: str) -> None:
 
 def set_active_run_id(project_dir: str, run_id: str) -> None:
     ensure_shadow_dirs(project_dir)
+    run_id = _validated_run_id(run_id)
     with open(_active_run_path(project_dir), "w", encoding="utf-8") as f:
         f.write(run_id)
 
@@ -81,7 +87,7 @@ def get_active_run_id(project_dir: str) -> str | None:
 
 
 def begin_shadow_run(project_dir: str, metadata: dict[str, Any] | None = None) -> str:
-    run_id = get_active_run_id(project_dir) or _new_run_id()
+    run_id = _validated_run_id(get_active_run_id(project_dir) or _new_run_id())
     run_dir = os.path.join(_shadow_root(project_dir), run_id)
     os.makedirs(run_dir, exist_ok=True)
 
@@ -124,12 +130,14 @@ def _save_manifest(run_dir: str, manifest: dict[str, Any]) -> None:
 
 
 def map_shadow_path(project_dir: str, run_id: str, file_path: str) -> str:
+    run_id = _validated_run_id(run_id)
     rel = os.path.relpath(os.path.abspath(file_path), os.path.abspath(project_dir))
     rel = rel.replace("..", "_up_")
     return os.path.join(_shadow_root(project_dir), run_id, "overlay", rel)
 
 
 def record_shadow_write(project_dir: str, run_id: str, file_path: str, source: str = "tool") -> dict[str, Any]:
+    run_id = _validated_run_id(run_id)
     run_dir = os.path.join(_shadow_root(project_dir), run_id)
     os.makedirs(run_dir, exist_ok=True)
 
@@ -171,8 +179,12 @@ def create_evidence_pack(
     diff_summary: dict[str, Any] | None = None,
     reproducibility: dict[str, Any] | None = None,
     unresolved_risks: list[str] | None = None,
+    provenance: list[dict[str, Any]] | None = None,
+    trust_scores: dict[str, Any] | None = None,
+    api_twin: dict[str, Any] | None = None,
 ) -> str:
     ensure_shadow_dirs(project_dir)
+    run_id = _validated_run_id(run_id)
     evidence = {
         "schema": "EvidencePack",
         "run_id": run_id,
@@ -182,8 +194,14 @@ def create_evidence_pack(
         "diff_summary": diff_summary or {},
         "reproducibility": reproducibility or {},
         "unresolved_risks": unresolved_risks or [],
+        "provenance": provenance or [],
+        "trust_scores": trust_scores or {},
+        "api_twin": api_twin or {},
     }
-    evidence_path = os.path.join(_evidence_root(project_dir), f"{run_id}.json")
+    evidence_path = ensure_path_within_dir(
+        _evidence_root(project_dir),
+        os.path.join(_evidence_root(project_dir), f"{run_id}.json"),
+    )
     with open(evidence_path, "w", encoding="utf-8") as f:
         json.dump(evidence, f, indent=2)
     return evidence_path
@@ -211,6 +229,7 @@ def has_recent_evidence(project_dir: str, hours: int = 24) -> bool:
 
 
 def apply_shadow(project_dir: str, run_id: str) -> dict[str, Any]:
+    run_id = _validated_run_id(run_id)
     run_dir = os.path.join(_shadow_root(project_dir), run_id)
     manifest = _load_manifest(run_dir)
     applied = []
@@ -236,6 +255,7 @@ def apply_shadow(project_dir: str, run_id: str) -> dict[str, Any]:
 
 
 def drop_shadow(project_dir: str, run_id: str) -> dict[str, Any]:
+    run_id = _validated_run_id(run_id)
     run_dir = os.path.join(_shadow_root(project_dir), run_id)
     if os.path.isdir(run_dir):
         print(f"[OMG] Deleting: {run_dir}", file=sys.stderr)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@trac3er/oh-my-god",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "OMG (Oh My God) — Multi-agent orchestration, intelligent model routing, and durable session state for Claude Code",
   "main": "OMG-setup.sh",
   "scripts": {

package/plugins/README.md

@@ -17,6 +17,9 @@ OMG exposes a small native front door and keeps the rest of the surface availabl
 | `/OMG:escalate` | Route to Codex, Gemini, or CCG |
 | `/OMG:teams` | Team routing for internal OMG execution |
 | `/OMG:ccg` | Tri-track synthesis |
+| `/OMG:security-check` | Canonical security pipeline |
+| `/OMG:api-twin` | Contract replay and fixture-based API simulation |
+| `/OMG:preflight` | Structured route selection and evidence planning |
 | `/OMG:compat` | Legacy compatibility routing |
 | `/OMG:health-check` | Verify setup and tool integration |
 | `/OMG:mode` | Set cognitive mode for the session |
@@ -28,7 +31,6 @@ OMG exposes a small native front door and keeps the rest of the surface availabl
 | `/OMG:deep-plan` | Planning | Strategic planning with domain awareness |
 | `/OMG:learn` | Knowledge | Convert patterns into OMG-native instincts and skills |
 | `/OMG:code-review` | Quality | Deep review flow |
-| `/OMG:security-review` | Security | Security-focused review |
 | `/OMG:ship` | Delivery | Idea to evidence to release |
 | `/OMG:handoff` | Collaboration | Session transfer and continuity |
 

package/plugins/advanced/commands/OMG:deep-plan.md

@@ -87,7 +87,7 @@ Key interfaces: [list the interfaces/types this touches]
 
 ### Phase 3: Integration + Security [N files, ~M lines]
 5. [ ] [specific action]
-6. [ ] Security review: /OMG:security-review [affected files]
+6. [ ] Security review: /OMG:security-check [affected files]
 
 ### Phase 4: Verification
 7. [ ] Tests: [what to test, how]

package/plugins/advanced/commands/OMG:security-review.md

@@ -1,119 +1,16 @@
 ---
-description: Deep security review — scans for vulnerabilities, hardcoded secrets, auth issues, and injection risks. Escalates to Codex for deep line-by-line analysis.
-allowed-tools: Read, Bash(grep:*), Bash(find:*), Bash(cat:*), Bash(git:*), Bash(rg:*), Grep, Glob
-argument-hint: "[file or directory to review, or 'all' for full scan]"
+description: Deprecated alias to OMG's canonical security-check pipeline.
+allowed-tools: Read, Grep, Glob, Bash(python3:*), Bash(rg:*)
+argument-hint: "[path or '.' for the current project]"
 ---
 
-# /OMG:security-review — Vulnerability Scanner + Deep Review
+# /OMG:security-review — Deprecated Alias
 
-## Step 1: Scope Detection
+`/OMG:security-review` remains available only for compatibility.
 
-Determine what to scan:
-- If argument is a file: scan that file deeply
-- If argument is a directory: scan all source files in it
-- If "all" or no argument: scan git-tracked source files
+Use `/OMG:security-check` instead. The canonical pipeline now owns:
 
-Identify security-critical files automatically:
-```bash
-# Auth/session
-find . -type f \( -name "*.ts" -o -name "*.js" -o -name "*.py" -o -name "*.go" -o -name "*.rs" \) | xargs grep -li "auth\|login\|session\|token\|password\|jwt\|oauth" 2>/dev/null
-
-# Payment
-find . -type f -name "*.{ts,js,py,go}" | xargs grep -li "payment\|billing\|stripe\|checkout\|card\|price" 2>/dev/null
-
-# Database
-find . -type f -name "*.{ts,js,py,go}" | xargs grep -li "query\|SELECT\|INSERT\|UPDATE\|DELETE\|migration\|schema" 2>/dev/null
-```
-
-## Step 2: Automated Vulnerability Scan
-
-For each security-critical file, check LINE-BY-LINE:
-
-**2a. Hardcoded Secrets**
-```bash
-grep -rn "AKIA\|sk_live\|sk_test\|ghp_\|github_pat\|xoxb-\|xoxp-\|eyJ.*\.eyJ" [files]
-grep -rn "api[_-]key.*=.*['\"][A-Za-z0-9]" [files]
-grep -rn "password.*=.*['\"]" [files] | grep -v "test\|mock\|example\|placeholder"
-```
-
-**2b. SQL Injection**
-```bash
-grep -rn "f\".*SELECT\|f\".*INSERT\|f\".*UPDATE\|f\".*DELETE" [files]
-grep -rn "\\.format.*SELECT\|%s.*SELECT\|\\+.*SELECT" [files]
-grep -rn "query.*\\$\\{" [files]  # template literal SQL
-```
-
-**2c. XSS / Injection**
-```bash
-grep -rn "innerHTML\|dangerouslySetInnerHTML\|v-html\|\\|safe\b" [files]
-grep -rn "eval(\|exec(\|subprocess.*shell=True" [files]
-grep -rn "document\\.write\|document\\.location" [files]
-```
-
-**2d. Auth/Session Issues**
-```bash
-grep -rn "jwt\\.decode.*verify.*false\|verify.*False" [files]
-grep -rn "cors.*\\*\|origin.*\\*" [files]
-grep -rn "httpOnly.*false\|secure.*false\|sameSite.*none" [files]
-```
-
-**2e. Path Traversal**
-```bash
-grep -rn "req\\.params\|req\\.query\|req\\.body" [files] | grep -i "path\|file\|dir"
-grep -rn "\\.\\./\|\\.\\.\\\\" [files]
-```
-
-**2f. Sensitive Data Exposure**
-```bash
-grep -rn "console\\.log.*password\|console\\.log.*token\|console\\.log.*secret" [files]
-grep -rn "log\\.info.*password\|logger.*token\|print.*secret" [files]
-```
-
-## Step 3: Codex Deep Review (for high-risk files)
-
-For files with auth, payment, or database logic:
-
-```
-/OMG:escalate codex "Security deep review of [file]:
-1. Read every line. Flag any: hardcoded secrets, SQL injection, XSS, CSRF, auth bypass, privilege escalation, insecure deserialization, SSRF.
-2. Check auth flow completeness: does every protected route validate the token? Are permissions checked?
-3. Check payment flow: is card data handled safely? Are amounts validated server-side?
-4. Check database queries: all parameterized? Any raw string concatenation?
-5. Rate this file: SAFE / NEEDS_FIX / CRITICAL with specific line numbers."
-```
-
-## Step 4: Report
-
-```
-Security Review — [scope]
-━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-Files scanned: [N]
-Security-critical files: [N]
-
-CRITICAL [N]:
-  [file:line] Hardcoded API key: [type]
-  [file:line] SQL injection: unparameterized query
-
-HIGH [N]:
-  [file:line] Missing auth check on protected route
-  [file:line] CORS wildcard in production config
-
-MEDIUM [N]:
-  [file:line] Sensitive data in console.log
-  [file:line] httpOnly not set on session cookie
-
-LOW [N]:
-  [file:line] Missing rate limiting on login endpoint
-
-Codex Deep Review:
-  [file]: [SAFE|NEEDS_FIX|CRITICAL] — [summary]
-
-Fix priority: [ordered list of what to fix first]
-```
-
-## Anti-patterns
-- Don't just grep and dump raw output — analyze each finding
-- Don't skip test files entirely (they can leak real credentials)
-- Don't claim "looks secure" without running ALL checks above
-- Don't treat this as optional for auth/payment/database changes
+- normalized security findings
+- dependency and AST enrichment
+- evidence-ready provenance and trust scores
+- reuse across CLI, compat routing, control plane, MCP, and ship flows

package/plugins/advanced/commands/OMG:ship.md

@@ -24,7 +24,7 @@ argument-hint: "[goal or optional path to .omg/idea.yml]"
   - `tests[]`, `security_scans[]`, `diff_summary`, `reproducibility`, `unresolved_risks[]`.
 
 ## Step 4: Security and trust checks
-- Run `/OMG:security-review` for auth/payment/database/sensitive changes.
+- Run `/OMG:security-check` for auth/payment/database/sensitive changes.
 - If config/hook/MCP changes are involved, ensure trust manifest is updated at `.omg/trust/manifest.lock.json`.
 
 ## Step 5: PR-ready output