@trac3er/oh-my-god 2.0.3 → 2.0.4

package/plugins/advanced/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "omg-advanced",
   "version": "1.0.5",
-  "description": "Advanced OMG commands - deep planning, learning, code review, security review, and specialized workflows",
+  "description": "Advanced OMG commands - deep planning, learning, code review, and specialized workflows",
   "type": "omg-plugin",
   "commands": {
     "deep-plan": {
@@ -19,11 +19,6 @@
       "description": "Deep code review with line-by-line analysis",
       "category": "quality"
     },
-    "security-review": {
-      "path": "commands/OMG:security-review.md",
-      "description": "Security vulnerability scanning",
-      "category": "security"
-    },
     "ship": {
       "path": "commands/OMG:ship.md",
       "description": "Ship pipeline - idea to PR-ready summary",
@@ -69,10 +64,6 @@
       "description": "Code quality and review",
       "commands": ["code-review"]
     },
-    "security": {
-      "description": "Security analysis and review",
-      "commands": ["security-review"]
-    },
     "knowledge": {
       "description": "Learning and skill creation",
       "commands": ["learn"]

package/plugins/core/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "omg-core",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "Core OMG commands - native setup, routing, orchestration, and verification surfaces",
   "type": "omg-plugin",
   "commands": {
@@ -39,6 +39,21 @@
       "description": "Legacy skill compatibility dispatcher",
       "category": "compatibility"
     },
+    "security-check": {
+      "path": "commands/OMG:security-check.md",
+      "description": "Canonical security pipeline with normalized findings and evidence",
+      "category": "security"
+    },
+    "api-twin": {
+      "path": "commands/OMG:api-twin.md",
+      "description": "Contract replay and fixture-based API simulation",
+      "category": "contracts"
+    },
+    "preflight": {
+      "path": "commands/OMG:preflight.md",
+      "description": "Structured routing and evidence planning before execution",
+      "category": "routing"
+    },
     "health-check": {
       "path": "commands/OMG:health-check.md",
       "description": "Verify project setup and tool integration",
@@ -90,7 +105,7 @@
     },
     "routing": {
       "description": "Model routing and escalation",
-      "commands": ["escalate", "teams", "ccg"]
+      "commands": ["escalate", "teams", "ccg", "preflight"]
     },
     "orchestration": {
       "description": "Multi-agent orchestration modes",
@@ -108,6 +123,14 @@
       "description": "Cost tracking and session observability",
       "commands": ["cost", "stats", "deps"]
     },
+    "security": {
+      "description": "Canonical security and trust checks",
+      "commands": ["security-check"]
+    },
+    "contracts": {
+      "description": "Contract replay and API simulation",
+      "commands": ["api-twin"]
+    },
     "visualization": {
       "description": "Codebase visualization and architecture diagrams",
       "commands": ["arch"]

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "oh-my-god"
-version = "2.0.0b1"
+version = "2.0.4"
 description = "OMG (Oh My God) — Multi-agent orchestration, intelligent model routing, and durable session state for Claude Code"
 readme = "README.md"
 requires-python = ">=3.10"

package/runtime/adoption.py

@@ -11,7 +11,7 @@ CANONICAL_REPO_URL = "https://github.com/trac3er00/OMG"
 CANONICAL_PACKAGE_NAME = "@trac3er/oh-my-god"
 CANONICAL_PLUGIN_ID = "omg"
 CANONICAL_MARKETPLACE_ID = "omg"
-CANONICAL_VERSION = "2.0.3"
+CANONICAL_VERSION = "2.0.4"
 
 VALID_ADOPTION_MODES = ("omg-only", "coexist")
 VALID_PRESETS = ("safe", "balanced", "interop", "labs")

package/runtime/api_twin.py

@@ -0,0 +1,130 @@
+"""Fixture-based API twin state and replay helpers."""
+from __future__ import annotations
+
+import json
+from pathlib import Path
+from typing import Any
+
+
+STATE_REL_PATH = Path(".omg") / "state" / "api_twin.json"
+
+
+def ingest_contract(project_dir: str, *, name: str, source_path: str) -> dict[str, Any]:
+    state = _load_state(project_dir)
+    contract_path = Path(source_path)
+    contract = {
+        "name": name,
+        "source_path": str(contract_path),
+        "content": contract_path.read_text(encoding="utf-8"),
+        "fidelity": "schema-only",
+    }
+    state.setdefault("contracts", {})[name] = contract
+    _save_state(project_dir, state)
+    return {
+        "schema": "ApiTwinContract",
+        "name": name,
+        "fidelity": "schema-only",
+        "source_path": str(contract_path),
+    }
+
+
+def record_fixture(
+    project_dir: str,
+    *,
+    name: str,
+    request: dict[str, Any],
+    response: dict[str, Any],
+    validated: bool,
+) -> dict[str, Any]:
+    state = _load_state(project_dir)
+    fixture = {
+        "name": name,
+        "request": request,
+        "response": response,
+        "fidelity": "recorded-validated" if validated else "recorded",
+        "validated": validated,
+    }
+    state.setdefault("fixtures", {})[name] = fixture
+    _save_state(project_dir, state)
+    return {
+        "schema": "ApiTwinFixture",
+        "name": name,
+        "fidelity": fixture["fidelity"],
+    }
+
+
+def serve_fixture(
+    project_dir: str,
+    *,
+    name: str,
+    latency_ms: int = 0,
+    failure_mode: str = "",
+    schema_drift: bool = False,
+) -> dict[str, Any]:
+    state = _load_state(project_dir)
+    fixture = _fixture(state, name)
+    response = dict(fixture.get("response", {}))
+    fidelity = str(fixture.get("fidelity", "recorded"))
+    if schema_drift:
+        response["__schema_drift__"] = True
+        fidelity = "stale"
+    if failure_mode:
+        response = {"error": failure_mode}
+        fidelity = "stale"
+    return {
+        "schema": "ApiTwinServeResult",
+        "name": name,
+        "latency_ms": latency_ms,
+        "failure_mode": failure_mode,
+        "fidelity": fidelity,
+        "response": response,
+    }
+
+
+def verify_fixture(project_dir: str, *, name: str, live_response: dict[str, Any]) -> dict[str, Any]:
+    state = _load_state(project_dir)
+    fixture = _fixture(state, name)
+    matches_live = fixture.get("response", {}) == live_response
+    fidelity = "recorded-validated" if matches_live else "stale"
+    fixture["fidelity"] = fidelity
+    fixture["validated"] = matches_live
+    state.setdefault("fixtures", {})[name] = fixture
+    _save_state(project_dir, state)
+    return {
+        "schema": "ApiTwinVerifyResult",
+        "name": name,
+        "fidelity": fidelity,
+        "matches_live": matches_live,
+        "live_verification_required": True,
+    }
+
+
+def _state_path(project_dir: str) -> Path:
+    return Path(project_dir) / STATE_REL_PATH
+
+
+def _load_state(project_dir: str) -> dict[str, Any]:
+    path = _state_path(project_dir)
+    if not path.exists():
+        return {"contracts": {}, "fixtures": {}}
+    try:
+        payload = json.loads(path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return {"contracts": {}, "fixtures": {}}
+    return payload if isinstance(payload, dict) else {"contracts": {}, "fixtures": {}}
+
+
+def _save_state(project_dir: str, payload: dict[str, Any]) -> None:
+    path = _state_path(project_dir)
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.write_text(json.dumps(payload, indent=2, ensure_ascii=True) + "\n", encoding="utf-8")
+
+
+def _fixture(state: dict[str, Any], name: str) -> dict[str, Any]:
+    fixtures = state.get("fixtures", {})
+    if not isinstance(fixtures, dict) or name not in fixtures:
+        raise ValueError(f"Unknown API twin fixture: {name}")
+    fixture = fixtures[name]
+    if not isinstance(fixture, dict):
+        raise ValueError(f"Invalid API twin fixture: {name}")
+    return fixture

package/runtime/compat.py

@@ -16,6 +16,7 @@ from typing import Any
 from hooks.policy_engine import evaluate_bash_command
 from lab.pipeline import run_pipeline
 from runtime.dispatcher import dispatch_runtime
+from runtime.security_check import run_security_check
 from runtime.team_router import TeamDispatchRequest, dispatch_team
 
 CONTRACT_SNAPSHOT_SCHEMA = "OmgCompatContractSnapshot"
@@ -103,7 +104,7 @@ LEGACY_SKILL_ROUTES: dict[str, str] = {
     "release": "runtime_ship",
     "review": "review",
     "sci-omg": "maintainer",
-    "security-review": "secure",
+    "security-review": "security_check",
     "skill": "learn",
     "omg-superpowers": "plan",
     "tdd": "plan",
@@ -129,6 +130,7 @@ ROUTE_MATURITY: dict[str, str] = {
     "review": "native",
     "plan": "native",
     "secure": "native",
+    "security_check": "native",
     "learn": "native",
     "maintainer": "native",
     "cancel": "native",
@@ -183,6 +185,7 @@ ROUTE_INPUTS: dict[str, dict[str, Any]] = {
     "review": {"required": ["problem"], "optional": ["context", "files"]},
     "plan": {"required": ["problem"], "optional": ["expected_outcome"]},
     "secure": {"required": ["problem"], "optional": []},
+    "security_check": {"required": [], "optional": ["problem"]},
     "learn": {"required": ["problem"], "optional": ["context"]},
     "maintainer": {"required": ["problem"], "optional": ["context"]},
     "cancel": {"required": [], "optional": []},
@@ -200,6 +203,7 @@ ROUTE_OUTPUTS: dict[str, dict[str, Any]] = {
     "review": {"schema": "TeamDispatchResult"},
     "plan": {"schema": "PlanningArtifacts"},
     "secure": {"schema": "PolicyDecision"},
+    "security_check": {"schema": "SecurityCheckResult"},
     "learn": {"schema": "LearningArtifact"},
     "maintainer": {"schema": "MaintainerCompatArtifact"},
     "cancel": {"schema": "CancelResult"},
@@ -217,6 +221,7 @@ ROUTE_SIDE_EFFECTS: dict[str, list[str]] = {
     "review": [],
     "plan": [".omg/state/_plan.md", ".omg/state/_checklist.md", ".omg/idea.yml"],
     "secure": [],
+    "security_check": [],
     "learn": [".omg/state/working-memory.md"],
     "maintainer": [".omg/evidence/compat-*.json"],
     "cancel": [".omg/shadow/active-run (removed when exists)"],
@@ -268,6 +273,7 @@ SKILL_ROUTE_NOTES: dict[str, str] = {
     "pipeline": "Routes to OMG lab policy+pipeline executor.",
     "release": "Routes to runtime ship and emits release draft artifact.",
     "tdd": "Generates plan/checklist scaffolding for red-green-refactor workflow.",
+    "security-review": "Deprecated alias to the canonical OMG security-check engine.",
     "build-fix": "Creates targeted fix checklist and routes execution to runtime.",
     "analyze": "Writes structured analysis evidence artifact.",
     "trace": "Writes trace evidence artifact for debugging chain.",
@@ -1177,6 +1183,20 @@ def dispatch_compat_skill(
             result=decision.to_dict(),
         )
 
+    if route == "security_check":
+        check = run_security_check(
+            project_dir=root,
+            scope=msg or ".",
+            include_live_enrichment=False,
+        )
+        return _res(
+            skill=normalized,
+            route=route,
+            findings=["Canonical OMG security check completed."],
+            actions=["Review high-severity findings before ship/release."],
+            result=check,
+        )
+
     if route == "learn":
         if normalized in {"learn-about-omg", "learner", "skill"}:
             learn_path = _write_learning_artifact(root, normalized, msg, context)