npm - @trac3er/oh-my-god - Versions diffs - 2.0.4 → 2.0.5 - Mend

@trac3er/oh-my-god 2.0.4 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (206) hide show

package/registry/verify_artifact.py ADDED Viewed

@@ -0,0 +1,90 @@
+"""OMG v1 supply-chain verification with Warn-and-Run semantics."""
+from __future__ import annotations
+from dataclasses import dataclass
+from typing import Any
+@dataclass
+class SupplyArtifact:
+    id: str
+    signer: str | None
+    checksum: str | None
+    permissions: list[str]
+    static_scan: list[dict[str, Any]]
+    risk_level: str = "low"
+def _normalize(artifact: dict[str, Any]) -> SupplyArtifact:
+    return SupplyArtifact(
+        id=str(artifact.get("id", "unknown")),
+        signer=artifact.get("signer"),
+        checksum=artifact.get("checksum"),
+        permissions=[str(p) for p in artifact.get("permissions", [])],
+        static_scan=[f for f in artifact.get("static_scan", []) if isinstance(f, dict)],
+        risk_level=str(artifact.get("risk_level", "low")).lower(),
+    )
+def verify_artifact(artifact: dict[str, Any], mode: str = "warn_and_run") -> dict[str, Any]:
+    a = _normalize(artifact)
+    reasons: list[str] = []
+    controls: list[str] = []
+    for finding in a.static_scan:
+        sev = str(finding.get("severity", "")).lower()
+        if sev == "critical":
+            reasons.append("critical static scan finding")
+            return {
+                "action": "deny",
+                "risk_level": "critical",
+                "reason": "; ".join(reasons),
+                "controls": ["block-execution"],
+                "trusted": False,
+            }
+    perm_blob = " ".join(a.permissions).lower()
+    if any(token in perm_blob for token in ["sudo", "rm -rf", "--privileged", "curl |", "wget |"]):
+        return {
+            "action": "deny",
+            "risk_level": "critical",
+            "reason": "critical permission profile",
+            "controls": ["block-execution"],
+            "trusted": False,
+        }
+    if not a.signer or not a.checksum:
+        reasons.append("missing signer/checksum")
+        controls.extend(["isolate-network", "read-only-fs", "manual-approval"])
+        if mode == "warn_and_run":
+            return {
+                "action": "ask",
+                "risk_level": "high",
+                "reason": "; ".join(reasons),
+                "controls": controls,
+                "trusted": False,
+            }
+        return {
+            "action": "deny",
+            "risk_level": "high",
+            "reason": "; ".join(reasons),
+            "controls": ["block-execution"],
+            "trusted": False,
+        }
+    if any(str(f.get("severity", "")).lower() == "high" for f in a.static_scan):
+        return {
+            "action": "ask",
+            "risk_level": "high",
+            "reason": "high severity findings present",
+            "controls": ["manual-approval"],
+            "trusted": False,
+        }
+    return {
+        "action": "allow",
+        "risk_level": a.risk_level if a.risk_level in {"low", "med", "high", "critical"} else "low",
+        "reason": "artifact verified",
+        "controls": [],
+        "trusted": True,
+    }

package/runtime/adapters/claude.py CHANGED Viewed

@@ -27,6 +27,7 @@ class ClaudeAdapter:
             "runtime": self.runtime,
             "phase": "execute",
             "status": "executed",
+            "worker_mode": "stub",
             "operations": [
                 "apply-plan",
                 "collect-diff",
@@ -43,6 +44,7 @@ class ClaudeAdapter:
             "checks": [
                 {"name": "tests", "passed": True},
                 {"name": "security", "passed": True},
+                {"name": "worker_implementation", "passed": False, "mode": "stub"},
             ],
         }
@@ -57,4 +59,5 @@ class ClaudeAdapter:
             "diff_summary": {},
             "reproducibility": {"seed": "deterministic"},
             "unresolved_risks": [],
+            "worker_mode": "stub",
         }

package/runtime/adapters/gpt.py CHANGED Viewed

@@ -23,6 +23,7 @@ class GPTAdapter:
             "runtime": self.runtime,
             "phase": "execute",
             "status": "executed",
+            "worker_mode": "stub",
             "operations": ["apply-plan", "collect-diff"],
             "errors": [],
         }
@@ -36,6 +37,7 @@ class GPTAdapter:
             "checks": [
                 {"name": "tests", "passed": True},
                 {"name": "security", "passed": True},
+                {"name": "worker_implementation", "passed": False, "mode": "stub"},
             ],
         }
@@ -50,4 +52,5 @@ class GPTAdapter:
             "diff_summary": {},
             "reproducibility": {"seed": "deterministic"},
             "unresolved_risks": [],
+            "worker_mode": "stub",
         }

package/runtime/adapters/local.py CHANGED Viewed

@@ -23,6 +23,7 @@ class LocalAdapter:
             "runtime": self.runtime,
             "phase": "execute",
             "status": "executed",
+            "worker_mode": "stub",
             "operations": ["apply-plan", "collect-diff"],
             "errors": [],
         }
@@ -36,6 +37,7 @@ class LocalAdapter:
             "checks": [
                 {"name": "tests", "passed": True},
                 {"name": "security", "passed": True},
+                {"name": "worker_implementation", "passed": False, "mode": "stub"},
             ],
         }
@@ -50,4 +52,5 @@ class LocalAdapter:
             "diff_summary": {},
             "reproducibility": {"seed": "deterministic"},
             "unresolved_risks": [],
+            "worker_mode": "stub",
         }

package/runtime/adoption.py CHANGED Viewed

@@ -11,7 +11,7 @@ CANONICAL_REPO_URL = "https://github.com/trac3er00/OMG"
 CANONICAL_PACKAGE_NAME = "@trac3er/oh-my-god"
 CANONICAL_PLUGIN_ID = "omg"
 CANONICAL_MARKETPLACE_ID = "omg"
-CANONICAL_VERSION = "2.0.4"
+CANONICAL_VERSION = "2.0.5"
 VALID_ADOPTION_MODES = ("omg-only", "coexist")
 VALID_PRESETS = ("safe", "balanced", "interop", "labs")

package/runtime/api_twin.py CHANGED Viewed

@@ -3,6 +3,7 @@ from __future__ import annotations
 import json
 from pathlib import Path
+import time
 from typing import Any
@@ -32,23 +33,32 @@ def record_fixture(
     project_dir: str,
     *,
     name: str,
+    endpoint: str = "default",
+    cassette_version: str = "v1",
     request: dict[str, Any],
     response: dict[str, Any],
     validated: bool,
+    redactions: dict[str, str] | None = None,
 ) -> dict[str, Any]:
     state = _load_state(project_dir)
     fixture = {
         "name": name,
+        "endpoint": endpoint,
+        "cassette_version": cassette_version,
         "request": request,
         "response": response,
         "fidelity": "recorded-validated" if validated else "recorded",
         "validated": validated,
+        "redactions": redactions or {},
     }
-    state.setdefault("fixtures", {})[name] = fixture
+    fixtures = state.setdefault("fixtures", {}).setdefault(name, {})
+    fixtures[_fixture_key(endpoint, cassette_version)] = fixture
     _save_state(project_dir, state)
     return {
         "schema": "ApiTwinFixture",
         "name": name,
+        "endpoint": endpoint,
+        "cassette_version": cassette_version,
         "fidelity": fixture["fidelity"],
     }
@@ -57,14 +67,18 @@ def serve_fixture(
     project_dir: str,
     *,
     name: str,
+    endpoint: str = "default",
+    cassette_version: str = "v1",
     latency_ms: int = 0,
     failure_mode: str = "",
     schema_drift: bool = False,
 ) -> dict[str, Any]:
     state = _load_state(project_dir)
-    fixture = _fixture(state, name)
+    fixture = _fixture(state, name, endpoint=endpoint, cassette_version=cassette_version)
     response = dict(fixture.get("response", {}))
     fidelity = str(fixture.get("fidelity", "recorded"))
+    if latency_ms > 0:
+        time.sleep(max(latency_ms, 0) / 1000)
     if schema_drift:
         response["__schema_drift__"] = True
         fidelity = "stale"
@@ -74,25 +88,41 @@ def serve_fixture(
     return {
         "schema": "ApiTwinServeResult",
         "name": name,
+        "endpoint": endpoint,
+        "cassette_version": cassette_version,
         "latency_ms": latency_ms,
         "failure_mode": failure_mode,
         "fidelity": fidelity,
         "response": response,
+        "report": {
+            "saved_live_calls": 1,
+            "saved_cost_estimate": round(len(json.dumps(response)) * 0.0001, 4),
+            "redactions": fixture.get("redactions", {}),
+        },
     }
-def verify_fixture(project_dir: str, *, name: str, live_response: dict[str, Any]) -> dict[str, Any]:
+def verify_fixture(
+    project_dir: str,
+    *,
+    name: str,
+    endpoint: str = "default",
+    cassette_version: str = "v1",
+    live_response: dict[str, Any],
+) -> dict[str, Any]:
     state = _load_state(project_dir)
-    fixture = _fixture(state, name)
+    fixture = _fixture(state, name, endpoint=endpoint, cassette_version=cassette_version)
     matches_live = fixture.get("response", {}) == live_response
     fidelity = "recorded-validated" if matches_live else "stale"
     fixture["fidelity"] = fidelity
     fixture["validated"] = matches_live
-    state.setdefault("fixtures", {})[name] = fixture
+    state.setdefault("fixtures", {}).setdefault(name, {})[_fixture_key(endpoint, cassette_version)] = fixture
     _save_state(project_dir, state)
     return {
         "schema": "ApiTwinVerifyResult",
         "name": name,
+        "endpoint": endpoint,
+        "cassette_version": cassette_version,
         "fidelity": fidelity,
         "matches_live": matches_live,
         "live_verification_required": True,
@@ -106,12 +136,18 @@ def _state_path(project_dir: str) -> Path:
 def _load_state(project_dir: str) -> dict[str, Any]:
     path = _state_path(project_dir)
     if not path.exists():
-        return {"contracts": {}, "fixtures": {}}
+        return {"schema": "ApiTwinState", "version": "2.0.5", "contracts": {}, "fixtures": {}}
     try:
         payload = json.loads(path.read_text(encoding="utf-8"))
     except (OSError, json.JSONDecodeError):
-        return {"contracts": {}, "fixtures": {}}
-    return payload if isinstance(payload, dict) else {"contracts": {}, "fixtures": {}}
+        return {"schema": "ApiTwinState", "version": "2.0.5", "contracts": {}, "fixtures": {}}
+    if not isinstance(payload, dict):
+        return {"schema": "ApiTwinState", "version": "2.0.5", "contracts": {}, "fixtures": {}}
+    payload.setdefault("schema", "ApiTwinState")
+    payload.setdefault("version", "2.0.5")
+    payload.setdefault("contracts", {})
+    payload.setdefault("fixtures", {})
+    return payload
 def _save_state(project_dir: str, payload: dict[str, Any]) -> None:
@@ -120,11 +156,24 @@ def _save_state(project_dir: str, payload: dict[str, Any]) -> None:
     path.write_text(json.dumps(payload, indent=2, ensure_ascii=True) + "\n", encoding="utf-8")
-def _fixture(state: dict[str, Any], name: str) -> dict[str, Any]:
+def _fixture_key(endpoint: str, cassette_version: str) -> str:
+    return f"{endpoint}::{cassette_version}"
+def _fixture(
+    state: dict[str, Any],
+    name: str,
+    *,
+    endpoint: str = "default",
+    cassette_version: str = "v1",
+) -> dict[str, Any]:
     fixtures = state.get("fixtures", {})
     if not isinstance(fixtures, dict) or name not in fixtures:
         raise ValueError(f"Unknown API twin fixture: {name}")
-    fixture = fixtures[name]
-    if not isinstance(fixture, dict):
+    fixture_group = fixtures[name]
+    if not isinstance(fixture_group, dict):
         raise ValueError(f"Invalid API twin fixture: {name}")
+    fixture = fixture_group.get(_fixture_key(endpoint, cassette_version))
+    if not isinstance(fixture, dict):
+        raise ValueError(f"Unknown API twin cassette: {name} {endpoint} {cassette_version}")
     return fixture

package/runtime/asset_loader.py ADDED Viewed

@@ -0,0 +1,62 @@
+"""Helpers for locating packaged OMG assets from source checkouts or installs."""
+from __future__ import annotations
+from importlib import metadata
+from pathlib import Path
+_DIST_NAMES = ("oh-my-god", "oh_my_god")
+def project_root() -> Path:
+    return Path(__file__).resolve().parents[1]
+def resolve_asset(rel_path: str | Path) -> Path:
+    rel = Path(rel_path)
+    candidate = project_root() / rel
+    if candidate.exists():
+        return candidate
+    rel_posix = rel.as_posix()
+    for dist_name in _DIST_NAMES:
+        try:
+            dist = metadata.distribution(dist_name)
+        except metadata.PackageNotFoundError:
+            continue
+        for file in dist.files or []:
+            if str(file).endswith(rel_posix):
+                located = Path(dist.locate_file(file))
+                if located.exists():
+                    return located
+    raise FileNotFoundError(f"Unable to resolve packaged OMG asset: {rel_posix}")
+def resolve_assets(prefix: str | Path, suffix: str = "") -> list[Path]:
+    prefix_path = Path(prefix)
+    root_candidate = project_root() / prefix_path
+    if root_candidate.exists():
+        if root_candidate.is_dir():
+            if suffix:
+                return sorted(path for path in root_candidate.rglob("*") if path.is_file() and path.name.endswith(suffix))
+            return sorted(path for path in root_candidate.rglob("*") if path.is_file())
+        return [root_candidate]
+    prefix_posix = prefix_path.as_posix().rstrip("/")
+    matched: list[Path] = []
+    for dist_name in _DIST_NAMES:
+        try:
+            dist = metadata.distribution(dist_name)
+        except metadata.PackageNotFoundError:
+            continue
+        for file in dist.files or []:
+            file_text = str(file)
+            if not file_text.startswith(prefix_posix):
+                continue
+            if suffix and not file_text.endswith(suffix):
+                continue
+            located = Path(dist.locate_file(file))
+            if located.exists() and located.is_file():
+                matched.append(located)
+    return sorted(matched)

package/runtime/compat.py CHANGED Viewed

@@ -15,13 +15,14 @@ from typing import Any
 from hooks.policy_engine import evaluate_bash_command
 from lab.pipeline import run_pipeline
+from runtime.adoption import CANONICAL_VERSION
 from runtime.dispatcher import dispatch_runtime
 from runtime.security_check import run_security_check
 from runtime.team_router import TeamDispatchRequest, dispatch_team
 CONTRACT_SNAPSHOT_SCHEMA = "OmgCompatContractSnapshot"
 LEGACY_CONTRACT_SNAPSHOT_SCHEMA = "OmgCompatContractSnapshot"
-CONTRACT_SNAPSHOT_VERSION = "1.0.0"
+CONTRACT_SNAPSHOT_VERSION = CANONICAL_VERSION
 LEGACY_SNAPSHOT_VERSION = "0.9.0"
 GAP_REPORT_SCHEMA = "OmgCompatGapReport"
 LEGACY_GAP_REPORT_SCHEMA = "OmgCompatGapReport"
@@ -359,7 +360,7 @@ def migrate_contract_snapshot_payload(payload: dict[str, Any]) -> tuple[dict[str
         # v0.9.0 lacked explicit schema/version constraints.
         migrated["schema"] = CONTRACT_SNAPSHOT_SCHEMA
         migrated["contract_version"] = CONTRACT_SNAPSHOT_VERSION
-        migrations.append("migrate-0.9.0-to-1.0.0")
+        migrations.append(f"migrate-0.9.0-to-{CONTRACT_SNAPSHOT_VERSION}")
     return migrated, migrations