@trac3er/oh-my-god 2.0.5 → 2.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (560) hide show
  1. package/.agents/skills/omg/AGENTS.fragment.md +57 -4
  2. package/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  3. package/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  4. package/.agents/skills/omg/codex-rules.md +33 -0
  5. package/.agents/skills/omg/plan-council/SKILL.md +11 -0
  6. package/.agents/skills/omg/plan-council/openai.yaml +12 -0
  7. package/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  8. package/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  9. package/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  10. package/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  11. package/.claude-plugin/marketplace.json +5 -5
  12. package/.claude-plugin/plugin.json +1 -1
  13. package/.claude-plugin/scripts/uninstall.sh +1 -1
  14. package/.mcp.json +0 -22
  15. package/CHANGELOG.md +13 -0
  16. package/OMG-setup.sh +64 -14
  17. package/OMG_COMPAT_CONTRACT.md +1 -1
  18. package/README.md +8 -6
  19. package/agents/omg-security-auditor.md +1 -1
  20. package/artifacts/release/.agents/skills/omg/AGENTS.fragment.md +52 -0
  21. package/artifacts/release/.agents/skills/omg/algorithms/SKILL.md +11 -0
  22. package/artifacts/release/.agents/skills/omg/algorithms/openai.yaml +11 -0
  23. package/artifacts/release/.agents/skills/omg/api-twin/SKILL.md +11 -0
  24. package/artifacts/release/.agents/skills/omg/api-twin/openai.yaml +12 -0
  25. package/artifacts/release/.agents/skills/omg/codex-mcp.toml +4 -0
  26. package/artifacts/release/.agents/skills/omg/codex-rules.md +29 -0
  27. package/artifacts/release/.agents/skills/omg/control-plane/SKILL.md +11 -0
  28. package/artifacts/release/.agents/skills/omg/control-plane/openai.yaml +14 -0
  29. package/artifacts/release/.agents/skills/omg/data-lineage/SKILL.md +11 -0
  30. package/artifacts/release/.agents/skills/omg/data-lineage/openai.yaml +12 -0
  31. package/artifacts/release/.agents/skills/omg/delta-classifier/SKILL.md +11 -0
  32. package/artifacts/release/.agents/skills/omg/delta-classifier/openai.yaml +12 -0
  33. package/artifacts/release/.agents/skills/omg/eval-gate/SKILL.md +11 -0
  34. package/artifacts/release/.agents/skills/omg/eval-gate/openai.yaml +12 -0
  35. package/artifacts/release/.agents/skills/omg/health/SKILL.md +11 -0
  36. package/artifacts/release/.agents/skills/omg/health/openai.yaml +11 -0
  37. package/artifacts/release/.agents/skills/omg/hook-governor/SKILL.md +11 -0
  38. package/artifacts/release/.agents/skills/omg/hook-governor/openai.yaml +11 -0
  39. package/artifacts/release/.agents/skills/omg/incident-replay/SKILL.md +11 -0
  40. package/artifacts/release/.agents/skills/omg/incident-replay/openai.yaml +12 -0
  41. package/artifacts/release/.agents/skills/omg/lsp-pack/SKILL.md +11 -0
  42. package/artifacts/release/.agents/skills/omg/lsp-pack/openai.yaml +11 -0
  43. package/artifacts/release/.agents/skills/omg/mcp-fabric/SKILL.md +11 -0
  44. package/artifacts/release/.agents/skills/omg/mcp-fabric/openai.yaml +13 -0
  45. package/artifacts/release/.agents/skills/omg/preflight/SKILL.md +11 -0
  46. package/artifacts/release/.agents/skills/omg/preflight/openai.yaml +12 -0
  47. package/artifacts/release/.agents/skills/omg/remote-supervisor/SKILL.md +11 -0
  48. package/artifacts/release/.agents/skills/omg/remote-supervisor/openai.yaml +12 -0
  49. package/artifacts/release/.agents/skills/omg/robotics/SKILL.md +11 -0
  50. package/artifacts/release/.agents/skills/omg/robotics/openai.yaml +11 -0
  51. package/artifacts/release/.agents/skills/omg/secure-worktree-pipeline/SKILL.md +11 -0
  52. package/artifacts/release/.agents/skills/omg/secure-worktree-pipeline/openai.yaml +12 -0
  53. package/artifacts/release/.agents/skills/omg/security-check/SKILL.md +11 -0
  54. package/artifacts/release/.agents/skills/omg/security-check/openai.yaml +13 -0
  55. package/artifacts/release/.agents/skills/omg/tracebank/SKILL.md +11 -0
  56. package/artifacts/release/.agents/skills/omg/tracebank/openai.yaml +12 -0
  57. package/artifacts/release/.agents/skills/omg/vision/SKILL.md +11 -0
  58. package/artifacts/release/.agents/skills/omg/vision/openai.yaml +11 -0
  59. package/artifacts/release/.claude-plugin/marketplace.json +36 -0
  60. package/artifacts/release/.claude-plugin/plugin.json +23 -0
  61. package/artifacts/release/.mcp.json +40 -0
  62. package/artifacts/release/OMG_COMPAT_CONTRACT.md +92 -0
  63. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +52 -0
  64. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/algorithms/SKILL.md +11 -0
  65. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/algorithms/openai.yaml +11 -0
  66. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/api-twin/SKILL.md +11 -0
  67. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/api-twin/openai.yaml +12 -0
  68. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/codex-mcp.toml +4 -0
  69. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +29 -0
  70. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/control-plane/SKILL.md +11 -0
  71. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/control-plane/openai.yaml +14 -0
  72. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/data-lineage/SKILL.md +11 -0
  73. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/data-lineage/openai.yaml +12 -0
  74. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/delta-classifier/SKILL.md +11 -0
  75. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/delta-classifier/openai.yaml +12 -0
  76. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/eval-gate/SKILL.md +11 -0
  77. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/eval-gate/openai.yaml +12 -0
  78. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/health/SKILL.md +11 -0
  79. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/health/openai.yaml +11 -0
  80. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/hook-governor/SKILL.md +11 -0
  81. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/hook-governor/openai.yaml +11 -0
  82. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/incident-replay/SKILL.md +11 -0
  83. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/incident-replay/openai.yaml +12 -0
  84. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/lsp-pack/SKILL.md +11 -0
  85. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/lsp-pack/openai.yaml +11 -0
  86. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/mcp-fabric/SKILL.md +11 -0
  87. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/mcp-fabric/openai.yaml +13 -0
  88. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/preflight/SKILL.md +11 -0
  89. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/preflight/openai.yaml +12 -0
  90. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/remote-supervisor/SKILL.md +11 -0
  91. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/remote-supervisor/openai.yaml +12 -0
  92. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/robotics/SKILL.md +11 -0
  93. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/robotics/openai.yaml +11 -0
  94. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md +11 -0
  95. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml +12 -0
  96. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/security-check/SKILL.md +11 -0
  97. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/security-check/openai.yaml +13 -0
  98. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/tracebank/SKILL.md +11 -0
  99. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/tracebank/openai.yaml +12 -0
  100. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/vision/SKILL.md +11 -0
  101. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/vision/openai.yaml +11 -0
  102. package/artifacts/release/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +92 -0
  103. package/artifacts/release/dist/enterprise/bundle/registry/bundles/algorithms.yaml +45 -0
  104. package/artifacts/release/dist/enterprise/bundle/registry/bundles/api-twin.yaml +48 -0
  105. package/artifacts/release/dist/enterprise/bundle/registry/bundles/control-plane.yaml +151 -0
  106. package/artifacts/release/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +47 -0
  107. package/artifacts/release/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +47 -0
  108. package/artifacts/release/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +47 -0
  109. package/artifacts/release/dist/enterprise/bundle/registry/bundles/health.yaml +45 -0
  110. package/artifacts/release/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +97 -0
  111. package/artifacts/release/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +47 -0
  112. package/artifacts/release/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +48 -0
  113. package/artifacts/release/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +53 -0
  114. package/artifacts/release/dist/enterprise/bundle/registry/bundles/preflight.yaml +48 -0
  115. package/artifacts/release/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +49 -0
  116. package/artifacts/release/dist/enterprise/bundle/registry/bundles/robotics.yaml +45 -0
  117. package/artifacts/release/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +54 -0
  118. package/artifacts/release/dist/enterprise/bundle/registry/bundles/security-check.yaml +50 -0
  119. package/artifacts/release/dist/enterprise/bundle/registry/bundles/tracebank.yaml +47 -0
  120. package/artifacts/release/dist/enterprise/bundle/registry/bundles/vision.yaml +45 -0
  121. package/artifacts/release/dist/enterprise/bundle/registry/omg-capability.schema.json +296 -0
  122. package/artifacts/release/dist/enterprise/manifest.json +243 -0
  123. package/artifacts/release/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -0
  124. package/artifacts/release/dist/public/bundle/.agents/skills/omg/algorithms/SKILL.md +11 -0
  125. package/artifacts/release/dist/public/bundle/.agents/skills/omg/algorithms/openai.yaml +11 -0
  126. package/artifacts/release/dist/public/bundle/.agents/skills/omg/api-twin/SKILL.md +11 -0
  127. package/artifacts/release/dist/public/bundle/.agents/skills/omg/api-twin/openai.yaml +12 -0
  128. package/artifacts/release/dist/public/bundle/.agents/skills/omg/codex-mcp.toml +4 -0
  129. package/artifacts/release/dist/public/bundle/.agents/skills/omg/control-plane/SKILL.md +11 -0
  130. package/artifacts/release/dist/public/bundle/.agents/skills/omg/control-plane/openai.yaml +14 -0
  131. package/artifacts/release/dist/public/bundle/.agents/skills/omg/data-lineage/SKILL.md +11 -0
  132. package/artifacts/release/dist/public/bundle/.agents/skills/omg/data-lineage/openai.yaml +12 -0
  133. package/artifacts/release/dist/public/bundle/.agents/skills/omg/delta-classifier/SKILL.md +11 -0
  134. package/artifacts/release/dist/public/bundle/.agents/skills/omg/delta-classifier/openai.yaml +12 -0
  135. package/artifacts/release/dist/public/bundle/.agents/skills/omg/eval-gate/SKILL.md +11 -0
  136. package/artifacts/release/dist/public/bundle/.agents/skills/omg/eval-gate/openai.yaml +12 -0
  137. package/artifacts/release/dist/public/bundle/.agents/skills/omg/health/SKILL.md +11 -0
  138. package/artifacts/release/dist/public/bundle/.agents/skills/omg/health/openai.yaml +11 -0
  139. package/artifacts/release/dist/public/bundle/.agents/skills/omg/hook-governor/SKILL.md +11 -0
  140. package/artifacts/release/dist/public/bundle/.agents/skills/omg/hook-governor/openai.yaml +11 -0
  141. package/artifacts/release/dist/public/bundle/.agents/skills/omg/incident-replay/SKILL.md +11 -0
  142. package/artifacts/release/dist/public/bundle/.agents/skills/omg/incident-replay/openai.yaml +12 -0
  143. package/artifacts/release/dist/public/bundle/.agents/skills/omg/lsp-pack/SKILL.md +11 -0
  144. package/artifacts/release/dist/public/bundle/.agents/skills/omg/lsp-pack/openai.yaml +11 -0
  145. package/artifacts/release/dist/public/bundle/.agents/skills/omg/mcp-fabric/SKILL.md +11 -0
  146. package/artifacts/release/dist/public/bundle/.agents/skills/omg/mcp-fabric/openai.yaml +13 -0
  147. package/artifacts/release/dist/public/bundle/.agents/skills/omg/preflight/SKILL.md +11 -0
  148. package/artifacts/release/dist/public/bundle/.agents/skills/omg/preflight/openai.yaml +12 -0
  149. package/artifacts/release/dist/public/bundle/.agents/skills/omg/remote-supervisor/SKILL.md +11 -0
  150. package/artifacts/release/dist/public/bundle/.agents/skills/omg/remote-supervisor/openai.yaml +12 -0
  151. package/artifacts/release/dist/public/bundle/.agents/skills/omg/robotics/SKILL.md +11 -0
  152. package/artifacts/release/dist/public/bundle/.agents/skills/omg/robotics/openai.yaml +11 -0
  153. package/artifacts/release/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md +11 -0
  154. package/artifacts/release/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml +12 -0
  155. package/artifacts/release/dist/public/bundle/.agents/skills/omg/security-check/SKILL.md +11 -0
  156. package/artifacts/release/dist/public/bundle/.agents/skills/omg/security-check/openai.yaml +13 -0
  157. package/artifacts/release/dist/public/bundle/.agents/skills/omg/tracebank/SKILL.md +11 -0
  158. package/artifacts/release/dist/public/bundle/.agents/skills/omg/tracebank/openai.yaml +12 -0
  159. package/artifacts/release/dist/public/bundle/.agents/skills/omg/vision/SKILL.md +11 -0
  160. package/artifacts/release/dist/public/bundle/.agents/skills/omg/vision/openai.yaml +11 -0
  161. package/artifacts/release/dist/public/bundle/.claude-plugin/marketplace.json +36 -0
  162. package/artifacts/release/dist/public/bundle/.claude-plugin/plugin.json +23 -0
  163. package/artifacts/release/dist/public/bundle/.mcp.json +40 -0
  164. package/artifacts/release/dist/public/bundle/OMG_COMPAT_CONTRACT.md +92 -0
  165. package/artifacts/release/dist/public/bundle/registry/bundles/algorithms.yaml +45 -0
  166. package/artifacts/release/dist/public/bundle/registry/bundles/api-twin.yaml +48 -0
  167. package/artifacts/release/dist/public/bundle/registry/bundles/control-plane.yaml +151 -0
  168. package/artifacts/release/dist/public/bundle/registry/bundles/data-lineage.yaml +47 -0
  169. package/artifacts/release/dist/public/bundle/registry/bundles/delta-classifier.yaml +47 -0
  170. package/artifacts/release/dist/public/bundle/registry/bundles/eval-gate.yaml +47 -0
  171. package/artifacts/release/dist/public/bundle/registry/bundles/health.yaml +45 -0
  172. package/artifacts/release/dist/public/bundle/registry/bundles/hook-governor.yaml +97 -0
  173. package/artifacts/release/dist/public/bundle/registry/bundles/incident-replay.yaml +47 -0
  174. package/artifacts/release/dist/public/bundle/registry/bundles/lsp-pack.yaml +48 -0
  175. package/artifacts/release/dist/public/bundle/registry/bundles/mcp-fabric.yaml +53 -0
  176. package/artifacts/release/dist/public/bundle/registry/bundles/preflight.yaml +48 -0
  177. package/artifacts/release/dist/public/bundle/registry/bundles/remote-supervisor.yaml +49 -0
  178. package/artifacts/release/dist/public/bundle/registry/bundles/robotics.yaml +45 -0
  179. package/artifacts/release/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +54 -0
  180. package/artifacts/release/dist/public/bundle/registry/bundles/security-check.yaml +50 -0
  181. package/artifacts/release/dist/public/bundle/registry/bundles/tracebank.yaml +47 -0
  182. package/artifacts/release/dist/public/bundle/registry/bundles/vision.yaml +45 -0
  183. package/artifacts/release/dist/public/bundle/registry/omg-capability.schema.json +296 -0
  184. package/artifacts/release/dist/public/bundle/settings.json +526 -0
  185. package/artifacts/release/dist/public/manifest.json +255 -0
  186. package/artifacts/release/registry/bundles/algorithms.yaml +45 -0
  187. package/artifacts/release/registry/bundles/api-twin.yaml +48 -0
  188. package/artifacts/release/registry/bundles/control-plane.yaml +151 -0
  189. package/artifacts/release/registry/bundles/data-lineage.yaml +47 -0
  190. package/artifacts/release/registry/bundles/delta-classifier.yaml +47 -0
  191. package/artifacts/release/registry/bundles/eval-gate.yaml +47 -0
  192. package/artifacts/release/registry/bundles/health.yaml +45 -0
  193. package/artifacts/release/registry/bundles/hook-governor.yaml +97 -0
  194. package/artifacts/release/registry/bundles/incident-replay.yaml +47 -0
  195. package/artifacts/release/registry/bundles/lsp-pack.yaml +48 -0
  196. package/artifacts/release/registry/bundles/mcp-fabric.yaml +53 -0
  197. package/artifacts/release/registry/bundles/preflight.yaml +48 -0
  198. package/artifacts/release/registry/bundles/remote-supervisor.yaml +49 -0
  199. package/artifacts/release/registry/bundles/robotics.yaml +45 -0
  200. package/artifacts/release/registry/bundles/secure-worktree-pipeline.yaml +54 -0
  201. package/artifacts/release/registry/bundles/security-check.yaml +50 -0
  202. package/artifacts/release/registry/bundles/tracebank.yaml +47 -0
  203. package/artifacts/release/registry/bundles/vision.yaml +45 -0
  204. package/artifacts/release/registry/omg-capability.schema.json +296 -0
  205. package/artifacts/release/settings.json +594 -0
  206. package/build/lib/agents/__init__.py +1 -0
  207. package/build/lib/agents/designer.md +67 -0
  208. package/build/lib/agents/explore.md +60 -0
  209. package/build/lib/agents/model_roles.py +196 -0
  210. package/build/lib/agents/omg-api-builder.md +23 -0
  211. package/build/lib/agents/omg-architect-mode.md +41 -0
  212. package/build/lib/agents/omg-architect.md +13 -0
  213. package/build/lib/agents/omg-backend-engineer.md +41 -0
  214. package/build/lib/agents/omg-critic.md +16 -0
  215. package/build/lib/agents/omg-database-engineer.md +41 -0
  216. package/build/lib/agents/omg-escalation-router.md +17 -0
  217. package/build/lib/agents/omg-executor.md +12 -0
  218. package/build/lib/agents/omg-frontend-designer.md +41 -0
  219. package/build/lib/agents/omg-implement-mode.md +49 -0
  220. package/build/lib/agents/omg-infra-engineer.md +41 -0
  221. package/build/lib/agents/omg-qa-tester.md +16 -0
  222. package/build/lib/agents/omg-research-mode.md +41 -0
  223. package/build/lib/agents/omg-security-auditor.md +41 -0
  224. package/build/lib/agents/omg-testing-engineer.md +41 -0
  225. package/build/lib/agents/plan.md +80 -0
  226. package/build/lib/agents/quick_task.md +64 -0
  227. package/build/lib/agents/reviewer.md +83 -0
  228. package/build/lib/agents/task.md +71 -0
  229. package/build/lib/commands/OMG:ai-commit.md +113 -0
  230. package/build/lib/commands/OMG:api-twin.md +22 -0
  231. package/build/lib/commands/OMG:arch.md +313 -0
  232. package/build/lib/commands/OMG:ccg.md +22 -0
  233. package/build/lib/commands/OMG:compat.md +57 -0
  234. package/build/lib/commands/OMG:cost.md +181 -0
  235. package/build/lib/commands/OMG:crazy.md +125 -0
  236. package/build/lib/commands/OMG:create-agent.md +183 -0
  237. package/build/lib/commands/OMG:deps.md +248 -0
  238. package/build/lib/commands/OMG:doctor.md +37 -0
  239. package/build/lib/commands/OMG:domain-init.md +11 -0
  240. package/build/lib/commands/OMG:escalate.md +52 -0
  241. package/build/lib/commands/OMG:health-check.md +45 -0
  242. package/build/lib/commands/OMG:init.md +134 -0
  243. package/build/lib/commands/OMG:mode.md +44 -0
  244. package/build/lib/commands/OMG:preflight.md +26 -0
  245. package/build/lib/commands/OMG:project-init.md +11 -0
  246. package/build/lib/commands/OMG:ralph-start.md +43 -0
  247. package/build/lib/commands/OMG:ralph-stop.md +23 -0
  248. package/build/lib/commands/OMG:security-check.md +28 -0
  249. package/build/lib/commands/OMG:session-branch.md +85 -0
  250. package/build/lib/commands/OMG:session-fork.md +53 -0
  251. package/build/lib/commands/OMG:session-merge.md +134 -0
  252. package/build/lib/commands/OMG:setup.md +78 -0
  253. package/build/lib/commands/OMG:stats.md +225 -0
  254. package/build/lib/commands/OMG:teams.md +39 -0
  255. package/build/lib/commands/OMG:theme.md +44 -0
  256. package/build/lib/commands/__init__.py +1 -0
  257. package/build/lib/control_plane/__init__.py +2 -0
  258. package/build/lib/control_plane/openapi.yaml +260 -0
  259. package/build/lib/control_plane/server.py +147 -0
  260. package/build/lib/control_plane/service.py +222 -0
  261. package/build/lib/hooks/__init__.py +0 -0
  262. package/build/lib/hooks/_agent_registry.py +423 -0
  263. package/build/lib/hooks/_analytics.py +291 -0
  264. package/build/lib/hooks/_budget.py +31 -0
  265. package/build/lib/hooks/_common.py +569 -0
  266. package/build/lib/hooks/_compression_optimizer.py +119 -0
  267. package/build/lib/hooks/_cost_ledger.py +176 -0
  268. package/build/lib/hooks/_learnings.py +126 -0
  269. package/build/lib/hooks/_memory.py +103 -0
  270. package/build/lib/hooks/_protected_context.py +150 -0
  271. package/build/lib/hooks/_token_counter.py +221 -0
  272. package/build/lib/hooks/branch_manager.py +236 -0
  273. package/build/lib/hooks/budget_governor.py +232 -0
  274. package/build/lib/hooks/circuit-breaker.py +270 -0
  275. package/build/lib/hooks/compression_feedback.py +254 -0
  276. package/build/lib/hooks/config-guard.py +216 -0
  277. package/build/lib/hooks/context_pressure.py +53 -0
  278. package/build/lib/hooks/credential_store.py +1020 -0
  279. package/build/lib/hooks/fetch-rate-limits.py +212 -0
  280. package/build/lib/hooks/firewall.py +48 -0
  281. package/build/lib/hooks/hashline-formatter-bridge.py +224 -0
  282. package/build/lib/hooks/hashline-injector.py +273 -0
  283. package/build/lib/hooks/hashline-validator.py +216 -0
  284. package/build/lib/hooks/idle-detector.py +95 -0
  285. package/build/lib/hooks/intentgate-keyword-detector.py +188 -0
  286. package/build/lib/hooks/magic-keyword-router.py +195 -0
  287. package/build/lib/hooks/policy_engine.py +641 -0
  288. package/build/lib/hooks/post-tool-failure.py +19 -0
  289. package/build/lib/hooks/post-write.py +219 -0
  290. package/build/lib/hooks/post_write.py +46 -0
  291. package/build/lib/hooks/pre-compact.py +398 -0
  292. package/build/lib/hooks/pre-tool-inject.py +98 -0
  293. package/build/lib/hooks/prompt-enhancer.py +672 -0
  294. package/build/lib/hooks/quality-runner.py +191 -0
  295. package/build/lib/hooks/query.py +512 -0
  296. package/build/lib/hooks/secret-guard.py +61 -0
  297. package/build/lib/hooks/secret_audit.py +144 -0
  298. package/build/lib/hooks/security_validators.py +75 -0
  299. package/build/lib/hooks/session-end-capture.py +137 -0
  300. package/build/lib/hooks/session-start.py +277 -0
  301. package/build/lib/hooks/setup_wizard.py +646 -0
  302. package/build/lib/hooks/shadow_manager.py +344 -0
  303. package/build/lib/hooks/state_migration.py +225 -0
  304. package/build/lib/hooks/stop-gate.py +7 -0
  305. package/build/lib/hooks/stop_dispatcher.py +945 -0
  306. package/build/lib/hooks/test-validator.py +361 -0
  307. package/build/lib/hooks/test_generator_hook.py +123 -0
  308. package/build/lib/hooks/todo-state-tracker.py +114 -0
  309. package/build/lib/hooks/tool-ledger.py +149 -0
  310. package/build/lib/hooks/trust_review.py +585 -0
  311. package/build/lib/plugins/README.md +60 -0
  312. package/build/lib/plugins/__init__.py +1 -0
  313. package/build/lib/plugins/advanced/commands/OMG:code-review.md +114 -0
  314. package/build/lib/plugins/advanced/commands/OMG:deep-plan.md +265 -0
  315. package/build/lib/plugins/advanced/commands/OMG:handoff.md +115 -0
  316. package/build/lib/plugins/advanced/commands/OMG:learn.md +110 -0
  317. package/build/lib/plugins/advanced/commands/OMG:maintainer.md +31 -0
  318. package/build/lib/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  319. package/build/lib/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  320. package/build/lib/plugins/advanced/commands/OMG:security-review.md +16 -0
  321. package/build/lib/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  322. package/build/lib/plugins/advanced/commands/OMG:ship.md +46 -0
  323. package/build/lib/plugins/advanced/plugin.json +87 -0
  324. package/build/lib/plugins/core/plugin.json +145 -0
  325. package/build/lib/plugins/dephealth/__init__.py +0 -0
  326. package/build/lib/plugins/dephealth/cve_scanner.py +188 -0
  327. package/build/lib/plugins/dephealth/license_checker.py +135 -0
  328. package/build/lib/plugins/dephealth/manifest_detector.py +423 -0
  329. package/build/lib/plugins/dephealth/vuln_analyzer.py +169 -0
  330. package/build/lib/plugins/testgen/__init__.py +0 -0
  331. package/build/lib/plugins/testgen/codamosa_engine.py +402 -0
  332. package/build/lib/plugins/testgen/edge_case_synthesizer.py +184 -0
  333. package/build/lib/plugins/testgen/framework_detector.py +271 -0
  334. package/build/lib/plugins/testgen/skeleton_generator.py +219 -0
  335. package/build/lib/plugins/viz/__init__.py +0 -0
  336. package/build/lib/plugins/viz/ast_parser.py +139 -0
  337. package/build/lib/plugins/viz/diagram_generator.py +192 -0
  338. package/build/lib/plugins/viz/graph_builder.py +444 -0
  339. package/build/lib/plugins/viz/native_parsers.py +259 -0
  340. package/build/lib/plugins/viz/regex_parser.py +112 -0
  341. package/build/lib/registry/__init__.py +1 -0
  342. package/build/lib/registry/bundles/algorithms.yaml +45 -0
  343. package/build/lib/registry/bundles/api-twin.yaml +48 -0
  344. package/build/lib/registry/bundles/claim-judge.yaml +49 -0
  345. package/build/lib/registry/bundles/control-plane.yaml +151 -0
  346. package/build/lib/registry/bundles/data-lineage.yaml +47 -0
  347. package/build/lib/registry/bundles/delta-classifier.yaml +47 -0
  348. package/build/lib/registry/bundles/eval-gate.yaml +47 -0
  349. package/build/lib/registry/bundles/health.yaml +45 -0
  350. package/build/lib/registry/bundles/hook-governor.yaml +97 -0
  351. package/build/lib/registry/bundles/incident-replay.yaml +47 -0
  352. package/build/lib/registry/bundles/lsp-pack.yaml +48 -0
  353. package/build/lib/registry/bundles/mcp-fabric.yaml +53 -0
  354. package/build/lib/registry/bundles/plan-council.yaml +51 -0
  355. package/build/lib/registry/bundles/preflight.yaml +48 -0
  356. package/build/lib/registry/bundles/proof-gate.yaml +49 -0
  357. package/build/lib/registry/bundles/remote-supervisor.yaml +49 -0
  358. package/build/lib/registry/bundles/robotics.yaml +45 -0
  359. package/build/lib/registry/bundles/secure-worktree-pipeline.yaml +54 -0
  360. package/build/lib/registry/bundles/security-check.yaml +50 -0
  361. package/build/lib/registry/bundles/test-intent-lock.yaml +49 -0
  362. package/build/lib/registry/bundles/tracebank.yaml +47 -0
  363. package/build/lib/registry/bundles/vision.yaml +45 -0
  364. package/build/lib/registry/omg-capability.schema.json +296 -0
  365. package/build/lib/registry/verify_artifact.py +90 -0
  366. package/build/lib/runtime/__init__.py +32 -0
  367. package/build/lib/runtime/adapters/__init__.py +13 -0
  368. package/build/lib/runtime/adapters/claude.py +63 -0
  369. package/build/lib/runtime/adapters/gpt.py +56 -0
  370. package/build/lib/runtime/adapters/local.py +56 -0
  371. package/build/lib/runtime/adoption.py +212 -0
  372. package/build/lib/runtime/api_twin.py +450 -0
  373. package/build/lib/runtime/asset_loader.py +62 -0
  374. package/build/lib/runtime/business_workflow.py +234 -0
  375. package/build/lib/runtime/claim_judge.py +95 -0
  376. package/build/lib/runtime/cli_provider.py +85 -0
  377. package/build/lib/runtime/compat.py +1459 -0
  378. package/build/lib/runtime/contract_compiler.py +1918 -0
  379. package/build/lib/runtime/custom_agent_loader.py +366 -0
  380. package/build/lib/runtime/data_lineage.py +73 -0
  381. package/build/lib/runtime/delta_classifier.py +81 -0
  382. package/build/lib/runtime/dispatcher.py +47 -0
  383. package/build/lib/runtime/domain_packs.py +46 -0
  384. package/build/lib/runtime/ecosystem.py +371 -0
  385. package/build/lib/runtime/eval_gate.py +96 -0
  386. package/build/lib/runtime/guide_assert.py +45 -0
  387. package/build/lib/runtime/incident_replay.py +47 -0
  388. package/build/lib/runtime/legacy_compat.py +7 -0
  389. package/build/lib/runtime/mcp_config_writers.py +233 -0
  390. package/build/lib/runtime/mcp_lifecycle.py +175 -0
  391. package/build/lib/runtime/mcp_memory_server.py +135 -0
  392. package/build/lib/runtime/memory_parsers/__init__.py +0 -0
  393. package/build/lib/runtime/memory_parsers/chatgpt_parser.py +257 -0
  394. package/build/lib/runtime/memory_parsers/claude_import.py +107 -0
  395. package/build/lib/runtime/memory_parsers/export.py +97 -0
  396. package/build/lib/runtime/memory_parsers/gemini_import.py +91 -0
  397. package/build/lib/runtime/memory_parsers/kimi_import.py +91 -0
  398. package/build/lib/runtime/memory_store.py +215 -0
  399. package/build/lib/runtime/omc_compat.py +7 -0
  400. package/build/lib/runtime/omg_compat_contract_snapshot.json +916 -0
  401. package/build/lib/runtime/omg_contract_snapshot.json +916 -0
  402. package/build/lib/runtime/omg_mcp_server.py +212 -0
  403. package/build/lib/runtime/playwright_pack.py +169 -0
  404. package/build/lib/runtime/preflight.py +117 -0
  405. package/build/lib/runtime/proof_chain.py +228 -0
  406. package/build/lib/runtime/proof_gate.py +163 -0
  407. package/build/lib/runtime/providers/__init__.py +0 -0
  408. package/build/lib/runtime/providers/codex_provider.py +102 -0
  409. package/build/lib/runtime/providers/gemini_provider.py +109 -0
  410. package/build/lib/runtime/providers/kimi_provider.py +132 -0
  411. package/build/lib/runtime/remote_supervisor.py +64 -0
  412. package/build/lib/runtime/runtime_profile.py +61 -0
  413. package/build/lib/runtime/security_check.py +965 -0
  414. package/build/lib/runtime/subagent_dispatcher.py +469 -0
  415. package/build/lib/runtime/team_router.py +1167 -0
  416. package/build/lib/runtime/test_intent_lock.py +91 -0
  417. package/build/lib/runtime/tmux_session_manager.py +169 -0
  418. package/build/lib/runtime/tracebank.py +95 -0
  419. package/build/lib/runtime/untrusted_content.py +269 -0
  420. package/commands/OMG:doctor.md +37 -0
  421. package/commands/OMG:preflight.md +1 -1
  422. package/control_plane/openapi.yaml +33 -1
  423. package/control_plane/server.py +26 -2
  424. package/control_plane/service.py +37 -0
  425. package/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +50 -3
  426. package/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +29 -0
  427. package/dist/enterprise/bundle/.claude-plugin/marketplace.json +5 -5
  428. package/dist/enterprise/bundle/.claude-plugin/plugin.json +1 -1
  429. package/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +1 -1
  430. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
  431. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +221 -0
  432. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
  433. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
  434. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
  435. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  436. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  437. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
  438. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  439. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
  440. package/dist/enterprise/bundle/plugins/advanced/plugin.json +87 -0
  441. package/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
  442. package/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
  443. package/dist/enterprise/bundle/registry/bundles/control-plane.yaml +91 -1
  444. package/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
  445. package/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
  446. package/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
  447. package/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
  448. package/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
  449. package/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
  450. package/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
  451. package/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  452. package/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
  453. package/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  454. package/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
  455. package/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  456. package/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
  457. package/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
  458. package/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
  459. package/dist/enterprise/bundle/registry/omg-capability.schema.json +217 -1
  460. package/dist/enterprise/bundle/settings.json +219 -6
  461. package/dist/enterprise/manifest.json +73 -25
  462. package/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +50 -3
  463. package/dist/public/bundle/.agents/skills/omg/codex-rules.md +29 -0
  464. package/dist/public/bundle/.claude-plugin/marketplace.json +5 -5
  465. package/dist/public/bundle/.claude-plugin/plugin.json +1 -1
  466. package/dist/public/bundle/OMG_COMPAT_CONTRACT.md +1 -1
  467. package/dist/public/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
  468. package/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +221 -0
  469. package/dist/public/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
  470. package/dist/public/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
  471. package/dist/public/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
  472. package/dist/public/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  473. package/dist/public/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  474. package/dist/public/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
  475. package/dist/public/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  476. package/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
  477. package/dist/public/bundle/plugins/advanced/plugin.json +87 -0
  478. package/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
  479. package/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
  480. package/dist/public/bundle/registry/bundles/control-plane.yaml +91 -1
  481. package/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
  482. package/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
  483. package/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
  484. package/dist/public/bundle/registry/bundles/health.yaml +1 -1
  485. package/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
  486. package/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
  487. package/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
  488. package/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  489. package/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
  490. package/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  491. package/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
  492. package/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  493. package/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
  494. package/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
  495. package/dist/public/bundle/registry/bundles/vision.yaml +1 -1
  496. package/dist/public/bundle/registry/omg-capability.schema.json +217 -1
  497. package/dist/public/bundle/settings.json +218 -3
  498. package/dist/public/manifest.json +73 -25
  499. package/docs/proof.md +16 -6
  500. package/docs/release-checklist.md +2 -0
  501. package/hooks/policy_engine.py +122 -17
  502. package/hooks/setup_wizard.py +52 -12
  503. package/hooks/shadow_manager.py +21 -0
  504. package/package.json +2 -2
  505. package/plugins/README.md +5 -1
  506. package/plugins/advanced/commands/OMG:deep-plan.md +50 -6
  507. package/plugins/advanced/commands/OMG:ship.md +1 -1
  508. package/plugins/advanced/plugin.json +1 -10
  509. package/plugins/core/plugin.json +7 -1
  510. package/pyproject.toml +2 -2
  511. package/registry/bundles/algorithms.yaml +1 -1
  512. package/registry/bundles/api-twin.yaml +1 -1
  513. package/registry/bundles/claim-judge.yaml +49 -0
  514. package/registry/bundles/control-plane.yaml +91 -1
  515. package/registry/bundles/data-lineage.yaml +1 -1
  516. package/registry/bundles/delta-classifier.yaml +1 -1
  517. package/registry/bundles/eval-gate.yaml +1 -1
  518. package/registry/bundles/health.yaml +1 -1
  519. package/registry/bundles/hook-governor.yaml +1 -1
  520. package/registry/bundles/incident-replay.yaml +1 -1
  521. package/registry/bundles/lsp-pack.yaml +1 -1
  522. package/registry/bundles/mcp-fabric.yaml +1 -1
  523. package/registry/bundles/plan-council.yaml +51 -0
  524. package/registry/bundles/preflight.yaml +1 -1
  525. package/registry/bundles/proof-gate.yaml +49 -0
  526. package/registry/bundles/remote-supervisor.yaml +1 -1
  527. package/registry/bundles/robotics.yaml +1 -1
  528. package/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  529. package/registry/bundles/security-check.yaml +1 -1
  530. package/registry/bundles/test-intent-lock.yaml +49 -0
  531. package/registry/bundles/tracebank.yaml +1 -1
  532. package/registry/bundles/vision.yaml +1 -1
  533. package/registry/omg-capability.schema.json +217 -1
  534. package/runtime/adoption.py +1 -1
  535. package/runtime/api_twin.py +279 -8
  536. package/runtime/business_workflow.py +14 -0
  537. package/runtime/claim_judge.py +95 -0
  538. package/runtime/compat.py +139 -0
  539. package/runtime/contract_compiler.py +1099 -28
  540. package/runtime/ecosystem.py +1 -1
  541. package/runtime/eval_gate.py +48 -2
  542. package/runtime/mcp_config_writers.py +12 -0
  543. package/runtime/mcp_lifecycle.py +31 -9
  544. package/runtime/mcp_memory_server.py +1 -1
  545. package/runtime/omg_compat_contract_snapshot.json +1 -1
  546. package/runtime/omg_contract_snapshot.json +1 -1
  547. package/runtime/omg_mcp_server.py +13 -8
  548. package/runtime/playwright_pack.py +169 -0
  549. package/runtime/preflight.py +45 -1
  550. package/runtime/proof_chain.py +228 -0
  551. package/runtime/proof_gate.py +163 -0
  552. package/runtime/security_check.py +523 -22
  553. package/runtime/team_router.py +6 -6
  554. package/runtime/test_intent_lock.py +91 -0
  555. package/runtime/tracebank.py +43 -1
  556. package/runtime/untrusted_content.py +172 -5
  557. package/scripts/check-omg-public-ready.py +77 -0
  558. package/scripts/omg.py +28 -9
  559. package/scripts/verify-standalone.sh +7 -0
  560. package/settings.json +219 -6
@@ -1,7 +1,7 @@
1
1
  openapi: 3.1.0
2
2
  info:
3
3
  title: OMG Control Plane API
4
- version: 2.0.5
4
+ version: 2.0.7
5
5
  description: Policy/trust/evidence/runtime/registry/lab endpoints for OMG v2, with deprecated v1 aliases for one release.
6
6
  servers:
7
7
  - url: https://api.omg.local
@@ -62,6 +62,12 @@ paths:
62
62
  /v2/security/check:
63
63
  post:
64
64
  summary: Run canonical OMG security check
65
+ requestBody:
66
+ required: false
67
+ content:
68
+ application/json:
69
+ schema:
70
+ $ref: '#/components/schemas/SecurityCheckInput'
65
71
  responses:
66
72
  '200':
67
73
  description: Security check result
@@ -190,6 +196,32 @@ components:
190
196
  type: integer
191
197
  verdict:
192
198
  type: string
199
+ SecurityCheckInput:
200
+ type: object
201
+ properties:
202
+ scope:
203
+ type: string
204
+ default: "."
205
+ description: Directory scope to scan
206
+ include_live_enrichment:
207
+ type: boolean
208
+ default: false
209
+ description: Whether to include live enrichment data
210
+ external_inputs:
211
+ type: array
212
+ nullable: true
213
+ items:
214
+ type: object
215
+ description: External input sources to include in provenance
216
+ waivers:
217
+ type: array
218
+ nullable: true
219
+ items:
220
+ oneOf:
221
+ - type: string
222
+ - type: object
223
+ description: Finding identifiers or waiver objects to suppress matched findings
224
+ additionalProperties: false
193
225
  SecurityCheckResult:
194
226
  type: object
195
227
  required: [schema, status, scope, findings, summary, provenance, trust_scores]
@@ -106,14 +106,38 @@ def run_server(host: str = "127.0.0.1", port: int = 8787, project_dir: str | Non
106
106
  server.server_close()
107
107
 
108
108
 
109
+ _LOOPBACK_HOSTS = frozenset({"127.0.0.1", "localhost", "::1"})
110
+
111
+
109
112
  def _main() -> int:
110
113
  parser = argparse.ArgumentParser(description="Run OMG control-plane API server")
111
114
  parser.add_argument("--host", default="127.0.0.1")
112
115
  parser.add_argument("--port", type=int, default=8787)
113
116
  parser.add_argument("--project-dir", default=None)
117
+ parser.add_argument(
118
+ "--unsafe", action="store_true",
119
+ help="Allow binding to non-loopback addresses (no auth; use at own risk)",
120
+ )
121
+ parser.add_argument(
122
+ "--dev", action="store_true",
123
+ help="Development mode — implies --unsafe for non-loopback binding",
124
+ )
114
125
  args = parser.parse_args()
115
- if args.host != "127.0.0.1":
116
- print(f"⚠ WARNING: Binding to {args.host} exposes the control plane to the network. No authentication is configured.", file=sys.stderr)
126
+
127
+ if args.host not in _LOOPBACK_HOSTS:
128
+ if not (args.unsafe or args.dev):
129
+ print(
130
+ f"ERROR: Binding to '{args.host}' exposes the control plane to the network.\n"
131
+ "No authentication is configured. This is blocked by default.\n"
132
+ "Pass --unsafe or --dev to override.",
133
+ file=sys.stderr,
134
+ )
135
+ return 1
136
+ print(
137
+ f"⚠ WARNING: Binding to {args.host} with {'--unsafe' if args.unsafe else '--dev'} flag. "
138
+ "No authentication is configured.",
139
+ file=sys.stderr,
140
+ )
117
141
 
118
142
  run_server(args.host, args.port, args.project_dir)
119
143
  return 0
@@ -113,10 +113,47 @@ class ControlPlaneService:
113
113
  def security_check(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
114
114
  scope = str(payload.get("scope", "."))
115
115
  include_live_enrichment = bool(payload.get("include_live_enrichment", False))
116
+ external_inputs = payload.get("external_inputs")
117
+ waivers = payload.get("waivers")
118
+
119
+ # Normalize external_inputs: must be list of dicts or None
120
+ if external_inputs is not None:
121
+ if not isinstance(external_inputs, list):
122
+ return 400, {
123
+ "status": "error",
124
+ "error_code": "INVALID_EXTERNAL_INPUTS",
125
+ "message": "external_inputs must be a list of objects or null",
126
+ }
127
+ # Validate each item is a dict
128
+ for item in external_inputs:
129
+ if not isinstance(item, dict):
130
+ return 400, {
131
+ "status": "error",
132
+ "error_code": "INVALID_EXTERNAL_INPUTS",
133
+ "message": "each item in external_inputs must be an object",
134
+ }
135
+
136
+ if waivers is not None:
137
+ if not isinstance(waivers, list):
138
+ return 400, {
139
+ "status": "error",
140
+ "error_code": "INVALID_WAIVERS",
141
+ "message": "waivers must be a list of finding identifiers or objects",
142
+ }
143
+ for item in waivers:
144
+ if not isinstance(item, (str, dict)):
145
+ return 400, {
146
+ "status": "error",
147
+ "error_code": "INVALID_WAIVERS",
148
+ "message": "each waiver must be a string or object",
149
+ }
150
+
116
151
  result = run_security_check(
117
152
  project_dir=self.project_dir,
118
153
  scope=scope,
119
154
  include_live_enrichment=include_live_enrichment,
155
+ external_inputs=external_inputs,
156
+ waivers=waivers,
120
157
  )
121
158
  return 200, result
122
159
 
@@ -1,5 +1,52 @@
1
- # OMG Codex Protection Rules
1
+ # OMG Codex Governance (channel: enterprise)
2
2
 
3
- - Channel: `enterprise`
4
- - Protect `.omg/`, `.agents/`, `.codex/`, and `.claude/` from unreviewed mutation.
3
+ ## Build & Test
4
+
5
+ ```bash
6
+ python3 -m pytest tests -q
7
+ python3 scripts/omg.py contract validate
8
+ python3 scripts/omg.py contract compile --host codex --channel enterprise
9
+ ```
10
+
11
+ ## Protected Paths
12
+
13
+ The following paths require tier-gated review before mutation:
14
+
15
+ - `.omg/**`
16
+ - `.agents/**`
17
+ - `.codex/**`
18
+ - `.claude/**`
19
+
20
+ ## Evidence Contract
21
+
22
+ Every production action must emit evidence containing these fields:
23
+
24
+ - `executor`
25
+ - `lineage`
26
+ - `timestamp`
27
+ - `trace_id`
28
+
29
+ ## Required Skills
30
+
31
+ - `omg/control-plane`
32
+ - `omg/mcp-fabric`
33
+
34
+ ## Web Search Policy
35
+
36
+ - Prefer cached results over live network requests.
37
+ - Do NOT initiate live web searches unless explicitly instructed.
38
+ - Use `context7` or local documentation before external lookups.
39
+ - Set `cached_web_search: prefer_cached` as the default.
40
+
41
+ ## Approval Constraints
42
+
43
+ - Destructive file operations require explicit user approval.
44
+ - `git push --force` and branch deletions require explicit approval.
45
+ - Production deployments require explicit approval.
46
+ - Mutations to protected paths require tier-gated approval.
47
+
48
+ ## Rules & Automations
49
+
50
+ - Rules: `protected_paths, explicit_invocation`
51
+ - Automations: `contract-compile, release-readiness`
5
52
  - Require explicit invocation for production-control-plane skills.
@@ -0,0 +1,29 @@
1
+ # OMG Codex Rules (channel: enterprise)
2
+
3
+ ## Defaults
4
+
5
+ - `cached_web_search: prefer_cached`
6
+ - `live_network: deny_by_default`
7
+ - `destructive_approval: required`
8
+
9
+ ## Protected Paths
10
+
11
+ - `.omg/**`
12
+ - `.agents/**`
13
+ - `.codex/**`
14
+ - `.claude/**`
15
+
16
+ ## Required Skills
17
+
18
+ - `omg/control-plane`
19
+ - `omg/mcp-fabric`
20
+
21
+ ## Approval Matrix
22
+
23
+ | Action | Approval Required |
24
+ |--------|------------------|
25
+ | Read / Grep | No |
26
+ | Write to protected paths | Yes |
27
+ | Bash (python3:*) | Yes (balanced+ tier) |
28
+ | git push --force | Yes |
29
+ | Production deploy | Yes |
@@ -5,16 +5,16 @@
5
5
  "name": "trac3er00"
6
6
  },
7
7
  "metadata": {
8
- "description": "OMG - Oh-My-God for Claude Code",
9
- "version": "2.0.5",
8
+ "description": "OMG - Oh-My-God for Claude Code and supported agent hosts",
9
+ "version": "2.0.7",
10
10
  "homepage": "https://github.com/trac3er00/OMG",
11
11
  "repository": "https://github.com/trac3er00/OMG"
12
12
  },
13
13
  "plugins": [
14
14
  {
15
15
  "name": "omg",
16
- "description": "OMG plugin layer for Claude Code with native setup, orchestration, and interop.",
17
- "version": "2.0.5",
16
+ "description": "OMG plugin layer for Claude Code and supported agent hosts with native setup, orchestration, and interop.",
17
+ "version": "2.0.7",
18
18
  "source": "./",
19
19
  "author": {
20
20
  "name": "trac3er00"
@@ -32,5 +32,5 @@
32
32
  ]
33
33
  }
34
34
  ],
35
- "version": "2.0.5"
35
+ "version": "2.0.7"
36
36
  }
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "omg",
3
- "version": "2.0.5",
3
+ "version": "2.0.7",
4
4
  "description": "OMG plugin layer for Claude Code with native setup, orchestration, and interop.",
5
5
  "author": {
6
6
  "name": "trac3er00"
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  title: OMG Production Control Plane
3
- version: 2.0.5
3
+ version: 2.0.7
4
4
  canonical_hosts:
5
5
  - claude
6
6
  - codex
@@ -0,0 +1,114 @@
1
+ ---
2
+ description: Deep code review — reads file completely, checks line-by-line for issues, then analyzes whole-file structure. Enforces code hygiene.
3
+ allowed-tools: Read, Bash(cat:*), Bash(grep:*), Bash(wc:*), Bash(head:*), Bash(find:*), Bash(rg:*), Grep, Glob
4
+ argument-hint: "[file path or 'recent' for git-changed files]"
5
+ ---
6
+
7
+ # /OMG:code-review — Line-by-Line + Structural Review
8
+
9
+ ## Philosophy
10
+ Two passes: LINE-BY-LINE precision, then WHOLE-FILE understanding.
11
+ Don't just scan — READ and UNDERSTAND every line.
12
+
13
+ ## Step 1: Determine Scope
14
+
15
+ - If file specified: review that file
16
+ - If "recent" or no argument: review uncommitted changes
17
+ ```bash
18
+ git diff --name-only HEAD 2>/dev/null
19
+ git diff --cached --name-only 2>/dev/null
20
+ ```
21
+
22
+ ## Step 2: Read the FULL File First
23
+
24
+ Read the ENTIRE file. Not just the changed part. Not just a function.
25
+ Understanding comes from seeing the whole context.
26
+
27
+ Note:
28
+ - What does this file DO? (its purpose in the system)
29
+ - What are its DEPENDENCIES? (imports, calls)
30
+ - What does it EXPORT? (public API)
31
+
32
+ ## Step 3: Line-by-Line Scan
33
+
34
+ For each line, check:
35
+
36
+ **Correctness:**
37
+ - Logic errors (off-by-one, null checks, type mismatches)
38
+ - Missing error handling (unhandled promises, bare except, no null check)
39
+ - Race conditions (shared state, async without await, unchecked concurrent access)
40
+
41
+ **Security (if auth/payment/database):**
42
+ - Hardcoded secrets → CRITICAL
43
+ - SQL injection (string concatenation in queries) → CRITICAL
44
+ - XSS (innerHTML, dangerouslySetInnerHTML) → HIGH
45
+ - Missing input validation → MEDIUM
46
+ - Overly permissive CORS/cookies → MEDIUM
47
+
48
+ **Hygiene:**
49
+ - Dead code (unused imports, variables, unreachable branches)
50
+ - Noise comments ("increment i", "return result", "constructor")
51
+ - console.log/print left in production code
52
+ - TODO/FIXME/HACK without tracking
53
+ - Overly complex functions (>40 lines → suggest extract)
54
+ - Duplicated logic (same pattern in 2+ places → suggest DRY)
55
+
56
+ ## Step 4: Whole-File Structure Analysis
57
+
58
+ After line-by-line:
59
+ - Does the file do ONE thing well, or is it a dumping ground?
60
+ - Are functions ordered logically? (public first, helpers after, or lifecycle order)
61
+ - Is naming consistent? (camelCase throughout? PascalCase for classes?)
62
+ - Does it follow the project's domain pattern? (check .omg/knowledge/domain-patterns/)
63
+ - Any circular dependencies?
64
+ - Is error handling consistent across all functions?
65
+
66
+ ## Step 5: Report
67
+
68
+ ```
69
+ Code Review — [file]
70
+ ━━━━━━━━━━━━━━━━━━━━
71
+
72
+ Structure: [CLEAN | NEEDS_WORK | MESSY]
73
+ Security: [SAFE | REVIEW_NEEDED | CRITICAL]
74
+ Hygiene: [CLEAN | NEEDS_CLEANUP]
75
+
76
+ Issues:
77
+ [line:col] CRITICAL: [description]
78
+ [line:col] HIGH: [description]
79
+ [line:col] MEDIUM: [description]
80
+ [line:col] LOW: [description]
81
+
82
+ Dead Code:
83
+ [line] unused import: [name]
84
+ [line] unreachable after return
85
+
86
+ Noise Comments (remove these):
87
+ [line] "// increment counter"
88
+ [line] "// return the value"
89
+
90
+ Structural:
91
+ - [function] is [N] lines — consider extracting [suggestion]
92
+ - [pattern] duplicated at lines [X] and [Y]
93
+
94
+ Recommendation: [summary of what to fix, in priority order]
95
+ ```
96
+
97
+ ## Step 6: For Security-Critical Files
98
+
99
+ If the file touches auth, payment, or database:
100
+ ```
101
+ /OMG:escalate codex "Line-by-line security review of [file]. Check:
102
+ 1. Every input validation point
103
+ 2. Every database query for injection
104
+ 3. Every auth check for bypass
105
+ 4. Every secret reference for hardcoding
106
+ Report: line numbers + severity + fix suggestion"
107
+ ```
108
+
109
+ ## Anti-patterns
110
+ - DON'T skim and say "looks good" — read every line
111
+ - DON'T only check the diff — read the full file for context
112
+ - DON'T ignore test files — they can have real issues too
113
+ - DON'T add more noise comments as "fixes" — remove them instead
114
+ - DON'T suggest unnecessary code as improvements
@@ -0,0 +1,221 @@
1
+ ---
2
+ description: Deep strategic planning — understands user direction, asks smart questions, creates comprehensive plan with domain awareness
3
+ allowed-tools: Read, Write, Edit, MultiEdit, Bash(find:*), Bash(cat:*), Bash(git:*), Bash(wc:*), Bash(tree:*), Bash(mkdir:*), Bash(tee:*), Grep, Glob
4
+ argument-hint: "[feature or goal to plan]"
5
+ ---
6
+
7
+ # /OMG:deep-plan — Strategic Planning with Direction Understanding
8
+
9
+ ## Philosophy
10
+ Regular planning = "what steps to take."
11
+ Deep planning = "understand WHY the user wants this, WHAT direction they're heading, and HOW it fits the bigger picture."
12
+
13
+ ## Step 1: Direction Discovery (MANDATORY)
14
+
15
+ Do not assume goals, constraints, or context. Extract direction from:
16
+ - user prompt
17
+ - `.omg/state/handoff.md`
18
+ - `.omg/state/ledger/failure-tracker.json`
19
+ - current repo structure and patterns
20
+
21
+ Before planning anything, understand:
22
+ 1. **User's real goal** — Often the stated request is one step toward something bigger. Ask: "What's the end state you're imagining?"
23
+ 2. **User's constraints** — Time, budget, existing code, team preferences, tech stack decisions already made.
24
+ 3. **User's domain knowledge** — Are they expert in this domain (follow their lead) or exploring (guide them)?
25
+ 4. **What they've already tried** — Check .omg/state/handoff.md, failure-tracker.json, git log.
26
+
27
+ If direction is still ambiguous after repo exploration, ask only minimal focused questions.
28
+
29
+ Examples of BAD questions: "What framework do you want?" "What's your deadline?"
30
+ Examples of GOOD questions:
31
+ - "I see you have a Stripe integration started in /src/payment/. Are you building on that, or replacing it?"
32
+ - "Your auth uses JWT in cookies. Should the new feature respect that pattern, or are you migrating to sessions?"
33
+ - "The DB schema has 3 user types. Does this feature apply to all of them or just one?"
34
+
35
+ ## Step 2: Map the Domain
36
+
37
+ Read the codebase to understand the CURRENT state:
38
+ ```bash
39
+ # Directory structure
40
+ find . -type f -name "*.ts" -o -name "*.py" -o -name "*.go" | head -50
41
+
42
+ # Key architectural patterns
43
+ grep -rn "export class\|export function\|def \|func \|struct " src/ --include="*.{ts,py,go}" | head -30
44
+
45
+ # Existing domain boundaries
46
+ ls -la src/*/ # or app/*/ or packages/*/
47
+
48
+ # Data flow
49
+ grep -rn "import.*from\|require(" src/ --include="*.{ts,js}" | head -20
50
+ ```
51
+
52
+ If DDD reference patterns exist (see .omg/knowledge/ or existing domain modules):
53
+ - Read the reference domain FIRST
54
+ - Plan the new feature to MATCH the pattern
55
+ - Note any intentional deviations with WHY
56
+
57
+ ## Step 3: Create the Deep Plan
58
+
59
+ Use Bash heredoc to write `.omg/state/_plan.md` (and `.omg/idea.yml`). Do NOT use the `Write` tool — it requires a prior Read which is unnecessary for fresh plan creation:
60
+
61
+ ```markdown
62
+ # Deep Plan: [Feature Name]
63
+ Created: [date]
64
+ CHANGE_BUDGET=[small|medium|large]
65
+
66
+ ## Direction
67
+ [1-2 sentences: what the user is building toward, not just this task]
68
+
69
+ ## Domain Context
70
+ Reference pattern: [file/module that sets the pattern]
71
+ Bounded contexts affected: [list]
72
+ Key interfaces: [list the interfaces/types this touches]
73
+
74
+ ## Architecture Decisions
75
+ - [Decision]: [chosen approach] because [reason]
76
+ Alternatives considered: [what was rejected and why]
77
+
78
+ ## Implementation Plan
79
+
80
+ ### Phase 1: Foundation [N files, ~M lines]
81
+ 1. [ ] [specific action] — [file] — [what and why]
82
+ 2. [ ] [specific action] — [file]
83
+
84
+ ### Phase 2: Core Logic [N files, ~M lines]
85
+ 3. [ ] [specific action]
86
+ 4. [ ] [specific action]
87
+
88
+ ### Phase 3: Integration + Security [N files, ~M lines]
89
+ 5. [ ] [specific action]
90
+ 6. [ ] Security review: /OMG:security-check [affected files]
91
+
92
+ ### Phase 4: Verification
93
+ 7. [ ] Tests: [what to test, how]
94
+ 8. [ ] Edge cases: [list]
95
+ 9. [ ] Manual verification: [steps]
96
+
97
+ ## Risk Map
98
+ - [Risk]: [mitigation]
99
+ - [Risk]: [mitigation]
100
+
101
+ ## What NOT to Do
102
+ - [Anti-pattern specific to this feature]
103
+ - [Approach that looks tempting but will fail because...]
104
+
105
+ ## Files to Read Before Starting
106
+ 1. [file] — [why: contains the reference pattern]
107
+ 2. [file] — [why: defines the interface this must implement]
108
+ ```
109
+
110
+ ## Step 4: Present and Iterate
111
+
112
+ Show the plan to the user. Ask:
113
+ - "Does this match the direction you're thinking?"
114
+ - "Anything I'm missing about your goals?"
115
+ - "Should I adjust the scope or priority?"
116
+
117
+ Update the plan based on feedback BEFORE starting implementation.
118
+
119
+ ## Step 4.5: Codex Plan Validation (MANDATORY)
120
+
121
+ Before implementation, run a dedicated Codex validation pass on the final plan.
122
+
123
+ Checklist for Codex validation:
124
+ - ordering and dependency correctness
125
+ - hidden edge cases and rollback gaps
126
+ - security/performance blind spots
127
+ - missing verification steps
128
+
129
+ Only after applying those corrections, continue to execution.
130
+
131
+ ## Step 4.6: Multi-Agent Bootstrap (MANDATORY)
132
+
133
+ After validation, launch exactly 5 planning tracks with mixed-model intent using OMG-native routing (same planning discipline as OMG):
134
+
135
+ 1. Architect track (Claude)
136
+ 2. Backend track (GPT/Codex)
137
+ 3. Frontend track (Gemini)
138
+ 4. Security track (GPT/Codex)
139
+ 5. Verification track (Claude)
140
+
141
+ Dispatch pattern is mandatory: all 5 tracks launch in parallel as background sub-agents.
142
+
143
+ ```python
144
+ task(subagent_type="explore", run_in_background=true, load_skills=[], description="Architect planning track", prompt="...")
145
+ task(subagent_type="explore", run_in_background=true, load_skills=[], description="Backend planning track", prompt="...")
146
+ task(subagent_type="explore", run_in_background=true, load_skills=[], description="Frontend planning track", prompt="...")
147
+ task(subagent_type="explore", run_in_background=true, load_skills=[], description="Security planning track", prompt="...")
148
+ task(subagent_type="explore", run_in_background=true, load_skills=[], description="Verification planning track", prompt="...")
149
+ ```
150
+
151
+ Collection and merge protocol:
152
+ - collect every track using `background_output(task_id="...")`
153
+ - run a `sequential-thinking` merge pass to resolve conflicts and ordering
154
+ - emit one final executable checklist only after the merge pass
155
+
156
+ Each track must return:
157
+ - concrete plan steps
158
+ - risk notes
159
+ - verification commands
160
+
161
+ Then merge outputs into a single execution checklist before implementation.
162
+
163
+ ## Step 5: Generate Checklist
164
+
165
+ Convert the plan into `.omg/state/_checklist.md` with concrete steps.
166
+ Each step should be completable in ONE tool interaction (not "implement the feature").
167
+
168
+ ## Step 5.5: Business Workflow Contract (MANDATORY)
169
+
170
+ Deep-plan owns the business-style delivery workflow and task-plan contract.
171
+
172
+ Always generate a normalized workflow path and task plan directly from user instructions:
173
+
174
+ - canonical stages: `plan -> implement -> qa -> simulate -> final_test -> production`
175
+ - accepted user path keys: `workflow`, `path`, `delivery_path`, `workflow_path`
176
+ - accepted stage aliases:
177
+ - `planning -> plan`
178
+ - `implementation|build -> implement`
179
+ - `quality|quality_assurance -> qa`
180
+ - `testing|test -> final_test`
181
+ - `prod|deploy -> production`
182
+
183
+ Rules:
184
+ 1. If user provides a partial path, keep user order and append missing canonical stages.
185
+ 2. If user provides no path, use the full canonical path.
186
+ 3. Build tasks from:
187
+ - `user_instructions[]` (source of truth for requested workflow)
188
+ - `constraints[]` (delivery boundaries)
189
+ - `acceptance[]` (final test criteria)
190
+ 4. Include stage readiness for production handoff:
191
+ - `production=ready` only when QA/simulation/final_test gates pass.
192
+
193
+ Persist this contract into planning artifacts:
194
+ - `.omg/state/_plan.md` (human-readable plan)
195
+ - `.omg/state/_checklist.md` (atomic execution items)
196
+ - include structured task metadata in the plan output (`stage`, `title`, `detail`, `source`).
197
+
198
+ ## Integration with DDD
199
+
200
+ If this is a new domain:
201
+ 1. Ask the user to write (or help write) the first domain reference
202
+ 2. Extract the pattern: naming convention, data flow, error handling style
203
+ 3. Document the pattern in .omg/knowledge/domain-patterns/[name].md
204
+ 4. Use the pattern for ALL subsequent domains
205
+
206
+ ## Idea-as-Code Contract (required)
207
+
208
+ Before leaving planning, ensure `.omg/idea.yml` exists with:
209
+ - `goal`
210
+ - `constraints[]`
211
+ - `acceptance[]`
212
+ - `risk.security[]|risk.performance[]|risk.compatibility[]`
213
+ - `evidence_required.tests[]|security_scans[]|reproducibility[]`
214
+
215
+ If missing, scaffold from template and fill from the conversation.
216
+
217
+ ## Anti-patterns
218
+ - Don't plan in your head and dump a wall of text — INTERACT with the user
219
+ - Don't make architecture decisions without checking existing patterns
220
+ - Don't create a plan with vague steps like "implement feature" — be specific
221
+ - Don't skip the Direction step — it's the difference between useful and useless