@trac3er/oh-my-god 2.0.7 → 2.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (400) hide show
  1. package/.claude-plugin/marketplace.json +3 -3
  2. package/.claude-plugin/plugin.json +1 -1
  3. package/.claude-plugin/scripts/uninstall.sh +1 -1
  4. package/.gemini/settings.json +11 -0
  5. package/.kimi/mcp.json +11 -0
  6. package/CHANGELOG.md +17 -0
  7. package/OMG-setup.sh +1 -1
  8. package/OMG_COMPAT_CONTRACT.md +14 -1
  9. package/README.md +2 -1
  10. package/artifacts/release/.agents/skills/omg/AGENTS.fragment.md +7 -1
  11. package/artifacts/release/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  12. package/artifacts/release/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  13. package/artifacts/release/.agents/skills/omg/codex-rules.md +4 -0
  14. package/artifacts/release/.agents/skills/omg/plan-council/SKILL.md +11 -0
  15. package/artifacts/release/.agents/skills/omg/plan-council/openai.yaml +12 -0
  16. package/artifacts/release/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  17. package/artifacts/release/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  18. package/artifacts/release/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  19. package/artifacts/release/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  20. package/artifacts/release/.claude-plugin/marketplace.json +3 -3
  21. package/artifacts/release/.claude-plugin/plugin.json +1 -1
  22. package/artifacts/release/.mcp.json +0 -22
  23. package/artifacts/release/OMG_COMPAT_CONTRACT.md +8 -1
  24. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
  25. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  26. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  27. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +4 -0
  28. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  29. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  30. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  31. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  32. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  33. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  34. package/artifacts/release/dist/enterprise/bundle/.claude-plugin/marketplace.json +36 -0
  35. package/artifacts/release/dist/enterprise/bundle/.claude-plugin/plugin.json +23 -0
  36. package/artifacts/release/dist/enterprise/bundle/.mcp.json +18 -0
  37. package/artifacts/release/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +8 -1
  38. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
  39. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +266 -0
  40. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
  41. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
  42. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
  43. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  44. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  45. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
  46. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  47. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
  48. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/plugin.json +87 -0
  49. package/artifacts/release/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
  50. package/artifacts/release/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
  51. package/artifacts/release/dist/enterprise/bundle/registry/bundles/claim-judge.yaml +49 -0
  52. package/artifacts/release/dist/enterprise/bundle/registry/bundles/control-plane.yaml +1 -1
  53. package/artifacts/release/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
  54. package/artifacts/release/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
  55. package/artifacts/release/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
  56. package/artifacts/release/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
  57. package/artifacts/release/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
  58. package/artifacts/release/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
  59. package/artifacts/release/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
  60. package/artifacts/release/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  61. package/artifacts/release/dist/enterprise/bundle/registry/bundles/plan-council.yaml +51 -0
  62. package/artifacts/release/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
  63. package/artifacts/release/dist/enterprise/bundle/registry/bundles/proof-gate.yaml +49 -0
  64. package/artifacts/release/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  65. package/artifacts/release/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
  66. package/artifacts/release/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  67. package/artifacts/release/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
  68. package/artifacts/release/dist/enterprise/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  69. package/artifacts/release/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
  70. package/artifacts/release/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
  71. package/artifacts/release/dist/enterprise/bundle/registry/omg-capability.schema.json +1 -1
  72. package/artifacts/release/dist/enterprise/bundle/settings.json +598 -0
  73. package/artifacts/release/dist/enterprise/manifest.json +131 -23
  74. package/artifacts/release/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +55 -4
  75. package/artifacts/release/dist/public/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  76. package/artifacts/release/dist/public/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  77. package/artifacts/release/dist/public/bundle/.agents/skills/omg/codex-rules.md +33 -0
  78. package/artifacts/release/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  79. package/artifacts/release/dist/public/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  80. package/artifacts/release/dist/public/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  81. package/artifacts/release/dist/public/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  82. package/artifacts/release/dist/public/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  83. package/artifacts/release/dist/public/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  84. package/artifacts/release/dist/public/bundle/.claude-plugin/marketplace.json +3 -3
  85. package/artifacts/release/dist/public/bundle/.claude-plugin/plugin.json +1 -1
  86. package/artifacts/release/dist/public/bundle/.mcp.json +0 -22
  87. package/artifacts/release/dist/public/bundle/OMG_COMPAT_CONTRACT.md +8 -1
  88. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
  89. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +266 -0
  90. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
  91. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
  92. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
  93. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  94. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  95. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
  96. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  97. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
  98. package/artifacts/release/dist/public/bundle/plugins/advanced/plugin.json +87 -0
  99. package/artifacts/release/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
  100. package/artifacts/release/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
  101. package/artifacts/release/dist/public/bundle/registry/bundles/claim-judge.yaml +49 -0
  102. package/artifacts/release/dist/public/bundle/registry/bundles/control-plane.yaml +1 -1
  103. package/artifacts/release/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
  104. package/artifacts/release/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
  105. package/artifacts/release/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
  106. package/artifacts/release/dist/public/bundle/registry/bundles/health.yaml +1 -1
  107. package/artifacts/release/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
  108. package/artifacts/release/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
  109. package/artifacts/release/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
  110. package/artifacts/release/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  111. package/artifacts/release/dist/public/bundle/registry/bundles/plan-council.yaml +51 -0
  112. package/artifacts/release/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
  113. package/artifacts/release/dist/public/bundle/registry/bundles/proof-gate.yaml +49 -0
  114. package/artifacts/release/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  115. package/artifacts/release/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
  116. package/artifacts/release/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  117. package/artifacts/release/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
  118. package/artifacts/release/dist/public/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  119. package/artifacts/release/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
  120. package/artifacts/release/dist/public/bundle/registry/bundles/vision.yaml +1 -1
  121. package/artifacts/release/dist/public/bundle/registry/omg-capability.schema.json +1 -1
  122. package/artifacts/release/dist/public/bundle/settings.json +76 -4
  123. package/artifacts/release/dist/public/manifest.json +122 -26
  124. package/artifacts/release/plugins/advanced/commands/OMG:code-review.md +114 -0
  125. package/artifacts/release/plugins/advanced/commands/OMG:deep-plan.md +266 -0
  126. package/artifacts/release/plugins/advanced/commands/OMG:handoff.md +115 -0
  127. package/artifacts/release/plugins/advanced/commands/OMG:learn.md +110 -0
  128. package/artifacts/release/plugins/advanced/commands/OMG:maintainer.md +31 -0
  129. package/artifacts/release/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  130. package/artifacts/release/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  131. package/artifacts/release/plugins/advanced/commands/OMG:security-review.md +16 -0
  132. package/artifacts/release/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  133. package/artifacts/release/plugins/advanced/commands/OMG:ship.md +46 -0
  134. package/artifacts/release/plugins/advanced/plugin.json +87 -0
  135. package/artifacts/release/registry/bundles/algorithms.yaml +1 -1
  136. package/artifacts/release/registry/bundles/api-twin.yaml +1 -1
  137. package/artifacts/release/registry/bundles/claim-judge.yaml +49 -0
  138. package/artifacts/release/registry/bundles/control-plane.yaml +1 -1
  139. package/artifacts/release/registry/bundles/data-lineage.yaml +1 -1
  140. package/artifacts/release/registry/bundles/delta-classifier.yaml +1 -1
  141. package/artifacts/release/registry/bundles/eval-gate.yaml +1 -1
  142. package/artifacts/release/registry/bundles/health.yaml +1 -1
  143. package/artifacts/release/registry/bundles/hook-governor.yaml +1 -1
  144. package/artifacts/release/registry/bundles/incident-replay.yaml +1 -1
  145. package/artifacts/release/registry/bundles/lsp-pack.yaml +1 -1
  146. package/artifacts/release/registry/bundles/mcp-fabric.yaml +1 -1
  147. package/artifacts/release/registry/bundles/plan-council.yaml +51 -0
  148. package/artifacts/release/registry/bundles/preflight.yaml +1 -1
  149. package/artifacts/release/registry/bundles/proof-gate.yaml +49 -0
  150. package/artifacts/release/registry/bundles/remote-supervisor.yaml +1 -1
  151. package/artifacts/release/registry/bundles/robotics.yaml +1 -1
  152. package/artifacts/release/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  153. package/artifacts/release/registry/bundles/security-check.yaml +1 -1
  154. package/artifacts/release/registry/bundles/test-intent-lock.yaml +49 -0
  155. package/artifacts/release/registry/bundles/tracebank.yaml +1 -1
  156. package/artifacts/release/registry/bundles/vision.yaml +1 -1
  157. package/artifacts/release/registry/omg-capability.schema.json +1 -1
  158. package/artifacts/release/settings.json +7 -3
  159. package/build/lib/commands/OMG:forge.md +92 -0
  160. package/build/lib/commands/OMG:mode.md +13 -13
  161. package/build/lib/commands/OMG:session-branch.md +17 -1
  162. package/build/lib/commands/OMG:session-fork.md +5 -1
  163. package/build/lib/commands/OMG:session-merge.md +5 -1
  164. package/build/lib/control_plane/openapi.yaml +1 -1
  165. package/build/lib/control_plane/server.py +4 -0
  166. package/build/lib/control_plane/service.py +55 -0
  167. package/build/lib/hooks/setup_wizard.py +21 -1
  168. package/build/lib/hooks/shadow_manager.py +25 -2
  169. package/build/lib/hooks/state_migration.py +3 -0
  170. package/build/lib/plugins/README.md +1 -1
  171. package/build/lib/plugins/advanced/commands/OMG:deep-plan.md +2 -1
  172. package/build/lib/plugins/advanced/plugin.json +1 -1
  173. package/build/lib/plugins/core/plugin.json +1 -1
  174. package/build/lib/plugins/dephealth/cve_scanner.py +91 -0
  175. package/build/lib/plugins/dephealth/vuln_analyzer.py +7 -0
  176. package/build/lib/registry/bundles/algorithms.yaml +1 -1
  177. package/build/lib/registry/bundles/api-twin.yaml +1 -1
  178. package/build/lib/registry/bundles/claim-judge.yaml +1 -1
  179. package/build/lib/registry/bundles/control-plane.yaml +1 -1
  180. package/build/lib/registry/bundles/data-lineage.yaml +1 -1
  181. package/build/lib/registry/bundles/delta-classifier.yaml +1 -1
  182. package/build/lib/registry/bundles/eval-gate.yaml +1 -1
  183. package/build/lib/registry/bundles/health.yaml +1 -1
  184. package/build/lib/registry/bundles/hook-governor.yaml +1 -1
  185. package/build/lib/registry/bundles/incident-replay.yaml +1 -1
  186. package/build/lib/registry/bundles/lsp-pack.yaml +1 -1
  187. package/build/lib/registry/bundles/mcp-fabric.yaml +1 -1
  188. package/build/lib/registry/bundles/plan-council.yaml +2 -2
  189. package/build/lib/registry/bundles/preflight.yaml +1 -1
  190. package/build/lib/registry/bundles/proof-gate.yaml +1 -1
  191. package/build/lib/registry/bundles/remote-supervisor.yaml +1 -1
  192. package/build/lib/registry/bundles/robotics.yaml +1 -1
  193. package/build/lib/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  194. package/build/lib/registry/bundles/security-check.yaml +1 -1
  195. package/build/lib/registry/bundles/test-intent-lock.yaml +1 -1
  196. package/build/lib/registry/bundles/tracebank.yaml +1 -1
  197. package/build/lib/registry/bundles/vision.yaml +1 -1
  198. package/build/lib/registry/omg-capability.schema.json +84 -2
  199. package/build/lib/runtime/adoption.py +13 -5
  200. package/build/lib/runtime/api_twin.py +4 -4
  201. package/build/lib/runtime/artifact_parsers.py +161 -0
  202. package/build/lib/runtime/background_verification.py +48 -0
  203. package/build/lib/runtime/claim_judge.py +184 -7
  204. package/build/lib/runtime/contract_compiler.py +189 -9
  205. package/build/lib/runtime/ecosystem.py +1 -1
  206. package/build/lib/runtime/evidence_query.py +203 -0
  207. package/build/lib/runtime/mcp_memory_server.py +1 -1
  208. package/build/lib/runtime/omg_compat_contract_snapshot.json +2 -2
  209. package/build/lib/runtime/omg_contract_snapshot.json +2 -2
  210. package/build/lib/runtime/omg_mcp_server.py +19 -0
  211. package/build/lib/runtime/playwright_adapter.py +39 -0
  212. package/build/lib/runtime/proof_chain.py +136 -8
  213. package/build/lib/runtime/proof_gate.py +102 -0
  214. package/build/lib/runtime/providers/gemini_provider.py +7 -0
  215. package/build/lib/runtime/providers/kimi_provider.py +7 -0
  216. package/build/lib/runtime/repro_pack.py +292 -0
  217. package/build/lib/runtime/runtime_profile.py +87 -15
  218. package/build/lib/runtime/security_check.py +86 -3
  219. package/build/lib/runtime/test_intent_lock.py +47 -0
  220. package/build/lib/runtime/tracebank.py +33 -3
  221. package/build/lib/runtime/verification_loop.py +73 -0
  222. package/commands/OMG:forge.md +92 -0
  223. package/commands/OMG:mode.md +13 -13
  224. package/commands/OMG:session-branch.md +17 -1
  225. package/commands/OMG:session-fork.md +5 -1
  226. package/commands/OMG:session-merge.md +5 -1
  227. package/control_plane/openapi.yaml +1 -1
  228. package/control_plane/server.py +4 -0
  229. package/control_plane/service.py +55 -0
  230. package/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
  231. package/dist/enterprise/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  232. package/dist/enterprise/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  233. package/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +4 -0
  234. package/dist/enterprise/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  235. package/dist/enterprise/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  236. package/dist/enterprise/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  237. package/dist/enterprise/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  238. package/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  239. package/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  240. package/dist/enterprise/bundle/.claude-plugin/marketplace.json +3 -3
  241. package/dist/enterprise/bundle/.claude-plugin/plugin.json +1 -1
  242. package/dist/enterprise/bundle/.gemini/settings.json +11 -0
  243. package/dist/enterprise/bundle/.kimi/mcp.json +11 -0
  244. package/dist/enterprise/bundle/.mcp.json +0 -22
  245. package/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +14 -1
  246. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +51 -6
  247. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +1 -1
  248. package/dist/enterprise/bundle/plugins/advanced/plugin.json +1 -1
  249. package/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
  250. package/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
  251. package/dist/enterprise/bundle/registry/bundles/claim-judge.yaml +49 -0
  252. package/dist/enterprise/bundle/registry/bundles/control-plane.yaml +1 -1
  253. package/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
  254. package/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
  255. package/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
  256. package/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
  257. package/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
  258. package/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
  259. package/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
  260. package/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  261. package/dist/enterprise/bundle/registry/bundles/plan-council.yaml +51 -0
  262. package/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
  263. package/dist/enterprise/bundle/registry/bundles/proof-gate.yaml +49 -0
  264. package/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  265. package/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
  266. package/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  267. package/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
  268. package/dist/enterprise/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  269. package/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
  270. package/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
  271. package/dist/enterprise/bundle/registry/omg-capability.schema.json +84 -2
  272. package/dist/enterprise/bundle/settings.json +8 -3
  273. package/dist/enterprise/manifest.json +92 -30
  274. package/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
  275. package/dist/public/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  276. package/dist/public/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  277. package/dist/public/bundle/.agents/skills/omg/codex-rules.md +4 -0
  278. package/dist/public/bundle/.agents/skills/omg/incident-replay/SKILL.md +1 -1
  279. package/dist/public/bundle/.agents/skills/omg/incident-replay/openai.yaml +1 -1
  280. package/dist/public/bundle/.agents/skills/omg/lsp-pack/SKILL.md +1 -1
  281. package/dist/public/bundle/.agents/skills/omg/lsp-pack/openai.yaml +1 -1
  282. package/dist/public/bundle/.agents/skills/omg/mcp-fabric/SKILL.md +1 -1
  283. package/dist/public/bundle/.agents/skills/omg/mcp-fabric/openai.yaml +1 -1
  284. package/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  285. package/dist/public/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  286. package/dist/public/bundle/.agents/skills/omg/preflight/SKILL.md +1 -1
  287. package/dist/public/bundle/.agents/skills/omg/preflight/openai.yaml +1 -1
  288. package/dist/public/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  289. package/dist/public/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  290. package/dist/public/bundle/.agents/skills/omg/remote-supervisor/SKILL.md +1 -1
  291. package/dist/public/bundle/.agents/skills/omg/remote-supervisor/openai.yaml +1 -1
  292. package/dist/public/bundle/.agents/skills/omg/robotics/SKILL.md +1 -1
  293. package/dist/public/bundle/.agents/skills/omg/robotics/openai.yaml +1 -1
  294. package/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md +1 -1
  295. package/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml +1 -1
  296. package/dist/public/bundle/.agents/skills/omg/security-check/SKILL.md +1 -1
  297. package/dist/public/bundle/.agents/skills/omg/security-check/openai.yaml +1 -1
  298. package/dist/public/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  299. package/dist/public/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  300. package/dist/public/bundle/.agents/skills/omg/tracebank/SKILL.md +1 -1
  301. package/dist/public/bundle/.agents/skills/omg/tracebank/openai.yaml +1 -1
  302. package/dist/public/bundle/.agents/skills/omg/vision/SKILL.md +1 -1
  303. package/dist/public/bundle/.agents/skills/omg/vision/openai.yaml +1 -1
  304. package/dist/public/bundle/.claude-plugin/marketplace.json +3 -3
  305. package/dist/public/bundle/.claude-plugin/plugin.json +1 -1
  306. package/dist/public/bundle/.gemini/settings.json +11 -0
  307. package/dist/public/bundle/.kimi/mcp.json +11 -0
  308. package/dist/public/bundle/.mcp.json +0 -22
  309. package/dist/public/bundle/OMG_COMPAT_CONTRACT.md +14 -1
  310. package/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +51 -6
  311. package/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +1 -1
  312. package/dist/public/bundle/plugins/advanced/plugin.json +1 -1
  313. package/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
  314. package/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
  315. package/dist/public/bundle/registry/bundles/claim-judge.yaml +49 -0
  316. package/dist/public/bundle/registry/bundles/control-plane.yaml +1 -1
  317. package/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
  318. package/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
  319. package/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
  320. package/dist/public/bundle/registry/bundles/health.yaml +1 -1
  321. package/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
  322. package/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
  323. package/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
  324. package/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  325. package/dist/public/bundle/registry/bundles/plan-council.yaml +51 -0
  326. package/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
  327. package/dist/public/bundle/registry/bundles/proof-gate.yaml +49 -0
  328. package/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  329. package/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
  330. package/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  331. package/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
  332. package/dist/public/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  333. package/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
  334. package/dist/public/bundle/registry/bundles/vision.yaml +1 -1
  335. package/dist/public/bundle/registry/omg-capability.schema.json +84 -2
  336. package/dist/public/bundle/settings.json +9 -4
  337. package/dist/public/manifest.json +112 -50
  338. package/docs/proof.md +7 -6
  339. package/hooks/setup_wizard.py +21 -1
  340. package/hooks/shadow_manager.py +25 -2
  341. package/hooks/state_migration.py +3 -0
  342. package/hud/omg-hud.mjs +66 -3
  343. package/package.json +1 -1
  344. package/plugins/README.md +1 -1
  345. package/plugins/advanced/commands/OMG:deep-plan.md +2 -1
  346. package/plugins/advanced/plugin.json +1 -1
  347. package/plugins/core/plugin.json +1 -1
  348. package/plugins/dephealth/cve_scanner.py +91 -0
  349. package/plugins/dephealth/vuln_analyzer.py +7 -0
  350. package/pyproject.toml +5 -1
  351. package/registry/bundles/algorithms.yaml +1 -1
  352. package/registry/bundles/api-twin.yaml +1 -1
  353. package/registry/bundles/claim-judge.yaml +1 -1
  354. package/registry/bundles/control-plane.yaml +1 -1
  355. package/registry/bundles/data-lineage.yaml +1 -1
  356. package/registry/bundles/delta-classifier.yaml +1 -1
  357. package/registry/bundles/eval-gate.yaml +1 -1
  358. package/registry/bundles/health.yaml +1 -1
  359. package/registry/bundles/hook-governor.yaml +1 -1
  360. package/registry/bundles/incident-replay.yaml +1 -1
  361. package/registry/bundles/lsp-pack.yaml +1 -1
  362. package/registry/bundles/mcp-fabric.yaml +1 -1
  363. package/registry/bundles/plan-council.yaml +2 -2
  364. package/registry/bundles/preflight.yaml +1 -1
  365. package/registry/bundles/proof-gate.yaml +1 -1
  366. package/registry/bundles/remote-supervisor.yaml +1 -1
  367. package/registry/bundles/robotics.yaml +1 -1
  368. package/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  369. package/registry/bundles/security-check.yaml +1 -1
  370. package/registry/bundles/test-intent-lock.yaml +1 -1
  371. package/registry/bundles/tracebank.yaml +1 -1
  372. package/registry/bundles/vision.yaml +1 -1
  373. package/registry/omg-capability.schema.json +84 -2
  374. package/runtime/adoption.py +13 -5
  375. package/runtime/api_twin.py +4 -4
  376. package/runtime/artifact_parsers.py +161 -0
  377. package/runtime/background_verification.py +48 -0
  378. package/runtime/claim_judge.py +184 -7
  379. package/runtime/contract_compiler.py +189 -9
  380. package/runtime/ecosystem.py +1 -1
  381. package/runtime/evidence_query.py +203 -0
  382. package/runtime/mcp_memory_server.py +1 -1
  383. package/runtime/omg_compat_contract_snapshot.json +2 -2
  384. package/runtime/omg_contract_snapshot.json +2 -2
  385. package/runtime/omg_mcp_server.py +19 -0
  386. package/runtime/playwright_adapter.py +39 -0
  387. package/runtime/proof_chain.py +136 -8
  388. package/runtime/proof_gate.py +102 -0
  389. package/runtime/providers/gemini_provider.py +7 -0
  390. package/runtime/providers/kimi_provider.py +7 -0
  391. package/runtime/repro_pack.py +292 -0
  392. package/runtime/runtime_profile.py +87 -15
  393. package/runtime/security_check.py +86 -3
  394. package/runtime/test_intent_lock.py +47 -0
  395. package/runtime/tracebank.py +33 -3
  396. package/runtime/verification_loop.py +73 -0
  397. package/scripts/omg.py +31 -4
  398. package/settings.json +8 -3
  399. package/tools/python_sandbox.py +9 -6
  400. package/tools/session_snapshot.py +146 -40
@@ -6,6 +6,9 @@ from pathlib import Path
6
6
  from typing import Any
7
7
 
8
8
 
9
+ _REQUIRED_ARTIFACT_FIELDS = ("kind", "path", "sha256", "parser", "summary", "trace_id")
10
+
11
+
9
12
  def _load_json(path: Path) -> dict[str, Any]:
10
13
  return json.loads(path.read_text(encoding="utf-8"))
11
14
 
@@ -26,6 +29,105 @@ def _read_jsonl(path: Path) -> list[dict[str, Any]]:
26
29
  return rows
27
30
 
28
31
 
32
+ def _hash_path(path: Path) -> str:
33
+ if not path.exists() or not path.is_file():
34
+ return ""
35
+ h = hashlib.sha256()
36
+ with path.open("rb") as handle:
37
+ while True:
38
+ chunk = handle.read(8192)
39
+ if not chunk:
40
+ break
41
+ h.update(chunk)
42
+ return h.hexdigest()
43
+
44
+
45
+ def _normalize_evidence_pack(payload: dict[str, Any]) -> dict[str, Any]:
46
+ if not isinstance(payload, dict):
47
+ raise ValueError("evidence_pack_invalid_payload")
48
+ schema_version = payload.get("schema_version")
49
+ if schema_version is None:
50
+ return payload
51
+ if schema_version != 2:
52
+ raise ValueError("evidence_pack_unsupported_schema_version")
53
+
54
+ artifacts = payload.get("artifacts", [])
55
+ if not isinstance(artifacts, list):
56
+ raise ValueError("evidence_pack_invalid_artifacts")
57
+
58
+ for index, artifact in enumerate(artifacts):
59
+ if not isinstance(artifact, dict):
60
+ raise ValueError(f"evidence_pack_artifact_invalid_type:{index}")
61
+ for field in _REQUIRED_ARTIFACT_FIELDS:
62
+ value = str(artifact.get(field, "")).strip()
63
+ if not value:
64
+ raise ValueError(f"evidence_pack_artifact_missing_{field}:{index}")
65
+ return payload
66
+
67
+
68
+ def _artifact_record(*, kind: str, path: str, parser: str, summary: str, trace_id: str, sha256: str = "") -> dict[str, str]:
69
+ return {
70
+ "kind": kind,
71
+ "path": path,
72
+ "sha256": sha256,
73
+ "parser": parser,
74
+ "summary": summary,
75
+ "trace_id": trace_id,
76
+ }
77
+
78
+
79
+ def _build_chain_artifacts(
80
+ *,
81
+ output_root: Path,
82
+ selected_path: str,
83
+ evidence_payload: dict[str, Any],
84
+ trace_payload: dict[str, Any],
85
+ eval_payload: dict[str, Any],
86
+ lineage: dict[str, Any] | Any,
87
+ trace_id: str,
88
+ ) -> list[dict[str, str]]:
89
+ artifacts: list[dict[str, str]] = []
90
+ raw_artifacts = evidence_payload.get("artifacts", [])
91
+ if isinstance(raw_artifacts, list):
92
+ for item in raw_artifacts:
93
+ if not isinstance(item, dict):
94
+ continue
95
+ path = str(item.get("path", "")).strip()
96
+ artifacts.append(
97
+ _artifact_record(
98
+ kind=str(item.get("kind", "")).strip() or "artifact",
99
+ path=path,
100
+ sha256=str(item.get("sha256", "")).strip(),
101
+ parser=str(item.get("parser", "")).strip() or "unknown",
102
+ summary=str(item.get("summary", "")).strip() or "evidence artifact",
103
+ trace_id=str(item.get("trace_id", "")).strip() or trace_id,
104
+ )
105
+ )
106
+
107
+ lineage_path = str((lineage or {}).get("path", "")).strip() if isinstance(lineage, dict) else ""
108
+ canonical_artifacts = [
109
+ ("trace", str(trace_payload.get("path", ".omg/tracebank/events.jsonl")).strip(), "jsonl", "tracebank event stream"),
110
+ ("eval", ".omg/evals/latest.json" if eval_payload else "", "json", "evaluation result"),
111
+ ("lineage", lineage_path, "json", "lineage manifest"),
112
+ ("evidence", selected_path, "json", "evidence pack"),
113
+ ]
114
+ for kind, path, parser, summary in canonical_artifacts:
115
+ if not path:
116
+ continue
117
+ file_path = output_root / path
118
+ artifacts.append(
119
+ _artifact_record(
120
+ kind=kind,
121
+ path=path,
122
+ sha256=_hash_path(file_path),
123
+ parser=parser,
124
+ summary=summary,
125
+ trace_id=trace_id,
126
+ )
127
+ )
128
+ return artifacts
129
+
130
+
29
131
  def _latest_evidence_pack(output_root: Path) -> tuple[str, dict[str, Any]]:
30
132
  evidence_dir = output_root / ".omg" / "evidence"
31
133
  if not evidence_dir.exists():
@@ -60,9 +162,10 @@ def assemble_proof_chain(project_dir: str, *, evidence_path: str | None = None)
60
162
 
61
163
  if evidence_path:
62
164
  selected_path = str(evidence_path)
63
- evidence_payload = _load_json(output_root / selected_path)
165
+ evidence_payload = _normalize_evidence_pack(_load_json(output_root / selected_path))
64
166
  else:
65
167
  selected_path, evidence_payload = _latest_evidence_pack(output_root)
168
+ evidence_payload = _normalize_evidence_pack(evidence_payload)
66
169
 
67
170
  trace_id = ""
68
171
  trace_ids = evidence_payload.get("trace_ids", [])
@@ -79,6 +182,7 @@ def assemble_proof_chain(project_dir: str, *, evidence_path: str | None = None)
79
182
 
80
183
  chain = {
81
184
  "schema": "ProofChain",
185
+ "schema_version": 2,
82
186
  "trace_id": trace_id,
83
187
  "eval_id": eval_id,
84
188
  "eval_trace_id": str(eval_payload.get("trace_id", "")),
@@ -91,16 +195,35 @@ def assemble_proof_chain(project_dir: str, *, evidence_path: str | None = None)
91
195
  "environment": evidence_payload.get("environment") or trace_payload.get("environment") or eval_payload.get("environment") or {"hostname": "unknown", "platform": "unknown"},
92
196
  "ci_job_url": evidence_payload.get("ci_job_url") or "",
93
197
  "external_inputs": evidence_payload.get("external_inputs", []),
94
- "artifacts": {
95
- "trace": trace_payload.get("path", ".omg/tracebank/events.jsonl"),
96
- "eval": ".omg/evals/latest.json" if eval_payload else "",
97
- "lineage": str((lineage or {}).get("path", "")) if isinstance(lineage, dict) else "",
98
- "evidence": selected_path,
99
- },
198
+ "artifacts": _build_chain_artifacts(
199
+ output_root=output_root,
200
+ selected_path=selected_path,
201
+ evidence_payload=evidence_payload,
202
+ trace_payload=trace_payload,
203
+ eval_payload=eval_payload,
204
+ lineage=lineage,
205
+ trace_id=trace_id,
206
+ ),
100
207
  }
101
208
  validation = validate_proof_chain(chain)
102
209
  chain["status"] = validation["status"]
103
210
  chain["blockers"] = validation["blockers"]
211
+
212
+ try:
213
+ from runtime.background_verification import publish_verification_state
214
+
215
+ evidence_links = [selected_path] if selected_path else []
216
+ publish_verification_state(
217
+ project_dir=project_dir,
218
+ run_id=str(chain.get("eval_id", "")),
219
+ status=str(validation["status"]),
220
+ blockers=list(validation.get("blockers", [])),
221
+ evidence_links=evidence_links,
222
+ progress={"phase": "proof_chain_assembled"},
223
+ )
224
+ except Exception:
225
+ pass
226
+
104
227
  return chain
105
228
 
106
229
 
@@ -162,9 +285,10 @@ def build_proof_gate_input(project_dir: str, *, evidence_path: str | None = None
162
285
 
163
286
  if evidence_path:
164
287
  selected_path = str(evidence_path)
165
- evidence_payload = _load_json(output_root / selected_path)
288
+ evidence_payload = _normalize_evidence_pack(_load_json(output_root / selected_path))
166
289
  else:
167
290
  selected_path, evidence_payload = _latest_evidence_pack(output_root)
291
+ evidence_payload = _normalize_evidence_pack(evidence_payload)
168
292
 
169
293
  security_evidence = _resolve_security_evidence(output_root=output_root, evidence_payload=evidence_payload)
170
294
  browser_evidence = _resolve_browser_evidence(output_root=output_root, evidence_payload=evidence_payload)
@@ -212,6 +336,10 @@ def _resolve_browser_evidence(*, output_root: Path, evidence_payload: dict[str,
212
336
  if path:
213
337
  candidates.append(path)
214
338
 
339
+ adapter_matches = sorted(output_root.glob(".omg/evidence/playwright-adapter-*.json"))
340
+ if adapter_matches:
341
+ candidates.append(adapter_matches[0].relative_to(output_root).as_posix())
342
+
215
343
  candidates.extend(
216
344
  [
217
345
  ".omg/evidence/browser-evidence.json",
@@ -1,7 +1,14 @@
1
1
  from __future__ import annotations
2
2
 
3
+ import hashlib
4
+ from pathlib import Path
3
5
  from typing import Any
4
6
 
7
+ from runtime import artifact_parsers
8
+
9
+
10
+ _REQUIRED_ARTIFACT_FIELDS = ("kind", "path", "sha256", "parser", "summary", "trace_id")
11
+
5
12
 
6
13
  def evaluate_proof_gate(input: dict[str, Any]) -> dict[str, Any]:
7
14
  claims = _as_claims(input.get("claims"))
@@ -9,6 +16,7 @@ def evaluate_proof_gate(input: dict[str, Any]) -> dict[str, Any]:
9
16
  eval_output = _as_dict(input.get("eval_output"))
10
17
  security_evidence = _as_dict(input.get("security_evidence"))
11
18
  browser_evidence = _as_dict(input.get("browser_evidence"))
19
+ evidence_pack = _as_dict(input.get("evidence_pack"))
12
20
 
13
21
  blockers: list[str] = []
14
22
  if not claims:
@@ -27,6 +35,7 @@ def evaluate_proof_gate(input: dict[str, Any]) -> dict[str, Any]:
27
35
  blockers.extend(_validate_claim_artifacts(claims))
28
36
  blockers.extend(_validate_trace_linkage(claims=claims, trace_id=trace_id, eval_output=eval_output, browser_evidence=browser_evidence))
29
37
  blockers.extend(_validate_security_and_browser_artifacts(claims=claims, security_evidence=security_evidence, browser_evidence=browser_evidence))
38
+ blockers.extend(_validate_evidence_pack(evidence_pack))
30
39
 
31
40
  unique_blockers = list(dict.fromkeys(item for item in blockers if str(item).strip()))
32
41
  evidence_summary = {
@@ -93,8 +102,10 @@ def _collect_trace_ids(claim: dict[str, Any]) -> set[str]:
93
102
 
94
103
  def _validate_claim_artifacts(claims: list[dict[str, Any]]) -> list[str]:
95
104
  all_artifacts: list[str] = []
105
+ artifact_records: list[dict[str, Any]] = []
96
106
  for claim in claims:
97
107
  all_artifacts.extend(_collect_artifacts(claim))
108
+ artifact_records.extend(_extract_artifact_records(claim))
98
109
 
99
110
  blockers: list[str] = []
100
111
  required_tokens = {
@@ -106,6 +117,24 @@ def _validate_claim_artifacts(claims: list[dict[str, Any]]) -> list[str]:
106
117
  for key, tokens in required_tokens.items():
107
118
  if not any(any(token in artifact for token in tokens) for artifact in all_artifacts):
108
119
  blockers.append(f"proof_gate_missing_artifact_{key}")
120
+
121
+ for artifact in artifact_records:
122
+ kind = str(artifact.get("kind", "")).strip().lower()
123
+ path = str(artifact.get("path", "")).strip()
124
+ if not kind or not path:
125
+ continue
126
+
127
+ parse_result = _parse_artifact(kind=kind, path=path)
128
+ if not parse_result.get("valid"):
129
+ error = str(parse_result.get("error", "")).strip()
130
+ if error == "file_not_found":
131
+ blockers.append(f"proof_gate_artifact_file_missing_{kind}")
132
+ else:
133
+ blockers.append(f"proof_gate_artifact_parse_failed_{kind}")
134
+
135
+ hash_blocker = _validate_artifact_hash(artifact)
136
+ if hash_blocker:
137
+ blockers.append(hash_blocker)
109
138
  return blockers
110
139
 
111
140
 
@@ -161,3 +190,76 @@ def _validate_security_and_browser_artifacts(
161
190
  blockers.append("proof_gate_browser_trace_not_linked_by_claims")
162
191
 
163
192
  return blockers
193
+
194
+
195
+ def _validate_evidence_pack(payload: dict[str, Any]) -> list[str]:
196
+ if not payload:
197
+ return []
198
+ if str(payload.get("schema", "")).strip() != "EvidencePack":
199
+ return ["proof_gate_invalid_evidence_pack"]
200
+
201
+ schema_version = payload.get("schema_version")
202
+ if schema_version is None:
203
+ return []
204
+ if schema_version != 2:
205
+ return ["proof_gate_unsupported_evidence_schema_version"]
206
+
207
+ artifacts = payload.get("artifacts", [])
208
+ if not isinstance(artifacts, list):
209
+ return ["proof_gate_invalid_evidence_pack"]
210
+
211
+ blockers: list[str] = []
212
+ for artifact in artifacts:
213
+ if not isinstance(artifact, dict):
214
+ blockers.append("proof_gate_invalid_evidence_pack")
215
+ continue
216
+ for field in _REQUIRED_ARTIFACT_FIELDS:
217
+ value = str(artifact.get(field, "")).strip()
218
+ if not value:
219
+ blockers.append(f"proof_gate_evidence_artifact_missing_{field}")
220
+ return blockers
221
+
222
+
223
+ def _extract_artifact_records(claim: dict[str, Any]) -> list[dict[str, Any]]:
224
+ evidence = _as_dict(claim.get("evidence"))
225
+ raw_artifacts = evidence.get("artifacts", claim.get("artifacts", []))
226
+ if not isinstance(raw_artifacts, list):
227
+ return []
228
+ return [item for item in raw_artifacts if isinstance(item, dict)]
229
+
230
+
231
+ def _parse_artifact(*, kind: str, path: str) -> dict[str, Any]:
232
+ parser = _PARSERS.get(kind)
233
+ if parser is None:
234
+ return {"valid": False, "summary": {}, "error": "unsupported_artifact_kind"}
235
+ return parser(path)
236
+
237
+
238
+ def _validate_artifact_hash(artifact: dict[str, Any]) -> str | None:
239
+ sha256_value = str(artifact.get("sha256", "")).strip().lower()
240
+ path = str(artifact.get("path", "")).strip()
241
+ kind = str(artifact.get("kind", "artifact")).strip().lower() or "artifact"
242
+ if not sha256_value or not path:
243
+ return None
244
+ if len(sha256_value) != 64 or any(ch not in "0123456789abcdef" for ch in sha256_value):
245
+ return None
246
+
247
+ file_path = Path(path)
248
+ if not file_path.exists():
249
+ return f"proof_gate_artifact_file_missing_{kind}"
250
+ try:
251
+ digest = hashlib.sha256(file_path.read_bytes()).hexdigest()
252
+ except OSError:
253
+ return f"proof_gate_artifact_hash_unreadable_{kind}"
254
+ if digest != sha256_value:
255
+ return f"proof_gate_artifact_hash_mismatch_{kind}"
256
+ return None
257
+
258
+
259
+ _PARSERS: dict[str, Any] = {
260
+ "junit": artifact_parsers.parse_junit,
261
+ "sarif": artifact_parsers.parse_sarif,
262
+ "coverage": artifact_parsers.parse_coverage,
263
+ "browser_trace": artifact_parsers.parse_browser_trace,
264
+ "diff_hunk": artifact_parsers.parse_diff_hunk,
265
+ }
@@ -16,6 +16,13 @@ from runtime.tmux_session_manager import TmuxSessionManager
16
16
 
17
17
  _logger = logging.getLogger(__name__)
18
18
 
19
+ HOST_RULES = {
20
+ "compilation_targets": [".gemini/settings.json"],
21
+ "mcp": ["omg-control"],
22
+ "skills": ["omg/control-plane", "omg/mcp-fabric"],
23
+ "automations": ["contract-validate", "provider-routing"],
24
+ }
25
+
19
26
 
20
27
  class GeminiProvider(CLIProvider):
21
28
  """CLIProvider implementation for the Gemini CLI (``gemini``)."""
@@ -16,6 +16,13 @@ from runtime.tmux_session_manager import TmuxSessionManager
16
16
 
17
17
  _logger = logging.getLogger(__name__)
18
18
 
19
+ HOST_RULES = {
20
+ "compilation_targets": [".kimi/mcp.json"],
21
+ "mcp": ["omg-control"],
22
+ "skills": ["omg/control-plane", "omg/mcp-fabric"],
23
+ "automations": ["contract-validate", "provider-routing"],
24
+ }
25
+
19
26
 
20
27
  class KimiCodeProvider(CLIProvider):
21
28
  """CLIProvider implementation for the Kimi Code CLI (``kimi``)."""
@@ -0,0 +1,292 @@
1
+ from __future__ import annotations
2
+
3
+ from datetime import datetime, timezone
4
+ import hashlib
5
+ import json
6
+ from pathlib import Path
7
+ from typing import cast
8
+
9
+ from runtime.evidence_query import (
10
+ JsonObject,
11
+ JsonValue,
12
+ get_eval,
13
+ get_evidence_pack,
14
+ get_lineage,
15
+ get_trace,
16
+ get_verification_state,
17
+ )
18
+
19
+
20
+ def _now() -> str:
21
+ return datetime.now(timezone.utc).isoformat()
22
+
23
+
24
+ def _load_json(path: Path) -> JsonObject | None:
25
+ try:
26
+ payload: object = json.loads(path.read_text(encoding="utf-8")) # pyright: ignore[reportAny]
27
+ except (OSError, json.JSONDecodeError):
28
+ return None
29
+ if not isinstance(payload, dict):
30
+ return None
31
+ return cast(JsonObject, payload)
32
+
33
+
34
+ def _hash_path(path: Path) -> str:
35
+ if not path.exists() or not path.is_file():
36
+ return ""
37
+ digest = hashlib.sha256()
38
+ with path.open("rb") as handle:
39
+ while True:
40
+ chunk = handle.read(8192)
41
+ if not chunk:
42
+ break
43
+ digest.update(chunk)
44
+ return digest.hexdigest()
45
+
46
+
47
+ def _rel(path: Path, root: Path) -> str:
48
+ try:
49
+ return path.resolve().relative_to(root.resolve()).as_posix()
50
+ except ValueError:
51
+ return path.as_posix()
52
+
53
+
54
+ def _as_object_list(value: JsonValue | None) -> list[JsonObject]:
55
+ if not isinstance(value, list):
56
+ return []
57
+ return [item for item in value if isinstance(item, dict)]
58
+
59
+
60
+ def _as_string_list(value: JsonValue | None) -> list[str]:
61
+ if not isinstance(value, list):
62
+ return []
63
+ return [item for item in value if isinstance(item, str)]
64
+
65
+
66
+ def _string_field(payload: JsonObject, key: str) -> str:
67
+ value = payload.get(key)
68
+ return value if isinstance(value, str) else ""
69
+
70
+
71
+ def _artifact_ref(*, kind: str, path: str, sha256: str = "", extras: JsonObject | None = None) -> JsonObject:
72
+ artifact: JsonObject = {
73
+ "kind": kind,
74
+ "path": path,
75
+ "sha256": sha256,
76
+ }
77
+ if extras:
78
+ artifact.update(extras)
79
+ return artifact
80
+
81
+
82
+ def _trace_reference(root: Path, trace_ids: list[str]) -> JsonObject | None:
83
+ trace_path = root / ".omg" / "tracebank" / "events.jsonl"
84
+ if not trace_path.exists():
85
+ return None
86
+
87
+ requested = sorted({trace_id for trace_id in trace_ids if trace_id})
88
+ matched: list[str] = []
89
+ matched_count = 0
90
+ try:
91
+ for line in trace_path.read_text(encoding="utf-8").splitlines():
92
+ line = line.strip()
93
+ if not line:
94
+ continue
95
+ try:
96
+ row: object = json.loads(line) # pyright: ignore[reportAny]
97
+ except json.JSONDecodeError:
98
+ continue
99
+ if not isinstance(row, dict):
100
+ continue
101
+ row_payload = cast(JsonObject, row)
102
+ trace_id = _string_field(row_payload, "trace_id")
103
+ if trace_id in requested:
104
+ matched_count += 1
105
+ if trace_id not in matched:
106
+ matched.append(trace_id)
107
+ except OSError:
108
+ return None
109
+
110
+ return _artifact_ref(
111
+ kind="trace_events",
112
+ path=".omg/tracebank/events.jsonl",
113
+ sha256=_hash_path(trace_path),
114
+ extras=cast(JsonObject, {"trace_ids": sorted(matched), "event_count": matched_count}),
115
+ )
116
+
117
+
118
+ def _find_lineage_path(root: Path, lineage_id: str) -> str:
119
+ if not lineage_id:
120
+ return ""
121
+ lineage_dir = root / ".omg" / "lineage"
122
+ if not lineage_dir.exists():
123
+ return ""
124
+
125
+ for path in sorted(lineage_dir.glob("*.json")):
126
+ payload = _load_json(path)
127
+ if payload is None:
128
+ continue
129
+ if _string_field(payload, "lineage_id") == lineage_id:
130
+ return _rel(path, root)
131
+ return ""
132
+
133
+
134
+ def _security_artifacts(root: Path, scans: JsonValue | None) -> list[JsonObject]:
135
+ artifacts: list[JsonObject] = []
136
+ for item in _as_object_list(scans):
137
+ path = _string_field(item, "path").strip()
138
+ if not path:
139
+ continue
140
+ artifacts.append(
141
+ _artifact_ref(
142
+ kind="security_evidence",
143
+ path=path,
144
+ sha256=_hash_path(root / path),
145
+ extras={"schema": _string_field(item, "schema")},
146
+ )
147
+ )
148
+ return artifacts
149
+
150
+
151
+ def _browser_artifacts(root: Path, records: JsonValue | None) -> list[JsonObject]:
152
+ artifacts: list[JsonObject] = []
153
+ for item in _as_object_list(records):
154
+ if _string_field(item, "kind") != "browser_trace":
155
+ continue
156
+ path = _string_field(item, "path").strip()
157
+ if not path:
158
+ continue
159
+ artifacts.append(
160
+ _artifact_ref(
161
+ kind="browser_trace",
162
+ path=path,
163
+ sha256=_hash_path(root / path),
164
+ extras={"trace_id": _string_field(item, "trace_id")},
165
+ )
166
+ )
167
+ return artifacts
168
+
169
+
170
+ def _incident_artifacts(root: Path, records: JsonValue | None) -> list[JsonObject]:
171
+ artifacts: list[JsonObject] = []
172
+ for item in _as_object_list(records):
173
+ kind = _string_field(item, "kind")
174
+ if "incident" not in kind:
175
+ continue
176
+ path = _string_field(item, "path").strip()
177
+ if not path:
178
+ continue
179
+ artifacts.append(
180
+ _artifact_ref(
181
+ kind=kind,
182
+ path=path,
183
+ sha256=_hash_path(root / path),
184
+ extras={"trace_id": _string_field(item, "trace_id")},
185
+ )
186
+ )
187
+ return artifacts
188
+
189
+
190
+ def _dedupe_artifacts(artifacts: list[JsonObject]) -> list[JsonObject]:
191
+ seen: set[tuple[str, str, str]] = set()
192
+ deduped: list[JsonObject] = []
193
+ sorted_items = sorted(artifacts, key=lambda item: (_string_field(item, "kind"), _string_field(item, "path")))
194
+ for artifact in sorted_items:
195
+ key = (
196
+ _string_field(artifact, "kind"),
197
+ _string_field(artifact, "path"),
198
+ _string_field(artifact, "sha256"),
199
+ )
200
+ if key in seen:
201
+ continue
202
+ seen.add(key)
203
+ deduped.append(artifact)
204
+ return deduped
205
+
206
+
207
+ def build_repro_pack(project_dir: str, run_id: str) -> dict[str, str]:
208
+ root = Path(project_dir)
209
+ evidence_pack = get_evidence_pack(project_dir, run_id)
210
+ if evidence_pack is None:
211
+ return {
212
+ "status": "error",
213
+ "run_id": run_id,
214
+ "reason": "evidence_pack_not_found",
215
+ }
216
+
217
+ evidence_pack_path = f".omg/evidence/{run_id}.json"
218
+ artifacts: list[JsonObject] = [
219
+ _artifact_ref(kind="evidence_pack", path=evidence_pack_path, sha256=_hash_path(root / evidence_pack_path))
220
+ ]
221
+
222
+ trace_ids = sorted(set(_as_string_list(evidence_pack.get("trace_ids"))))
223
+ trace_file = root / ".omg" / "tracebank" / "events.jsonl"
224
+ for trace_id in trace_ids:
225
+ if get_trace(project_dir, trace_id) is None:
226
+ continue
227
+ artifacts.append(
228
+ _artifact_ref(
229
+ kind="trace",
230
+ path=".omg/tracebank/events.jsonl",
231
+ sha256=_hash_path(trace_file),
232
+ extras={"trace_id": trace_id},
233
+ )
234
+ )
235
+ trace_reference = _trace_reference(root, trace_ids)
236
+ if trace_reference is not None:
237
+ artifacts.append(trace_reference)
238
+
239
+ eval_path = root / ".omg" / "evals" / "latest.json"
240
+ if get_eval(project_dir) is not None and eval_path.exists():
241
+ artifacts.append(_artifact_ref(kind="eval", path=".omg/evals/latest.json", sha256=_hash_path(eval_path)))
242
+
243
+ lineage_payload = evidence_pack.get("lineage")
244
+ lineage_id = ""
245
+ if isinstance(lineage_payload, dict):
246
+ lineage_payload_obj = cast(JsonObject, lineage_payload)
247
+ lineage_id = _string_field(lineage_payload_obj, "lineage_id")
248
+ if lineage_id and get_lineage(project_dir, lineage_id) is not None:
249
+ lineage_path = _find_lineage_path(root, lineage_id)
250
+ if lineage_path:
251
+ artifacts.append(
252
+ _artifact_ref(
253
+ kind="lineage",
254
+ path=lineage_path,
255
+ sha256=_hash_path(root / lineage_path),
256
+ extras={"lineage_id": lineage_id},
257
+ )
258
+ )
259
+
260
+ artifacts.extend(_security_artifacts(root, evidence_pack.get("security_scans")))
261
+ artifacts.extend(_browser_artifacts(root, evidence_pack.get("artifacts")))
262
+ artifacts.extend(_incident_artifacts(root, evidence_pack.get("artifacts")))
263
+
264
+ verification_path = root / ".omg" / "state" / "background-verification.json"
265
+ if get_verification_state(project_dir) is not None and verification_path.exists():
266
+ artifacts.append(
267
+ _artifact_ref(
268
+ kind="verification_state",
269
+ path=".omg/state/background-verification.json",
270
+ sha256=_hash_path(verification_path),
271
+ )
272
+ )
273
+
274
+ unresolved_risks = _as_string_list(evidence_pack.get("unresolved_risks"))
275
+ manifest: dict[str, object] = {
276
+ "schema": "ReproPack",
277
+ "schema_version": 1,
278
+ "run_id": run_id,
279
+ "evidence_pack_path": evidence_pack_path,
280
+ "artifacts": _dedupe_artifacts(artifacts),
281
+ "unresolved_risks": unresolved_risks,
282
+ "assembled_at": _now(),
283
+ }
284
+
285
+ out_path = root / ".omg" / "evidence" / f"repro-pack-{run_id}.json"
286
+ out_path.parent.mkdir(parents=True, exist_ok=True)
287
+ _ = out_path.write_text(json.dumps(manifest, indent=2, ensure_ascii=True) + "\n", encoding="utf-8")
288
+ return {
289
+ "status": "ok",
290
+ "run_id": run_id,
291
+ "path": _rel(out_path, root),
292
+ }