@trac3er/oh-my-god 2.0.7 → 2.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (400) hide show
  1. package/.claude-plugin/marketplace.json +3 -3
  2. package/.claude-plugin/plugin.json +1 -1
  3. package/.claude-plugin/scripts/uninstall.sh +1 -1
  4. package/.gemini/settings.json +11 -0
  5. package/.kimi/mcp.json +11 -0
  6. package/CHANGELOG.md +17 -0
  7. package/OMG-setup.sh +1 -1
  8. package/OMG_COMPAT_CONTRACT.md +14 -1
  9. package/README.md +2 -1
  10. package/artifacts/release/.agents/skills/omg/AGENTS.fragment.md +7 -1
  11. package/artifacts/release/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  12. package/artifacts/release/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  13. package/artifacts/release/.agents/skills/omg/codex-rules.md +4 -0
  14. package/artifacts/release/.agents/skills/omg/plan-council/SKILL.md +11 -0
  15. package/artifacts/release/.agents/skills/omg/plan-council/openai.yaml +12 -0
  16. package/artifacts/release/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  17. package/artifacts/release/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  18. package/artifacts/release/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  19. package/artifacts/release/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  20. package/artifacts/release/.claude-plugin/marketplace.json +3 -3
  21. package/artifacts/release/.claude-plugin/plugin.json +1 -1
  22. package/artifacts/release/.mcp.json +0 -22
  23. package/artifacts/release/OMG_COMPAT_CONTRACT.md +8 -1
  24. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
  25. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  26. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  27. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +4 -0
  28. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  29. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  30. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  31. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  32. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  33. package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  34. package/artifacts/release/dist/enterprise/bundle/.claude-plugin/marketplace.json +36 -0
  35. package/artifacts/release/dist/enterprise/bundle/.claude-plugin/plugin.json +23 -0
  36. package/artifacts/release/dist/enterprise/bundle/.mcp.json +18 -0
  37. package/artifacts/release/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +8 -1
  38. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
  39. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +266 -0
  40. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
  41. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
  42. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
  43. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  44. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  45. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
  46. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  47. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
  48. package/artifacts/release/dist/enterprise/bundle/plugins/advanced/plugin.json +87 -0
  49. package/artifacts/release/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
  50. package/artifacts/release/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
  51. package/artifacts/release/dist/enterprise/bundle/registry/bundles/claim-judge.yaml +49 -0
  52. package/artifacts/release/dist/enterprise/bundle/registry/bundles/control-plane.yaml +1 -1
  53. package/artifacts/release/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
  54. package/artifacts/release/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
  55. package/artifacts/release/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
  56. package/artifacts/release/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
  57. package/artifacts/release/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
  58. package/artifacts/release/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
  59. package/artifacts/release/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
  60. package/artifacts/release/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  61. package/artifacts/release/dist/enterprise/bundle/registry/bundles/plan-council.yaml +51 -0
  62. package/artifacts/release/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
  63. package/artifacts/release/dist/enterprise/bundle/registry/bundles/proof-gate.yaml +49 -0
  64. package/artifacts/release/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  65. package/artifacts/release/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
  66. package/artifacts/release/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  67. package/artifacts/release/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
  68. package/artifacts/release/dist/enterprise/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  69. package/artifacts/release/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
  70. package/artifacts/release/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
  71. package/artifacts/release/dist/enterprise/bundle/registry/omg-capability.schema.json +1 -1
  72. package/artifacts/release/dist/enterprise/bundle/settings.json +598 -0
  73. package/artifacts/release/dist/enterprise/manifest.json +131 -23
  74. package/artifacts/release/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +55 -4
  75. package/artifacts/release/dist/public/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  76. package/artifacts/release/dist/public/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  77. package/artifacts/release/dist/public/bundle/.agents/skills/omg/codex-rules.md +33 -0
  78. package/artifacts/release/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  79. package/artifacts/release/dist/public/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  80. package/artifacts/release/dist/public/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  81. package/artifacts/release/dist/public/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  82. package/artifacts/release/dist/public/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  83. package/artifacts/release/dist/public/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  84. package/artifacts/release/dist/public/bundle/.claude-plugin/marketplace.json +3 -3
  85. package/artifacts/release/dist/public/bundle/.claude-plugin/plugin.json +1 -1
  86. package/artifacts/release/dist/public/bundle/.mcp.json +0 -22
  87. package/artifacts/release/dist/public/bundle/OMG_COMPAT_CONTRACT.md +8 -1
  88. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
  89. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +266 -0
  90. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
  91. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
  92. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
  93. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  94. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  95. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
  96. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  97. package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
  98. package/artifacts/release/dist/public/bundle/plugins/advanced/plugin.json +87 -0
  99. package/artifacts/release/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
  100. package/artifacts/release/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
  101. package/artifacts/release/dist/public/bundle/registry/bundles/claim-judge.yaml +49 -0
  102. package/artifacts/release/dist/public/bundle/registry/bundles/control-plane.yaml +1 -1
  103. package/artifacts/release/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
  104. package/artifacts/release/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
  105. package/artifacts/release/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
  106. package/artifacts/release/dist/public/bundle/registry/bundles/health.yaml +1 -1
  107. package/artifacts/release/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
  108. package/artifacts/release/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
  109. package/artifacts/release/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
  110. package/artifacts/release/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  111. package/artifacts/release/dist/public/bundle/registry/bundles/plan-council.yaml +51 -0
  112. package/artifacts/release/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
  113. package/artifacts/release/dist/public/bundle/registry/bundles/proof-gate.yaml +49 -0
  114. package/artifacts/release/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  115. package/artifacts/release/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
  116. package/artifacts/release/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  117. package/artifacts/release/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
  118. package/artifacts/release/dist/public/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  119. package/artifacts/release/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
  120. package/artifacts/release/dist/public/bundle/registry/bundles/vision.yaml +1 -1
  121. package/artifacts/release/dist/public/bundle/registry/omg-capability.schema.json +1 -1
  122. package/artifacts/release/dist/public/bundle/settings.json +76 -4
  123. package/artifacts/release/dist/public/manifest.json +122 -26
  124. package/artifacts/release/plugins/advanced/commands/OMG:code-review.md +114 -0
  125. package/artifacts/release/plugins/advanced/commands/OMG:deep-plan.md +266 -0
  126. package/artifacts/release/plugins/advanced/commands/OMG:handoff.md +115 -0
  127. package/artifacts/release/plugins/advanced/commands/OMG:learn.md +110 -0
  128. package/artifacts/release/plugins/advanced/commands/OMG:maintainer.md +31 -0
  129. package/artifacts/release/plugins/advanced/commands/OMG:ralph-start.md +43 -0
  130. package/artifacts/release/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
  131. package/artifacts/release/plugins/advanced/commands/OMG:security-review.md +16 -0
  132. package/artifacts/release/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
  133. package/artifacts/release/plugins/advanced/commands/OMG:ship.md +46 -0
  134. package/artifacts/release/plugins/advanced/plugin.json +87 -0
  135. package/artifacts/release/registry/bundles/algorithms.yaml +1 -1
  136. package/artifacts/release/registry/bundles/api-twin.yaml +1 -1
  137. package/artifacts/release/registry/bundles/claim-judge.yaml +49 -0
  138. package/artifacts/release/registry/bundles/control-plane.yaml +1 -1
  139. package/artifacts/release/registry/bundles/data-lineage.yaml +1 -1
  140. package/artifacts/release/registry/bundles/delta-classifier.yaml +1 -1
  141. package/artifacts/release/registry/bundles/eval-gate.yaml +1 -1
  142. package/artifacts/release/registry/bundles/health.yaml +1 -1
  143. package/artifacts/release/registry/bundles/hook-governor.yaml +1 -1
  144. package/artifacts/release/registry/bundles/incident-replay.yaml +1 -1
  145. package/artifacts/release/registry/bundles/lsp-pack.yaml +1 -1
  146. package/artifacts/release/registry/bundles/mcp-fabric.yaml +1 -1
  147. package/artifacts/release/registry/bundles/plan-council.yaml +51 -0
  148. package/artifacts/release/registry/bundles/preflight.yaml +1 -1
  149. package/artifacts/release/registry/bundles/proof-gate.yaml +49 -0
  150. package/artifacts/release/registry/bundles/remote-supervisor.yaml +1 -1
  151. package/artifacts/release/registry/bundles/robotics.yaml +1 -1
  152. package/artifacts/release/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  153. package/artifacts/release/registry/bundles/security-check.yaml +1 -1
  154. package/artifacts/release/registry/bundles/test-intent-lock.yaml +49 -0
  155. package/artifacts/release/registry/bundles/tracebank.yaml +1 -1
  156. package/artifacts/release/registry/bundles/vision.yaml +1 -1
  157. package/artifacts/release/registry/omg-capability.schema.json +1 -1
  158. package/artifacts/release/settings.json +7 -3
  159. package/build/lib/commands/OMG:forge.md +92 -0
  160. package/build/lib/commands/OMG:mode.md +13 -13
  161. package/build/lib/commands/OMG:session-branch.md +17 -1
  162. package/build/lib/commands/OMG:session-fork.md +5 -1
  163. package/build/lib/commands/OMG:session-merge.md +5 -1
  164. package/build/lib/control_plane/openapi.yaml +1 -1
  165. package/build/lib/control_plane/server.py +4 -0
  166. package/build/lib/control_plane/service.py +55 -0
  167. package/build/lib/hooks/setup_wizard.py +21 -1
  168. package/build/lib/hooks/shadow_manager.py +25 -2
  169. package/build/lib/hooks/state_migration.py +3 -0
  170. package/build/lib/plugins/README.md +1 -1
  171. package/build/lib/plugins/advanced/commands/OMG:deep-plan.md +2 -1
  172. package/build/lib/plugins/advanced/plugin.json +1 -1
  173. package/build/lib/plugins/core/plugin.json +1 -1
  174. package/build/lib/plugins/dephealth/cve_scanner.py +91 -0
  175. package/build/lib/plugins/dephealth/vuln_analyzer.py +7 -0
  176. package/build/lib/registry/bundles/algorithms.yaml +1 -1
  177. package/build/lib/registry/bundles/api-twin.yaml +1 -1
  178. package/build/lib/registry/bundles/claim-judge.yaml +1 -1
  179. package/build/lib/registry/bundles/control-plane.yaml +1 -1
  180. package/build/lib/registry/bundles/data-lineage.yaml +1 -1
  181. package/build/lib/registry/bundles/delta-classifier.yaml +1 -1
  182. package/build/lib/registry/bundles/eval-gate.yaml +1 -1
  183. package/build/lib/registry/bundles/health.yaml +1 -1
  184. package/build/lib/registry/bundles/hook-governor.yaml +1 -1
  185. package/build/lib/registry/bundles/incident-replay.yaml +1 -1
  186. package/build/lib/registry/bundles/lsp-pack.yaml +1 -1
  187. package/build/lib/registry/bundles/mcp-fabric.yaml +1 -1
  188. package/build/lib/registry/bundles/plan-council.yaml +2 -2
  189. package/build/lib/registry/bundles/preflight.yaml +1 -1
  190. package/build/lib/registry/bundles/proof-gate.yaml +1 -1
  191. package/build/lib/registry/bundles/remote-supervisor.yaml +1 -1
  192. package/build/lib/registry/bundles/robotics.yaml +1 -1
  193. package/build/lib/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  194. package/build/lib/registry/bundles/security-check.yaml +1 -1
  195. package/build/lib/registry/bundles/test-intent-lock.yaml +1 -1
  196. package/build/lib/registry/bundles/tracebank.yaml +1 -1
  197. package/build/lib/registry/bundles/vision.yaml +1 -1
  198. package/build/lib/registry/omg-capability.schema.json +84 -2
  199. package/build/lib/runtime/adoption.py +13 -5
  200. package/build/lib/runtime/api_twin.py +4 -4
  201. package/build/lib/runtime/artifact_parsers.py +161 -0
  202. package/build/lib/runtime/background_verification.py +48 -0
  203. package/build/lib/runtime/claim_judge.py +184 -7
  204. package/build/lib/runtime/contract_compiler.py +189 -9
  205. package/build/lib/runtime/ecosystem.py +1 -1
  206. package/build/lib/runtime/evidence_query.py +203 -0
  207. package/build/lib/runtime/mcp_memory_server.py +1 -1
  208. package/build/lib/runtime/omg_compat_contract_snapshot.json +2 -2
  209. package/build/lib/runtime/omg_contract_snapshot.json +2 -2
  210. package/build/lib/runtime/omg_mcp_server.py +19 -0
  211. package/build/lib/runtime/playwright_adapter.py +39 -0
  212. package/build/lib/runtime/proof_chain.py +136 -8
  213. package/build/lib/runtime/proof_gate.py +102 -0
  214. package/build/lib/runtime/providers/gemini_provider.py +7 -0
  215. package/build/lib/runtime/providers/kimi_provider.py +7 -0
  216. package/build/lib/runtime/repro_pack.py +292 -0
  217. package/build/lib/runtime/runtime_profile.py +87 -15
  218. package/build/lib/runtime/security_check.py +86 -3
  219. package/build/lib/runtime/test_intent_lock.py +47 -0
  220. package/build/lib/runtime/tracebank.py +33 -3
  221. package/build/lib/runtime/verification_loop.py +73 -0
  222. package/commands/OMG:forge.md +92 -0
  223. package/commands/OMG:mode.md +13 -13
  224. package/commands/OMG:session-branch.md +17 -1
  225. package/commands/OMG:session-fork.md +5 -1
  226. package/commands/OMG:session-merge.md +5 -1
  227. package/control_plane/openapi.yaml +1 -1
  228. package/control_plane/server.py +4 -0
  229. package/control_plane/service.py +55 -0
  230. package/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
  231. package/dist/enterprise/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  232. package/dist/enterprise/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  233. package/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +4 -0
  234. package/dist/enterprise/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  235. package/dist/enterprise/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  236. package/dist/enterprise/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  237. package/dist/enterprise/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  238. package/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  239. package/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  240. package/dist/enterprise/bundle/.claude-plugin/marketplace.json +3 -3
  241. package/dist/enterprise/bundle/.claude-plugin/plugin.json +1 -1
  242. package/dist/enterprise/bundle/.gemini/settings.json +11 -0
  243. package/dist/enterprise/bundle/.kimi/mcp.json +11 -0
  244. package/dist/enterprise/bundle/.mcp.json +0 -22
  245. package/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +14 -1
  246. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +51 -6
  247. package/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +1 -1
  248. package/dist/enterprise/bundle/plugins/advanced/plugin.json +1 -1
  249. package/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
  250. package/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
  251. package/dist/enterprise/bundle/registry/bundles/claim-judge.yaml +49 -0
  252. package/dist/enterprise/bundle/registry/bundles/control-plane.yaml +1 -1
  253. package/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
  254. package/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
  255. package/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
  256. package/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
  257. package/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
  258. package/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
  259. package/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
  260. package/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  261. package/dist/enterprise/bundle/registry/bundles/plan-council.yaml +51 -0
  262. package/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
  263. package/dist/enterprise/bundle/registry/bundles/proof-gate.yaml +49 -0
  264. package/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  265. package/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
  266. package/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  267. package/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
  268. package/dist/enterprise/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  269. package/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
  270. package/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
  271. package/dist/enterprise/bundle/registry/omg-capability.schema.json +84 -2
  272. package/dist/enterprise/bundle/settings.json +8 -3
  273. package/dist/enterprise/manifest.json +92 -30
  274. package/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
  275. package/dist/public/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
  276. package/dist/public/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
  277. package/dist/public/bundle/.agents/skills/omg/codex-rules.md +4 -0
  278. package/dist/public/bundle/.agents/skills/omg/incident-replay/SKILL.md +1 -1
  279. package/dist/public/bundle/.agents/skills/omg/incident-replay/openai.yaml +1 -1
  280. package/dist/public/bundle/.agents/skills/omg/lsp-pack/SKILL.md +1 -1
  281. package/dist/public/bundle/.agents/skills/omg/lsp-pack/openai.yaml +1 -1
  282. package/dist/public/bundle/.agents/skills/omg/mcp-fabric/SKILL.md +1 -1
  283. package/dist/public/bundle/.agents/skills/omg/mcp-fabric/openai.yaml +1 -1
  284. package/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
  285. package/dist/public/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
  286. package/dist/public/bundle/.agents/skills/omg/preflight/SKILL.md +1 -1
  287. package/dist/public/bundle/.agents/skills/omg/preflight/openai.yaml +1 -1
  288. package/dist/public/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
  289. package/dist/public/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
  290. package/dist/public/bundle/.agents/skills/omg/remote-supervisor/SKILL.md +1 -1
  291. package/dist/public/bundle/.agents/skills/omg/remote-supervisor/openai.yaml +1 -1
  292. package/dist/public/bundle/.agents/skills/omg/robotics/SKILL.md +1 -1
  293. package/dist/public/bundle/.agents/skills/omg/robotics/openai.yaml +1 -1
  294. package/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md +1 -1
  295. package/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml +1 -1
  296. package/dist/public/bundle/.agents/skills/omg/security-check/SKILL.md +1 -1
  297. package/dist/public/bundle/.agents/skills/omg/security-check/openai.yaml +1 -1
  298. package/dist/public/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
  299. package/dist/public/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
  300. package/dist/public/bundle/.agents/skills/omg/tracebank/SKILL.md +1 -1
  301. package/dist/public/bundle/.agents/skills/omg/tracebank/openai.yaml +1 -1
  302. package/dist/public/bundle/.agents/skills/omg/vision/SKILL.md +1 -1
  303. package/dist/public/bundle/.agents/skills/omg/vision/openai.yaml +1 -1
  304. package/dist/public/bundle/.claude-plugin/marketplace.json +3 -3
  305. package/dist/public/bundle/.claude-plugin/plugin.json +1 -1
  306. package/dist/public/bundle/.gemini/settings.json +11 -0
  307. package/dist/public/bundle/.kimi/mcp.json +11 -0
  308. package/dist/public/bundle/.mcp.json +0 -22
  309. package/dist/public/bundle/OMG_COMPAT_CONTRACT.md +14 -1
  310. package/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +51 -6
  311. package/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +1 -1
  312. package/dist/public/bundle/plugins/advanced/plugin.json +1 -1
  313. package/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
  314. package/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
  315. package/dist/public/bundle/registry/bundles/claim-judge.yaml +49 -0
  316. package/dist/public/bundle/registry/bundles/control-plane.yaml +1 -1
  317. package/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
  318. package/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
  319. package/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
  320. package/dist/public/bundle/registry/bundles/health.yaml +1 -1
  321. package/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
  322. package/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
  323. package/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
  324. package/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
  325. package/dist/public/bundle/registry/bundles/plan-council.yaml +51 -0
  326. package/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
  327. package/dist/public/bundle/registry/bundles/proof-gate.yaml +49 -0
  328. package/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
  329. package/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
  330. package/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  331. package/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
  332. package/dist/public/bundle/registry/bundles/test-intent-lock.yaml +49 -0
  333. package/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
  334. package/dist/public/bundle/registry/bundles/vision.yaml +1 -1
  335. package/dist/public/bundle/registry/omg-capability.schema.json +84 -2
  336. package/dist/public/bundle/settings.json +9 -4
  337. package/dist/public/manifest.json +112 -50
  338. package/docs/proof.md +7 -6
  339. package/hooks/setup_wizard.py +21 -1
  340. package/hooks/shadow_manager.py +25 -2
  341. package/hooks/state_migration.py +3 -0
  342. package/hud/omg-hud.mjs +66 -3
  343. package/package.json +1 -1
  344. package/plugins/README.md +1 -1
  345. package/plugins/advanced/commands/OMG:deep-plan.md +2 -1
  346. package/plugins/advanced/plugin.json +1 -1
  347. package/plugins/core/plugin.json +1 -1
  348. package/plugins/dephealth/cve_scanner.py +91 -0
  349. package/plugins/dephealth/vuln_analyzer.py +7 -0
  350. package/pyproject.toml +5 -1
  351. package/registry/bundles/algorithms.yaml +1 -1
  352. package/registry/bundles/api-twin.yaml +1 -1
  353. package/registry/bundles/claim-judge.yaml +1 -1
  354. package/registry/bundles/control-plane.yaml +1 -1
  355. package/registry/bundles/data-lineage.yaml +1 -1
  356. package/registry/bundles/delta-classifier.yaml +1 -1
  357. package/registry/bundles/eval-gate.yaml +1 -1
  358. package/registry/bundles/health.yaml +1 -1
  359. package/registry/bundles/hook-governor.yaml +1 -1
  360. package/registry/bundles/incident-replay.yaml +1 -1
  361. package/registry/bundles/lsp-pack.yaml +1 -1
  362. package/registry/bundles/mcp-fabric.yaml +1 -1
  363. package/registry/bundles/plan-council.yaml +2 -2
  364. package/registry/bundles/preflight.yaml +1 -1
  365. package/registry/bundles/proof-gate.yaml +1 -1
  366. package/registry/bundles/remote-supervisor.yaml +1 -1
  367. package/registry/bundles/robotics.yaml +1 -1
  368. package/registry/bundles/secure-worktree-pipeline.yaml +1 -1
  369. package/registry/bundles/security-check.yaml +1 -1
  370. package/registry/bundles/test-intent-lock.yaml +1 -1
  371. package/registry/bundles/tracebank.yaml +1 -1
  372. package/registry/bundles/vision.yaml +1 -1
  373. package/registry/omg-capability.schema.json +84 -2
  374. package/runtime/adoption.py +13 -5
  375. package/runtime/api_twin.py +4 -4
  376. package/runtime/artifact_parsers.py +161 -0
  377. package/runtime/background_verification.py +48 -0
  378. package/runtime/claim_judge.py +184 -7
  379. package/runtime/contract_compiler.py +189 -9
  380. package/runtime/ecosystem.py +1 -1
  381. package/runtime/evidence_query.py +203 -0
  382. package/runtime/mcp_memory_server.py +1 -1
  383. package/runtime/omg_compat_contract_snapshot.json +2 -2
  384. package/runtime/omg_contract_snapshot.json +2 -2
  385. package/runtime/omg_mcp_server.py +19 -0
  386. package/runtime/playwright_adapter.py +39 -0
  387. package/runtime/proof_chain.py +136 -8
  388. package/runtime/proof_gate.py +102 -0
  389. package/runtime/providers/gemini_provider.py +7 -0
  390. package/runtime/providers/kimi_provider.py +7 -0
  391. package/runtime/repro_pack.py +292 -0
  392. package/runtime/runtime_profile.py +87 -15
  393. package/runtime/security_check.py +86 -3
  394. package/runtime/test_intent_lock.py +47 -0
  395. package/runtime/tracebank.py +33 -3
  396. package/runtime/verification_loop.py +73 -0
  397. package/scripts/omg.py +31 -4
  398. package/settings.json +8 -3
  399. package/tools/python_sandbox.py +9 -6
  400. package/tools/session_snapshot.py +146 -40
@@ -2,31 +2,93 @@
2
2
  from __future__ import annotations
3
3
 
4
4
  from pathlib import Path
5
- from typing import Any
5
+ from typing import TypedDict, cast
6
6
 
7
7
  import yaml
8
8
 
9
+ from .adoption import CANONICAL_MODE_NAMES
9
10
 
10
- PROFILE_PRESETS: dict[str, dict[str, Any]] = {
11
+
12
+ class RuntimeProfile(TypedDict):
13
+ profile: str
14
+ max_workers: int
15
+ background_polling: bool
16
+
17
+
18
+ class CanonicalModeProfile(TypedDict):
19
+ concurrency: int
20
+ background_verification: bool
21
+ context_window: str
22
+ noise_level: str
23
+
24
+
25
+ PROFILE_PRESETS: dict[str, RuntimeProfile] = {
11
26
  "eco": {"profile": "eco", "max_workers": 2, "background_polling": False},
12
27
  "balanced": {"profile": "balanced", "max_workers": 3, "background_polling": False},
13
28
  "turbo": {"profile": "turbo", "max_workers": 5, "background_polling": True},
14
29
  }
15
30
 
31
+ RUNTIME_CONCURRENCY_PROFILE_NAMES = tuple(PROFILE_PRESETS.keys())
32
+ RESERVED_CANONICAL_MODE_NAMES = CANONICAL_MODE_NAMES
33
+
34
+ _CANONICAL_MODE_PROFILES: dict[str, CanonicalModeProfile] = {
35
+ "chill": {
36
+ "concurrency": 1,
37
+ "background_verification": False,
38
+ "context_window": "minimal",
39
+ "noise_level": "quiet",
40
+ },
41
+ "focused": {
42
+ "concurrency": 2,
43
+ "background_verification": False,
44
+ "context_window": "standard",
45
+ "noise_level": "normal",
46
+ },
47
+ "exploratory": {
48
+ "concurrency": 4,
49
+ "background_verification": True,
50
+ "context_window": "extended",
51
+ "noise_level": "verbose",
52
+ },
53
+ }
54
+
55
+
56
+ def load_canonical_mode_profile(mode: str) -> dict[str, object]:
57
+ normalized_mode = mode.strip().lower()
58
+ profile = _CANONICAL_MODE_PROFILES.get(normalized_mode)
59
+ if profile is None:
60
+ raise ValueError(
61
+ f"Unknown canonical mode: {mode!r}. Valid: chill, focused, exploratory"
62
+ )
63
+ return dict(profile)
16
64
 
17
- def load_runtime_profile(project_dir: str) -> dict[str, Any]:
65
+
66
+ def load_runtime_profile(project_dir: str) -> RuntimeProfile:
18
67
  runtime_path = Path(project_dir) / ".omg" / "runtime.yaml"
19
68
  profile_name = "balanced"
20
69
  if runtime_path.exists():
21
70
  try:
22
- payload = yaml.safe_load(runtime_path.read_text(encoding="utf-8")) or {}
71
+ raw_payload: object = yaml.safe_load(runtime_path.read_text(encoding="utf-8")) or {}
23
72
  except Exception:
24
- payload = {}
25
- if isinstance(payload, dict):
26
- candidate = str(payload.get("profile", profile_name)).strip()
27
- if candidate in PROFILE_PRESETS:
73
+ raw_payload = {}
74
+ if isinstance(raw_payload, dict):
75
+ payload_map = cast(dict[object, object], raw_payload)
76
+ payload: dict[str, object] = {}
77
+ for key, value in payload_map.items():
78
+ if isinstance(key, str):
79
+ payload[key] = value
80
+ candidate_obj = payload.get("profile", profile_name)
81
+ candidate = candidate_obj.strip() if isinstance(candidate_obj, str) else profile_name
82
+ if candidate in RUNTIME_CONCURRENCY_PROFILE_NAMES:
28
83
  profile_name = candidate
29
- return dict(PROFILE_PRESETS[profile_name])
84
+
85
+ preset = PROFILE_PRESETS[profile_name]
86
+ result: RuntimeProfile = {
87
+ "profile": preset["profile"],
88
+ "max_workers": preset["max_workers"],
89
+ "background_polling": preset["background_polling"],
90
+ }
91
+ return result
30
92
 
31
93
 
32
94
  def resolve_parallel_workers(project_dir: str, *, requested_workers: int) -> int:
@@ -43,19 +105,29 @@ def _load_cli_parallel_cap(project_dir: str) -> int | None:
43
105
  if not config_path.exists():
44
106
  return None
45
107
  try:
46
- payload = yaml.safe_load(config_path.read_text(encoding="utf-8")) or {}
108
+ raw_payload: object = yaml.safe_load(config_path.read_text(encoding="utf-8")) or {}
47
109
  except Exception:
48
110
  return None
49
- if not isinstance(payload, dict):
111
+ if not isinstance(raw_payload, dict):
50
112
  return None
51
- cli_configs = payload.get("cli_configs", {})
52
- if not isinstance(cli_configs, dict):
113
+
114
+ payload_map = cast(dict[object, object], raw_payload)
115
+ payload: dict[str, object] = {}
116
+ for key, value in payload_map.items():
117
+ if isinstance(key, str):
118
+ payload[key] = value
119
+
120
+ cli_configs_obj = payload.get("cli_configs")
121
+ if not isinstance(cli_configs_obj, dict):
53
122
  return None
54
- caps = []
123
+
124
+ cli_configs = cast(dict[object, object], cli_configs_obj)
125
+ caps: list[int] = []
55
126
  for config in cli_configs.values():
56
127
  if not isinstance(config, dict):
57
128
  continue
58
- value = config.get("max_parallel_agents")
129
+ config_map = cast(dict[object, object], config)
130
+ value = config_map.get("max_parallel_agents")
59
131
  if isinstance(value, int) and value > 0:
60
132
  caps.append(value)
61
133
  return min(caps) if caps else None
@@ -8,6 +8,7 @@ from hashlib import sha256
8
8
  import json
9
9
  from pathlib import Path
10
10
  import re
11
+ import shutil
11
12
  import subprocess
12
13
  from typing import Any
13
14
 
@@ -128,6 +129,8 @@ def run_security_check(
128
129
  "severity": finding.get("severity"),
129
130
  "exploitability": finding.get("exploitability", "unknown"),
130
131
  "reachability": finding.get("reachability", "unknown"),
132
+ "kev_listed": finding.get("kev_listed", False),
133
+ "epss_score": finding.get("epss_score"),
131
134
  "waived": bool(finding.get("waived")),
132
135
  "waiver_justification": finding.get("waiver_justification", ""),
133
136
  "message": finding.get("message", ""),
@@ -267,9 +270,89 @@ def _scan_python_ast(scope_path: Path) -> list[dict[str, Any]]:
267
270
  continue
268
271
  findings.extend(_scan_python_file(py_file, source))
269
272
  findings.extend(_run_bandit_if_available(scope_path))
273
+ findings.extend(_scan_semgrep(scope_path))
270
274
  return findings
271
275
 
272
276
 
277
+ def run_semgrep_scan(project_dir: str, rules: str = "auto") -> dict[str, Any]:
278
+ unavailable = {"status": "unavailable", "findings": [], "error": "semgrep not found"}
279
+ if shutil.which("semgrep") is None:
280
+ return unavailable
281
+
282
+ cmd = ["semgrep", "--json", "--config", rules, project_dir]
283
+ try:
284
+ proc = subprocess.run(cmd, capture_output=True, text=True, check=False, timeout=60)
285
+ except Exception:
286
+ return unavailable
287
+
288
+ if proc.returncode not in {0, 1}:
289
+ return unavailable
290
+
291
+ try:
292
+ payload = json.loads(proc.stdout or "{}")
293
+ except Exception:
294
+ return unavailable
295
+
296
+ findings: list[dict[str, Any]] = []
297
+ for item in payload.get("results", []):
298
+ extra = item.get("extra") if isinstance(item.get("extra"), dict) else {}
299
+ start = item.get("start") if isinstance(item.get("start"), dict) else {}
300
+ findings.append(
301
+ {
302
+ "severity": _normalize_semgrep_severity(str(extra.get("severity", "WARNING"))),
303
+ "rule": str(item.get("check_id", "semgrep")),
304
+ "path": str(item.get("path", "")),
305
+ "line": _safe_int(start.get("line", 1), default=1),
306
+ "message": str(extra.get("message", "Semgrep finding")),
307
+ }
308
+ )
309
+ return {"status": "ok", "findings": findings, "error": ""}
310
+
311
+
312
+ def _normalize_semgrep_severity(raw: str) -> str:
313
+ lowered = raw.lower()
314
+ if lowered in {"error", "critical"}:
315
+ return "high"
316
+ if lowered in {"warning", "warn"}:
317
+ return "medium"
318
+ if lowered in {"info", "note", "low"}:
319
+ return "low"
320
+ return _normalize_severity(lowered)
321
+
322
+
323
+ def _scan_semgrep(scope_path: Path) -> list[dict[str, Any]]:
324
+ result = run_semgrep_scan(str(scope_path))
325
+ if result.get("status") != "ok":
326
+ return []
327
+
328
+ findings: list[dict[str, Any]] = []
329
+ for item in result.get("findings", []):
330
+ if not isinstance(item, dict):
331
+ continue
332
+ file_path = Path(str(item.get("path", "")))
333
+ findings.append(
334
+ _finding(
335
+ rule_id=str(item.get("rule", "semgrep")),
336
+ source_name="semgrep-ce",
337
+ category="python_ast",
338
+ severity=_normalize_severity(str(item.get("severity", "medium"))),
339
+ path=file_path,
340
+ line=_safe_int(item.get("line", 1), default=1),
341
+ message=str(item.get("message", "Semgrep finding")),
342
+ recommendation="Review Semgrep finding and apply the suggested remediation.",
343
+ snippet="",
344
+ )
345
+ )
346
+ return findings
347
+
348
+
349
+ def _safe_int(value: Any, *, default: int) -> int:
350
+ try:
351
+ return int(value)
352
+ except (TypeError, ValueError):
353
+ return default
354
+
355
+
273
356
  def _scan_secret_patterns(scope_path: Path) -> list[dict[str, Any]]:
274
357
  findings: list[dict[str, Any]] = []
275
358
  for candidate in _iter_text_candidates(scope_path):
@@ -488,9 +571,7 @@ def _run_bandit_if_available(scope_path: Path) -> list[dict[str, Any]]:
488
571
 
489
572
 
490
573
  def _command_exists(command: str) -> bool:
491
- from shutil import which
492
-
493
- return which(command) is not None
574
+ return shutil.which(command) is not None
494
575
 
495
576
 
496
577
  def _scan_dependency_health(scope_path: Path, include_live_enrichment: bool) -> list[dict[str, Any]]:
@@ -530,6 +611,8 @@ def _scan_dependency_health(scope_path: Path, include_live_enrichment: bool) ->
530
611
  "severity": _normalize_severity(str(vuln.get("severity", "unknown"))),
531
612
  "exploitability": _risk_to_exploitability(str(reachability.get("risk_level", ""))),
532
613
  "reachability": _normalize_reachability(str(reachability.get("reachability", "unknown"))),
614
+ "kev_listed": reachability.get("kev_listed", False),
615
+ "epss_score": reachability.get("epss_score"),
533
616
  "evidence": {
534
617
  "package": package_name,
535
618
  "version": dependency["version"],
@@ -1,6 +1,47 @@
1
1
  from __future__ import annotations
2
2
 
3
+ import json
4
+ from pathlib import Path
3
5
  from typing import Any
6
+ from uuid import uuid4
7
+
8
+
9
+ def lock_intent(project_dir: str, intent: dict[str, Any]) -> dict[str, Any]:
10
+ lock_id = str(uuid4())
11
+ lock_dir = Path(project_dir) / ".omg" / "state" / "test-intent-lock"
12
+ lock_dir.mkdir(parents=True, exist_ok=True)
13
+
14
+ lock_path = lock_dir / f"{lock_id}.json"
15
+ payload = {"schema": "TestIntentLock", "lock_id": lock_id, "intent": intent}
16
+ lock_path.write_text(json.dumps(payload, indent=2, sort_keys=True), encoding="utf-8")
17
+
18
+ return {"lock_id": lock_id, "status": "locked", "path": str(lock_path)}
19
+
20
+
21
+ def verify_intent(project_dir: str, lock_id: str, results: dict[str, Any]) -> dict[str, Any]:
22
+ lock_path = Path(project_dir) / ".omg" / "state" / "test-intent-lock" / f"{lock_id}.json"
23
+ if not lock_path.exists():
24
+ return {"status": "missing_lock", "lock_id": lock_id, "reasons": ["missing lock state"]}
25
+
26
+ try:
27
+ payload = json.loads(lock_path.read_text(encoding="utf-8"))
28
+ except (OSError, json.JSONDecodeError):
29
+ return {"status": "missing_lock", "lock_id": lock_id, "reasons": ["missing lock state"]}
30
+
31
+ intent = payload.get("intent") if isinstance(payload, dict) else {}
32
+ intent_tests = _normalize_string_list(intent.get("tests") if isinstance(intent, dict) else None)
33
+ result_tests = _normalize_string_list(results.get("tests"))
34
+ weakened_assertions = results.get("weakened_assertions")
35
+
36
+ reasons: list[str] = []
37
+ if isinstance(weakened_assertions, list) and weakened_assertions:
38
+ reasons.append("weakened_assertions_present")
39
+
40
+ if result_tests != intent_tests:
41
+ reasons.append("tests_mismatch")
42
+
43
+ status = "ok" if not reasons else "fail"
44
+ return {"status": status, "lock_id": lock_id, "reasons": reasons}
4
45
 
5
46
 
6
47
  def evaluate_test_delta(delta: dict[str, Any]) -> dict[str, Any]:
@@ -89,3 +130,9 @@ def _normalize_tests(value: Any) -> list[dict[str, Any]]:
89
130
  }
90
131
  )
91
132
  return tests
133
+
134
+
135
+ def _normalize_string_list(value: Any) -> list[str]:
136
+ if not isinstance(value, list):
137
+ return []
138
+ return [str(item).strip() for item in value if str(item).strip()]
@@ -40,6 +40,7 @@ def record_trace(
40
40
  trace_type: str,
41
41
  route: str,
42
42
  status: str,
43
+ schema_version: int | None = None,
43
44
  plan: dict[str, Any] | None = None,
44
45
  patch: dict[str, Any] | None = None,
45
46
  verify: dict[str, Any] | None = None,
@@ -49,7 +50,7 @@ def record_trace(
49
50
  ) -> dict[str, Any]:
50
51
  trace_id = f"trace-{uuid4().hex}"
51
52
  timestamp = _now()
52
- record = {
53
+ record: dict[str, Any] = {
53
54
  "schema": "TracebankRecord",
54
55
  "trace_id": trace_id,
55
56
  "timestamp": timestamp,
@@ -66,6 +67,10 @@ def record_trace(
66
67
  "rejections": rejections or [],
67
68
  "metadata": metadata or {},
68
69
  }
70
+ if schema_version is not None:
71
+ record["schema_version"] = schema_version
72
+ elif isinstance(metadata, dict) and metadata.get("schema_version") is not None:
73
+ record["schema_version"] = metadata.get("schema_version")
69
74
 
70
75
  path = Path(project_dir) / TRACEBANK_REL_PATH
71
76
  path.parent.mkdir(parents=True, exist_ok=True)
@@ -73,11 +78,34 @@ def record_trace(
73
78
  _ = handle.write(json.dumps(record, ensure_ascii=True) + "\n")
74
79
 
75
80
  record["path"] = TRACEBANK_REL_PATH.as_posix()
81
+
82
+ verification_status = (metadata or {}).get("verification_status")
83
+ if verification_status:
84
+ try:
85
+ from runtime.background_verification import publish_verification_state
86
+
87
+ publish_verification_state(
88
+ project_dir=project_dir,
89
+ run_id=trace_id,
90
+ status=str(verification_status),
91
+ blockers=(metadata or {}).get("verification_blockers", []),
92
+ evidence_links=(metadata or {}).get("verification_evidence_links", []),
93
+ progress=(metadata or {}).get("verification_progress", {}),
94
+ )
95
+ except Exception:
96
+ pass
97
+
76
98
  return record
77
99
 
78
100
 
79
- def link_evidence(project_dir: str, *, trace_id: str, evidence_path: str) -> dict[str, Any]:
80
- link = {
101
+ def link_evidence(
102
+ project_dir: str,
103
+ *,
104
+ trace_id: str,
105
+ evidence_path: str,
106
+ schema_version: int | None = None,
107
+ ) -> dict[str, Any]:
108
+ link: dict[str, Any] = {
81
109
  "schema": "TraceEvidenceLink",
82
110
  "trace_id": trace_id,
83
111
  "evidence_path": evidence_path,
@@ -85,6 +113,8 @@ def link_evidence(project_dir: str, *, trace_id: str, evidence_path: str) -> dic
85
113
  "executor": _executor(),
86
114
  "environment": _environment(),
87
115
  }
116
+ if schema_version is not None:
117
+ link["schema_version"] = schema_version
88
118
 
89
119
  path = Path(project_dir) / TRACEBANK_EVIDENCE_LINKS_REL_PATH
90
120
  path.parent.mkdir(parents=True, exist_ok=True)
@@ -0,0 +1,73 @@
1
+ from __future__ import annotations
2
+
3
+ from collections.abc import Mapping
4
+ from typing import cast
5
+
6
+
7
+ def _as_int(value: object, default: int) -> int:
8
+ if isinstance(value, bool):
9
+ return int(value)
10
+ if isinstance(value, int):
11
+ return value
12
+ if isinstance(value, float):
13
+ return int(value)
14
+ if isinstance(value, str):
15
+ try:
16
+ return int(value)
17
+ except ValueError:
18
+ return default
19
+ return default
20
+
21
+
22
+ def _as_string_list(value: object) -> list[str]:
23
+ if not isinstance(value, list):
24
+ return []
25
+ items = cast(list[object], value)
26
+ return [str(item) for item in items]
27
+
28
+
29
+ def build_loop_policy(
30
+ host: str,
31
+ max_iterations: int,
32
+ timeout_minutes: int,
33
+ read_only_default: bool = True,
34
+ ) -> dict[str, object]:
35
+ return {
36
+ "host": host,
37
+ "max_iterations": max_iterations,
38
+ "timeout_minutes": timeout_minutes,
39
+ "read_only_default": read_only_default,
40
+ }
41
+
42
+
43
+ def should_continue_loop(state: Mapping[str, object]) -> dict[str, object]:
44
+ iteration = _as_int(state.get("iteration", 0), 0)
45
+ max_iterations = _as_int(state.get("max_iterations", 0), 0)
46
+ status = str(state.get("status", ""))
47
+
48
+ if iteration >= max_iterations:
49
+ return {"continue": False, "reason": "max_iterations_reached"}
50
+ if status == "ok":
51
+ return {"continue": False, "reason": "status_ok"}
52
+ return {"continue": True, "reason": "within_budget"}
53
+
54
+
55
+ def summarize_next_step(state: Mapping[str, object]) -> dict[str, object]:
56
+ status = str(state.get("status", ""))
57
+ blockers = _as_string_list(state.get("blockers"))
58
+ evidence_links = _as_string_list(state.get("evidence_links"))
59
+
60
+ if blockers:
61
+ next_action = f"resolve blockers: {', '.join(blockers)}"
62
+ elif status in {"error", "blocked"}:
63
+ next_action = "verify evidence links and remediate verification errors"
64
+ elif evidence_links:
65
+ next_action = "verify evidence links"
66
+ else:
67
+ next_action = "collect verification evidence links"
68
+
69
+ return {
70
+ "next_action": next_action,
71
+ "evidence_links": evidence_links,
72
+ "blockers": blockers,
73
+ }
package/scripts/omg.py CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env python3
2
- """OMG 2.0.7 CLI entrypoint.
2
+ """OMG 2.0.8 CLI entrypoint.
3
3
 
4
4
  Implements practical command-line flows for:
5
5
  - omg ship
@@ -10,6 +10,7 @@ Implements practical command-line flows for:
10
10
  - omg trust review
11
11
  - omg runtime dispatch
12
12
  - omg lab train / omg lab eval
13
+ - omg forge run
13
14
  """
14
15
  from __future__ import annotations
15
16
 
@@ -57,7 +58,7 @@ from runtime.compat import (
57
58
  list_compat_skills,
58
59
  run_doctor,
59
60
  )
60
- from runtime.adoption import CANONICAL_VERSION
61
+ from runtime.adoption import CANONICAL_VERSION, VALID_PRESETS
61
62
  from runtime.ecosystem import ecosystem_status, list_ecosystem_repos, sync_ecosystem_repos
62
63
  from runtime.team_router import TeamDispatchRequest, dispatch_team, execute_ccg_mode, execute_crazy_mode
63
64
 
@@ -409,6 +410,22 @@ def cmd_lab_eval(args: argparse.Namespace) -> int:
409
410
  return 0 if out.get("status") == "published" else 2
410
411
 
411
412
 
413
+ def cmd_forge_run(args: argparse.Namespace) -> int:
414
+ preset = args.preset
415
+ if preset != "labs":
416
+ print(
417
+ json.dumps(
418
+ {"status": "error", "message": f"forge requires labs preset, got: {preset}"},
419
+ indent=2,
420
+ )
421
+ )
422
+ return 2
423
+ job = json.loads(args.job_json) if args.job_json else _load_json(args.job)
424
+ result = run_pipeline(job)
425
+ print(json.dumps(result, indent=2))
426
+ return 0 if result.get("status") in {"ready", "failed_evaluation"} else 2
427
+
428
+
412
429
  def cmd_teams(args: argparse.Namespace) -> int:
413
430
  files = [f.strip() for f in args.files.split(",") if f.strip()] if args.files else []
414
431
  req = TeamDispatchRequest(
@@ -633,12 +650,14 @@ def _add_contract_subcommands(parent: argparse.ArgumentParser, *, dest: str) ->
633
650
  contract_validate = contract_sub.add_parser("validate", help="Validate contract doc, schema, and bundle registry")
634
651
  contract_validate.set_defaults(func=cmd_contract_validate)
635
652
 
636
- contract_compile = contract_sub.add_parser("compile", help="Compile Claude/Codex artifacts from the canonical contract")
653
+ contract_compile = contract_sub.add_parser(
654
+ "compile", help="Compile host artifacts from the canonical contract"
655
+ )
637
656
  contract_compile.add_argument(
638
657
  "--host",
639
658
  dest="hosts",
640
659
  action="append",
641
- choices=["claude", "codex"],
660
+ choices=["claude", "codex", "gemini", "kimi"],
642
661
  required=True,
643
662
  help="Host to compile (repeat for multiple hosts)",
644
663
  )
@@ -816,6 +835,14 @@ def build_parser() -> argparse.ArgumentParser:
816
835
  lab_eval.add_argument("--result-json", default="", help="Inline result json")
817
836
  lab_eval.set_defaults(func=cmd_lab_eval)
818
837
 
838
+ forge = sub.add_parser("forge", help="Labs-only domain-model prototyping and evaluation")
839
+ forge_sub = forge.add_subparsers(dest="forge_command", required=True)
840
+ forge_run = forge_sub.add_parser("run", help="Run a forge job through the lab pipeline")
841
+ forge_run.add_argument("--job", default="", help="Path to job json")
842
+ forge_run.add_argument("--job-json", default="", help="Inline job json")
843
+ forge_run.add_argument("--preset", default="labs", choices=list(VALID_PRESETS), help="Adoption preset (must be labs)")
844
+ forge_run.set_defaults(func=cmd_forge_run)
845
+
819
846
  teams = sub.add_parser("teams", help="Internal OMG team routing")
820
847
  teams.add_argument("--target", default="auto", choices=["auto", "codex", "gemini", "ccg"])
821
848
  teams.add_argument("--problem", required=True)
package/settings.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
3
- "_comment": "OMG 2.0.7 - project-level config with hook registrations, presets, and feature flags.",
3
+ "_comment": "OMG 2.0.9 - project-level config with hook registrations, presets, and feature flags.",
4
4
  "permissions": {
5
5
  "allow": [
6
6
  "Agent",
@@ -306,8 +306,9 @@
306
306
  ]
307
307
  },
308
308
  "_omg": {
309
- "_version": "2.0.7",
309
+ "_version": "2.0.9",
310
310
  "preset": "safe",
311
+ "omgMode": "focused",
311
312
  "default_mode": "ulw+ralph",
312
313
  "vision_auto": true,
313
314
  "false_fix_detection": true,
@@ -359,10 +360,14 @@
359
360
  "CONTEXT_MANAGER": false
360
361
  },
361
362
  "generated": {
362
- "contract_version": "2.0.7",
363
+ "contract_version": "2.0.9",
363
364
  "channel": "enterprise",
364
365
  "required_bundles": [
365
366
  "control-plane",
367
+ "plan-council",
368
+ "claim-judge",
369
+ "test-intent-lock",
370
+ "proof-gate",
366
371
  "hook-governor",
367
372
  "mcp-fabric",
368
373
  "lsp-pack",
@@ -1,6 +1,5 @@
1
1
  #!/usr/bin/env python3
2
- """
3
- Security Sandbox for OMG Python REPL
2
+ """Security Sandbox for OMG Python REPL (REPL-only).
4
3
 
5
4
  Provides a restricted execution environment that blocks dangerous operations:
6
5
  - Dangerous imports (subprocess, socket, ctypes, etc.)
@@ -11,6 +10,10 @@ Provides a restricted execution environment that blocks dangerous operations:
11
10
 
12
11
  Feature flag: OMG_REPL_SANDBOX_ENABLED (default: False)
13
12
 
13
+ This module is the concrete REPL-only sandbox implementation. Broader sandbox
14
+ policy is mediated by hook-level controls in hooks/firewall.py and
15
+ hooks/secret-guard.py.
16
+
14
17
  Usage:
15
18
  from tools.python_sandbox import execute_sandboxed, is_safe_code, create_sandbox
16
19
 
@@ -67,7 +70,7 @@ def _is_sandbox_enabled() -> bool:
67
70
 
68
71
  # --- Blocked imports configuration ---
69
72
 
70
- _DEFAULT_BLOCKED_IMPORTS: frozenset = frozenset({
73
+ _DEFAULT_BLOCKED_IMPORTS: frozenset[str] = frozenset({
71
74
  "subprocess",
72
75
  "socket",
73
76
  "ctypes",
@@ -91,13 +94,13 @@ def _get_blocked_imports() -> Set[str]:
91
94
  env_val = os.environ.get("OMG_SANDBOX_BLOCKED_IMPORTS", "").strip()
92
95
  if env_val:
93
96
  custom = frozenset(name.strip() for name in env_val.split(",") if name.strip())
94
- return _DEFAULT_BLOCKED_IMPORTS | custom
97
+ return set(_DEFAULT_BLOCKED_IMPORTS | custom)
95
98
  return set(_DEFAULT_BLOCKED_IMPORTS)
96
99
 
97
100
 
98
101
  # --- Blocked builtins ---
99
102
 
100
- _DANGEROUS_BUILTINS: frozenset = frozenset({
103
+ _DANGEROUS_BUILTINS: frozenset[str] = frozenset({
101
104
  "__import__",
102
105
  "eval",
103
106
  "exec",
@@ -278,7 +281,7 @@ def _check_string_escapes(code: str) -> Optional[str]:
278
281
 
279
282
  # --- Restricted open() ---
280
283
 
281
- _ALLOWED_READ_MODES: frozenset = frozenset({
284
+ _ALLOWED_READ_MODES: frozenset[str] = frozenset({
282
285
  "r", "rb", "rt",
283
286
  "", # default mode is 'r'
284
287
  })