@trac3er/oh-my-god 2.0.7 → 2.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +3 -3
- package/.claude-plugin/plugin.json +1 -1
- package/.claude-plugin/scripts/uninstall.sh +1 -1
- package/.gemini/settings.json +11 -0
- package/.kimi/mcp.json +11 -0
- package/CHANGELOG.md +17 -0
- package/OMG-setup.sh +1 -1
- package/OMG_COMPAT_CONTRACT.md +14 -1
- package/README.md +2 -1
- package/artifacts/release/.agents/skills/omg/AGENTS.fragment.md +7 -1
- package/artifacts/release/.agents/skills/omg/claim-judge/SKILL.md +11 -0
- package/artifacts/release/.agents/skills/omg/claim-judge/openai.yaml +13 -0
- package/artifacts/release/.agents/skills/omg/codex-rules.md +4 -0
- package/artifacts/release/.agents/skills/omg/plan-council/SKILL.md +11 -0
- package/artifacts/release/.agents/skills/omg/plan-council/openai.yaml +12 -0
- package/artifacts/release/.agents/skills/omg/proof-gate/SKILL.md +11 -0
- package/artifacts/release/.agents/skills/omg/proof-gate/openai.yaml +13 -0
- package/artifacts/release/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
- package/artifacts/release/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
- package/artifacts/release/.claude-plugin/marketplace.json +3 -3
- package/artifacts/release/.claude-plugin/plugin.json +1 -1
- package/artifacts/release/.mcp.json +0 -22
- package/artifacts/release/OMG_COMPAT_CONTRACT.md +8 -1
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +4 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
- package/artifacts/release/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
- package/artifacts/release/dist/enterprise/bundle/.claude-plugin/marketplace.json +36 -0
- package/artifacts/release/dist/enterprise/bundle/.claude-plugin/plugin.json +23 -0
- package/artifacts/release/dist/enterprise/bundle/.mcp.json +18 -0
- package/artifacts/release/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +8 -1
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +266 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
- package/artifacts/release/dist/enterprise/bundle/plugins/advanced/plugin.json +87 -0
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/claim-judge.yaml +49 -0
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/control-plane.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/plan-council.yaml +51 -0
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/proof-gate.yaml +49 -0
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/test-intent-lock.yaml +49 -0
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
- package/artifacts/release/dist/enterprise/bundle/registry/omg-capability.schema.json +1 -1
- package/artifacts/release/dist/enterprise/bundle/settings.json +598 -0
- package/artifacts/release/dist/enterprise/manifest.json +131 -23
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +55 -4
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/codex-rules.md +33 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
- package/artifacts/release/dist/public/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
- package/artifacts/release/dist/public/bundle/.claude-plugin/marketplace.json +3 -3
- package/artifacts/release/dist/public/bundle/.claude-plugin/plugin.json +1 -1
- package/artifacts/release/dist/public/bundle/.mcp.json +0 -22
- package/artifacts/release/dist/public/bundle/OMG_COMPAT_CONTRACT.md +8 -1
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:code-review.md +114 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +266 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:handoff.md +115 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:learn.md +110 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:maintainer.md +31 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ralph-start.md +43 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:security-review.md +16 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +46 -0
- package/artifacts/release/dist/public/bundle/plugins/advanced/plugin.json +87 -0
- package/artifacts/release/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/claim-judge.yaml +49 -0
- package/artifacts/release/dist/public/bundle/registry/bundles/control-plane.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/health.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/plan-council.yaml +51 -0
- package/artifacts/release/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/proof-gate.yaml +49 -0
- package/artifacts/release/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/test-intent-lock.yaml +49 -0
- package/artifacts/release/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/bundles/vision.yaml +1 -1
- package/artifacts/release/dist/public/bundle/registry/omg-capability.schema.json +1 -1
- package/artifacts/release/dist/public/bundle/settings.json +76 -4
- package/artifacts/release/dist/public/manifest.json +122 -26
- package/artifacts/release/plugins/advanced/commands/OMG:code-review.md +114 -0
- package/artifacts/release/plugins/advanced/commands/OMG:deep-plan.md +266 -0
- package/artifacts/release/plugins/advanced/commands/OMG:handoff.md +115 -0
- package/artifacts/release/plugins/advanced/commands/OMG:learn.md +110 -0
- package/artifacts/release/plugins/advanced/commands/OMG:maintainer.md +31 -0
- package/artifacts/release/plugins/advanced/commands/OMG:ralph-start.md +43 -0
- package/artifacts/release/plugins/advanced/commands/OMG:ralph-stop.md +23 -0
- package/artifacts/release/plugins/advanced/commands/OMG:security-review.md +16 -0
- package/artifacts/release/plugins/advanced/commands/OMG:sequential-thinking.md +20 -0
- package/artifacts/release/plugins/advanced/commands/OMG:ship.md +46 -0
- package/artifacts/release/plugins/advanced/plugin.json +87 -0
- package/artifacts/release/registry/bundles/algorithms.yaml +1 -1
- package/artifacts/release/registry/bundles/api-twin.yaml +1 -1
- package/artifacts/release/registry/bundles/claim-judge.yaml +49 -0
- package/artifacts/release/registry/bundles/control-plane.yaml +1 -1
- package/artifacts/release/registry/bundles/data-lineage.yaml +1 -1
- package/artifacts/release/registry/bundles/delta-classifier.yaml +1 -1
- package/artifacts/release/registry/bundles/eval-gate.yaml +1 -1
- package/artifacts/release/registry/bundles/health.yaml +1 -1
- package/artifacts/release/registry/bundles/hook-governor.yaml +1 -1
- package/artifacts/release/registry/bundles/incident-replay.yaml +1 -1
- package/artifacts/release/registry/bundles/lsp-pack.yaml +1 -1
- package/artifacts/release/registry/bundles/mcp-fabric.yaml +1 -1
- package/artifacts/release/registry/bundles/plan-council.yaml +51 -0
- package/artifacts/release/registry/bundles/preflight.yaml +1 -1
- package/artifacts/release/registry/bundles/proof-gate.yaml +49 -0
- package/artifacts/release/registry/bundles/remote-supervisor.yaml +1 -1
- package/artifacts/release/registry/bundles/robotics.yaml +1 -1
- package/artifacts/release/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/artifacts/release/registry/bundles/security-check.yaml +1 -1
- package/artifacts/release/registry/bundles/test-intent-lock.yaml +49 -0
- package/artifacts/release/registry/bundles/tracebank.yaml +1 -1
- package/artifacts/release/registry/bundles/vision.yaml +1 -1
- package/artifacts/release/registry/omg-capability.schema.json +1 -1
- package/artifacts/release/settings.json +7 -3
- package/build/lib/commands/OMG:forge.md +92 -0
- package/build/lib/commands/OMG:mode.md +13 -13
- package/build/lib/commands/OMG:session-branch.md +17 -1
- package/build/lib/commands/OMG:session-fork.md +5 -1
- package/build/lib/commands/OMG:session-merge.md +5 -1
- package/build/lib/control_plane/openapi.yaml +1 -1
- package/build/lib/control_plane/server.py +4 -0
- package/build/lib/control_plane/service.py +55 -0
- package/build/lib/hooks/setup_wizard.py +21 -1
- package/build/lib/hooks/shadow_manager.py +25 -2
- package/build/lib/hooks/state_migration.py +3 -0
- package/build/lib/plugins/README.md +1 -1
- package/build/lib/plugins/advanced/commands/OMG:deep-plan.md +2 -1
- package/build/lib/plugins/advanced/plugin.json +1 -1
- package/build/lib/plugins/core/plugin.json +1 -1
- package/build/lib/plugins/dephealth/cve_scanner.py +91 -0
- package/build/lib/plugins/dephealth/vuln_analyzer.py +7 -0
- package/build/lib/registry/bundles/algorithms.yaml +1 -1
- package/build/lib/registry/bundles/api-twin.yaml +1 -1
- package/build/lib/registry/bundles/claim-judge.yaml +1 -1
- package/build/lib/registry/bundles/control-plane.yaml +1 -1
- package/build/lib/registry/bundles/data-lineage.yaml +1 -1
- package/build/lib/registry/bundles/delta-classifier.yaml +1 -1
- package/build/lib/registry/bundles/eval-gate.yaml +1 -1
- package/build/lib/registry/bundles/health.yaml +1 -1
- package/build/lib/registry/bundles/hook-governor.yaml +1 -1
- package/build/lib/registry/bundles/incident-replay.yaml +1 -1
- package/build/lib/registry/bundles/lsp-pack.yaml +1 -1
- package/build/lib/registry/bundles/mcp-fabric.yaml +1 -1
- package/build/lib/registry/bundles/plan-council.yaml +2 -2
- package/build/lib/registry/bundles/preflight.yaml +1 -1
- package/build/lib/registry/bundles/proof-gate.yaml +1 -1
- package/build/lib/registry/bundles/remote-supervisor.yaml +1 -1
- package/build/lib/registry/bundles/robotics.yaml +1 -1
- package/build/lib/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/build/lib/registry/bundles/security-check.yaml +1 -1
- package/build/lib/registry/bundles/test-intent-lock.yaml +1 -1
- package/build/lib/registry/bundles/tracebank.yaml +1 -1
- package/build/lib/registry/bundles/vision.yaml +1 -1
- package/build/lib/registry/omg-capability.schema.json +84 -2
- package/build/lib/runtime/adoption.py +13 -5
- package/build/lib/runtime/api_twin.py +4 -4
- package/build/lib/runtime/artifact_parsers.py +161 -0
- package/build/lib/runtime/background_verification.py +48 -0
- package/build/lib/runtime/claim_judge.py +184 -7
- package/build/lib/runtime/contract_compiler.py +189 -9
- package/build/lib/runtime/ecosystem.py +1 -1
- package/build/lib/runtime/evidence_query.py +203 -0
- package/build/lib/runtime/mcp_memory_server.py +1 -1
- package/build/lib/runtime/omg_compat_contract_snapshot.json +2 -2
- package/build/lib/runtime/omg_contract_snapshot.json +2 -2
- package/build/lib/runtime/omg_mcp_server.py +19 -0
- package/build/lib/runtime/playwright_adapter.py +39 -0
- package/build/lib/runtime/proof_chain.py +136 -8
- package/build/lib/runtime/proof_gate.py +102 -0
- package/build/lib/runtime/providers/gemini_provider.py +7 -0
- package/build/lib/runtime/providers/kimi_provider.py +7 -0
- package/build/lib/runtime/repro_pack.py +292 -0
- package/build/lib/runtime/runtime_profile.py +87 -15
- package/build/lib/runtime/security_check.py +86 -3
- package/build/lib/runtime/test_intent_lock.py +47 -0
- package/build/lib/runtime/tracebank.py +33 -3
- package/build/lib/runtime/verification_loop.py +73 -0
- package/commands/OMG:forge.md +92 -0
- package/commands/OMG:mode.md +13 -13
- package/commands/OMG:session-branch.md +17 -1
- package/commands/OMG:session-fork.md +5 -1
- package/commands/OMG:session-merge.md +5 -1
- package/control_plane/openapi.yaml +1 -1
- package/control_plane/server.py +4 -0
- package/control_plane/service.py +55 -0
- package/dist/enterprise/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
- package/dist/enterprise/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
- package/dist/enterprise/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
- package/dist/enterprise/bundle/.agents/skills/omg/codex-rules.md +4 -0
- package/dist/enterprise/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
- package/dist/enterprise/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
- package/dist/enterprise/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
- package/dist/enterprise/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
- package/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
- package/dist/enterprise/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
- package/dist/enterprise/bundle/.claude-plugin/marketplace.json +3 -3
- package/dist/enterprise/bundle/.claude-plugin/plugin.json +1 -1
- package/dist/enterprise/bundle/.gemini/settings.json +11 -0
- package/dist/enterprise/bundle/.kimi/mcp.json +11 -0
- package/dist/enterprise/bundle/.mcp.json +0 -22
- package/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md +14 -1
- package/dist/enterprise/bundle/plugins/advanced/commands/OMG:deep-plan.md +51 -6
- package/dist/enterprise/bundle/plugins/advanced/commands/OMG:ship.md +1 -1
- package/dist/enterprise/bundle/plugins/advanced/plugin.json +1 -1
- package/dist/enterprise/bundle/registry/bundles/algorithms.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/api-twin.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/claim-judge.yaml +49 -0
- package/dist/enterprise/bundle/registry/bundles/control-plane.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/data-lineage.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/delta-classifier.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/eval-gate.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/health.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/hook-governor.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/incident-replay.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/lsp-pack.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/mcp-fabric.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/plan-council.yaml +51 -0
- package/dist/enterprise/bundle/registry/bundles/preflight.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/proof-gate.yaml +49 -0
- package/dist/enterprise/bundle/registry/bundles/remote-supervisor.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/robotics.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/security-check.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/test-intent-lock.yaml +49 -0
- package/dist/enterprise/bundle/registry/bundles/tracebank.yaml +1 -1
- package/dist/enterprise/bundle/registry/bundles/vision.yaml +1 -1
- package/dist/enterprise/bundle/registry/omg-capability.schema.json +84 -2
- package/dist/enterprise/bundle/settings.json +8 -3
- package/dist/enterprise/manifest.json +92 -30
- package/dist/public/bundle/.agents/skills/omg/AGENTS.fragment.md +7 -1
- package/dist/public/bundle/.agents/skills/omg/claim-judge/SKILL.md +11 -0
- package/dist/public/bundle/.agents/skills/omg/claim-judge/openai.yaml +13 -0
- package/dist/public/bundle/.agents/skills/omg/codex-rules.md +4 -0
- package/dist/public/bundle/.agents/skills/omg/incident-replay/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/incident-replay/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/lsp-pack/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/lsp-pack/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/mcp-fabric/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/mcp-fabric/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md +11 -0
- package/dist/public/bundle/.agents/skills/omg/plan-council/openai.yaml +12 -0
- package/dist/public/bundle/.agents/skills/omg/preflight/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/preflight/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/proof-gate/SKILL.md +11 -0
- package/dist/public/bundle/.agents/skills/omg/proof-gate/openai.yaml +13 -0
- package/dist/public/bundle/.agents/skills/omg/remote-supervisor/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/remote-supervisor/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/robotics/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/robotics/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/secure-worktree-pipeline/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/security-check/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/security-check/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/test-intent-lock/SKILL.md +11 -0
- package/dist/public/bundle/.agents/skills/omg/test-intent-lock/openai.yaml +13 -0
- package/dist/public/bundle/.agents/skills/omg/tracebank/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/tracebank/openai.yaml +1 -1
- package/dist/public/bundle/.agents/skills/omg/vision/SKILL.md +1 -1
- package/dist/public/bundle/.agents/skills/omg/vision/openai.yaml +1 -1
- package/dist/public/bundle/.claude-plugin/marketplace.json +3 -3
- package/dist/public/bundle/.claude-plugin/plugin.json +1 -1
- package/dist/public/bundle/.gemini/settings.json +11 -0
- package/dist/public/bundle/.kimi/mcp.json +11 -0
- package/dist/public/bundle/.mcp.json +0 -22
- package/dist/public/bundle/OMG_COMPAT_CONTRACT.md +14 -1
- package/dist/public/bundle/plugins/advanced/commands/OMG:deep-plan.md +51 -6
- package/dist/public/bundle/plugins/advanced/commands/OMG:ship.md +1 -1
- package/dist/public/bundle/plugins/advanced/plugin.json +1 -1
- package/dist/public/bundle/registry/bundles/algorithms.yaml +1 -1
- package/dist/public/bundle/registry/bundles/api-twin.yaml +1 -1
- package/dist/public/bundle/registry/bundles/claim-judge.yaml +49 -0
- package/dist/public/bundle/registry/bundles/control-plane.yaml +1 -1
- package/dist/public/bundle/registry/bundles/data-lineage.yaml +1 -1
- package/dist/public/bundle/registry/bundles/delta-classifier.yaml +1 -1
- package/dist/public/bundle/registry/bundles/eval-gate.yaml +1 -1
- package/dist/public/bundle/registry/bundles/health.yaml +1 -1
- package/dist/public/bundle/registry/bundles/hook-governor.yaml +1 -1
- package/dist/public/bundle/registry/bundles/incident-replay.yaml +1 -1
- package/dist/public/bundle/registry/bundles/lsp-pack.yaml +1 -1
- package/dist/public/bundle/registry/bundles/mcp-fabric.yaml +1 -1
- package/dist/public/bundle/registry/bundles/plan-council.yaml +51 -0
- package/dist/public/bundle/registry/bundles/preflight.yaml +1 -1
- package/dist/public/bundle/registry/bundles/proof-gate.yaml +49 -0
- package/dist/public/bundle/registry/bundles/remote-supervisor.yaml +1 -1
- package/dist/public/bundle/registry/bundles/robotics.yaml +1 -1
- package/dist/public/bundle/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/dist/public/bundle/registry/bundles/security-check.yaml +1 -1
- package/dist/public/bundle/registry/bundles/test-intent-lock.yaml +49 -0
- package/dist/public/bundle/registry/bundles/tracebank.yaml +1 -1
- package/dist/public/bundle/registry/bundles/vision.yaml +1 -1
- package/dist/public/bundle/registry/omg-capability.schema.json +84 -2
- package/dist/public/bundle/settings.json +9 -4
- package/dist/public/manifest.json +112 -50
- package/docs/proof.md +7 -6
- package/hooks/setup_wizard.py +21 -1
- package/hooks/shadow_manager.py +25 -2
- package/hooks/state_migration.py +3 -0
- package/hud/omg-hud.mjs +66 -3
- package/package.json +1 -1
- package/plugins/README.md +1 -1
- package/plugins/advanced/commands/OMG:deep-plan.md +2 -1
- package/plugins/advanced/plugin.json +1 -1
- package/plugins/core/plugin.json +1 -1
- package/plugins/dephealth/cve_scanner.py +91 -0
- package/plugins/dephealth/vuln_analyzer.py +7 -0
- package/pyproject.toml +5 -1
- package/registry/bundles/algorithms.yaml +1 -1
- package/registry/bundles/api-twin.yaml +1 -1
- package/registry/bundles/claim-judge.yaml +1 -1
- package/registry/bundles/control-plane.yaml +1 -1
- package/registry/bundles/data-lineage.yaml +1 -1
- package/registry/bundles/delta-classifier.yaml +1 -1
- package/registry/bundles/eval-gate.yaml +1 -1
- package/registry/bundles/health.yaml +1 -1
- package/registry/bundles/hook-governor.yaml +1 -1
- package/registry/bundles/incident-replay.yaml +1 -1
- package/registry/bundles/lsp-pack.yaml +1 -1
- package/registry/bundles/mcp-fabric.yaml +1 -1
- package/registry/bundles/plan-council.yaml +2 -2
- package/registry/bundles/preflight.yaml +1 -1
- package/registry/bundles/proof-gate.yaml +1 -1
- package/registry/bundles/remote-supervisor.yaml +1 -1
- package/registry/bundles/robotics.yaml +1 -1
- package/registry/bundles/secure-worktree-pipeline.yaml +1 -1
- package/registry/bundles/security-check.yaml +1 -1
- package/registry/bundles/test-intent-lock.yaml +1 -1
- package/registry/bundles/tracebank.yaml +1 -1
- package/registry/bundles/vision.yaml +1 -1
- package/registry/omg-capability.schema.json +84 -2
- package/runtime/adoption.py +13 -5
- package/runtime/api_twin.py +4 -4
- package/runtime/artifact_parsers.py +161 -0
- package/runtime/background_verification.py +48 -0
- package/runtime/claim_judge.py +184 -7
- package/runtime/contract_compiler.py +189 -9
- package/runtime/ecosystem.py +1 -1
- package/runtime/evidence_query.py +203 -0
- package/runtime/mcp_memory_server.py +1 -1
- package/runtime/omg_compat_contract_snapshot.json +2 -2
- package/runtime/omg_contract_snapshot.json +2 -2
- package/runtime/omg_mcp_server.py +19 -0
- package/runtime/playwright_adapter.py +39 -0
- package/runtime/proof_chain.py +136 -8
- package/runtime/proof_gate.py +102 -0
- package/runtime/providers/gemini_provider.py +7 -0
- package/runtime/providers/kimi_provider.py +7 -0
- package/runtime/repro_pack.py +292 -0
- package/runtime/runtime_profile.py +87 -15
- package/runtime/security_check.py +86 -3
- package/runtime/test_intent_lock.py +47 -0
- package/runtime/tracebank.py +33 -3
- package/runtime/verification_loop.py +73 -0
- package/scripts/omg.py +31 -4
- package/settings.json +8 -3
- package/tools/python_sandbox.py +9 -6
- package/tools/session_snapshot.py +146 -40
|
@@ -2,31 +2,93 @@
|
|
|
2
2
|
from __future__ import annotations
|
|
3
3
|
|
|
4
4
|
from pathlib import Path
|
|
5
|
-
from typing import
|
|
5
|
+
from typing import TypedDict, cast
|
|
6
6
|
|
|
7
7
|
import yaml
|
|
8
8
|
|
|
9
|
+
from .adoption import CANONICAL_MODE_NAMES
|
|
9
10
|
|
|
10
|
-
|
|
11
|
+
|
|
12
|
+
class RuntimeProfile(TypedDict):
|
|
13
|
+
profile: str
|
|
14
|
+
max_workers: int
|
|
15
|
+
background_polling: bool
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
class CanonicalModeProfile(TypedDict):
|
|
19
|
+
concurrency: int
|
|
20
|
+
background_verification: bool
|
|
21
|
+
context_window: str
|
|
22
|
+
noise_level: str
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
PROFILE_PRESETS: dict[str, RuntimeProfile] = {
|
|
11
26
|
"eco": {"profile": "eco", "max_workers": 2, "background_polling": False},
|
|
12
27
|
"balanced": {"profile": "balanced", "max_workers": 3, "background_polling": False},
|
|
13
28
|
"turbo": {"profile": "turbo", "max_workers": 5, "background_polling": True},
|
|
14
29
|
}
|
|
15
30
|
|
|
31
|
+
RUNTIME_CONCURRENCY_PROFILE_NAMES = tuple(PROFILE_PRESETS.keys())
|
|
32
|
+
RESERVED_CANONICAL_MODE_NAMES = CANONICAL_MODE_NAMES
|
|
33
|
+
|
|
34
|
+
_CANONICAL_MODE_PROFILES: dict[str, CanonicalModeProfile] = {
|
|
35
|
+
"chill": {
|
|
36
|
+
"concurrency": 1,
|
|
37
|
+
"background_verification": False,
|
|
38
|
+
"context_window": "minimal",
|
|
39
|
+
"noise_level": "quiet",
|
|
40
|
+
},
|
|
41
|
+
"focused": {
|
|
42
|
+
"concurrency": 2,
|
|
43
|
+
"background_verification": False,
|
|
44
|
+
"context_window": "standard",
|
|
45
|
+
"noise_level": "normal",
|
|
46
|
+
},
|
|
47
|
+
"exploratory": {
|
|
48
|
+
"concurrency": 4,
|
|
49
|
+
"background_verification": True,
|
|
50
|
+
"context_window": "extended",
|
|
51
|
+
"noise_level": "verbose",
|
|
52
|
+
},
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
def load_canonical_mode_profile(mode: str) -> dict[str, object]:
|
|
57
|
+
normalized_mode = mode.strip().lower()
|
|
58
|
+
profile = _CANONICAL_MODE_PROFILES.get(normalized_mode)
|
|
59
|
+
if profile is None:
|
|
60
|
+
raise ValueError(
|
|
61
|
+
f"Unknown canonical mode: {mode!r}. Valid: chill, focused, exploratory"
|
|
62
|
+
)
|
|
63
|
+
return dict(profile)
|
|
16
64
|
|
|
17
|
-
|
|
65
|
+
|
|
66
|
+
def load_runtime_profile(project_dir: str) -> RuntimeProfile:
|
|
18
67
|
runtime_path = Path(project_dir) / ".omg" / "runtime.yaml"
|
|
19
68
|
profile_name = "balanced"
|
|
20
69
|
if runtime_path.exists():
|
|
21
70
|
try:
|
|
22
|
-
|
|
71
|
+
raw_payload: object = yaml.safe_load(runtime_path.read_text(encoding="utf-8")) or {}
|
|
23
72
|
except Exception:
|
|
24
|
-
|
|
25
|
-
if isinstance(
|
|
26
|
-
|
|
27
|
-
|
|
73
|
+
raw_payload = {}
|
|
74
|
+
if isinstance(raw_payload, dict):
|
|
75
|
+
payload_map = cast(dict[object, object], raw_payload)
|
|
76
|
+
payload: dict[str, object] = {}
|
|
77
|
+
for key, value in payload_map.items():
|
|
78
|
+
if isinstance(key, str):
|
|
79
|
+
payload[key] = value
|
|
80
|
+
candidate_obj = payload.get("profile", profile_name)
|
|
81
|
+
candidate = candidate_obj.strip() if isinstance(candidate_obj, str) else profile_name
|
|
82
|
+
if candidate in RUNTIME_CONCURRENCY_PROFILE_NAMES:
|
|
28
83
|
profile_name = candidate
|
|
29
|
-
|
|
84
|
+
|
|
85
|
+
preset = PROFILE_PRESETS[profile_name]
|
|
86
|
+
result: RuntimeProfile = {
|
|
87
|
+
"profile": preset["profile"],
|
|
88
|
+
"max_workers": preset["max_workers"],
|
|
89
|
+
"background_polling": preset["background_polling"],
|
|
90
|
+
}
|
|
91
|
+
return result
|
|
30
92
|
|
|
31
93
|
|
|
32
94
|
def resolve_parallel_workers(project_dir: str, *, requested_workers: int) -> int:
|
|
@@ -43,19 +105,29 @@ def _load_cli_parallel_cap(project_dir: str) -> int | None:
|
|
|
43
105
|
if not config_path.exists():
|
|
44
106
|
return None
|
|
45
107
|
try:
|
|
46
|
-
|
|
108
|
+
raw_payload: object = yaml.safe_load(config_path.read_text(encoding="utf-8")) or {}
|
|
47
109
|
except Exception:
|
|
48
110
|
return None
|
|
49
|
-
if not isinstance(
|
|
111
|
+
if not isinstance(raw_payload, dict):
|
|
50
112
|
return None
|
|
51
|
-
|
|
52
|
-
|
|
113
|
+
|
|
114
|
+
payload_map = cast(dict[object, object], raw_payload)
|
|
115
|
+
payload: dict[str, object] = {}
|
|
116
|
+
for key, value in payload_map.items():
|
|
117
|
+
if isinstance(key, str):
|
|
118
|
+
payload[key] = value
|
|
119
|
+
|
|
120
|
+
cli_configs_obj = payload.get("cli_configs")
|
|
121
|
+
if not isinstance(cli_configs_obj, dict):
|
|
53
122
|
return None
|
|
54
|
-
|
|
123
|
+
|
|
124
|
+
cli_configs = cast(dict[object, object], cli_configs_obj)
|
|
125
|
+
caps: list[int] = []
|
|
55
126
|
for config in cli_configs.values():
|
|
56
127
|
if not isinstance(config, dict):
|
|
57
128
|
continue
|
|
58
|
-
|
|
129
|
+
config_map = cast(dict[object, object], config)
|
|
130
|
+
value = config_map.get("max_parallel_agents")
|
|
59
131
|
if isinstance(value, int) and value > 0:
|
|
60
132
|
caps.append(value)
|
|
61
133
|
return min(caps) if caps else None
|
|
@@ -8,6 +8,7 @@ from hashlib import sha256
|
|
|
8
8
|
import json
|
|
9
9
|
from pathlib import Path
|
|
10
10
|
import re
|
|
11
|
+
import shutil
|
|
11
12
|
import subprocess
|
|
12
13
|
from typing import Any
|
|
13
14
|
|
|
@@ -128,6 +129,8 @@ def run_security_check(
|
|
|
128
129
|
"severity": finding.get("severity"),
|
|
129
130
|
"exploitability": finding.get("exploitability", "unknown"),
|
|
130
131
|
"reachability": finding.get("reachability", "unknown"),
|
|
132
|
+
"kev_listed": finding.get("kev_listed", False),
|
|
133
|
+
"epss_score": finding.get("epss_score"),
|
|
131
134
|
"waived": bool(finding.get("waived")),
|
|
132
135
|
"waiver_justification": finding.get("waiver_justification", ""),
|
|
133
136
|
"message": finding.get("message", ""),
|
|
@@ -267,9 +270,89 @@ def _scan_python_ast(scope_path: Path) -> list[dict[str, Any]]:
|
|
|
267
270
|
continue
|
|
268
271
|
findings.extend(_scan_python_file(py_file, source))
|
|
269
272
|
findings.extend(_run_bandit_if_available(scope_path))
|
|
273
|
+
findings.extend(_scan_semgrep(scope_path))
|
|
270
274
|
return findings
|
|
271
275
|
|
|
272
276
|
|
|
277
|
+
def run_semgrep_scan(project_dir: str, rules: str = "auto") -> dict[str, Any]:
|
|
278
|
+
unavailable = {"status": "unavailable", "findings": [], "error": "semgrep not found"}
|
|
279
|
+
if shutil.which("semgrep") is None:
|
|
280
|
+
return unavailable
|
|
281
|
+
|
|
282
|
+
cmd = ["semgrep", "--json", "--config", rules, project_dir]
|
|
283
|
+
try:
|
|
284
|
+
proc = subprocess.run(cmd, capture_output=True, text=True, check=False, timeout=60)
|
|
285
|
+
except Exception:
|
|
286
|
+
return unavailable
|
|
287
|
+
|
|
288
|
+
if proc.returncode not in {0, 1}:
|
|
289
|
+
return unavailable
|
|
290
|
+
|
|
291
|
+
try:
|
|
292
|
+
payload = json.loads(proc.stdout or "{}")
|
|
293
|
+
except Exception:
|
|
294
|
+
return unavailable
|
|
295
|
+
|
|
296
|
+
findings: list[dict[str, Any]] = []
|
|
297
|
+
for item in payload.get("results", []):
|
|
298
|
+
extra = item.get("extra") if isinstance(item.get("extra"), dict) else {}
|
|
299
|
+
start = item.get("start") if isinstance(item.get("start"), dict) else {}
|
|
300
|
+
findings.append(
|
|
301
|
+
{
|
|
302
|
+
"severity": _normalize_semgrep_severity(str(extra.get("severity", "WARNING"))),
|
|
303
|
+
"rule": str(item.get("check_id", "semgrep")),
|
|
304
|
+
"path": str(item.get("path", "")),
|
|
305
|
+
"line": _safe_int(start.get("line", 1), default=1),
|
|
306
|
+
"message": str(extra.get("message", "Semgrep finding")),
|
|
307
|
+
}
|
|
308
|
+
)
|
|
309
|
+
return {"status": "ok", "findings": findings, "error": ""}
|
|
310
|
+
|
|
311
|
+
|
|
312
|
+
def _normalize_semgrep_severity(raw: str) -> str:
|
|
313
|
+
lowered = raw.lower()
|
|
314
|
+
if lowered in {"error", "critical"}:
|
|
315
|
+
return "high"
|
|
316
|
+
if lowered in {"warning", "warn"}:
|
|
317
|
+
return "medium"
|
|
318
|
+
if lowered in {"info", "note", "low"}:
|
|
319
|
+
return "low"
|
|
320
|
+
return _normalize_severity(lowered)
|
|
321
|
+
|
|
322
|
+
|
|
323
|
+
def _scan_semgrep(scope_path: Path) -> list[dict[str, Any]]:
|
|
324
|
+
result = run_semgrep_scan(str(scope_path))
|
|
325
|
+
if result.get("status") != "ok":
|
|
326
|
+
return []
|
|
327
|
+
|
|
328
|
+
findings: list[dict[str, Any]] = []
|
|
329
|
+
for item in result.get("findings", []):
|
|
330
|
+
if not isinstance(item, dict):
|
|
331
|
+
continue
|
|
332
|
+
file_path = Path(str(item.get("path", "")))
|
|
333
|
+
findings.append(
|
|
334
|
+
_finding(
|
|
335
|
+
rule_id=str(item.get("rule", "semgrep")),
|
|
336
|
+
source_name="semgrep-ce",
|
|
337
|
+
category="python_ast",
|
|
338
|
+
severity=_normalize_severity(str(item.get("severity", "medium"))),
|
|
339
|
+
path=file_path,
|
|
340
|
+
line=_safe_int(item.get("line", 1), default=1),
|
|
341
|
+
message=str(item.get("message", "Semgrep finding")),
|
|
342
|
+
recommendation="Review Semgrep finding and apply the suggested remediation.",
|
|
343
|
+
snippet="",
|
|
344
|
+
)
|
|
345
|
+
)
|
|
346
|
+
return findings
|
|
347
|
+
|
|
348
|
+
|
|
349
|
+
def _safe_int(value: Any, *, default: int) -> int:
|
|
350
|
+
try:
|
|
351
|
+
return int(value)
|
|
352
|
+
except (TypeError, ValueError):
|
|
353
|
+
return default
|
|
354
|
+
|
|
355
|
+
|
|
273
356
|
def _scan_secret_patterns(scope_path: Path) -> list[dict[str, Any]]:
|
|
274
357
|
findings: list[dict[str, Any]] = []
|
|
275
358
|
for candidate in _iter_text_candidates(scope_path):
|
|
@@ -488,9 +571,7 @@ def _run_bandit_if_available(scope_path: Path) -> list[dict[str, Any]]:
|
|
|
488
571
|
|
|
489
572
|
|
|
490
573
|
def _command_exists(command: str) -> bool:
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
return which(command) is not None
|
|
574
|
+
return shutil.which(command) is not None
|
|
494
575
|
|
|
495
576
|
|
|
496
577
|
def _scan_dependency_health(scope_path: Path, include_live_enrichment: bool) -> list[dict[str, Any]]:
|
|
@@ -530,6 +611,8 @@ def _scan_dependency_health(scope_path: Path, include_live_enrichment: bool) ->
|
|
|
530
611
|
"severity": _normalize_severity(str(vuln.get("severity", "unknown"))),
|
|
531
612
|
"exploitability": _risk_to_exploitability(str(reachability.get("risk_level", ""))),
|
|
532
613
|
"reachability": _normalize_reachability(str(reachability.get("reachability", "unknown"))),
|
|
614
|
+
"kev_listed": reachability.get("kev_listed", False),
|
|
615
|
+
"epss_score": reachability.get("epss_score"),
|
|
533
616
|
"evidence": {
|
|
534
617
|
"package": package_name,
|
|
535
618
|
"version": dependency["version"],
|
|
@@ -1,6 +1,47 @@
|
|
|
1
1
|
from __future__ import annotations
|
|
2
2
|
|
|
3
|
+
import json
|
|
4
|
+
from pathlib import Path
|
|
3
5
|
from typing import Any
|
|
6
|
+
from uuid import uuid4
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
def lock_intent(project_dir: str, intent: dict[str, Any]) -> dict[str, Any]:
|
|
10
|
+
lock_id = str(uuid4())
|
|
11
|
+
lock_dir = Path(project_dir) / ".omg" / "state" / "test-intent-lock"
|
|
12
|
+
lock_dir.mkdir(parents=True, exist_ok=True)
|
|
13
|
+
|
|
14
|
+
lock_path = lock_dir / f"{lock_id}.json"
|
|
15
|
+
payload = {"schema": "TestIntentLock", "lock_id": lock_id, "intent": intent}
|
|
16
|
+
lock_path.write_text(json.dumps(payload, indent=2, sort_keys=True), encoding="utf-8")
|
|
17
|
+
|
|
18
|
+
return {"lock_id": lock_id, "status": "locked", "path": str(lock_path)}
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
def verify_intent(project_dir: str, lock_id: str, results: dict[str, Any]) -> dict[str, Any]:
|
|
22
|
+
lock_path = Path(project_dir) / ".omg" / "state" / "test-intent-lock" / f"{lock_id}.json"
|
|
23
|
+
if not lock_path.exists():
|
|
24
|
+
return {"status": "missing_lock", "lock_id": lock_id, "reasons": ["missing lock state"]}
|
|
25
|
+
|
|
26
|
+
try:
|
|
27
|
+
payload = json.loads(lock_path.read_text(encoding="utf-8"))
|
|
28
|
+
except (OSError, json.JSONDecodeError):
|
|
29
|
+
return {"status": "missing_lock", "lock_id": lock_id, "reasons": ["missing lock state"]}
|
|
30
|
+
|
|
31
|
+
intent = payload.get("intent") if isinstance(payload, dict) else {}
|
|
32
|
+
intent_tests = _normalize_string_list(intent.get("tests") if isinstance(intent, dict) else None)
|
|
33
|
+
result_tests = _normalize_string_list(results.get("tests"))
|
|
34
|
+
weakened_assertions = results.get("weakened_assertions")
|
|
35
|
+
|
|
36
|
+
reasons: list[str] = []
|
|
37
|
+
if isinstance(weakened_assertions, list) and weakened_assertions:
|
|
38
|
+
reasons.append("weakened_assertions_present")
|
|
39
|
+
|
|
40
|
+
if result_tests != intent_tests:
|
|
41
|
+
reasons.append("tests_mismatch")
|
|
42
|
+
|
|
43
|
+
status = "ok" if not reasons else "fail"
|
|
44
|
+
return {"status": status, "lock_id": lock_id, "reasons": reasons}
|
|
4
45
|
|
|
5
46
|
|
|
6
47
|
def evaluate_test_delta(delta: dict[str, Any]) -> dict[str, Any]:
|
|
@@ -89,3 +130,9 @@ def _normalize_tests(value: Any) -> list[dict[str, Any]]:
|
|
|
89
130
|
}
|
|
90
131
|
)
|
|
91
132
|
return tests
|
|
133
|
+
|
|
134
|
+
|
|
135
|
+
def _normalize_string_list(value: Any) -> list[str]:
|
|
136
|
+
if not isinstance(value, list):
|
|
137
|
+
return []
|
|
138
|
+
return [str(item).strip() for item in value if str(item).strip()]
|
package/runtime/tracebank.py
CHANGED
|
@@ -40,6 +40,7 @@ def record_trace(
|
|
|
40
40
|
trace_type: str,
|
|
41
41
|
route: str,
|
|
42
42
|
status: str,
|
|
43
|
+
schema_version: int | None = None,
|
|
43
44
|
plan: dict[str, Any] | None = None,
|
|
44
45
|
patch: dict[str, Any] | None = None,
|
|
45
46
|
verify: dict[str, Any] | None = None,
|
|
@@ -49,7 +50,7 @@ def record_trace(
|
|
|
49
50
|
) -> dict[str, Any]:
|
|
50
51
|
trace_id = f"trace-{uuid4().hex}"
|
|
51
52
|
timestamp = _now()
|
|
52
|
-
record = {
|
|
53
|
+
record: dict[str, Any] = {
|
|
53
54
|
"schema": "TracebankRecord",
|
|
54
55
|
"trace_id": trace_id,
|
|
55
56
|
"timestamp": timestamp,
|
|
@@ -66,6 +67,10 @@ def record_trace(
|
|
|
66
67
|
"rejections": rejections or [],
|
|
67
68
|
"metadata": metadata or {},
|
|
68
69
|
}
|
|
70
|
+
if schema_version is not None:
|
|
71
|
+
record["schema_version"] = schema_version
|
|
72
|
+
elif isinstance(metadata, dict) and metadata.get("schema_version") is not None:
|
|
73
|
+
record["schema_version"] = metadata.get("schema_version")
|
|
69
74
|
|
|
70
75
|
path = Path(project_dir) / TRACEBANK_REL_PATH
|
|
71
76
|
path.parent.mkdir(parents=True, exist_ok=True)
|
|
@@ -73,11 +78,34 @@ def record_trace(
|
|
|
73
78
|
_ = handle.write(json.dumps(record, ensure_ascii=True) + "\n")
|
|
74
79
|
|
|
75
80
|
record["path"] = TRACEBANK_REL_PATH.as_posix()
|
|
81
|
+
|
|
82
|
+
verification_status = (metadata or {}).get("verification_status")
|
|
83
|
+
if verification_status:
|
|
84
|
+
try:
|
|
85
|
+
from runtime.background_verification import publish_verification_state
|
|
86
|
+
|
|
87
|
+
publish_verification_state(
|
|
88
|
+
project_dir=project_dir,
|
|
89
|
+
run_id=trace_id,
|
|
90
|
+
status=str(verification_status),
|
|
91
|
+
blockers=(metadata or {}).get("verification_blockers", []),
|
|
92
|
+
evidence_links=(metadata or {}).get("verification_evidence_links", []),
|
|
93
|
+
progress=(metadata or {}).get("verification_progress", {}),
|
|
94
|
+
)
|
|
95
|
+
except Exception:
|
|
96
|
+
pass
|
|
97
|
+
|
|
76
98
|
return record
|
|
77
99
|
|
|
78
100
|
|
|
79
|
-
def link_evidence(
|
|
80
|
-
|
|
101
|
+
def link_evidence(
|
|
102
|
+
project_dir: str,
|
|
103
|
+
*,
|
|
104
|
+
trace_id: str,
|
|
105
|
+
evidence_path: str,
|
|
106
|
+
schema_version: int | None = None,
|
|
107
|
+
) -> dict[str, Any]:
|
|
108
|
+
link: dict[str, Any] = {
|
|
81
109
|
"schema": "TraceEvidenceLink",
|
|
82
110
|
"trace_id": trace_id,
|
|
83
111
|
"evidence_path": evidence_path,
|
|
@@ -85,6 +113,8 @@ def link_evidence(project_dir: str, *, trace_id: str, evidence_path: str) -> dic
|
|
|
85
113
|
"executor": _executor(),
|
|
86
114
|
"environment": _environment(),
|
|
87
115
|
}
|
|
116
|
+
if schema_version is not None:
|
|
117
|
+
link["schema_version"] = schema_version
|
|
88
118
|
|
|
89
119
|
path = Path(project_dir) / TRACEBANK_EVIDENCE_LINKS_REL_PATH
|
|
90
120
|
path.parent.mkdir(parents=True, exist_ok=True)
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
from __future__ import annotations
|
|
2
|
+
|
|
3
|
+
from collections.abc import Mapping
|
|
4
|
+
from typing import cast
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
def _as_int(value: object, default: int) -> int:
|
|
8
|
+
if isinstance(value, bool):
|
|
9
|
+
return int(value)
|
|
10
|
+
if isinstance(value, int):
|
|
11
|
+
return value
|
|
12
|
+
if isinstance(value, float):
|
|
13
|
+
return int(value)
|
|
14
|
+
if isinstance(value, str):
|
|
15
|
+
try:
|
|
16
|
+
return int(value)
|
|
17
|
+
except ValueError:
|
|
18
|
+
return default
|
|
19
|
+
return default
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
def _as_string_list(value: object) -> list[str]:
|
|
23
|
+
if not isinstance(value, list):
|
|
24
|
+
return []
|
|
25
|
+
items = cast(list[object], value)
|
|
26
|
+
return [str(item) for item in items]
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
def build_loop_policy(
|
|
30
|
+
host: str,
|
|
31
|
+
max_iterations: int,
|
|
32
|
+
timeout_minutes: int,
|
|
33
|
+
read_only_default: bool = True,
|
|
34
|
+
) -> dict[str, object]:
|
|
35
|
+
return {
|
|
36
|
+
"host": host,
|
|
37
|
+
"max_iterations": max_iterations,
|
|
38
|
+
"timeout_minutes": timeout_minutes,
|
|
39
|
+
"read_only_default": read_only_default,
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
def should_continue_loop(state: Mapping[str, object]) -> dict[str, object]:
|
|
44
|
+
iteration = _as_int(state.get("iteration", 0), 0)
|
|
45
|
+
max_iterations = _as_int(state.get("max_iterations", 0), 0)
|
|
46
|
+
status = str(state.get("status", ""))
|
|
47
|
+
|
|
48
|
+
if iteration >= max_iterations:
|
|
49
|
+
return {"continue": False, "reason": "max_iterations_reached"}
|
|
50
|
+
if status == "ok":
|
|
51
|
+
return {"continue": False, "reason": "status_ok"}
|
|
52
|
+
return {"continue": True, "reason": "within_budget"}
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
def summarize_next_step(state: Mapping[str, object]) -> dict[str, object]:
|
|
56
|
+
status = str(state.get("status", ""))
|
|
57
|
+
blockers = _as_string_list(state.get("blockers"))
|
|
58
|
+
evidence_links = _as_string_list(state.get("evidence_links"))
|
|
59
|
+
|
|
60
|
+
if blockers:
|
|
61
|
+
next_action = f"resolve blockers: {', '.join(blockers)}"
|
|
62
|
+
elif status in {"error", "blocked"}:
|
|
63
|
+
next_action = "verify evidence links and remediate verification errors"
|
|
64
|
+
elif evidence_links:
|
|
65
|
+
next_action = "verify evidence links"
|
|
66
|
+
else:
|
|
67
|
+
next_action = "collect verification evidence links"
|
|
68
|
+
|
|
69
|
+
return {
|
|
70
|
+
"next_action": next_action,
|
|
71
|
+
"evidence_links": evidence_links,
|
|
72
|
+
"blockers": blockers,
|
|
73
|
+
}
|
package/scripts/omg.py
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
|
-
"""OMG 2.0.
|
|
2
|
+
"""OMG 2.0.8 CLI entrypoint.
|
|
3
3
|
|
|
4
4
|
Implements practical command-line flows for:
|
|
5
5
|
- omg ship
|
|
@@ -10,6 +10,7 @@ Implements practical command-line flows for:
|
|
|
10
10
|
- omg trust review
|
|
11
11
|
- omg runtime dispatch
|
|
12
12
|
- omg lab train / omg lab eval
|
|
13
|
+
- omg forge run
|
|
13
14
|
"""
|
|
14
15
|
from __future__ import annotations
|
|
15
16
|
|
|
@@ -57,7 +58,7 @@ from runtime.compat import (
|
|
|
57
58
|
list_compat_skills,
|
|
58
59
|
run_doctor,
|
|
59
60
|
)
|
|
60
|
-
from runtime.adoption import CANONICAL_VERSION
|
|
61
|
+
from runtime.adoption import CANONICAL_VERSION, VALID_PRESETS
|
|
61
62
|
from runtime.ecosystem import ecosystem_status, list_ecosystem_repos, sync_ecosystem_repos
|
|
62
63
|
from runtime.team_router import TeamDispatchRequest, dispatch_team, execute_ccg_mode, execute_crazy_mode
|
|
63
64
|
|
|
@@ -409,6 +410,22 @@ def cmd_lab_eval(args: argparse.Namespace) -> int:
|
|
|
409
410
|
return 0 if out.get("status") == "published" else 2
|
|
410
411
|
|
|
411
412
|
|
|
413
|
+
def cmd_forge_run(args: argparse.Namespace) -> int:
|
|
414
|
+
preset = args.preset
|
|
415
|
+
if preset != "labs":
|
|
416
|
+
print(
|
|
417
|
+
json.dumps(
|
|
418
|
+
{"status": "error", "message": f"forge requires labs preset, got: {preset}"},
|
|
419
|
+
indent=2,
|
|
420
|
+
)
|
|
421
|
+
)
|
|
422
|
+
return 2
|
|
423
|
+
job = json.loads(args.job_json) if args.job_json else _load_json(args.job)
|
|
424
|
+
result = run_pipeline(job)
|
|
425
|
+
print(json.dumps(result, indent=2))
|
|
426
|
+
return 0 if result.get("status") in {"ready", "failed_evaluation"} else 2
|
|
427
|
+
|
|
428
|
+
|
|
412
429
|
def cmd_teams(args: argparse.Namespace) -> int:
|
|
413
430
|
files = [f.strip() for f in args.files.split(",") if f.strip()] if args.files else []
|
|
414
431
|
req = TeamDispatchRequest(
|
|
@@ -633,12 +650,14 @@ def _add_contract_subcommands(parent: argparse.ArgumentParser, *, dest: str) ->
|
|
|
633
650
|
contract_validate = contract_sub.add_parser("validate", help="Validate contract doc, schema, and bundle registry")
|
|
634
651
|
contract_validate.set_defaults(func=cmd_contract_validate)
|
|
635
652
|
|
|
636
|
-
contract_compile = contract_sub.add_parser(
|
|
653
|
+
contract_compile = contract_sub.add_parser(
|
|
654
|
+
"compile", help="Compile host artifacts from the canonical contract"
|
|
655
|
+
)
|
|
637
656
|
contract_compile.add_argument(
|
|
638
657
|
"--host",
|
|
639
658
|
dest="hosts",
|
|
640
659
|
action="append",
|
|
641
|
-
choices=["claude", "codex"],
|
|
660
|
+
choices=["claude", "codex", "gemini", "kimi"],
|
|
642
661
|
required=True,
|
|
643
662
|
help="Host to compile (repeat for multiple hosts)",
|
|
644
663
|
)
|
|
@@ -816,6 +835,14 @@ def build_parser() -> argparse.ArgumentParser:
|
|
|
816
835
|
lab_eval.add_argument("--result-json", default="", help="Inline result json")
|
|
817
836
|
lab_eval.set_defaults(func=cmd_lab_eval)
|
|
818
837
|
|
|
838
|
+
forge = sub.add_parser("forge", help="Labs-only domain-model prototyping and evaluation")
|
|
839
|
+
forge_sub = forge.add_subparsers(dest="forge_command", required=True)
|
|
840
|
+
forge_run = forge_sub.add_parser("run", help="Run a forge job through the lab pipeline")
|
|
841
|
+
forge_run.add_argument("--job", default="", help="Path to job json")
|
|
842
|
+
forge_run.add_argument("--job-json", default="", help="Inline job json")
|
|
843
|
+
forge_run.add_argument("--preset", default="labs", choices=list(VALID_PRESETS), help="Adoption preset (must be labs)")
|
|
844
|
+
forge_run.set_defaults(func=cmd_forge_run)
|
|
845
|
+
|
|
819
846
|
teams = sub.add_parser("teams", help="Internal OMG team routing")
|
|
820
847
|
teams.add_argument("--target", default="auto", choices=["auto", "codex", "gemini", "ccg"])
|
|
821
848
|
teams.add_argument("--problem", required=True)
|
package/settings.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://json.schemastore.org/claude-code-settings.json",
|
|
3
|
-
"_comment": "OMG 2.0.
|
|
3
|
+
"_comment": "OMG 2.0.9 - project-level config with hook registrations, presets, and feature flags.",
|
|
4
4
|
"permissions": {
|
|
5
5
|
"allow": [
|
|
6
6
|
"Agent",
|
|
@@ -306,8 +306,9 @@
|
|
|
306
306
|
]
|
|
307
307
|
},
|
|
308
308
|
"_omg": {
|
|
309
|
-
"_version": "2.0.
|
|
309
|
+
"_version": "2.0.9",
|
|
310
310
|
"preset": "safe",
|
|
311
|
+
"omgMode": "focused",
|
|
311
312
|
"default_mode": "ulw+ralph",
|
|
312
313
|
"vision_auto": true,
|
|
313
314
|
"false_fix_detection": true,
|
|
@@ -359,10 +360,14 @@
|
|
|
359
360
|
"CONTEXT_MANAGER": false
|
|
360
361
|
},
|
|
361
362
|
"generated": {
|
|
362
|
-
"contract_version": "2.0.
|
|
363
|
+
"contract_version": "2.0.9",
|
|
363
364
|
"channel": "enterprise",
|
|
364
365
|
"required_bundles": [
|
|
365
366
|
"control-plane",
|
|
367
|
+
"plan-council",
|
|
368
|
+
"claim-judge",
|
|
369
|
+
"test-intent-lock",
|
|
370
|
+
"proof-gate",
|
|
366
371
|
"hook-governor",
|
|
367
372
|
"mcp-fabric",
|
|
368
373
|
"lsp-pack",
|
package/tools/python_sandbox.py
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
|
-
"""
|
|
3
|
-
Security Sandbox for OMG Python REPL
|
|
2
|
+
"""Security Sandbox for OMG Python REPL (REPL-only).
|
|
4
3
|
|
|
5
4
|
Provides a restricted execution environment that blocks dangerous operations:
|
|
6
5
|
- Dangerous imports (subprocess, socket, ctypes, etc.)
|
|
@@ -11,6 +10,10 @@ Provides a restricted execution environment that blocks dangerous operations:
|
|
|
11
10
|
|
|
12
11
|
Feature flag: OMG_REPL_SANDBOX_ENABLED (default: False)
|
|
13
12
|
|
|
13
|
+
This module is the concrete REPL-only sandbox implementation. Broader sandbox
|
|
14
|
+
policy is mediated by hook-level controls in hooks/firewall.py and
|
|
15
|
+
hooks/secret-guard.py.
|
|
16
|
+
|
|
14
17
|
Usage:
|
|
15
18
|
from tools.python_sandbox import execute_sandboxed, is_safe_code, create_sandbox
|
|
16
19
|
|
|
@@ -67,7 +70,7 @@ def _is_sandbox_enabled() -> bool:
|
|
|
67
70
|
|
|
68
71
|
# --- Blocked imports configuration ---
|
|
69
72
|
|
|
70
|
-
_DEFAULT_BLOCKED_IMPORTS: frozenset = frozenset({
|
|
73
|
+
_DEFAULT_BLOCKED_IMPORTS: frozenset[str] = frozenset({
|
|
71
74
|
"subprocess",
|
|
72
75
|
"socket",
|
|
73
76
|
"ctypes",
|
|
@@ -91,13 +94,13 @@ def _get_blocked_imports() -> Set[str]:
|
|
|
91
94
|
env_val = os.environ.get("OMG_SANDBOX_BLOCKED_IMPORTS", "").strip()
|
|
92
95
|
if env_val:
|
|
93
96
|
custom = frozenset(name.strip() for name in env_val.split(",") if name.strip())
|
|
94
|
-
return _DEFAULT_BLOCKED_IMPORTS | custom
|
|
97
|
+
return set(_DEFAULT_BLOCKED_IMPORTS | custom)
|
|
95
98
|
return set(_DEFAULT_BLOCKED_IMPORTS)
|
|
96
99
|
|
|
97
100
|
|
|
98
101
|
# --- Blocked builtins ---
|
|
99
102
|
|
|
100
|
-
_DANGEROUS_BUILTINS: frozenset = frozenset({
|
|
103
|
+
_DANGEROUS_BUILTINS: frozenset[str] = frozenset({
|
|
101
104
|
"__import__",
|
|
102
105
|
"eval",
|
|
103
106
|
"exec",
|
|
@@ -278,7 +281,7 @@ def _check_string_escapes(code: str) -> Optional[str]:
|
|
|
278
281
|
|
|
279
282
|
# --- Restricted open() ---
|
|
280
283
|
|
|
281
|
-
_ALLOWED_READ_MODES: frozenset = frozenset({
|
|
284
|
+
_ALLOWED_READ_MODES: frozenset[str] = frozenset({
|
|
282
285
|
"r", "rb", "rt",
|
|
283
286
|
"", # default mode is 'r'
|
|
284
287
|
})
|