@trac3er/oh-my-god 2.0.8 → 2.0.9

package/.claude-plugin/marketplace.json

@@ -14,7 +14,7 @@
     {
       "name": "omg",
       "description": "OMG plugin layer for Claude Code and supported agent hosts with native setup, orchestration, and interop.",
-      "version": "2.0.8",
+    "version": "2.0.9",
       "source": "./",
       "author": {
         "name": "trac3er00"
@@ -32,5 +32,5 @@
       ]
     }
   ],
-  "version": "2.0.8"
+  "version": "2.0.9"
 }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "omg",
-  "version": "2.0.8",
+  "version": "2.0.9",
   "description": "OMG plugin layer for Claude Code with native setup, orchestration, and interop.",
   "author": {
     "name": "trac3er00"

package/.gemini/settings.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "omg-control": {
+      "command": "python3",
+      "args": [
+        "-m",
+        "runtime.omg_mcp_server"
+      ]
+    }
+  }
+}

package/.kimi/mcp.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "omg-control": {
+      "command": "python3",
+      "args": [
+        "-m",
+        "runtime.omg_mcp_server"
+      ]
+    }
+  }
+}

package/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 ## Unreleased
 
+## 2.0.9 - 2026-03-08
+
+- added scan-first evidence query layer for read-only trust artifact lookup
+- extended claim-judge and test-intent-lock with query-backed workflows and file-backed lock state
+- exposed claim-judge and test-intent-lock through control-plane service, HTTP routes, and MCP tools
+- added deterministic repro-pack manifest assembly from existing evidence, trace, eval, and lineage artifacts
+- added optional playwright evidence adapter for proof-chain-friendly browser artifact summarization
+- added bounded verification-loop policy helpers with no execution side effects
+- integrated new sibling artifacts into proof chain, evidence ingest, and release readiness
+
 ## 2.0.8 - 2026-03-07
 
 - restored plan-council, claim-judge, test-intent-lock, and proof-gate to all required surfaces

package/OMG-setup.sh

@@ -5,7 +5,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 CLAUDE_DIR="${CLAUDE_CONFIG_DIR:-$HOME/.claude}"
 BACKUP_TS="$(date +%Y%m%d_%H%M%S)"
 BACKUP_DIR="$CLAUDE_DIR/.omg-backup-$BACKUP_TS"
-VERSION="2.0.8"
+VERSION="2.0.9"
 
 PLUGIN_NAME="omg"
 PLUGIN_MARKETPLACE="omg"

package/OMG_COMPAT_CONTRACT.md

@@ -1,9 +1,11 @@
 ---
 title: OMG Production Control Plane
-version: 2.0.8
+version: 2.0.9
 canonical_hosts:
   - claude
   - codex
+  - gemini
+  - kimi
 status: active
 ---
 
@@ -13,10 +15,14 @@ status: active
 
 ## provider_tiers
 
-OMG distinguishes between canonical hosts and compatibility providers.
+OMG defines four canonical hosts and their host-rule contracts.
 
-- **Canonical Hosts**: `claude` and `codex`. These are the primary targets for bundle compilation, native hook integration, and production-grade state management.
-- **Compatibility Providers**: `gemini` and `kimi`. These are supported via routing providers that emulate host behavior and bridge MCP configurations. They are not targets for direct bundle compilation or normative contract enforcement.
+- `claude`: requires `compilation_targets`, `hooks`, `subagents`, and `skills`.
+- `codex`: requires `compilation_targets`, `skills`, `agents_fragments`, `rules`, and `automations`.
+- `gemini`: requires `compilation_targets`, `mcp`, `skills`, and `automations`.
+- `kimi`: requires `compilation_targets`, `mcp`, `skills`, and `automations`.
+
+Gemini and Kimi are canonical hosts for contract validation and policy declaration. Their contracts do not require Claude/Codex hook semantics.
 
 ## metadata
 

package/README.md

@@ -75,6 +75,7 @@ OMG uses native setup language instead of public migration commands.
 
 - `OMG-only`: recommended. OMG becomes the primary hooks, HUD, MCP, and orchestration layer.
 - `coexist`: advanced. OMG preserves non-conflicting third-party surfaces and records overlap instead of overwriting it.
+- Modes: `chill`, `focused`, `exploratory`. `focused` is the production default.
 - Presets: `safe`, `balanced`, `interop`, `labs`.
 
 ## Security Notes

package/build/lib/commands/OMG:forge.md

@@ -0,0 +1,92 @@
+---
+description: "FORGE — Labs-only domain-model prototyping and evaluation orchestration. Routes into the lab pipeline with policy enforcement."
+allowed-tools: Read, Bash
+argument-hint: "[job file path]"
+---
+
+# /OMG:forge — Labs-Only Domain Prototyping
+
+> **Availability**: `labs` preset only. Blocked on `safe`, `balanced`, and `interop` presets.
+
+## What It Does
+
+Forge orchestrates domain-model prototyping and evaluation through the existing lab pipeline (`lab/pipeline.py`). It validates jobs against lab policies (`lab/policies.py`), runs the staged pipeline (data → refine → train/distill → evaluate → regression), and emits structured evidence.
+
+Forge does **not**:
+- Train frontier models or perform research-scale model training
+- Bypass lab policy gates (license checks, source validation)
+- Operate outside the `labs` preset boundary
+
+## Policy Enforcement
+
+Every forge job is validated through `lab.policies.validate_job_request()` before pipeline execution:
+
+1. **Dataset license** must be in `ALLOWED_LICENSES`: `apache-2.0`, `mit`, `bsd-3-clause`, `cc-by-4.0`
+2. **Dataset source** must not contain blocked tokens: `unknown`, `leaked`, `stolen`, `unauthorized`, `pirated`
+3. **Model source** must not contain blocked tokens
+4. **Model distillation** must be explicitly allowed (`allow_distill: true`)
+
+Jobs that fail policy checks are blocked with a structured reason before any pipeline stage runs.
+
+## CLI Usage
+
+```bash
+# Run a forge job from a JSON file
+python3 scripts/omg.py forge run --job path/to/job.json
+
+# Run with explicit preset (default: labs)
+python3 scripts/omg.py forge run --job path/to/job.json --preset labs
+```
+
+## Job File Format
+
+```json
+{
+  "dataset": {
+    "name": "my-domain-dataset",
+    "license": "apache-2.0",
+    "source": "internal-curated"
+  },
+  "base_model": {
+    "name": "distill-base-v1",
+    "source": "approved-registry",
+    "allow_distill": true
+  },
+  "target_metric": 0.85,
+  "simulated_metric": 0.90,
+  "evaluation_notes": "Domain adaptation for robotics control"
+}
+```
+
+## Output
+
+Forge returns structured JSON with pipeline results:
+
+```json
+{
+  "status": "ready",
+  "stage": "complete",
+  "stages": [
+    {"name": "data_prepare", "status": "ok"},
+    {"name": "synthetic_refine", "status": "ok"},
+    {"name": "train_distill", "status": "ok"},
+    {"name": "evaluate", "status": "ok"},
+    {"name": "regression_test", "status": "ok"}
+  ],
+  "published": false,
+  "evaluation_report": {
+    "metric": 0.90,
+    "target_metric": 0.85,
+    "passed": true
+  }
+}
+```
+
+## Scope Boundary
+
+Forge is a **domain-prototyping** surface, not a model-training research tool. It stays within:
+
+- The lab pipeline's staged execution model
+- Lab policy validation for all dataset and model sources
+- The `labs` preset boundary — no forge operations run without labs enabled
+- Domain-pack contracts (`runtime/domain_packs.py`) for domain-specific prototyping

package/build/lib/commands/OMG:mode.md

@@ -1,19 +1,19 @@
 ---
-description: "Set cognitive mode (research/architect/implement) for the current session."
+description: "Set canonical mode (chill/focused/exploratory) for the current session."
 allowed-tools: Read, Write, Edit, Bash
-argument-hint: "[research|architect|implement|clear]"
+argument-hint: "[chill|focused|exploratory|clear]"
 ---
 
-# /OMG:mode — Set Cognitive Mode
+# /OMG:mode — Set Canonical Mode
 
 Switch Claude's operating mode for the current session.
 
 ## Usage
 
 ```
-/OMG:mode research     # Focus on reading, searching, synthesizing
-/OMG:mode architect    # Focus on system design, no implementation
-/OMG:mode implement    # Focus on coding with TDD and verification
+/OMG:mode chill        # Focus on low-intensity, conservative progress
+/OMG:mode focused      # Focus on coding and execution
+/OMG:mode exploratory  # Focus on discovery and synthesis
 /OMG:mode clear        # Clear current mode (return to default)
 ```
 
@@ -23,20 +23,20 @@ Switch Claude's operating mode for the current session.
 2. The `prompt-enhancer` hook reads this file and injects `@mode:` context on every subsequent prompt
 3. The corresponding rule file (`rules/contextual/{mode}-mode.md`) activates
 
-## Modes
+## Canonical Modes
 
 | Mode | Focus | When to Use |
 |------|-------|-------------|
-| `research` | Read, search, synthesize | Exploring unfamiliar territory |
-| `architect` | Design, plan, no code | Before starting a complex feature |
-| `implement` | Code, test, verify | Active development sprint |
+| `chill` | Conservative execution pace | Low-risk maintenance and steady progress |
+| `focused` | Implementation-forward flow | Active feature work with verification |
+| `exploratory` | Discovery, synthesis, and mapping | Unknown domains and research-heavy sessions |
 
 ## Example
 
 ```
-/OMG:mode architect
-→ Sets mode to architect
-→ Every prompt now gets: @mode:ARCHITECT — Map system first. Specs only, no implementation.
+/OMG:mode focused
+→ Sets mode to focused
+→ Every prompt now gets: @mode:FOCUSED — Implement deliberately with tight verification loops.
 
 /OMG:mode clear
 → Removes .omg/state/mode.txt

package/build/lib/commands/OMG:session-branch.md

@@ -8,9 +8,13 @@ argument-hint: "--name <branch-name> [--from <snapshot_id>]"
 
 Create a named branch of the current OMG state for experimentation or parallel exploration.
 
+## Scope Statement
+
+**This command operates on `.omg/state/` only. It does NOT modify git history, workspace files, or conversation history.**
+
 ## Important
 
-Branching is **OMG state only** — it captures and restores `.omg/state/` directory contents. It does **not** fork the conversation, context window, or Claude session. Think of it as a checkpoint you can name and switch between.
+Branching is **OMG state only** — it captures and restores `.omg/state/` directory contents. It does **not** fork the conversation, context window, or Claude session. Think of it as a checkpoint you can name and switch between. Rollback restores OMG session state only, NOT git history or repo files.
 
 ## Usage
 
@@ -40,6 +44,9 @@ Each branch stores:
 ## Managing Branches
 
 ```
+# Show current branch and snapshot count
+python3 tools/session_snapshot.py status
+
 # List all branches
 python3 tools/session_snapshot.py branches
 
@@ -48,6 +55,15 @@ python3 tools/session_snapshot.py switch experiment
 
 # Create branch from specific snapshot
 python3 tools/session_snapshot.py branch my-branch --from 20260302_143000_baseline
+
+# Fork from a previous checkpoint
+python3 tools/session_snapshot.py fork --from 20260302_100000_pre-refactor --name "approach-b"
+
+# Preview a merge
+python3 tools/session_snapshot.py merge-preview experiment --into main
+
+# Apply a merge
+python3 tools/session_snapshot.py merge experiment --into main
 ```
 
 ## Feature Flag

package/build/lib/commands/OMG:session-fork.md

@@ -8,9 +8,13 @@ argument-hint: "--from <snapshot_id> --name <fork-name>"
 
 Create a new branch from a specific snapshot checkpoint. This is a convenience wrapper around `/OMG:session-branch` that always requires a source snapshot.
 
+## Scope Statement
+
+**This command operates on `.omg/state/` only. It does NOT modify git history, workspace files, or conversation history.**
+
 ## Important
 
-Forking is **OMG state only** — it restores a previous `.omg/state/` snapshot and creates a new named branch from it. It does **not** fork the conversation or create a parallel Claude session.
+Forking is **OMG state only** — it restores a previous `.omg/state/` snapshot and creates a new named branch from it. It does **not** fork the conversation or create a parallel Claude session. Rollback restores OMG session state only, NOT git history or repo files.
 
 ## Usage
 

package/build/lib/commands/OMG:session-merge.md

@@ -8,9 +8,13 @@ argument-hint: "--from <source-branch> [--into <target-branch>] [--preview]"
 
 Merge one OMG state branch into another with automatic conflict detection.
 
+## Scope Statement
+
+**This command operates on `.omg/state/` only. It does NOT modify git history, workspace files, or conversation history.**
+
 ## Important
 
-Merging is **OMG state only** — it merges branch metadata (`.omg/state/branches/<name>.json`). It does **not** merge conversations, context windows, or file system state. Think of it as combining the tracked state from two named branches.
+Merging is **OMG state only** — it merges branch metadata (`.omg/state/branches/<name>.json`). It does **not** merge conversations, context windows, or file system state. Think of it as combining the tracked state from two named branches. Rollback restores OMG session state only, NOT git history or repo files.
 
 ## Usage
 

package/build/lib/control_plane/server.py

@@ -50,6 +50,10 @@ _POST_ROUTE_TABLE = {
     "/v1/registry/verify": ("registry_verify", True),
     "/v2/lab/jobs": ("lab_jobs", False),
     "/v1/lab/jobs": ("lab_jobs", True),
+    "/v2/trust/claim-judge": ("claim_judge", False),
+    "/v1/trust/claim-judge": ("claim_judge", True),
+    "/v2/trust/test-intent-lock": ("test_intent_lock", False),
+    "/v1/trust/test-intent-lock": ("test_intent_lock", True),
 }
 
 _GET_ROUTE_TABLE = {

package/build/lib/control_plane/service.py

@@ -17,7 +17,9 @@ from lab.pipeline import run_pipeline
 from registry.verify_artifact import verify_artifact
 from runtime.guide_assert import guide_assert
 from runtime.dispatcher import dispatch_runtime
+from runtime.claim_judge import judge_claims
 from runtime.security_check import run_security_check
+from runtime.test_intent_lock import lock_intent, verify_intent
 
 
 class ControlPlaneService:
@@ -103,6 +105,10 @@ class ControlPlaneService:
             route_metadata=payload.get("route_metadata"),
             trace_ids=payload.get("trace_ids"),
             lineage=payload.get("lineage"),
+            claims=payload.get("claims"),
+            test_delta=payload.get("test_delta"),
+            browser_evidence_path=payload.get("browser_evidence_path"),
+            repro_pack_path=payload.get("repro_pack_path"),
         )
         return 202, {
             "status": "accepted",
@@ -210,6 +216,55 @@ class ControlPlaneService:
         result = run_pipeline(payload)
         return 201 if result.get("status") in {"ready", "failed_evaluation"} else 400, result
 
+    def claim_judge(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        claims = payload.get("claims")
+        if not isinstance(claims, list):
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_CLAIM_INPUT",
+                "message": "claims must be a list",
+            }
+        result = judge_claims(self.project_dir, claims)
+        return 200, result
+
+    def test_intent_lock(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        action = str(payload.get("action", "")).strip()
+
+        if action == "lock":
+            intent = payload.get("intent")
+            if not isinstance(intent, dict):
+                return 400, {
+                    "status": "error",
+                    "error_code": "INVALID_INTENT_INPUT",
+                    "message": "intent must be an object",
+                }
+            result = lock_intent(self.project_dir, intent)
+            return 200, result
+
+        if action == "verify":
+            lock_id = payload.get("lock_id")
+            results = payload.get("results")
+            if not isinstance(lock_id, str) or not lock_id.strip():
+                return 400, {
+                    "status": "error",
+                    "error_code": "INVALID_INTENT_INPUT",
+                    "message": "lock_id is required for verify action",
+                }
+            if not isinstance(results, dict):
+                return 400, {
+                    "status": "error",
+                    "error_code": "INVALID_INTENT_INPUT",
+                    "message": "results must be an object for verify action",
+                }
+            result = verify_intent(self.project_dir, lock_id, results)
+            return 200, result
+
+        return 400, {
+            "status": "error",
+            "error_code": "INVALID_INTENT_ACTION",
+            "message": f"Unknown action: {action!r}; expected 'lock' or 'verify'",
+        }
+
     def scoreboard_baseline(self) -> tuple[int, dict[str, Any]]:
         return 200, {
             "generated_at": datetime.now(timezone.utc).isoformat(),

package/build/lib/hooks/setup_wizard.py

@@ -12,7 +12,7 @@ from typing import Any, cast
 
 import yaml
 
-from _common import get_feature_flag
+from hooks._common import get_feature_flag
 
 # Ensure project root is on sys.path for runtime imports
 _PROJECT_ROOT = os.path.normpath(os.path.join(os.path.dirname(os.path.abspath(__file__)), ".."))
@@ -36,8 +36,10 @@ import runtime.providers.codex_provider  # noqa: E402, F401
 import runtime.providers.gemini_provider  # noqa: E402, F401
 import runtime.providers.kimi_provider  # noqa: E402, F401
 from runtime.adoption import (  # noqa: E402
+    CANONICAL_MODE_NAMES,
     CANONICAL_VERSION,
     build_adoption_report,
+    get_mode_profile,
     get_preset_features,
     resolve_preset,
     write_adoption_report,
@@ -416,6 +418,17 @@ def check_auth() -> dict[str, Any]:
 _HTTP_MEMORY_MIN_LEVEL: int = _PRESET_LEVEL["interop"]
 
 
+def get_mode_choices() -> list[str]:
+    return list(CANONICAL_MODE_NAMES)
+
+
+def select_setup_mode(mode: str | None) -> str:
+    candidate = (mode or "").strip().lower()
+    if candidate in CANONICAL_MODE_NAMES:
+        return candidate
+    return "focused"
+
+
 def configure_mcp(
     project_dir: str,
     detected_clis: dict[str, Any],
@@ -599,6 +612,7 @@ def run_setup_wizard(
     non_interactive: bool = False,
     *,
     mode: str | None = None,
+    setup_mode: str | None = None,
     adopt: str = "auto",
     preset: str | None = None,
 ) -> dict[str, Any]:
@@ -622,6 +636,7 @@ def run_setup_wizard(
         }
 
     selected_preset = resolve_preset(preset or ("balanced" if non_interactive else "safe"))
+    selected_setup_mode = select_setup_mode(setup_mode)
     adoption = build_adoption_report(
         project_dir,
         requested_mode=mode,
@@ -638,6 +653,11 @@ def run_setup_wizard(
 
     return {
         "status": "complete",
+        "setup_mode": {
+            "choices": get_mode_choices(),
+            "selected": selected_setup_mode,
+            "profile": get_mode_profile(selected_setup_mode),
+        },
         "clis_detected": clis,
         "auth_status": auth,
         "mcp_configured": mcp,

package/build/lib/hooks/shadow_manager.py

@@ -6,6 +6,7 @@ Maintains overlay-style shadow writes and evidence artifacts.
 from __future__ import annotations
 
 import hashlib
+import importlib
 import json
 import os
 import platform
@@ -18,8 +19,15 @@ from typing import Any
 HOOKS_DIR = os.path.dirname(__file__)
 if HOOKS_DIR not in sys.path:
     sys.path.insert(0, HOOKS_DIR)
-from _common import _resolve_project_dir
-from security_validators import ensure_path_within_dir, validate_opaque_identifier
+try:
+    from hooks._common import _resolve_project_dir
+    from hooks.security_validators import ensure_path_within_dir, validate_opaque_identifier
+except ImportError:
+    _common = importlib.import_module("_common")
+    security_validators = importlib.import_module("security_validators")
+    _resolve_project_dir = _common._resolve_project_dir
+    ensure_path_within_dir = security_validators.ensure_path_within_dir
+    validate_opaque_identifier = security_validators.validate_opaque_identifier
 
 
 def _project_dir() -> str:
@@ -189,6 +197,11 @@ def create_evidence_pack(
     lineage: dict[str, Any] | None = None,
     executor: dict[str, Any] | None = None,
     environment: dict[str, Any] | None = None,
+    artifacts: list[dict[str, Any]] | None = None,
+    claims: list[dict[str, Any]] | None = None,
+    test_delta: dict[str, Any] | None = None,
+    browser_evidence_path: str | None = None,
+    repro_pack_path: str | None = None,
 ) -> str:
     ensure_shadow_dirs(project_dir)
     run_id = _validated_run_id(run_id)
@@ -209,6 +222,7 @@ def create_evidence_pack(
     
     evidence = {
         "schema": "EvidencePack",
+        "schema_version": 2,
         "run_id": run_id,
         "created_at": _utc_now(),
         "tests": tests or [],
@@ -224,7 +238,16 @@ def create_evidence_pack(
         "lineage": lineage or {},
         "executor": executor,
         "environment": environment,
+        "artifacts": artifacts or [],
     }
+    if claims is not None:
+        evidence["claims"] = claims
+    if test_delta is not None:
+        evidence["test_delta"] = test_delta
+    if browser_evidence_path is not None:
+        evidence["browser_evidence_path"] = browser_evidence_path
+    if repro_pack_path is not None:
+        evidence["repro_pack_path"] = repro_pack_path
     evidence_path = ensure_path_within_dir(
         _evidence_root(project_dir),
         os.path.join(_evidence_root(project_dir), f"{run_id}.json"),

package/build/lib/hooks/state_migration.py

@@ -115,6 +115,9 @@ MIGRATION_MAP: list[tuple[str, str, str]] = [
     ("dir", "repl_sessions", "state/repl_sessions"),
     ("dir", "sessions", "state/sessions"),
     ("dir", "snapshots", "state/snapshots"),
+    ("file", "current_branch.json", "state/current_branch.json"),
+    ("file", "background-verification.json", "state/background-verification.json"),
+    ("dir", "branches", "state/branches"),
     ("dir", "knowledge", "knowledge"),
 ]