@trac3er/oh-my-god 2.0.8 → 2.0.9

package/build/lib/runtime/omg_mcp_server.py

@@ -174,6 +174,25 @@ def omg_security_check(scope: str = ".", include_live_enrichment: bool = False,
     return payload
 
 
+@mcp.tool()
+def omg_claim_judge(claims: list[dict[str, Any]]) -> dict[str, Any]:
+    _status, payload = _service().claim_judge({"claims": claims})
+    return payload
+
+
+@mcp.tool()
+def omg_test_intent_lock(
+    action: str,
+    intent: dict[str, Any] | None = None,
+    lock_id: str | None = None,
+    results: dict[str, Any] | None = None,
+) -> dict[str, Any]:
+    _status, payload = _service().test_intent_lock(
+        {"action": action, "intent": intent, "lock_id": lock_id, "results": results}
+    )
+    return payload
+
+
 @mcp.tool()
 def omg_guide_assert(candidate: str, rules: dict[str, Any]) -> dict[str, Any]:
     _status, payload = _service().guide_assert({"candidate": candidate, "rules": rules})

package/build/lib/runtime/playwright_adapter.py

@@ -0,0 +1,39 @@
+"""Optional adapter for summarizing Playwright artifacts into proof-chain-friendly payloads."""
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any
+
+
+def summarize_playwright_artifacts(
+    trace_path: str | None = None,
+    junit_path: str | None = None,
+    screenshots: list[str] | None = None,
+    metadata: dict[str, Any] | None = None,
+) -> dict[str, Any]:
+    """Summarize browser artifacts into a proof-chain-friendly dict.
+    
+    Returns a dict consumable by proof-gate / claim-judge:
+        status     — "ok" or "error"
+        artifacts  — {trace, junit, screenshots} (only provided paths)
+        metadata   — provided metadata or {}
+    """
+    if not trace_path and not junit_path and not screenshots:
+        return {"status": "error", "reason": "no_artifacts_provided"}
+
+    artifacts: dict[str, Any] = {}
+    
+    if trace_path:
+        artifacts["trace"] = str(Path(trace_path))
+        
+    if junit_path:
+        artifacts["junit"] = str(Path(junit_path))
+        
+    if screenshots:
+        artifacts["screenshots"] = [str(Path(s)) for s in screenshots]
+
+    return {
+        "status": "ok",
+        "artifacts": artifacts,
+        "metadata": metadata or {},
+    }

package/build/lib/runtime/proof_chain.py

@@ -6,6 +6,9 @@ from pathlib import Path
 from typing import Any
 
 
+_REQUIRED_ARTIFACT_FIELDS = ("kind", "path", "sha256", "parser", "summary", "trace_id")
+
+
 def _load_json(path: Path) -> dict[str, Any]:
     return json.loads(path.read_text(encoding="utf-8"))
 
@@ -26,6 +29,105 @@ def _read_jsonl(path: Path) -> list[dict[str, Any]]:
     return rows
 
 
+def _hash_path(path: Path) -> str:
+    if not path.exists() or not path.is_file():
+        return ""
+    h = hashlib.sha256()
+    with path.open("rb") as handle:
+        while True:
+            chunk = handle.read(8192)
+            if not chunk:
+                break
+            h.update(chunk)
+    return h.hexdigest()
+
+
+def _normalize_evidence_pack(payload: dict[str, Any]) -> dict[str, Any]:
+    if not isinstance(payload, dict):
+        raise ValueError("evidence_pack_invalid_payload")
+    schema_version = payload.get("schema_version")
+    if schema_version is None:
+        return payload
+    if schema_version != 2:
+        raise ValueError("evidence_pack_unsupported_schema_version")
+
+    artifacts = payload.get("artifacts", [])
+    if not isinstance(artifacts, list):
+        raise ValueError("evidence_pack_invalid_artifacts")
+
+    for index, artifact in enumerate(artifacts):
+        if not isinstance(artifact, dict):
+            raise ValueError(f"evidence_pack_artifact_invalid_type:{index}")
+        for field in _REQUIRED_ARTIFACT_FIELDS:
+            value = str(artifact.get(field, "")).strip()
+            if not value:
+                raise ValueError(f"evidence_pack_artifact_missing_{field}:{index}")
+    return payload
+
+
+def _artifact_record(*, kind: str, path: str, parser: str, summary: str, trace_id: str, sha256: str = "") -> dict[str, str]:
+    return {
+        "kind": kind,
+        "path": path,
+        "sha256": sha256,
+        "parser": parser,
+        "summary": summary,
+        "trace_id": trace_id,
+    }
+
+
+def _build_chain_artifacts(
+    *,
+    output_root: Path,
+    selected_path: str,
+    evidence_payload: dict[str, Any],
+    trace_payload: dict[str, Any],
+    eval_payload: dict[str, Any],
+    lineage: dict[str, Any] | Any,
+    trace_id: str,
+) -> list[dict[str, str]]:
+    artifacts: list[dict[str, str]] = []
+    raw_artifacts = evidence_payload.get("artifacts", [])
+    if isinstance(raw_artifacts, list):
+        for item in raw_artifacts:
+            if not isinstance(item, dict):
+                continue
+            path = str(item.get("path", "")).strip()
+            artifacts.append(
+                _artifact_record(
+                    kind=str(item.get("kind", "")).strip() or "artifact",
+                    path=path,
+                    sha256=str(item.get("sha256", "")).strip(),
+                    parser=str(item.get("parser", "")).strip() or "unknown",
+                    summary=str(item.get("summary", "")).strip() or "evidence artifact",
+                    trace_id=str(item.get("trace_id", "")).strip() or trace_id,
+                )
+            )
+
+    lineage_path = str((lineage or {}).get("path", "")).strip() if isinstance(lineage, dict) else ""
+    canonical_artifacts = [
+        ("trace", str(trace_payload.get("path", ".omg/tracebank/events.jsonl")).strip(), "jsonl", "tracebank event stream"),
+        ("eval", ".omg/evals/latest.json" if eval_payload else "", "json", "evaluation result"),
+        ("lineage", lineage_path, "json", "lineage manifest"),
+        ("evidence", selected_path, "json", "evidence pack"),
+    ]
+    for kind, path, parser, summary in canonical_artifacts:
+        if not path:
+            continue
+        file_path = output_root / path
+        artifacts.append(
+            _artifact_record(
+                kind=kind,
+                path=path,
+                sha256=_hash_path(file_path),
+                parser=parser,
+                summary=summary,
+                trace_id=trace_id,
+            )
+        )
+    return artifacts
+
+
 def _latest_evidence_pack(output_root: Path) -> tuple[str, dict[str, Any]]:
     evidence_dir = output_root / ".omg" / "evidence"
     if not evidence_dir.exists():
@@ -60,9 +162,10 @@ def assemble_proof_chain(project_dir: str, *, evidence_path: str | None = None)
 
     if evidence_path:
         selected_path = str(evidence_path)
-        evidence_payload = _load_json(output_root / selected_path)
+        evidence_payload = _normalize_evidence_pack(_load_json(output_root / selected_path))
     else:
         selected_path, evidence_payload = _latest_evidence_pack(output_root)
+        evidence_payload = _normalize_evidence_pack(evidence_payload)
 
     trace_id = ""
     trace_ids = evidence_payload.get("trace_ids", [])
@@ -79,6 +182,7 @@ def assemble_proof_chain(project_dir: str, *, evidence_path: str | None = None)
 
     chain = {
         "schema": "ProofChain",
+        "schema_version": 2,
         "trace_id": trace_id,
         "eval_id": eval_id,
         "eval_trace_id": str(eval_payload.get("trace_id", "")),
@@ -91,16 +195,35 @@ def assemble_proof_chain(project_dir: str, *, evidence_path: str | None = None)
         "environment": evidence_payload.get("environment") or trace_payload.get("environment") or eval_payload.get("environment") or {"hostname": "unknown", "platform": "unknown"},
         "ci_job_url": evidence_payload.get("ci_job_url") or "",
         "external_inputs": evidence_payload.get("external_inputs", []),
-        "artifacts": {
-            "trace": trace_payload.get("path", ".omg/tracebank/events.jsonl"),
-            "eval": ".omg/evals/latest.json" if eval_payload else "",
-            "lineage": str((lineage or {}).get("path", "")) if isinstance(lineage, dict) else "",
-            "evidence": selected_path,
-        },
+        "artifacts": _build_chain_artifacts(
+            output_root=output_root,
+            selected_path=selected_path,
+            evidence_payload=evidence_payload,
+            trace_payload=trace_payload,
+            eval_payload=eval_payload,
+            lineage=lineage,
+            trace_id=trace_id,
+        ),
     }
     validation = validate_proof_chain(chain)
     chain["status"] = validation["status"]
     chain["blockers"] = validation["blockers"]
+
+    try:
+        from runtime.background_verification import publish_verification_state
+
+        evidence_links = [selected_path] if selected_path else []
+        publish_verification_state(
+            project_dir=project_dir,
+            run_id=str(chain.get("eval_id", "")),
+            status=str(validation["status"]),
+            blockers=list(validation.get("blockers", [])),
+            evidence_links=evidence_links,
+            progress={"phase": "proof_chain_assembled"},
+        )
+    except Exception:
+        pass
+
     return chain
 
 
@@ -162,9 +285,10 @@ def build_proof_gate_input(project_dir: str, *, evidence_path: str | None = None
 
     if evidence_path:
         selected_path = str(evidence_path)
-        evidence_payload = _load_json(output_root / selected_path)
+        evidence_payload = _normalize_evidence_pack(_load_json(output_root / selected_path))
     else:
         selected_path, evidence_payload = _latest_evidence_pack(output_root)
+        evidence_payload = _normalize_evidence_pack(evidence_payload)
 
     security_evidence = _resolve_security_evidence(output_root=output_root, evidence_payload=evidence_payload)
     browser_evidence = _resolve_browser_evidence(output_root=output_root, evidence_payload=evidence_payload)
@@ -212,6 +336,10 @@ def _resolve_browser_evidence(*, output_root: Path, evidence_payload: dict[str,
         if path:
             candidates.append(path)
 
+    adapter_matches = sorted(output_root.glob(".omg/evidence/playwright-adapter-*.json"))
+    if adapter_matches:
+        candidates.append(adapter_matches[0].relative_to(output_root).as_posix())
+
     candidates.extend(
         [
             ".omg/evidence/browser-evidence.json",

package/build/lib/runtime/proof_gate.py

@@ -1,7 +1,14 @@
 from __future__ import annotations
 
+import hashlib
+from pathlib import Path
 from typing import Any
 
+from runtime import artifact_parsers
+
+
+_REQUIRED_ARTIFACT_FIELDS = ("kind", "path", "sha256", "parser", "summary", "trace_id")
+
 
 def evaluate_proof_gate(input: dict[str, Any]) -> dict[str, Any]:
     claims = _as_claims(input.get("claims"))
@@ -9,6 +16,7 @@ def evaluate_proof_gate(input: dict[str, Any]) -> dict[str, Any]:
     eval_output = _as_dict(input.get("eval_output"))
     security_evidence = _as_dict(input.get("security_evidence"))
     browser_evidence = _as_dict(input.get("browser_evidence"))
+    evidence_pack = _as_dict(input.get("evidence_pack"))
 
     blockers: list[str] = []
     if not claims:
@@ -27,6 +35,7 @@ def evaluate_proof_gate(input: dict[str, Any]) -> dict[str, Any]:
     blockers.extend(_validate_claim_artifacts(claims))
     blockers.extend(_validate_trace_linkage(claims=claims, trace_id=trace_id, eval_output=eval_output, browser_evidence=browser_evidence))
     blockers.extend(_validate_security_and_browser_artifacts(claims=claims, security_evidence=security_evidence, browser_evidence=browser_evidence))
+    blockers.extend(_validate_evidence_pack(evidence_pack))
 
     unique_blockers = list(dict.fromkeys(item for item in blockers if str(item).strip()))
     evidence_summary = {
@@ -93,8 +102,10 @@ def _collect_trace_ids(claim: dict[str, Any]) -> set[str]:
 
 def _validate_claim_artifacts(claims: list[dict[str, Any]]) -> list[str]:
     all_artifacts: list[str] = []
+    artifact_records: list[dict[str, Any]] = []
     for claim in claims:
         all_artifacts.extend(_collect_artifacts(claim))
+        artifact_records.extend(_extract_artifact_records(claim))
 
     blockers: list[str] = []
     required_tokens = {
@@ -106,6 +117,24 @@ def _validate_claim_artifacts(claims: list[dict[str, Any]]) -> list[str]:
     for key, tokens in required_tokens.items():
         if not any(any(token in artifact for token in tokens) for artifact in all_artifacts):
             blockers.append(f"proof_gate_missing_artifact_{key}")
+
+    for artifact in artifact_records:
+        kind = str(artifact.get("kind", "")).strip().lower()
+        path = str(artifact.get("path", "")).strip()
+        if not kind or not path:
+            continue
+
+        parse_result = _parse_artifact(kind=kind, path=path)
+        if not parse_result.get("valid"):
+            error = str(parse_result.get("error", "")).strip()
+            if error == "file_not_found":
+                blockers.append(f"proof_gate_artifact_file_missing_{kind}")
+            else:
+                blockers.append(f"proof_gate_artifact_parse_failed_{kind}")
+
+        hash_blocker = _validate_artifact_hash(artifact)
+        if hash_blocker:
+            blockers.append(hash_blocker)
     return blockers
 
 
@@ -161,3 +190,76 @@ def _validate_security_and_browser_artifacts(
             blockers.append("proof_gate_browser_trace_not_linked_by_claims")
 
     return blockers
+
+
+def _validate_evidence_pack(payload: dict[str, Any]) -> list[str]:
+    if not payload:
+        return []
+    if str(payload.get("schema", "")).strip() != "EvidencePack":
+        return ["proof_gate_invalid_evidence_pack"]
+
+    schema_version = payload.get("schema_version")
+    if schema_version is None:
+        return []
+    if schema_version != 2:
+        return ["proof_gate_unsupported_evidence_schema_version"]
+
+    artifacts = payload.get("artifacts", [])
+    if not isinstance(artifacts, list):
+        return ["proof_gate_invalid_evidence_pack"]
+
+    blockers: list[str] = []
+    for artifact in artifacts:
+        if not isinstance(artifact, dict):
+            blockers.append("proof_gate_invalid_evidence_pack")
+            continue
+        for field in _REQUIRED_ARTIFACT_FIELDS:
+            value = str(artifact.get(field, "")).strip()
+            if not value:
+                blockers.append(f"proof_gate_evidence_artifact_missing_{field}")
+    return blockers
+
+
+def _extract_artifact_records(claim: dict[str, Any]) -> list[dict[str, Any]]:
+    evidence = _as_dict(claim.get("evidence"))
+    raw_artifacts = evidence.get("artifacts", claim.get("artifacts", []))
+    if not isinstance(raw_artifacts, list):
+        return []
+    return [item for item in raw_artifacts if isinstance(item, dict)]
+
+
+def _parse_artifact(*, kind: str, path: str) -> dict[str, Any]:
+    parser = _PARSERS.get(kind)
+    if parser is None:
+        return {"valid": False, "summary": {}, "error": "unsupported_artifact_kind"}
+    return parser(path)
+
+
+def _validate_artifact_hash(artifact: dict[str, Any]) -> str | None:
+    sha256_value = str(artifact.get("sha256", "")).strip().lower()
+    path = str(artifact.get("path", "")).strip()
+    kind = str(artifact.get("kind", "artifact")).strip().lower() or "artifact"
+    if not sha256_value or not path:
+        return None
+    if len(sha256_value) != 64 or any(ch not in "0123456789abcdef" for ch in sha256_value):
+        return None
+
+    file_path = Path(path)
+    if not file_path.exists():
+        return f"proof_gate_artifact_file_missing_{kind}"
+    try:
+        digest = hashlib.sha256(file_path.read_bytes()).hexdigest()
+    except OSError:
+        return f"proof_gate_artifact_hash_unreadable_{kind}"
+    if digest != sha256_value:
+        return f"proof_gate_artifact_hash_mismatch_{kind}"
+    return None
+
+
+_PARSERS: dict[str, Any] = {
+    "junit": artifact_parsers.parse_junit,
+    "sarif": artifact_parsers.parse_sarif,
+    "coverage": artifact_parsers.parse_coverage,
+    "browser_trace": artifact_parsers.parse_browser_trace,
+    "diff_hunk": artifact_parsers.parse_diff_hunk,
+}

package/build/lib/runtime/providers/gemini_provider.py

@@ -16,6 +16,13 @@ from runtime.tmux_session_manager import TmuxSessionManager
 
 _logger = logging.getLogger(__name__)
 
+HOST_RULES = {
+    "compilation_targets": [".gemini/settings.json"],
+    "mcp": ["omg-control"],
+    "skills": ["omg/control-plane", "omg/mcp-fabric"],
+    "automations": ["contract-validate", "provider-routing"],
+}
+
 
 class GeminiProvider(CLIProvider):
     """CLIProvider implementation for the Gemini CLI (``gemini``)."""

package/build/lib/runtime/providers/kimi_provider.py

@@ -16,6 +16,13 @@ from runtime.tmux_session_manager import TmuxSessionManager
 
 _logger = logging.getLogger(__name__)
 
+HOST_RULES = {
+    "compilation_targets": [".kimi/mcp.json"],
+    "mcp": ["omg-control"],
+    "skills": ["omg/control-plane", "omg/mcp-fabric"],
+    "automations": ["contract-validate", "provider-routing"],
+}
+
 
 class KimiCodeProvider(CLIProvider):
     """CLIProvider implementation for the Kimi Code CLI (``kimi``)."""