@trac3er/oh-my-god 2.0.8 → 2.0.9

package/build/lib/runtime/verification_loop.py

@@ -0,0 +1,73 @@
+from __future__ import annotations
+
+from collections.abc import Mapping
+from typing import cast
+
+
+def _as_int(value: object, default: int) -> int:
+    if isinstance(value, bool):
+        return int(value)
+    if isinstance(value, int):
+        return value
+    if isinstance(value, float):
+        return int(value)
+    if isinstance(value, str):
+        try:
+            return int(value)
+        except ValueError:
+            return default
+    return default
+
+
+def _as_string_list(value: object) -> list[str]:
+    if not isinstance(value, list):
+        return []
+    items = cast(list[object], value)
+    return [str(item) for item in items]
+
+
+def build_loop_policy(
+    host: str,
+    max_iterations: int,
+    timeout_minutes: int,
+    read_only_default: bool = True,
+) -> dict[str, object]:
+    return {
+        "host": host,
+        "max_iterations": max_iterations,
+        "timeout_minutes": timeout_minutes,
+        "read_only_default": read_only_default,
+    }
+
+
+def should_continue_loop(state: Mapping[str, object]) -> dict[str, object]:
+    iteration = _as_int(state.get("iteration", 0), 0)
+    max_iterations = _as_int(state.get("max_iterations", 0), 0)
+    status = str(state.get("status", ""))
+
+    if iteration >= max_iterations:
+        return {"continue": False, "reason": "max_iterations_reached"}
+    if status == "ok":
+        return {"continue": False, "reason": "status_ok"}
+    return {"continue": True, "reason": "within_budget"}
+
+
+def summarize_next_step(state: Mapping[str, object]) -> dict[str, object]:
+    status = str(state.get("status", ""))
+    blockers = _as_string_list(state.get("blockers"))
+    evidence_links = _as_string_list(state.get("evidence_links"))
+
+    if blockers:
+        next_action = f"resolve blockers: {', '.join(blockers)}"
+    elif status in {"error", "blocked"}:
+        next_action = "verify evidence links and remediate verification errors"
+    elif evidence_links:
+        next_action = "verify evidence links"
+    else:
+        next_action = "collect verification evidence links"
+
+    return {
+        "next_action": next_action,
+        "evidence_links": evidence_links,
+        "blockers": blockers,
+    }

package/commands/OMG:forge.md

@@ -0,0 +1,92 @@
+---
+description: "FORGE — Labs-only domain-model prototyping and evaluation orchestration. Routes into the lab pipeline with policy enforcement."
+allowed-tools: Read, Bash
+argument-hint: "[job file path]"
+---
+
+# /OMG:forge — Labs-Only Domain Prototyping
+
+> **Availability**: `labs` preset only. Blocked on `safe`, `balanced`, and `interop` presets.
+
+## What It Does
+
+Forge orchestrates domain-model prototyping and evaluation through the existing lab pipeline (`lab/pipeline.py`). It validates jobs against lab policies (`lab/policies.py`), runs the staged pipeline (data → refine → train/distill → evaluate → regression), and emits structured evidence.
+
+Forge does **not**:
+- Train frontier models or perform research-scale model training
+- Bypass lab policy gates (license checks, source validation)
+- Operate outside the `labs` preset boundary
+
+## Policy Enforcement
+
+Every forge job is validated through `lab.policies.validate_job_request()` before pipeline execution:
+
+1. **Dataset license** must be in `ALLOWED_LICENSES`: `apache-2.0`, `mit`, `bsd-3-clause`, `cc-by-4.0`
+2. **Dataset source** must not contain blocked tokens: `unknown`, `leaked`, `stolen`, `unauthorized`, `pirated`
+3. **Model source** must not contain blocked tokens
+4. **Model distillation** must be explicitly allowed (`allow_distill: true`)
+
+Jobs that fail policy checks are blocked with a structured reason before any pipeline stage runs.
+
+## CLI Usage
+
+```bash
+# Run a forge job from a JSON file
+python3 scripts/omg.py forge run --job path/to/job.json
+
+# Run with explicit preset (default: labs)
+python3 scripts/omg.py forge run --job path/to/job.json --preset labs
+```
+
+## Job File Format
+
+```json
+{
+  "dataset": {
+    "name": "my-domain-dataset",
+    "license": "apache-2.0",
+    "source": "internal-curated"
+  },
+  "base_model": {
+    "name": "distill-base-v1",
+    "source": "approved-registry",
+    "allow_distill": true
+  },
+  "target_metric": 0.85,
+  "simulated_metric": 0.90,
+  "evaluation_notes": "Domain adaptation for robotics control"
+}
+```
+
+## Output
+
+Forge returns structured JSON with pipeline results:
+
+```json
+{
+  "status": "ready",
+  "stage": "complete",
+  "stages": [
+    {"name": "data_prepare", "status": "ok"},
+    {"name": "synthetic_refine", "status": "ok"},
+    {"name": "train_distill", "status": "ok"},
+    {"name": "evaluate", "status": "ok"},
+    {"name": "regression_test", "status": "ok"}
+  ],
+  "published": false,
+  "evaluation_report": {
+    "metric": 0.90,
+    "target_metric": 0.85,
+    "passed": true
+  }
+}
+```
+
+## Scope Boundary
+
+Forge is a **domain-prototyping** surface, not a model-training research tool. It stays within:
+
+- The lab pipeline's staged execution model
+- Lab policy validation for all dataset and model sources
+- The `labs` preset boundary — no forge operations run without labs enabled
+- Domain-pack contracts (`runtime/domain_packs.py`) for domain-specific prototyping

package/commands/OMG:mode.md

@@ -1,19 +1,19 @@
 ---
-description: "Set cognitive mode (research/architect/implement) for the current session."
+description: "Set canonical mode (chill/focused/exploratory) for the current session."
 allowed-tools: Read, Write, Edit, Bash
-argument-hint: "[research|architect|implement|clear]"
+argument-hint: "[chill|focused|exploratory|clear]"
 ---
 
-# /OMG:mode — Set Cognitive Mode
+# /OMG:mode — Set Canonical Mode
 
 Switch Claude's operating mode for the current session.
 
 ## Usage
 
 ```
-/OMG:mode research     # Focus on reading, searching, synthesizing
-/OMG:mode architect    # Focus on system design, no implementation
-/OMG:mode implement    # Focus on coding with TDD and verification
+/OMG:mode chill        # Focus on low-intensity, conservative progress
+/OMG:mode focused      # Focus on coding and execution
+/OMG:mode exploratory  # Focus on discovery and synthesis
 /OMG:mode clear        # Clear current mode (return to default)
 ```
 
@@ -23,20 +23,20 @@ Switch Claude's operating mode for the current session.
 2. The `prompt-enhancer` hook reads this file and injects `@mode:` context on every subsequent prompt
 3. The corresponding rule file (`rules/contextual/{mode}-mode.md`) activates
 
-## Modes
+## Canonical Modes
 
 | Mode | Focus | When to Use |
 |------|-------|-------------|
-| `research` | Read, search, synthesize | Exploring unfamiliar territory |
-| `architect` | Design, plan, no code | Before starting a complex feature |
-| `implement` | Code, test, verify | Active development sprint |
+| `chill` | Conservative execution pace | Low-risk maintenance and steady progress |
+| `focused` | Implementation-forward flow | Active feature work with verification |
+| `exploratory` | Discovery, synthesis, and mapping | Unknown domains and research-heavy sessions |
 
 ## Example
 
 ```
-/OMG:mode architect
-→ Sets mode to architect
-→ Every prompt now gets: @mode:ARCHITECT — Map system first. Specs only, no implementation.
+/OMG:mode focused
+→ Sets mode to focused
+→ Every prompt now gets: @mode:FOCUSED — Implement deliberately with tight verification loops.
 
 /OMG:mode clear
 → Removes .omg/state/mode.txt

package/commands/OMG:session-branch.md

@@ -8,9 +8,13 @@ argument-hint: "--name <branch-name> [--from <snapshot_id>]"
 
 Create a named branch of the current OMG state for experimentation or parallel exploration.
 
+## Scope Statement
+
+**This command operates on `.omg/state/` only. It does NOT modify git history, workspace files, or conversation history.**
+
 ## Important
 
-Branching is **OMG state only** — it captures and restores `.omg/state/` directory contents. It does **not** fork the conversation, context window, or Claude session. Think of it as a checkpoint you can name and switch between.
+Branching is **OMG state only** — it captures and restores `.omg/state/` directory contents. It does **not** fork the conversation, context window, or Claude session. Think of it as a checkpoint you can name and switch between. Rollback restores OMG session state only, NOT git history or repo files.
 
 ## Usage
 
@@ -40,6 +44,9 @@ Each branch stores:
 ## Managing Branches
 
 ```
+# Show current branch and snapshot count
+python3 tools/session_snapshot.py status
+
 # List all branches
 python3 tools/session_snapshot.py branches
 
@@ -48,6 +55,15 @@ python3 tools/session_snapshot.py switch experiment
 
 # Create branch from specific snapshot
 python3 tools/session_snapshot.py branch my-branch --from 20260302_143000_baseline
+
+# Fork from a previous checkpoint
+python3 tools/session_snapshot.py fork --from 20260302_100000_pre-refactor --name "approach-b"
+
+# Preview a merge
+python3 tools/session_snapshot.py merge-preview experiment --into main
+
+# Apply a merge
+python3 tools/session_snapshot.py merge experiment --into main
 ```
 
 ## Feature Flag

package/commands/OMG:session-fork.md

@@ -8,9 +8,13 @@ argument-hint: "--from <snapshot_id> --name <fork-name>"
 
 Create a new branch from a specific snapshot checkpoint. This is a convenience wrapper around `/OMG:session-branch` that always requires a source snapshot.
 
+## Scope Statement
+
+**This command operates on `.omg/state/` only. It does NOT modify git history, workspace files, or conversation history.**
+
 ## Important
 
-Forking is **OMG state only** — it restores a previous `.omg/state/` snapshot and creates a new named branch from it. It does **not** fork the conversation or create a parallel Claude session.
+Forking is **OMG state only** — it restores a previous `.omg/state/` snapshot and creates a new named branch from it. It does **not** fork the conversation or create a parallel Claude session. Rollback restores OMG session state only, NOT git history or repo files.
 
 ## Usage
 

package/commands/OMG:session-merge.md

@@ -8,9 +8,13 @@ argument-hint: "--from <source-branch> [--into <target-branch>] [--preview]"
 
 Merge one OMG state branch into another with automatic conflict detection.
 
+## Scope Statement
+
+**This command operates on `.omg/state/` only. It does NOT modify git history, workspace files, or conversation history.**
+
 ## Important
 
-Merging is **OMG state only** — it merges branch metadata (`.omg/state/branches/<name>.json`). It does **not** merge conversations, context windows, or file system state. Think of it as combining the tracked state from two named branches.
+Merging is **OMG state only** — it merges branch metadata (`.omg/state/branches/<name>.json`). It does **not** merge conversations, context windows, or file system state. Think of it as combining the tracked state from two named branches. Rollback restores OMG session state only, NOT git history or repo files.
 
 ## Usage
 

package/control_plane/server.py

@@ -50,6 +50,10 @@ _POST_ROUTE_TABLE = {
     "/v1/registry/verify": ("registry_verify", True),
     "/v2/lab/jobs": ("lab_jobs", False),
     "/v1/lab/jobs": ("lab_jobs", True),
+    "/v2/trust/claim-judge": ("claim_judge", False),
+    "/v1/trust/claim-judge": ("claim_judge", True),
+    "/v2/trust/test-intent-lock": ("test_intent_lock", False),
+    "/v1/trust/test-intent-lock": ("test_intent_lock", True),
 }
 
 _GET_ROUTE_TABLE = {

package/control_plane/service.py

@@ -17,7 +17,9 @@ from lab.pipeline import run_pipeline
 from registry.verify_artifact import verify_artifact
 from runtime.guide_assert import guide_assert
 from runtime.dispatcher import dispatch_runtime
+from runtime.claim_judge import judge_claims
 from runtime.security_check import run_security_check
+from runtime.test_intent_lock import lock_intent, verify_intent
 
 
 class ControlPlaneService:
@@ -103,6 +105,10 @@ class ControlPlaneService:
             route_metadata=payload.get("route_metadata"),
             trace_ids=payload.get("trace_ids"),
             lineage=payload.get("lineage"),
+            claims=payload.get("claims"),
+            test_delta=payload.get("test_delta"),
+            browser_evidence_path=payload.get("browser_evidence_path"),
+            repro_pack_path=payload.get("repro_pack_path"),
         )
         return 202, {
             "status": "accepted",
@@ -210,6 +216,55 @@ class ControlPlaneService:
         result = run_pipeline(payload)
         return 201 if result.get("status") in {"ready", "failed_evaluation"} else 400, result
 
+    def claim_judge(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        claims = payload.get("claims")
+        if not isinstance(claims, list):
+            return 400, {
+                "status": "error",
+                "error_code": "INVALID_CLAIM_INPUT",
+                "message": "claims must be a list",
+            }
+        result = judge_claims(self.project_dir, claims)
+        return 200, result
+
+    def test_intent_lock(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        action = str(payload.get("action", "")).strip()
+
+        if action == "lock":
+            intent = payload.get("intent")
+            if not isinstance(intent, dict):
+                return 400, {
+                    "status": "error",
+                    "error_code": "INVALID_INTENT_INPUT",
+                    "message": "intent must be an object",
+                }
+            result = lock_intent(self.project_dir, intent)
+            return 200, result
+
+        if action == "verify":
+            lock_id = payload.get("lock_id")
+            results = payload.get("results")
+            if not isinstance(lock_id, str) or not lock_id.strip():
+                return 400, {
+                    "status": "error",
+                    "error_code": "INVALID_INTENT_INPUT",
+                    "message": "lock_id is required for verify action",
+                }
+            if not isinstance(results, dict):
+                return 400, {
+                    "status": "error",
+                    "error_code": "INVALID_INTENT_INPUT",
+                    "message": "results must be an object for verify action",
+                }
+            result = verify_intent(self.project_dir, lock_id, results)
+            return 200, result
+
+        return 400, {
+            "status": "error",
+            "error_code": "INVALID_INTENT_ACTION",
+            "message": f"Unknown action: {action!r}; expected 'lock' or 'verify'",
+        }
+
     def scoreboard_baseline(self) -> tuple[int, dict[str, Any]]:
         return 200, {
             "generated_at": datetime.now(timezone.utc).isoformat(),

package/dist/enterprise/bundle/.gemini/settings.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "omg-control": {
+      "command": "python3",
+      "args": [
+        "-m",
+        "runtime.omg_mcp_server"
+      ]
+    }
+  }
+}

package/dist/enterprise/bundle/.kimi/mcp.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "omg-control": {
+      "command": "python3",
+      "args": [
+        "-m",
+        "runtime.omg_mcp_server"
+      ]
+    }
+  }
+}

package/dist/enterprise/bundle/OMG_COMPAT_CONTRACT.md

@@ -4,6 +4,8 @@ version: 2.0.8
 canonical_hosts:
   - claude
   - codex
+  - gemini
+  - kimi
 status: active
 ---
 
@@ -13,10 +15,14 @@ status: active
 
 ## provider_tiers
 
-OMG distinguishes between canonical hosts and compatibility providers.
+OMG defines four canonical hosts and their host-rule contracts.
 
-- **Canonical Hosts**: `claude` and `codex`. These are the primary targets for bundle compilation, native hook integration, and production-grade state management.
-- **Compatibility Providers**: `gemini` and `kimi`. These are supported via routing providers that emulate host behavior and bridge MCP configurations. They are not targets for direct bundle compilation or normative contract enforcement.
+- `claude`: requires `compilation_targets`, `hooks`, `subagents`, and `skills`.
+- `codex`: requires `compilation_targets`, `skills`, `agents_fragments`, `rules`, and `automations`.
+- `gemini`: requires `compilation_targets`, `mcp`, `skills`, and `automations`.
+- `kimi`: requires `compilation_targets`, `mcp`, `skills`, and `automations`.
+
+Gemini and Kimi are canonical hosts for contract validation and policy declaration. Their contracts do not require Claude/Codex hook semantics.
 
 ## metadata
 

package/dist/enterprise/bundle/registry/omg-capability.schema.json

@@ -43,7 +43,9 @@
         "type": "string",
         "enum": [
           "claude",
-          "codex"
+          "codex",
+          "gemini",
+          "kimi"
         ]
       },
       "minItems": 1
@@ -281,6 +283,86 @@
                 }
               },
               "additionalProperties": true
+            },
+            "gemini": {
+              "type": "object",
+              "required": [
+                "compilation_targets",
+                "mcp",
+                "skills",
+                "automations"
+              ],
+              "properties": {
+                "compilation_targets": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "mcp": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "skills": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "automations": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                }
+              },
+              "additionalProperties": true
+            },
+            "kimi": {
+              "type": "object",
+              "required": [
+                "compilation_targets",
+                "mcp",
+                "skills",
+                "automations"
+              ],
+              "properties": {
+                "compilation_targets": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "mcp": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "skills": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "automations": {
+                  "type": "array",
+                  "minItems": 1,
+                  "items": {
+                    "type": "string"
+                  }
+                }
+              },
+              "additionalProperties": true
             }
           },
           "additionalProperties": true

package/dist/enterprise/bundle/settings.json

@@ -308,6 +308,7 @@
   "_omg": {
     "_version": "2.0.8",
     "preset": "safe",
+    "omgMode": "focused",
     "default_mode": "ulw+ralph",
     "vision_auto": true,
     "false_fix_detection": true,

package/dist/enterprise/manifest.json

@@ -1,6 +1,12 @@
 {
   "schema": "OmgCompiledArtifactManifest",
   "channel": "enterprise",
+  "hosts": [
+    "claude",
+    "codex",
+    "gemini",
+    "kimi"
+  ],
   "contract_version": "2.0.8",
   "artifacts": [
     {
@@ -199,13 +205,21 @@
       "path": "bundle/.claude-plugin/plugin.json",
       "sha256": "fe7531e0527d288413151433ee5daa3106383442024d5dad072373f8f26d57d1"
     },
+    {
+      "path": "bundle/.gemini/settings.json",
+      "sha256": "14208140297f635cc5155cfe063c9b8a6193a3d0a264e0686cf3b80789208f27"
+    },
+    {
+      "path": "bundle/.kimi/mcp.json",
+      "sha256": "14208140297f635cc5155cfe063c9b8a6193a3d0a264e0686cf3b80789208f27"
+    },
     {
       "path": "bundle/.mcp.json",
       "sha256": "e16897732dbd20ba7f47e5c0513b146a8d847454c8c13aa9e0a6031e5a498fa4"
     },
     {
       "path": "bundle/OMG_COMPAT_CONTRACT.md",
-      "sha256": "4c628cf93698b051e183db0ddaa80dbdac7a3667071d048cba0f25419271e28d"
+      "sha256": "706b57c51e105bc6654b457596df9332e8c1f73703596fe248bd24c2ae3a59e9"
     },
     {
       "path": "bundle/plugins/advanced/commands/OMG:code-review.md",
@@ -341,11 +355,11 @@
     },
     {
       "path": "bundle/registry/omg-capability.schema.json",
-      "sha256": "486751cecb434c5f169189528ebe5c7ddddadcb0549abdd59f09e7b10844aba1"
+      "sha256": "a9076f09cd9a12ba769c2b05f80a24195ac851b9ad2b817efa41d6143765c513"
     },
     {
       "path": "bundle/settings.json",
-      "sha256": "30acc45a193dc9fdc3733c559cd87e697d68dba9a364567b5097d0296f609ea8"
+      "sha256": "7213d38cb5fd0699482120e1e5a2e50b3386f05bbf8e45b48c9007365058388b"
     }
   ]
 }

package/dist/public/bundle/.agents/skills/omg/incident-replay/SKILL.md

@@ -5,7 +5,7 @@ description: "Replayable bug packs built from logs, failing tests, traces, and d
 
 # OMG Incident Replay
 
-- Channel: `public`
+- Channel: `enterprise`
 - Execution modes: `embedded, local_supervisor`
 - MCP servers: `omg-control`
 - Evidence outputs: `.omg/incidents/*.json`

package/dist/public/bundle/.agents/skills/omg/incident-replay/openai.yaml

@@ -2,7 +2,7 @@ name: omg-incident-replay
 description: "Replayable bug packs built from logs, failing tests, traces, and diffs."
 allow_implicit_invocation: false
 metadata:
-  channel: public
+  channel: enterprise
   bundle_id: incident-replay
   title: "OMG Incident Replay"
 mcp_servers:

package/dist/public/bundle/.agents/skills/omg/lsp-pack/SKILL.md

@@ -5,7 +5,7 @@ description: "Optional LSP-backed diagnostics and navigation bundle for producti
 
 # OMG LSP Pack
 
-- Channel: `public`
+- Channel: `enterprise`
 - Execution modes: `embedded, local_supervisor`
 - MCP servers: `omg-control`
 - Evidence outputs: `.omg/evidence/lsp-diagnostics.json`

package/dist/public/bundle/.agents/skills/omg/lsp-pack/openai.yaml

@@ -2,7 +2,7 @@ name: omg-lsp-pack
 description: "Optional LSP-backed diagnostics and navigation bundle for production verification."
 allow_implicit_invocation: false
 metadata:
-  channel: public
+  channel: enterprise
   bundle_id: lsp-pack
   title: "OMG LSP Pack"
 mcp_servers:

package/dist/public/bundle/.agents/skills/omg/mcp-fabric/SKILL.md

@@ -5,7 +5,7 @@ description: "Tools, prompts, resources, and server instructions for the OMG con
 
 # OMG MCP Fabric
 
-- Channel: `public`
+- Channel: `enterprise`
 - Execution modes: `embedded, local_supervisor`
 - MCP servers: `omg-control, omg-memory`
 - Evidence outputs: `.omg/evidence/mcp-fabric.json`

package/dist/public/bundle/.agents/skills/omg/mcp-fabric/openai.yaml

@@ -2,7 +2,7 @@ name: omg-mcp-fabric
 description: "Tools, prompts, resources, and server instructions for the OMG control plane."
 allow_implicit_invocation: false
 metadata:
-  channel: public
+  channel: enterprise
   bundle_id: mcp-fabric
   title: "OMG MCP Fabric"
 mcp_servers:

package/dist/public/bundle/.agents/skills/omg/plan-council/SKILL.md

@@ -5,7 +5,7 @@ description: "Canonical council-style planning bundle for explicit, evidence-bac
 
 # OMG Plan Council
 
-- Channel: `public`
+- Channel: `enterprise`
 - Execution modes: `embedded, local_supervisor`
 - MCP servers: `omg-control`
 - Evidence outputs: `.omg/plans/deep-plan.md, .omg/plans/deep-plan.json, .omg/plans/dissent.json, .omg/evidence/plan-council.json`