@trac3er/oh-my-god 2.1.0 → 2.1.1

package/.claude-plugin/marketplace.json

@@ -6,7 +6,7 @@
   },
   "metadata": {
     "description": "OMG - Oh-My-God for Claude Code and supported agent hosts",
-    "version": "2.1.0",
+    "version": "2.1.1",
     "homepage": "https://github.com/trac3er00/OMG",
     "repository": "https://github.com/trac3er00/OMG"
   },
@@ -14,7 +14,7 @@
     {
       "name": "omg",
       "description": "OMG plugin layer for Claude Code and supported agent hosts with native setup, orchestration, and interop.",
-      "version": "2.1.0",
+      "version": "2.1.1",
       "source": "./",
       "author": {
         "name": "trac3er00"
@@ -32,5 +32,5 @@
       ]
     }
   ],
-  "version": "2.1.0"
+  "version": "2.1.1"
 }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "omg",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "description": "OMG plugin layer for Claude Code with native setup, orchestration, and interop.",
   "author": {
     "name": "trac3er00"

package/CHANGELOG.md

@@ -2,6 +2,17 @@
 
 ## Unreleased
 
+## 2.1.1 - 2026-03-08
+
+- shipped strict TDD-or-die enforcement: locked-tests-first mutation lifecycle with hard gate via `OMG_TDD_GATE_STRICT`, stop-dispatcher lock enforcement, waiver evidence requirement, and release-blocking proof chain
+- delivered granular per-interaction undo/rollback: `restore_shadow_entry` in shadow manager, rollback manifest schema with compensating actions for reversible external side effects, and `omg undo` CLI wired end-to-end
+- added live session health monitoring and HUD freshness: `compute_session_health()` and `DefenseState.update()` called after real mutations and verifications, 5-minute HUD staleness threshold with `[STALE]` badge, and MCP `get_session_health` tool with `/session_health` control-plane route
+- persisted and enforced defense-council verdicts: `run_critics()` result no longer silently discarded, council findings flow into routing, tool-plan gate, claim judge, and release blocking; new `evidence_completeness` critic added
+- hardened Forge starter: strict domain/specialist validation, proof-backed starter evidence, labs-only release proof integration
+- added canonical run-scoped release coordinator (`runtime/release_run_coordinator.py`) as single authority for `run_id` lifecycle across verification, journaling, health, council, and rollback artifacts
+- expanded runtime state contracts for `session_health`, `council_verdicts`, `rollback_manifest`, and `release_run` as first-class versioned schemas
+- all new hard gates are feature-flagged permissive by default (`OMG_TDD_GATE_STRICT=1`, `OMG_RUN_COORDINATOR_STRICT=1`, `OMG_PROOF_CHAIN_STRICT=1`)
+
 ## 2.1.0 - 2026-03-08
 
 - promoted the execution-primitives and browser-surface wave into the v2.1.0 release train

package/build/lib/control_plane/service.py

@@ -4,6 +4,7 @@ from __future__ import annotations
 
 from datetime import datetime, timezone
 import os
+from pathlib import Path
 from typing import Any
 
 from hooks.policy_engine import (
@@ -20,6 +21,7 @@ from runtime.guide_assert import guide_assert
 from runtime.dispatcher import dispatch_runtime
 from runtime.claim_judge import judge_claims
 from runtime.mutation_gate import check_mutation_allowed
+from runtime.runtime_contracts import read_run_state
 from runtime.security_check import run_security_check
 from runtime.test_intent_lock import lock_intent, verify_intent
 
@@ -275,15 +277,24 @@ class ControlPlaneService:
         file_path = payload.get("file_path")
         lock_id = payload.get("lock_id")
         exemption = payload.get("exemption")
+        command = payload.get("command")
+        run_id = payload.get("run_id")
+        metadata = payload.get("metadata")
 
         if not isinstance(tool, str) or not tool.strip():
             raise ValueError("tool is required")
-        if not isinstance(file_path, str) or not file_path.strip():
+        if not isinstance(file_path, str) or (tool != "Bash" and not file_path.strip()):
             raise ValueError("file_path is required")
         if lock_id is not None and not isinstance(lock_id, str):
             raise ValueError("lock_id must be a string when provided")
         if exemption is not None and not isinstance(exemption, str):
             raise ValueError("exemption must be a string when provided")
+        if command is not None and not isinstance(command, str):
+            raise ValueError("command must be a string when provided")
+        if run_id is not None and not isinstance(run_id, str):
+            raise ValueError("run_id must be a string when provided")
+        if metadata is not None and not isinstance(metadata, dict):
+            raise ValueError("metadata must be an object when provided")
 
         result = check_mutation_allowed(
             tool=tool,
@@ -291,9 +302,37 @@ class ControlPlaneService:
             project_dir=self.project_dir,
             lock_id=lock_id,
             exemption=exemption,
+            command=command,
+            run_id=run_id,
+            metadata=metadata,
         )
         return 200, result
 
+    def session_health(self, payload: dict[str, Any]) -> tuple[int, dict[str, Any]]:
+        run_id = payload.get("run_id")
+        if isinstance(run_id, str) and run_id.strip():
+            state = read_run_state(self.project_dir, "session_health", run_id.strip())
+            if state is None:
+                return 404, {"status": "error", "message": f"No session health for run_id: {run_id}"}
+            return 200, dict(state)
+
+        health_dir = Path(self.project_dir) / ".omg" / "state" / "session_health"
+        if not health_dir.exists():
+            return 404, {"status": "error", "message": "No session health state found"}
+
+        candidates = sorted(
+            (f for f in health_dir.iterdir() if f.suffix == ".json" and not f.name.endswith(".tmp")),
+            key=lambda p: p.stat().st_mtime,
+        )
+        if not candidates:
+            return 404, {"status": "error", "message": "No session health state found"}
+
+        latest_run_id = candidates[-1].stem
+        state = read_run_state(self.project_dir, "session_health", latest_run_id)
+        if state is None:
+            return 404, {"status": "error", "message": "Failed to read session health state"}
+        return 200, dict(state)
+
     def scoreboard_baseline(self) -> tuple[int, dict[str, Any]]:
         return 200, {
             "generated_at": datetime.now(timezone.utc).isoformat(),

package/build/lib/hooks/firewall.py

@@ -7,23 +7,105 @@ one centralized decision model.
 import json
 import os
 import sys
+from pathlib import Path
 
 HOOKS_DIR = os.path.dirname(__file__)
-if HOOKS_DIR not in sys.path:
-    sys.path.insert(0, HOOKS_DIR)
+PROJECT_ROOT = os.path.dirname(HOOKS_DIR)
+for path in (HOOKS_DIR, PROJECT_ROOT):
+    if path not in sys.path:
+        sys.path.insert(0, path)
 
-from _common import setup_crash_handler, json_input, deny_decision, is_bypass_mode
+from _common import setup_crash_handler, json_input, deny_decision, is_bypass_mode, get_project_dir  # pyright: ignore[reportImplicitRelativeImport]
 
 # Fail-closed: deny on crash (security hook)
 setup_crash_handler("firewall", fail_closed=True)
 
 try:
-    from policy_engine import evaluate_bash_command, to_pretool_hook_output
+    from policy_engine import evaluate_bash_command, to_pretool_hook_output  # pyright: ignore[reportImplicitRelativeImport]
+    from runtime.mutation_gate import check_mutation_allowed
+    from runtime.tool_plan_gate import journal_mutation_bash
 except Exception as _import_err:
     print(f"OMG firewall: policy_engine import failed: {_import_err}", file=sys.stderr)
     deny_decision(f"OMG firewall crash: policy_engine import failed: {_import_err}. Denying for safety.")
     sys.exit(0)
 
+
+def _enrich_risk_context(decision, payload: dict[str, object]):
+    try:
+        project_dir = os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd())
+        run_id = _resolve_run_id(payload)
+
+        suffixes: list[str] = []
+        defense_risk = _read_defense_risk(project_dir)
+        if defense_risk:
+            suffixes.append(f"defense risk={defense_risk}")
+
+        council_signal = _read_council_signal(project_dir, run_id)
+        if council_signal:
+            suffixes.append(council_signal)
+
+        if suffixes:
+            decision.reason = f"{decision.reason} [{'; '.join(suffixes)}]".strip()
+    except Exception:
+        return decision
+    return decision
+
+
+def _resolve_run_id(payload: dict[str, object]) -> str:
+    if isinstance(payload, dict):
+        run_id = payload.get("run_id")
+        if isinstance(run_id, str) and run_id.strip():
+            return run_id.strip()
+        tool_input = payload.get("tool_input")
+        if isinstance(tool_input, dict):
+            metadata = tool_input.get("metadata")
+            if isinstance(metadata, dict):
+                metadata_run_id = metadata.get("run_id")
+                if isinstance(metadata_run_id, str) and metadata_run_id.strip():
+                    return metadata_run_id.strip()
+    env_run_id = os.environ.get("OMG_RUN_ID", "")
+    return env_run_id.strip()
+
+
+def _read_defense_risk(project_dir: str) -> str:
+    path = Path(project_dir) / ".omg" / "state" / "defense_state" / "current.json"
+    if not path.exists():
+        return ""
+    try:
+        payload = json.loads(path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return ""
+    if not isinstance(payload, dict):
+        return ""
+    return str(payload.get("risk_level", "")).strip().lower()
+
+
+def _read_council_signal(project_dir: str, run_id: str) -> str:
+    if not run_id:
+        return ""
+    path = Path(project_dir) / ".omg" / "state" / "council_verdicts" / f"{run_id}.json"
+    if not path.exists():
+        return ""
+    try:
+        payload = json.loads(path.read_text(encoding="utf-8"))
+    except (OSError, json.JSONDecodeError):
+        return ""
+    if not isinstance(payload, dict):
+        return ""
+
+    verdicts = payload.get("verdicts")
+    if not isinstance(verdicts, dict):
+        return ""
+    evidence = verdicts.get("evidence_completeness")
+    if not isinstance(evidence, dict):
+        return ""
+    verdict = str(evidence.get("verdict", "")).strip().lower()
+    findings = evidence.get("findings")
+    findings_count = len(findings) if isinstance(findings, list) else 0
+    if not verdict:
+        return ""
+    return f"council evidence={verdict} findings={findings_count}"
+
 data = json_input()
 
 tool = data.get("tool_name", "")
@@ -35,12 +117,45 @@ if not cmd:
     sys.exit(0)
 
 decision = evaluate_bash_command(cmd)
+decision = _enrich_risk_context(decision, data)
+
+tool_input = data.get("tool_input")
+metadata = tool_input.get("metadata") if isinstance(tool_input, dict) else None
+lock_id = tool_input.get("lock_id") if isinstance(tool_input, dict) else None
+if not isinstance(lock_id, str) and isinstance(metadata, dict):
+    lock_id = metadata.get("lock_id")
+run_id = _resolve_run_id(data)
+
+gate_result = check_mutation_allowed(
+    tool="Bash",
+    file_path=cmd,
+    project_dir=get_project_dir(),
+    lock_id=lock_id if isinstance(lock_id, str) else None,
+    command=cmd,
+    run_id=run_id or None,
+    metadata=metadata if isinstance(metadata, dict) else None,
+)
+is_mutation_capable = str(gate_result.get("reason", "")) != "tool is read-only for mutation gate"
+if is_mutation_capable and gate_result.get("status") == "blocked":
+    deny_decision(str(gate_result.get("reason", "mutation denied by test intent lock gate")))
+    sys.exit(0)
 
 # In bypass-permission mode, only enforce hard denials (critical safety).
 # Skip "ask" decisions so the user is not prompted for confirmation.
 if is_bypass_mode(data) and decision.action != "deny":
     sys.exit(0)
 
+if decision.action == "allow" and is_mutation_capable:
+    try:
+        journal_mutation_bash(
+            project_dir=get_project_dir(),
+            command=cmd,
+            run_id=run_id or None,
+            metadata=metadata if isinstance(metadata, dict) else None,
+        )
+    except Exception:
+        pass
+
 out = to_pretool_hook_output(decision)
 if out:
     json.dump(out, sys.stdout)

package/build/lib/hooks/shadow_manager.py

@@ -146,7 +146,13 @@ def map_shadow_path(project_dir: str, run_id: str, file_path: str) -> str:
     return os.path.join(_shadow_root(project_dir), run_id, "overlay", rel)
 
 
-def record_shadow_write(project_dir: str, run_id: str, file_path: str, source: str = "tool") -> dict[str, Any]:
+def record_shadow_write(
+    project_dir: str,
+    run_id: str,
+    file_path: str,
+    source: str = "tool",
+    step_id: str | None = None,
+) -> dict[str, Any]:
     run_id = _validated_run_id(run_id)
     run_dir = os.path.join(_shadow_root(project_dir), run_id)
     os.makedirs(run_dir, exist_ok=True)
@@ -155,7 +161,8 @@ def record_shadow_write(project_dir: str, run_id: str, file_path: str, source: s
     os.makedirs(os.path.dirname(shadow_path), exist_ok=True)
 
     abs_file = file_path if os.path.isabs(file_path) else os.path.join(project_dir, file_path)
-    if os.path.exists(abs_file):
+    file_existed_before = os.path.exists(abs_file)
+    if file_existed_before:
         shutil.copy2(abs_file, shadow_path)
         file_hash = _hash_file(abs_file)
     else:
@@ -169,7 +176,10 @@ def record_shadow_write(project_dir: str, run_id: str, file_path: str, source: s
         "recorded_at": _utc_now(),
         "source": source,
         "sha256": file_hash,
+        "file_existed_before": file_existed_before,
     }
+    if step_id:
+        entry["step_id"] = step_id
 
     files = manifest.get("files", [])
     # Replace existing entry for same file.
@@ -181,6 +191,72 @@ def record_shadow_write(project_dir: str, run_id: str, file_path: str, source: s
     return entry
 
 
+def restore_shadow_entry(project_dir: str, run_id: str, step_id: str) -> dict[str, Any]:
+    run_id = _validated_run_id(run_id)
+    run_dir = os.path.join(_shadow_root(project_dir), run_id)
+    manifest = _load_manifest(run_dir)
+    entries = manifest.get("files", [])
+
+    restored: list[str] = []
+    failed: list[dict[str, str]] = []
+
+    selected_entries: list[dict[str, Any]] = []
+    for item in entries:
+        if not isinstance(item, dict):
+            continue
+        item_step_id = str(item.get("step_id", "")).strip()
+        if item_step_id == step_id:
+            selected_entries.append(item)
+
+    if not selected_entries and isinstance(entries, list) and len(entries) == 1:
+        single = entries[0]
+        if isinstance(single, dict):
+            selected_entries = [single]
+
+    if not selected_entries:
+        return {"restored": restored, "failed": failed, "reason": "step not found"}
+
+    for item in selected_entries:
+        rel = str(item.get("file", "")).strip()
+        shadow_rel = str(item.get("shadow_file", "")).strip()
+        file_existed_before = bool(item.get("file_existed_before", True))
+        if not rel:
+            failed.append({"file": "", "reason": "missing file path"})
+            continue
+
+        dst = os.path.join(project_dir, rel)
+        src = os.path.join(run_dir, shadow_rel) if shadow_rel else ""
+
+        if src and os.path.exists(src):
+            try:
+                os.makedirs(os.path.dirname(dst), exist_ok=True)
+                shutil.copy2(src, dst)
+                restored.append(rel)
+            except Exception as exc:
+                failed.append({"file": rel, "reason": f"copy failed: {exc}"})
+            continue
+
+        if not file_existed_before:
+            try:
+                if os.path.exists(dst):
+                    os.remove(dst)
+                restored.append(rel)
+            except Exception as exc:
+                failed.append({"file": rel, "reason": f"delete failed: {exc}"})
+            continue
+
+        failed.append({"file": rel, "reason": "shadow snapshot missing"})
+
+    manifest["status"] = "restored"
+    manifest["restored_at"] = _utc_now()
+    _save_manifest(run_dir, manifest)
+
+    reason = "shadow restore applied" if restored and not failed else "shadow restore partial"
+    if not restored and failed:
+        reason = "shadow restore failed"
+    return {"restored": restored, "failed": failed, "reason": reason}
+
+
 def create_evidence_pack(
     project_dir: str,
     run_id: str,
@@ -321,6 +397,34 @@ def drop_shadow(project_dir: str, run_id: str) -> dict[str, Any]:
     return {"run_id": run_id, "dropped": True}
 
 
+def auto_journal_mutation(
+    project_dir: str,
+    tool: str,
+    file_path: str,
+    run_id: str,
+) -> dict[str, Any] | None:
+    try:
+        from runtime.interaction_journal import InteractionJournal
+        from runtime.release_run_coordinator import resolve_current_run_id
+    except ImportError:
+        return None
+
+    canonical_run_id = resolve_current_run_id(project_dir) or run_id
+    shadow_manifest = os.path.join(
+        _shadow_root(project_dir), run_id, "manifest.json"
+    )
+
+    journal = InteractionJournal(project_dir)
+    return journal.record_step(
+        tool.lower(),
+        {
+            "file_path": file_path,
+            "run_id": canonical_run_id,
+            "shadow_manifest": shadow_manifest,
+        },
+    )
+
+
 def _handle_post_tool_use(payload: dict[str, Any]) -> None:
     tool = payload.get("tool_name", "")
     if tool not in ("Write", "Edit", "MultiEdit"):
@@ -343,6 +447,11 @@ def _handle_post_tool_use(payload: dict[str, Any]) -> None:
     run_id = begin_shadow_run(project_dir, metadata={"source": "post-tool-use"})
     record_shadow_write(project_dir, run_id, file_path)
 
+    try:
+        auto_journal_mutation(project_dir, tool, file_path, run_id)
+    except Exception:
+        pass
+
 
 def _main() -> int:
     # Early-exit: skip all work if shadow/evidence mode is not enabled

package/build/lib/hooks/stop_dispatcher.py

@@ -9,10 +9,12 @@ import subprocess
 import sys
 import time
 from datetime import datetime, timedelta, timezone
+import warnings
 
 sys.path.insert(0, os.path.dirname(__file__))
+sys.path.insert(0, os.path.dirname(os.path.dirname(__file__)))
 
-from _common import (  # noqa: E402
+from hooks._common import (  # noqa: E402
     atomic_json_write,
     block_decision,
     check_performance_budget,
@@ -27,7 +29,10 @@ from _common import (  # noqa: E402
     should_skip_stop_hooks,
     STOP_CHECK_MAX_MS,
 )
-from state_migration import resolve_state_file  # noqa: E402
+from hooks.state_migration import resolve_state_file  # noqa: E402
+
+from runtime.release_run_coordinator import resolve_current_run_id  # noqa: E402
+from runtime import test_intent_lock  # noqa: E402
 
 
 setup_crash_handler("stop_dispatcher")
@@ -132,7 +137,7 @@ def _is_internal_control_path(file_path: str) -> bool:
 
 
 try:
-    from shadow_manager import has_recent_evidence  # type: ignore
+    from hooks.shadow_manager import has_recent_evidence  # type: ignore
 except Exception:  # intentional: optional feature — shadow_manager may not exist
     has_recent_evidence = None
 
@@ -621,6 +626,104 @@ def check_bare_done(data, project_dir):
 
     return []
 
+
+def _proof_chain_strict_enabled() -> bool:
+    return os.environ.get("OMG_PROOF_CHAIN_STRICT", "0").strip() == "1"
+
+
+def _load_test_delta_from_evidence(project_dir: str, run_id: str | None) -> dict[str, object]:
+    evidence_dir = os.path.join(project_dir, ".omg", "evidence")
+    if not os.path.isdir(evidence_dir):
+        return {}
+
+    candidates = sorted(
+        [
+            os.path.join(evidence_dir, name)
+            for name in os.listdir(evidence_dir)
+            if name.endswith(".json")
+        ],
+        key=os.path.getmtime,
+        reverse=True,
+    )
+    for path in candidates:
+        try:
+            with open(path, "r", encoding="utf-8", errors="ignore") as handle:
+                payload = json.load(handle)
+        except (OSError, json.JSONDecodeError):
+            continue
+        if not isinstance(payload, dict):
+            continue
+        if payload.get("schema") != "EvidencePack":
+            continue
+        payload_run_id = str(payload.get("run_id", "")).strip()
+        if run_id and payload_run_id and payload_run_id != run_id:
+            continue
+        test_delta = payload.get("test_delta")
+        if isinstance(test_delta, dict):
+            return test_delta
+    return {}
+
+
+def _has_waiver_artifact(delta_summary: dict[str, object]) -> bool:
+    waiver = delta_summary.get("waiver_artifact")
+    if isinstance(waiver, dict):
+        for field in ("artifact_path", "path", "id", "reason"):
+            if str(waiver.get(field, "")).strip():
+                return True
+    return False
+
+
+def _has_weakened_or_drift(delta_summary: dict[str, object]) -> bool:
+    flags = delta_summary.get("flags")
+    if not isinstance(flags, list):
+        return False
+    risk_flags = {
+        "weakened_assertions",
+        "tests_mismatch",
+        "selector_drift",
+        "removed_touched_area_coverage",
+        "integration_to_mock_downgrade",
+        "snapshot_only_refresh",
+    }
+    normalized = {str(item).strip().lower() for item in flags if str(item).strip()}
+    return bool(normalized & risk_flags)
+
+
+def check_tdd_proof_chain(data, project_dir):
+    if not get_feature_flag("tdd_proof_chain", True):
+        return []
+
+    context = data["_stop_ctx"]
+    if not context.get("has_source_writes", False):
+        return []
+
+    run_id = resolve_current_run_id(project_dir=project_dir)
+    lock_verdict = test_intent_lock.verify_lock(project_dir, run_id=run_id)
+    delta_summary = data.get("_test_delta") if isinstance(data.get("_test_delta"), dict) else {}
+    if not delta_summary:
+        delta_summary = _load_test_delta_from_evidence(project_dir, run_id)
+
+    lock_missing = str(lock_verdict.get("status", "")).strip() != "ok"
+    weakened_without_waiver = _has_weakened_or_drift(delta_summary) and not _has_waiver_artifact(delta_summary)
+    if not lock_missing and not weakened_without_waiver:
+        return []
+
+    strict_mode = _proof_chain_strict_enabled()
+    if strict_mode:
+        return [json.dumps({"status": "blocked", "reason": "tdd_proof_chain_incomplete"}, sort_keys=True)]
+
+    warnings.warn(
+        "tdd_proof_chain_incomplete_permissive",
+        RuntimeWarning,
+        stacklevel=2,
+    )
+    advisories = data.setdefault("_stop_advisories", [])
+    advisories.append(
+        "[OMG advisory] tdd proof chain incomplete: active lock evidence or waiver artifact is missing. "
+        "Set OMG_PROOF_CHAIN_STRICT=1 to hard-block completion."
+    )
+    return []
+
 def check_simplifier(data, project_dir):
     """CHECK 7: Code simplifier — advisory only, never blocks."""
     if not get_feature_flag("simplifier", True):
@@ -832,7 +935,7 @@ def check_scope_drift(project_dir):
 
 
 
-def check_todo_continuation(data: dict) -> dict | None:
+def check_todo_continuation(data: dict[str, object]) -> dict[str, str] | None:
     """Check if agent should continue due to incomplete todos.
     Returns a dict with continuation response if idle, None otherwise.
     Budget: STOP_CHECK_MAX_MS (15s)
@@ -911,6 +1014,7 @@ def main():
         check_diff_budget,
         check_recent_failures,
         check_test_execution,
+        check_tdd_proof_chain,
         check_test_validator_coverage,
         check_false_fix,
         check_write_failures,