@trac3r/oh-my-god 2.2.11

package/scripts/check-omg-compat-contract-snapshot.py

@@ -0,0 +1,137 @@
+#!/usr/bin/env python3
+"""Validate committed OMG compatibility snapshot against runtime contracts."""
+from __future__ import annotations
+
+import argparse
+import json
+from pathlib import Path
+import sys
+
+ROOT = Path(__file__).resolve().parents[1]
+if str(ROOT) not in sys.path:
+    sys.path.insert(0, str(ROOT))
+
+from runtime.compat import (  # noqa: E402
+    CONTRACT_SNAPSHOT_SCHEMA,
+    CONTRACT_SNAPSHOT_VERSION,
+    DEFAULT_CONTRACT_SNAPSHOT_PATH,
+    LEGACY_CONTRACT_SNAPSHOT_PATH,
+    build_contract_snapshot_payload,
+    migrate_contract_snapshot_payload,
+)
+
+
+def _load_snapshot(path: Path) -> dict:
+    with open(path, "r", encoding="utf-8") as f:
+        payload = json.load(f)
+    if not isinstance(payload, dict):
+        raise ValueError("snapshot must be a JSON object")
+    return payload
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Check OMG compatibility contract snapshot drift")
+    parser.add_argument("--snapshot", default="")
+    parser.add_argument("--strict-version", action="store_true")
+    args = parser.parse_args()
+
+    if args.snapshot:
+        snapshot_path = Path(args.snapshot)
+    else:
+        primary = ROOT / DEFAULT_CONTRACT_SNAPSHOT_PATH
+        legacy = ROOT / LEGACY_CONTRACT_SNAPSHOT_PATH
+        snapshot_path = primary if primary.exists() else legacy
+
+    if not snapshot_path.exists():
+        print(
+            json.dumps(
+                {"status": "error", "message": f"snapshot not found: {snapshot_path}"},
+                indent=2,
+            )
+        )
+        return 2
+
+    try:
+        current = _load_snapshot(snapshot_path)
+    except Exception as exc:
+        print(json.dumps({"status": "error", "message": f"invalid snapshot json: {exc}"}, indent=2))
+        return 2
+
+    migrated, migrations = migrate_contract_snapshot_payload(current)
+    expected = build_contract_snapshot_payload(include_generated_at=False)
+
+    if migrated.get("schema") != CONTRACT_SNAPSHOT_SCHEMA:
+        print(
+            json.dumps(
+                {
+                    "status": "error",
+                    "message": "snapshot schema mismatch",
+                    "expected_schema": CONTRACT_SNAPSHOT_SCHEMA,
+                    "actual_schema": migrated.get("schema"),
+                },
+                indent=2,
+            )
+        )
+        return 3
+
+    if args.strict_version and current.get("contract_version") != CONTRACT_SNAPSHOT_VERSION:
+        print(
+            json.dumps(
+                {
+                    "status": "error",
+                    "message": "snapshot contract_version mismatch (strict)",
+                    "expected_version": CONTRACT_SNAPSHOT_VERSION,
+                    "actual_version": current.get("contract_version"),
+                },
+                indent=2,
+            )
+        )
+        return 3
+
+    if migrated.get("contract_version") != CONTRACT_SNAPSHOT_VERSION:
+        print(
+            json.dumps(
+                {
+                    "status": "error",
+                    "message": "snapshot contract_version unsupported",
+                    "expected_version": CONTRACT_SNAPSHOT_VERSION,
+                    "actual_version": migrated.get("contract_version"),
+                },
+                indent=2,
+            )
+        )
+        return 3
+
+    if migrated.get("count") != expected.get("count") or migrated.get("contracts") != expected.get("contracts"):
+        print(
+            json.dumps(
+                {
+                    "status": "error",
+                    "message": "snapshot drift detected",
+                    "expected_count": expected.get("count"),
+                    "actual_count": migrated.get("count"),
+                    "migrations_applied": migrations,
+                },
+                indent=2,
+            )
+        )
+        return 3
+
+    print(
+        json.dumps(
+            {
+                "status": "ok",
+                "message": "snapshot matches runtime contracts",
+                "contract_version": CONTRACT_SNAPSHOT_VERSION,
+                "migrations_applied": migrations,
+                "snapshot": str(snapshot_path),
+            },
+            indent=2,
+        )
+    )
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
+

package/scripts/check-omg-contract-snapshot.py

@@ -0,0 +1,12 @@
+#!/usr/bin/env python3
+"""Legacy wrapper for OMG compatibility snapshot checker."""
+from __future__ import annotations
+
+import runpy
+from pathlib import Path
+
+
+if __name__ == "__main__":
+    target = Path(__file__).resolve().with_name("check-omg-compat-contract-snapshot.py")
+    runpy.run_path(str(target), run_name="__main__")
+

package/scripts/check-omg-public-ready.py

@@ -0,0 +1,273 @@
+#!/usr/bin/env python3
+"""Check that the repo is safe and polished enough for a public launch."""
+from __future__ import annotations
+
+import argparse
+import json
+from pathlib import Path
+import re
+import sys
+from urllib.parse import urlparse
+
+# Add root to sys.path to import runtime.adoption
+ROOT = Path(__file__).resolve().parents[1]
+sys.path.insert(0, str(ROOT))
+
+from runtime.adoption import CANONICAL_VERSION
+
+REQUIRED_PUBLIC_DOCS = [
+    "README.md",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
+    "CODE_OF_CONDUCT.md",
+    "CHANGELOG.md",
+]
+
+REQUIRED_COMMUNITY_TEMPLATES = [
+    ".github/ISSUE_TEMPLATE/bug_report.yml",
+    ".github/ISSUE_TEMPLATE/feature_request.yml",
+    ".github/pull_request_template.md",
+]
+
+PUBLIC_DOC_GLOBS = [
+    "README.md",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
+    "CODE_OF_CONDUCT.md",
+    "CHANGELOG.md",
+    "docs/**/*.md",
+    "plugins/README.md",
+    ".github/**/*.md",
+]
+
+TEXT_GLOBS = [
+    "README.md",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
+    "CODE_OF_CONDUCT.md",
+    "CHANGELOG.md",
+    "docs/**/*.md",
+    "commands/**/*.md",
+    "plugins/**/*.md",
+    "agents/**/*.md",
+    "rules/**/*.md",
+    "runtime/**/*.py",
+    "hooks/**/*.py",
+    "scripts/**/*.py",
+    ".github/workflows/**/*.yml",
+    ".github/workflows/**/*.yaml",
+    "OMG-setup.sh",
+    "install.sh",
+    "package.json",
+    "settings.json",
+    ".claude-plugin/**/*.json",
+    "plugins/**/*.json",
+]
+
+MARKDOWN_LINK_RE = re.compile(r"!\[[^\]]*\]\(([^)]+)\)|\[[^\]]+\]\(([^)]+)\)")
+HTTP_URL_RE = re.compile(r"https?://[^\s)\]>'\"]+")
+ALLOW_PATTERN_REFERENCES = {
+    ROOT / "scripts" / "check-omg-public-ready.py",
+    ROOT / "scripts" / "check-omg-standalone-clean.py",
+    ROOT / "scripts" / "omg.py",
+}
+ALLOW_DEPRECATED_MARKETPLACE = {
+    ROOT / "OMG-setup.sh",
+    ROOT / "scripts" / "check-omg-public-ready.py",
+}
+
+
+def _iter_files(root: Path, globs: list[str]) -> list[Path]:
+    files: list[Path] = []
+    for pattern in globs:
+        files.extend(path for path in root.glob(pattern) if path.is_file())
+    return sorted(set(files))
+
+
+def _read(path: Path) -> str:
+    return path.read_text(encoding="utf-8")
+
+
+def _find_text_violations(root: Path) -> list[str]:
+    violations: list[str] = []
+    for path in _iter_files(root, TEXT_GLOBS):
+        rel = path.relative_to(root)
+        content = _read(path)
+        if "/Users/" in content:
+            if path not in ALLOW_PATTERN_REFERENCES:
+                violations.append(f"{rel}: absolute local path found in public repo content")
+        if ".sisyphus/" in content:
+            if path not in ALLOW_PATTERN_REFERENCES:
+                violations.append(f"{rel}: stale internal path reference found (.sisyphus/)")
+        if "trac3r00/OAL" in content:
+            if path not in ALLOW_PATTERN_REFERENCES:
+                violations.append(f"{rel}: old repo identifier found (trac3r00/OAL)")
+        if "oh-advanced-layer" in content:
+            if path not in ALLOW_DEPRECATED_MARKETPLACE:
+                violations.append(f"{rel}: deprecated marketplace identifier found (oh-advanced-layer)")
+    return violations
+
+
+def _find_missing_docs(root: Path) -> list[str]:
+    violations: list[str] = []
+    for rel in REQUIRED_PUBLIC_DOCS:
+        if not (root / rel).exists():
+            violations.append(f"{rel}: missing required public doc")
+    return violations
+
+
+def _find_missing_templates(root: Path) -> list[str]:
+    violations: list[str] = []
+    for rel in REQUIRED_COMMUNITY_TEMPLATES:
+        if not (root / rel).exists():
+            violations.append(f"{rel}: missing required community template")
+    return violations
+
+
+def _find_internal_docs(root: Path) -> list[str]:
+    violations: list[str] = []
+    plans_dir = root / "docs" / "plans"
+    if plans_dir.exists() and any(path.is_file() for path in plans_dir.rglob("*")):
+        violations.append("docs/plans/: internal planning docs must not ship in public branch")
+    return violations
+
+
+def _normalize_link_target(raw: str) -> str:
+    target = raw.strip()
+    if target.startswith("<") and target.endswith(">"):
+        target = target[1:-1].strip()
+    return target
+
+
+def _is_relative_markdown_link(target: str) -> bool:
+    if not target:
+        return False
+    if target.startswith("#"):
+        return False
+    lowered = target.lower()
+    return not (
+        lowered.startswith("http://")
+        or lowered.startswith("https://")
+        or lowered.startswith("mailto:")
+        or lowered.startswith("data:")
+        or lowered.startswith("file:")
+        or target.startswith("/")
+    )
+
+
+def _link_target_exists(doc_path: Path, target: str) -> bool:
+    file_part = target.split("#", 1)[0].split("?", 1)[0]
+    if not file_part:
+        return True
+    resolved = (doc_path.parent / file_part).resolve()
+    return resolved.exists()
+
+
+def _find_broken_markdown_links(root: Path) -> list[str]:
+    violations: list[str] = []
+    for path in _iter_files(root, PUBLIC_DOC_GLOBS):
+        rel = path.relative_to(root)
+        content = _read(path)
+        for match in MARKDOWN_LINK_RE.finditer(content):
+            target = _normalize_link_target(match.group(1) or match.group(2) or "")
+            if not _is_relative_markdown_link(target):
+                continue
+            if not _link_target_exists(path, target):
+                violations.append(f"{rel}: broken markdown link -> {target}")
+    return violations
+
+
+def _is_loopback_host(hostname: str) -> bool:
+    lowered = hostname.strip().lower()
+    return lowered in {"localhost", "127.0.0.1", "::1"}
+
+
+def _find_proof_surface_violations(root: Path) -> list[str]:
+    violations: list[str] = []
+    proof_path = root / "docs" / "proof.md"
+    if not proof_path.exists():
+        violations.append("docs/proof.md: missing proof surface document")
+        return violations
+
+    content = _read(proof_path)
+    lowered = content.lower()
+    hardcoded_counts = bool(
+        re.search(r"\b\d+\s*/\s*\d+\b", lowered)
+        or re.search(r"\b\d+\s+(tests?|checks?|providers?)\s+(passed|pass|green|successful)\b", lowered)
+        or re.search(r"\ball\s+tests?\s+passed\b", lowered)
+    )
+    has_artifact_refs = any(
+        token in content
+        for token in (
+            ".omg/evidence/",
+            ".omg/evals/",
+            ".omg/tracebank/",
+            ".omg/lineage/",
+        )
+    )
+    if hardcoded_counts and not has_artifact_refs:
+        violations.append("docs/proof.md: prose-only proof counts found without machine artifact references")
+
+    if ".omg/evidence/doctor.json" not in content:
+        violations.append("docs/proof.md: missing doctor output artifact reference (.omg/evidence/doctor.json)")
+
+    for path in _iter_files(root, PUBLIC_DOC_GLOBS):
+        rel = path.relative_to(root)
+        for line in _read(path).splitlines():
+            if "production" not in line.lower():
+                continue
+            for url in HTTP_URL_RE.findall(line):
+                parsed = urlparse(url)
+                if parsed.scheme != "http":
+                    continue
+                host = parsed.hostname or ""
+                if host and not _is_loopback_host(host):
+                    violations.append(
+                        f"{rel}: production claim uses non-loopback HTTP endpoint ({url})"
+                    )
+    return violations
+
+
+def _find_doc_currency_violations(root: Path) -> list[str]:
+    violations: list[str] = []
+    changelog_path = root / "CHANGELOG.md"
+    if not changelog_path.exists():
+        violations.append("CHANGELOG.md: missing changelog file")
+        return violations
+
+    content = _read(changelog_path)
+    # Look for version in headers like ## [2.0.7] or ## 2.0.7
+    version_pattern = re.compile(rf"##\s*\[?{re.escape(CANONICAL_VERSION)}\]?")
+    if not version_pattern.search(content):
+        violations.append(
+            f"CHANGELOG.md: missing entry for current version {CANONICAL_VERSION}"
+        )
+    return violations
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Check OMG public-readiness hygiene")
+    parser.add_argument("--root", default=str(ROOT))
+    args = parser.parse_args()
+    root = Path(args.root).resolve()
+
+    violations = []
+    violations.extend(_find_missing_docs(root))
+    violations.extend(_find_missing_templates(root))
+    violations.extend(_find_internal_docs(root))
+    violations.extend(_find_text_violations(root))
+    violations.extend(_find_broken_markdown_links(root))
+    violations.extend(_find_proof_surface_violations(root))
+    violations.extend(_find_doc_currency_violations(root))
+    violations = sorted(set(violations))
+
+    if violations:
+        print(json.dumps({"status": "error", "violations": violations}, indent=2))
+        return 1
+
+    print(json.dumps({"status": "ok", "message": "public readiness check passed"}, indent=2))
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

package/scripts/check-omg-standalone-clean.py

@@ -0,0 +1,133 @@
+#!/usr/bin/env python3
+"""Check that standalone/OMG-first naming rules are preserved."""
+from __future__ import annotations
+
+import argparse
+import json
+from pathlib import Path
+import sys
+
+ROOT = Path(__file__).resolve().parents[1]
+
+# Paths where legacy aliases are explicitly allowed.
+ALLOW_COMPAT_CLI = {
+    ROOT / "commands" / "OMG:compat.md",
+    ROOT / "tests" / "scripts" / "test_omg_cli.py",
+    ROOT / "tests" / "scripts" / "test_standalone_clean_check.py",
+    ROOT / "scripts" / "check-omg-standalone-clean.py",
+    ROOT / ".github" / "workflows" / "omg-compat-gate.yml",
+    ROOT / ".github" / "workflows" / "publish-npm.yml",
+}
+
+ALLOW_LEGACY_MIGRATOR = {
+    ROOT / "scripts" / "migrate-legacy.py",
+    ROOT / "tests" / "e2e" / "test_standalone_ga.py",
+    ROOT / "scripts" / "check-omg-standalone-clean.py",
+}
+
+ALLOW_LEGACY_SNAPSHOT_CHECKER = {
+    ROOT / "scripts" / "check-omg-contract-snapshot.py",
+    ROOT / "tests" / "scripts" / "test_compat_snapshot_check.py",
+    ROOT / "scripts" / "check-omg-standalone-clean.py",
+}
+
+ALLOW_LEGACY_RUNTIME_IMPORT = {
+    ROOT / "tests" / "scripts" / "test_standalone_clean_check.py",
+    ROOT / "scripts" / "check-omg-standalone-clean.py",
+}
+
+ALLOW_INTERNAL_PYTHON_CLI_PREFIXES: list[str] = [
+    "package.json",
+    ".github/workflows/",
+    "tests/",
+    "scripts/",
+    "runtime/",
+    "hooks/",
+    "docs/migration/",
+    "docs/release-checklist.md",
+    ".sisyphus/",
+]
+
+PUBLIC_SURFACE_GLOBS = [
+    "README.md",
+    "docs/install/*.md",
+    "docs/command-surface.md",
+]
+
+SCAN_GLOBS = [
+    "README.md",
+    "OMG-setup.sh",
+    "install.sh",
+    "runtime/**/*.py",
+    "hooks/**/*.py",
+    "scripts/**/*.py",
+    "commands/**/*.md",
+    ".github/workflows/**/*.yml",
+    "tests/**/*.py",
+]
+
+
+def _iter_files(root: Path) -> list[Path]:
+    files: list[Path] = []
+    for pattern in SCAN_GLOBS:
+        files.extend(p for p in root.glob(pattern) if p.is_file())
+    # deterministic order
+    return sorted(set(files))
+
+
+def _contains(path: Path, token: str) -> bool:
+    return token in path.read_text(encoding="utf-8")
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Check OMG standalone naming hygiene")
+    parser.add_argument("--root", default=str(ROOT))
+    args = parser.parse_args()
+    root = Path(args.root).resolve()
+
+    violations: list[str] = []
+
+    deprecated_workflow = root / ".github" / "workflows" / "compat-gate.yml"
+    if deprecated_workflow.exists():
+        violations.append(f"deprecated workflow exists: {deprecated_workflow.relative_to(root)}")
+
+    for path in _iter_files(root):
+        rel = path.relative_to(root)
+
+        if _contains(path, "python3 scripts/omg.py compat ") or _contains(path, "python3 scripts/omg.py omc "):
+            if path not in ALLOW_COMPAT_CLI:
+                violations.append(f"{rel}: legacy CLI namespace used outside allowlist")
+
+        if _contains(path, "migrate-legacy.py"):
+            if path not in ALLOW_LEGACY_MIGRATOR:
+                violations.append(f"{rel}: legacy migrator path reference outside allowlist")
+
+        if _contains(path, "check-omg-contract-snapshot.py"):
+            if path not in ALLOW_LEGACY_SNAPSHOT_CHECKER:
+                violations.append(f"{rel}: legacy snapshot checker reference outside allowlist")
+
+        if _contains(path, "runtime.legacy_compat"):
+            if path not in ALLOW_LEGACY_RUNTIME_IMPORT:
+                violations.append(f"{rel}: legacy runtime import outside allowlist")
+
+    for pattern in PUBLIC_SURFACE_GLOBS:
+        for path in sorted(root.glob(pattern)):
+            if not path.is_file():
+                continue
+            rel = path.relative_to(root)
+            rel_str = str(rel)
+            if any(rel_str.startswith(pfx) or rel_str == pfx for pfx in ALLOW_INTERNAL_PYTHON_CLI_PREFIXES):
+                continue
+            if _contains(path, "python3 scripts/omg.py"):
+                violations.append(f"{rel}: public doc uses python3 scripts/omg.py instead of omg launcher")
+
+    if violations:
+        print(json.dumps({"status": "error", "violations": violations}, indent=2))
+        return 1
+
+    print(json.dumps({"status": "ok", "message": "standalone naming check passed"}, indent=2))
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

package/scripts/emit_host_parity.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+"""Emit host semantic parity report from compiled artifacts.
+
+Shared by omg-compat-gate and omg-release-readiness workflows to avoid
+duplicating the inline parity check logic.
+
+Usage:
+    python3 scripts/emit_host_parity.py --output-root artifacts/public --gate compat-workflow
+"""
+from __future__ import annotations
+
+import argparse
+import json
+import os
+from pathlib import Path
+
+from runtime.host_parity import check_parity, emit_parity_report
+
+
+def _load_json(path: Path) -> dict:
+    payload = json.loads(path.read_text(encoding="utf-8"))
+    if not isinstance(payload, dict):
+        raise SystemExit(f"expected JSON object in {path}")
+    return payload
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(description="Emit host semantic parity report")
+    parser.add_argument("--output-root", required=True, help="Root directory with compiled artifacts")
+    parser.add_argument("--gate", default="unknown", help="Gate identifier for context")
+    args = parser.parse_args()
+
+    output_root = Path(args.output_root)
+    run_id = os.environ.get("GITHUB_RUN_ID", args.gate)
+
+    outputs = {
+        "claude": {
+            "output": {"status": "ok", "compiled": True},
+            "source": {"kind": "compiled_artifact", "artifact_path": "settings.json"},
+            "exit_code": 0,
+        },
+        "codex": {
+            "output": {"status": "ok", "compiled": True},
+            "source": {"kind": "compiled_artifact", "artifact_path": ".agents/skills/omg/AGENTS.fragment.md"},
+            "exit_code": 0,
+        },
+        "gemini": {
+            "output": {"status": "ok", "compiled": True},
+            "source": {"kind": "compiled_artifact", "artifact_path": ".gemini/settings.json"},
+            "exit_code": 0,
+        },
+        "kimi": {
+            "output": {"status": "ok", "compiled": True},
+            "source": {"kind": "compiled_artifact", "artifact_path": ".kimi/mcp.json"},
+            "exit_code": 0,
+        },
+    }
+
+    # Hard requirement: parity must be backed by real compiled host artifacts.
+    _load_json(output_root / "settings.json")
+    (output_root / ".agents" / "skills" / "omg" / "AGENTS.fragment.md").read_text(encoding="utf-8")
+    _load_json(output_root / ".gemini" / "settings.json")
+    _load_json(output_root / ".kimi" / "mcp.json")
+
+    result = check_parity(outputs, context={"gate": f"{args.gate}-workflow"})
+    emit_parity_report(run_id, result, project_dir=str(output_root))
+    if not result.passed:
+        raise SystemExit(f"host semantic parity drift detected: {result.drift_details}")
+
+
+if __name__ == "__main__":
+    main()

package/scripts/legacy_to_omg_migrate.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+"""CLI utility: migrate legacy state into canonical `.omg` layout."""
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import sys
+from pathlib import Path
+
+ROOT = Path(__file__).resolve().parents[1]
+if str(ROOT) not in sys.path:
+    sys.path.insert(0, str(ROOT))
+
+from hooks.state_migration import migrate_legacy_to_omg  # noqa: E402
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Migrate legacy state to .omg")
+    parser.add_argument("--project-dir", default=os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd()))
+    args = parser.parse_args()
+
+    report = migrate_legacy_to_omg(args.project_dir)
+    print(json.dumps(report, indent=2))
+    return 0 if report.get("result") in {"ok", "no_legacy"} else 1
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())