@trac3r/oh-my-god 2.2.11

package/lab/policies.py

@@ -0,0 +1,52 @@
+"""Policy checks for OMG lab train/eval pipeline."""
+from __future__ import annotations
+
+from typing import Any
+
+
+ALLOWED_LICENSES = {"apache-2.0", "mit", "bsd-3-clause", "cc-by-4.0"}
+BLOCKED_SOURCE_TOKENS = {"unknown", "leaked", "stolen", "unauthorized", "pirated"}
+
+
+def validate_dataset_source(dataset: dict[str, Any]) -> tuple[bool, str]:
+    license_name = str(dataset.get("license", "")).lower()
+    source = str(dataset.get("source", "")).lower()
+
+    if not license_name:
+        return False, "dataset license missing"
+    if license_name not in ALLOWED_LICENSES:
+        return False, f"dataset license not allowed: {license_name}"
+    if any(token in source for token in BLOCKED_SOURCE_TOKENS):
+        return False, "dataset source violates policy"
+    return True, "ok"
+
+
+def validate_model_source(model: dict[str, Any]) -> tuple[bool, str]:
+    source = str(model.get("source", "")).lower()
+    allow_distill = bool(model.get("allow_distill", False))
+
+    if any(token in source for token in BLOCKED_SOURCE_TOKENS):
+        return False, "model source violates policy"
+    if not allow_distill:
+        return False, "model source disallows distillation"
+    return True, "ok"
+
+
+def validate_job_request(job: dict[str, Any]) -> tuple[bool, str]:
+    dataset = job.get("dataset")
+    model = job.get("base_model")
+
+    if not isinstance(dataset, dict):
+        return False, "dataset block missing"
+    if not isinstance(model, dict):
+        return False, "base_model block missing"
+
+    ok, reason = validate_dataset_source(dataset)
+    if not ok:
+        return False, reason
+
+    ok, reason = validate_model_source(model)
+    if not ok:
+        return False, reason
+
+    return True, "ok"

package/lab/pybullet_adapter.py

@@ -0,0 +1,192 @@
+from __future__ import annotations
+
+import hashlib
+import importlib.util
+import json
+import random
+import uuid
+from pathlib import Path
+from time import monotonic
+from typing import Any
+
+ADAPTER_NAME = "pybullet"
+ADAPTER_KIND = "simulator"
+
+VALID_STATUSES = frozenset({"dry_run_contract", "skipped_unavailable_backend", "invoked", "error"})
+
+
+def _check_pybullet_available() -> bool:
+    return importlib.util.find_spec("pybullet") is not None
+
+
+def _compute_fingerprint(job: dict[str, Any]) -> str | None:
+    try:
+        return hashlib.sha256(json.dumps(job, sort_keys=True).encode()).hexdigest()[:16]
+    except (TypeError, ValueError):
+        return None
+
+
+def _validate_job(job: dict[str, Any]) -> tuple[bool, str]:
+    if not job:
+        return False, "invalid job: missing required fields"
+    if "domain" not in job:
+        return False, "invalid job: missing required field 'domain'"
+    return True, ""
+
+
+def _derive_seed(job: dict[str, Any], run_id: str) -> int:
+    explicit = job.get("seed")
+    if isinstance(explicit, int):
+        return explicit
+    material = json.dumps({"run_id": run_id, "job": _compute_fingerprint(job)}, sort_keys=True)
+    return int(hashlib.sha256(material.encode("utf-8")).hexdigest()[:8], 16)
+
+
+def _bounded_steps(job: dict[str, Any]) -> int:
+    raw = job.get("max_steps", 32)
+    try:
+        return max(1, min(int(raw), 256))
+    except (TypeError, ValueError):
+        return 32
+
+
+def _run_bounded_local_episode(*, job: dict[str, Any], seed: int, timeout_seconds: int) -> dict[str, Any]:
+    p = importlib.import_module("pybullet")
+
+    _ = max(1, timeout_seconds)
+    started = monotonic()
+    steps = _bounded_steps(job)
+    client = p.connect(p.DIRECT)
+    rng = random.Random(seed)
+    reward = 0.0
+    try:
+        p.setGravity(0.0, 0.0, -9.81, physicsClientId=client)
+        for _idx in range(steps):
+            p.stepSimulation(physicsClientId=client)
+            reward += rng.uniform(-0.05, 0.25)
+    finally:
+        p.disconnect(physicsClientId=client)
+    return {
+        "steps": steps,
+        "reward": round(reward, 6),
+        "duration_ms": int((monotonic() - started) * 1000),
+        "seed": seed,
+        "backend_version": getattr(p, "__version__", "unknown"),
+    }
+
+
+def run(
+    job: dict[str, Any],
+    *,
+    backend_mode: str = "preflight",
+    run_id: str | None = None,
+    timeout_seconds: int = 30,
+    sandbox_root: str = ".",
+) -> dict[str, Any]:
+    active_run_id = run_id or str(uuid.uuid4())
+
+    ok, validation_reason = _validate_job(job)
+    seed = _derive_seed(job, active_run_id)
+    available = _check_pybullet_available()
+    base_result: dict[str, Any] = {
+        "adapter": ADAPTER_NAME,
+        "kind": ADAPTER_KIND,
+        "backend": "pybullet",
+        "run_id": active_run_id,
+        "seed": seed,
+        "episode_stats": {
+            "steps": 0,
+            "reward": 0.0,
+            "duration_ms": 0,
+        },
+        "replay_metadata": {
+            "run_id": active_run_id,
+            "seed": seed,
+            "backend_version": "unavailable",
+        },
+    }
+
+    if not ok:
+        return {
+            **base_result,
+            "status": "error",
+            "available": False,
+            "reason": validation_reason,
+            "simulator_steps": None,
+            "replay_evidence": None,
+        }
+
+    if backend_mode == "preflight":
+        if available:
+            status = "dry_run_contract"
+            reason = "preflight mode: backend available but execution not requested"
+        else:
+            status = "skipped_unavailable_backend"
+            reason = "pybullet not installed"
+        return {
+            **base_result,
+            "status": status,
+            "available": available,
+            "reason": reason,
+            "simulator_steps": 0,
+            "replay_evidence": None,
+        }
+
+    if backend_mode == "live":
+        if not available:
+            return {
+                **base_result,
+                "status": "skipped_unavailable_backend",
+                "available": False,
+                "reason": "pybullet not installed",
+                "simulator_steps": 0,
+                "replay_evidence": None,
+            }
+
+        try:
+            sandbox_path = Path(sandbox_root)
+            sandbox_path.mkdir(parents=True, exist_ok=True)
+            episode = _run_bounded_local_episode(job=job, seed=seed, timeout_seconds=timeout_seconds)
+            replay_metadata = {
+                "run_id": active_run_id,
+                "seed": seed,
+                "backend_version": str(episode.get("backend_version", "unknown")),
+            }
+            episode_stats = {
+                "steps": int(episode.get("steps", 0)),
+                "reward": float(episode.get("reward", 0.0)),
+                "duration_ms": int(episode.get("duration_ms", 0)),
+            }
+            return {
+                **base_result,
+                "status": "invoked",
+                "available": True,
+                "reason": "live execution dispatched to pybullet backend",
+                "episode_stats": episode_stats,
+                "replay_metadata": replay_metadata,
+                "simulator_steps": episode_stats["steps"],
+                "replay_evidence": {
+                    "steps": episode_stats["steps"],
+                    "scenario": "bounded_local_episode",
+                    "deterministic": True,
+                    "seed": seed,
+                },
+            }
+        except Exception as exc:  # noqa: BLE001
+            return {
+                **base_result,
+                "status": "error",
+                "available": available,
+                "reason": f"live execution failed: {exc}",
+                "simulator_steps": None,
+                "replay_evidence": None,
+            }
+
+    return {
+        **base_result,
+        "status": "error",
+        "available": available,
+        "reason": f"unknown backend_mode: {backend_mode!r}",
+        "simulator_steps": None,
+        "replay_evidence": None,
+    }

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@trac3r/oh-my-god",
+  "version": "2.2.11",
+  "description": "OMG (Oh My God) — Multi-agent orchestration, evidence-backed verification, and durable session state for Claude Code, Codex, and supported agent hosts",
+  "main": "OMG-setup.sh",
+  "bin": {
+    "omg": "bin/omg"
+  },
+  "files": [
+    "bin/",
+    "scripts/",
+    "runtime/",
+    "registry/",
+    "hooks/",
+    "commands/",
+    "agents/",
+    "lab/",
+    "plugins/",
+    "tools/",
+    "hud/",
+    "docs/install/",
+    "docs/proof.md",
+    "docs/command-surface.md",
+    "README.md",
+    "QUICK-REFERENCE.md",
+    "INSTALL-VERIFICATION-INDEX.md",
+    "OMG-setup.sh",
+    "settings.json",
+    "pyproject.toml",
+    "CHANGELOG.md"
+  ],
+  "scripts": {
+    "postinstall": "python3 scripts/omg.py install --plan",
+    "update": "./OMG-setup.sh update",
+    "uninstall": "./OMG-setup.sh uninstall",
+    "test": "python3 -m pytest tests/ -x -q"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "orchestration",
+    "multi-agent",
+    "ai",
+    "llm",
+    "codex",
+    "gemini"
+  ],
+  "author": "trac3r00",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/trac3r00/OMG.git"
+  },
+  "bugs": {
+    "url": "https://github.com/trac3r00/OMG/issues"
+  },
+  "homepage": "https://github.com/trac3r00/OMG#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/plugins/README.md

@@ -0,0 +1,78 @@
+# OMG Commands
+
+OMG exposes a launcher-first front door and keeps the rest of the surface available as advanced plugins.
+
+## Launcher-First Install
+
+> **Prerequisites**: macOS or Linux, Node >=18, Python >=3.10
+
+```bash
+npx omg env doctor
+npx omg install --plan
+npx omg install --apply
+npx omg ship
+```
+
+Local package-manager installs only link `omg` into `node_modules/.bin/`; configuration changes still require an explicit `npx omg install --apply`.
+
+## Native Plugin Entry Points
+
+| Command | Description |
+|---------|-------------|
+| `/OMG:ship` | Ship — Idea to Evidence to PR |
+| `/OMG:browser` | Canonical browser automation and verification surface |
+
+## Core Commands
+
+| Command | Description |
+|---------|-------------|
+| `/OMG:init` | Initialize project or domain |
+| `/OMG:escalate` | Route to Codex, Gemini, or CCG |
+| `/OMG:teams` | Team routing for internal OMG execution |
+| `/OMG:ccg` | Tri-track synthesis |
+| `/OMG:security-check` | Canonical security pipeline |
+| `/OMG:api-twin` | Contract replay and fixture-based API simulation |
+| `/OMG:preflight` | Structured route selection and evidence planning |
+| `/OMG:browser` | Browser automation and verification powered by the upstream Playwright CLI |
+| `/OMG:compat` | Legacy compatibility routing |
+| `/OMG:health-check` | Verify setup and tool integration |
+| `/OMG:mode` | Set cognitive mode for the session |
+
+## Advanced Commands
+
+| Command | Category | Description |
+|---------|----------|-------------|
+| `/OMG:deep-plan` | Planning | Strategic planning with domain awareness (compatibility path to `plan-council`) |
+| `/OMG:learn` | Knowledge | Convert patterns into OMG-native instincts and skills |
+| `/OMG:code-review` | Quality | Deep review flow |
+| `/OMG:ship` | Delivery | Idea to evidence to release |
+| `/OMG:handoff` | Collaboration | Session transfer and continuity |
+| `/OMG:maintainer` | OSS | Open-source maintainer workflows |
+| `/OMG:sequential-thinking` | Thinking | Structured multi-step reasoning |
+| `/OMG:ralph-start` | Automation | Start Ralph autonomous loop |
+| `/OMG:ralph-stop` | Automation | Stop Ralph autonomous loop |
+
+## Plugin Layout
+
+```text
+plugins/
+  core/
+    commands/
+    plugin.json
+  advanced/
+    commands/
+    plugin.json
+```
+
+## Adoption Notes
+
+Restricted environments / air-gapped fallback: `/OMG:setup` and `OMG-setup.sh` remain available when launcher-first install cannot mutate host configuration directly. `compat` remains focused on legacy skill routing.
+
+`/OMG:playwright` remains available as a compatibility alias to `/OMG:browser`.
+
+## Public Docs
+
+- Install guides live in [docs/install/claude-code.md](../docs/install/claude-code.md) and [docs/install/codex.md](../docs/install/codex.md).
+- Proof surface lives in [docs/proof.md](../docs/proof.md).
+- Quick reference lives in [QUICK-REFERENCE.md](../QUICK-REFERENCE.md).
+- Install verification lives in [INSTALL-VERIFICATION-INDEX.md](../INSTALL-VERIFICATION-INDEX.md).

package/plugins/__init__.py

@@ -0,0 +1 @@
+"""OMG plugin packages."""

package/plugins/advanced/commands/OMG-code-review.md

@@ -0,0 +1,114 @@
+---
+description: Deep code review — reads file completely, checks line-by-line for issues, then analyzes whole-file structure. Enforces code hygiene.
+allowed-tools: Read, Bash(cat:*), Bash(grep:*), Bash(wc:*), Bash(head:*), Bash(find:*), Bash(rg:*), Grep, Glob
+argument-hint: "[file path or 'recent' for git-changed files]"
+---
+
+# /OMG:code-review — Line-by-Line + Structural Review
+
+## Philosophy
+Two passes: LINE-BY-LINE precision, then WHOLE-FILE understanding.
+Don't just scan — READ and UNDERSTAND every line.
+
+## Step 1: Determine Scope
+
+- If file specified: review that file
+- If "recent" or no argument: review uncommitted changes
+  ```bash
+  git diff --name-only HEAD 2>/dev/null
+  git diff --cached --name-only 2>/dev/null
+  ```
+
+## Step 2: Read the FULL File First
+
+Read the ENTIRE file. Not just the changed part. Not just a function.
+Understanding comes from seeing the whole context.
+
+Note:
+- What does this file DO? (its purpose in the system)
+- What are its DEPENDENCIES? (imports, calls)
+- What does it EXPORT? (public API)
+
+## Step 3: Line-by-Line Scan
+
+For each line, check:
+
+**Correctness:**
+- Logic errors (off-by-one, null checks, type mismatches)
+- Missing error handling (unhandled promises, bare except, no null check)
+- Race conditions (shared state, async without await, unchecked concurrent access)
+
+**Security (if auth/payment/database):**
+- Hardcoded secrets → CRITICAL
+- SQL injection (string concatenation in queries) → CRITICAL
+- XSS (innerHTML, dangerouslySetInnerHTML) → HIGH
+- Missing input validation → MEDIUM
+- Overly permissive CORS/cookies → MEDIUM
+
+**Hygiene:**
+- Dead code (unused imports, variables, unreachable branches)
+- Noise comments ("increment i", "return result", "constructor")
+- console.log/print left in production code
+- TODO/FIXME/HACK without tracking
+- Overly complex functions (>40 lines → suggest extract)
+- Duplicated logic (same pattern in 2+ places → suggest DRY)
+
+## Step 4: Whole-File Structure Analysis
+
+After line-by-line:
+- Does the file do ONE thing well, or is it a dumping ground?
+- Are functions ordered logically? (public first, helpers after, or lifecycle order)
+- Is naming consistent? (camelCase throughout? PascalCase for classes?)
+- Does it follow the project's domain pattern? (check .omg/knowledge/domain-patterns/)
+- Any circular dependencies?
+- Is error handling consistent across all functions?
+
+## Step 5: Report
+
+```
+Code Review — [file]
+━━━━━━━━━━━━━━━━━━━━
+
+Structure: [CLEAN | NEEDS_WORK | MESSY]
+Security:  [SAFE | REVIEW_NEEDED | CRITICAL]
+Hygiene:   [CLEAN | NEEDS_CLEANUP]
+
+Issues:
+  [line:col] CRITICAL: [description]
+  [line:col] HIGH: [description]
+  [line:col] MEDIUM: [description]
+  [line:col] LOW: [description]
+
+Dead Code:
+  [line] unused import: [name]
+  [line] unreachable after return
+
+Noise Comments (remove these):
+  [line] "// increment counter"
+  [line] "// return the value"
+
+Structural:
+  - [function] is [N] lines — consider extracting [suggestion]
+  - [pattern] duplicated at lines [X] and [Y]
+
+Recommendation: [summary of what to fix, in priority order]
+```
+
+## Step 6: For Security-Critical Files
+
+If the file touches auth, payment, or database:
+```
+/OMG:escalate codex "Line-by-line security review of [file]. Check:
+1. Every input validation point
+2. Every database query for injection
+3. Every auth check for bypass
+4. Every secret reference for hardcoding
+Report: line numbers + severity + fix suggestion"
+```
+
+## Anti-patterns
+- DON'T skim and say "looks good" — read every line
+- DON'T only check the diff — read the full file for context
+- DON'T ignore test files — they can have real issues too
+- DON'T add more noise comments as "fixes" — remove them instead
+- DON'T suggest unnecessary code as improvements