@trac3r/oh-my-god 2.2.11

package/runtime/defense_state.py

@@ -0,0 +1,261 @@
+from __future__ import annotations
+
+from datetime import datetime, timezone
+import json
+import os
+from pathlib import Path
+from typing import Any
+
+
+_DEFENSE_STATE_REL_PATH = Path(".omg") / "state" / "defense_state" / "current.json"
+_CONTEXT_PRESSURE_REL_PATH = Path(".omg") / "state" / ".context-pressure.json"
+_UNTRUSTED_STATE_REL_PATH = Path(".omg") / "state" / "untrusted-content.json"
+_ACTIVE_RUN_REL_PATH = Path(".omg") / "shadow" / "active-run"
+_INTENT_GATE_REL_PATH = Path(".omg") / "state" / "intent_gate"
+
+_SAFE_STATE: dict[str, Any] = {
+    "risk_level": "low",
+    "injection_hits": 0,
+    "contamination_score": 0.0,
+    "overthinking_score": 0.0,
+    "premature_fixer_score": 0.0,
+    "clarification_sensitive": False,
+    "actions": [],
+    "updated_at": "",
+    "reasons": [],
+    "thresholds": {
+        "critical": {"injection_hits": 3, "contamination_score": 0.7},
+        "high": {"injection_hits": 1, "contamination_score": 0.4},
+        "medium": {"overthinking_score": 0.5, "premature_fixer_score": 0.5},
+    },
+    "context_pressure": {
+        "tool_count": 0,
+        "threshold": 0,
+        "is_high": False,
+    },
+    "trust_posture": "trusted",
+}
+
+
+class DefenseState:
+    def __init__(self, project_dir: str):
+        self.project_dir = Path(project_dir)
+        self.state_path = self.project_dir / _DEFENSE_STATE_REL_PATH
+
+    def update(
+        self,
+        *,
+        injection_hits: int = 0,
+        contamination_score: float = 0.0,
+        overthinking_score: float = 0.0,
+        premature_fixer_score: float | None = None,
+    ) -> dict[str, Any]:
+        pressure = self._read_json(self.project_dir / _CONTEXT_PRESSURE_REL_PATH)
+        pressure_tool_count = self._to_int(pressure.get("tool_count"), default=0)
+        pressure_threshold = self._to_int(pressure.get("threshold"), default=0)
+        pressure_ratio = 0.0
+        if pressure_threshold > 0:
+            pressure_ratio = pressure_tool_count / pressure_threshold
+        combined_overthinking = max(float(overthinking_score), pressure_ratio)
+        normalized_injection_hits = max(0, int(injection_hits))
+        normalized_contamination = self._clamp_score(contamination_score)
+        normalized_overthinking = self._clamp_score(combined_overthinking)
+
+        clarification = self._read_clarification_signal()
+        clarification_sensitive = bool(
+            clarification["requires_clarification"]
+            or clarification["intent_class"] == "ambiguous_config"
+        )
+        premature_fixer_score = self._compute_premature_fixer_score(
+            clarification_sensitive=clarification_sensitive,
+            requires_clarification=bool(clarification["requires_clarification"]),
+            confidence=self._to_float(clarification.get("confidence"), default=0.0),
+            injection_hits=normalized_injection_hits,
+            contamination_score=normalized_contamination,
+            overthinking_score=normalized_overthinking,
+        )
+        scanner_premature_fixer = self._clamp_score(premature_fixer_score)
+        premature_fixer_score = max(premature_fixer_score, scanner_premature_fixer)
+
+        trust_posture = self._read_trust_posture()
+        level, actions, reasons = self._score(
+            injection_hits=normalized_injection_hits,
+            contamination_score=normalized_contamination,
+            overthinking_score=normalized_overthinking,
+        )
+        if pressure_ratio >= 1.0:
+            reasons.append("context pressure is above configured threshold")
+
+        state: dict[str, Any] = {
+            "risk_level": level,
+            "injection_hits": normalized_injection_hits,
+            "contamination_score": normalized_contamination,
+            "overthinking_score": normalized_overthinking,
+            "premature_fixer_score": round(premature_fixer_score, 4),
+            "clarification_sensitive": clarification_sensitive,
+            "actions": actions,
+            "updated_at": datetime.now(timezone.utc).isoformat(),
+            "reasons": reasons,
+            "thresholds": {
+                "critical": {"injection_hits": 3, "contamination_score": 0.7},
+                "high": {"injection_hits": 1, "contamination_score": 0.4},
+                "medium": {"overthinking_score": 0.5, "premature_fixer_score": 0.5},
+            },
+            "context_pressure": {
+                "tool_count": pressure_tool_count,
+                "threshold": pressure_threshold,
+                "is_high": bool(pressure.get("is_high", False)),
+                "score": round(self._clamp_score(pressure_ratio), 4),
+            },
+            "trust_posture": trust_posture,
+            "action_recommendations": list(actions),
+        }
+        self._write_atomic(self.state_path, state)
+        return state
+
+    def read(self) -> dict[str, Any]:
+        payload = self._read_json(self.state_path)
+        if not payload:
+            return dict(_SAFE_STATE)
+        return {
+            "risk_level": str(payload.get("risk_level", "low")),
+            "injection_hits": self._to_int(payload.get("injection_hits"), default=0),
+            "contamination_score": self._clamp_score(payload.get("contamination_score", 0.0)),
+            "overthinking_score": self._clamp_score(payload.get("overthinking_score", 0.0)),
+            "premature_fixer_score": self._clamp_score(payload.get("premature_fixer_score", 0.0)),
+            "clarification_sensitive": bool(payload.get("clarification_sensitive", False)),
+            "actions": self._to_str_list(payload.get("actions")),
+            "updated_at": str(payload.get("updated_at", "")),
+            "reasons": self._to_str_list(payload.get("reasons")),
+            "thresholds": payload.get("thresholds", _SAFE_STATE["thresholds"]),
+            "context_pressure": payload.get("context_pressure", _SAFE_STATE["context_pressure"]),
+            "trust_posture": str(payload.get("trust_posture", "trusted")),
+            "action_recommendations": self._to_str_list(payload.get("action_recommendations")),
+        }
+
+    def _read_clarification_signal(self) -> dict[str, Any]:
+        active_run_path = self.project_dir / _ACTIVE_RUN_REL_PATH
+        if not active_run_path.exists():
+            return {"requires_clarification": False, "intent_class": "", "confidence": 0.0}
+
+        try:
+            run_id = active_run_path.read_text(encoding="utf-8").strip()
+        except OSError:
+            run_id = ""
+        if not run_id:
+            return {"requires_clarification": False, "intent_class": "", "confidence": 0.0}
+
+        intent_gate_path = self.project_dir / _INTENT_GATE_REL_PATH / f"{run_id}.json"
+        payload = self._read_json(intent_gate_path)
+        confidence = self._clamp_score(self._to_float(payload.get("confidence"), default=0.0))
+        return {
+            "requires_clarification": bool(payload.get("requires_clarification") is True),
+            "intent_class": str(payload.get("intent_class", "")).strip(),
+            "confidence": confidence,
+        }
+
+    def _compute_premature_fixer_score(
+        self,
+        *,
+        clarification_sensitive: bool,
+        requires_clarification: bool,
+        confidence: float,
+        injection_hits: int,
+        contamination_score: float,
+        overthinking_score: float,
+    ) -> float:
+        if not clarification_sensitive:
+            return 0.0
+
+        score = 0.0
+        if requires_clarification:
+            score += 0.2
+        score += min(0.2, self._clamp_score(confidence) * 0.2)
+        score += min(0.2, max(0, injection_hits) * 0.1)
+        score += min(0.2, self._clamp_score(contamination_score) * 0.25)
+        score += min(0.2, self._clamp_score(overthinking_score) * 0.25)
+        return self._clamp_score(score)
+
+    def _read_trust_posture(self) -> str:
+        payload = self._read_json(self.project_dir / _UNTRUSTED_STATE_REL_PATH)
+        scores = payload.get("trust_scores") if isinstance(payload, dict) else {}
+        if not isinstance(scores, dict):
+            return "trusted"
+
+        external_score = self._to_float(scores.get("external_content"), default=1.0)
+        if external_score <= 0.3:
+            return "untrusted"
+        if external_score < 1.0:
+            return "degraded"
+        return "trusted"
+
+    def _score(
+        self,
+        *,
+        injection_hits: int,
+        contamination_score: float,
+        overthinking_score: float,
+    ) -> tuple[str, list[str], list[str]]:
+        reasons: list[str] = []
+        if injection_hits >= 3 or contamination_score >= 0.7:
+            if injection_hits >= 3:
+                reasons.append("multiple prompt-injection signals detected")
+            if contamination_score >= 0.7:
+                reasons.append("contamination score exceeded critical threshold")
+            return "critical", ["block", "quarantine"], reasons
+
+        if injection_hits >= 1 or contamination_score >= 0.4:
+            if injection_hits >= 1:
+                reasons.append("prompt-injection signal detected")
+            if contamination_score >= 0.4:
+                reasons.append("contamination score exceeded high threshold")
+            return "high", ["warn", "flag"], reasons
+
+        if overthinking_score >= 0.5:
+            reasons.append("overthinking/cycle pressure exceeded medium threshold")
+            return "medium", ["throttle"], reasons
+
+        return "low", [], reasons
+
+    def _read_json(self, path: Path) -> dict[str, Any]:
+        if not path.exists():
+            return {}
+        try:
+            payload = json.loads(path.read_text(encoding="utf-8"))
+        except (OSError, json.JSONDecodeError):
+            return {}
+        return payload if isinstance(payload, dict) else {}
+
+    def _write_atomic(self, path: Path, payload: dict[str, Any]) -> None:
+        path.parent.mkdir(parents=True, exist_ok=True)
+        tmp_path = path.with_name(f"{path.name}.tmp")
+        tmp_path.write_text(json.dumps(payload, indent=2, ensure_ascii=True) + "\n", encoding="utf-8")
+        os.rename(tmp_path, path)
+
+    def _clamp_score(self, value: Any) -> float:
+        try:
+            parsed = float(value)
+        except (TypeError, ValueError):
+            return 0.0
+        if parsed < 0:
+            return 0.0
+        if parsed > 1:
+            return 1.0
+        return parsed
+
+    def _to_int(self, value: Any, *, default: int) -> int:
+        try:
+            return int(value)
+        except (TypeError, ValueError):
+            return default
+
+    def _to_float(self, value: Any, *, default: float) -> float:
+        try:
+            return float(value)
+        except (TypeError, ValueError):
+            return default
+
+    def _to_str_list(self, value: Any) -> list[str]:
+        if not isinstance(value, list):
+            return []
+        return [str(item) for item in value]

package/runtime/delta_classifier.py

@@ -0,0 +1,231 @@
+"""Repo-aware change classification for routing and policy attachment."""
+from __future__ import annotations
+
+from pathlib import Path
+import subprocess
+from typing import Any
+
+from runtime.canonical_surface import RELEASE_SURFACE_LABELS
+
+
+_CATEGORY_RULES: dict[str, tuple[str, ...]] = {
+    "auth": ("auth", "token", "secret", "login", "credential"),
+    "payment": ("payment", "billing", "invoice", "stripe", "checkout"),
+    "db": ("migration", "schema", "database", "sql", "postgres", "mysql"),
+    "infra": ("terraform", ".tf", "deploy", "helm", "k8s", "docker"),
+    "api": ("openapi", "swagger", "postman", "endpoint", "api"),
+    "data": ("dataset", "lineage", "privacy", "warehouse", "etl"),
+    "compliance": ("gdpr", "hipaa", "pci", "soc2", "privacy"),
+    "robotics": ("robot", "actuator", "sensor", "simulator"),
+    "vision": ("vision", "image", "camera", "cv"),
+    "health": ("health", "patient", "clinical", "medical"),
+    "algorithms": ("algorithm", "benchmark", "determinism", "complexity"),
+}
+
+_DOCS_SUFFIXES: tuple[str, ...] = (
+    ".md",
+    ".mdx",
+    ".rst",
+    ".txt",
+)
+
+_DOCS_PATH_HINTS: tuple[str, ...] = (
+    "docs/",
+    "readme",
+    "changelog",
+)
+
+_SECURITY_CATEGORY_HINTS: tuple[str, ...] = (
+    "auth",
+    "payment",
+    "db",
+    "infra",
+    "compliance",
+    "health",
+)
+
+_SECURITY_TOKENS: tuple[str, ...] = (
+    "security",
+    "secret",
+    "vulnerability",
+    "audit",
+    "hardening",
+)
+
+_RELEASE_TOKENS: tuple[str, ...] = (
+    "release",
+    "publish",
+    "ship",
+    "cut tag",
+    "version bump",
+)
+
+_FORGE_TOKENS: tuple[str, ...] = (
+    "forge",
+    "prototype",
+    "evaluation run",
+    "lab job",
+)
+
+_EVIDENCE_PROFILES = RELEASE_SURFACE_LABELS["evidence_profiles"]
+
+
+def classify_project_changes(
+    project_dir: str,
+    *,
+    touched_files: list[str] | None = None,
+    goal: str = "",
+) -> dict[str, Any]:
+    files = touched_files if touched_files is not None else _discover_files(project_dir)
+    manifest_names = sorted(path.name for path in Path(project_dir).glob("*") if path.is_file())
+    haystacks = [goal.lower(), *[file.lower() for file in files], *[name.lower() for name in manifest_names]]
+
+    categories = {
+        category
+        for category, tokens in _CATEGORY_RULES.items()
+        if any(token in haystack for token in tokens for haystack in haystacks)
+    }
+    if not categories:
+        categories.add("implementation")
+
+    sorted_categories = sorted(categories)
+    result = {
+        "schema": "DeltaClassification",
+        "project_dir": project_dir,
+        "goal": goal,
+        "categories": sorted_categories,
+        "evidence_profile": _classify_evidence_profile(goal=goal, touched_files=files, categories=sorted_categories),
+        "touched_files": files,
+        "manifests": manifest_names,
+    }
+    return result
+
+
+_RISK_LEVEL_BY_CATEGORY: dict[str, str] = {
+    "auth": "critical",
+    "payment": "critical",
+    "compliance": "critical",
+    "health": "critical",
+    "db": "high",
+    "infra": "high",
+    "api": "high",
+    "security": "high",
+    "data": "medium",
+    "robotics": "medium",
+    "vision": "medium",
+    "algorithms": "low",
+}
+_REQUIRED_GATES_BY_RISK: dict[str, tuple[str, ...]] = {
+    "critical": ("claim_judge", "security_check", "proof_gate", "test_intent_lock", "compliance_governor"),
+    "high": ("claim_judge", "proof_gate", "test_intent_lock"),
+    "medium": ("claim_judge", "proof_gate"),
+    "low": ("claim_judge",),
+}
+_REQUIRED_BUNDLES_BY_RISK: dict[str, tuple[str, ...]] = {
+    "critical": ("security-check", "hook-governor", "proof-gate", "test-intent-lock"),
+    "high": ("proof-gate", "test-intent-lock"),
+    "medium": ("proof-gate",),
+    "low": (),
+}
+
+
+def compute_pr_risk_payload(
+    *,
+    changed_files: list[str],
+    categories: list[str],
+    goal: str = "",
+    evidence: dict[str, Any] | None = None,
+) -> dict[str, Any]:
+    category_risks = [_RISK_LEVEL_BY_CATEGORY.get(c, "low") for c in categories]
+    risk_order = ("low", "medium", "high", "critical")
+    max_risk = max(category_risks, key=lambda r: risk_order.index(r)) if category_risks else "low"
+
+    required_gates = list(_REQUIRED_GATES_BY_RISK.get(max_risk, ()))
+    required_bundles = list(_REQUIRED_BUNDLES_BY_RISK.get(max_risk, ()))
+
+    blockers: list[str] = []
+    if evidence is not None:
+        for gate in required_gates:
+            if gate not in evidence or not evidence[gate]:
+                blockers.append(f"Missing required gate evidence: {gate}")
+
+    runtime_touches = [
+        f for f in changed_files
+        if any(seg in f.lower() for seg in ("runtime/", "hooks/", "scripts/", "registry/"))
+    ]
+    if runtime_touches and "test_intent_lock" not in required_gates:
+        required_gates.append("test_intent_lock")
+        blockers.append("Runtime/hook changes require test_intent_lock evidence")
+
+    return {
+        "schema": "PrRiskPayload",
+        "risk_level": max_risk,
+        "changed_areas": sorted(categories),
+        "runtime_touches": runtime_touches,
+        "required_gates": required_gates,
+        "required_bundles": required_bundles,
+        "blockers": blockers,
+        "goal": goal,
+    }
+
+
+def _classify_evidence_profile(*, goal: str, touched_files: list[str], categories: list[str]) -> str:
+    lowered_goal = goal.lower()
+    lowered_files = [path.lower() for path in touched_files]
+
+    if _contains_any(lowered_goal, _RELEASE_TOKENS) or any(_contains_any(path, _RELEASE_TOKENS) for path in lowered_files):
+        return _EVIDENCE_PROFILES["release"]
+
+    if _contains_any(lowered_goal, _FORGE_TOKENS) or any(_contains_any(path, _FORGE_TOKENS) for path in lowered_files):
+        return _EVIDENCE_PROFILES["forge_run"]
+
+    if set(categories) & set(_SECURITY_CATEGORY_HINTS):
+        return _EVIDENCE_PROFILES["security_audit"]
+    if _contains_any(lowered_goal, _SECURITY_TOKENS) or any(_contains_any(path, _SECURITY_TOKENS) for path in lowered_files):
+        return _EVIDENCE_PROFILES["security_audit"]
+
+    if lowered_files and all(_is_docs_file(path) for path in lowered_files):
+        return _EVIDENCE_PROFILES["docs_only"]
+
+    return _EVIDENCE_PROFILES["code_change"]
+
+
+def _is_docs_file(path: str) -> bool:
+    lowered = path.lower()
+    if lowered.endswith(_DOCS_SUFFIXES):
+        return True
+    return any(hint in lowered for hint in _DOCS_PATH_HINTS)
+
+
+def _contains_any(haystack: str, needles: tuple[str, ...]) -> bool:
+    return any(token in haystack for token in needles)
+
+
+def _discover_files(project_dir: str) -> list[str]:
+    root = Path(project_dir)
+    git_dir = root / ".git"
+    if git_dir.exists():
+        proc = subprocess.run(
+            ["git", "diff", "--name-only", "HEAD"],
+            cwd=str(root),
+            capture_output=True,
+            text=True,
+            check=False,
+            timeout=10,
+        )
+        if proc.returncode == 0:
+            files = [line.strip() for line in proc.stdout.splitlines() if line.strip()]
+            if files:
+                return files
+
+    discovered: list[str] = []
+    for path in sorted(root.rglob("*")):
+        if not path.is_file():
+            continue
+        rel = path.relative_to(root).as_posix()
+        if rel.startswith(".omg/"):
+            continue
+        discovered.append(rel)
+        if len(discovered) >= 32:
+            break
+    return discovered

package/runtime/dispatcher.py

@@ -0,0 +1,47 @@
+"""Runtime dispatch orchestration for OMG v1 adapters."""
+from __future__ import annotations
+
+from typing import Any
+
+from runtime.adapters import get_adapters
+from runtime.business_workflow import build_business_workflow_result
+
+
+def dispatch_runtime(runtime: str, idea: dict[str, Any]) -> dict[str, Any]:
+    adapters = get_adapters()
+    adapter = adapters.get(runtime)
+    if adapter is None:
+        return {
+            "status": "error",
+            "error_code": "RUNTIME_NOT_FOUND",
+            "runtime": runtime,
+            "message": f"Unknown runtime: {runtime}",
+        }
+
+    try:
+        plan = adapter.plan(idea)
+        execution = adapter.execute(plan)
+        verification = adapter.verify(execution)
+        evidence = adapter.collect_evidence(verification)
+        business_workflow = build_business_workflow_result(
+            idea=idea,
+            plan=plan,
+            execution=execution,
+            verification=verification,
+        )
+        return {
+            "status": "ok",
+            "runtime": runtime,
+            "plan": plan,
+            "execution": execution,
+            "verification": verification,
+            "evidence": evidence,
+            "business_workflow": business_workflow,
+        }
+    except Exception as exc:  # pragma: no cover - defensive guard
+        return {
+            "status": "error",
+            "error_code": "RUNTIME_EXECUTION_FAILED",
+            "runtime": runtime,
+            "message": str(exc),
+        }