@trac3r/oh-my-god 2.2.11

package/commands/OMG:deps.md

@@ -0,0 +1,248 @@
+---
+description: "Scan project dependencies for CVEs, license issues, and outdated packages."
+allowed-tools: Read, Bash(python*:*), Grep
+argument-hint: "[cves|licenses|outdated]"
+---
+
+# /OMG:deps — Dependency Health
+
+Scan project dependencies for CVEs, license compatibility issues, and outdated packages.
+
+## Usage
+
+```
+/OMG:deps
+/OMG:deps cves
+/OMG:deps licenses
+/OMG:deps outdated
+```
+
+## Sub-Commands
+
+### `/OMG:deps` (default)
+
+Full dependency health report combining CVE scan, license check, and outdated package detection.
+
+Detects manifest files (package.json, requirements.txt, Cargo.toml, go.mod, Gemfile, pyproject.toml), then runs all three checks and prints a unified summary.
+
+```python
+from plugins.dephealth.manifest_detector import detect_manifests
+from plugins.dephealth.cve_scanner import scan_for_cves
+from plugins.dephealth.license_checker import check_license_compatibility
+from plugins.dephealth.vuln_analyzer import analyze_reachability
+
+deps = detect_manifests(".")
+dep_dicts = [{"name": p.name, "version": p.version, "ecosystem": p.ecosystem} for p in deps.packages]
+
+# CVE scan
+cve_result = scan_for_cves(dep_dicts, ".")
+reachability = analyze_reachability(cve_result, ".")
+
+# License check
+license_result = check_license_compatibility(dep_dicts, ".")
+
+# Summary
+print(f"Manifests:     {len(deps.manifests)} detected")
+print(f"Packages:      {len(deps.packages)} total")
+print(f"CVEs found:    {cve_result.get('total_vulns', 0)}")
+print(f"  Critical:    {cve_result.get('by_severity', {}).get('CRITICAL', 0)}")
+print(f"  High:        {cve_result.get('by_severity', {}).get('HIGH', 0)}")
+print(f"Reachable:     {sum(1 for v in reachability.get('results', []) if v.get('reachability') == 'direct')}")
+print(f"License issues: {license_result.get('issue_count', 0)}")
+```
+
+### `/OMG:deps cves`
+
+CVE scan results only. Queries the OSV batch API for known vulnerabilities in project dependencies.
+
+Results include severity classification (CRITICAL/HIGH/MODERATE/LOW) and reachability analysis showing whether vulnerable code paths are actually imported.
+
+```python
+from plugins.dephealth.manifest_detector import detect_manifests
+from plugins.dephealth.cve_scanner import scan_for_cves
+from plugins.dephealth.vuln_analyzer import analyze_reachability
+
+deps = detect_manifests(".")
+dep_dicts = [{"name": p.name, "version": p.version, "ecosystem": p.ecosystem} for p in deps.packages]
+
+cve_result = scan_for_cves(dep_dicts, ".")
+reachability = analyze_reachability(cve_result, ".")
+
+print(f"Packages scanned: {len(dep_dicts)}")
+print(f"Vulnerabilities:  {cve_result.get('total_vulns', 0)}")
+print()
+
+for vuln in cve_result.get("vulnerabilities", []):
+    reach = next((r for r in reachability.get("results", []) if r.get("cve_id") == vuln.get("id")), {})
+    reach_label = reach.get("reachability", "unknown")
+    risk = reach.get("risk", "unknown")
+    print(f"  [{vuln.get('severity', 'UNKNOWN')}] {vuln.get('id')}")
+    print(f"    Package:      {vuln.get('package')}")
+    print(f"    Fixed in:     {vuln.get('fixed_version', 'N/A')}")
+    print(f"    Reachability: {reach_label}")
+    print(f"    Risk:         {risk}")
+    if reach.get("recommendation"):
+        print(f"    Action:       {reach['recommendation']}")
+    print()
+```
+
+### `/OMG:deps licenses`
+
+License compatibility report only. Checks each dependency's license against a tiered compatibility model.
+
+Tiers: permissive (MIT, Apache-2.0, BSD) > weak-copyleft (LGPL, MPL) > copyleft (GPL, AGPL). Flags packages with copyleft or unknown licenses.
+
+```python
+from plugins.dephealth.manifest_detector import detect_manifests
+from plugins.dephealth.license_checker import check_license_compatibility
+
+deps = detect_manifests(".")
+dep_dicts = [{"name": p.name, "version": p.version, "ecosystem": p.ecosystem} for p in deps.packages]
+
+result = check_license_compatibility(dep_dicts, ".")
+
+print(f"Packages checked: {len(dep_dicts)}")
+print(f"License issues:   {result.get('issue_count', 0)}")
+print()
+
+for pkg in result.get("packages", []):
+    tier = pkg.get("tier", "unknown")
+    marker = "!!" if tier in ("copyleft", "unknown") else "  "
+    print(f"  {marker} {pkg.get('name')}: {pkg.get('license', 'UNKNOWN')} ({tier})")
+
+if result.get("issues"):
+    print()
+    print("Issues:")
+    for issue in result["issues"]:
+        print(f"  - {issue}")
+```
+
+### `/OMG:deps outdated`
+
+List packages with newer versions available. Compares locked versions against latest published versions.
+
+```python
+from plugins.dephealth.manifest_detector import detect_manifests
+
+deps = detect_manifests(".")
+
+print(f"Manifests: {len(deps.manifests)}")
+print(f"Packages:  {len(deps.packages)}")
+print()
+
+print(f"{'Package':<40} {'Current':>12} {'Ecosystem':<12}")
+print("-" * 66)
+for pkg in deps.packages:
+    version = pkg.version or "unpinned"
+    print(f"  {pkg.name:<38} {version:>12} {pkg.ecosystem:<12}")
+
+print()
+print("Note: Outdated detection requires network access to registry APIs.")
+print("Packages listed above are from detected manifests.")
+```
+
+## Feature Flag
+
+- **Flag name**: `OMG_DEP_HEALTH_ENABLED`
+- **Default**: `False` (disabled)
+- **Enable**: `export OMG_DEP_HEALTH_ENABLED=1`
+
+Or set in `settings.json`:
+
+```json
+{
+  "_omg": {
+    "features": {
+      "DEP_HEALTH": true
+    }
+  }
+}
+```
+
+## Output Example
+
+```
+============================================================
+  OMG Dependency Health Report
+============================================================
+
+  Manifests:      3 detected
+    - package.json (npm)
+    - requirements.txt (pip)
+    - pyproject.toml (pip)
+
+  Packages:       87 total
+
+  CVEs found:     4
+    Critical:     1
+    High:         2
+    Moderate:     1
+    Low:          0
+
+  Reachable:      2 of 4 (direct import detected)
+
+  License issues: 1
+    !! node-ipc: UNKNOWN (unknown)
+
+============================================================
+
+  [CRITICAL] GHSA-xxxx-yyyy-zzzz
+    Package:      lodash@4.17.20
+    Fixed in:     4.17.21
+    Reachability: direct
+    Risk:         high
+    Action:       Upgrade lodash to >=4.17.21
+
+  [HIGH] GHSA-aaaa-bbbb-cccc
+    Package:      requests@2.25.0
+    Fixed in:     2.31.0
+    Reachability: transitive
+    Risk:         medium
+    Action:       Upgrade requests to >=2.31.0
+
+============================================================
+```
+
+## Supported Manifests
+
+| Manifest | Ecosystem | Parser |
+|----------|-----------|--------|
+| `package.json` | npm | JSON dependencies + devDependencies |
+| `requirements.txt` | pip | PEP 508 lines |
+| `pyproject.toml` | pip | `[project.dependencies]` + `[tool.poetry.dependencies]` |
+| `Cargo.toml` | crates.io | `[dependencies]` + `[dev-dependencies]` |
+| `go.mod` | Go | `require` directives |
+| `Gemfile` | RubyGems | `gem` declarations |
+
+## Safety
+
+- **Read-only**: All sub-commands only read manifest files and query external APIs
+- **Feature-gated**: Requires `DEP_HEALTH` flag enabled
+- **No mutations**: Never modifies dependency files, lock files, or project code
+- **Crash-isolated**: All operations exit 0 on failure (graceful error handling)
+- **Cache**: CVE scan results cached to `.omg/state/dephealth/cve-cache.json` (1-hour TTL)
+- **Network**: `/deps cves` requires internet access for OSV API queries
+
+## API
+
+```python
+from plugins.dephealth.manifest_detector import detect_manifests, DependencyList
+from plugins.dephealth.cve_scanner import scan_for_cves
+from plugins.dephealth.license_checker import check_license_compatibility
+from plugins.dephealth.vuln_analyzer import analyze_reachability
+
+# Detect all manifest files and parse dependencies
+deps: DependencyList = detect_manifests(".")
+
+# Convert to dicts for scanner/checker APIs
+dep_dicts = [{"name": p.name, "version": p.version, "ecosystem": p.ecosystem} for p in deps.packages]
+
+# CVE scan via OSV batch API
+cve_result = scan_for_cves(dep_dicts, ".")
+
+# Reachability analysis (import tracing)
+reachability = analyze_reachability(cve_result, ".")
+
+# License compatibility check
+license_result = check_license_compatibility(dep_dicts, ".")
+```

package/commands/OMG:diagnose-plugins.md

@@ -0,0 +1,33 @@
+---
+description: Diagnose plugin interoperability and conflict status across OMG-supported hosts
+allowed-tools: Bash(python3:*), Read, Grep, Glob
+---
+
+# /OMG:diagnose-plugins
+
+Run `python3 scripts/omg.py diagnose-plugins --format json` and report the diagnostics result.
+
+## Output Schema
+
+- `schema`: `PluginDiagnosticsResult`
+- `status`: `ok` | `warn` | `error`
+- `records`: discovered plugin records
+- `conflicts`: classified conflict entries
+- `approval_states`: plugin approval states by plugin id
+- `summary`: totals for records, conflicts, and severity buckets
+- `next_actions`: top recommended remediations
+- `elapsed_ms`: total diagnostic runtime
+
+## Commands
+
+```
+python3 scripts/omg.py diagnose-plugins --format json
+python3 scripts/omg.py diagnose-plugins --format text
+python3 scripts/omg.py diagnose-plugins approve --source mcp:filesystem --host claude --reason "trusted" --format json
+```
+
+## Notes
+
+- Base diagnostics command is read-only.
+- Static mode is default; live probing must be explicit via `--live`.
+- `approve` currently returns a pending stub response.

package/commands/OMG:doctor.md

@@ -0,0 +1,37 @@
+---
+description: Canonical install and runtime verification for OMG
+allowed-tools: Bash(python3:*), Read, Grep, Glob
+---
+
+# /OMG:doctor
+
+Run `python3 scripts/omg.py doctor --format json` and report results.
+
+## Required Checks
+
+1. **python_version**: Python >= 3.10 installed and active.
+2. **fastmcp**: `fastmcp` package importable (needed for MCP server).
+3. **omg_control_reachable**: `.mcp.json` contains `omg-control` with stdio transport.
+4. **policy_files**: `commands/` directory or `.omg/policy.yaml` exists.
+5. **metadata_drift**: All public version surfaces match `CANONICAL_VERSION`.
+
+## Optional Checks
+
+6. **compiled_bundles**: `dist/` contains compiled channel bundles.
+7. **host_compatibility**: Host config directory (e.g. `~/.claude`) exists.
+8. **memory_reachable**: HTTP `omg-memory` configured (never required).
+9. **managed_runtime**: Managed venv at `$CLAUDE_DIR/omg-runtime/.venv` exists.
+
+## Output
+
+Each check reports `name`, `status` (`ok` | `blocker` | `warning`), and `message`.
+
+Exit code 0 when all **required** checks pass. Non-zero otherwise.
+
+```
+python3 scripts/omg.py doctor --format json
+```
+
+## Legacy Compat
+
+`omg compat run --skill omg-doctor` routes to the same engine.

package/commands/OMG:domain-init.md

@@ -0,0 +1,11 @@
+---
+description: "Alias for /OMG:init [domain-name]. Use /OMG:init instead."
+allowed-tools: Read, Write, Edit, MultiEdit, Bash(mkdir:*), Bash(cat:*), Bash(find:*), Bash(ls:*), Bash(head:*), Bash(grep:*), Bash(tree:*), Bash(node:*), Bash(python*:*), Bash(tee:*), Grep, Glob
+argument-hint: "[domain name, e.g. 'payment' or 'user-profile']"
+---
+
+# /OMG:domain-init → Redirects to /OMG:init [domain]
+
+This command is now part of `/OMG:init`. Execute `/OMG:init [domain-name]` (domain scaffolding mode).
+
+Follow the **MODE B: DOMAIN INIT** instructions in /OMG:init.

package/commands/OMG:escalate.md

@@ -0,0 +1,52 @@
+---
+description: Auto-route to Codex or Gemini using OMG standalone internal router.
+allowed-tools: Read, Grep, Glob, Bash(git:*), Bash(rg:*), Bash(find:*), Bash(cat:*), Bash(python3:*)
+argument-hint: "[codex|gemini|ccg|auto] 'task description' or just 'problem'"
+---
+
+# /OMG:escalate — Standalone Smart Escalation
+
+## Auto-Routing
+If no model specified:
+- backend/security/debug/performance → `codex`
+- ui/ux/layout/responsive → `gemini`
+- full-stack/architecture/review-all → `ccg`
+
+## Context package
+Build from OMG canonical state:
+- `.omg/state/profile.yaml`
+- `.omg/state/ledger/failure-tracker.json`
+- relevant files (`git diff --name-only`)
+
+## Runtime entrypoint
+Use the portable runtime installed by `OMG-setup.sh` (`~/.claude/omg-runtime/scripts/omg.py`).
+
+```bash
+OMG_CLI="${OMG_CLI_PATH:-$HOME/.claude/omg-runtime/scripts/omg.py}"
+if [ ! -f "$OMG_CLI" ] && [ -f "scripts/omg.py" ]; then OMG_CLI="scripts/omg.py"; fi
+```
+
+## Execute
+```bash
+python3 "$OMG_CLI" teams --target auto --problem "[problem]"
+```
+
+Explicit target:
+```bash
+python3 "$OMG_CLI" teams --target codex --problem "[problem]"
+python3 "$OMG_CLI" teams --target gemini --problem "[problem]"
+python3 "$OMG_CLI" ccg --problem "[problem]"
+```
+
+## Output
+Returns `TeamDispatchResult` with:
+- findings
+- action plan
+- evidence metadata
+
+Evidence now includes provider health details (`cli_health`) with:
+- binary availability
+- auth readiness (`auth status` probe)
+- `live_connection` boolean per provider
+
+No external legacy plugin is required.

package/commands/OMG:forge.md

@@ -0,0 +1,103 @@
+---
+description: "FORGE — Labs-only domain-model prototyping and evaluation orchestration. Routes into the lab pipeline with policy enforcement."
+allowed-tools: Read, Bash
+argument-hint: "[job file path]"
+---
+
+# /OMG:forge — Labs-Only Domain Prototyping
+
+> **Availability**: `labs` preset only. Blocked on `safe`, `balanced`, and `interop` presets.
+
+## What It Does
+
+Forge orchestrates domain-model prototyping and evaluation through the existing lab pipeline (`lab/pipeline.py`). It validates jobs against lab policies (`lab/policies.py`), runs the staged pipeline (data → refine → train/distill → evaluate → regression), and emits structured evidence.
+
+Forge does **not**:
+- Train frontier models or perform research-scale model training
+- Bypass lab policy gates (license checks, source validation)
+- Operate outside the `labs` preset boundary
+
+## Policy Enforcement
+
+Every forge job is validated through `lab.policies.validate_job_request()` before pipeline execution:
+
+1. **Dataset license** must be in `ALLOWED_LICENSES`: `apache-2.0`, `mit`, `bsd-3-clause`, `cc-by-4.0`
+2. **Dataset source** must not contain blocked tokens: `unknown`, `leaked`, `stolen`, `unauthorized`, `pirated`
+3. **Model source** must not contain blocked tokens
+4. **Model distillation** must be explicitly allowed (`allow_distill: true`)
+
+Jobs that fail policy checks are blocked with a structured reason before any pipeline stage runs.
+
+## CLI Usage
+
+```bash
+# Run a forge job from a JSON file (domain required)
+python3 scripts/omg.py forge run --job path/to/job.json
+
+# Run with explicit preset (default: labs)
+python3 scripts/omg.py forge run --job path/to/job.json --preset labs
+
+# Run inline with domain-aware job JSON
+python3 scripts/omg.py forge run --preset labs --job-json '{"domain":"vision","dataset":{"name":"vision-agent","license":"apache-2.0","source":"internal-curated"},"base_model":{"name":"distill-base-v1","source":"approved-registry","allow_distill":true},"target_metric":0.8,"simulated_metric":0.9,"specialists":["data-curator","training-architect","simulator-engineer"]}'
+```
+
+## Job File Format
+
+Every forge job **must** include an explicit `domain` field. Valid canonical domains: `vision`, `robotics`, `algorithms`, `health`, `cybersecurity`. The alias `vision-agent` is accepted and canonicalized to `vision`.
+
+```json
+{
+  "domain": "vision",
+  "dataset": {
+    "name": "vision-agent",
+    "license": "apache-2.0",
+    "source": "internal-curated"
+  },
+  "base_model": {
+    "name": "distill-base-v1",
+    "source": "approved-registry",
+    "allow_distill": true
+  },
+  "target_metric": 0.85,
+  "simulated_metric": 0.90,
+  "specialists": ["data-curator", "training-architect", "simulator-engineer"],
+  "evaluation_notes": "Domain adaptation for vision agent"
+}
+```
+
+## Output
+
+Forge returns structured JSON with pipeline results. Domain-aware jobs with specialists also include a `specialist_dispatch` block:
+
+```json
+{
+  "status": "ready",
+  "stage": "complete",
+  "stages": [
+    {"name": "data_prepare", "status": "ok"},
+    {"name": "synthetic_refine", "status": "ok"},
+    {"name": "train_distill", "status": "ok"},
+    {"name": "evaluate", "status": "ok"},
+    {"name": "regression_test", "status": "ok"}
+  ],
+  "published": false,
+  "evaluation_report": {
+    "metric": 0.90,
+    "target_metric": 0.85,
+    "passed": true
+  },
+  "specialist_dispatch": {
+    "status": "ok",
+    "specialists_dispatched": ["data-curator", "training-architect", "simulator-engineer"]
+  }
+}
+```
+
+## Scope Boundary
+
+Forge is a **domain-prototyping** surface, not a model-training research tool. It stays within:
+
+- The lab pipeline's staged execution model
+- Lab policy validation for all dataset and model sources
+- The `labs` preset boundary — no forge operations run without labs enabled
+- Domain-pack contracts (`runtime/domain_packs.py`) for domain-specific prototyping

package/commands/OMG:health-check.md

@@ -0,0 +1,48 @@
+---
+description: Verify project setup, context health, and tool integration
+allowed-tools: Bash(ls:*), Bash(cat:*), Bash(find:*), Bash(grep:*), Bash(git:*), Bash(which:*), Bash(head:*), Bash(wc:*), Bash(stat:*), Bash(npm run:*), Bash(npx:*), Bash(pnpm run:*), Bash(yarn run:*), Bash(pytest:*), Bash(python3:*), Read, Grep, Glob
+---
+
+# /OMG:health-check
+
+Run all checks silently, report only issues:
+
+1. **Profile**: .omg/state/profile.yaml exists and has required fields (name, language, framework)?
+   - FAIL if missing. WARN if key fields empty.
+
+2. **Knowledge**: .omg/knowledge/ has content? Any decision files older than 30 days?
+   - WARN if empty. WARN if stale files (suggest review).
+
+3. **Quality Gate**: .omg/state/quality-gate.json exists and configured commands are runnable?
+   - Check each command with `which` or `--version` where possible.
+   - If execution is restricted, report WARN (not FAIL) with "cannot verify — restricted permissions".
+   - If command found but fails: report FAIL with exit code.
+
+4. **Secrets**: No .env committed to git? No API keys in tracked files?
+   - `git ls-files | grep -i '\.env'` (exclude .env.example/.sample/.template).
+   - FAIL if real .env files tracked.
+
+5. **Tools**: Hooks installed? OMG team aliases available? MCP servers listed?
+   - Check ~/.claude/hooks/.omg-version exists.
+   - Check if Claude sees OMG through plugin-managed skills/surfaces rather than legacy `~/.claude/commands/` files:
+     - `~/.claude/plugins/known_marketplaces.json` contains `omg`
+     - `~/.claude/plugins/cache/omg/omg/<version>/.claude-plugin/plugin.json` exists
+     - WARN if only legacy command files exist without the plugin-managed surface
+   - List MCP servers from .mcp.json (informational).
+
+6. **Failures**: Stale failure patterns in failure-tracker.json?
+   - WARN if any pattern older than 24h. Suggest `/OMG:handoff` or manual reset.
+
+7. **Context Size**: Estimate total injection from session-start + prompt-enhancer.
+   - Sum: profile.yaml lines + working-memory.md lines + handoff.md lines.
+   - WARN if >80 lines total.
+
+**Report format:**
+```
+PASS [N] | WARN [N] | FAIL [N]
+
+  FAIL profile: .omg/state/profile.yaml not found → run /OMG:init
+  WARN quality: prettier not found → install or remove from quality-gate.json
+  PASS secrets: no .env files tracked
+  ...
+```

package/commands/OMG:init.md

@@ -0,0 +1,134 @@
+---
+description: "Unified initializer — auto-detects: project setup (if no .omg/state), domain scaffolding (if argument given), or health check."
+allowed-tools: Read, Write, Edit, MultiEdit, Bash(mkdir:*), Bash(cat:*), Bash(find:*), Bash(ls:*), Bash(head:*), Bash(grep:*), Bash(tree:*), Bash(node:*), Bash(python*:*), Bash(tee:*), Grep, Glob
+argument-hint: "[optional: domain name like 'payment', or 'check' for health check]"
+---
+
+# /OMG:init — Unified Project & Domain Initializer
+
+## Auto-Detection Logic
+
+```
+if argument is a domain name (e.g. "payment", "user-profile"):
+  → DOMAIN INIT (create new domain from existing patterns)
+elif .omg/state directory does not exist:
+  → PROJECT INIT (first-time project setup)
+elif .omg/state/profile.yaml exists:
+  → HEALTH CHECK (verify everything works, offer upgrades)
+```
+
+---
+
+## MODE A: PROJECT INIT (no .omg/state found)
+
+### Step 1: Create .omg/state/profile.yaml (MOST IMPORTANT)
+Detect from code. Ask user for anything undetectable.
+
+```yaml
+# .omg/state/profile.yaml — injected every session (keep under 20 lines)
+name: "[from package.json/Cargo.toml/pyproject.toml]"
+description: "[1 sentence]"
+repo: "[from git remote -v]"
+
+language: "[detect]"
+framework: "[detect]"
+database: "[detect or ask]"
+infra: "[detect from Dockerfile/terraform/etc]"
+key_deps: "[top 5]"
+
+conventions:
+  naming: "[detect: camelCase/snake_case]"
+  test_cmd: "[detect: npm test/pytest/cargo test]"
+  lint_cmd: "[detect: eslint/ruff/clippy]"
+
+ai_behavior:
+  communication: "[ask user: language preference]"
+  when_stuck: "Ask user after 2 failed attempts"
+  testing: "User-journey focused, not boilerplate"
+```
+
+### Step 2: Create knowledge structure + OMG v1 contract dirs
+```
+mkdir -p .omg/state/ledger .omg/knowledge/decisions .omg/knowledge/patterns .omg/knowledge/rules
+mkdir -p .omg/trust .omg/evidence .omg/shadow .omg/migrations
+```
+
+Copy OMG v1 templates when missing:
+- `.omg/idea.yml`
+- `.omg/policy.yaml`
+- `.omg/runtime.yaml`
+
+### Step 3: Auto-detect quality gate
+```json
+// .omg/state/quality-gate.json — only include commands that exist
+{
+  "format": "[detect: prettier/black/gofmt or null]",
+  "lint": "[detect: eslint/ruff/clippy or null]",
+  "typecheck": "[detect: tsc/mypy or null]",
+  "test": "[detect: npm test/pytest/cargo test or null]"
+}
+```
+
+### Step 4: Copy relevant contextual rules
+Based on detected project type, copy relevant rules from templates:
+- Web project → security-domains.md, code-hygiene.md
+- Backend → infra-safety.md, dependency-safety.md
+- DDD project → ddd-sdd.md, outside-in.md
+
+### Step 5: Verify
+Run `/OMG:health-check` to confirm setup.
+
+---
+
+## MODE B: DOMAIN INIT (argument = domain name)
+
+### Step 1: Find Reference Pattern
+```bash
+find . -type f -name "*.ts" -o -name "*.py" | sed 's|/[^/]*$||' | sort | uniq -c | sort -rn | head -10
+```
+Read the most complete existing domain. Extract:
+- Directory structure (routes, services, models, tests)
+- Naming conventions, error handling, data flow patterns
+
+### Step 2: Define the New Domain
+Ask the user:
+- "What entities does [domain] have?"
+- "What actions can be performed?"
+- "What external services does it talk to?"
+- "What are the business rules?"
+
+### Step 3: Generate Domain Structure
+Match the reference pattern EXACTLY. Create:
+```
+src/[domain]/
+  ├── [domain].model.ts
+  ├── [domain].service.ts
+  ├── [domain].repository.ts
+  ├── [domain].controller.ts (or routes)
+  ├── [domain].types.ts
+  └── __tests__/
+      └── [domain].service.test.ts
+```
+
+### Step 4: Document the Pattern
+Save to `.omg/knowledge/patterns/[domain]-pattern.md`
+
+---
+
+## MODE C: HEALTH CHECK (already initialized)
+
+Run `/OMG:health-check` and additionally:
+- Verify profile.yaml is up-to-date with current project state
+- Check if new contextual rules should be added
+- Offer to update quality-gate.json if tools changed
+
+---
+
+## File Write Method
+Use `Write` tool first. If it fails (file exists), fall back to:
+```bash
+cat > .omg/state/profile.yaml << 'EOF'
+[content]
+EOF
+```
+Always READ the file after writing to confirm.