odd-studio 3.4.2 → 3.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/.claude-plugin/plugin.json +1 -1
  2. package/bin/odd-studio.js +1 -1
  3. package/codex-plugin/.codex-plugin/plugin.json +1 -1
  4. package/hooks/odd-studio.sh +17 -4
  5. package/package.json +1 -1
  6. package/plugins/plugin-gates.js +2 -2
  7. package/scripts/setup-hooks.js +10 -0
  8. package/skill/SKILL.md +3 -3
package/.claude-plugin/plugin.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "odd-studio",
3
3
  "description": "Outcome-Driven Development — a planning and build harness for domain experts building serious software with AI. Installs the /odd skill, safety hooks, and project scaffolding into Claude Code.",
4
- "version": "3.3.3",
4
+ "version": "3.5.1",
5
5
  "author": {
6
6
  "name": "ODD Studio"
7
7
  },
package/bin/odd-studio.js CHANGED
@@ -15,7 +15,7 @@ import { registerUninstall } from './commands/uninstall.js';
15
15
  const __filename = fileURLToPath(import.meta.url);
16
16
  const __dirname = path.dirname(__filename);
17
17
  const require = createRequire(import.meta.url);
18
- const pkg = require('../package.json'); // v3.4.2
18
+ const pkg = require('../package.json'); // v3.5.1
19
19
 
20
20
  const PACKAGE_ROOT = path.resolve(__dirname, '..');
21
21
  const deps = { PACKAGE_ROOT, print };
package/codex-plugin/.codex-plugin/plugin.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "odd-studio",
3
- "version": "3.4.2",
3
+ "version": "3.5.1",
4
4
  "description": "Outcome-Driven Development planning and build harness for domain experts building serious software with AI.",
5
5
  "author": {
6
6
  "name": "ODD Studio"
package/hooks/odd-studio.sh CHANGED
@@ -152,21 +152,34 @@ build-gate)
152
152
  # ─────────────────────────────────────────────────────────────────────────────
153
153
  # PreToolUse: Write|Edit — blocks source writes without active build session
154
154
  # ─────────────────────────────────────────────────────────────────────────────
155
+ # Two-marker system:
156
+ # 1. .odd/.odd-flow-swarm-active — created by *build, 24h TTL (session marker)
157
+ # 2. .odd/.odd-flow-agent-token — created by Task agents before each write batch, 120s TTL
158
+ #
159
+ # The orchestrator (main conversation) can read files and coordinate, but CANNOT
160
+ # write source code. Only Task agents can, and only after creating the agent token.
161
+ # This prevents the LLM from bypassing swarm coordination by editing files directly.
155
162
  swarm-write)
156
163
  [ "$TOOL_NAME" = "Write" ] || [ "$TOOL_NAME" = "Edit" ] || exit 0
157
164
  [ "$CURRENT_PHASE" = "build" ] || exit 0
158
165
  is_source_file "$FILE_PATH" || exit 0
159
166
 
160
- # Gate: Build session must be active (swarm marker with 24h TTL)
161
- # Both the main orchestrator and Task agents can write source code
162
- # when a build session is active. The swarm marker is refreshed when
163
- # *build is invoked and during odd-flow coordination syncs.
167
+ # Gate 1: Build session must be active (swarm marker with 24h TTL)
164
168
  if ! marker_valid ".odd/.odd-flow-swarm-active" 86400; then
165
169
  echo "ODD STUDIO [swarm-write]: Source writes blocked — no active build session." >&2
166
170
  echo "Run *build to start a build session before writing source code." >&2
167
171
  echo "File blocked: $FILE_PATH" >&2
168
172
  exit 2
169
173
  fi
174
+
175
+ # Gate 2: Agent write token must be fresh (120s TTL)
176
+ # Only Task agents create this token — the orchestrator must NOT.
177
+ if ! marker_valid ".odd/.odd-flow-agent-token" 120; then
178
+ echo "ODD STUDIO [swarm-write]: Source writes blocked — no agent write token." >&2
179
+ echo "Only Task agents can write source code. The orchestrator must dispatch work, not write code directly." >&2
180
+ echo "File blocked: $FILE_PATH" >&2
181
+ exit 2
182
+ fi
170
183
  exit 0
171
184
  ;;
172
185
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "odd-studio",
3
- "version": "3.4.2",
3
+ "version": "3.5.1",
4
4
  "description": "Outcome-Driven Development for AI coding agents — a planning and build harness for domain experts building serious software with AI. Works with Claude Code, OpenCode, and Codex.",
5
5
  "keywords": [
6
6
  "claude-code",
package/plugins/plugin-gates.js CHANGED
@@ -33,10 +33,10 @@ export function createBeforeHook(readState) {
33
33
 
34
34
  if ((toolName === 'Write' || toolName === 'Edit') && state.currentPhase === 'build' && isSourceCodePath(filePath)) {
35
35
  if (!markerValid(resolve(process.cwd(), '.odd', '.odd-flow-swarm-active'), 3600000)) {
36
- return { blocked: true, message: `ODD SWARM WRITE GATE: Source writes blocked — swarm not initialised. File: ${filePath}` };
36
+ return { blocked: true, message: `ODD SWARM WRITE GATE: Source writes blocked — no active build session. Run *build first. File: ${filePath}` };
37
37
  }
38
38
  if (!markerValid(resolve(process.cwd(), '.odd', '.odd-flow-agent-token'), 120000)) {
39
- return { blocked: true, message: `ODD SWARM WRITE GATE: Source writes blocked — no agent token. Task agents must create token before writing. File: ${filePath}` };
39
+ return { blocked: true, message: `ODD SWARM WRITE GATE: Source writes blocked — no agent write token. Only Task agents can write source code, not the orchestrator. Dispatch work to agents instead. File: ${filePath}` };
40
40
  }
41
41
  }
42
42
 
package/scripts/setup-hooks.js CHANGED
@@ -6,6 +6,16 @@ import { ODD_HOOK_FILE as HOOK_FILE } from './assets.js';
6
6
  // All ODD Studio gates, grouped by event + matcher.
7
7
  // Each entry becomes one hooks[] item in settings.json pointing to:
8
8
  // odd-studio.sh <gate-name>
9
+ //
10
+ // Two-marker system (swarm-write gate):
11
+ // 1. .odd/.odd-flow-swarm-active — created by *build, 24h TTL (session marker)
12
+ // 2. .odd/.odd-flow-agent-token — created by Task agents, 120s TTL (write token)
13
+ //
14
+ // The orchestrator (main conversation) can read files and coordinate,
15
+ // but CANNOT write source code. Only Task agents can write source code,
16
+ // and only after creating the agent token. This prevents the LLM from
17
+ // bypassing swarm coordination by editing files directly from the main
18
+ // conversation.
9
19
  const GATES = [
10
20
  // ── PreToolUse ──────────────────────────────────────────────────────────
11
21
  {
package/skill/SKILL.md CHANGED
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: "odd"
3
- version: "3.4.2"
3
+ version: "3.5.1"
4
4
  description: "Outcome-Driven Development planning and build coach. Use /odd to start or resume an ODD project — building personas, writing outcomes, mapping contracts, creating a Master Implementation Plan, and directing a odd-flow-powered build. Designed for domain experts who are not developers. Works with Claude Code, OpenCode, and Codex."
5
5
  metadata:
6
6
  priority: 10
@@ -96,7 +96,7 @@ Display this when no existing state is found:
96
96
 
97
97
  ---
98
98
 
99
- Welcome to ODD Studio v3.4.2.
99
+ Welcome to ODD Studio v3.5.1.
100
100
 
101
101
  You are about to plan and build something real — using a methodology called Outcome-Driven Development. Before we write a single line of code, we are going to get precise about three things:
102
102
 
@@ -120,7 +120,7 @@ Display this when existing state is found. Replace the bracketed values with act
120
120
 
121
121
  ---
122
122
 
123
- Welcome back to ODD Studio v3.4.2.
123
+ Welcome back to ODD Studio v3.5.1.
124
124
 
125
125
  **Project:** [project.name]
126
126
  **Current Phase:** [state.currentPhase]