npm - oh-my-customcode - Versions diffs - 0.136.0 → 0.136.1 - Mend

oh-my-customcode 0.136.0 → 0.136.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +2 -2
package/dist/cli/index.js +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1
package/templates/.claude/agents/mgr-gitnerd.md +7 -2
package/templates/.claude/rules/MUST-safety.md +14 -0
package/templates/guides/git-safety/README.md +97 -0
package/templates/manifest.json +2 -2

package/README.md CHANGED Viewed

@@ -222,7 +222,7 @@ Key rules: R010 (orchestrator never writes files), R009 (parallel execution mand
 ---
-### Guides (49)
+### Guides (50)
 Reference documentation covering best practices, architecture decisions, and integration patterns. Located in `guides/` at project root, covering topics from agent design to CI/CD to observability.
@@ -279,7 +279,7 @@ your-project/
 │   ├── specs/                  # Extracted canonical specs
 │   ├── contexts/               # 4 shared context files
 │   └── ontology/               # Knowledge graph for RAG
-└── guides/                     # 49 reference documents
+└── guides/                     # 50 reference documents
 ```
 ---

package/dist/cli/index.js CHANGED Viewed

@@ -2334,7 +2334,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.136.0",
+    version: "0.136.1",
     description: "Batteries-included agent harness for Claude Code",
     type: "module",
     bin: {

package/dist/index.js CHANGED Viewed

@@ -2014,7 +2014,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.136.0",
+  version: "0.136.1",
   description: "Batteries-included agent harness for Claude Code",
   type: "module",
   bin: {

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.136.0",
+  "version": "0.136.1",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/agents/mgr-gitnerd.md CHANGED Viewed

@@ -52,10 +52,15 @@ Types: feat, fix, docs, style, refactor, test, chore
 ## Safety Rules
-- NEVER force push to main/master
-- NEVER reset --hard without confirmation
+- NEVER force push to main/master (use `--force-with-lease` only on feature branches with explicit user approval)
+- NEVER `git reset --hard` without confirmation — verify `git status` shows clean tree OR user explicitly accepts loss
+- NEVER `git checkout -- <path>` / `git restore <path>` without confirmation — uncommitted changes are unrecoverable
+- NEVER `git clean -fd` without prior `git clean -nd` dry-run + user approval
+- NEVER `git branch -D <branch>` without showing `git log <branch>` first if branch has unmerged commits
 - NEVER skip pre-commit hooks without reason
 - ALWAYS create new commits (avoid --amend unless requested)
+- ALWAYS check `git reflog` before declaring work lost — most destructive ops are recoverable for 30 days
+- Reference: R001 Destructive Git Commands section, #1146 (v0.136.0 working tree loss incident)
 ## Push Rules (R016)

package/templates/.claude/rules/MUST-safety.md CHANGED Viewed

@@ -11,6 +11,20 @@
 | Commands | `rm -rf /` or broad deletes, shutdown/restart, sudo/su, network config changes |
 | External | Access URLs without approval, send user data externally, download/execute unknown scripts |
+## Destructive Git Commands (Working Tree Loss Risk)
+The following git commands have caused working tree loss in past sessions (#1146, v0.136.0). REQUIRE explicit user approval per invocation:
+| Command | Risk | Required Action |
+|---------|------|----------------|
+| `git reset --hard <ref>` (especially to remote/old SHA) | Erases uncommitted + committed local changes | Confirm uncommitted state with `git status`; show ref delta; explicit approval |
+| `git checkout -- <path>` / `git restore <path>` (without `--source`) | Discards uncommitted file changes | Confirm file is intentionally being reverted; explicit approval |
+| `git clean -fd` / `git clean -fdx` | Permanently deletes untracked files (incl. ignored with `-x`) | List files with `git clean -nd` first; explicit approval |
+| `git branch -D <name>` (when branch has unmerged commits) | Loses unmerged work | Show `git log <branch>` first; confirm commits are pushed elsewhere; explicit approval |
+| `git push --force` / `git push --force-with-lease` to shared branches | Rewrites shared history | NEVER on main/master; explicit approval for feature branches with active collaborators |
+**Recovery hint**: If working tree loss occurs, check `git reflog` immediately — most operations are recoverable within 30 days.
 ## Required Before Destructive Operations
 Verify target, assess impact scope, check recoverability, get user approval.

package/templates/guides/git-safety/README.md ADDED Viewed

@@ -0,0 +1,97 @@
+# Git Safety Guide
+Reference for safe git operations in autonomous AI agent flows. Born from #1146 (v0.136.0 working tree loss incident).
+## Destructive Commands Quick Reference
+| Command | Risk | Required Action |
+|---------|------|----------------|
+| `git reset --hard <ref>` | Erases uncommitted + committed local changes | Confirm `git status` clean; show ref delta; explicit user approval |
+| `git checkout -- <path>` / `git restore <path>` | Discards uncommitted file changes | Confirm intentional revert; explicit approval |
+| `git clean -fd` / `-fdx` | Permanently deletes untracked files | Run `git clean -nd` dry-run first; explicit approval |
+| `git branch -D <name>` (unmerged) | Loses unmerged work | Show `git log <branch>` first; confirm pushed elsewhere |
+| `git push --force` (shared branch) | Rewrites shared history | NEVER on main/master; explicit approval for collaborative branches |
+## Pre-Flight Checks
+Before any destructive operation:
+```bash
+git status --porcelain | wc -l   # MUST be 0 for safe destructive op
+git stash list                   # check if work was previously stashed
+git reflog -n 20                 # baseline before any history-rewriting op
+```
+## Recovery Procedures
+### From `git reset --hard`
+```bash
+git reflog                       # find pre-reset SHA
+git reset --hard <pre-reset-sha> # restore HEAD
+```
+Most operations are recoverable within 30 days (default reflog expiry).
+### From `git clean -fd`
+Untracked file deletion is **permanent**. Recovery requires:
+- Editor history (VS Code, JetBrains)
+- Filesystem snapshots (Time Machine, ZFS, btrfs)
+- Container layer cache (if in Docker)
+### From `git branch -D` (unmerged commits)
+```bash
+git reflog                       # find branch tip SHA
+git branch <name> <sha>          # recreate branch
+```
+### From orphaned commits (no ref)
+```bash
+git fsck --lost-found            # find dangling commits
+git show <sha>                   # inspect candidates
+git branch recovered <sha>       # save as branch
+```
+## Agent-Specific Rules
+For AI agents executing git in autonomous flows:
+1. **Pre-check is mandatory** — never assume "small change"
+2. **Report uncommitted state** — show `git status` output to user before destructive ops
+3. **Stash before reset** — `git stash push -u "pre-reset-<reason>"` is cheap insurance
+4. **Reflog baseline** — capture `git reflog -n 5` before any history-rewriting op
+## Cross-References
+- **R001** (`.claude/rules/MUST-safety.md`) — Destructive Git Commands section
+- **mgr-gitnerd** (`.claude/agents/mgr-gitnerd.md`) — Safety Rules section
+- **Issue #1146** — Original v0.136.0 working tree loss incident
+- **mgr-gitnerd memory** (`.claude/agent-memory/mgr-gitnerd/MEMORY.md`) — Incident lessons
+## Reference Implementation Patterns
+### Safe reset wrapper (pseudo-code)
+```bash
+safe_reset() {
+  local target=$1
+  local dirty=$(git status --porcelain | wc -l)
+  if [ "$dirty" -gt 0 ]; then
+    echo "WARNING: $dirty uncommitted change(s). Stash or commit first."
+    git status --short
+    return 1
+  fi
+  echo "Reset preview:"
+  git log HEAD..$target --oneline
+  git log $target..HEAD --oneline
+  read -p "Proceed? [y/N] " confirm
+  [ "$confirm" = "y" ] && git reset --hard "$target"
+}
+```
+### Destructive op detection (advisory)
+See `.claude/hooks/scripts/git-delegation-guard.sh` for the existing R010 advisory pattern. A future `destructive-git-guard.sh` (T2 from #1146, deferred) will add R001 destructive-op-specific warnings.

package/templates/manifest.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "0.136.0",
+  "version": "0.136.1",
   "lastUpdated": "2026-05-14T00:00:00.000Z",
   "omcustomMinClaudeCode": "2.1.121",
   "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",
@@ -26,7 +26,7 @@
       "name": "guides",
       "path": "guides",
       "description": "Reference documentation",
-      "files": 49
+      "files": 50
     },
     {
       "name": "hooks",