oh-my-customcode 0.136.0 → 0.136.2

package/README.md

@@ -222,7 +222,7 @@ Key rules: R010 (orchestrator never writes files), R009 (parallel execution mand
 
 ---
 
-### Guides (49)
+### Guides (50)
 
 Reference documentation covering best practices, architecture decisions, and integration patterns. Located in `guides/` at project root, covering topics from agent design to CI/CD to observability.
 
@@ -279,7 +279,7 @@ your-project/
 │   ├── specs/                  # Extracted canonical specs
 │   ├── contexts/               # 4 shared context files
 │   └── ontology/               # Knowledge graph for RAG
-└── guides/                     # 49 reference documents
+└── guides/                     # 50 reference documents
 ```
 
 ---

package/dist/cli/index.js

@@ -2334,7 +2334,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.136.0",
+    version: "0.136.2",
     description: "Batteries-included agent harness for Claude Code",
     type: "module",
     bin: {

package/dist/index.js

@@ -2014,7 +2014,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.136.0",
+  version: "0.136.2",
   description: "Batteries-included agent harness for Claude Code",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.136.0",
+  "version": "0.136.2",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/agents/mgr-gitnerd.md

@@ -52,10 +52,15 @@ Types: feat, fix, docs, style, refactor, test, chore
 
 ## Safety Rules
 
-- NEVER force push to main/master
-- NEVER reset --hard without confirmation
+- NEVER force push to main/master (use `--force-with-lease` only on feature branches with explicit user approval)
+- NEVER `git reset --hard` without confirmation — verify `git status` shows clean tree OR user explicitly accepts loss
+- NEVER `git checkout -- <path>` / `git restore <path>` without confirmation — uncommitted changes are unrecoverable
+- NEVER `git clean -fd` without prior `git clean -nd` dry-run + user approval
+- NEVER `git branch -D <branch>` without showing `git log <branch>` first if branch has unmerged commits
 - NEVER skip pre-commit hooks without reason
 - ALWAYS create new commits (avoid --amend unless requested)
+- ALWAYS check `git reflog` before declaring work lost — most destructive ops are recoverable for 30 days
+- Reference: R001 Destructive Git Commands section, #1146 (v0.136.0 working tree loss incident)
 
 ## Push Rules (R016)
 

package/templates/.claude/rules/MUST-safety.md

@@ -11,6 +11,20 @@
 | Commands | `rm -rf /` or broad deletes, shutdown/restart, sudo/su, network config changes |
 | External | Access URLs without approval, send user data externally, download/execute unknown scripts |
 
+## Destructive Git Commands (Working Tree Loss Risk)
+
+The following git commands have caused working tree loss in past sessions (#1146, v0.136.0). REQUIRE explicit user approval per invocation:
+
+| Command | Risk | Required Action |
+|---------|------|----------------|
+| `git reset --hard <ref>` (especially to remote/old SHA) | Erases uncommitted + committed local changes | Confirm uncommitted state with `git status`; show ref delta; explicit approval |
+| `git checkout -- <path>` / `git restore <path>` (without `--source`) | Discards uncommitted file changes | Confirm file is intentionally being reverted; explicit approval |
+| `git clean -fd` / `git clean -fdx` | Permanently deletes untracked files (incl. ignored with `-x`) | List files with `git clean -nd` first; explicit approval |
+| `git branch -D <name>` (when branch has unmerged commits) | Loses unmerged work | Show `git log <branch>` first; confirm commits are pushed elsewhere; explicit approval |
+| `git push --force` / `git push --force-with-lease` to shared branches | Rewrites shared history | NEVER on main/master; explicit approval for feature branches with active collaborators |
+
+**Recovery hint**: If working tree loss occurs, check `git reflog` immediately — most operations are recoverable within 30 days.
+
 ## Required Before Destructive Operations
 
 Verify target, assess impact scope, check recoverability, get user approval.

package/templates/.claude/skills/pipeline/workflows/auto-dev.yaml

@@ -88,25 +88,11 @@ steps:
       - All Agent tool calls MUST pass mode: "bypassPermissions" to prevent permission prompts during unattended execution
 
 
-      ## Universal /tmp Script Bypass for .claude/ paths (R010 Universal /tmp Script Bypass)
+      ## Sensitive Path Handling (CC v2.1.121+)
 
-      ALL tool calls targeting `.claude/` MUST go through `/tmp/*.sh` script via Bash. This applies to read-only measurement (sed/cat/wc/ls), Write, Edit, and write-Bash. Read tool is exempt.
+      Direct Write/Edit/Bash on `.claude/**` is permitted under `mode: "bypassPermissions"` as of CC v2.1.121 (#1101). The legacy `/tmp/*.sh` bypass is no longer required. Structural changes (new agents/skills) still go through mgr-creator with R017 verification.
 
-      Pattern:
-      1. Write(/tmp/fix-{topic}.sh) — script contents may use heredoc/sed/cp targeting .claude/
-      2. Bash(bash /tmp/fix-{topic}.sh) — Bash target is /tmp/, not .claude/
-      3. Read or Bash(head/grep) on .claude/ paths is fine (Read tool sensitive-path exempt; Bash on .claude/ is also exempt for some commands but to stay safe always use /tmp script for any sed/cat/wc on .claude/).
-
-      Rationale: CC sensitive-path check inspects tool-call target paths but does NOT audit script-internal file operations. Direct Write/Edit/Bash on .claude/ triggers user approval prompts even with bypassPermissions, breaking unattended automation.
-
-      Use this pattern for:
-      - Any documentation fix in .claude/
-      - Any frontmatter change
-      - Any read-only measurement / inspection / counting
-      - Count synchronization between source and templates
-      - Structural changes (new agents/skills) MUST still go through mgr-creator with R017 verification, AND mgr-creator itself uses /tmp bypass for the file writes
-
-      References: #1052, #1016 (v0.111.1 origin), #1046 (v0.116.1 delegation directive loss fix), feedback_sensitive_path_tmp_bypass.md memory
+      For CC < v2.1.121 see git history for the legacy bypass pattern.
 
       ## Local CI-mimic verification (MUST run before marking implement done)
 
@@ -160,9 +146,24 @@ steps:
              git branch -D release
            fi
          Reference: issue #1141 (v0.135.0 follow-up), mgr-gitnerd MEMORY.md.
-      1. Version:
+
+      1. Version bump (mandatory):
+         Orchestrator delegates to mgr-updater (R010). mgr-updater executes the following atomic edits:
+         Determine NEW version per semver rules below.
+         npm project (package.json exists):
+           a. package.json: jq '.version = "<NEW>"' package.json > package.json.tmp && mv package.json.tmp package.json
+           b. templates/manifest.json: jq '.version = "<NEW>"' templates/manifest.json > templates/manifest.json.tmp && mv templates/manifest.json.tmp templates/manifest.json
+           c. mgr-gitnerd commit: "chore(release): bump to v<NEW>"
+           d. mgr-gitnerd push develop
+           e. mandatory verification (with existence guard for partial-update safety):
+              [ -f scripts/verify-version-sync.sh ] && bash scripts/verify-version-sync.sh || echo "::warning::verify-version-sync.sh not found, version sync verification skipped"
+              (verify-version-sync.sh 가 exit 1 시 release 단계 halt)
+
+         Version decision (semver):
          - No existing tags → v0.1.0
-         - Otherwise: semver bump (patch for bugfix, minor for features)
+         - Previous tag exists → patch (bugfix) / minor (features) / major (breaking)
+         - Previous tag is ahead of source version (e.g., tag v0.136.1, package.json 0.136.0): use next available skip-version (0.136.2)
+
       2. Release notes via omcustom-release-notes skill
       3. Delegate to mgr-gitnerd:
          - git tag + push
@@ -173,7 +174,7 @@ steps:
       6. Adapt release mechanism to project:
          - npm project: PR + merge + npm publish verification
          - Non-npm: direct tag on main (trunk-based)
-    description: "Git tag + GitHub Release + close milestone/issues"
+    description: "Git tag + GitHub Release + close milestone/issues (with mandatory version sync verification)"
     depends_on: deep-verify
 
   - name: ci-check

package/templates/guides/git-safety/README.md

@@ -0,0 +1,97 @@
+# Git Safety Guide
+
+Reference for safe git operations in autonomous AI agent flows. Born from #1146 (v0.136.0 working tree loss incident).
+
+## Destructive Commands Quick Reference
+
+| Command | Risk | Required Action |
+|---------|------|----------------|
+| `git reset --hard <ref>` | Erases uncommitted + committed local changes | Confirm `git status` clean; show ref delta; explicit user approval |
+| `git checkout -- <path>` / `git restore <path>` | Discards uncommitted file changes | Confirm intentional revert; explicit approval |
+| `git clean -fd` / `-fdx` | Permanently deletes untracked files | Run `git clean -nd` dry-run first; explicit approval |
+| `git branch -D <name>` (unmerged) | Loses unmerged work | Show `git log <branch>` first; confirm pushed elsewhere |
+| `git push --force` (shared branch) | Rewrites shared history | NEVER on main/master; explicit approval for collaborative branches |
+
+## Pre-Flight Checks
+
+Before any destructive operation:
+
+```bash
+git status --porcelain | wc -l   # MUST be 0 for safe destructive op
+git stash list                   # check if work was previously stashed
+git reflog -n 20                 # baseline before any history-rewriting op
+```
+
+## Recovery Procedures
+
+### From `git reset --hard`
+
+```bash
+git reflog                       # find pre-reset SHA
+git reset --hard <pre-reset-sha> # restore HEAD
+```
+
+Most operations are recoverable within 30 days (default reflog expiry).
+
+### From `git clean -fd`
+
+Untracked file deletion is **permanent**. Recovery requires:
+- Editor history (VS Code, JetBrains)
+- Filesystem snapshots (Time Machine, ZFS, btrfs)
+- Container layer cache (if in Docker)
+
+### From `git branch -D` (unmerged commits)
+
+```bash
+git reflog                       # find branch tip SHA
+git branch <name> <sha>          # recreate branch
+```
+
+### From orphaned commits (no ref)
+
+```bash
+git fsck --lost-found            # find dangling commits
+git show <sha>                   # inspect candidates
+git branch recovered <sha>       # save as branch
+```
+
+## Agent-Specific Rules
+
+For AI agents executing git in autonomous flows:
+
+1. **Pre-check is mandatory** — never assume "small change"
+2. **Report uncommitted state** — show `git status` output to user before destructive ops
+3. **Stash before reset** — `git stash push -u "pre-reset-<reason>"` is cheap insurance
+4. **Reflog baseline** — capture `git reflog -n 5` before any history-rewriting op
+
+## Cross-References
+
+- **R001** (`.claude/rules/MUST-safety.md`) — Destructive Git Commands section
+- **mgr-gitnerd** (`.claude/agents/mgr-gitnerd.md`) — Safety Rules section
+- **Issue #1146** — Original v0.136.0 working tree loss incident
+- **mgr-gitnerd memory** (`.claude/agent-memory/mgr-gitnerd/MEMORY.md`) — Incident lessons
+
+## Reference Implementation Patterns
+
+### Safe reset wrapper (pseudo-code)
+
+```bash
+safe_reset() {
+  local target=$1
+  local dirty=$(git status --porcelain | wc -l)
+  if [ "$dirty" -gt 0 ]; then
+    echo "WARNING: $dirty uncommitted change(s). Stash or commit first."
+    git status --short
+    return 1
+  fi
+  echo "Reset preview:"
+  git log HEAD..$target --oneline
+  git log $target..HEAD --oneline
+  read -p "Proceed? [y/N] " confirm
+  [ "$confirm" = "y" ] && git reset --hard "$target"
+}
+```
+
+### Destructive op detection (advisory)
+
+See `.claude/hooks/scripts/git-delegation-guard.sh` for the existing R010 advisory pattern. A future `destructive-git-guard.sh` (T2 from #1146, deferred) will add R001 destructive-op-specific warnings.

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.136.0",
+  "version": "0.136.2",
   "lastUpdated": "2026-05-14T00:00:00.000Z",
   "omcustomMinClaudeCode": "2.1.121",
   "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",
@@ -26,7 +26,7 @@
       "name": "guides",
       "path": "guides",
       "description": "Reference documentation",
-      "files": 49
+      "files": 50
     },
     {
       "name": "hooks",