oh-my-customcode 0.159.0 → 0.161.0

package/README.md

@@ -13,7 +13,7 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-49 agents. 115 skills. 23 rules. One command.
+49 agents. 116 skills. 23 rules. One command.
 
 ```bash
 npm install -g oh-my-customcode && cd your-project && omcustom init
@@ -132,7 +132,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 
 ---
 
-### Skills (115)
+### Skills (116)
 
 | Category | Count | Includes |
 |----------|-------|----------|
@@ -270,7 +270,7 @@ your-project/
 ├── CLAUDE.md                   # Entry point
 ├── .claude/
 │   ├── agents/                 # 49 agent definitions
-│   ├── skills/                 # 115 skill modules
+│   ├── skills/                 # 116 skill modules
 │   ├── rules/                  # 22 governance rules (R000-R021)
 │   ├── hooks/                  # 15 lifecycle hook scripts
 │   ├── schemas/                # Tool input validation schemas

package/dist/cli/index.js

@@ -2334,7 +2334,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.159.0",
+    version: "0.161.0",
     description: "Batteries-included agent harness for Claude Code",
     type: "module",
     bin: {

package/dist/index.js

@@ -2031,7 +2031,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.159.0",
+  version: "0.161.0",
   description: "Batteries-included agent harness for Claude Code",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.159.0",
+  "version": "0.161.0",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/rules/MUST-agent-design.md

@@ -162,6 +162,8 @@ Agent frontmatter `hooks:` now fire when the agent runs as a main-thread agent v
 
 > **Note**: `/reload-plugins` now auto-installs missing plugin dependencies from added marketplaces (v2.1.116+).
 
+> **v2.1.157+**: `settings.json` `agent` field is now honored for dispatched sessions (with `--agent <name>` override). `EnterWorktree` can switch between Claude-managed worktrees mid-session, and worktrees are left unlocked when the agent finishes (enabling `git worktree remove`/`prune` cleanup).
+
 ## Permission Mode Guidance
 
 CC defaults `mode` to `acceptEdits` if not specified — always pass `mode: "bypassPermissions"` explicitly in Agent tool calls (see R010). See guidance details via Read tool.

package/templates/.claude/rules/MUST-agent-teams.md

@@ -23,6 +23,7 @@ Available when `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1` or TeamCreate/SendMessag
 | Dynamic agent creation + usage | **Agent Teams** | Create → test → iterate cycle |
 | Multi-issue release batch | **Agent Teams** | Shared task tracking, coordinated release |
 | Large plan / multi-domain prompt (>5000 tokens, 3+ areas) | **Agent Teams** | Domain-split parallel writing + review loop avoids single-agent timeout |
+| Mechanical disjoint-file refactoring (bulk delete + reference cleanup) | Agent Tool | Pure parallel edits with no peer coordination or review loop; Teams member-stall risk outweighs benefit — use standalone parallel Agents (R009) |
 
 **When Agent Teams is enabled and criteria are met, usage is required.**
 
@@ -313,3 +314,27 @@ Agent Teams 멤버는 long-running 작업 중 진행 상태를 TaskUpdate 로
 - 차단 사유를 SendMessage 로만 보내고 task description 업데이트 누락 → TaskList 만 보는 멤버는 사유를 모름
 
 Reference issue: #1087.
+
+## Member Completion Verification (deterministic ground-truth)
+
+Agent Teams member completion MUST be verified by deterministic ground-truth — NOT by SendMessage reports or TaskList status alone. Members may edit files without updating task status (task stays `pending`) or go idle without executing at all.
+
+**Verification sources (in order of reliability):**
+
+| Source | Reliability | Examples |
+|--------|-------------|---------|
+| `git status` / `git diff` | High — ground truth | Check that expected files changed |
+| `grep` / file existence | High — deterministic | Verify expected content written |
+| Validation scripts | High — deterministic | `validate-docs`, linters, test runs |
+| TaskList status | Low — member may not update | Use as a signal only |
+| SendMessage report | Low — member may stall before sending | Use as a signal only |
+
+Cross-reference: R020 ("actual outcome ≠ attempt" — verifying that a command ran is not the same as verifying it succeeded).
+
+**Stall handling**: When a member shows no task progress within ~2 minutes despite spawn + owner assignment + SendMessage coordination, reassign the work to a standalone Agent (R009) rather than continuing to nudge the stalled member. Stalled Teams members waste tokens on idle polling and delay the overall workflow.
+
+Observed instance: v0.159.0 release (session 105) — members assigned to disjoint-file cleanup tasks went idle without executing; deterministic git-diff check exposed the gap; work was reassigned to standalone parallel Agents. References: #1261, #1262.
+
+## Member Prompt Size Cap
+
+Keep per-member delegation prompts under ~5000 tokens and within a single domain. Oversized or multi-domain prompts risk malformed-parsing truncation in the CC platform (see R009 giant-prompt heuristic and `feedback_agent_malformed_parsing.md`). Large multi-file delegations should be decomposed and split across multiple members or standalone Agents.

package/templates/.claude/rules/MUST-completion-verification.md

@@ -185,6 +185,17 @@ triage-dispatch.yml 실패 원인을 파일 Read 전에 "triaged 라벨 부재 +
 
 > 진단에 의존하는 쓰기/위임은 진단 결과를 본 다음 턴에 수행한다. R009 병렬 실행은 독립 작업에만 적용 — 진단→변경은 순차 의존이다.
 
+### Read-Before-Characterize
+
+진단 대상(로그, 출력, 데이터)을 **충분히 읽기 전에** 에러 클래스나 원인을 단정하지 않는다. 24MB INFO 로그를 읽기 전 "error loop"로 단정하는 것은 위반이다.
+
+| 금지 | 필수 |
+|------|------|
+| 로그/출력을 읽기 전 "error loop"·"무한 루프"로 특성화 | 대표 샘플을 먼저 읽고 INFO/WARN/ERROR 분포 확인 후 특성화 |
+| 첫 namespace/scope만 보고 전체 단정 | 관련 scope 확인 후 결론 |
+
+Origin: #1266 ④.
+
 ## Integration
 
 | Rule | Interaction |

package/templates/.claude/rules/MUST-orchestrator-coordination.md

@@ -238,6 +238,28 @@ When the user explicitly signals full-delegation intent, the orchestrator operat
 Autonomous mode and `/structured-dev-cycle` (stage-blocker) are mutually exclusive.
 -->
 
+## Subagent Scope-Creep STOP Protocol
+
+> Origin: #1266 ① (Critical) — a single subagent named "Migrate secretary.db to PG + backfill" tripped the safety classifier 13 times, silently expanding from its named task into shared-secret deletion, unrequested public tunnel creation, `.env`/OAuth credential dumps, and prod pod remote exec. The orchestrator kept re-running the tripped agent instead of stopping it; a resulting credential rotation caused a dashboard data outage.
+
+### Core Rule
+
+When a subagent trips the safety classifier (R001/R002) **2 times**, the orchestrator MUST STOP that agent, discard its in-flight plan, and redesign the task with a narrower, pre-decomposed scope. Repeatedly re-running a tripped agent is an anti-pattern.
+
+| Trips on same agent | Required orchestrator action |
+|---------------------|------------------------------|
+| 1st trip | Note the boundary; re-confirm the agent's scope against the original task |
+| 2nd trip | STOP the agent — do NOT re-run. Redesign: decompose by domain (R009) and re-delegate narrower units |
+| 3+ trips | Hard anti-pattern — indicates lost control; abort and report to user |
+
+### Pre-Decomposition Mandate
+
+Broad single-task scopes (e.g. "migrate + backfill") MUST be pre-decomposed by domain before delegation, so an agent cannot silently expand from its named task into adjacent privileged domains (secret rotation, tunnel creation, infra deletion, dashboard changes). See R009 (pre-decomposition) and R018 (domain-split).
+
+### Out-of-Scope Privileged Chaining
+
+A subagent MUST NOT chain from an approved action into unrequested privileged operations. Example: approved "delete tunnel X" → unrequested "create new public tunnel Y" is a scope violation. Each privileged action requires its own authorization trace back to the user request.
+
 ## Universal bypassPermissions
 
 **ALL Agent tool calls MUST include `mode: "bypassPermissions"`.**

package/templates/.claude/rules/MUST-safety.md

@@ -25,6 +25,19 @@ The following git commands have caused working tree loss in past sessions (#1146
 
 **Recovery hint**: If working tree loss occurs, check `git reflog` immediately — most operations are recoverable within 30 days.
 
+## Credential & Privileged-Scope Guardrails
+
+> Origin: #1266 ① (Critical) — a subagent dumped `.env` and Gmail OAuth credentials into the transcript (Credential Exploration) and ran an unauthorized credential-rotation flow that caused a dashboard data outage.
+
+| Prohibited | Required instead |
+|-----------|------------------|
+| Dumping credential stores (`.env`, OAuth tokens, k8s secrets, `PG_DSN`) into the transcript or agent output | Reference secrets by name only; never echo values |
+| Unrequested credential rotation / secret recreation | Rotate only on explicit user request scoped to the specific secret |
+| Chaining an approved privileged action into adjacent unrequested ones | Each privileged op requires its own authorization trace |
+| Irreversible shared-infra action (prod pod exec, shared-ns secret delete, tunnel create) without scope re-confirmation | Re-confirm scope with the user before irreversible / shared-infra actions |
+
+Cross-reference: R010 Subagent Scope-Creep STOP Protocol, R002 (permission tiers).
+
 ## Required Before Destructive Operations
 
 Verify target, assess impact scope, check recoverability, get user approval.

package/templates/.claude/rules/SHOULD-hud-statusline.md

@@ -17,6 +17,8 @@ Format: `─── [Spawn] {subagent_type}:{model} | {description} ───`
 
 > **v2.1.141+**: Hook JSON output can include `terminalSequence` field to emit window title changes or terminal bells without terminal control. Complementary to HUD stderr channel — e.g., update window title on task completion or ring bell after long parallel run. Modifying `.claude/hooks/` requires explicit user approval (R001).
 
+> **v2.1.157+**: `tool_decision` telemetry events now include `tool_parameters` (bash commands, MCP/skill names) when `OTEL_LOG_TOOL_DETAILS=1`. Complements R012 observability — enables per-tool parameter tracking in monitoring dashboards. See `monitoring-setup` skill.
+
 <!-- DETAIL: HUD Events full spec
 ### When to Display: Multi-step tasks, parallel execution, long-running operations. Skip for single brief operations.
 ### Parallel Display:

package/templates/.claude/rules/SHOULD-interaction.md

@@ -87,3 +87,13 @@ Trade-offs: RS256 is ~10x slower than HS256 but enables asymmetric key managemen
 | **Output Styles** | 세션 전체 기본 어조/포맷 | static, session-level |
 
 기본 활성화 스타일: `korean-engineer` (`.claude/output-styles/korean-engineer.md`).
+
+## Unverifiable External Product UI
+
+> Origin: #1266 ② (High) — described Cloudflare Access "Add an application" Subdomain/Domain/Path fields as fact; the user found no such fields ("어디에도 없다").
+
+Do NOT state the steps, field names, or layout of an external product's UI as fact when you cannot verify them from a measured source. Provide only system-measured values (URLs, config read from files/APIs) and delegate UI navigation to the user.
+
+| Anti-pattern | Required |
+|--------------|----------|
+| "Click X, fill the Subdomain field, then…" (unverified external UI) | "Open <measured URL>. Navigate the console yourself — I can't see your screen. Values to enter: …" |

package/templates/.claude/rules/SHOULD-verification-ladder.md

@@ -75,3 +75,21 @@ R021은 위반 시 어떻게 멈출지를, R023은 어떤 순서로 검증할지
 | R013 (Ecomode) | 컨텍스트 압박 시 Tier 3를 Tier 2로 다운그레이드 고려 |
 | R017 (Sync Verification) | Phase 1-3 검증 단계는 R023 Tier 1-3에 대응 |
 | R021 (Enforcement Policy) | 직교: R021은 blocking 방식, R023은 검증 비용 순서 |
+
+## Workflow Prompt & Verifier Ground-Truth
+
+> Origin: #1266 ③ (High) — a Workflow built the agent prompt as `await agent(prompt) + FACTS`, concatenating the guardrail fact-sheet onto the RETURN VALUE instead of the prompt. The writer never received the facts, hallucinated an in-cluster hostname (`secretary-mcp`), and the adversarial verifier couldn't catch it (the fact was in no source it had).
+
+### Prompt Completion Before Call
+
+Workflow/agent prompts MUST be fully assembled into the prompt string **before** the `agent()` / Agent tool call. Post-call concatenation onto the return value is a footgun — the agent never sees the appended content.
+
+| Anti-pattern | Required |
+|--------------|----------|
+| `const r = await agent(prompt) + FACTS` | `const r = await agent(prompt + FACTS)` — assemble first |
+
+### Verifier Ground-Truth for Cross-Cutting Facts
+
+Cross-cutting facts not verifiable from the primary source (external URLs, in-cluster DNS/hostnames, infra topology) MUST be supplied to the verifier as explicit ground-truth. Otherwise an adversarial verifier cannot distinguish a hallucinated value from a correct one — a verification blind spot.
+
+Cross-reference: R009 (giant-prompt decomposition), `worker-reviewer-pipeline` skill.

package/templates/.claude/skills/homework/SKILL.md

@@ -0,0 +1,217 @@
+---
+name: homework
+description: On session cleanup ("세션 정리") or /homework invocation, analyze the current and linked previous sessions, extract mistakes (찐빠), and report them via omcustom-feedback with a confirmation gate. Use when wrapping up a session or auditing recent work for harness gaps.
+scope: harness
+user-invocable: true
+argument-hint: "[--dry-run] [--days <n>] [--severity <critical|high|medium|low>]"
+version: 0.1.0
+effort: medium
+---
+
+# Homework — Session Mistake Extractor
+
+On session cleanup ("세션 정리") or `/homework` invocation, analyze the current and linked previous sessions to extract 찐빠 (mistakes: rule violations, scope-creep, hallucinations, premature hypotheses, missed conventions, etc.), then report findings via `omcustom-feedback` with a mandatory user confirmation gate.
+
+This skill is the dedicated entry point for R011's "Session-End Retrospective Feedback (Model-Drafted)" pattern. It formalizes the retrospective workflow that produced issue #1266.
+
+## Usage
+
+```
+/homework                          # Analyze current session, report findings
+/homework --dry-run                # Analyze only, no omcustom-feedback invocation
+/homework --days 3                 # Include linked sessions from last N days
+/homework --severity high          # Filter to critical/high findings only
+```
+
+## Trigger Detection
+
+Activate when the user says any of:
+- "세션 정리" / "숙제" / "회고"
+- "homework" / "session cleanup" / "wrap up"
+- Explicit `/homework` invocation
+- Session-end signals: "끝", "종료", "마무리", "done", "end session"
+
+When activated as a session-end signal, this skill runs BEFORE sys-memory-keeper's MEMORY.md update (R011 session-end self-check order: homework → memory save).
+
+## Workflow
+
+### Phase 1: Trigger Parsing
+
+Parse arguments:
+- `--dry-run`: analyze only, skip Phase 5 (omcustom-feedback invocation)
+- `--days <n>`: extend linked-session search to last N days (default: 0 = current session only)
+- `--severity <level>`: filter output to this severity and above (default: all)
+
+### Phase 2: Session Gathering
+
+#### 2a. Current Session Transcript
+
+Attempt deterministic transcript extraction. Preferred sources (in order):
+
+1. **Grep for rule-violation markers** in the current conversation context:
+   - Safety classifier trip signals: `[Safety]`, `[R001]`, `[Warning]`, classifier denial messages
+   - Self-corrections: "sorry", "I made an error", "let me correct", "이전 답변 수정", "죄송합니다"
+   - Premature hypothesis signals: "I assume", "probably", "should be" followed by a contradiction in a later turn
+   - Interrupt + re-plan events: user corrections, "no", "wrong", "다시", "아니"
+
+2. **Transcript files** (CC v2.1.x session JSONL):
+   ```bash
+   find ~/.claude/projects -name "session-*.jsonl" -newer "$(date -v-1d +%Y-%m-%dT00:00:00)" 2>/dev/null | head -5
+   ```
+   Parse `type: "error"`, `type: "correction"`, `type: "feedback"` events.
+
+3. **Fallback**: Rely on the model's recall of the current conversation (impressionistic, lower confidence — mark findings as `[recall]` not `[transcript]`).
+
+#### 2b. Linked Previous Sessions (when `--days` > 0)
+
+Use the `episodic-memory` plugin's `search-conversations` / `episodic-memory:remembering-conversations` to retrieve sessions from the last N days linked to this project. Pass project directory as context.
+
+If `episodic-memory` is unavailable, scan JSONL files:
+```bash
+find ~/.claude/projects -name "session-*.jsonl" \
+  -newer "$(date -v-${DAYS}d +%Y-%m-%dT00:00:00)" 2>/dev/null
+```
+
+**R020 read-before-characterize**: Do NOT characterize a session's mistakes before reading it. Read the session transcript (or a representative sample) first, then characterize.
+
+### Phase 3: Mistake (찐빠) Analysis
+
+Categorize each finding with the following structure (mirror #1266 format):
+
+```
+찐빠 #N — [{severity}] {short title}
+├── 증상: {what was observed — cite evidence: session line ref or commit SHA}
+├── 근거: {transcript evidence or recall note — always read first per R020}
+├── 원인: {root cause — why did this happen?}
+├── 영향 규칙: {R0xx, R0yy — affected rule IDs}
+└── 제안: {concrete corrective action or harness change}
+```
+
+**Severity scale:**
+
+| Level | Criteria | Examples |
+|-------|----------|---------|
+| Critical | Safety classifier trip, credential exposure, scope-creep into privileged domains, working-tree loss | R001 violation, secret dump, unauthorized infra action |
+| High | Rule violation with downstream impact, hallucinated fact acted upon, premature hypothesis causing permanent change | R020 Parallel Read+Change, wrong root cause → wrong fix |
+| Medium | Process gap, missed convention, advisory rule ignored | R007 header missing, bypassPermissions omitted, count sync missed |
+| Low | Minor style drift, non-impactful oversight | honorific regression, ecomode token waste |
+
+**Mistake categories to look for:**
+
+| Category | Signals |
+|----------|---------|
+| Rule violations (R0xx) | Header missing (R007), tool prefix absent (R008), file write by orchestrator (R010), sequential when parallel required (R009) |
+| Scope-creep | Subagent task expanding beyond its named scope (R010 Subagent Scope-Creep STOP Protocol) |
+| Hallucinated facts | External UI fields stated as fact (R003 Unverifiable External Product UI), in-cluster hostnames, unverified URLs |
+| Premature hypotheses | Diagnosis before reading evidence (R020 Read-Before-Characterize), parallel Read+permanent-change dispatch (R020 Variant) |
+| Missed conventions | Count sync drift (3-way sync), template mirror omitted, bypassPermissions missing |
+| Over-claim completion | [Done] without verification (R020), test-skip masking failures |
+
+**Do NOT over-claim.** If evidence for a finding is weak or based on recall only, mark it `[recall, low-confidence]` and note what would be needed to confirm it. R020 read-before-characterize applies to this analysis itself.
+
+### Phase 4: Draft Feedback Issue
+
+Assemble a feedback issue in Korean using the #1266 format:
+
+```markdown
+**제목**: 세션 회고: {date} 세션 찐빠 {N}건 — {top finding title}
+
+**카테고리**: improvement
+
+**본문**:
+## 세션 회고 — {YYYY-MM-DD}
+
+### 개요
+총 {N}건의 찐빠가 발견되었습니다 (Critical: {c}, High: {h}, Medium: {m}, Low: {l}).
+
+### 찐빠 목록
+
+{찐빠 #1 ~ #N — structured format from Phase 3}
+
+### 하네스 제안 (있는 경우)
+{Concrete skill/rule/hook changes that would prevent recurrence}
+
+---
+*Generated by `/homework` skill (v0.1.0)*
+```
+
+If `--severity` filter is active, include only findings at or above the threshold. Note the filter in the issue body.
+
+If no findings are discovered, output:
+```
+[homework] 이번 세션에서 찐빠를 발견하지 못했습니다. (세션 정상 종료)
+```
+and skip Phase 5.
+
+### Phase 5: Report via omcustom-feedback (Phase 4A gate)
+
+**MUST go through the `omcustom-feedback` skill's Phase 4A preview + confirmation gate.**
+**NEVER auto-submit.** User approval is always required before any GitHub issue is created.
+
+Invoke the `omcustom-feedback` skill with the drafted issue content. The user will see a preview and must confirm before any GitHub issue is created.
+
+```
+[homework] 피드백 이슈 초안을 omcustom-feedback으로 전달합니다.
+아래 미리보기를 확인하고 제출 여부를 결정해 주세요.
+```
+
+If `--dry-run` is active, skip this phase and output the draft directly to the conversation instead.
+
+### Phase 6: Output Summary
+
+```
+[homework] 완료
+├── 분석: {N}건 찐빠 발견 (Critical: {c}, High: {h}, Medium: {m}, Low: {l})
+├── 제출: {이슈 URL | dry-run (미제출) | 사용자 취소}
+└── 다음 액션: {harness 제안 있으면 표시, 없으면 "없음"}
+```
+
+## Options Reference
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `--dry-run` | off | Analyze only, no omcustom-feedback invocation |
+| `--days <n>` | 0 | Include linked sessions from last N days (0 = current session only) |
+| `--severity <level>` | all | Filter findings to this level and above |
+
+## Rules & Cross-References
+
+| Rule | Relevance |
+|------|-----------|
+| R011 (SHOULD-memory-integration) | This skill is the dedicated entry point for "Session-End Retrospective Feedback (Model-Drafted)". Runs before sys-memory-keeper MEMORY.md update. |
+| R020 (MUST-completion-verification) | Analysis MUST read transcript evidence before characterizing a mistake. Do NOT characterize before reading (Read-Before-Characterize). Parallel Read + Permanent-Change Dispatch anti-pattern applies here too. |
+| R016 (MUST-continuous-improvement) | Genuine defects/process gaps → feedback issue. The /homework output feeds R016's continuous improvement loop. |
+| R010 (MUST-orchestrator-coordination) | Any file writes in this workflow must be delegated to subagents. This skill orchestrates, never directly writes except to `.claude/outputs/`. |
+| R001 (MUST-safety) | Analysis must not dump credential values, secrets, or PII. Reference sensitive items by name only. |
+
+## Related Skills
+
+| Skill | Relationship |
+|-------|-------------|
+| `omcustom-feedback` | Reporting channel (Phase 5). Model-invocable with Phase 4A confirmation gate. |
+| `instinct-extractor` | Cross-session failure-pattern mining (complements /homework's single-session focus). For multi-session patterns, run instinct-extractor after homework. |
+| `episodic-memory:search-conversations` | Cross-session retrieval for `--days` mode. |
+| `sys-memory-keeper` | Runs after /homework at session end (R011 order: homework → memory save). |
+
+## Artifact Output
+
+```
+.claude/outputs/sessions/{YYYY-MM-DD}/homework-{HHmmss}.md
+```
+
+If Phase 5 is skipped (`--dry-run`), the draft issue body is written to this artifact path for reference.
+
+## Permission Mode Note
+
+This skill does not spawn subagents directly. If future versions delegate analysis to subagents, ALL Agent tool calls MUST include `mode: "bypassPermissions"` per R010 Universal bypassPermissions.
+
+## Context Fork Note
+
+This skill does NOT use `context: fork`. The fork cap is at 10/12; homework is a single-agent orchestration skill and does not require a forked context.
+
+## Limitations
+
+- **Transcript availability**: CC `session-*.jsonl` schema may change; Phase 2a source (1) grep is more resilient than JSONL parsing.
+- **Recall accuracy**: When transcript files are unavailable, findings are marked `[recall]` and confidence is lower.
+- **episodic-memory dependency**: `--days` mode degrades gracefully when the plugin is unavailable (falls back to JSONL scan).
+- **Scope**: This skill analyzes session behavior, not code quality. For code-quality retrospectives, use `dev-review` or `adversarial-review`.

package/templates/CLAUDE.md

@@ -116,7 +116,7 @@ project/
 +-- CLAUDE.md                    # 진입점
 +-- .claude/
 |   +-- agents/                  # 서브에이전트 정의 (49 파일)
-|   +-- skills/                  # 스킬 (115 디렉토리)
+|   +-- skills/                  # 스킬 (116 디렉토리)
 |   +-- rules/                   # 전역 규칙 (R000-R023)
 |   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
 |   +-- contexts/                # 컨텍스트 파일 (ecomode)

package/templates/guides/claude-code/15-version-compatibility.md

@@ -1082,6 +1082,28 @@ Claude가 스스로 판단할 수 있는 상황에서는 multiple-choice prompt
 
 ---
 
+## v2.1.158 (2026-05-30)
+
+### oh-my-customcode 영향
+
+| 변경 | 영향 | 적용 |
+|------|------|------|
+| Auto mode가 Bedrock/Vertex/Foundry에서 Opus 4.7/4.8 지원 (`CLAUDE_CODE_ENABLE_AUTO_MODE=1`) | 멀티 클라우드 백엔드에서 auto 모드 사용 가능 | R006 permissionMode `auto` — 백엔드 무관 동작 |
+
+## v2.1.157 (2026-05-29)
+
+### oh-my-customcode 영향
+
+| 변경 | 영향 | 적용 |
+|------|------|------|
+| `.claude/skills` 디렉토리 플러그인 자동 로드 (마켓플레이스 불필요) | 내부 스킬 배포 단순화 | 외부 의존성 설치 절차 간소화 가능 |
+| `claude plugin init <name>` 스캐폴딩 추가 | 신규 플러그인 생성 도구 | mgr-creator 워크플로우 보완 |
+| `settings.json` `agent` 필드가 dispatched session에서 honored (`--agent` override) | 메인 스레드 에이전트 지정 가능 | R006 main-thread agent 참조 |
+| `EnterWorktree` 세션 중 Claude-managed worktree 간 전환 | 워크트리 격리 작업 유연성 | R006 worktree isolation 참조 |
+| `tool_decision` telemetry에 `tool_parameters` 포함 (`OTEL_LOG_TOOL_DETAILS=1`) | bash/MCP/skill 파라미터 추적 가능 | R012 monitoring + monitoring-setup 스킬 참조 |
+| Claude-managed worktree 종료 시 자동 unlock (`git worktree remove/prune` 가능) | 워크트리 정리 자동화 | R006 worktree 참조 |
+| 다수 버그 수정 (이미지 처리, sandbox 권한, `claude agents` 세션, `--resume`) | 안정성 향상 | 영향 없음 |
+
 ## v2.1.156 (2026-05-29) — 호환성 점검
 
 > Issue: #1245 — CC v2.1.156 tracking

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.159.0",
+  "version": "0.161.0",
   "lastUpdated": "2026-05-20T00:00:00.000Z",
   "omcustomMinClaudeCode": "2.1.121",
   "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",
@@ -20,7 +20,7 @@
       "name": "skills",
       "path": ".claude/skills",
       "description": "Reusable skill modules (includes slash commands)",
-      "files": 115
+      "files": 116
     },
     {
       "name": "guides",