oh-my-customcode 0.169.0 → 0.171.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/cli/index.js +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/hooks/hooks.json +1 -1
- package/templates/.claude/rules/MAY-optimization.md +2 -0
- package/templates/.claude/rules/MUST-agent-design.md +2 -0
- package/templates/.claude/rules/MUST-enforcement-policy.md +2 -0
- package/templates/.claude/rules/MUST-safety.md +15 -0
- package/templates/.claude/rules/SHOULD-memory-integration.md +13 -0
- package/templates/manifest.json +1 -1
package/README.md
CHANGED
|
@@ -213,7 +213,7 @@ All commands are invoked inside the Claude Code conversation.
|
|
|
213
213
|
| Priority | Count | Purpose |
|
|
214
214
|
|----------|-------|---------|
|
|
215
215
|
| **MUST** | 14 | Safety, permissions, agent design, identification, orchestration, verification, completion, enforcement |
|
|
216
|
-
| **SHOULD** |
|
|
216
|
+
| **SHOULD** | 8 | Interaction, error handling, memory, HUD, ecomode, ontology routing, wiki sync, verification ladder |
|
|
217
217
|
| **MAY** | 1 | Optimization |
|
|
218
218
|
|
|
219
219
|
Key rules: R010 (orchestrator never writes files), R009 (parallel execution mandatory), R017 (sauron verification before push), R020 (completion verification before declaring done), R021 (advisory-first enforcement model).
|
|
@@ -271,7 +271,7 @@ your-project/
|
|
|
271
271
|
├── .claude/
|
|
272
272
|
│ ├── agents/ # 49 agent definitions
|
|
273
273
|
│ ├── skills/ # 116 skill modules
|
|
274
|
-
│ ├── rules/ #
|
|
274
|
+
│ ├── rules/ # 23 governance rules (R000-R023)
|
|
275
275
|
│ ├── hooks/ # 15 lifecycle hook scripts
|
|
276
276
|
│ ├── schemas/ # Tool input validation schemas
|
|
277
277
|
│ ├── specs/ # Extracted canonical specs
|
package/dist/cli/index.js
CHANGED
package/dist/index.js
CHANGED
package/package.json
CHANGED
|
@@ -90,7 +90,7 @@
|
|
|
90
90
|
"command": "bash .claude/hooks/scripts/rtk-intercept.sh"
|
|
91
91
|
}
|
|
92
92
|
],
|
|
93
|
-
"description": "RTK auto-intercept — transparently rewrites CLI commands through RTK proxy when available (
|
|
93
|
+
"description": "RTK auto-intercept — transparently rewrites CLI commands through RTK proxy when available (R013 advisory)"
|
|
94
94
|
},
|
|
95
95
|
{
|
|
96
96
|
"matcher": "tool == \"Bash\" && tool_input.command matches \"git (reset|clean|checkout|restore|switch|rebase|merge)\"",
|
|
@@ -10,6 +10,8 @@
|
|
|
10
10
|
| Caching | Same data accessed repeatedly | Cache file contents, reuse search results |
|
|
11
11
|
| Lazy Loading | Large datasets, partial use | Read only needed files, stream results |
|
|
12
12
|
|
|
13
|
+
> **Tool-availability assumption (#1307 찐빠 #3)**: On first exploration, do NOT assume a tool (e.g., `Glob`) is available without confirming. Prefer `Bash` (`find`/`grep`) for initial search when the available-tool set is unconfirmed, to avoid "No such tool available" round-trips.
|
|
14
|
+
|
|
13
15
|
### Capability-Aware Tool Scheduling
|
|
14
16
|
|
|
15
17
|
When dispatching parallel tool calls, consider per-tool capabilities to optimize scheduling:
|
|
@@ -356,6 +356,8 @@ description: Brief desc # One-line summary
|
|
|
356
356
|
|
|
357
357
|
Key optional fields: `scope`, `context`, `version`, `effort`, `model`, `agent`, `hooks`, `paths`, `shell`, `allowed-tools`, `keep-coding-instructions`. Skill `effort` takes precedence over agent `effort` when both specified. See full optional fields via Read tool.
|
|
358
358
|
|
|
359
|
+
> **v2.1.163+**: In skill `command` bodies, use `\$` to emit a literal `$` before a number (e.g., `\$1`) — previously ambiguous with shell variable expansion. Relevant when authoring skills with `shell:` or inline command steps that include dollar signs not intended as variables.
|
|
360
|
+
|
|
359
361
|
<!-- DETAIL: Skill Optional Fields (full yaml block)
|
|
360
362
|
```yaml
|
|
361
363
|
scope: core # core | harness | package (default: core)
|
|
@@ -17,6 +17,8 @@ oh-my-customcode uses an **advisory-first enforcement model**. Most rules are en
|
|
|
17
17
|
| Advisory (proactive) | UserPromptSubmit hook | R007, R008 (`r007-r008-drift-advisor.sh`, #1229) | Reads last assistant turn; emits stderr advisory before next response if header/prefix absent. Complements retroactive Stop-hook (`session-reflection.sh`, #1190). |
|
|
18
18
|
| Prompt-based | CLAUDE.md + rules/ + PostCompact | All MUST rules | Behavioral guidance in context |
|
|
19
19
|
|
|
20
|
+
> **v2.1.163+**: Stop and SubagentStop hooks can return `hookSpecificOutput.additionalContext` (JSON) to feed structured feedback back into Claude's context without triggering a hook error label. This enables advisory-style enforcement via Stop/SubagentStop hooks (e.g., `session-reflection.sh`, omcustom-loop SubagentStop) to pass richer context — replacing plain stderr text — without disrupting the turn continuation behavior that advisory-first enforcement relies on.
|
|
21
|
+
|
|
20
22
|
## Why Advisory-First
|
|
21
23
|
|
|
22
24
|
1. **Agent flexibility**: Hard blocks can trap agents in unrecoverable states
|
|
@@ -25,6 +25,21 @@ The following git commands have caused working tree loss in past sessions (#1146
|
|
|
25
25
|
|
|
26
26
|
**Recovery hint**: If working tree loss occurs, check `git reflog` immediately — most operations are recoverable within 30 days.
|
|
27
27
|
|
|
28
|
+
### Pre-Delegation Blast-Radius Enumeration
|
|
29
|
+
|
|
30
|
+
> Origin: #1307 찐빠 #1 (High) — user chose "discard local changes and pull", and `git reset --hard origin/develop` was delegated immediately → user rejected (interrupt). The blast radius — that "discard local changes" included 18 files of *intended* uncommitted work (rule edits, new skills, new guides), not just a version downgrade — was never enumerated for the user.
|
|
31
|
+
|
|
32
|
+
Before delegating ANY destructive git command (the table above), the orchestrator MUST first enumerate the EXACT discard targets and present them for explicit approval. Do NOT delegate a destructive git op on a paraphrased intent ("로컬 변경 버리기" / "discard local changes") without showing what will actually be lost.
|
|
33
|
+
|
|
34
|
+
| Required before delegation | Command |
|
|
35
|
+
|----------------------------|---------|
|
|
36
|
+
| List modified/staged tracked files | `git status --short` |
|
|
37
|
+
| Show uncommitted diff scope | `git diff --stat` (and `git diff --stat --cached`) |
|
|
38
|
+
| Show stashable work scope | `git stash show --stat` (when a stash is involved) |
|
|
39
|
+
| Show untracked files at risk (for `clean`) | `git clean -nd` |
|
|
40
|
+
|
|
41
|
+
Enumerate ALL affected work — intended uncommitted edits (rule changes, new skills/guides) count too, not just the symptom the user named. Prefer a non-destructive alternative (`git stash`) when the user's goal (e.g., "reach remote state") can be met without permanent loss.
|
|
42
|
+
|
|
28
43
|
## Credential & Privileged-Scope Guardrails
|
|
29
44
|
|
|
30
45
|
> Origin: #1266 ① (Critical) — a subagent dumped `.env` and Gmail OAuth credentials into the transcript (Credential Exploration) and ran an unauthorized credential-rotation flow that caused a dashboard data outage.
|
|
@@ -364,6 +364,19 @@ Related records from session v0.87.2~v0.88.0 (issue #869):
|
|
|
364
364
|
- `feedback_bun_mock_module.md`
|
|
365
365
|
-->
|
|
366
366
|
|
|
367
|
+
## Safety-Related Feedback Memory Framing
|
|
368
|
+
|
|
369
|
+
> Origin: #1307 찐빠 #2 (Medium) — a sys-memory-keeper delegation prompt framed a learning as "오탐으로 판단하고 진행한다" (conclude it's a false positive and proceed), tripping the memory-poisoning safety classifier and requiring a rewrite.
|
|
370
|
+
|
|
371
|
+
Safety-related feedback memories MUST be written in **verification-obligation form**, NOT **conclusion form**. Conclusion-form framing ("ignore the warning and proceed", "오탐이므로 무시") risks future sessions ignoring genuine threat warnings (memory-poisoning).
|
|
372
|
+
|
|
373
|
+
| Anti-pattern (conclusion form) | Required (verification-obligation form) |
|
|
374
|
+
|--------------------------------|------------------------------------------|
|
|
375
|
+
| "이 경고는 오탐이므로 무시하고 진행" | "이 패턴은 X 검증을 트리거; 검증 통과 시에만 진행, 실패 시 STOP" |
|
|
376
|
+
| "warning is false positive, proceed" | "warning triggers a duty to verify Y; proceed only if verified, else STOP" |
|
|
377
|
+
|
|
378
|
+
Write safety learnings as triggers (what to check) + STOP conditions (when to halt), never as standing permission to dismiss a class of warnings.
|
|
379
|
+
|
|
367
380
|
## Session-End Auto-Save
|
|
368
381
|
|
|
369
382
|
### Trigger
|
package/templates/manifest.json
CHANGED