oh-my-customcode 0.170.0 → 0.172.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/rules/MAY-optimization.md +2 -0
- package/templates/.claude/rules/MUST-safety.md +15 -0
- package/templates/.claude/rules/SHOULD-memory-integration.md +13 -0
- package/templates/.claude/skills/pipeline/workflows/auto-dev.yaml +13 -0
- package/templates/manifest.json +1 -1
- package/templates/workflows/auto-dev.yaml +13 -0
package/dist/cli/index.js
CHANGED
package/dist/index.js
CHANGED
package/package.json
CHANGED
|
@@ -10,6 +10,8 @@
|
|
|
10
10
|
| Caching | Same data accessed repeatedly | Cache file contents, reuse search results |
|
|
11
11
|
| Lazy Loading | Large datasets, partial use | Read only needed files, stream results |
|
|
12
12
|
|
|
13
|
+
> **Tool-availability assumption (#1307 찐빠 #3)**: On first exploration, do NOT assume a tool (e.g., `Glob`) is available without confirming. Prefer `Bash` (`find`/`grep`) for initial search when the available-tool set is unconfirmed, to avoid "No such tool available" round-trips.
|
|
14
|
+
|
|
13
15
|
### Capability-Aware Tool Scheduling
|
|
14
16
|
|
|
15
17
|
When dispatching parallel tool calls, consider per-tool capabilities to optimize scheduling:
|
|
@@ -25,6 +25,21 @@ The following git commands have caused working tree loss in past sessions (#1146
|
|
|
25
25
|
|
|
26
26
|
**Recovery hint**: If working tree loss occurs, check `git reflog` immediately — most operations are recoverable within 30 days.
|
|
27
27
|
|
|
28
|
+
### Pre-Delegation Blast-Radius Enumeration
|
|
29
|
+
|
|
30
|
+
> Origin: #1307 찐빠 #1 (High) — user chose "discard local changes and pull", and `git reset --hard origin/develop` was delegated immediately → user rejected (interrupt). The blast radius — that "discard local changes" included 18 files of *intended* uncommitted work (rule edits, new skills, new guides), not just a version downgrade — was never enumerated for the user.
|
|
31
|
+
|
|
32
|
+
Before delegating ANY destructive git command (the table above), the orchestrator MUST first enumerate the EXACT discard targets and present them for explicit approval. Do NOT delegate a destructive git op on a paraphrased intent ("로컬 변경 버리기" / "discard local changes") without showing what will actually be lost.
|
|
33
|
+
|
|
34
|
+
| Required before delegation | Command |
|
|
35
|
+
|----------------------------|---------|
|
|
36
|
+
| List modified/staged tracked files | `git status --short` |
|
|
37
|
+
| Show uncommitted diff scope | `git diff --stat` (and `git diff --stat --cached`) |
|
|
38
|
+
| Show stashable work scope | `git stash show --stat` (when a stash is involved) |
|
|
39
|
+
| Show untracked files at risk (for `clean`) | `git clean -nd` |
|
|
40
|
+
|
|
41
|
+
Enumerate ALL affected work — intended uncommitted edits (rule changes, new skills/guides) count too, not just the symptom the user named. Prefer a non-destructive alternative (`git stash`) when the user's goal (e.g., "reach remote state") can be met without permanent loss.
|
|
42
|
+
|
|
28
43
|
## Credential & Privileged-Scope Guardrails
|
|
29
44
|
|
|
30
45
|
> Origin: #1266 ① (Critical) — a subagent dumped `.env` and Gmail OAuth credentials into the transcript (Credential Exploration) and ran an unauthorized credential-rotation flow that caused a dashboard data outage.
|
|
@@ -364,6 +364,19 @@ Related records from session v0.87.2~v0.88.0 (issue #869):
|
|
|
364
364
|
- `feedback_bun_mock_module.md`
|
|
365
365
|
-->
|
|
366
366
|
|
|
367
|
+
## Safety-Related Feedback Memory Framing
|
|
368
|
+
|
|
369
|
+
> Origin: #1307 찐빠 #2 (Medium) — a sys-memory-keeper delegation prompt framed a learning as "오탐으로 판단하고 진행한다" (conclude it's a false positive and proceed), tripping the memory-poisoning safety classifier and requiring a rewrite.
|
|
370
|
+
|
|
371
|
+
Safety-related feedback memories MUST be written in **verification-obligation form**, NOT **conclusion form**. Conclusion-form framing ("ignore the warning and proceed", "오탐이므로 무시") risks future sessions ignoring genuine threat warnings (memory-poisoning).
|
|
372
|
+
|
|
373
|
+
| Anti-pattern (conclusion form) | Required (verification-obligation form) |
|
|
374
|
+
|--------------------------------|------------------------------------------|
|
|
375
|
+
| "이 경고는 오탐이므로 무시하고 진행" | "이 패턴은 X 검증을 트리거; 검증 통과 시에만 진행, 실패 시 STOP" |
|
|
376
|
+
| "warning is false positive, proceed" | "warning triggers a duty to verify Y; proceed only if verified, else STOP" |
|
|
377
|
+
|
|
378
|
+
Write safety learnings as triggers (what to check) + STOP conditions (when to halt), never as standing permission to dismiss a class of warnings.
|
|
379
|
+
|
|
367
380
|
## Session-End Auto-Save
|
|
368
381
|
|
|
369
382
|
### Trigger
|
|
@@ -160,6 +160,19 @@ steps:
|
|
|
160
160
|
- All pipeline steps execute normally with full skill spawns
|
|
161
161
|
- Log: "[compression-mode] standard mode (scope={n}, mixed/high-risk labels, large scope, or code logic change)"
|
|
162
162
|
|
|
163
|
+
## Cross-tier — Pre-Existing Converged Artifact Substitution
|
|
164
|
+
|
|
165
|
+
Independent of the tier selected above, an INDIVIDUAL planning/verification step (triage / plan / deep-plan / deep-verify) MAY be satisfied by a pre-existing converged artifact instead of a fresh skill spawn — even in standard mode — when ALL of the following hold for that step:
|
|
166
|
+
1. A scoped issue carries (in its body or a linked artifact) a CONVERGED research/plan output equivalent to the step's skill — e.g. a `/research` multi-team analysis that explicitly converged, a `/deep-plan` artifact, or a prior `professor-triage`/`release-plan` output.
|
|
167
|
+
2. The artifact covers the scoped issues' domain (not stale or unrelated).
|
|
168
|
+
3. The substitution is for a PLANNING/VERIFICATION step ONLY — never for implement, verify-build, release, or ci-check.
|
|
169
|
+
|
|
170
|
+
If substituted, emit a MANDATORY justification log naming the artifact:
|
|
171
|
+
"[compression-mode] step '{step}' satisfied by converged artifact {ref} (substitution); skill spawn skipped"
|
|
172
|
+
If the artifact's convergence or domain coverage cannot be concretely asserted, do NOT substitute — spawn the skill.
|
|
173
|
+
|
|
174
|
+
This authorizes, under an audit log, a substitution that would otherwise be a standard-mode contract deviation. Origin: #1309 (a converged `/research` artifact was used in place of triage/plan/deep-plan under standard mode without an authorizing rule).
|
|
175
|
+
|
|
163
176
|
## Output
|
|
164
177
|
|
|
165
178
|
compression_mode ∈ {docs-only, lite, standard} as pipeline state for downstream steps.
|
package/templates/manifest.json
CHANGED
|
@@ -160,6 +160,19 @@ steps:
|
|
|
160
160
|
- All pipeline steps execute normally with full skill spawns
|
|
161
161
|
- Log: "[compression-mode] standard mode (scope={n}, mixed/high-risk labels, large scope, or code logic change)"
|
|
162
162
|
|
|
163
|
+
## Cross-tier — Pre-Existing Converged Artifact Substitution
|
|
164
|
+
|
|
165
|
+
Independent of the tier selected above, an INDIVIDUAL planning/verification step (triage / plan / deep-plan / deep-verify) MAY be satisfied by a pre-existing converged artifact instead of a fresh skill spawn — even in standard mode — when ALL of the following hold for that step:
|
|
166
|
+
1. A scoped issue carries (in its body or a linked artifact) a CONVERGED research/plan output equivalent to the step's skill — e.g. a `/research` multi-team analysis that explicitly converged, a `/deep-plan` artifact, or a prior `professor-triage`/`release-plan` output.
|
|
167
|
+
2. The artifact covers the scoped issues' domain (not stale or unrelated).
|
|
168
|
+
3. The substitution is for a PLANNING/VERIFICATION step ONLY — never for implement, verify-build, release, or ci-check.
|
|
169
|
+
|
|
170
|
+
If substituted, emit a MANDATORY justification log naming the artifact:
|
|
171
|
+
"[compression-mode] step '{step}' satisfied by converged artifact {ref} (substitution); skill spawn skipped"
|
|
172
|
+
If the artifact's convergence or domain coverage cannot be concretely asserted, do NOT substitute — spawn the skill.
|
|
173
|
+
|
|
174
|
+
This authorizes, under an audit log, a substitution that would otherwise be a standard-mode contract deviation. Origin: #1309 (a converged `/research` artifact was used in place of triage/plan/deep-plan under standard mode without an authorizing rule).
|
|
175
|
+
|
|
163
176
|
## Output
|
|
164
177
|
|
|
165
178
|
compression_mode ∈ {docs-only, lite, standard} as pipeline state for downstream steps.
|