oh-my-customcode 0.176.0 → 0.178.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js CHANGED
@@ -241,7 +241,7 @@ var init_package = __esm(() => {
241
241
  workspaces: [
242
242
  "packages/*"
243
243
  ],
244
- version: "0.176.0",
244
+ version: "0.178.0",
245
245
  description: "Batteries-included agent harness for Claude Code",
246
246
  type: "module",
247
247
  bin: {
package/dist/index.js CHANGED
@@ -2031,7 +2031,7 @@ var package_default = {
2031
2031
  workspaces: [
2032
2032
  "packages/*"
2033
2033
  ],
2034
- version: "0.176.0",
2034
+ version: "0.178.0",
2035
2035
  description: "Batteries-included agent harness for Claude Code",
2036
2036
  type: "module",
2037
2037
  bin: {
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "workspaces": [
4
4
  "packages/*"
5
5
  ],
6
- "version": "0.176.0",
6
+ "version": "0.178.0",
7
7
  "description": "Batteries-included agent harness for Claude Code",
8
8
  "type": "module",
9
9
  "bin": {
@@ -12,6 +12,8 @@
12
12
 
13
13
  > **Tool-availability assumption (#1307 찐빠 #3)**: On first exploration, do NOT assume a tool (e.g., `Glob`) is available without confirming. Prefer `Bash` (`find`/`grep`) for initial search when the available-tool set is unconfirmed, to avoid "No such tool available" round-trips.
14
14
 
15
+ > **Platform tool variants (#1327 찐빠 #5)**: tool names differ by platform — e.g., macOS lacks GNU `timeout` (use `gtimeout` from coreutils). Confirm platform-specific tool availability before use.
16
+
15
17
  ### Capability-Aware Tool Scheduling
16
18
 
17
19
  When dispatching parallel tool calls, consider per-tool capabilities to optimize scheduling:
@@ -37,6 +37,10 @@ This is a settings-level resilience mechanism, distinct from the per-agent `mode
37
37
 
38
38
  > **v2.1.166+**: `MAX_THINKING_TOKENS=0`, `--thinking disabled`, and the per-model thinking toggle disable thinking on models that think by default via the Claude API (3rd-party providers unchanged). Relevant when an agent's `effort` is low and thinking overhead is undesirable.
39
39
 
40
+ ### Safe Mode & Bundled Skill Control (CC v2.1.169+)
41
+
42
+ > **v2.1.169+**: `--safe-mode` (and `CLAUDE_CODE_SAFE_MODE`) starts Claude Code with ALL customizations disabled (CLAUDE.md, plugins, skills, hooks, MCP servers) — use it to isolate whether a project customization (agent/skill/hook) causes a regression. The `disableBundledSkills` setting (and `CLAUDE_CODE_DISABLE_BUNDLED_SKILLS` env) hides bundled skills, workflows, and built-in slash commands from the model — useful when bundled skills conflict with or duplicate project skills (R006 skill-surface management). Note: `disableBundledSkills` hides skills from the model but is a CC platform setting, distinct from the advisory `skills:` frontmatter field (which is documentation metadata, not a runtime allowlist).
43
+
40
44
  ### Optional Frontmatter
41
45
 
42
46
  Key optional fields: `memory`, `effort`, `skills`, `soul`, `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations`, `domain`, `disableSkillShellExecution`. Supported since CC v2.1.63+. See full optional frontmatter via Read tool.
@@ -355,6 +355,8 @@ Cross-reference: R020 ("actual outcome ≠ attempt" — verifying that a command
355
355
 
356
356
  > **CC v2.1.162+**: `claude agents --json` now includes a `waitingFor` field showing what a waiting session is blocked on (e.g. a permission prompt). Use it as an additional deterministic ground-truth signal — a member with a non-empty `waitingFor` is blocked on input (needs unblocking), NOT silently stalled (reassign per stall handling below). This distinguishes the two failure modes the verification is meant to separate.
357
357
 
358
+ > **CC v2.1.169+**: `claude agents --json` now includes blocked and just-dispatched background sessions (previously omitted), adds `--all` to include completed sessions, and adds `id` and `state` fields. This strengthens the deterministic ground-truth for member completion verification — `state` distinguishes blocked/running/completed directly, and `--all` confirms a member actually completed (rather than just disappearing from the active list). Use `--all` + `state` as the ground-truth signal instead of inferring completion from a member's absence.
359
+
358
360
  **Stall handling**: When a member shows no task progress within ~2 minutes despite spawn + owner assignment + SendMessage coordination, reassign the work to a standalone Agent (R009) rather than continuing to nudge the stalled member. Stalled Teams members waste tokens on idle polling and delay the overall workflow.
359
361
 
360
362
  Observed instance: v0.159.0 release (session 105) — members assigned to disjoint-file cleanup tasks went idle without executing; deterministic git-diff check exposed the gap; work was reassigned to standalone parallel Agents. References: #1261, #1262.
@@ -213,6 +213,20 @@ Session 108에서 `auto-dev.yaml` 4곳을 canonical 통일할 때, repo-root `./
213
213
 
214
214
  Origin: #1290 (session 109 retrospective).
215
215
 
216
+ ### Config-Schema-Before-Edit
217
+
218
+ > Origin: #1327 찐빠 #2 — a provider switch (to DeepSeek) planned a 3-command edit (auth + provider + default) but omitted `base_url`, which stayed pointed at the previous provider (openrouter.ai) — traffic would have mis-routed. The config's base_url override-precedence was never read before planning the edits.
219
+
220
+ Before planning edits to a configuration (provider switch, endpoint/base_url override, credential injection, multi-key precedence), READ the full config schema and its override-precedence chain first. Do NOT plan partial edits before understanding which fields override which.
221
+
222
+ This applies when a change touches a field that participates in an override/precedence/inheritance chain (e.g. provider + base_url, multi-key fallback, layered defaults). A single independent field edit (flip a flag, bump a timeout) does NOT require a full-schema read.
223
+
224
+ | Anti-pattern | Required |
225
+ |--------------|----------|
226
+ | Plan a provider/endpoint switch as N commands without reading the config's override chain | Read the full config schema (which field wins, defaults, inheritance) → enumerate EVERY field the switch touches (incl. base_url) → then plan |
227
+
228
+ Sibling discipline to Read-Before-Characterize (that rule governs diagnosis — don't label before reading; this one governs edit-planning completeness — enumerate every interdependent field before editing). Cross-ref: R023 (verification ladder — config completeness is a Tier-1 deterministic pre-check).
229
+
216
230
  ### Degraded-Output Re-Verification Gate (529 / buffering)
217
231
 
218
232
  When tool outputs show degradation signs — 529 errors, duplicated or truncated output, or a Read returning empty on a file that is known non-empty — you MUST re-verify any fact via a deterministic second source BEFORE any destructive or permanent action (recovery-agent dispatch, issue edit, commit, file restore). Do NOT characterize state ("corruption", "오염", "loop") from a single degraded read.
@@ -227,6 +241,21 @@ Session 106: during 529 buffering, a CHANGELOG was misdiagnosed as "61x 중복
227
241
 
228
242
  Origin: #1269 ① (R020 self-violation, session 106).
229
243
 
244
+ ### CI Publish-Step Error vs Published-Artifact Ground Truth
245
+
246
+ > Origin: #1332 — `npm publish --provenance` emitted a Sigstore `TLOG_CREATE_ENTRY_ERROR` 409, but the publish step's `|| npm view <pkg>@<ver>` fallback recovered (the package WAS published) and release.yml succeeded on all jobs. A subagent read the tlog error in the logs and prematurely declared the run "failed", recommending a re-run; deterministic ground-truth (`npm view`, `gh release view`) showed the release had fully succeeded.
247
+
248
+ A CI publish/deploy step that LOGS an error has NOT necessarily failed — the step may recover via a fallback (`|| npm view ...`), or the error may be in a non-fatal sub-step (provenance attestation, eventual-consistency probe). Before declaring a publish/release run failed — and ESPECIALLY before re-running, rolling back, or permanently changing the workflow — verify the PUBLISHED ARTIFACT directly:
249
+
250
+ | Publish target | Ground-truth check |
251
+ |----------------|--------------------|
252
+ | npm | `npm view <pkg> version` == expected |
253
+ | GitHub Release | `gh release view <tag>` exists, not draft |
254
+ | Docker registry | image tag/manifest exists |
255
+ | Run outcome | `gh run view <id> --json jobs` job conclusions — NOT a single step's log line |
256
+
257
+ This is the publish-domain extension of Read-Before-Characterize ("actual outcome ≠ attempt"). Re-running a publish that actually succeeded risks duplicate-publish errors; permanently changing a workflow on a misdiagnosis is worse (cf. #1217 — npm E403 misdiagnosed as a `--provenance` conflict → wrong workflow change → repeated failure; real cause was token scope).
258
+
230
259
  ## Integration
231
260
 
232
261
  | Rule | Interaction |
@@ -122,6 +122,21 @@ The Git Push Continuation pattern (first-time strict / follow-up relaxed, scoped
122
122
 
123
123
  Cross-references: R001 (safety — destructive operation pre-checks still apply), R002 (permission tiers). Reference issues: #1230, #1226 (item 2).
124
124
 
125
+ ## User-Provided Input Precedence
126
+
127
+ > Origin: #1327 찐빠 #1 — the user created a NEW GitHub OAuth App and provided fresh credentials, but a script's "reuse existing github IdP if present" logic kept the OLD IdP/client_id, so login flowed through the stale credential. The freshly-provided input was silently ignored.
128
+
129
+ When the user EXPLICITLY provides new input (credentials, config values, IdP, API keys, endpoints), applying that new input takes precedence over idempotent "reuse existing" logic. After applying, VERIFY the change took effect — but compare ONLY non-secret identifiers (client_id, endpoint URL, key fingerprint/last-4), NEVER echo secret values into the transcript (R001). For secret material, verify via a side-effect probe (e.g., a test auth call succeeds) rather than value comparison.
130
+
131
+ | Anti-pattern | Required |
132
+ |--------------|----------|
133
+ | "An existing X is present → reuse it" when the user just supplied a new X | Apply the user-supplied X; treat reuse-logic as a fallback only when the user supplied nothing |
134
+ | User-supplied X EQUALS the existing X | Reuse is correct (idempotent no-op) — do NOT re-provision |
135
+ | User supplies only a SUBSET of fields | Apply the supplied fields; reuse existing values only for the unsupplied fields |
136
+ | Apply new credential, assume it took effect | Verify post-apply via non-secret identifier match or a side-effect probe — never echo secret values (R001) |
137
+
138
+ Cross-reference: R001 (credential guardrails — never echo secret values), R020 (verify actual outcome).
139
+
125
140
  ## Agent Triggers
126
141
 
127
142
  Defined in `.claude/skills/intent-detection/patterns/agent-triggers.yaml`. Each agent has keywords, file patterns, actions, and base confidence.
@@ -40,6 +40,23 @@ Before delegating ANY destructive git command (the table above), the orchestrato
40
40
 
41
41
  Enumerate ALL affected work — intended uncommitted edits (rule changes, new skills/guides) count too, not just the symptom the user named. Prefer a non-destructive alternative (`git stash`) when the user's goal (e.g., "reach remote state") can be met without permanent loss.
42
42
 
43
+ ### Infra/Resource Deletion Blast-Radius (generalized)
44
+
45
+ > Origin: #1327 찐빠 #3 — a Cloudflare tunnel was deleted after confirming only the user-named hostname (hermes.baekenough.com) + active-connection=0; the full set of DNS records / endpoints the tunnel served was never enumerated.
46
+
47
+ The git blast-radius enumeration above generalizes to ALL infra/resource deletion (tunnels, DNS records, k8s resources, load balancers, security groups). Before deleting a shared infra resource, enumerate EVERY endpoint/hostname/route the resource serves — not just the one the user named.
48
+
49
+ | Resource | Enumerate before delete |
50
+ |----------|-------------------------|
51
+ | Tunnel (cloudflared, etc.) | All hostnames/DNS records routed through the tunnel (`cloudflared tunnel info` + full DNS record scan), not just the named hostname |
52
+ | DNS record / zone | All services resolving via the record |
53
+ | k8s resource (Service, Ingress, etc.) | All selectors/endpoints/routes it backs |
54
+ | Load balancer / Security group | All targets/rules attached |
55
+
56
+ Present the full served-endpoint list for explicit approval before deletion. Active-connection=0 on one hostname does NOT prove the resource is unused by others.
57
+
58
+ Prefer a reversible action (disable/detach/stop) over delete when the goal can be met without permanent teardown — infra deletions (tunnel/DNS/k8s) are frequently NOT recoverable. Note whether the deletion is recoverable before proceeding.
59
+
43
60
  ## Credential & Privileged-Scope Guardrails
44
61
 
45
62
  > Origin: #1266 ① (Critical) — a subagent dumped `.env` and Gmail OAuth credentials into the transcript (Credential Exploration) and ran an unauthorized credential-rotation flow that caused a dashboard data outage.
@@ -51,6 +68,8 @@ Enumerate ALL affected work — intended uncommitted edits (rule changes, new sk
51
68
  | Chaining an approved privileged action into adjacent unrequested ones | Each privileged op requires its own authorization trace |
52
69
  | Irreversible shared-infra action (prod pod exec, shared-ns secret delete, tunnel create) without scope re-confirmation | Re-confirm scope with the user before irreversible / shared-infra actions |
53
70
 
71
+ > **Ask-before-scan (#1327 찐빠 #4)**: When a credential/token is needed, request it from the user BEFORE running BLIND/DISCOVERY credential scans (`env | grep`, repo-wide token greps), which trip the Credential Exploration classifier. Reading a SPECIFIC file the user named to obtain a value is not a discovery scan and is fine. If a scan trips the classifier, do not retry it (R010 Subagent Scope-Creep STOP Protocol).
72
+
54
73
  Cross-reference: R010 Subagent Scope-Creep STOP Protocol, R002 (permission tiers).
55
74
 
56
75
  ## Required Before Destructive Operations
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "0.176.0",
2
+ "version": "0.178.0",
3
3
  "lastUpdated": "2026-05-20T00:00:00.000Z",
4
4
  "omcustomMinClaudeCode": "2.1.121",
5
5
  "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",