oh-my-customcode 0.35.3 → 0.36.1

package/README.md

@@ -4,7 +4,7 @@
 
 # oh-my-customcode
 
-> **Your Coding Agent Stack, Your Way**
+> **Your AI Agent Stack. Compiled, Not Configured.**
 
 [![npm version](https://img.shields.io/npm/v/oh-my-customcode.svg)](https://www.npmjs.com/package/oh-my-customcode)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
@@ -13,294 +13,245 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-**The easiest way to customize Claude Code with agents, skills, and rules.**
+44 agents. 74 skills. 20 rules. One command.
 
-Like oh-my-zsh transformed shell customization, oh-my-customcode makes personalizing your coding agent workflow simple, powerful, and fun.
+```bash
+npm install -g oh-my-customcode && cd your-project && omcustom init
+```
 
-## What Makes It Special
+---
 
-| Feature | Description |
-|---------|-------------|
-| **Batteries Included** | 44 agents, 71 skills, 25 guides, 19 rules, 1 hook, 4 contexts, ontology graph - ready to use out of the box |
-| **Sub-Agent Model** | Supports hierarchical agent orchestration with specialized roles |
-| **Dead Simple Customization** | Create a folder + markdown file = new agent or skill |
-| **Mix and Match** | Use built-in components, create your own, or combine both |
-| **Non-Destructive** | Your customizations live alongside defaults, never overwritten |
-| **Dynamic Agent Creation** | No matching expert? The system creates one on-the-fly, connecting relevant skills and guides |
+## Philosophy
 
-## Quick Start
+oh-my-customcode is built on two ideas:
 
-```bash
-# Install globally
-npm install -g oh-my-customcode
+**1. Agent systems are compiled, not configured.**
 
-# Initialize in your project
-cd your-project
-omcustom init
-```
+| Compile Concept | oh-my-customcode |
+|----------------|-----------------|
+| Source code | `.claude/skills/` — reusable knowledge and workflows |
+| Build artifacts | `.claude/agents/` — executable specialists assembled from skills |
+| Compiler | `mgr-sauron` (R017) — structural verification and integrity |
+| Spec | `.claude/rules/` — constraints and build rules |
+| Linker | Routing skills — connect agents to tasks |
+| Standard library | `guides/` — shared reference documentation |
 
-That's it. You now have a fully configured agent environment.
+Skills are source. Agents are compiled output. Sauron verifies the build. This separation means skills evolve independently of agents, and agents can be recompiled from updated skills at any time.
 
----
+**2. If it can't be done, make it work.**
 
-## Customization First
+When no specialist exists for a task, oh-my-customcode does not fail. It creates one.
 
-This is what oh-my-customcode is all about. **Making your coding workflow yours.**
+```
+User: "Review this Terraform module"
+  → Routing: no terraform expert found
+  → mgr-creator discovers: infra-aws-expert skills + docker-best-practices guide
+  → Creates: infra-terraform-expert.md
+  → Executes the review immediately
+  → Agent persists for future use
+```
 
-### Just Describe What You Need
+This is not a fallback. It is the design. The system treats missing expertise as a build problem — find the right skills, compile a new agent, execute.
 
-No manual file editing. Describe what you want in natural language, and routing skills plus manager agents delegate to the right sub-agent:
+---
 
-```
-"Create a migration review expert agent"
-"Add a SQL optimization skill"
-"Make code reviews stricter"
-"Set up a deploy review pipeline"
-```
+## How It Works
+
+### Orchestration
 
-**How it works:**
+The main conversation acts as a singleton orchestrator (R010). It never writes files directly. Every action is delegated through routing skills to specialized agents.
 
 ```
 User (natural language)
-  → secretary-routing (routing skill)
-    → mgr-creator:sonnet       — scaffolds agent, registers, verifies
-    → mgr-updater:sonnet       — syncs documentation
-    → mgr-supplier:haiku       — checks dependencies
+  → Routing skill (intent detection, confidence scoring)
+    → Specialized agent (isolated execution)
+      → Result returned to orchestrator
+        → Response to user
 ```
 
-The routing chain analyzes your request, maps it to the appropriate skill and manager agent, and the selected sub-agent handles execution automatically.
+Four routing skills cover the full domain:
 
-### Sub-Agent Model
+| Routing Skill | Routes To |
+|--------------|-----------|
+| secretary-routing | Manager agents (mgr-*), system agents (sys-*) |
+| dev-lead-routing | Language, backend, frontend, tooling, DB, infra, arch agents |
+| de-lead-routing | Data engineering agents (de-*) |
+| qa-lead-routing | QA team (qa-planner, qa-writer, qa-engineer) |
 
-Each sub-agent runs on an optimized model for its task type:
+### Model Selection
 
-| Model | Usage | Examples |
-|-------|-------|---------|
-| `opus` | Complex reasoning, architecture | Code review, design analysis |
-| `sonnet` | General tasks (default) | Agent creation, code generation |
-| `haiku` | Fast, simple operations | File search, validation |
+Each agent runs on the model optimized for its task:
 
-Claude Code selects the appropriate model and parallelizes independent tasks (up to 4 concurrent sub-agents):
+| Model | When | Examples |
+|-------|------|---------|
+| `opus` | Complex reasoning, architecture | Design review, research synthesis |
+| `sonnet` | Implementation, general tasks | Code generation, agent creation |
+| `haiku` | Fast validation, search | File search, count verification |
+
+The reasoning-sandwich pattern formalizes this: opus for pre-analysis, sonnet for implementation, haiku for post-verification.
+
+### Parallel Execution
+
+Independent tasks run in parallel (R009). Up to 4 concurrent agents per message:
 
 ```
-secretary-routing (routing skill)
-  ├── mgr-creator:sonnet       — agent scaffolding
-  └── mgr-supplier:haiku       — dependency check
-
-dev-lead-routing (routing skill)
-  ├── lang-golang-expert:sonnet — Go implementation
-  ├── lang-python-expert:sonnet — Python implementation
-  └── qa-engineer:sonnet        — test generation
+Agent(lang-golang-expert):sonnet  ┐
+Agent(lang-python-expert):sonnet  ├─ All spawned in one message
+Agent(qa-engineer):sonnet         │
+Agent(arch-documenter):haiku      ┘
 ```
 
-### Slash Commands
+---
 
-All commands are invoked inside the Claude Code conversation.
+### Agents (44)
 
-#### Analysis & Research
+| Category | Count | Agents |
+|----------|-------|--------|
+| Languages | 6 | lang-golang, lang-python, lang-rust, lang-kotlin, lang-typescript, lang-java21 |
+| Backend | 6 | be-fastapi, be-springboot, be-go-backend, be-express, be-nestjs, be-django |
+| Frontend | 4 | fe-vercel, fe-vuejs, fe-svelte, fe-flutter |
+| Data Engineering | 6 | de-airflow, de-dbt, de-spark, de-kafka, de-snowflake, de-pipeline |
+| Database | 3 | db-supabase, db-postgres, db-redis |
+| Tooling | 3 | tool-npm, tool-optimizer, tool-bun |
+| Architecture | 2 | arch-documenter, arch-speckit |
+| Infrastructure | 2 | infra-docker, infra-aws |
+| QA | 3 | qa-planner, qa-writer, qa-engineer |
+| Security | 1 | sec-codeql |
+| Managers | 6 | mgr-creator, mgr-updater, mgr-supplier, mgr-gitnerd, mgr-sauron, mgr-claude-code-bible |
+| System | 2 | sys-memory-keeper, sys-naggy |
+
+Each agent declares its tools, model, memory scope, and limitations in YAML frontmatter. Tool budgets are enforced per agent type for accuracy.
 
-| Command | Description |
-|---------|-------------|
-| `/omcustom:analysis` | Analyze project and auto-configure agents, skills, rules |
-| `/research` | 10-team parallel deep analysis with cross-verification |
+---
 
-#### Development
+### Skills (74)
 
-| Command | Description |
-|---------|-------------|
-| `/dev-review` | Code review against best practices |
-| `/dev-refactor` | Code refactoring for better structure |
+| Category | Count | Includes |
+|----------|-------|----------|
+| Best Practices | 22 | Go, Python, TypeScript, Kotlin, Rust, React, FastAPI, Spring Boot, Django, Flutter, Docker, AWS, Postgres, Redis, Kafka, dbt, Spark, Snowflake, Airflow, and more |
+| Routing | 4 | secretary, dev-lead, de-lead, qa-lead |
+| Workflow | 12 | structured-dev-cycle, deep-plan, research, evaluator-optimizer, dag-orchestration, worker-reviewer-pipeline, reasoning-sandwich, and more |
+| Development | 7 | dev-review, dev-refactor, analysis, create-agent, intent-detection, web-design-guidelines, omcustom-takeover |
+| Operations | 9 | update-docs, audit-agents, sauron-watch, monitoring-setup, fix-refs, release-notes, and more |
+| Memory | 3 | memory-save, memory-recall, memory-management |
+| Package | 3 | npm-publish, npm-version, npm-audit |
+| Optimization | 3 | optimize-analyze, optimize-bundle, optimize-report |
+| Security | 2 | cve-triage, jinja2-prompts |
+| Other | 8 | codex-exec, vercel-deploy, skills-sh-search, result-aggregation, writing-clearly-and-concisely, and more |
 
-#### Agent Management
+Skills use a 3-tier scope system: `core` (universal), `harness` (agent/skill maintenance), `package` (project-specific).
 
-| Command | Description |
-|---------|-------------|
-| `/omcustom:create-agent` | Create new agent |
-| `/omcustom:update-docs` | Sync project structure and documentation |
-| `/omcustom:update-external` | Update agents from external sources |
-| `/omcustom:audit-agents` | Audit agent dependencies |
-| `/omcustom:fix-refs` | Fix broken references |
+---
 
-#### Memory
+## Commands
 
-| Command | Description |
-|---------|-------------|
-| `/memory-save` | Save session context to claude-mem |
-| `/memory-recall` | Search and recall memories |
+All commands are invoked inside the Claude Code conversation.
 
-#### DevOps & Package Management
+### Development
 
-| Command | Description |
+| Command | What it does |
 |---------|-------------|
-| `/omcustom:npm-publish` | Publish package to npm registry |
-| `/omcustom:npm-version` | Semantic version management |
-| `/omcustom:npm-audit` | Dependency security audit |
+| `/dev-review` | Code review against best practices |
+| `/dev-refactor` | Refactor for structure and patterns |
+| `/structured-dev-cycle` | 6-stage development: plan → verify → implement → verify → compound → done |
+| `/deep-plan` | Research-validated planning |
+| `/research` | 10-team parallel analysis with cross-verification |
 
-#### Optimization
+### Agent Management
 
-| Command | Description |
+| Command | What it does |
 |---------|-------------|
-| `/optimize-analyze` | Bundle and performance analysis |
-| `/optimize-bundle` | Bundle size optimization |
-| `/optimize-report` | Generate optimization report |
+| `/omcustom:analysis` | Analyze project, auto-configure agents and skills |
+| `/omcustom:create-agent` | Create a new agent |
+| `/omcustom:takeover` | Extract canonical spec from existing agent or skill |
+| `/omcustom:audit-agents` | Audit agent dependencies |
+| `/omcustom:update-docs` | Sync project structure and documentation |
+| `/omcustom:sauron-watch` | Full structural verification (5+3 rounds) |
 
-#### Verification & System
+### Package & Release
 
-| Command | Description |
+| Command | What it does |
 |---------|-------------|
-| `/omcustom:sauron-watch` | Full R017 sync verification |
-| `/omcustom:monitoring-setup` | OTel console monitoring enable/disable |
-| `/codex-exec` | Execute Codex CLI prompt |
-| `/deep-plan` | Research-validated planning (research → plan → verify) |
-| `/structured-dev-cycle` | 6-phase structured development cycle |
-| `/omcustom:lists` | Show all available commands |
-| `/omcustom:status` | System status and health checks |
-| `/omcustom:help` | Help information |
-
----
-
-## What's Included
+| `/omcustom:npm-publish` | Publish to npm |
+| `/omcustom:npm-version` | Semantic versioning |
+| `/omcustom:npm-audit` | Dependency security audit |
+| `/omcustom:release-notes` | Generate release notes from git history |
 
-### Agents (44)
+### Memory & System
 
-| Category | Count | Agents |
-|----------|-------|--------|
-| **Managers** | 6 | mgr-creator, mgr-updater, mgr-supplier, mgr-gitnerd, mgr-sauron, mgr-claude-code-bible |
-| **System** | 2 | sys-memory-keeper, sys-naggy |
-| **Languages** | 6 | lang-golang-expert, lang-python-expert, lang-rust-expert, lang-kotlin-expert, lang-typescript-expert, lang-java21-expert |
-| **Frontend** | 4 | fe-vercel-agent, fe-vuejs-agent, fe-svelte-agent, fe-flutter-agent |
-| **Backend** | 6 | be-fastapi-expert, be-springboot-expert, be-go-backend-expert, be-express-expert, be-nestjs-expert, be-django-expert |
-| **Tooling** | 3 | tool-npm-expert, tool-optimizer, tool-bun-expert |
-| **Data Engineering** | 6 | de-airflow-expert, de-dbt-expert, de-spark-expert, de-kafka-expert, de-snowflake-expert, de-pipeline-expert |
-| **Database** | 3 | db-supabase-expert, db-postgres-expert, db-redis-expert |
-| **Architecture** | 2 | arch-documenter, arch-speckit-agent |
-| **Infrastructure** | 2 | infra-docker-expert, infra-aws-expert |
-| **QA** | 3 | qa-planner, qa-writer, qa-engineer |
-| **Security** | 1 | sec-codeql-expert |
-| **Total** | **44** | |
-
-### Skills (71)
-
-| Category | Count | Skills |
-|----------|-------|--------|
-| **Routing** | 4 | secretary-routing, dev-lead-routing, de-lead-routing, qa-lead-routing |
-| **Best Practices** | 21 | go-best-practices, python-best-practices, typescript-best-practices, kotlin-best-practices, rust-best-practices, react-best-practices, fastapi-best-practices, springboot-best-practices, go-backend-best-practices, django-best-practices, docker-best-practices, aws-best-practices, postgres-best-practices, supabase-postgres-best-practices, redis-best-practices, airflow-best-practices, dbt-best-practices, kafka-best-practices, snowflake-best-practices, flutter-best-practices, java21-best-practices |
-| **Development** | 6 | dev-review, dev-refactor, create-agent, intent-detection, web-design-guidelines, analysis |
-| **Data Engineering** | 2 | spark-best-practices, pipeline-architecture-patterns |
-| **Optimization** | 3 | optimize-analyze, optimize-bundle, optimize-report |
-| **Memory** | 3 | memory-save, memory-recall, memory-management |
-| **Package Management** | 3 | npm-publish, npm-version, npm-audit |
-| **Operations** | 7 | update-docs, update-external, audit-agents, fix-refs, sauron-watch, monitoring-setup, claude-code-bible |
-| **Utilities** | 5 | lists, help, status, result-aggregation, writing-clearly-and-concisely |
-| **Quality & Workflow** | 11 | multi-model-verification, structured-dev-cycle, model-escalation, stuck-recovery, dag-orchestration, task-decomposition, worker-reviewer-pipeline, pr-auto-improve, pipeline-guards, deep-plan, evaluator-optimizer |
-| **Security** | 2 | cve-triage, jinja2-prompts |
-| **Research** | 1 | research |
-| **Deploy** | 2 | vercel-deploy, codex-exec |
-| **External** | 1 | skills-sh-search |
-
-Skills use a 3-tier scope system (`core`, `harness`, `package`) to control deployment behavior during `omcustom init`. Core and harness skills are installed by default; package-scoped skills (e.g., npm-publish) are excluded.
-
-### Guides (25)
+| Command | What it does |
+|---------|-------------|
+| `/memory-save` | Save session context |
+| `/memory-recall` | Search and recall memories |
+| `/omcustom:monitoring-setup` | OTel monitoring toggle |
+| `/omcustom:lists` | Show all commands |
+| `/omcustom:status` | System health check |
 
-Comprehensive reference documentation covering:
-- Agent creation and management
-- Skill development
-- Pipeline workflows
-- Sub-agent orchestration
-- Best practices and patterns
-- Data engineering workflows
-- Database optimization
+---
 
 ### Rules (19)
 
 | Priority | Count | Purpose |
 |----------|-------|---------|
-| **MUST** | 12 | Safety, permissions, agent design (enforced) |
-| **SHOULD** | 6 | Interactions, error handling (recommended) |
-| **MAY** | 1 | Optimization guidelines (optional) |
+| **MUST** | 13 | Safety, permissions, agent design, identification, orchestration, verification, completion |
+| **SHOULD** | 6 | Interaction, error handling, memory, HUD, ecomode, ontology routing |
+| **MAY** | 1 | Optimization |
 
-### Hooks (1)
+Key rules: R010 (orchestrator never writes files), R009 (parallel execution mandatory), R017 (sauron verification before push), R020 (completion verification before declaring done).
 
-Event-driven automation for agent lifecycle events (PreToolUse, PostToolUse, etc.).
+---
 
-### Contexts (4)
+### Guides (25)
 
-Shared context files for cross-agent knowledge and mode configurations.
+Reference documentation covering best practices, architecture decisions, and integration patterns. Located in `guides/` at project root, covering topics from agent design to CI/CD to observability.
 
-### Packages
+---
 
-#### [ontology-rag](packages/ontology-rag/)
+## Safety
 
-Ontology+RAG context engine for intelligent agent context loading.
+oh-my-customcode includes three security hooks that run on every tool call:
 
-| Feature | Description |
-|---------|-------------|
-| **Ontology Loading** | Parse YAML ontologies (agents, skills, rules) |
-| **Graph Traversal** | Navigate dependency graphs with BFS and PageRank |
-| **Semantic Routing** | LLM-based agent selection with keyword fallback |
-| **Hybrid Search** | 4-signal ranking (keyword, graph, community, importance) |
-| **Token Budget** | Adaptive budget management — reduces token usage by 75-95% |
-| **MCP Server** | Direct integration with Claude Code via MCP protocol |
+| Hook | Trigger | Action |
+|------|---------|--------|
+| secret-filter | Bash, Read output | Detects AWS keys, API tokens, private keys, bearer tokens |
+| audit-log | Edit, Write, Bash, Agent | Append-only JSONL at `~/.claude/audit.jsonl` |
+| schema-validator | Write, Edit, Bash input | Validates tool inputs, flags dangerous patterns |
 
-Automatically configured during `omcustom init` when [uv](https://docs.astral.sh/uv/) is available.
+All security hooks are advisory (exit 0). They warn but never block.
 
 ---
 
-## CLI Commands
+## CLI
 
-| Command | Description |
-|---------|-------------|
-| `omcustom init` | Initialize in current project |
-| `omcustom init --lang ko` | Initialize with Korean language |
-| `omcustom update` | Update to latest version |
-| `omcustom list` | List all installed components |
-| `omcustom list agents` | List agents only |
-| `omcustom doctor` | Verify installation health |
-| `omcustom doctor --fix` | Auto-fix common issues |
-| `omcustom security` | Scan for security issues in hooks and configs |
-
-**Global Options:**
-| Option | Description |
-|--------|-------------|
-| `--skip-version-check` | Skip CLI tool version pre-flight check |
-| `-v, --version` | Show version number |
-| `-h, --help` | Show help |
+```bash
+omcustom init                  # Initialize in project
+omcustom init --lang ko        # Initialize with Korean
+omcustom update                # Update to latest
+omcustom list                  # List components
+omcustom doctor                # Verify installation
+omcustom doctor --fix          # Auto-fix issues
+omcustom security              # Scan for security issues
+```
 
 ---
 
 ## Project Structure
 
-After `omcustom init`:
-
 ```
 your-project/
-├── CLAUDE.md              # Entry point for Claude
+├── CLAUDE.md                   # Entry point
 ├── .claude/
-│   ├── agents/            # Agent definitions (44 flat .md files)
-│   │   ├── lang-golang-expert.md
-│   │   ├── be-fastapi-expert.md
-│   │   ├── mgr-creator.md
-│   │   └── ...
-│   ├── skills/            # Skill modules (71 directories, each with SKILL.md)
-│   │   ├── go-best-practices/
-│   │   ├── react-best-practices/
-│   │   ├── secretary-routing/
-│   │   └── ...
-│   ├── ontology/          # Ontology knowledge graph for RAG context
-│   │   ├── schema.yaml
-│   │   ├── agents.yaml
-│   │   ├── skills.yaml
-│   │   ├── rules.yaml
-│   │   └── graphs/
-│   ├── rules/             # Behavior rules (19 total)
-│   ├── hooks/             # Event hooks (1 total)
-│   └── contexts/          # Context files (4 total)
-└── templates/
-    └── guides/            # Reference docs (25 total)
+│   ├── agents/                 # 44 agent definitions
+│   ├── skills/                 # 74 skill modules
+│   ├── rules/                  # 20 governance rules (R000-R020)
+│   ├── hooks/                  # 15 lifecycle hook scripts
+│   ├── schemas/                # Tool input validation schemas
+│   ├── specs/                  # Extracted canonical specs
+│   ├── contexts/               # 4 shared context files
+│   └── ontology/               # Knowledge graph for RAG
+└── guides/                     # 25 reference documents
 ```
 
-**Note**: In the official Claude Code format, there is no command registry — slash commands and natural language agent references are used.
-
 ---
 
 ## Development
@@ -309,30 +260,10 @@ your-project/
 bun install          # Install dependencies
 bun run dev          # Development mode
 bun test             # Run tests
-bun run build        # Build for production
+bun run build        # Production build
 ```
 
-### Quality Gates
-
-| Gate | Tool | Threshold |
-|------|------|-----------|
-| Lint | Biome | Zero errors (complexity enforced) |
-| Test Coverage | Bun test | 95% (pre-commit), 97% (CI) |
-| Security Audit | bun pm audit | No high/critical vulnerabilities |
-| Dependabot | GitHub | Weekly scans, auto-PR for updates |
-
-Pre-commit hooks automatically enforce lint, test, and coverage gates before each commit.
-
-### Requirements
-
-- Node.js >= 18.0.0
-- Claude Code CLI
-
----
-
-## Contributing
-
-Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md).
+Requirements: Node.js >= 18.0.0, Claude Code CLI.
 
 ---
 
@@ -343,7 +274,7 @@ Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md).
 ---
 
 <p align="center">
-  <strong>Your coding workflow. Your rules. Your way.</strong>
+  <strong>No expert? Create one. Connect knowledge. Execute.</strong>
 </p>
 
 <p align="center">

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-customcode",
-  "version": "0.35.3",
+  "version": "0.36.1",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/hooks/hooks.json

@@ -62,6 +62,16 @@
         ],
         "description": "Suggest manual compaction at logical intervals"
       },
+      {
+        "matcher": "tool == \"Edit\"",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/scripts/content-hash-validator.sh"
+          }
+        ],
+        "description": "Validate file content hash before Edit — advisory staleness warning"
+      },
       {
         "matcher": "tool == \"Task\" || tool == \"Agent\"",
         "hooks": [
@@ -212,6 +222,16 @@
         ],
         "description": "Context budget advisor — track tool usage patterns and advise ecomode activation"
       },
+      {
+        "matcher": "tool == \"Read\"",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/scripts/content-hash-validator.sh"
+          }
+        ],
+        "description": "Store content hashes for Read operations — enables Edit staleness detection"
+      },
       {
         "matcher": "tool == \"Edit\" || tool == \"Write\" || tool == \"Bash\" || tool == \"Task\" || tool == \"Agent\"",
         "hooks": [

package/templates/.claude/hooks/scripts/content-hash-validator.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+# Content-Hash Validator — Detect stale file state for Edit operations
+# Trigger: PostToolUse on Read (stores hashes), PreToolUse on Edit (validates)
+# Purpose: Advisory warning when file content changed between Read and Edit
+# Protocol: stdin JSON -> validate -> stdout pass-through
+# Always exits 0 (advisory only, never blocks)
+
+set -euo pipefail
+
+input=$(cat)
+
+# Hash store (PPID-scoped, session-only)
+HASH_STORE="/tmp/.claude-content-hashes-${PPID}"
+
+tool_name=$(echo "$input" | jq -r '.tool_name // "unknown"')
+
+case "$tool_name" in
+  "Read")
+    # Store content hash for the file that was just read
+    file_path=$(echo "$input" | jq -r '.tool_input.file_path // ""')
+    output=$(echo "$input" | jq -r '.tool_output.output // ""')
+
+    if [ -n "$file_path" ] && [ -n "$output" ] && [ "$output" != "null" ]; then
+      content_hash=$(echo "$output" | md5 2>/dev/null || echo "$output" | md5sum 2>/dev/null | cut -d' ' -f1 || echo "unknown")
+      timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+
+      # Store hash entry (overwrite previous for same file)
+      if [ -f "$HASH_STORE" ]; then
+        # Remove old entry for this file
+        grep -v "\"path\":\"${file_path}\"" "$HASH_STORE" > "${HASH_STORE}.tmp" 2>/dev/null || true
+        mv "${HASH_STORE}.tmp" "$HASH_STORE" 2>/dev/null || true
+      fi
+
+      jq -cn \
+        --arg path "$file_path" \
+        --arg hash "$content_hash" \
+        --arg ts "$timestamp" \
+        '{path: $path, hash: $hash, stored_at: $ts}' >> "$HASH_STORE" 2>/dev/null || true
+    fi
+    ;;
+
+  "Edit")
+    # Validate that file hasn't changed since last Read
+    file_path=$(echo "$input" | jq -r '.tool_input.file_path // ""')
+
+    if [ -n "$file_path" ] && [ -f "$HASH_STORE" ] && [ -f "$file_path" ]; then
+      stored_hash=$(grep "\"path\":\"${file_path}\"" "$HASH_STORE" 2>/dev/null | tail -1 | jq -r '.hash // ""' 2>/dev/null || echo "")
+
+      if [ -n "$stored_hash" ] && [ "$stored_hash" != "unknown" ]; then
+        current_hash=$(md5 -q "$file_path" 2>/dev/null || md5sum "$file_path" 2>/dev/null | cut -d' ' -f1 || echo "unknown")
+
+        if [ "$current_hash" != "unknown" ] && [ "$stored_hash" != "$current_hash" ]; then
+          echo "[Content-Hash] WARNING: $(basename "$file_path") may have changed since last Read" >&2
+          echo "[Content-Hash] Stored hash: ${stored_hash:0:8}... Current: ${current_hash:0:8}..." >&2
+          echo "[Content-Hash] Advisory: re-read the file before editing if unsure" >&2
+        fi
+      fi
+    fi
+    ;;
+esac
+
+# Ring buffer: keep last 200 entries
+if [ -f "$HASH_STORE" ]; then
+  line_count=$(wc -l < "$HASH_STORE" 2>/dev/null || echo "0")
+  if [ "$line_count" -gt 200 ]; then
+    tail -200 "$HASH_STORE" > "${HASH_STORE}.tmp"
+    mv "${HASH_STORE}.tmp" "$HASH_STORE"
+  fi
+fi
+
+# Always pass through
+echo "$input"
+exit 0

package/templates/.claude/schemas/tool-inputs.json

@@ -0,0 +1,62 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Tool input validation schemas for PreToolUse hook",
+  "definitions": {
+    "Write": {
+      "type": "object",
+      "required": ["file_path", "content"],
+      "properties": {
+        "file_path": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Absolute file path to write"
+        },
+        "content": {
+          "type": "string",
+          "description": "File content to write"
+        }
+      }
+    },
+    "Edit": {
+      "type": "object",
+      "required": ["file_path", "old_string", "new_string"],
+      "properties": {
+        "file_path": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Absolute file path to edit"
+        },
+        "old_string": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Text to find and replace"
+        },
+        "new_string": {
+          "type": "string",
+          "description": "Replacement text"
+        }
+      },
+      "additionalValidation": {
+        "rule": "old_string !== new_string",
+        "message": "old_string and new_string must be different"
+      }
+    },
+    "Bash": {
+      "type": "object",
+      "required": ["command"],
+      "properties": {
+        "command": {
+          "type": "string",
+          "minLength": 1,
+          "description": "Shell command to execute"
+        }
+      },
+      "dangerousPatterns": [
+        { "pattern": "rm\\s+-rf\\s+/", "message": "Dangerous recursive delete from root" },
+        { "pattern": "sudo\\s+", "message": "Elevated privilege command detected" },
+        { "pattern": "> /dev/sd", "message": "Direct disk write detected" },
+        { "pattern": "mkfs\\.", "message": "Filesystem format command detected" }
+      ]
+    }
+  }
+}

package/templates/.claude/skills/omcustom-release-notes/SKILL.md

@@ -0,0 +1,117 @@
+---
+name: omcustom-release-notes
+description: Generate structured release notes from git history and closed issues within Claude Code session
+scope: harness
+user-invocable: true
+argument-hint: "<version> [--previous-tag <tag>]"
+---
+
+# Release Notes Generator
+
+Generate structured release notes directly within the Claude Code session, using git history and GitHub issues. No external API calls needed — Claude Code itself analyzes and generates the notes.
+
+## Purpose
+
+Replaces the CI-based `release-notes.yml` workflow that previously used Claude API (`ANTHROPIC_API_KEY`). The release notes are now generated in-session and passed directly to `gh release create --notes`.
+
+## Usage
+
+```
+/omcustom:release-notes 0.36.0
+/omcustom:release-notes 0.36.0 --previous-tag v0.35.3
+```
+
+## Workflow
+
+### Phase 1: Gather Context
+
+```bash
+# 1. Determine previous tag
+PREV_TAG=$(git tag --sort=-version:refname | grep -v "^v${VERSION}$" | head -1)
+
+# 2. Get commit history
+git log ${PREV_TAG}..HEAD --pretty=format:"%h %s"
+
+# 3. Get changed files
+git diff --name-status ${PREV_TAG}..HEAD
+
+# 4. Get closed issues since previous tag
+gh issue list --state closed --search "closed:>$(git log -1 --format=%ci ${PREV_TAG} | cut -d' ' -f1)" --json number,title,labels
+```
+
+### Phase 2: Classify Changes
+
+Categorize commits using Conventional Commits:
+
+| Prefix | Category | Emoji |
+|--------|----------|-------|
+| feat: | Features | :rocket: |
+| fix: | Bug Fixes | :bug: |
+| docs: | Documentation | :books: |
+| refactor: | Refactoring | :recycle: |
+| test: | Tests | :test_tube: |
+| chore: | Chores | :wrench: |
+| security | Security | :lock: |
+
+### Phase 3: Generate Notes
+
+Output format:
+
+```markdown
+# Release v{VERSION}
+
+## Highlights
+(1-3 key features/changes)
+
+## :rocket: Features
+- **{title}** (#{issue}): {description}
+
+## :bug: Bug Fixes
+- **{title}** (#{issue}): {description}
+
+## :lock: Security
+- {security changes}
+
+## :books: Documentation
+- {doc changes}
+
+## :recycle: Other Changes
+- {other changes}
+
+## Resource Changes
+| Resource | Before | After | Delta |
+|----------|--------|-------|-------|
+| Rules | {n} | {n} | {delta} |
+| Skills | {n} | {n} | {delta} |
+| Agents | {n} | {n} | {delta} |
+
+## Breaking Changes
+{if any, otherwise omit section}
+
+---
+_Release notes generated with Claude Code_
+```
+
+### Phase 4: Apply
+
+The generated notes can be:
+1. **Direct**: Passed to `gh release create --notes "{notes}"`
+2. **File**: Written to `release_notes.md` for review before use
+3. **Update**: Used with `gh release edit v{VERSION} --notes "{notes}"`
+
+## Integration
+
+This skill is designed to be used during the release process:
+
+```
+/omcustom:npm-version patch|minor|major  ->  version bump
+/omcustom:release-notes {version}         ->  generate notes
+mgr-gitnerd: gh release create           ->  create release with notes
+```
+
+## Notes
+
+- No external API keys required
+- Uses git history and gh CLI for data gathering
+- Claude Code analyzes and generates notes in-context
+- Resource count changes auto-detected from CLAUDE.md history

package/templates/.claude/skills/omcustom-takeover/SKILL.md

@@ -0,0 +1,115 @@
+---
+name: omcustom-takeover
+description: Extract canonical spec from existing agent or skill files
+scope: harness
+user-invocable: true
+argument-hint: "<agent-name>"
+---
+
+# Takeover Skill
+
+Extract a canonical specification from an existing agent or skill file. Inspired by codespeak.dev's reverse compilation concept — deriving specs from existing implementations.
+
+## Purpose
+
+When an agent or skill has evolved organically without a formal spec, `takeover` reverse-engineers a structured specification that captures its intent, invariants, workflow contract, and I/O contract.
+
+## Usage
+
+```
+/omcustom:takeover <agent-name>
+/omcustom:takeover <skill-name>
+```
+
+## Workflow
+
+### Phase 1: Read Target
+
+```
+1. Determine target type:
+   - Agent: read .claude/agents/<name>.md
+   - Skill: read .claude/skills/<name>/SKILL.md
+2. Parse frontmatter (YAML metadata)
+3. Parse body (markdown content)
+```
+
+### Phase 2: Extract Spec Components
+
+Extract these components from the target:
+
+| Component | Source | Description |
+|-----------|--------|-------------|
+| `intent` | Description field + first paragraph | One-line purpose statement |
+| `invariants` | Rules referenced, constraints mentioned | Things that must always be true |
+| `workflow_contract` | Workflow/stages sections | Input → processing → output steps |
+| `io_contract` | Tools field, input/output patterns | What the agent consumes and produces |
+| `dependencies` | Skills field, guide references | External knowledge required |
+| `boundaries` | Limitations field, disallowedTools | What the agent explicitly cannot do |
+
+### Phase 3: Generate Spec
+
+Output structured spec to `.claude/specs/<name>.spec.md`:
+
+```markdown
+---
+name: <name>
+type: agent | skill
+source: .claude/agents/<name>.md | .claude/skills/<name>/SKILL.md
+generated: <ISO-8601 timestamp>
+---
+
+# Spec: <name>
+
+## Intent
+<one-line purpose>
+
+## Invariants
+- <rule or constraint that must always hold>
+- ...
+
+## Workflow Contract
+### Input
+<what the agent/skill receives>
+
+### Processing
+1. <step>
+2. <step>
+
+### Output
+<what the agent/skill produces>
+
+## I/O Contract
+### Consumes
+- Tools: [<tools used>]
+- Files: [<files read>]
+- MCP: [<MCP tools if any>]
+
+### Produces
+- Files: [<files created/modified>]
+- Output: [<what is returned>]
+
+## Dependencies
+- Skills: [<referenced skills>]
+- Guides: [<referenced guides>]
+- Rules: [<rules enforced>]
+
+## Boundaries
+- <what the agent explicitly cannot do>
+```
+
+### Phase 4: Report
+
+```
+[Done] Spec extracted: .claude/specs/<name>.spec.md
+├── Intent: <summary>
+├── Invariants: <count> rules
+├── Workflow: <step count> steps
+└── Dependencies: <count> refs
+```
+
+## Notes
+
+- Specs are git-untracked (under `.claude/`)
+- Regenerate anytime with `/omcustom:takeover <name>`
+- Used by `/dev-refactor --spec` for invariant-preserving refactoring
+- Advisory output — human review recommended before using as contract

package/templates/.claude/skills/reasoning-sandwich/SKILL.md

@@ -0,0 +1,64 @@
+---
+name: reasoning-sandwich
+description: Template for pre-reasoning → action → post-verification model allocation
+scope: core
+user-invocable: false
+---
+
+# Reasoning Sandwich Pattern
+
+## Purpose
+
+A model allocation pattern that wraps implementation actions with stronger-model reasoning phases. The "sandwich" structure ensures complex tasks get proper analysis before and verification after the core action.
+
+## Pattern
+
+```
+[Pre-reasoning] → stronger model (opus)
+  ├── Analyze requirements
+  ├── Identify edge cases
+  └── Define success criteria
+
+[Action] → balanced model (sonnet)
+  ├── Implement solution
+  ├── Generate code/content
+  └── Execute plan
+
+[Post-verification] → balanced or lighter model (sonnet/haiku)
+  ├── Verify against criteria
+  ├── Check for regressions
+  └── Validate completeness
+```
+
+## Model Allocation Table
+
+| Phase | Recommended Model | Rationale |
+|-------|------------------|-----------|
+| Pre-reasoning (analyze/plan) | opus | Complex architectural reasoning, edge case detection |
+| Action (implement/generate) | sonnet | Optimized for code generation, balanced cost |
+| Post-verification (review/test) | sonnet or haiku | Structural verification, checklist validation |
+
+## When to Apply
+
+| Scenario | Apply Sandwich? | Reason |
+|----------|----------------|--------|
+| New feature implementation | Yes | Needs analysis → code → verification |
+| Bug fix with clear root cause | No | Direct action sufficient |
+| Architecture decision | Yes | Heavy pre-reasoning, lighter action |
+| Batch file edits | No | Mechanical action, no reasoning needed |
+| Security-sensitive changes | Yes | Extra verification phase critical |
+
+## Integration
+
+This pattern is used by:
+- `structured-dev-cycle` — stages map to sandwich phases
+- `evaluator-optimizer` — generator/evaluator model selection guidance
+- `deep-plan` — research (pre) → plan (action) → verify (post)
+
+## Anti-patterns
+
+| Anti-pattern | Problem | Fix |
+|-------------|---------|-----|
+| Opus for everything | Wasteful, slow | Reserve opus for reasoning-heavy phases |
+| Haiku for planning | Insufficient depth | Use opus for complex analysis |
+| Skipping verification | False completion risk | Always include post-verification phase |

package/templates/CLAUDE.md.en

@@ -129,6 +129,7 @@ Violation = immediate correction. No exception for "small changes".
 | R016 | Continuous Improvement | **ENFORCED** - Update rules when violations occur |
 | R017 | Sync Verification | **ENFORCED** - Verify sync before structural changes |
 | R018 | Agent Teams | **ENFORCED (Conditional)** - Mandatory for qualifying tasks when Agent Teams enabled |
+| R020 | Completion Verification | **ENFORCED** - Verification required before declaring task complete |
 
 ### SHOULD (Strongly recommended)
 | ID | Rule | Description |
@@ -157,6 +158,7 @@ Violation = immediate correction. No exception for "small changes".
 | `/omcustom:update-external` | Update agents from external sources |
 | `/omcustom:audit-agents` | Audit agent dependencies |
 | `/omcustom:fix-refs` | Fix broken references |
+| `/omcustom:takeover` | Extract canonical spec from existing agent/skill |
 | `/dev-review` | Review code for best practices |
 | `/dev-refactor` | Refactor code |
 | `/memory-save` | Save session context to claude-mem |
@@ -165,6 +167,7 @@ Violation = immediate correction. No exception for "small changes".
 | `/omcustom:npm-publish` | Publish package to npm registry |
 | `/omcustom:npm-version` | Manage semantic versions |
 | `/omcustom:npm-audit` | Audit dependencies |
+| `/omcustom:release-notes` | Generate release notes from git history |
 | `/codex-exec` | Execute Codex CLI prompts |
 | `/optimize-analyze` | Analyze bundle and performance |
 | `/optimize-bundle` | Optimize bundle size |
@@ -184,9 +187,9 @@ project/
 +-- CLAUDE.md                    # Entry point
 +-- .claude/
 |   +-- agents/                  # Subagent definitions (44 files)
-|   +-- skills/                  # Skills (71 directories)
-|   +-- rules/                   # Global rules (R000-R019)
-|   +-- hooks/                   # Hook scripts (memory, HUD)
+|   +-- skills/                  # Skills (74 directories)
+|   +-- rules/                   # Global rules (R000-R020)
+|   +-- hooks/                   # Hook scripts (security, validation, HUD)
 |   +-- contexts/                # Context files (ecomode)
 +-- guides/                      # Reference docs (25 topics)
 ```

package/templates/CLAUDE.md.ko

@@ -129,6 +129,7 @@ oh-my-customcode로 구동됩니다.
 | R016 | 지속적 개선 | **강제** - 위반 발생 시 규칙 업데이트 |
 | R017 | 동기화 검증 | **강제** - 구조 변경 전 검증 |
 | R018 | Agent Teams | **강제(조건부)** - Agent Teams 활성화 시 적합한 작업에 필수 사용 |
+| R020 | 완료 검증 | **강제** - 작업 완료 선언 전 검증 필수 |
 
 ### SHOULD (강력 권장)
 | ID | 규칙 | 설명 |
@@ -157,6 +158,7 @@ oh-my-customcode로 구동됩니다.
 | `/omcustom:update-external` | 외부 소스에서 에이전트 업데이트 |
 | `/omcustom:audit-agents` | 에이전트 의존성 감사 |
 | `/omcustom:fix-refs` | 깨진 참조 수정 |
+| `/omcustom:takeover` | 기존 에이전트/스킬에서 canonical spec 추출 |
 | `/dev-review` | 코드 베스트 프랙티스 리뷰 |
 | `/dev-refactor` | 코드 리팩토링 |
 | `/memory-save` | 세션 컨텍스트를 claude-mem에 저장 |
@@ -165,6 +167,7 @@ oh-my-customcode로 구동됩니다.
 | `/omcustom:npm-publish` | npm 레지스트리에 패키지 배포 |
 | `/omcustom:npm-version` | 시맨틱 버전 관리 |
 | `/omcustom:npm-audit` | 의존성 감사 |
+| `/omcustom:release-notes` | 릴리즈 노트 생성 (git 히스토리 기반) |
 | `/codex-exec` | Codex CLI 프롬프트 실행 |
 | `/optimize-analyze` | 번들 및 성능 분석 |
 | `/optimize-bundle` | 번들 크기 최적화 |
@@ -184,9 +187,9 @@ project/
 +-- CLAUDE.md                    # 진입점
 +-- .claude/
 |   +-- agents/                  # 서브에이전트 정의 (44 파일)
-|   +-- skills/                  # 스킬 (71 디렉토리)
-|   +-- rules/                   # 전역 규칙 (R000-R019)
-|   +-- hooks/                   # 훅 스크립트 (메모리, HUD)
+|   +-- skills/                  # 스킬 (74 디렉토리)
+|   +-- rules/                   # 전역 규칙 (R000-R020)
+|   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
 |   +-- contexts/                # 컨텍스트 파일 (ecomode)
 +-- guides/                      # 레퍼런스 문서 (25 토픽)
 ```

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.35.3",
+  "version": "0.36.1",
   "lastUpdated": "2026-03-14T00:00:00.000Z",
   "components": [
     {
@@ -18,7 +18,7 @@
       "name": "skills",
       "path": ".claude/skills",
       "description": "Reusable skill modules (includes slash commands)",
-      "files": 71
+      "files": 74
     },
     {
       "name": "guides",