oh-my-customcode 0.39.0 → 0.42.1

package/README.md

@@ -13,7 +13,7 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-44 agents. 74 skills. 20 rules. One command.
+44 agents. 75 skills. 21 rules. One command.
 
 ```bash
 npm install -g oh-my-customcode && cd your-project && omcustom init
@@ -138,7 +138,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 
 ---
 
-### Skills (74)
+### Skills (75)
 
 | Category | Count | Includes |
 |----------|-------|----------|
@@ -150,7 +150,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 | Memory | 3 | memory-save, memory-recall, memory-management |
 | Package | 3 | npm-publish, npm-version, npm-audit |
 | Optimization | 3 | optimize-analyze, optimize-bundle, optimize-report |
-| Security | 2 | cve-triage, jinja2-prompts |
+| Security | 3 | adversarial-review, cve-triage, jinja2-prompts |
 | Other | 8 | codex-exec, vercel-deploy, skills-sh-search, result-aggregation, writing-clearly-and-concisely, and more |
 
 Skills use a 3-tier scope system: `core` (universal), `harness` (agent/skill maintenance), `package` (project-specific).
@@ -203,15 +203,15 @@ All commands are invoked inside the Claude Code conversation.
 
 ---
 
-### Rules (20)
+### Rules (21)
 
 | Priority | Count | Purpose |
 |----------|-------|---------|
-| **MUST** | 13 | Safety, permissions, agent design, identification, orchestration, verification, completion |
+| **MUST** | 14 | Safety, permissions, agent design, identification, orchestration, verification, completion, enforcement |
 | **SHOULD** | 6 | Interaction, error handling, memory, HUD, ecomode, ontology routing |
 | **MAY** | 1 | Optimization |
 
-Key rules: R010 (orchestrator never writes files), R009 (parallel execution mandatory), R017 (sauron verification before push), R020 (completion verification before declaring done).
+Key rules: R010 (orchestrator never writes files), R009 (parallel execution mandatory), R017 (sauron verification before push), R020 (completion verification before declaring done), R021 (advisory-first enforcement model).
 
 ---
 
@@ -257,8 +257,8 @@ your-project/
 ├── CLAUDE.md                   # Entry point
 ├── .claude/
 │   ├── agents/                 # 44 agent definitions
-│   ├── skills/                 # 74 skill modules
-│   ├── rules/                  # 20 governance rules (R000-R020)
+│   ├── skills/                 # 75 skill modules
+│   ├── rules/                  # 21 governance rules (R000-R021)
 │   ├── hooks/                  # 15 lifecycle hook scripts
 │   ├── schemas/                # Tool input validation schemas
 │   ├── specs/                  # Extracted canonical specs

package/dist/cli/index.js

@@ -13443,6 +13443,158 @@ function getComponentPath(component) {
   return `.claude/${component}`;
 }
 
+// src/core/lockfile.ts
+init_fs();
+import { createHash } from "node:crypto";
+import { createReadStream } from "node:fs";
+import { readdir, stat } from "node:fs/promises";
+import { join as join5, relative as relative2 } from "node:path";
+var LOCKFILE_NAME = ".omcustom.lock.json";
+var LOCKFILE_VERSION = 1;
+var LOCKFILE_COMPONENTS = [
+  "rules",
+  "agents",
+  "skills",
+  "hooks",
+  "contexts",
+  "ontology",
+  "guides"
+];
+var COMPONENT_PATHS = LOCKFILE_COMPONENTS.map((component) => [getComponentPath(component), component]);
+function computeFileHash(filePath) {
+  return new Promise((resolve2, reject) => {
+    const hash = createHash("sha256");
+    const stream = createReadStream(filePath);
+    stream.on("error", (err) => {
+      reject(err);
+    });
+    stream.on("data", (chunk) => {
+      hash.update(chunk);
+    });
+    stream.on("end", () => {
+      resolve2(hash.digest("hex"));
+    });
+  });
+}
+async function readLockfile(targetDir) {
+  const lockfilePath = join5(targetDir, LOCKFILE_NAME);
+  const exists2 = await fileExists(lockfilePath);
+  if (!exists2) {
+    debug("lockfile.not_found", { path: lockfilePath });
+    return null;
+  }
+  try {
+    const data = await readJsonFile(lockfilePath);
+    if (typeof data !== "object" || data === null || data.lockfileVersion !== LOCKFILE_VERSION) {
+      warn("lockfile.invalid_version", { path: lockfilePath });
+      return null;
+    }
+    const record = data;
+    if (typeof record.files !== "object" || record.files === null) {
+      warn("lockfile.invalid_structure", { path: lockfilePath });
+      return null;
+    }
+    return data;
+  } catch (err) {
+    warn("lockfile.read_failed", { path: lockfilePath, error: String(err) });
+    return null;
+  }
+}
+async function writeLockfile(targetDir, lockfile) {
+  const lockfilePath = join5(targetDir, LOCKFILE_NAME);
+  await writeJsonFile(lockfilePath, lockfile);
+  debug("lockfile.written", { path: lockfilePath });
+}
+function resolveComponent(relativePath) {
+  const normalized = relativePath.replace(/\\/g, "/");
+  for (const [prefix, component] of COMPONENT_PATHS) {
+    if (normalized === prefix || normalized.startsWith(`${prefix}/`)) {
+      return component;
+    }
+  }
+  return "unknown";
+}
+async function collectFiles(dir2, projectRoot, isTopLevel) {
+  const results = [];
+  let entries;
+  try {
+    entries = await readdir(dir2);
+  } catch {
+    return results;
+  }
+  for (const entry of entries) {
+    if (isTopLevel && entry.startsWith(".") && entry !== ".claude") {
+      continue;
+    }
+    const fullPath = join5(dir2, entry);
+    let fileStat;
+    try {
+      fileStat = await stat(fullPath);
+    } catch {
+      continue;
+    }
+    if (fileStat.isDirectory()) {
+      const subFiles = await collectFiles(fullPath, projectRoot, false);
+      results.push(...subFiles);
+    } else if (fileStat.isFile()) {
+      results.push(fullPath);
+    }
+  }
+  return results;
+}
+async function generateLockfile(targetDir, generatorVersion, templateVersion) {
+  const files = {};
+  const componentRoots = COMPONENT_PATHS.map(([prefix]) => join5(targetDir, prefix));
+  for (const componentRoot of componentRoots) {
+    const exists2 = await fileExists(componentRoot);
+    if (!exists2) {
+      debug("lockfile.component_dir_missing", { path: componentRoot });
+      continue;
+    }
+    const allFiles = await collectFiles(componentRoot, targetDir, false);
+    for (const absolutePath of allFiles) {
+      const relativePath = relative2(targetDir, absolutePath).replace(/\\/g, "/");
+      let hash;
+      let size;
+      try {
+        hash = await computeFileHash(absolutePath);
+        const fileStat = await stat(absolutePath);
+        size = fileStat.size;
+      } catch (err) {
+        warn("lockfile.hash_failed", { path: absolutePath, error: String(err) });
+        continue;
+      }
+      const component = resolveComponent(relativePath);
+      files[relativePath] = {
+        templateHash: hash,
+        size,
+        component
+      };
+      debug("lockfile.entry_added", { path: relativePath, component });
+    }
+  }
+  return {
+    lockfileVersion: LOCKFILE_VERSION,
+    generatorVersion,
+    generatedAt: new Date().toISOString(),
+    templateVersion,
+    files
+  };
+}
+async function generateAndWriteLockfileForDir(targetDir) {
+  try {
+    const packageRoot = getPackageRoot();
+    const manifest = await readJsonFile(join5(packageRoot, "templates", "manifest.json"));
+    const { version: generatorVersion } = await readJsonFile(join5(packageRoot, "package.json"));
+    const lockfile = await generateLockfile(targetDir, generatorVersion, manifest.version);
+    await writeLockfile(targetDir, lockfile);
+    return { fileCount: Object.keys(lockfile.files).length };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { fileCount: 0, warning: `Lockfile generation failed: ${msg}` };
+  }
+}
+
 // src/cli/doctor.ts
 async function pathExists(targetPath) {
   try {
@@ -13454,8 +13606,8 @@ async function pathExists(targetPath) {
 }
 async function isDirectory(targetPath) {
   try {
-    const stat = await fs.stat(targetPath);
-    return stat.isDirectory();
+    const stat2 = await fs.stat(targetPath);
+    return stat2.isDirectory();
   } catch {
     return false;
   }
@@ -13491,8 +13643,8 @@ async function collectSymlinksFromRefsDir(refsDir) {
     for (const entry of entries) {
       const entryPath = path.join(refsDir, entry.name);
       try {
-        const stat = await fs.lstat(entryPath);
-        if (stat.isSymbolicLink()) {
+        const stat2 = await fs.lstat(entryPath);
+        if (stat2.isSymbolicLink()) {
           symlinks.push(entryPath);
         }
       } catch {}
@@ -13890,6 +14042,45 @@ function readCurrentVersion() {
     return "0.0.0";
   }
 }
+async function checkLockfileDrift(targetDir) {
+  const lockfile = await readLockfile(targetDir);
+  if (!lockfile) {
+    return null;
+  }
+  const modified = [];
+  const removed = [];
+  for (const [relativePath, entry] of Object.entries(lockfile.files)) {
+    const absolutePath = path.join(targetDir, relativePath);
+    try {
+      const currentHash = await computeFileHash(absolutePath);
+      if (currentHash !== entry.templateHash) {
+        modified.push(relativePath);
+      }
+    } catch {
+      removed.push(relativePath);
+    }
+  }
+  const driftedFiles = [...modified, ...removed];
+  if (driftedFiles.length === 0) {
+    return {
+      name: "Lockfile",
+      status: "pass",
+      message: `Lockfile OK — no drift detected (${Object.keys(lockfile.files).length} files tracked)`,
+      fixable: false
+    };
+  }
+  const details = [
+    ...modified.map((f) => `modified: ${f}`),
+    ...removed.map((f) => `removed: ${f}`)
+  ];
+  return {
+    name: "Lockfile",
+    status: "warn",
+    message: `Lockfile drift detected: ${driftedFiles.length} file(s) changed since install`,
+    fixable: false,
+    details
+  };
+}
 async function checkFrameworkDrift(targetDir, currentVersion) {
   const result = await checkFrameworkVersion(targetDir, currentVersion);
   if (!result)
@@ -13957,7 +14148,9 @@ async function runAllChecks(targetDir, layout, packageVersion, includeUpdates) {
   ]);
   const frameworkCheck = await checkFrameworkDrift(targetDir, packageVersion);
   const checksWithFramework = frameworkCheck ? [...baseChecks, frameworkCheck] : baseChecks;
-  return includeUpdates ? [...checksWithFramework, checkUpdateAvailable(packageVersion)] : checksWithFramework;
+  const lockfileCheck = await checkLockfileDrift(targetDir);
+  const checksWithLockfile = lockfileCheck ? [...checksWithFramework, lockfileCheck] : checksWithFramework;
+  return includeUpdates ? [...checksWithLockfile, checkUpdateAvailable(packageVersion)] : checksWithLockfile;
 }
 async function doctorCommand(options = {}) {
   const targetDir = process.cwd();
@@ -14029,7 +14222,7 @@ import { basename as basename2, join as join7 } from "node:path";
 
 // src/core/file-preservation.ts
 init_fs();
-import { basename, join as join5 } from "node:path";
+import { basename, join as join6 } from "node:path";
 var DEFAULT_CRITICAL_FILES = ["settings.json", "settings.local.json"];
 var DEFAULT_CRITICAL_DIRECTORIES = ["agent-memory", "agent-memory-local"];
 var PROTECTED_FRAMEWORK_FILES = ["CLAUDE.md", "AGENTS.md"];
@@ -14052,8 +14245,8 @@ function matchesGlobPattern(filePath, pattern) {
   return regex.test(filePath);
 }
 async function extractSingleFile(fileName, rootDir, tempDir, result) {
-  const srcPath = join5(rootDir, fileName);
-  const destPath = join5(tempDir, fileName);
+  const srcPath = join6(rootDir, fileName);
+  const destPath = join6(tempDir, fileName);
   try {
     if (await fileExists(srcPath)) {
       await copyFile(srcPath, destPath);
@@ -14067,8 +14260,8 @@ async function extractSingleFile(fileName, rootDir, tempDir, result) {
   }
 }
 async function extractSingleDir(dirName, rootDir, tempDir, result) {
-  const srcPath = join5(rootDir, dirName);
-  const destPath = join5(tempDir, dirName);
+  const srcPath = join6(rootDir, dirName);
+  const destPath = join6(tempDir, dirName);
   try {
     if (await fileExists(srcPath)) {
       await copyDirectory(srcPath, destPath, { overwrite: true, preserveTimestamps: true });
@@ -14105,8 +14298,8 @@ async function restoreCriticalFiles(rootDir, preservation) {
     failures: []
   };
   for (const fileName of preservation.extractedFiles) {
-    const preservedPath = join5(preservation.tempDir, fileName);
-    const targetPath = join5(rootDir, fileName);
+    const preservedPath = join6(preservation.tempDir, fileName);
+    const targetPath = join6(rootDir, fileName);
     try {
       if (fileName.endsWith(".json")) {
         await mergeJsonFile(preservedPath, targetPath);
@@ -14122,8 +14315,8 @@ async function restoreCriticalFiles(rootDir, preservation) {
     }
   }
   for (const dirName of preservation.extractedDirs) {
-    const preservedPath = join5(preservation.tempDir, dirName);
-    const targetPath = join5(rootDir, dirName);
+    const preservedPath = join6(preservation.tempDir, dirName);
+    const targetPath = join6(rootDir, dirName);
     try {
       await copyDirectory(preservedPath, targetPath, {
         overwrite: false,
@@ -14422,134 +14615,6 @@ function getDefaultWorkflow() {
   };
 }
 
-// src/core/lockfile.ts
-init_fs();
-import { createHash } from "node:crypto";
-import { createReadStream } from "node:fs";
-import { readdir, stat } from "node:fs/promises";
-import { join as join6, relative as relative2 } from "node:path";
-var LOCKFILE_NAME = ".omcustom.lock.json";
-var LOCKFILE_VERSION = 1;
-var LOCKFILE_COMPONENTS = [
-  "rules",
-  "agents",
-  "skills",
-  "hooks",
-  "contexts",
-  "ontology",
-  "guides"
-];
-var COMPONENT_PATHS = LOCKFILE_COMPONENTS.map((component) => [getComponentPath(component), component]);
-function computeFileHash(filePath) {
-  return new Promise((resolve2, reject) => {
-    const hash = createHash("sha256");
-    const stream = createReadStream(filePath);
-    stream.on("error", (err) => {
-      reject(err);
-    });
-    stream.on("data", (chunk) => {
-      hash.update(chunk);
-    });
-    stream.on("end", () => {
-      resolve2(hash.digest("hex"));
-    });
-  });
-}
-async function writeLockfile(targetDir, lockfile) {
-  const lockfilePath = join6(targetDir, LOCKFILE_NAME);
-  await writeJsonFile(lockfilePath, lockfile);
-  debug("lockfile.written", { path: lockfilePath });
-}
-function resolveComponent(relativePath) {
-  const normalized = relativePath.replace(/\\/g, "/");
-  for (const [prefix, component] of COMPONENT_PATHS) {
-    if (normalized === prefix || normalized.startsWith(`${prefix}/`)) {
-      return component;
-    }
-  }
-  return "unknown";
-}
-async function collectFiles(dir2, projectRoot, isTopLevel) {
-  const results = [];
-  let entries;
-  try {
-    entries = await readdir(dir2);
-  } catch {
-    return results;
-  }
-  for (const entry of entries) {
-    if (isTopLevel && entry.startsWith(".") && entry !== ".claude") {
-      continue;
-    }
-    const fullPath = join6(dir2, entry);
-    let fileStat;
-    try {
-      fileStat = await stat(fullPath);
-    } catch {
-      continue;
-    }
-    if (fileStat.isDirectory()) {
-      const subFiles = await collectFiles(fullPath, projectRoot, false);
-      results.push(...subFiles);
-    } else if (fileStat.isFile()) {
-      results.push(fullPath);
-    }
-  }
-  return results;
-}
-async function generateLockfile(targetDir, generatorVersion, templateVersion) {
-  const files = {};
-  const componentRoots = COMPONENT_PATHS.map(([prefix]) => join6(targetDir, prefix));
-  for (const componentRoot of componentRoots) {
-    const exists2 = await fileExists(componentRoot);
-    if (!exists2) {
-      debug("lockfile.component_dir_missing", { path: componentRoot });
-      continue;
-    }
-    const allFiles = await collectFiles(componentRoot, targetDir, false);
-    for (const absolutePath of allFiles) {
-      const relativePath = relative2(targetDir, absolutePath).replace(/\\/g, "/");
-      let hash;
-      let size;
-      try {
-        hash = await computeFileHash(absolutePath);
-        const fileStat = await stat(absolutePath);
-        size = fileStat.size;
-      } catch (err) {
-        warn("lockfile.hash_failed", { path: absolutePath, error: String(err) });
-        continue;
-      }
-      const component = resolveComponent(relativePath);
-      files[relativePath] = {
-        templateHash: hash,
-        size,
-        component
-      };
-      debug("lockfile.entry_added", { path: relativePath, component });
-    }
-  }
-  return {
-    lockfileVersion: LOCKFILE_VERSION,
-    generatorVersion,
-    generatedAt: new Date().toISOString(),
-    templateVersion,
-    files
-  };
-}
-async function generateAndWriteLockfileForDir(targetDir) {
-  try {
-    const packageRoot = getPackageRoot();
-    const manifest = await readJsonFile(join6(packageRoot, "templates", "manifest.json"));
-    const { version: generatorVersion } = await readJsonFile(join6(packageRoot, "package.json"));
-    const lockfile = await generateLockfile(targetDir, generatorVersion, manifest.version);
-    await writeLockfile(targetDir, lockfile);
-    return { fileCount: Object.keys(lockfile.files).length };
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    return { fileCount: 0, warning: `Lockfile generation failed: ${msg}` };
-  }
-}
-
 // src/core/scope-filter.ts
 function getSkillScope(content) {
   const cleaned = content.replace(/^\uFEFF/, "");
@@ -14936,12 +15001,21 @@ async function generateMCPConfig(targetDir) {
   if (!ontologyExists) {
     return;
   }
+  try {
+    execSync3("uv --version", { stdio: "pipe" });
+  } catch {
+    warn("uv (Python package manager) not found. Install it with: curl -LsSf https://astral.sh/uv/install.sh | sh");
+    warn("Skipping ontology-rag MCP configuration. You can set it up manually later.");
+    return;
+  }
   try {
     execSync3("uv venv .venv", { cwd: targetDir, stdio: "pipe" });
     execSync3('uv pip install "ontology-rag @ git+https://github.com/baekenough/oh-my-customcode.git#subdirectory=packages/ontology-rag"', { cwd: targetDir, stdio: "pipe" });
   } catch (error2) {
     const msg = error2 instanceof Error ? error2.message : String(error2);
-    throw new Error(`Failed to setup Python environment: ${msg}`);
+    warn(`Failed to setup ontology-rag: ${msg}`);
+    warn("You can configure the MCP server manually. See: https://github.com/baekenough/oh-my-customcode/tree/develop/packages/ontology-rag");
+    return;
   }
   const config = {
     mcpServers: {
@@ -14975,6 +15049,7 @@ async function generateMCPConfig(targetDir) {
     await writeFile(mcpConfigPath, `${JSON.stringify(config, null, 2)}
 `);
   }
+  info("ontology-rag MCP server configured successfully");
 }
 async function checkUvAvailable() {
   try {
@@ -16078,6 +16153,15 @@ async function initCommand(options) {
     logInstallResultInfo(installResult);
     logSuccessDetails(installedPaths, installResult.skippedComponents);
     await setupMcpConfig(targetDir);
+    console.log("");
+    console.log("Required plugins (install manually):");
+    console.log("  /plugin marketplace add obra/superpowers-marketplace");
+    console.log("  /plugin install superpowers");
+    console.log("  /plugin install superpowers-developing-for-claude-code");
+    console.log("  /plugin install elements-of-style");
+    console.log("  /plugin install context7");
+    console.log("");
+    console.log('See CLAUDE.md "외부 의존성" section for details.');
     return {
       success: true,
       message: i18n.t("cli.init.success"),

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "oh-my-customcode",
   "workspaces": ["packages/*"],
-  "version": "0.39.0",
+  "version": "0.42.1",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/agents/sec-codeql-expert.md

@@ -7,6 +7,7 @@ memory: project
 isolation: sandbox
 skills:
   - cve-triage
+  - adversarial-review
 tools:
   - Read
   - Write

package/templates/.claude/config/required-plugins.json

@@ -0,0 +1,30 @@
+{
+  "requiredPlugins": [
+    {
+      "name": "superpowers",
+      "source": "claude-plugins-official",
+      "description": "TDD, debugging, collaboration patterns"
+    },
+    {
+      "name": "superpowers-developing-for-claude-code",
+      "source": "superpowers-marketplace",
+      "description": "Claude Code development documentation"
+    },
+    {
+      "name": "elements-of-style",
+      "source": "superpowers-marketplace",
+      "description": "Writing clarity guidelines"
+    },
+    {
+      "name": "context7",
+      "source": "claude-plugins-official",
+      "description": "Library documentation lookup"
+    }
+  ],
+  "marketplaces": [
+    {
+      "name": "superpowers-marketplace",
+      "url": "obra/superpowers-marketplace"
+    }
+  ]
+}

package/templates/.claude/hooks/scripts/audit-log.sh

@@ -6,6 +6,7 @@
 # Always exits 0 (advisory only)
 
 set -euo pipefail
+HOOK_START=$(date +%s%N 2>/dev/null || echo 0)
 
 # Dependency check: exit silently if jq not available
 command -v jq >/dev/null 2>&1 || exit 0
@@ -55,4 +56,9 @@ fi
 
 # Pass through
 echo "$input"
+HOOK_END=$(date +%s%N 2>/dev/null || echo 0)
+if [ "$HOOK_START" != "0" ] && [ "$HOOK_END" != "0" ]; then
+  HOOK_MS=$(( (HOOK_END - HOOK_START) / 1000000 ))
+  echo "[Hook Perf] $(basename "$0"): ${HOOK_MS}ms" >> "/tmp/.claude-hook-perf-${PPID}.log"
+fi
 exit 0

package/templates/.claude/hooks/scripts/context-budget-advisor.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 set -euo pipefail
+HOOK_START=$(date +%s%N 2>/dev/null || echo 0)
 
 # Dependency check: exit silently if jq not available
 command -v jq >/dev/null 2>&1 || exit 0
@@ -86,4 +87,9 @@ fi
 
 # Pass through
 echo "$input"
+HOOK_END=$(date +%s%N 2>/dev/null || echo 0)
+if [ "$HOOK_START" != "0" ] && [ "$HOOK_END" != "0" ]; then
+  HOOK_MS=$(( (HOOK_END - HOOK_START) / 1000000 ))
+  echo "[Hook Perf] $(basename "$0"): ${HOOK_MS}ms" >> "/tmp/.claude-hook-perf-${PPID}.log"
+fi
 exit 0

package/templates/.claude/hooks/scripts/session-env-check.sh

@@ -185,6 +185,10 @@ case "$DRIFT_STATUS" in
     echo "  Skipped (not a git repository)" >&2
     ;;
 esac
+echo "" >&2
+echo "  [Lockfile Drift]" >&2
+echo "  Note: file-level lockfile drift (template hash changes) is checked via 'omcustom doctor'" >&2
+echo "  Run 'omcustom doctor' to detect modified/removed template files since install." >&2
 echo "------------------------------------" >&2
 
 # SessionEnd hooks timeout (v2.1.74+)

package/templates/.claude/hooks/scripts/stuck-detector.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 set -euo pipefail
+HOOK_START=$(date +%s%N 2>/dev/null || echo 0)
 
 # Dependency check: exit silently if jq not available
 command -v jq >/dev/null 2>&1 || exit 0
@@ -180,9 +181,19 @@ if [ "$hard_block" = true ]; then
   echo "  Recovery: Step back, re-read the error, and try a fundamentally different approach." >&2
   echo "=====================================" >&2
   echo "$input"
+  HOOK_END=$(date +%s%N 2>/dev/null || echo 0)
+  if [ "$HOOK_START" != "0" ] && [ "$HOOK_END" != "0" ]; then
+    HOOK_MS=$(( (HOOK_END - HOOK_START) / 1000000 ))
+    echo "[Hook Perf] $(basename "$0"): ${HOOK_MS}ms" >> "/tmp/.claude-hook-perf-${PPID}.log"
+  fi
   exit 1
 fi
 
 # Pass through
 echo "$input"
+HOOK_END=$(date +%s%N 2>/dev/null || echo 0)
+if [ "$HOOK_START" != "0" ] && [ "$HOOK_END" != "0" ]; then
+  HOOK_MS=$(( (HOOK_END - HOOK_START) / 1000000 ))
+  echo "[Hook Perf] $(basename "$0"): ${HOOK_MS}ms" >> "/tmp/.claude-hook-perf-${PPID}.log"
+fi
 exit 0

package/templates/.claude/ontology/skills.yaml

@@ -85,6 +85,7 @@ skills:
     description: "Audit agent dependencies and references"
     user_invocable: true
     model_invocable: true
+    scope: harness
     summary: "Audit agent dependencies to ensure all skill and guide references are valid"
     keywords: [audit, dependencies, validation, references]
     rule_references: []
@@ -103,6 +104,7 @@ skills:
     description: "Fetch and verify Claude Code official documentation. Use when checking official spec compliance or updating local reference docs."
     user_invocable: true
     model_invocable: false
+    scope: harness
     summary: "Maintain up-to-date local copies of Claude Code official documentation"
     keywords: [claude-code, documentation, spec, compliance, verification]
     rule_references: []
@@ -112,6 +114,7 @@ skills:
     description: "Create a new agent with complete structure"
     user_invocable: true
     model_invocable: false
+    scope: harness
     summary: "Create a new agent with complete directory structure and validation"
     keywords: [create, agent, structure, validation]
     rule_references: []
@@ -203,6 +206,7 @@ skills:
     description: "Fix broken agent references and symlinks"
     user_invocable: true
     model_invocable: false
+    scope: harness
     summary: "Fix broken references, missing symlinks, and agent dependency issues"
     keywords: [fix, references, symlinks, dependencies]
     rule_references: []
@@ -230,6 +234,7 @@ skills:
     description: "Show help information for commands and system"
     user_invocable: true
     model_invocable: true
+    scope: harness
     summary: "Show help information for commands, agents, and system rules"
     keywords: [help, documentation, commands, agents, rules]
     rule_references: []
@@ -266,6 +271,7 @@ skills:
     description: "Show all available commands"
     user_invocable: true
     model_invocable: true
+    scope: harness
     summary: "Show all available commands with optional filtering and detailed information"
     keywords: [lists, commands, categories, system]
     rule_references: []
@@ -302,6 +308,7 @@ skills:
     description: "Enable/disable OpenTelemetry console monitoring for Claude Code usage tracking"
     user_invocable: true
     model_invocable: true
+    scope: package
     summary: "Enable or disable OpenTelemetry console monitoring for usage metrics"
     keywords: [monitoring, telemetry, otel, metrics, usage]
     rule_references: []
@@ -311,6 +318,7 @@ skills:
     description: "Audit npm dependencies for security and updates"
     user_invocable: true
     model_invocable: true
+    scope: package
     summary: "Audit npm dependencies for security vulnerabilities and outdated packages"
     keywords: [npm, audit, security, dependencies, vulnerabilities]
     rule_references: []
@@ -320,6 +328,7 @@ skills:
     description: "Publish package to npm registry with pre-checks"
     user_invocable: true
     model_invocable: false
+    scope: package
     summary: "Publish package to npm registry with comprehensive pre-publish checks"
     keywords: [npm, publish, package, registry, validation]
     rule_references: []
@@ -329,6 +338,7 @@ skills:
     description: "Manage semantic versions for npm packages"
     user_invocable: true
     model_invocable: false
+    scope: package
     summary: "Manage semantic versions for npm packages with changelog and git integration"
     keywords: [npm, version, semantic, changelog, git]
     rule_references: []
@@ -447,6 +457,7 @@ skills:
     description: "Full R017 verification (5+3 rounds) before commit"
     user_invocable: true
     model_invocable: false
+    scope: harness
     summary: "Execute full R017 verification with 5 rounds of manager verification and 3 rounds of deep review"
     keywords: [verification, r017, sync, validation, compliance]
     rule_references: [R017]
@@ -493,6 +504,7 @@ skills:
     description: "Show system status and health checks"
     user_invocable: true
     model_invocable: true
+    scope: harness
     summary: "Show comprehensive system status including agents, skills, guides, and health checks"
     keywords: [status, health, system, agents, skills]
     rule_references: []
@@ -520,6 +532,7 @@ skills:
     description: "Sync documentation with project structure"
     user_invocable: true
     model_invocable: false
+    scope: harness
     summary: "Ensure documentation accurately reflects current project state and agents work together"
     keywords: [update, documentation, sync, validation, consistency]
     rule_references: []
@@ -529,6 +542,7 @@ skills:
     description: "Update agents from external sources (GitHub, docs, etc.)"
     user_invocable: true
     model_invocable: false
+    scope: harness
     summary: "Update agents, skills, and guides from external sources to latest versions"
     keywords: [update, external, github, sources, versioning]
     rule_references: []

package/templates/.claude/rules/MUST-agent-teams.md

@@ -75,6 +75,19 @@ All members must be spawned in a single message. Partial spawning needs correcti
 ╚══════════════════════════════════════════════════════════════════╝
 ```
 
+### External Skill Conflict Resolution
+
+When an external skill instructs using Agent tool but R018 criteria are met:
+
+| Skill says | R018 requires | Resolution |
+|------------|--------------|------------|
+| "Use Agent tool for N tasks" | 3+ agents → Teams | Use Agent Teams, follow skill logic |
+| "Sequential agent spawning" | Independent tasks → parallel | Parallelize per R009 |
+| "Skip coordination" | Shared state → Teams | Use Teams for coordination |
+
+**Rule**: External skills define the WORKFLOW. R018 defines the EXECUTION METHOD.
+The skill's steps are followed, but agent spawning uses Teams when criteria are met.
+
 ## Common Violations
 
 ```

package/templates/.claude/rules/MUST-continuous-improvement.md

@@ -23,3 +23,19 @@ Update the relevant rule rather than just acknowledging the violation.
 | User points out violation | Update rule → Continue |
 | Self-detected violation | Fix immediately, consider rule update |
 | Ambiguous situation | Ask user, then update if needed |
+
+## Anti-Patterns
+
+| Anti-Pattern | Why It's Wrong | Correct Action |
+|-------------|----------------|----------------|
+| "I'll update the rule later" | Deferred fixes are forgotten | Update rule NOW, before continuing |
+| "This is a one-time exception" | Exceptions become patterns | If the rule is wrong, fix it; if it's right, follow it |
+| "The rule doesn't cover this case" | Missing coverage = rule gap | Add the case to the rule immediately |
+| "Let me finish the task first" | Rule violations compound | Fix rule first (5 min), then continue (prevents N future violations) |
+
+## Timing
+
+Rule updates MUST happen:
+- **Before** continuing the original task
+- **In the same session** as the violation
+- **Not** as a separate TODO or follow-up issue

package/templates/.claude/rules/MUST-enforcement-policy.md

@@ -0,0 +1,42 @@
+# [MUST] Enforcement Policy
+
+> **Priority**: MUST | **ID**: R021
+
+## Core Policy
+
+oh-my-customcode uses an **advisory-first enforcement model**. Most rules are enforced through prompt engineering (CLAUDE.md, rules/, PostCompact hook) rather than hard-blocking hooks. This is intentional — it preserves agent flexibility while maintaining behavioral standards.
+
+## Enforcement Tiers
+
+| Tier | Mechanism | Rules | Behavior |
+|------|-----------|-------|----------|
+| Hard Block | PreToolUse hook, exit 1 | stage-blocker, dev-server tmux | Prevents tool execution |
+| Soft Block | Stop hook prompt | R011 session-end saves | Auto-performs then approves |
+| Advisory | PostToolUse hooks | R007, R008, R009, R010, R018 | Warns via stderr, never blocks |
+| Prompt-based | CLAUDE.md + rules/ + PostCompact | All MUST rules | Behavioral guidance in context |
+
+## Why Advisory-First
+
+1. **Agent flexibility**: Hard blocks can trap agents in unrecoverable states
+2. **Graceful degradation**: Missing dependencies (jq, etc.) don't break the session
+3. **Composability**: External skills and internal rules can coexist without deadlocks
+4. **PostCompact reinforcement**: R007/R008/R009/R010/R018 are re-injected after context compaction
+
+## Hard Enforcement Candidates (Future)
+
+If advisory enforcement proves insufficient for specific rules, these are candidates for promotion to hard-block:
+
+| Rule | Candidate Hook | Condition for Promotion |
+|------|---------------|------------------------|
+| R010 | git-delegation-guard.sh | If orchestrator-direct-write violations exceed 3/session |
+| R007/R008 | (new hook) | If identification omission rate exceeds 20% |
+
+Promotion requires: (1) measured violation rate data, (2) user approval, (3) rollback plan.
+
+## Integration
+
+| Rule | Interaction |
+|------|-------------|
+| R010 | git-delegation-guard.sh is advisory; could promote to blocking |
+| R016 | Violations trigger rule updates, not enforcement changes |
+| PostCompact | Re-injects critical rules to combat context compaction amnesia |

package/templates/.claude/rules/MUST-orchestrator-coordination.md

@@ -207,17 +207,24 @@ All git operations (commit, push, branch, PR) MUST go through `mgr-gitnerd`. Int
 
 ## External Skills vs Internal Rules
 
-```
-Internal rules always take precedence over external skills.
+Internal rules ALWAYS take precedence over external skills.
+
+This applies to ALL rule domains, not just git operations:
 
-Translation:
-  External skill says          → Internal rule requires
-  ─────────────────────────────────────────────────────
-  "git commit -m ..."          → Agent(mgr-gitnerd) commit
-  "git push ..."               → Agent(mgr-gitnerd) push
-  "gh pr create ..."           → Agent(mgr-gitnerd) create PR
-  "git merge ..."              → Agent(mgr-gitnerd) merge
+| External skill says | Internal rule requires |
+|---------------------|----------------------|
+| "git commit -m ..." | Agent(mgr-gitnerd) commit (R010) |
+| "run 3 agents sequentially" | Parallel execution if independent (R009) |
+| "use Agent tool for 5 research tasks" | Agent Teams when criteria met (R018) |
+| "skip code review" | Follow project review workflow |
+| "write files directly" | Delegate to specialist subagent (R010) |
 
+When a skill's workflow conflicts with R009/R010/R018:
+1. Follow the skill's LOGIC and STEPS
+2. Replace the EXECUTION method with rule-compliant alternatives
+3. The skill defines WHAT to do; rules define HOW to execute
+
+```
 Incorrect:
   [Using external skill]
   Main conversation → directly runs "git push"

package/templates/.claude/skills/adversarial-review/SKILL.md

@@ -0,0 +1,72 @@
+---
+name: adversarial-review
+description: Adversarial code review using attacker mindset — trust boundary, attack surface, business logic, and defense evaluation
+scope: core
+argument-hint: "<file-or-directory> [--depth quick|thorough]"
+user-invocable: true
+---
+
+# Adversarial Code Review
+
+Review code from an attacker's perspective using STRIDE + OWASP frameworks.
+
+## 4-Phase Review Process
+
+### Phase 1: Trust Boundary Analysis
+Identify where trust transitions occur:
+- External input reaching internal logic without validation → **Tampering**
+- Implicit trust between services → **Elevation of Privilege**
+- Shared storage without isolation → **Information Disclosure**
+- Authentication boundaries not clearly marked → **Spoofing**
+
+Output: `[TRUST-BOUNDARY]` findings with location, threat type, and current validation level.
+
+### Phase 2: Attack Surface Mapping
+Map all entry points and exposure:
+- Public API endpoints and auth requirements
+- File upload/download paths → Path traversal risk
+- External system calls (URLs, queries) → SSRF/Injection
+- Event handlers and callbacks → Race conditions
+- Error message verbosity → Information Disclosure
+
+Output: `[ATTACK-SURFACE]` table with endpoint, exposure level, and mitigation status.
+
+### Phase 3: Business Logic Review
+Analyze logic flaws that static analysis misses:
+- State machine violations (skip steps, replay)
+- Authorization != authentication (authn ok but authz missing)
+- Race conditions in multi-step operations
+- Numeric overflow/underflow in financial calculations
+- Default-allow vs default-deny patterns
+
+Output: `[LOGIC-FLAW]` findings with exploitation scenario and impact.
+
+### Phase 4: Defense Evaluation
+Assess existing defense mechanisms:
+- Input validation completeness (allowlist vs blocklist)
+- Output encoding consistency
+- Rate limiting and abuse prevention
+- Logging coverage for security events
+- Secret management (hardcoded credentials, env leaks)
+
+Output: `[DEFENSE-GAP]` findings with recommendation.
+
+## Output Format
+
+For each finding:
+```
+[CATEGORY] Severity: HIGH|MEDIUM|LOW
+Location: file:line
+Finding: Description
+Attack: How an attacker would exploit this
+Fix: Recommended remediation
+```
+
+## Depth Modes
+- **quick**: Phase 1 + 2 only (trust boundaries + attack surface)
+- **thorough**: All 4 phases with detailed exploitation scenarios
+
+## Integration
+- Complements `dev-review` (best practices) with attacker perspective
+- Works with `sec-codeql-expert` for pattern-based + logic-based coverage
+- Can be chained: `dev-review` → `adversarial-review` for complete coverage

package/templates/CLAUDE.md

@@ -0,0 +1,272 @@
+# AI 에이전트 시스템
+
+oh-my-customcode로 구동됩니다.
+
+---
+## 모든 응답 전 반드시 확인
+
+1. 에이전트 식별로 시작하는가? (R007) 2. 도구 호출에 식별 포함? (R008) 3. 2+ 에이전트 스폰 시 R018 체크? → 하나라도 NO면 즉시 수정
+
+---
+
+## 중요: 규칙 적용 범위
+
+> **이 규칙들은 상황에 관계없이 항상 적용됩니다:**
+
+| 상황 | 규칙 적용? |
+|------|-----------|
+| 이 프로젝트 작업 시 | **예** |
+| 외부 프로젝트 작업 시 | **예** |
+| 컨텍스트 압축 후 | **예** |
+| 간단한 질문 | **예** |
+| 모든 상황 | **예** |
+
+---
+
+## 중요: 세션 연속성
+
+> **이 규칙들은 컨텍스트 압축 후에도 항상 적용됩니다.**
+
+```
+"compact conversation" 후 세션이 계속될 때:
+1. 이 CLAUDE.md를 즉시 다시 읽기
+2. 모든 강제 규칙 활성 상태 유지
+3. 이전 컨텍스트 요약이 이 규칙을 대체하지 않음
+4. 첫 응답은 반드시 에이전트 식별 포함
+
+예외 없음. 변명 없음.
+```
+
+---
+
+## 중요: 강제 규칙
+
+> **이 규칙들은 협상 불가. 위반 = 즉시 수정 필요.**
+
+| 규칙 | 핵심 | 위반 시 |
+|------|------|--------|
+| R007 에이전트 식별 | 모든 응답은 `┌─ Agent:` 헤더로 시작 | 즉시 헤더 추가 |
+| R008 도구 식별 | 모든 도구 호출에 `[에이전트명][모델] → Tool:` 접두사 | 즉시 접두사 추가 |
+| R009 병렬 실행 | 독립 작업 2개 이상 → 병렬 에이전트 (최대 4개) | 순차 실행 중단, 병렬로 전환 |
+| R010 오케스트레이터 | 오케스트레이터는 파일 수정 금지 → 서브에이전트에 위임 | 직접 수정 중단, 위임 |
+
+---
+
+## 전역 규칙 (필수 준수)
+
+> `.claude/rules/` 참조
+
+### MUST (절대 위반 금지)
+| ID | 규칙 | 설명 |
+|----|------|------|
+| R000 | 언어 정책 | 한국어 입출력, 영어 파일, 위임 모델 |
+| R001 | 안전 규칙 | 금지된 작업, 필수 확인 |
+| R002 | 권한 규칙 | 도구 티어, 파일 접근 범위 |
+| R006 | 에이전트 설계 | 에이전트 구조, 관심사 분리 |
+| R007 | 에이전트 식별 | **강제** - 모든 응답에 에이전트/스킬 표시 |
+| R008 | 도구 식별 | **강제** - 모든 도구 사용 시 에이전트 표시 |
+| R009 | 병렬 실행 | **강제** - 병렬 실행, 대규모 작업 분해 |
+| R010 | 오케스트레이터 조율 | **강제** - 오케스트레이터 조율, 세션 연속성, 직접 실행 금지 |
+| R015 | 의도 투명성 | **강제** - 투명한 에이전트 라우팅 |
+| R016 | 지속적 개선 | **강제** - 위반 발생 시 규칙 업데이트 |
+| R017 | 동기화 검증 | **강제** - 구조 변경 전 검증 |
+| R018 | Agent Teams | **강제(조건부)** - Agent Teams 활성화 시 적합한 작업에 필수 사용 |
+| R020 | 완료 검증 | **강제** - 작업 완료 선언 전 검증 필수 |
+| R021 | Enforcement Policy | **강제** - Advisory-first enforcement model |
+
+### SHOULD (강력 권장)
+| ID | 규칙 | 설명 |
+|----|------|------|
+| R003 | 상호작용 규칙 | 응답 원칙, 상태 형식 |
+| R004 | 오류 처리 | 오류 수준, 복구 전략 |
+| R011 | 메모리 통합 | claude-mem을 통한 세션 지속성 |
+| R012 | HUD 상태줄 | 실시간 상태 표시 |
+| R013 | Ecomode | 배치 작업 토큰 효율성 |
+| R019 | Ontology-RAG 라우팅 | 라우팅 스킬의 ontology-RAG enrichment |
+
+### MAY (선택)
+| ID | 규칙 | 설명 |
+|----|------|------|
+| R005 | 최적화 | 효율성, 토큰 최적화 |
+
+## 커맨드
+
+### 슬래시 커맨드 (스킬 기반)
+
+| 커맨드 | 설명 |
+|--------|------|
+| `/omcustom:analysis` | 프로젝트 분석 및 자동 커스터마이징 |
+| `/omcustom:create-agent` | 새 에이전트 생성 |
+| `/omcustom:update-docs` | 프로젝트 구조와 문서 동기화 |
+| `/omcustom:update-external` | 외부 소스에서 에이전트 업데이트 |
+| `/omcustom:audit-agents` | 에이전트 의존성 감사 |
+| `/omcustom:fix-refs` | 깨진 참조 수정 |
+| `/omcustom:takeover` | 기존 에이전트/스킬에서 canonical spec 추출 |
+| `/adversarial-review` | 공격자 관점 보안 코드 리뷰 |
+| `/dev-review` | 코드 베스트 프랙티스 리뷰 |
+| `/dev-refactor` | 코드 리팩토링 |
+| `/memory-save` | 세션 컨텍스트를 claude-mem에 저장 |
+| `/memory-recall` | 메모리 검색 및 리콜 |
+| `/omcustom:monitoring-setup` | OTel 콘솔 모니터링 활성화/비활성화 |
+| `/omcustom:npm-publish` | npm 레지스트리에 패키지 배포 |
+| `/omcustom:npm-version` | 시맨틱 버전 관리 |
+| `/omcustom:npm-audit` | 의존성 감사 |
+| `/omcustom:release-notes` | 릴리즈 노트 생성 (git 히스토리 기반) |
+| `/codex-exec` | Codex CLI 프롬프트 실행 |
+| `/optimize-analyze` | 번들 및 성능 분석 |
+| `/optimize-bundle` | 번들 크기 최적화 |
+| `/optimize-report` | 최적화 리포트 생성 |
+| `/research` | 10-team 병렬 딥 분석 및 교차 검증 |
+| `/deep-plan` | 연구 검증 기반 계획 수립 (research → plan → verify) |
+| `/omcustom:sauron-watch` | 전체 R017 검증 |
+| `/structured-dev-cycle` | 6단계 구조적 개발 사이클 (Plan → Verify → Implement → Verify → Compound → Done) |
+| `/omcustom:lists` | 모든 사용 가능한 커맨드 표시 |
+| `/omcustom:status` | 시스템 상태 표시 |
+| `/omcustom:help` | 도움말 표시 |
+
+## 프로젝트 구조
+
+```
+project/
++-- CLAUDE.md                    # 진입점
++-- .claude/
+|   +-- agents/                  # 서브에이전트 정의 (44 파일)
+|   +-- skills/                  # 스킬 (74 디렉토리)
+|   +-- rules/                   # 전역 규칙 (R000-R021)
+|   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
+|   +-- contexts/                # 컨텍스트 파일 (ecomode)
++-- guides/                      # 레퍼런스 문서 (25 토픽)
+```
+
+## 오케스트레이션
+
+오케스트레이션은 메인 대화의 라우팅 스킬로 처리됩니다:
+- **secretary-routing**: 매니저 에이전트로 관리 작업 라우팅
+- **dev-lead-routing**: 언어/프레임워크 전문가에게 개발 작업 라우팅
+- **de-lead-routing**: 데이터 엔지니어링 작업을 DE/파이프라인 전문가에게 라우팅
+- **qa-lead-routing**: QA 워크플로우 조율
+
+메인 대화가 유일한 오케스트레이터 역할을 합니다. 서브에이전트는 다른 서브에이전트를 생성할 수 없습니다.
+
+### 동적 에이전트 생성
+
+기존 에이전트 중 작업에 맞는 전문가가 없으면 자동으로 생성합니다:
+
+1. 라우팅 스킬이 매칭 전문가 없음을 감지
+2. 오케스트레이터가 mgr-creator에 컨텍스트와 함께 위임
+3. mgr-creator가 관련 skills/guides를 자동 탐색
+4. 새 에이전트 생성 후 즉시 사용
+
+이것이 oh-my-customcode의 핵심 철학입니다: **"전문가가 없으면? 만들고, 지식을 연결하고, 사용한다."**
+
+## 아키텍처 철학: 컴파일레이션 메타포
+
+oh-my-customcode는 소프트웨어 컴파일과 동일한 구조를 따릅니다:
+
+| 컴파일 개념 | oh-my-customcode 매핑 | 역할 |
+|------------|----------------------|------|
+| Source code | `.claude/skills/` | 재사용 가능한 지식과 워크플로우 정의 |
+| Build artifacts | `.claude/agents/` | 스킬을 조합한 실행 가능한 전문가 |
+| Compiler | `mgr-sauron` (R017) | 구조 검증 및 정합성 보장 |
+| Spec | `.claude/rules/` | 빌드 규칙과 제약 조건 |
+| Linker | Routing skills | 에이전트를 작업에 연결 |
+| Standard library | `guides/` | 공유 레퍼런스 문서 |
+
+이 메타포는 관심사 분리(R006)의 핵심입니다: 스킬(소스)을 에이전트(빌드 결과물)와 분리하여 독립적 진화를 가능하게 합니다.
+
+## 에이전트 요약
+
+| 타입 | 수량 | 에이전트 |
+|------|------|----------|
+| SW Engineer/Language | 6 | lang-golang-expert, lang-python-expert, lang-rust-expert, lang-kotlin-expert, lang-typescript-expert, lang-java21-expert |
+| SW Engineer/Backend | 6 | be-fastapi-expert, be-springboot-expert, be-go-backend-expert, be-express-expert, be-nestjs-expert, be-django-expert |
+| SW Engineer/Frontend | 4 | fe-vercel-agent, fe-vuejs-agent, fe-svelte-agent, fe-flutter-agent |
+| SW Engineer/Tooling | 3 | tool-npm-expert, tool-optimizer, tool-bun-expert |
+| DE Engineer | 6 | de-airflow-expert, de-dbt-expert, de-spark-expert, de-kafka-expert, de-snowflake-expert, de-pipeline-expert |
+| SW Engineer/Database | 3 | db-supabase-expert, db-postgres-expert, db-redis-expert |
+| Security | 1 | sec-codeql-expert |
+| SW Architect | 2 | arch-documenter, arch-speckit-agent |
+| Infra Engineer | 2 | infra-docker-expert, infra-aws-expert |
+| QA Team | 3 | qa-planner, qa-writer, qa-engineer |
+| Manager | 6 | mgr-creator, mgr-updater, mgr-supplier, mgr-gitnerd, mgr-sauron, mgr-claude-code-bible |
+| System | 2 | sys-memory-keeper, sys-naggy |
+| **총계** | **44** | |
+
+## Agent Teams (MUST when enabled)
+
+Claude Code의 Agent Teams 기능이 활성화되어 있으면 (`CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1`), 적격한 작업에 적극적으로 사용합니다.
+
+| 기능 | 서브에이전트 (기본) | Agent Teams |
+|------|---------------------|-------------|
+| 통신 | 호출자에게 결과만 반환 | 피어 투 피어 메시지 |
+| 조율 | 오케스트레이터가 관리 | 공유 작업 목록 |
+| 적합한 작업 | 집중된 작업 | 리서치, 리뷰, 디버깅 |
+| 토큰 비용 | 낮음 | 높음 |
+
+**활성화 시, 적격한 협업 작업에 Agent Teams를 반드시 사용해야 합니다 (R018 MUST).**
+결정 매트릭스는 R018 (MUST-agent-teams.md)을 참조하세요.
+하이브리드 패턴 (Claude + Codex, 동적 생성 + Teams)이 지원됩니다.
+단순/비용 민감 작업에는 Task tool + 라우팅 스킬이 폴백으로 유지됩니다.
+
+## 빠른 참조
+
+```bash
+# 프로젝트 분석
+/omcustom:analysis
+
+# 모든 커맨드 표시
+/omcustom:lists
+
+# 에이전트 관리
+/omcustom:create-agent my-agent
+/omcustom:update-docs
+/omcustom:audit-agents
+
+# 코드 리뷰
+/dev-review src/main.go
+
+# 메모리 관리
+/memory-save
+/memory-recall authentication
+
+# 검증
+/omcustom:sauron-watch
+```
+
+## 외부 의존성
+
+### 필수 플러그인
+
+`/plugin install <이름>`으로 설치:
+
+| 플러그인 | 소스 | 용도 |
+|----------|------|------|
+| superpowers | claude-plugins-official | TDD, 디버깅, 협업 패턴 |
+| superpowers-developing-for-claude-code | superpowers-marketplace | Claude Code 개발 문서 |
+| elements-of-style | superpowers-marketplace | 글쓰기 명확성 가이드라인 |
+| obsidian-skills | - | 옵시디언 마크다운 지원 |
+| context7 | claude-plugins-official | 라이브러리 문서 조회 |
+
+### 권장 MCP 서버
+
+| 서버 | 용도 |
+|------|------|
+| claude-mem | 세션 메모리 영속성 (Chroma 기반) |
+
+### 설치 명령어
+
+```bash
+# 마켓플레이스 추가
+/plugin marketplace add obra/superpowers-marketplace
+
+# 플러그인 설치
+/plugin install superpowers
+/plugin install superpowers-developing-for-claude-code
+/plugin install elements-of-style
+
+# MCP 설정 (claude-mem)
+npm install -g claude-mem
+claude-mem setup
+```
+
+<!-- omcustom:git-workflow -->

package/templates/manifest.json

@@ -1,12 +1,12 @@
 {
-  "version": "0.39.0",
+  "version": "0.42.1",
   "lastUpdated": "2026-03-16T00:00:00.000Z",
   "components": [
     {
       "name": "rules",
       "path": ".claude/rules",
       "description": "Agent behavior rules and guidelines",
-      "files": 20
+      "files": 21
     },
     {
       "name": "agents",
@@ -18,7 +18,7 @@
       "name": "skills",
       "path": ".claude/skills",
       "description": "Reusable skill modules (includes slash commands)",
-      "files": 74
+      "files": 75
     },
     {
       "name": "guides",