oh-my-customcode 0.60.0 → 0.61.0

package/README.md

@@ -13,7 +13,7 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-46 agents. 95 skills. 21 rules. One command.
+46 agents. 97 skills. 21 rules. One command.
 
 ```bash
 npm install -g oh-my-customcode && cd your-project && omcustom init
@@ -146,7 +146,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 
 ---
 
-### Skills (95)
+### Skills (97)
 
 | Category | Count | Includes |
 |----------|-------|----------|
@@ -282,7 +282,7 @@ your-project/
 ├── CLAUDE.md                   # Entry point
 ├── .claude/
 │   ├── agents/                 # 46 agent definitions
-│   ├── skills/                 # 95 skill modules
+│   ├── skills/                 # 97 skill modules
 │   ├── rules/                  # 21 governance rules (R000-R021)
 │   ├── hooks/                  # 15 lifecycle hook scripts
 │   ├── schemas/                # Tool input validation schemas

package/dist/cli/index.js

@@ -9325,7 +9325,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.60.0",
+    version: "0.61.0",
     description: "Batteries-included agent harness for Claude Code",
     type: "module",
     bin: {
@@ -24805,7 +24805,8 @@ var en_default = {
       interactiveSelect: "Select projects to update:",
       interactiveNoneSelected: "No projects selected. Exiting.",
       interactiveUpdating: "Updating selected projects...",
-      projectLatestSuffix: "(latest)"
+      projectLatestSuffix: "(latest)",
+      newVersionAvailable: "[Info] oh-my-customcode v{{latest}} available (current: v{{current}}). Run 'npm i -g oh-my-customcode' to upgrade."
     },
     list: {
       description: "List installed components",
@@ -25189,7 +25190,8 @@ var ko_default = {
       interactiveSelect: "업데이트할 프로젝트 선택:",
       interactiveNoneSelected: "선택된 프로젝트가 없습니다. 종료합니다.",
       interactiveUpdating: "선택된 프로젝트 업데이트 중...",
-      projectLatestSuffix: "(최신)"
+      projectLatestSuffix: "(최신)",
+      newVersionAvailable: "[정보] oh-my-customcode v{{latest}} 사용 가능 (현재: v{{current}}). 'npm i -g oh-my-customcode'를 실행하여 업그레이드하세요."
     },
     list: {
       description: "설치된 컴포넌트 목록 표시",
@@ -30519,7 +30521,19 @@ async function loadCustomizationManifest(targetDir) {
 }
 
 // src/cli/update.ts
-async function updateCommand(options = {}) {
+async function checkCliVersion(checkFn) {
+  try {
+    const result = checkFn({ currentVersion: package_default.version });
+    if (result.updateAvailable && result.latestVersion) {
+      console.log(i18n.t("cli.update.newVersionAvailable", {
+        latest: result.latestVersion,
+        current: package_default.version
+      }));
+    }
+  } catch {}
+}
+async function updateCommand(options = {}, cliVersionCheck = checkSelfUpdate) {
+  await checkCliVersion(cliVersionCheck);
   try {
     if (options.all) {
       await updateAllProjects(options);
@@ -30556,7 +30570,6 @@ async function updateSingleProject(targetDir, options) {
   printUpdateResults(result);
   if (!result.success) {
     process.exit(1);
-    return false;
   }
   return true;
 }

package/dist/index.js

@@ -1672,7 +1672,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.60.0",
+  version: "0.61.0",
   description: "Batteries-included agent harness for Claude Code",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.60.0",
+  "version": "0.61.0",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/rules/MUST-agent-design.md

@@ -52,6 +52,23 @@ domain: backend              # backend | frontend | data-engineering | devops |
 
 > **Note**: `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations` are supported in Claude Code v2.1.63+. Hook types `PostCompact`, `Elicitation`, `ElicitationResult` require v2.1.76+. `CwdChanged`, `FileChanged` hook events and `managed-settings.d/` drop-in directory require v2.1.83+. Conditional `if` field for hooks requires v2.1.85+.
 
+## Permission Mode Guidance
+
+When spawning agents via the Agent tool, CC applies a default `mode` of `acceptEdits` if not explicitly specified. To maintain consistent permission behavior:
+
+1. **Agent frontmatter `permissionMode`**: Declares the agent's intended permission level. CC respects this when the agent is spawned via Agent tool.
+2. **Agent tool `mode` parameter**: Overrides frontmatter at spawn time. Routing skills should pass this explicitly.
+3. **Recommendation**: For agents that modify files, set `permissionMode: bypassPermissions` in frontmatter if the project uses `bypassPermissions` mode.
+
+| Mode | Behavior |
+|------|----------|
+| `default` | CC decides per-tool prompting |
+| `acceptEdits` | Auto-accept file edits, prompt for others |
+| `bypassPermissions` | Skip all permission prompts |
+| `plan` | Require plan approval |
+| `dontAsk` | Non-interactive, deny unapproved |
+| `auto` | AI decides safety |
+
 <!-- DETAIL: Isolation/Token/Limitations/Escalation details
 ### Isolation Modes
 

package/templates/.claude/rules/MUST-agent-teams.md

@@ -25,6 +25,15 @@ Available when `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1` or TeamCreate/SendMessag
 
 **When Agent Teams is enabled and criteria are met, usage is required.**
 
+### Scope: Intra-Session vs Cross-Session
+
+| Scope | Tool | Protocol | Use Case |
+|-------|------|----------|----------|
+| Intra-session | `SendMessage` (Agent Teams) | Peer-to-peer within team | Multi-agent collaboration in one session |
+| Cross-session | `send_message` (claude-peers-mcp) | Broker-mediated | Multi-terminal/project coordination |
+
+These are distinct mechanisms. Agent Teams `SendMessage` requires `TeamCreate` and operates within a single Claude Code session. claude-peers-mcp `send_message` operates across separate Claude Code processes via a localhost broker.
+
 ## Self-Check (Before Agent Tool)
 
 Before using Agent tool for 2+ agent tasks, complete this check:

package/templates/.claude/skills/action-validator/SKILL.md

@@ -0,0 +1,75 @@
+---
+name: action-validator
+description: Pre-action boundary checking — validates agent tool calls against declared capabilities and task contracts
+scope: core
+user-invocable: false
+---
+
+# Action Validator Skill
+
+## Purpose
+
+Advisory pre-action validation layer that checks agent tool calls against declared capabilities, file access scope (R002), and task contracts before execution. Inspired by AutoHarness (Google DeepMind) — enforcing action-space legality at agent boundaries.
+
+This skill does NOT block actions (R021 advisory-first model). It emits warnings when agents attempt operations outside their declared scope.
+
+## Validation Checks
+
+| Check | What | Against |
+|-------|------|---------|
+| Tool scope | Tool being called | Agent's `tools` frontmatter list |
+| File scope | File path in Write/Edit | R002 file access rules |
+| Domain scope | Target file extension | Agent's `domain` frontmatter |
+| Task contract | Operation type | Task description constraints |
+
+## Advisory Format
+
+```
+--- [Action Validator] Scope warning ---
+  Agent: {agent-name}
+  Tool: {tool-name}
+  Target: {file-path}
+  Issue: {description}
+  Declared scope: {agent's declared tools/domain}
+  💡 Suggestion: {recommended action}
+---
+```
+
+## Integration Points
+
+| System | How |
+|--------|-----|
+| PreToolUse hooks | Optional hook to check tool calls (advisory only) |
+| pipeline-guards | Complements pipeline stage gates |
+| adversarial-review | Provides action-space-legality criterion |
+| R002 (Permissions) | Validates against declared file access rules |
+| R010 (Orchestrator) | Orchestrator validates subagent scope claims |
+
+## Policy Cache Pattern
+
+For high-repetition agents (e.g., mgr-gitnerd commit workflows), capture validated decision paths as reusable policies:
+
+```yaml
+policy_cache:
+  agent: mgr-gitnerd
+  action: git-commit
+  validated_steps:
+    - tool: Bash
+      pattern: "git add *"
+      verdict: allow
+    - tool: Bash
+      pattern: "git commit *"
+      verdict: allow
+    - tool: Bash
+      pattern: "git push *"
+      verdict: warn_confirm
+```
+
+Policy caching reduces redundant LLM calls for well-understood workflows. Policies are advisory — the orchestrator may override.
+
+## Scope
+
+This skill is an advisory layer, not a hard enforcement mechanism:
+- **Does**: Emit warnings, log scope violations, suggest corrections
+- **Does NOT**: Block tool execution, modify agent behavior, override R021
+- **Future**: May integrate with PreToolUse hooks for automated checking (see R021 promotion criteria)

package/templates/.claude/skills/adversarial-review/SKILL.md

@@ -70,3 +70,11 @@ Fix: Recommended remediation
 - Complements `dev-review` (best practices) with attacker perspective
 - Works with `sec-codeql-expert` for pattern-based + logic-based coverage
 - Can be chained: `dev-review` → `adversarial-review` for complete coverage
+- Works with `action-validator` for action-space legality checking
+
+### Action-Space Legality (AutoHarness Pattern)
+
+- [ ] Do agents only call tools within their declared `tools` frontmatter?
+- [ ] Do file operations stay within R002-declared access scope?
+- [ ] Are domain boundaries respected (backend agent not editing frontend files)?
+- [ ] Could an agent's task contract be tightened without losing functionality?

package/templates/.claude/skills/de-lead-routing/SKILL.md

@@ -77,6 +77,8 @@ For **new pipeline code**, **DAG scaffolding**, or **SQL model generation**:
 ### Step 3: Expert Selection
 Route to appropriate DE expert based on tool/framework detection.
 
+> **Permission Mode**: When spawning agents, pass `mode: "bypassPermissions"` in the Agent tool call if the session uses bypassPermissions. Without explicit mode, CC defaults to `acceptEdits`.
+
 ### Step 4: Ontology-RAG Enrichment (R019)
 
 If `get_agent_for_task` MCP tool is available, call it with the original query and inject `suggested_skills` into the agent prompt. Skip silently on failure.

package/templates/.claude/skills/dev-lead-routing/SKILL.md

@@ -13,7 +13,7 @@ context: fork
 | Type | Agents |
 |------|--------|
 | Language | lang-golang-expert, lang-python-expert, lang-rust-expert, lang-kotlin-expert, lang-typescript-expert, lang-java21-expert |
-| Frontend | fe-vercel-agent, fe-vuejs-agent, fe-svelte-agent, fe-flutter-agent |
+| Frontend | fe-vercel-agent, fe-vuejs-agent, fe-svelte-agent, fe-flutter-agent, fe-design-expert |
 | Backend | be-fastapi-expert, be-springboot-expert, be-go-backend-expert, be-nestjs-expert, be-express-expert, be-django-expert |
 | Tooling | tool-npm-expert, tool-optimizer, tool-bun-expert |
 | Database | db-supabase-expert, db-postgres-expert, db-redis-expert |
@@ -55,6 +55,7 @@ context: fork
 | vue | fe-vuejs-agent |
 | svelte | fe-svelte-agent |
 | flutter, dart, riverpod, bloc, widget | fe-flutter-agent |
+| design, typography, color, motion, ux writing, ui design, "design system", "design review", impeccable | fe-design-expert |
 | fastapi | be-fastapi-expert |
 | django | be-django-expert |
 | spring, springboot | be-springboot-expert |
@@ -111,6 +112,8 @@ For **new file creation**, **boilerplate**, or **test code generation**:
 ### Step 3: Expert Agent Selection
 Route to appropriate language/framework expert based on file extension and keyword mapping.
 
+> **Permission Mode**: When spawning agents, pass `mode: "bypassPermissions"` in the Agent tool call if the session uses bypassPermissions. Without explicit mode, CC defaults to `acceptEdits`.
+
 ### Step 4: Ontology-RAG Enrichment (R019)
 
 If `get_agent_for_task` MCP tool is available, call it with the original query and inject `suggested_skills` into the agent prompt. Skip silently on failure.

package/templates/.claude/skills/monitoring-setup/SKILL.md

@@ -114,3 +114,32 @@ OTEL_LOGS_EXPORTER=otlp
 OTEL_EXPORTER_OTLP_PROTOCOL=grpc
 OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317
 ```
+
+## HTTP-Level Inspection (Optional)
+
+For deeper payload-level debugging beyond aggregated metrics, [Claude Inspector](https://github.com/kangraemin/claude-inspector) provides MITM proxy inspection of Claude Code HTTP traffic.
+
+| Aspect | OTel Monitoring (this skill) | Claude Inspector |
+|--------|------------------------------|-----------------|
+| Layer | Application (hooks, stdout) | HTTP (MITM proxy) |
+| Metrics | Aggregated (cost, tokens, duration) | Per-request payload breakdown |
+| Cache visibility | Not available | Prompt Cache hit/miss rates |
+| Sub-agent view | Summary via hooks | Full parent vs sub-agent context comparison |
+| Setup | Built-in (hooks + statusline) | External tool (Homebrew on macOS) |
+
+### When to Use
+
+- **OTel monitoring**: Daily operations, cost tracking, performance trends
+- **Claude Inspector**: Debugging specific payload issues, measuring CLAUDE.md token impact, verifying ecomode (R013) effectiveness, profiling sub-agent context inheritance
+
+### Setup
+
+```bash
+# macOS
+brew install kangraemin/tap/claude-inspector
+
+# Run proxy
+claude-inspector
+```
+
+Claude Inspector is external to oh-my-customcode and does not require any project configuration changes.

package/templates/.claude/skills/peer-messaging/SKILL.md

@@ -0,0 +1,59 @@
+---
+name: peer-messaging
+description: Cross-session Claude Code instance messaging via claude-peers-mcp broker
+scope: core
+user-invocable: false
+---
+
+# Peer Messaging Skill
+
+## Purpose
+
+Enables cross-session coordination between multiple Claude Code instances through the claude-peers-mcp broker. Complements Agent Teams (R018, intra-session) with inter-session messaging.
+
+## Scope Clarification
+
+| Scope | Mechanism | Tools | Use Case |
+|-------|-----------|-------|----------|
+| Intra-session agents | Agent Teams (R018) | TeamCreate, SendMessage | Single session multi-agent collaboration |
+| Cross-session instances | claude-peers-mcp | list_peers, send_message | Multi-terminal/project real-time coordination |
+| Cross-session memory | claude-mem | save_memory, search | Async memory persistence |
+
+> **Important**: R018's `SendMessage` and claude-peers-mcp's `send_message` are different tools with different scopes. Do not confuse them.
+
+## MCP Tool Mapping
+
+| Tool | Purpose | oh-my-customcode Scenario |
+|------|---------|---------------------------|
+| `list_peers` | Discover active Claude instances | `omcustom:status` system overview |
+| `send_message` | Send message to peer | Cross-project workflow coordination |
+| `set_summary` | Broadcast current task summary | DAG cross-project step sync |
+| `check_messages` | Read incoming messages | Receive coordination signals |
+
+## Use Cases
+
+### Multi-Project Workflow
+Terminal A runs `auto-dev` on project-1; Terminal B works on dependent project-2. Peers coordinate via messages when blocking dependencies are resolved.
+
+### Cross-Project QA
+Share test infrastructure state between projects running concurrent test suites.
+
+### DAG Bridge
+`dag-orchestration` cross-project steps can use peer messaging for synchronization (currently impossible without this tool).
+
+## Setup
+
+```bash
+# Install broker (optional MCP server)
+npm install -g claude-peers-mcp
+
+# Add to MCP config
+claude mcp add claude-peers-mcp -- npx claude-peers-mcp
+```
+
+## Integration
+
+- Works with R018 Agent Teams (different scope, complementary)
+- Works with claude-mem (async vs sync messaging)
+- Works with `omcustom:status` (peer discovery)
+- Broker runs on localhost:7899 (SQLite-backed)

package/templates/.claude/skills/qa-lead-routing/SKILL.md

@@ -45,6 +45,8 @@ quality_analysis   → qa-planner + qa-engineer (parallel)
 full_qa_cycle      → all agents (sequential)
 ```
 
+> **Permission Mode**: When spawning agents, pass `mode: "bypassPermissions"` in the Agent tool call if the session uses bypassPermissions. Without explicit mode, CC defaults to `acceptEdits`.
+
 ### Ontology-RAG Enrichment (R019)
 
 If `get_agent_for_task` MCP tool is available, call it with the original query and inject `suggested_skills` into the agent prompt. Skip silently on failure.

package/templates/.claude/skills/secretary-routing/SKILL.md

@@ -80,6 +80,8 @@ If the selected agent has `soul: true` in frontmatter, read and prepend `.claude
 5. Report result to user
 ```
 
+> **Permission Mode**: When spawning agents, pass `mode: "bypassPermissions"` in the Agent tool call if the session uses bypassPermissions. Without explicit mode, CC defaults to `acceptEdits`.
+
 ### 2. Batch/Parallel Task Routing
 
 When command requires multiple independent operations:

package/templates/CLAUDE.md

@@ -138,7 +138,7 @@ project/
 +-- CLAUDE.md                    # 진입점
 +-- .claude/
 |   +-- agents/                  # 서브에이전트 정의 (46 파일)
-|   +-- skills/                  # 스킬 (95 디렉토리)
+|   +-- skills/                  # 스킬 (97 디렉토리)
 |   +-- rules/                   # 전역 규칙 (R000-R021)
 |   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
 |   +-- contexts/                # 컨텍스트 파일 (ecomode)

package/templates/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.60.0",
+  "version": "0.61.0",
   "lastUpdated": "2026-03-24T00:00:00.000Z",
   "components": [
     {
@@ -18,7 +18,7 @@
       "name": "skills",
       "path": ".claude/skills",
       "description": "Reusable skill modules (includes slash commands)",
-      "files": 95
+      "files": 97
     },
     {
       "name": "guides",