oh-my-customcode 0.90.0 → 0.92.0

package/README.md

@@ -13,7 +13,7 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-48 agents. 105 skills. 22 rules. One command.
+48 agents. 106 skills. 22 rules. One command.
 
 ```bash
 npm install -g oh-my-customcode && cd your-project && omcustom init
@@ -132,7 +132,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 
 ---
 
-### Skills (105)
+### Skills (106)
 
 | Category | Count | Includes |
 |----------|-------|----------|
@@ -222,7 +222,7 @@ Key rules: R010 (orchestrator never writes files), R009 (parallel execution mand
 
 ---
 
-### Guides (36)
+### Guides (37)
 
 Reference documentation covering best practices, architecture decisions, and integration patterns. Located in `guides/` at project root, covering topics from agent design to CI/CD to observability.
 
@@ -272,14 +272,14 @@ your-project/
 ├── CLAUDE.md                   # Entry point
 ├── .claude/
 │   ├── agents/                 # 48 agent definitions
-│   ├── skills/                 # 105 skill modules
+│   ├── skills/                 # 106 skill modules
 │   ├── rules/                  # 22 governance rules (R000-R021)
 │   ├── hooks/                  # 15 lifecycle hook scripts
 │   ├── schemas/                # Tool input validation schemas
 │   ├── specs/                  # Extracted canonical specs
 │   ├── contexts/               # 4 shared context files
 │   └── ontology/               # Knowledge graph for RAG
-└── guides/                     # 36 reference documents
+└── guides/                     # 37 reference documents
 ```
 
 ---

package/dist/cli/index.js

@@ -2334,7 +2334,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.90.0",
+    version: "0.92.0",
     description: "Batteries-included agent harness for Claude Code",
     type: "module",
     bin: {

package/dist/index.js

@@ -2007,7 +2007,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.90.0",
+  version: "0.92.0",
   description: "Batteries-included agent harness for Claude Code",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.90.0",
+  "version": "0.92.0",
   "description": "Batteries-included agent harness for Claude Code",
   "type": "module",
   "bin": {

package/templates/.claude/rules/MUST-agent-design.md

@@ -23,6 +23,7 @@ tools: [Read, Write, ...]  # Allowed tools
 | `sonnet` | claude-sonnet-4-6 | General tasks, code generation (default) |
 | `opus` | claude-opus-4-6 | Complex reasoning, architecture |
 | `opusplan` | claude-opus-4-6 + plan mode | Architecture planning with approval gates |
+| `opus47` | claude-opus-4-7 | Latest Opus model, supports xhigh effort |
 
 Extended context suffix: `[1m]` (e.g., `claude-opus-4-6[1m]`) — enables 1M token context window.
 
@@ -30,7 +31,7 @@ Extended context suffix: `[1m]` (e.g., `claude-opus-4-6[1m]`) — enables 1M tok
 
 ```yaml
 memory: project            # user | project | local
-effort: high               # low | medium | high | default | max
+effort: high               # low | medium | high | xhigh | default | max
 skills: [skill-1, ...]     # Skill name references
 source:                    # For external agents
   type: external
@@ -64,7 +65,7 @@ disableSkillShellExecution: true  # Disable inline shell execution in skills (v2
 
 > **Note**: When `disableSkillShellExecution` is enabled (v2.1.91+), skills that rely on inline shell execution (e.g., `codex-exec`, `gemini-exec`, `rtk-exec`) will have their shell blocks disabled. This is a security hardening option.
 
-> **Note**: `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations` are supported in Claude Code v2.1.63+. Hook types `PostCompact`, `Elicitation`, `ElicitationResult` require v2.1.76+. `CwdChanged`, `FileChanged` hook events and `managed-settings.d/` drop-in directory require v2.1.83+. Conditional `if` field for hooks requires v2.1.85+. `PermissionDenied` hook event requires v2.1.88+. `refreshInterval` setting for status line auto-refresh interval added in v2.1.97+. Monitor tool and subprocess sandboxing (`CLAUDE_CODE_SUBPROCESS_ENV_SCRUB`, `CLAUDE_CODE_SCRIPT_CAPS`) added in v2.1.98+. Settings resilience (unrecognized hook event names no longer cause settings.json to be ignored) improved in v2.1.101+. PreCompact hook block support (exit 2 / `{"decision":"block"}`) added in v2.1.105+. Skill description listing cap raised from 250 to 1,536 characters in v2.1.105+. Plugin `monitors` manifest key for background monitors added in v2.1.105+. `ENABLE_PROMPT_CACHING_1H` and `FORCE_PROMPT_CACHING_5M` env vars for prompt cache TTL control added in v2.1.108+. Skill tool can now discover and invoke built-in slash commands (`/init`, `/review`, `/security-review`) in v2.1.108+. `/recap` session context feature and `/undo` alias for `/rewind` added in v2.1.108+. `/tui` command and `tui` setting for fullscreen rendering added in v2.1.110+. PushNotification tool for mobile push notifications (Remote Control + config required) added in v2.1.110+. `autoScrollEnabled` config for fullscreen mode added in v2.1.110+. SDK/headless `TRACEPARENT`/`TRACESTATE` distributed trace linking added in v2.1.110+. Bash tool maximum timeout enforcement added in v2.1.110+. Write tool IDE diff feedback (informs model when user edits proposed content) added in v2.1.110+. `--resume`/`--continue` now resurrects unexpired scheduled tasks in v2.1.110+. `/focus` command (separated from Ctrl+O) added in v2.1.110+.
+> **Note**: `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations` are supported in Claude Code v2.1.63+. Hook types `PostCompact`, `Elicitation`, `ElicitationResult` require v2.1.76+. `CwdChanged`, `FileChanged` hook events and `managed-settings.d/` drop-in directory require v2.1.83+. Conditional `if` field for hooks requires v2.1.85+. `PermissionDenied` hook event requires v2.1.88+. `refreshInterval` setting for status line auto-refresh interval added in v2.1.97+. Monitor tool and subprocess sandboxing (`CLAUDE_CODE_SUBPROCESS_ENV_SCRUB`, `CLAUDE_CODE_SCRIPT_CAPS`) added in v2.1.98+. Settings resilience (unrecognized hook event names no longer cause settings.json to be ignored) improved in v2.1.101+. PreCompact hook block support (exit 2 / `{"decision":"block"}`) added in v2.1.105+. Skill description listing cap raised from 250 to 1,536 characters in v2.1.105+. Plugin `monitors` manifest key for background monitors added in v2.1.105+. `ENABLE_PROMPT_CACHING_1H` and `FORCE_PROMPT_CACHING_5M` env vars for prompt cache TTL control added in v2.1.108+. Skill tool can now discover and invoke built-in slash commands (`/init`, `/review`, `/security-review`) in v2.1.108+. `/recap` session context feature and `/undo` alias for `/rewind` added in v2.1.108+. `/tui` command and `tui` setting for fullscreen rendering added in v2.1.110+. PushNotification tool for mobile push notifications (Remote Control + config required) added in v2.1.110+. `autoScrollEnabled` config for fullscreen mode added in v2.1.110+. SDK/headless `TRACEPARENT`/`TRACESTATE` distributed trace linking added in v2.1.110+. Bash tool maximum timeout enforcement added in v2.1.110+. Write tool IDE diff feedback (informs model when user edits proposed content) added in v2.1.110+. `--resume`/`--continue` now resurrects unexpired scheduled tasks in v2.1.110+. `/focus` command (separated from Ctrl+O) added in v2.1.110+. `xhigh` effort level for Opus 4.7 (between `high` and `max`; other models fall back to `high`) added in v2.1.111+. `/effort` interactive slider with arrow-key navigation (when called without arguments) added in v2.1.111+. Auto mode no longer requires `--enable-auto-mode` in v2.1.111+. PowerShell tool progressive rollout (`CLAUDE_CODE_USE_POWERSHELL_TOOL` env var) added in v2.1.111+. Read-only bash commands with glob patterns (`ls *.ts`) and `cd <project-dir> &&` prefix no longer trigger permission prompt in v2.1.111+. `/less-permission-prompts` built-in skill for permission allowlist scanning added in v2.1.111+. `/ultrareview` parallel multi-agent cloud code review added in v2.1.111+. `/skills` menu sorting by estimated token count (press `t`) added in v2.1.111+. `OTEL_LOG_RAW_API_BODIES` env var for full API request/response body logging added in v2.1.111+. Plan files named after prompt content (not random words) in v2.1.111+. Plugin error handling improvements (dependency conflict errors, stale version recovery, install recovery) in v2.1.111+.
 
 ## Hook Event Types
 

package/templates/.claude/rules/MUST-permissions.md

@@ -9,7 +9,7 @@
 | 1: Always | Read, Glob, Grep, ToolSearch | Free use, read-only |
 | 2: Default | Write, Edit, NotebookEdit | State changes explicitly, notify before modifying important files |
 | 3: Context | Agent, Skill, EnterPlanMode, ExitPlanMode, EnterWorktree, ExitWorktree, LSP, Monitor, TodoWrite, AskUserQuestion, PushNotification | Context-dependent, no user approval needed |
-| 4: Approval | Bash, WebFetch, WebSearch | Request user approval on first use |
+| 4: Approval | Bash, PowerShell, WebFetch, WebSearch | Request user approval on first use |
 | 5: Conditional | TeamCreate, TeamDelete, SendMessage, TaskCreate, TaskGet, TaskList, TaskUpdate, TaskStop, TaskOutput | Available when Agent Teams enabled |
 | 6: MCP | ListMcpResourcesTool, ReadMcpResourceTool, CronCreate, CronDelete, CronList, RemoteTrigger | MCP/extension tools, available when servers configured |
 

package/templates/.claude/rules/SHOULD-ecomode.md

@@ -103,3 +103,12 @@ The `context-budget-advisor.sh` hook monitors context usage and emits warnings w
 - Does NOT override explicit user settings
 - Advisory only — never blocks operations
 - Context percentage from statusline data when available
+
+## Token Guardian Coexistence (cc-token-saver)
+
+| Component | Trigger | Scope |
+|-----------|---------|-------|
+| `context-budget-advisor.sh` (R013) | Context usage % approaching threshold | In-session budget |
+| Token Guardian (cc-token-saver) | 1h cache TTL idle detection | Cross-session cost |
+
+Both can run simultaneously — different triggers, complementary coverage. R013's context budget is usage-based (approaching limit), Token Guardian is time-based (idle cache expiry).

package/templates/.claude/rules/SHOULD-hud-statusline.md

@@ -41,3 +41,11 @@ RL/WL segments omitted on CC older than v2.1.80.
 ## Integration
 
 Integrates with R007 (Agent ID), R008 (Tool ID), R009 (Parallel).
+
+## External Plugin Statusline Conflict
+
+| Plugin | Component | Resolution |
+|--------|-----------|------------|
+| cc-token-saver | Live Status Line | R012 `.claude/statusline.sh` has priority. Disable cc-token-saver statusline to avoid duplicate status bars. |
+
+Internal statusline (`.claude/statusline.sh`) is the primary status display. External plugin status lines are supplementary or disabled.

package/templates/.claude/skills/action-validator/SKILL.md

@@ -67,6 +67,20 @@ policy_cache:
 
 Policy caching reduces redundant LLM calls for well-understood workflows. Policies are advisory — the orchestrator may override.
 
+## Code Harness Integration (AutoHarness)
+
+When a synthesized harness exists for an agent (`.claude/outputs/harnesses/{agent-name}-*.yaml`), action-validator can use it for enhanced validation:
+
+| Mode | Source | Behavior |
+|------|--------|----------|
+| Advisory (default) | Prompt-based checks | Emit warnings only |
+| Code-verified | harness-synthesizer output | Run harness validation code, emit advisory results |
+| Hard-enforce (opt-in) | harness-synthesizer `--hard-enforce` | Block invalid actions (requires explicit opt-in, see R021) |
+
+To generate a harness for an agent: `/harness-synthesizer --agent {name} --mode verifier`
+
+Code harness validation is additive — it supplements prompt-based checks, not replaces them.
+
 ## Scope
 
 This skill is an advisory layer, not a hard enforcement mechanism:

package/templates/.claude/skills/harness-synthesizer/SKILL.md

@@ -0,0 +1,145 @@
+---
+name: harness-synthesizer
+description: Synthesize code harnesses for agent action validation — AutoHarness-inspired verifier/filter/policy generation
+scope: core
+version: 1.0.0
+user-invocable: true
+argument-hint: "[--mode verifier|filter|policy] [--agent <name>] [--dry-run]"
+effort: high
+---
+
+# Harness Synthesizer Skill
+
+## Purpose
+
+Synthesize executable validation harnesses for agent tool calls, inspired by AutoHarness (Google DeepMind, arxiv 2603.03329). Generates code-level verifiers that check action validity before or after execution, reducing agent errors through structured constraint enforcement.
+
+Default mode is advisory (verifier). Hard enforcement requires explicit `--hard-enforce` opt-in per R021.
+
+## Three Modes
+
+| Mode | Flag | Behavior | Enforcement |
+|------|------|----------|-------------|
+| `verifier` | default | Post-hoc check: validates tool call results after execution | Advisory only |
+| `filter` | `--mode filter` | Pre-execution check: blocks invalid tool calls | Opt-in, requires `--hard-enforce` |
+| `policy` | `--mode policy` | Suggests the best valid action from available options | Advisory only |
+
+### Verifier Mode (Default)
+
+Generates a YAML harness that describes post-execution checks for each tool the agent uses. Checks are emitted as advisory warnings — they do not block execution.
+
+```yaml
+# Example verifier harness output
+harness:
+  agent: lang-golang-expert
+  mode: verifier
+  rules:
+    - tool: Write
+      checks:
+        - field: file_path
+          pattern: ".*\\.go$"
+          on_fail: warn  # advisory
+        - field: content
+          must_not_contain: "TODO:"
+          on_fail: warn
+    - tool: Bash
+      checks:
+        - command_pattern: "^(go build|go test|go fmt|go vet)"
+          on_fail: warn
+```
+
+### Filter Mode (Opt-in)
+
+Generates pre-execution filter rules. Requires `--hard-enforce` flag. Used when advisory warnings are insufficient and the risk of invalid actions is high.
+
+```yaml
+# Example filter harness output (--hard-enforce)
+harness:
+  agent: mgr-gitnerd
+  mode: filter
+  enforcement: hard
+  rules:
+    - tool: Bash
+      blocks:
+        - pattern: "git push --force"
+          reason: "Force push to protected branch"
+        - pattern: "git reset --hard"
+          reason: "Destructive reset without confirmation"
+```
+
+### Policy Mode
+
+Generates a policy function that ranks valid actions and suggests the best one. Useful for agents with multiple valid paths to the same goal.
+
+```yaml
+# Example policy harness output
+harness:
+  agent: qa-engineer
+  mode: policy
+  policies:
+    - scenario: "test file modification"
+      preferred_sequence:
+        - tool: Read
+          reason: "Read before modifying"
+        - tool: Edit
+          reason: "Edit is safer than Write for existing files"
+      avoid:
+        - tool: Write
+          on_existing_file: true
+          reason: "Overwrites without diff"
+```
+
+## Workflow
+
+1. **Read target agent frontmatter** — extract `tools`, `domain`, `limitations` fields
+2. **Analyze recent tool call patterns** — check `.claude/outputs/` for prior session logs (if available)
+3. **Synthesize validation harness** — generate YAML harness matching agent's declared capabilities
+4. **Refine via evaluator-optimizer loop** — iterate harness against edge cases (3 rounds max)
+5. **Save output** — write to `.claude/outputs/harnesses/{agent-name}-{mode}.yaml`
+6. **Report** — print harness summary and integration instructions
+
+## Integration
+
+| System | How |
+|--------|-----|
+| `action-validator` | Harness output feeds into action-validator's code-verified mode |
+| `adaptive-harness --learn` | Auto-triggers harness-synthesizer for project-specific patterns |
+| `evaluator-optimizer` | Provides iterative refinement loop (gradient-free optimization) |
+| `pipeline-guards` | Harness checks usable as pipeline quality gates |
+
+## Usage Examples
+
+```bash
+# Generate advisory verifier for lang-golang-expert
+/harness-synthesizer --agent lang-golang-expert --mode verifier
+
+# Dry-run: preview harness without saving
+/harness-synthesizer --agent mgr-gitnerd --mode filter --dry-run
+
+# Generate hard-enforce filter (explicit opt-in)
+/harness-synthesizer --agent mgr-gitnerd --mode filter --hard-enforce
+
+# Generate policy harness
+/harness-synthesizer --agent qa-engineer --mode policy
+```
+
+## R021 Compliance
+
+- Default `verifier` mode: advisory only — never blocks tool execution
+- `filter` mode without `--hard-enforce`: advisory only — emits warnings
+- `filter --hard-enforce`: opt-in hard enforcement — requires explicit user flag
+- All harness output is saved to `.claude/outputs/harnesses/` (git-untracked)
+
+## Output Format
+
+Harnesses are saved as YAML at `.claude/outputs/harnesses/{agent-name}-{mode}.yaml`. Each harness includes:
+
+```yaml
+harness:
+  agent: {agent-name}
+  mode: verifier | filter | policy
+  version: 1.0.0
+  generated: {ISO-8601 timestamp}
+  enforcement: advisory | hard  # hard only with --hard-enforce
+  rules: [...]
+```

package/templates/CLAUDE.md

@@ -135,6 +135,7 @@ oh-my-customcode로 구동됩니다.
 | `/skill-extractor` | 세션 성공 패턴에서 스킬 후보 추출 |
 | `/deep-plan` | 연구 검증 기반 계획 수립 (research → plan → verify) |
 | `/deep-verify` | 다중 관점 릴리즈 품질 검증 |
+| `/harness-synthesizer` | 에이전트 액션 검증용 코드 하네스 합성 (AutoHarness 기반) |
 | `/professor-triage` | 이슈 교차 분석 트리아지 (omc_issue_analyzer 댓글 기반) |
 | `/release-plan` | verify-done 이슈 릴리즈 유닛 계획 생성 |
 | `/pipeline` | YAML 파이프라인 실행 (예: /pipeline auto-dev) |
@@ -157,11 +158,11 @@ project/
 +-- CLAUDE.md                    # 진입점
 +-- .claude/
 |   +-- agents/                  # 서브에이전트 정의 (48 파일)
-|   +-- skills/                  # 스킬 (105 디렉토리)
+|   +-- skills/                  # 스킬 (106 디렉토리)
 |   +-- rules/                   # 전역 규칙 (R000-R022)
 |   +-- hooks/                   # 훅 스크립트 (보안, 검증, HUD)
 |   +-- contexts/                # 컨텍스트 파일 (ecomode)
-+-- guides/                      # 레퍼런스 문서 (36 토픽)
++-- guides/                      # 레퍼런스 문서 (37 토픽)
 ```
 
 ## 오케스트레이션
@@ -273,6 +274,12 @@ Claude Code의 Agent Teams 기능이 활성화되어 있으면 (`CLAUDE_CODE_EXP
 | obsidian-skills | - | 옵시디언 마크다운 지원 |
 | context7 | claude-plugins-official | 라이브러리 문서 조회 |
 
+### 권장 플러그인
+
+| 플러그인 | 소스 | 용도 |
+|----------|------|------|
+| cc-token-saver | ww-w-ai/cc-token-saver | 토큰/비용 최적화 (Token Guardian, /continue, /usage-view) |
+
 ### 권장 MCP 서버
 
 | 서버 | 용도 |

package/templates/guides/cc-token-saver/README.md

@@ -0,0 +1,97 @@
+# cc-token-saver Integration Guide
+
+> **Source**: https://github.com/ww-w-ai/cc-token-saver (Apache-2.0)
+> **Strategy**: External plugin — keep as plugin, no internalization
+
+## Installation
+
+```bash
+claude plugin marketplace add ww-w-ai/cc-token-saver
+claude plugin install cc-token-saver
+```
+
+## Feature Overview
+
+| Feature | Description |
+|---------|-------------|
+| Token Guardian | Detects 1h prompt cache TTL idle expiry and warns before cache invalidates |
+| Smart Session Architecture | Auto-injects SubTask delegation patterns into context |
+| `/continue` | Zero-cost context restore after session pause |
+| Live Status Line | Real-time token/cost status bar |
+| `/usage-view` | Cost dashboard showing per-session and cumulative spend |
+| `/report-limit` | Community-sourced rate limit reporting |
+
+## Conflict Resolution with oh-my-customcode
+
+### Live Status Line (R012 Priority)
+
+oh-my-customcode runs its own statusline via `.claude/statusline.sh` (R012). Two simultaneous status bars create visual clutter.
+
+**Resolution**: R012 statusline has priority. Disable cc-token-saver's Live Status Line:
+
+```bash
+# In cc-token-saver config (if supported), or ignore its statusline output
+# oh-my-customcode statusline is configured in .claude/settings.local.json
+```
+
+The R012 statusline already covers: Cost, Rate Limit %, Weekly Limit %, Context %. cc-token-saver's Live Status Line is redundant when R012 is active.
+
+### SubTask Delegation (R009/R010/R018 Priority)
+
+cc-token-saver's Smart Session Architecture auto-injects SubTask delegation patterns. oh-my-customcode has its own delegation rules (R010) and parallel execution rules (R009/R018).
+
+**Resolution**: Internal rules always take precedence (R010 External Skills vs Internal Rules).
+
+| cc-token-saver suggests | oh-my-customcode rule |
+|-------------------------|----------------------|
+| Use SubTask for delegation | Agent tool via routing skills (R010) |
+| Sequential delegation pattern | Parallel when independent (R009) |
+| Generic subtask agent | Specialized agent by domain (R010) |
+
+Ignore cc-token-saver's SubTask suggestions when they conflict with R009/R010/R018.
+
+### Token Guardian ↔ R013 context-budget-advisor.sh (Coexistence)
+
+These two components solve different problems and can run simultaneously:
+
+| Component | Trigger | Scope |
+|-----------|---------|-------|
+| `context-budget-advisor.sh` (R013) | Context usage % approaching threshold | In-session budget management |
+| Token Guardian (cc-token-saver) | 1h cache TTL idle detection | Cross-session cache cost |
+
+**No conflict** — Token Guardian fires on idle time, R013 fires on context percentage. Both warnings are useful.
+
+## Usage Scenarios
+
+### `/continue` — Zero-cost context restore
+
+Use after interrupting and resuming a session. Restores context without re-spending tokens.
+
+```
+/continue
+```
+
+Best for: returning to a paused task, recovering from accidental session close.
+
+### `/usage-view` — Cost dashboard
+
+```
+/usage-view
+```
+
+Shows per-session and cumulative cost. Useful for budget tracking across long sessions.
+
+### `/report-limit` — Community rate limit data
+
+```
+/report-limit
+```
+
+Reports your current rate limit hit to the community pool and shows aggregate rate limit data from other users. Helps gauge when limits reset.
+
+## Integration Notes
+
+- R013 ecomode and Token Guardian are complementary, not competing
+- R012 statusline supersedes cc-token-saver's Live Status Line
+- R009/R010/R018 delegation rules override cc-token-saver's SubTask patterns
+- `/continue`, `/usage-view`, `/report-limit` have no conflicts with internal rules — use freely

package/templates/manifest.json

@@ -1,6 +1,6 @@
 {
-  "version": "0.90.0",
-  "lastUpdated": "2026-04-16T00:00:00.000Z",
+  "version": "0.92.0",
+  "lastUpdated": "2026-04-18T00:00:00.000Z",
   "components": [
     {
       "name": "rules",
@@ -18,13 +18,13 @@
       "name": "skills",
       "path": ".claude/skills",
       "description": "Reusable skill modules (includes slash commands)",
-      "files": 105
+      "files": 106
     },
     {
       "name": "guides",
       "path": "guides",
       "description": "Reference documentation",
-      "files": 36
+      "files": 37
     },
     {
       "name": "hooks",