oh-my-customcode 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js CHANGED
@@ -241,7 +241,7 @@ var init_package = __esm(() => {
241
241
  workspaces: [
242
242
  "packages/*"
243
243
  ],
244
- version: "1.0.5",
244
+ version: "1.0.7",
245
245
  description: "Batteries-included agent harness for Claude Code",
246
246
  type: "module",
247
247
  bin: {
package/dist/index.js CHANGED
@@ -2031,7 +2031,7 @@ var package_default = {
2031
2031
  workspaces: [
2032
2032
  "packages/*"
2033
2033
  ],
2034
- version: "1.0.5",
2034
+ version: "1.0.7",
2035
2035
  description: "Batteries-included agent harness for Claude Code",
2036
2036
  type: "module",
2037
2037
  bin: {
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "workspaces": [
4
4
  "packages/*"
5
5
  ],
6
- "version": "1.0.5",
6
+ "version": "1.0.7",
7
7
  "description": "Batteries-included agent harness for Claude Code",
8
8
  "type": "module",
9
9
  "bin": {
@@ -40,10 +40,64 @@ Skills are located at: `.claude/skills/aws-best-practices/`
40
40
 
41
41
  Guides are located at: `guides/aws/`
42
42
 
43
+ ## AWS MCP Server Integration (opt-in)
44
+
45
+ The AWS MCP Server (GA) is a remote MCP server managed by AWS that provides live documentation lookup and real AWS API execution. It complements this agent's offline design/IaC role by filling two gaps: knowledge-cutoff staleness and lack of direct execution.
46
+
47
+ ### Available Tools (when aws-mcp is configured)
48
+
49
+ | Tool | Purpose | Privilege level |
50
+ |------|---------|----------------|
51
+ | `search_documentation` | Full-text search across latest AWS docs and best practices | Read-only, safe |
52
+ | `read_documentation` | Fetch a specific AWS documentation page | Read-only, safe |
53
+ | `call_aws` | Execute 15,000+ AWS API operations using existing IAM credentials | **HIGH — can create/modify/delete resources** |
54
+ | `run_script` | Run sandboxed Python with IAM permissions (no network/filesystem access) | Sandboxed, IAM-scoped |
55
+
56
+ ### Usage Guidelines
57
+
58
+ When aws-mcp is available, prioritize live documentation over static knowledge:
59
+
60
+ 1. Use `search_documentation` / `read_documentation` first to verify current AWS API syntax, service limits, and best practices before designing or reviewing architecture.
61
+ 2. Use `call_aws` only when the user explicitly requests real AWS operations (describe, create, modify, delete). Default to IaC code generation (CloudFormation/CDK/Terraform) for infrastructure changes.
62
+ 3. Use `run_script` for AWS data analysis or resource audits that benefit from programmatic processing.
63
+
64
+ ### R010/R001 Privileged-Scope Boundary (IMPORTANT)
65
+
66
+ `call_aws` can create, modify, and delete real AWS resources — it is a high-privilege execution tool.
67
+
68
+ **Required boundary for any `call_aws` operation:**
69
+
70
+ - (a) Orchestrator MUST NOT call `call_aws` directly — delegate ALL AWS API execution to this infra-aws-expert agent (R010).
71
+ - (b) The delegation prompt MUST explicitly state: approved actions, forbidden actions (e.g., "do NOT delete resources", "do NOT modify production"), and the authorization scope tied to the user request (R010 Pre-Delegation Privileged-Scope Boundary).
72
+ - (c) Prefer IAM-scoped read-only access (Describe*/List* operations) by default. Write/delete operations require explicit user approval per invocation.
73
+ - (d) NEVER echo IAM credentials, access keys, or secret values into the transcript or output (R001). Reference by name only.
74
+ - (e) Prefer read-only verification (`describe-*`, `list-*`) before any write operation to confirm target state.
75
+
76
+ ### Activation (opt-in, user-manual)
77
+
78
+ R001 prohibits auto-installation. The user must install manually:
79
+
80
+ ```bash
81
+ claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
82
+ ```
83
+
84
+ `mcp-proxy-for-aws` bridges IAM credentials to MCP OAuth. Regional availability: US East (us-east-1), Europe (eu-central-1). AWS API calls are possible in all regions.
85
+
86
+ Once installed, add `aws-mcp` to the agent's `mcpServers` in `.mcp.json` or the agent frontmatter to activate. Without installation, this agent falls back to the offline `aws-best-practices` skill and `guides/aws/` documents.
87
+
88
+ ### Security Features
89
+
90
+ - IAM context key-based granular access control
91
+ - CloudWatch `AWS-MCP` namespace separates agent calls from human calls
92
+ - CloudTrail audit trail for all `call_aws` operations
93
+ - Sandboxed script execution (no network or filesystem access)
94
+
43
95
  ## Workflow
44
96
 
45
97
  1. Understand requirements
46
- 2. Apply aws-best-practices skill
47
- 3. Reference aws guide for specifics
48
- 4. Design/review architecture
49
- 5. Ensure security, scalability, cost optimization
98
+ 2. If aws-mcp is available, use `search_documentation` to verify current AWS documentation for the relevant service
99
+ 3. Apply aws-best-practices skill for offline patterns and Well-Architected guidance
100
+ 4. Reference aws guide for specifics
101
+ 5. Design/review architecture prefer IaC code generation over live `call_aws` unless user explicitly requests real execution
102
+ 6. If real AWS operations are needed, confirm scope with user, then use `call_aws` within approved boundary
103
+ 7. Ensure security, scalability, cost optimization
@@ -48,6 +48,8 @@ This is a settings-level resilience mechanism, distinct from the per-agent `mode
48
48
 
49
49
  > **v2.1.172+**: `availableModels` restrictions now apply to subagent `model:` overrides, the agent dispatch model picker, and the advisor model. `availableModels` allowlists using version-specific IDs (e.g. `claude-opus-4-8`) no longer hide the Opus/Sonnet 1M picker rows, and model IDs no longer receive a doubled 1M suffix (`[1M][1m]`) when `ANTHROPIC_DEFAULT_OPUS_MODEL` already includes one. Relevant when restricting per-agent model overrides via `availableModels`.
50
50
 
51
+ > **v2.1.175+**: The `enforceAvailableModels` managed setting — when enabled, the `availableModels` allowlist also constrains the **Default** model: a Default that would resolve to a disallowed model now falls back to the first allowed model, and user or project settings can no longer widen a managed `availableModels` list. Extends the v2.1.172 `availableModels` scope (subagent `model:` overrides, dispatch picker, advisor model) to the Default model itself. Relevant when an enterprise/managed config pins the allowed model set — per-agent `model:` overrides AND the resolved Default both honor it.
52
+
51
53
  ### Optional Frontmatter
52
54
 
53
55
  Key optional fields: `memory`, `effort`, `skills`, `soul`, `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations`, `domain`, `disableSkillShellExecution`. Supported since CC v2.1.63+. See full optional frontmatter via Read tool.
@@ -317,6 +317,8 @@ Before spawning any agent:
317
317
 
318
318
  > **v2.1.172+**: Fixed background agents potentially reading another directory's project settings (`.mcp.json` approvals, trust) when dispatched onto a pre-warmed worker. Strengthens background-agent isolation — a `/bg`-dispatched agent now reads the correct project's settings.
319
319
 
320
+ > **v2.1.174+**: Fixed background sessions inheriting another session's `ANTHROPIC_*` provider env (gateway URL, custom headers, `/model` aliases) from the shell that started the background daemon. Further strengthens background-agent isolation (cf. v2.1.172 project-settings isolation): a `/bg`-dispatched agent no longer picks up a foreign session's provider configuration. Also fixed pre-warmed background workers failing with "Could not resolve authentication method" when claimed after sitting idle. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
321
+
320
322
  ## Agent Capability Pre-Check
321
323
 
322
324
  Before delegating a task to a subagent, MUST verify the target agent's tool capabilities against the task requirements. Failure to pre-check causes round-trip waste (delegation → failure → re-delegation).
@@ -92,6 +92,8 @@ matches the spawn announcement:
92
92
  [2] lang-python-expert:sonnet → Python code review
93
93
  ```
94
94
 
95
+ > **v2.1.174+**: Fixed the Workflow tool's `agent()` subagents missing per-agent attribution headers. Workflow-spawned subagents now carry attribution consistent with R008 — when authoring Workflow scripts, each `agent()` call is attributed like a direct Agent tool spawn. Align Workflow orchestration with the R008 `[agent][model] → Tool:` identification discipline: a Workflow `agent()` fan-out should still be reasoned about with the same per-agent identification model as parallel Agent tool spawns.
96
+
95
97
  ## Tier-3 Interaction Tool Prefix (MANDATORY)
96
98
 
97
99
  R008 "every tool call" applies to Tier-3 interaction tools too — NOT only file/exec tools. Applying the `[agent][model] → Tool:` prefix to Agent/Bash/Read while omitting it on `AskUserQuestion`, `TodoWrite`, `EnterPlanMode`, etc. is a violation.
@@ -21,6 +21,10 @@ Format: `─── [Spawn] {subagent_type}:{model} | {description} ───`
21
21
 
22
22
  > **v2.1.161+**: `OTEL_RESOURCE_ATTRIBUTES` values are now emitted as labels on metric datapoints — usage metrics can be sliced by custom dimensions (e.g., team, repo). Extends R012 observability from per-tool parameters (v2.1.157) to per-dimension metric slicing; configure via the `monitoring-setup` skill's `OTEL_RESOURCE_ATTRIBUTES` env. Separately, `claude agents` rows now show `done/total` progress before the detail when work is fanned out, and peek surfaces the longest-running item — complements the HUD parallel-spawn display and R009 `[N]` correlation.
23
23
 
24
+ > **v2.1.174+**: The `/usage` (Account & usage) dialog now shows usage attribution — cache misses, long context, subagents, and per-skill/agent/plugin/MCP breakdowns over the last 24h or 7d (surfaced in the VSCode integration). Extends R012 observability from OTEL metric slicing (v2.1.161) to an interactive in-client attribution view — complements the `monitoring-setup` skill by giving per-skill/agent/plugin/MCP cost visibility without standing up an OTEL backend.
25
+
26
+ > **v2.1.176+**: Added the `footerLinksRegexes` setting — regex-matched link badges rendered in the footer row, configurable via user or managed settings. Relevant to R012 statusline composition: the footer can now surface contextual link badges alongside the `.claude/statusline.sh` segments. Also in v2.1.176, session titles are generated in the conversation's language (pin via the `language` setting).
27
+
24
28
  > **v2.1.172+**: Added a `model` attribute to the `claude_code.lines_of_code.count` OTEL metric — lines-of-code telemetry can now be sliced by model. Extends the per-dimension metric slicing (v2.1.161) in the `monitoring-setup` skill.
25
29
 
26
30
  <!-- DETAIL: HUD Events full spec
@@ -9,6 +9,8 @@ user-invocable: false
9
9
 
10
10
  Apply AWS patterns for building scalable, secure, and cost-effective cloud infrastructure.
11
11
 
12
+ > **Offline core vs. live documentation**: This skill provides static Well-Architected patterns that work without credentials or network access — the always-available baseline. For real-time AWS documentation, current API syntax, and up-to-date best practices (resolving knowledge-cutoff gaps), use the AWS MCP Server's `search_documentation` / `read_documentation` tools when installed. The two sources are complementary: static patterns for structural guidance; live docs for current specifics. Installation is user-manual (R001 auto-install prohibited) — see `infra-aws-expert` agent for setup instructions.
13
+
12
14
  ## Well-Architected Framework Pillars
13
15
 
14
16
  ### 1. Operational Excellence
@@ -243,6 +243,7 @@ Claude Code의 Agent Teams 기능이 활성화되어 있으면 (`CLAUDE_CODE_EXP
243
243
  |------|------|
244
244
  | code-review-graph | Token-efficient AST 기반 context retrieval (8.2× 토큰 절감) — wrapper: `crg-integration` 스킬 (#1171) |
245
245
  | semble | Semantic code search via embeddings (98% 토큰 절감, NDCG@10=0.854) — wrapper: `semble-integration` 스킬 (#1173) |
246
+ | aws-mcp | AWS 서비스 인증 접근 — call_aws(15,000+ API 실행), search_documentation/read_documentation(실시간 AWS 문서), run_script(샌드박스). 고특권 실행은 infra-aws-expert 위임 + R010/R001 특권경계 |
246
247
 
247
248
  ### 설치 명령어
248
249
 
@@ -263,6 +264,10 @@ pipx install code-review-graph
263
264
  uv tool install semble
264
265
  claude mcp add semble -- semble mcp
265
266
  # 또는 .mcp.json 수동 편집 (R001 auto-install 금지)
267
+
268
+ # AWS MCP 서버 (IAM 인증 필요, 수동 설치 — R001 auto-install 금지)
269
+ claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
270
+ # 사전요건: AWS IAM 자격증명 구성. 가용 리전: us-east-1, eu-central-1 (API 호출은 전 리전)
266
271
  ```
267
272
 
268
273
  <!-- omcustom:git-workflow -->
@@ -12,15 +12,49 @@ source:
12
12
  - https://docs.aws.amazon.com/
13
13
  - https://aws.amazon.com/architecture/
14
14
  last_fetched: "2026-01-22"
15
+ note: >
16
+ Static documents below were last fetched 2026-01-22 and may be stale.
17
+ For current AWS documentation, use the AWS MCP Server (mcp_server section below)
18
+ which provides real-time lookup with no knowledge-cutoff limitation.
19
+
20
+ mcp_server:
21
+ name: aws-mcp
22
+ type: remote
23
+ managed_by: AWS
24
+ endpoint: https://aws-mcp.us-east-1.api.aws/mcp
25
+ availability:
26
+ - us-east-1 # US East (N. Virginia)
27
+ - eu-central-1 # Europe (Frankfurt)
28
+ note: >
29
+ Live source — takes precedence over static documents below for current API syntax,
30
+ service limits, and best practices. Requires user-manual installation (R001 auto-install
31
+ prohibited). AWS API calls via call_aws are possible in all regions regardless of
32
+ MCP endpoint region.
33
+ tools:
34
+ - name: search_documentation
35
+ description: Full-text search across latest AWS docs and best practices (read-only, safe)
36
+ - name: read_documentation
37
+ description: Fetch a specific AWS documentation page (read-only, safe)
38
+ - name: call_aws
39
+ description: >
40
+ Execute 15,000+ AWS API operations using existing IAM credentials.
41
+ HIGH PRIVILEGE — can create/modify/delete resources. Delegate to infra-aws-expert
42
+ only; orchestrator must NOT call directly (R010). Requires explicit user approval
43
+ for write/delete operations. IAM credentials must not be echoed to transcript (R001).
44
+ - name: run_script
45
+ description: Run sandboxed Python with IAM permissions (no network/filesystem access)
46
+ install_command: >
47
+ claude mcp add-json aws-mcp --scope user
48
+ '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
15
49
 
16
50
  documents:
17
51
  - name: well-architected
18
52
  path: ./well-architected.md
19
- description: AWS Well-Architected Framework summary
53
+ description: AWS Well-Architected Framework summary (static, last_fetched 2026-01-22)
20
54
 
21
55
  - name: common-patterns
22
56
  path: ./common-patterns.md
23
- description: Common AWS architecture patterns
57
+ description: Common AWS architecture patterns (static, last_fetched 2026-01-22)
24
58
 
25
59
  used_by:
26
60
  - infra-aws-expert
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.0.5",
2
+ "version": "1.0.7",
3
3
  "lastUpdated": "2026-05-20T00:00:00.000Z",
4
4
  "omcustomMinClaudeCode": "2.1.121",
5
5
  "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",