oh-my-customcode 1.0.7 → 1.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/rules/MUST-agent-design.md +6 -0
- package/templates/.claude/rules/MUST-completion-verification.md +13 -0
- package/templates/.claude/rules/MUST-orchestrator-coordination.md +4 -0
- package/templates/.claude/rules/MUST-permissions.md +2 -0
- package/templates/manifest.json +1 -1
package/dist/cli/index.js
CHANGED
package/dist/index.js
CHANGED
package/package.json
CHANGED
|
@@ -38,6 +38,8 @@ Extended context suffix: `[1m]` (e.g., `claude-opus-4-6[1m]`) — enables 1M tok
|
|
|
38
38
|
|
|
39
39
|
This is a settings-level resilience mechanism, distinct from the per-agent `model:` frontmatter. It complements the `model-escalation` skill (outcome-based escalation) by handling availability/overload failover at the platform level.
|
|
40
40
|
|
|
41
|
+
> **v2.1.178+**: Compaction now honors the `fallbackModel` chain — on overload or model-availability errors during context compaction, CC falls back to the configured fallback model instead of failing the compaction. Extends the v2.1.166 `fallbackModel` resilience to the compaction path.
|
|
42
|
+
|
|
41
43
|
### Thinking Toggle (CC v2.1.166+)
|
|
42
44
|
|
|
43
45
|
> **v2.1.166+**: `MAX_THINKING_TOKENS=0`, `--thinking disabled`, and the per-model thinking toggle disable thinking on models that think by default via the Claude API (3rd-party providers unchanged). Relevant when an agent's `effort` is low and thinking overhead is undesirable.
|
|
@@ -381,6 +383,10 @@ Key optional fields: `scope`, `context`, `version`, `effort`, `model`, `agent`,
|
|
|
381
383
|
|
|
382
384
|
> **v2.1.163+**: In skill `command` bodies, use `\$` to emit a literal `$` before a number (e.g., `\$1`) — previously ambiguous with shell variable expansion. Relevant when authoring skills with `shell:` or inline command steps that include dollar signs not intended as variables.
|
|
383
385
|
|
|
386
|
+
> **v2.1.178+**: Skills in nested `.claude/skills` directories now load when working on files in that subtree; on a name clash with a higher-scope skill, the nested skill is surfaced as `<dir>:<name>` so both remain invokable. Directory-qualified nested skills also no longer trigger permission prompts in non-interactive runs. Additionally, MCP-spec entries (`mcp__server`, `mcp__server__*`, `mcp__*`) in a subagent's `disallowedTools` are now honored (previously silently ignored) — relevant to the Optional Frontmatter `disallowedTools` field. oh-my-customcode keeps a flat `.claude/skills/` layout, but the `<dir>:<name>` disambiguation matters if a nested project subtree introduces a same-named skill.
|
|
387
|
+
|
|
388
|
+
> **v2.1.178+**: When names collide across nested `.claude/` directories, the agent, workflow, and output-style CLOSEST to the working directory now wins; project-scope workflow saves target the closest existing `.claude/workflows/`. Relevant to multi-`.claude/` layouts — project-root `.claude/` definitions are overridden by a nested `.claude/` when working inside that subtree.
|
|
389
|
+
|
|
384
390
|
<!-- DETAIL: Skill Optional Fields (full yaml block)
|
|
385
391
|
```yaml
|
|
386
392
|
scope: core # core | harness | package (default: core)
|
|
@@ -306,6 +306,19 @@ Before closing or marking-done an issue/task that CLAIMS an infrastructure or re
|
|
|
306
306
|
|
|
307
307
|
This is the infra/state extension of "actual outcome ≠ attempt". Closing on the command-issued assumption leaves orphaned running resources.
|
|
308
308
|
|
|
309
|
+
### Binary/Rendered-Artifact Completeness (text-grep ≠ complete)
|
|
310
|
+
|
|
311
|
+
> Origin: #1384 (second-brain 공개 저장소 redaction 세션 회고 찐빠 #1) — 텍스트 + git 히스토리 force-push 후 "원격 완전 정리됨"이라 선언했으나, 직후 렌더된 다이어그램 PNG 3종에 redaction 대상 식별자가 시각적으로 잔존 + 텍스트 잔여 호스트 토큰 1건 발견 → 추가 force-push 2회 필요. redaction 범위를 grep 가능한 텍스트로만 잡고, 렌더된 이미지/바이너리를 완결 선언 전에 점검하지 않음.
|
|
312
|
+
|
|
313
|
+
완료/완결성을 주장하는 작업(redaction, 식별자 제거, 콘텐츠 정리, 시크릿 스크럽, 데이터 마이그레이션)에서 텍스트 grep 통과는 완결을 보장하지 않는다. 렌더된 이미지/바이너리 산출물(PNG/PDF/렌더 다이어그램/임베디드 메타데이터/EXIF)에 동일 대상이 시각적·바이너리적으로 잔존할 수 있다. "완전 제거됨/완료" 선언 전, 텍스트뿐 아니라 바이너리/이미지/렌더 산출물 완결성까지 검증해야 한다.
|
|
314
|
+
|
|
315
|
+
| Anti-pattern | Required |
|
|
316
|
+
|--------------|----------|
|
|
317
|
+
| 텍스트 grep 통과 후 "완전 제거됨/정리됨" 선언 | 렌더 이미지/바이너리/임베디드 메타데이터 시각·내용 스캔까지 통과한 뒤 선언 |
|
|
318
|
+
| redaction 범위를 grep 가능 텍스트로만 한정 → 잔여를 순차 발견하며 force-push 반복 | 사전 전수 점검(대소문자 무시 텍스트 + 부분문자열 변형 + 바이너리/이미지 + 참조/고아 분석) 후 단일 패스 rewrite (R005 효율) |
|
|
319
|
+
|
|
320
|
+
This is the redaction/binary extension of the UI/Frontend "browser render verified" row in the Task-Type Completion Matrix — text-layer verification alone is insufficient when rendered/binary artifacts carry the same content. Cross-reference: R001 (보안 완결성 — 시크릿/식별자 잔존 차단), R005 (단일 패스 효율 — 사전 전수 점검이 반복 force-push를 방지).
|
|
321
|
+
|
|
309
322
|
## Integration
|
|
310
323
|
|
|
311
324
|
| Rule | Interaction |
|
|
@@ -274,6 +274,8 @@ The Subagent Scope-Creep STOP Protocol (above) is REACTIVE — it halts an agent
|
|
|
274
274
|
|
|
275
275
|
Cross-reference: the Subagent Scope-Creep STOP Protocol (reactive halt after trips) and R001 (credential/privileged-scope guardrails, re-confirm scope before irreversible shared-infra actions).
|
|
276
276
|
|
|
277
|
+
> **v2.1.178+**: Auto mode now evaluates subagent spawns with the safety classifier BEFORE launch, closing a gap where a spawned subagent could request a blocked action without prior review. This is the PLATFORM-level complement to the (advisory) Pre-Delegation Privileged-Scope Boundary above: the orchestrator still states the approved/forbidden scope in the delegation prompt (proactive, model-level), and CC now also gates the spawn itself (platform-level). The two are defense-in-depth — the prompt-stated boundary remains required because the classifier gates ACTIONS, not task SCOPE.
|
|
278
|
+
|
|
277
279
|
## Universal bypassPermissions
|
|
278
280
|
|
|
279
281
|
**ALL Agent tool calls MUST include `mode: "bypassPermissions"`.**
|
|
@@ -319,6 +321,8 @@ Before spawning any agent:
|
|
|
319
321
|
|
|
320
322
|
> **v2.1.174+**: Fixed background sessions inheriting another session's `ANTHROPIC_*` provider env (gateway URL, custom headers, `/model` aliases) from the shell that started the background daemon. Further strengthens background-agent isolation (cf. v2.1.172 project-settings isolation): a `/bg`-dispatched agent no longer picks up a foreign session's provider configuration. Also fixed pre-warmed background workers failing with "Could not resolve authentication method" when claimed after sitting idle. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
|
|
321
323
|
|
|
324
|
+
> **v2.1.178+**: Fixed `claude agents` workers failing with `401 Invalid bearer token` when the daemon was started from a shell with a custom API gateway (`ANTHROPIC_BASE_URL` + `ANTHROPIC_AUTH_TOKEN`). Further hardens background-agent provider isolation (cf. v2.1.174 ANTHROPIC_* env isolation). Also fixed `/bg`-created background sessions showing "Working" forever after a turn finished. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
|
|
325
|
+
|
|
322
326
|
## Agent Capability Pre-Check
|
|
323
327
|
|
|
324
328
|
Before delegating a task to a subagent, MUST verify the target agent's tool capabilities against the task requirements. Failure to pre-check causes round-trip waste (delegation → failure → re-delegation).
|
|
@@ -45,6 +45,8 @@ On insufficient permission: do not attempt, notify user, suggest alternative.
|
|
|
45
45
|
|
|
46
46
|
Use a `"*"` deny rule in `settings.json` to enforce a deny-by-default posture, then add specific allow rules. Complements the Tier-based policy above — settings.json deny rules are evaluated by the CC platform, independent of the advisory tier table.
|
|
47
47
|
|
|
48
|
+
> **v2.1.178+**: Permission rules now support `Tool(param:value)` syntax to match a tool's input parameters, with `*` wildcard — e.g. `Agent(model:opus)` denies Opus subagents, or a parameter glob to constrain a tool's arguments. This extends the v2.1.166 tool-name glob support down to per-parameter granularity. Relevant to the Agent Tool Permission Mode below: a deny rule can now block specific subagent models/parameters at the platform level, complementing `availableModels` (R006) and the universal `mode: "bypassPermissions"` requirement (R010). A `Agent(model:...)` parameter deny is evaluated by the CC platform independent of the advisory tier table.
|
|
49
|
+
|
|
48
50
|
## Agent Tool Permission Mode
|
|
49
51
|
|
|
50
52
|
When spawning subagents via the Agent tool, always pass `mode: "bypassPermissions"` explicitly. The Agent tool's default mode is `acceptEdits`, which **overrides** the agent frontmatter `permissionMode` field.
|
package/templates/manifest.json
CHANGED