oh-my-customcode 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js CHANGED
@@ -241,7 +241,7 @@ var init_package = __esm(() => {
241
241
  workspaces: [
242
242
  "packages/*"
243
243
  ],
244
- version: "1.0.8",
244
+ version: "1.0.10",
245
245
  description: "Batteries-included agent harness for Claude Code",
246
246
  type: "module",
247
247
  bin: {
package/dist/index.js CHANGED
@@ -2031,7 +2031,7 @@ var package_default = {
2031
2031
  workspaces: [
2032
2032
  "packages/*"
2033
2033
  ],
2034
- version: "1.0.8",
2034
+ version: "1.0.10",
2035
2035
  description: "Batteries-included agent harness for Claude Code",
2036
2036
  type: "module",
2037
2037
  bin: {
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "workspaces": [
4
4
  "packages/*"
5
5
  ],
6
- "version": "1.0.8",
6
+ "version": "1.0.10",
7
7
  "description": "Batteries-included agent harness for Claude Code",
8
8
  "type": "module",
9
9
  "bin": {
@@ -38,10 +38,14 @@ Extended context suffix: `[1m]` (e.g., `claude-opus-4-6[1m]`) — enables 1M tok
38
38
 
39
39
  This is a settings-level resilience mechanism, distinct from the per-agent `model:` frontmatter. It complements the `model-escalation` skill (outcome-based escalation) by handling availability/overload failover at the platform level.
40
40
 
41
+ > **v2.1.178+**: Compaction now honors the `fallbackModel` chain — on overload or model-availability errors during context compaction, CC falls back to the configured fallback model instead of failing the compaction. Extends the v2.1.166 `fallbackModel` resilience to the compaction path.
42
+
41
43
  ### Thinking Toggle (CC v2.1.166+)
42
44
 
43
45
  > **v2.1.166+**: `MAX_THINKING_TOKENS=0`, `--thinking disabled`, and the per-model thinking toggle disable thinking on models that think by default via the Claude API (3rd-party providers unchanged). Relevant when an agent's `effort` is low and thinking overhead is undesirable.
44
46
 
47
+ > **v2.1.183+**: CC now warns (stderr, in `-p` print mode) when the requested model is deprecated or auto-updated to a newer model — and this warning now ALSO covers models set in agent frontmatter (`model:`). Relevant to the Model Aliases table above: a stale/deprecated `model:` value in agent frontmatter now surfaces a deprecation warning instead of silently resolving. Separately, v2.1.183 fixes `thinking.disabled.display: Extra inputs are not permitted` 400 errors on subagent spawns and session-title generation — extends the v2.1.166 toggle above; subagent spawns with thinking disabled no longer 400.
48
+
45
49
  ### Safe Mode & Bundled Skill Control (CC v2.1.169+)
46
50
 
47
51
  > **v2.1.169+**: `--safe-mode` (and `CLAUDE_CODE_SAFE_MODE`) starts Claude Code with ALL customizations disabled (CLAUDE.md, plugins, skills, hooks, MCP servers) — use it to isolate whether a project customization (agent/skill/hook) causes a regression. The `disableBundledSkills` setting (and `CLAUDE_CODE_DISABLE_BUNDLED_SKILLS` env) hides bundled skills, workflows, and built-in slash commands from the model — useful when bundled skills conflict with or duplicate project skills (R006 skill-surface management). Note: `disableBundledSkills` hides skills from the model but is a CC platform setting, distinct from the advisory `skills:` frontmatter field (which is documentation metadata, not a runtime allowlist).
@@ -381,6 +385,10 @@ Key optional fields: `scope`, `context`, `version`, `effort`, `model`, `agent`,
381
385
 
382
386
  > **v2.1.163+**: In skill `command` bodies, use `\$` to emit a literal `$` before a number (e.g., `\$1`) — previously ambiguous with shell variable expansion. Relevant when authoring skills with `shell:` or inline command steps that include dollar signs not intended as variables.
383
387
 
388
+ > **v2.1.178+**: Skills in nested `.claude/skills` directories now load when working on files in that subtree; on a name clash with a higher-scope skill, the nested skill is surfaced as `<dir>:<name>` so both remain invokable. Directory-qualified nested skills also no longer trigger permission prompts in non-interactive runs. Additionally, MCP-spec entries (`mcp__server`, `mcp__server__*`, `mcp__*`) in a subagent's `disallowedTools` are now honored (previously silently ignored) — relevant to the Optional Frontmatter `disallowedTools` field. oh-my-customcode keeps a flat `.claude/skills/` layout, but the `<dir>:<name>` disambiguation matters if a nested project subtree introduces a same-named skill.
389
+
390
+ > **v2.1.178+**: When names collide across nested `.claude/` directories, the agent, workflow, and output-style CLOSEST to the working directory now wins; project-scope workflow saves target the closest existing `.claude/workflows/`. Relevant to multi-`.claude/` layouts — project-root `.claude/` definitions are overridden by a nested `.claude/` when working inside that subtree.
391
+
384
392
  <!-- DETAIL: Skill Optional Fields (full yaml block)
385
393
  ```yaml
386
394
  scope: core # core | harness | package (default: core)
@@ -48,6 +48,8 @@ These are distinct mechanisms. Agent Teams `SendMessage` requires `TeamCreate` a
48
48
 
49
49
  This hardens cross-session coordination (claude-peers-mcp `send_message`, see Scope table above) against privilege escalation — a relayed message from session A cannot grant session B permissions the user did not authorize on B. Aligns with R001 (credential/privileged-scope guardrails) and R010 (out-of-scope privileged chaining). Intra-session Agent Teams `SendMessage` between peers in the same session is unaffected.
50
50
 
51
+ > **v2.1.183+**: Fixed tmux teammate panes failing to launch when the shell has slow rc-file initialization — a slow `.zshrc`/`.bashrc` no longer prevents Agent Teams teammate panes from launching in tmux. Also fixed WebSearch returning empty results in subagents: a subagent (including a Teams member) using WebSearch now returns results instead of silently empty.
52
+
51
53
  ## Self-Check (Before Agent Tool)
52
54
 
53
55
  Before using Agent tool for 2+ agent tasks, complete this check:
@@ -274,6 +274,8 @@ The Subagent Scope-Creep STOP Protocol (above) is REACTIVE — it halts an agent
274
274
 
275
275
  Cross-reference: the Subagent Scope-Creep STOP Protocol (reactive halt after trips) and R001 (credential/privileged-scope guardrails, re-confirm scope before irreversible shared-infra actions).
276
276
 
277
+ > **v2.1.178+**: Auto mode now evaluates subagent spawns with the safety classifier BEFORE launch, closing a gap where a spawned subagent could request a blocked action without prior review. This is the PLATFORM-level complement to the (advisory) Pre-Delegation Privileged-Scope Boundary above: the orchestrator still states the approved/forbidden scope in the delegation prompt (proactive, model-level), and CC now also gates the spawn itself (platform-level). The two are defense-in-depth — the prompt-stated boundary remains required because the classifier gates ACTIONS, not task SCOPE.
278
+
277
279
  ## Universal bypassPermissions
278
280
 
279
281
  **ALL Agent tool calls MUST include `mode: "bypassPermissions"`.**
@@ -319,6 +321,10 @@ Before spawning any agent:
319
321
 
320
322
  > **v2.1.174+**: Fixed background sessions inheriting another session's `ANTHROPIC_*` provider env (gateway URL, custom headers, `/model` aliases) from the shell that started the background daemon. Further strengthens background-agent isolation (cf. v2.1.172 project-settings isolation): a `/bg`-dispatched agent no longer picks up a foreign session's provider configuration. Also fixed pre-warmed background workers failing with "Could not resolve authentication method" when claimed after sitting idle. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
321
323
 
324
+ > **v2.1.178+**: Fixed `claude agents` workers failing with `401 Invalid bearer token` when the daemon was started from a shell with a custom API gateway (`ANTHROPIC_BASE_URL` + `ANTHROPIC_AUTH_TOKEN`). Further hardens background-agent provider isolation (cf. v2.1.174 ANTHROPIC_* env isolation). Also fixed `/bg`-created background sessions showing "Working" forever after a turn finished. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
325
+
326
+ > **v2.1.181+**: Fixed prompt caching not reading on a custom `ANTHROPIC_BASE_URL` (and on Foundry) due to a per-request attestation token changing every turn. Further strengthens background-agent provider isolation (cf. v2.1.174 ANTHROPIC_* env isolation, v2.1.178 401 bearer-token fix): a `/bg`-dispatched or custom-gateway session now benefits from prompt caching instead of paying a cache miss every turn. Separately, v2.1.179 fixed remote-session background tasks appearing stuck as "still running" between turns. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
327
+
322
328
  ## Agent Capability Pre-Check
323
329
 
324
330
  Before delegating a task to a subagent, MUST verify the target agent's tool capabilities against the task requirements. Failure to pre-check causes round-trip waste (delegation → failure → re-delegation).
@@ -45,6 +45,10 @@ On insufficient permission: do not attempt, notify user, suggest alternative.
45
45
 
46
46
  Use a `"*"` deny rule in `settings.json` to enforce a deny-by-default posture, then add specific allow rules. Complements the Tier-based policy above — settings.json deny rules are evaluated by the CC platform, independent of the advisory tier table.
47
47
 
48
+ > **v2.1.178+**: Permission rules now support `Tool(param:value)` syntax to match a tool's input parameters, with `*` wildcard — e.g. `Agent(model:opus)` denies Opus subagents, or a parameter glob to constrain a tool's arguments. This extends the v2.1.166 tool-name glob support down to per-parameter granularity. Relevant to the Agent Tool Permission Mode below: a deny rule can now block specific subagent models/parameters at the platform level, complementing `availableModels` (R006) and the universal `mode: "bypassPermissions"` requirement (R010). A `Agent(model:...)` parameter deny is evaluated by the CC platform independent of the advisory tier table.
49
+
50
+ > **v2.1.183+**: Fixed MCP servers requiring authentication exposing auth-stub tools to the model in headless/SDK mode — unauthenticated MCP auth-stub tools are no longer surfaced to the model in `-p` / SDK runs (they would fail on call). Relevant to the Tier-6 MCP tier: a headless run no longer offers auth-stub MCP tools. Separately, v2.1.181 added the `sandbox.allowAppleEvents` opt-in setting, letting sandboxed commands send Apple Events on macOS (default off) — a deliberate sandbox-scope widening, complementing the Tier-based policy above.
51
+
48
52
  ## Agent Tool Permission Mode
49
53
 
50
54
  When spawning subagents via the Agent tool, always pass `mode: "bypassPermissions"` explicitly. The Agent tool's default mode is `acceptEdits`, which **overrides** the agent frontmatter `permissionMode` field.
@@ -25,6 +25,8 @@ The following git commands have caused working tree loss in past sessions (#1146
25
25
 
26
26
  **Recovery hint**: If working tree loss occurs, check `git reflog` immediately — most operations are recoverable within 30 days.
27
27
 
28
+ > **v2.1.183+**: Auto mode now BLOCKS destructive git commands at the platform level — `git reset --hard`, `git checkout -- .`, `git clean -fd`, and `git stash drop` are blocked when you did not ask to discard local work; `git commit --amend` is blocked when the commit was not made by the agent this session; and `terraform destroy` / `pulumi destroy` / `cdk destroy` are blocked unless you asked for the specific stack. This is the PLATFORM-level complement to this section's (advisory) per-invocation approval requirement and the Pre-Delegation Blast-Radius Enumeration below: the model still enumerates discard targets and requests approval (model-level), and CC now also hard-blocks the destructive command itself in auto mode (platform-level) — defense-in-depth. The advisory approval requirement remains because the platform block gates the COMMAND, not the blast-radius enumeration the user needs for an informed decision.
29
+
28
30
  ### Pre-Delegation Blast-Radius Enumeration
29
31
 
30
32
  > Origin: #1307 찐빠 #1 (High) — user chose "discard local changes and pull", and `git reset --hard origin/develop` was delegated immediately → user rejected (interrupt). The blast radius — that "discard local changes" included 18 files of *intended* uncommitted work (rule edits, new skills, new guides), not just a version downgrade — was never enumerated for the user.
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.0.8",
2
+ "version": "1.0.10",
3
3
  "lastUpdated": "2026-05-20T00:00:00.000Z",
4
4
  "omcustomMinClaudeCode": "2.1.121",
5
5
  "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",