oh-my-customcodex 0.3.4 → 0.3.7

package/README.md

@@ -275,18 +275,14 @@ your-project/
 ├── AGENTS.md                   # Entry point
 ├── .codex/
 │   ├── agents/                 # 48 agent definitions
-│   ├── skills/                 # 108 skill modules
+│   ├── skills/                 # 112 skill modules
 │   ├── rules/                  # 22 governance rules (R000-R021)
 │   ├── hooks/                  # 15 lifecycle hook scripts
 │   ├── schemas/                # Tool input validation schemas
 │   ├── specs/                  # Extracted canonical specs
 │   ├── contexts/               # 4 shared context files
 │   └── ontology/               # Knowledge graph for RAG
-<<<<<<< HEAD
 └── guides/                     # 40 reference documents
-=======
-└── guides/                     # 40 reference documents
->>>>>>> origin/develop
 ```
 
 ---

package/dist/cli/index.js

@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.3.4",
+    version: "0.3.7",
     description: "Batteries-included agent harness on top of GPT Codex + OMX",
     type: "module",
     bin: {

package/dist/index.js

@@ -2180,7 +2180,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.3.4",
+  version: "0.3.7",
   description: "Batteries-included agent harness on top of GPT Codex + OMX",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.3.4",
+  "version": "0.3.7",
   "description": "Batteries-included agent harness on top of GPT Codex + OMX",
   "type": "module",
   "bin": {

package/templates/.claude/hooks/hooks.json

@@ -82,6 +82,16 @@
         ],
         "description": "Schema-based tool input validation — Phase 1 advisory only"
       },
+      {
+        "matcher": "tool == \"Bash\" && tool_input.command matches \"\\\\.claude/\"",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .codex/hooks/scripts/claude-sensitive-path-guard.sh"
+          }
+        ],
+        "description": "Block Bash writes into .claude/ sensitive paths before Claude Code permission prompts fire"
+      },
       {
         "matcher": "tool == \"Bash\"",
         "hooks": [

package/templates/.claude/hooks/scripts/claude-sensitive-path-guard.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+# Block Bash write operations targeting .claude/ sensitive paths.
+# Claude Code can surface a sensitive-file permission prompt before allow rules
+# or bypassPermissions are evaluated, so fail fast before the command runs.
+
+set -euo pipefail
+
+command -v jq >/dev/null 2>&1 || exit 0
+
+input=$(cat)
+cmd=$(echo "$input" | jq -r '.tool_input.command // ""')
+
+if [ -z "$cmd" ]; then
+  echo "$input"
+  exit 0
+fi
+
+targets_claude=0
+if [[ "$cmd" =~ \.claude/ ]]; then
+  targets_claude=1
+fi
+
+writes_claude=0
+if [[ "$cmd" =~ (^|[[:space:]])(cp|mv|install|rsync|tee|touch|mkdir|ln)[[:space:]] ]]; then
+  writes_claude=1
+elif [[ "$cmd" =~ sed[[:space:]]+-i ]] || [[ "$cmd" =~ perl[[:space:]]+-pi ]]; then
+  writes_claude=1
+elif [[ "$cmd" =~ [\>]{1,2}[[:space:]]*[^[:space:]]*\.claude/ ]]; then
+  writes_claude=1
+fi
+
+if [ "$targets_claude" -eq 1 ] && [ "$writes_claude" -eq 1 ]; then
+  echo "[Hook] BLOCKED: Bash write targeting .claude/ sensitive path" >&2
+  echo "[Hook] Command: $cmd" >&2
+  echo "[Hook] Use Write/Edit or the repo's managed sync/update path instead of Bash for .claude/ changes." >&2
+  exit 2
+fi
+
+echo "$input"

package/templates/manifest.json

@@ -1,6 +1,6 @@
 {
-  "version": "0.3.4",
-  "lastUpdated": "2026-04-22T04:45:00.000Z",
+  "version": "0.3.7",
+  "lastUpdated": "2026-04-22T05:10:00.000Z",
   "components": [
     {
       "name": "rules",