oh-my-customcodex 0.4.11 → 0.4.13

package/dist/cli/index.js

@@ -3091,7 +3091,12 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.4.11",
+    version: "0.4.13",
+    requiresCC: ">=2.1.121",
+    claudeCode: {
+      minimumVersion: "2.1.121",
+      protectedPathBypassVersion: "2.1.126"
+    },
     description: "Batteries-included agent harness on top of GPT Codex + OMX",
     type: "module",
     bin: {

package/dist/index.js

@@ -2180,7 +2180,12 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.4.11",
+  version: "0.4.13",
+  requiresCC: ">=2.1.121",
+  claudeCode: {
+    minimumVersion: "2.1.121",
+    protectedPathBypassVersion: "2.1.126"
+  },
   description: "Batteries-included agent harness on top of GPT Codex + OMX",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,12 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.4.11",
+  "version": "0.4.13",
+  "requiresCC": ">=2.1.121",
+  "claudeCode": {
+    "minimumVersion": "2.1.121",
+    "protectedPathBypassVersion": "2.1.126"
+  },
   "description": "Batteries-included agent harness on top of GPT Codex + OMX",
   "type": "module",
   "bin": {

package/templates/.claude/agents/mgr-creator.md

@@ -21,7 +21,7 @@ permissionMode: bypassPermissions
 
 ## Mandatory Sensitive Compatibility Paths
 
-When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, do not call Write/Edit directly on those paths in unattended automation. Produce the artifact body in `/tmp`, then apply it through the repo-approved sensitive-path script/artifact protocol so Codex-native `.codex/**` work remains autonomous and reviewable.
+When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, treat the old `/tmp` wrapper as legacy fallback only. Codex-native `.codex/**` edits stay direct, and Claude Code `bypassPermissions` can write `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` directly on v2.1.121+, with broader protected-path coverage on v2.1.126+.
 
 You are an agent creation specialist following R006 (MUST-agent-design.md) rules.
 

package/templates/.claude/agents/mgr-gitnerd.md

@@ -21,7 +21,7 @@ permissionMode: bypassPermissions
 
 ## Mandatory Sensitive Compatibility Paths
 
-When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, do not call Write/Edit directly on those paths in unattended automation. Produce the artifact body in `/tmp`, then apply it through the repo-approved sensitive-path script/artifact protocol so Codex-native `.codex/**` work remains autonomous and reviewable.
+When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, treat the old `/tmp` wrapper as legacy fallback only. Codex-native `.codex/**` edits stay direct, and Claude Code `bypassPermissions` can write `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` directly on v2.1.121+, with broader protected-path coverage on v2.1.126+.
 
 You are a Git operations specialist following GitHub flow best practices.
 

package/templates/.claude/agents/sys-memory-keeper.md

@@ -25,7 +25,7 @@ permissionMode: bypassPermissions
 
 ## Mandatory Sensitive Compatibility Paths
 
-When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, do not call Write/Edit directly on those paths in unattended automation. Produce the artifact body in `/tmp`, then apply it through the repo-approved sensitive-path script/artifact protocol so Codex-native `.codex/**` work remains autonomous and reviewable.
+When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, treat the old `/tmp` wrapper as legacy fallback only. Codex-native `.codex/**` edits stay direct, and Claude Code `bypassPermissions` can write `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` directly on v2.1.121+, with broader protected-path coverage on v2.1.126+.
 
 You are a session memory management specialist ensuring context survives across session compactions using claude-mem.
 

package/templates/.claude/agents/tracker-checkpoint.md

@@ -12,7 +12,7 @@ permissionMode: bypassPermissions
 
 ## Mandatory Sensitive Compatibility Paths
 
-When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, do not call Write/Edit directly on those paths in unattended automation. Produce the artifact body in `/tmp`, then apply it through the repo-approved sensitive-path script/artifact protocol so Codex-native `.codex/**` work remains autonomous and reviewable.
+When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, treat the old `/tmp` wrapper as legacy fallback only. Codex-native `.codex/**` edits stay direct, and Claude Code `bypassPermissions` can write `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` directly on v2.1.121+, with broader protected-path coverage on v2.1.126+.
 
 # Tracker Checkpoint Agent
 

package/templates/.claude/agents/wiki-curator.md

@@ -16,7 +16,7 @@ permissionMode: bypassPermissions
 
 ## Mandatory Sensitive Compatibility Paths
 
-When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, do not call Write/Edit directly on those paths in unattended automation. Produce the artifact body in `/tmp`, then apply it through the repo-approved sensitive-path script/artifact protocol so Codex-native `.codex/**` work remains autonomous and reviewable.
+When a task targets `.claude/**`, `templates/.claude/**`, or other Claude-compatibility mirrors, treat the old `/tmp` wrapper as legacy fallback only. Codex-native `.codex/**` edits stay direct, and Claude Code `bypassPermissions` can write `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` directly on v2.1.121+, with broader protected-path coverage on v2.1.126+.
 
 # Wiki Curator
 

package/templates/.claude/rules/MUST-agent-design.md

@@ -243,34 +243,39 @@ Skills persist output to `.codex/outputs/sessions/{YYYY-MM-DD}/{skill-name}-{HHm
 
 ## Sensitive Path Handling
 
-Claude Code treats `.claude/` and `templates/.claude/` as sensitive directories across Bash, Write, and Edit operations. The sensitive-path check runs above `bypassPermissions` and explicit allow rules, so allow rules do not override the sensitive-path check.
+Claude Code still treats `.claude/` and `templates/.claude/` as protected compatibility surfaces, but the current behavior is version-sensitive rather than a universal prompt wall.
 
-This Codex port uses `.codex/` as the active runtime surface, but packaged compatibility templates still live under `templates/.claude/`. Any automation that writes those templates must account for Claude Code permission prompts.
+This Codex port uses `.codex/` as the active runtime surface. `.codex/**` edits should use the normal Codex edit/patch flow with no Claude-only `/tmp` wrapper.
 
-**Key rule**: `.claude/` and `templates/.claude/` Bash/Write/Edit targets can trigger sensitive-path prompts regardless of allow rules. In unattended flows, delegated agents must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and avoid direct `.claude/**` tool targets.
+**Current compatibility rule**:
+
+- **CC v2.1.121+**: `bypassPermissions` no longer prompts for direct writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/`.
+- **CC v2.1.126+**: `bypassPermissions` also bypasses prompts for broader protected paths such as `.claude/**`, `.git/**`, `.vscode/**`, and shell config files.
+- **Historical fallback only**: if the target runtime is older than v2.1.121, not running with `bypassPermissions`, or still surfaces a protected-path prompt, use `/tmp/{skill}-{timestamp}.md` only as a compatibility fallback for the final `.claude/**` or `templates/.claude/**` write.
 
 <!-- DETAIL: Sensitive Path Behavior table and Recommended practice
-| Path pattern | Sensitive in Claude Code? | Affected operations |
-|--------------|---------------------------|---------------------|
-| `.claude/**` | Yes | Bash writes, Write, Edit |
-| `templates/.claude/**` | Yes | Bash writes, Write, Edit |
-| `.codex/**` | No | Normal Codex runtime writes; still follow R010/R017 |
-| `.codex/outputs/**` and `.claude/outputs/**` | Treat as constrained artifact paths | Use file-write APIs that create parents; do not pre-create with Bash |
+| Path pattern | Guidance |
+|--------------|----------|
+| `.claude/skills/**`, `.claude/agents/**`, `.claude/commands/**` | Direct writes are acceptable in Claude Code `bypassPermissions` on v2.1.121+ |
+| `.claude/**`, `.git/**`, `.vscode/**`, shell config files | Direct writes are acceptable in Claude Code `bypassPermissions` on v2.1.126+ |
+| `templates/.claude/**` | Mirror deliberately; use the historical `/tmp` fallback only when the runtime still prompts |
+| `.codex/**` | Normal Codex runtime writes; still follow R010/R017 |
+| `.codex/outputs/**` and `.claude/outputs/**` | Treat as constrained artifact paths; use file-write APIs that create parents and do not pre-create with Bash |
 
 Recommended practice:
 
-1. Prefer Write/Edit in an interactive session, or managed sync/update paths, over Bash copy/mkdir/tee writes for `.claude/` and `templates/.claude/`.
-2. Keep allow rules only as defensive documentation; do not rely on them to suppress sensitive-path prompts.
-3. Do not run unattended Claude Code release automation that writes `templates/.claude/**` unless the workflow can handle interactive approval.
-4. In this Codex port, update `.codex/...` source files and their `templates/.claude/...` mirrors deliberately instead of bulk-copying with shell commands.
-5. For unattended Claude compatibility-template writes, use a reviewed temporary script wrapper and verify the resulting diff; direct Bash/Write/Edit targets under `templates/.claude/**` can all trigger the sensitive-path guard.
+1. Prefer direct Write/Edit for `.codex/**` and for compatible `.claude/**` targets when the runtime version and permission mode allow it.
+2. Keep allow rules only as defensive documentation; current behavior depends on Claude Code version and permission mode, not allow-rule wishful thinking.
+3. In this Codex port, update `.codex/...` source files and their `templates/.claude/...` mirrors deliberately instead of bulk-copying with shell commands.
+4. Use the historical `/tmp` artifact-body fallback only for legacy Claude Code versions or sessions that still prompt on protected paths.
+5. When compatibility-template writes still require a fallback, verify the resulting diff and remove stale wrapper boilerplate from repeated prompts.
 -->
 
 Delegation prompt requirement:
 
-Any prompt that delegates work involving `.claude/**`, `templates/.claude/**`, `.claude/outputs/**`, or read-only measurement of those paths MUST include this block verbatim:
+Delegated prompts touching `.claude/**`, `templates/.claude/**`, `.claude/outputs/**`, or read-only measurement of those paths MUST include this block:
 
-> Sensitive-path artifact protocol (mandatory): do not ask a subagent to call Read, Bash, Write, or Edit directly on `.claude/**` or `templates/.claude/**` paths. If Claude compatibility artifacts are required, have the subagent produce the artifact body in `/tmp/{skill}-{timestamp}.md`, then use a reviewed temporary script wrapper or managed file-write API for the final checked-in path. Do not use direct Write/Edit/Bash targets under `.claude/**` in unattended flows.
+> Sensitive-path compatibility note: Codex-managed `.codex/**` edits use the normal edit/patch flow. On Claude Code v2.1.121+ with `bypassPermissions`, direct writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` are allowed; on v2.1.126+ that also extends to broader protected paths such as `.claude/**`, `.git/**`, and `.vscode/**`. Only fall back to `/tmp/{skill}-{timestamp}.md` when the target runtime is older than v2.1.121, not running with `bypassPermissions`, or still surfaces a protected-path prompt.
 
 ## Separation of Concerns
 

package/templates/.claude/rules/MUST-orchestrator-coordination.md

@@ -147,6 +147,19 @@ Key violations to avoid (file writes, git commands, bundled operations — all m
 ```
 -->
 
+## Historical Sensitive-Path Bypass
+
+**Status**: deprecated as of Claude Code v2.1.121 for `.claude/skills/`, `.claude/agents/`, and `.claude/commands/`; fully deprecated in `bypassPermissions` as of v2.1.126 for broader protected paths.
+
+Older guidance sometimes required a universal `/tmp` artifact-wrapper flow before touching Claude compatibility paths. Do not use that as the default in this Codex-native port.
+
+Current guidance:
+
+- Edit `.codex/**` directly with the normal Codex edit/patch flow.
+- In Claude Code `bypassPermissions`, direct writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` are acceptable on v2.1.121+.
+- In Claude Code `bypassPermissions`, broader protected-path writes such as `.claude/**`, `.git/**`, and `.vscode/**` are acceptable on v2.1.126+.
+- Keep the `/tmp/{skill}-{timestamp}.md` pattern only as a legacy fallback for older Claude Code versions or sessions that still surface a protected-path prompt.
+
 <!-- DETAIL: Autonomous Execution Mode
 
 ## Autonomous Execution Mode

package/templates/.claude/rules/MUST-permissions.md

@@ -21,6 +21,21 @@
 | Write | Source code, new files in project | .env, .git/config, paths outside project |
 | Delete | Temp files created by agent | Existing files (without request), entire directories |
 
+## Claude Code Protected-Path Compatibility
+
+Codex-native `.codex/**` edits are normal project writes and do not require the historical Claude-only `/tmp` bypass pattern.
+
+Claude Code compatibility behavior changed in two steps:
+
+- **CC v2.1.121+**: `--dangerously-skip-permissions` / `bypassPermissions` no longer prompts for writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/`.
+- **CC v2.1.126+**: the same mode also bypasses prompts for broader protected paths such as `.claude/**`, `.git/**`, `.vscode/**`, and shell config files.
+
+Current guidance:
+
+- Prefer direct Write/Edit/Bash targets for `.codex/**`.
+- For `.claude/**` or `templates/.claude/**`, direct writes are acceptable when the target Claude Code runtime is new enough and the session is running with `bypassPermissions`.
+- Treat the old `/tmp/{skill}-{timestamp}.md` wrapper flow as a historical fallback only for older Claude Code versions, non-bypass sessions, or interactive runs that still surface a protected-path prompt.
+
 ## Permission Request Format
 
 ```

package/templates/.claude/skills/action-validator/SKILL.md

@@ -57,20 +57,61 @@ policy_cache:
     - tool: Bash
       pattern: "git add *"
       verdict: allow
+      hints: { safety: normal, parallel: false, approval: auto }
     - tool: Bash
       pattern: "git commit *"
       verdict: allow
+      hints: { safety: normal, parallel: false, approval: auto }
     - tool: Bash
       pattern: "git push *"
       verdict: warn_confirm
+      hints: { safety: low, parallel: false, approval: needs_approval }
 ```
 
 Policy caching reduces redundant LLM calls for well-understood workflows. Policies are advisory — the orchestrator may override.
 
+## Capability Hints (Opus 4.7+)
+
+When agents target Opus 4.7 (`opus47` model alias), tool capability hints improve batched tool-call planning. Declare per-tool metadata in policy cache entries:
+
+| Field | Values | Effect |
+|-------|--------|--------|
+| `safety` | `normal`, `low` | `low` triggers confirmation advisory |
+| `parallel` | `true`, `false` | `true` allows concurrent scheduling |
+| `approval` | `auto`, `needs_approval` | Maps to R002 permission tier |
+
+### Example: Enhanced Policy Cache with Capability Hints
+
+```yaml
+policy_cache:
+  agent: mgr-gitnerd
+  action: git-commit
+  validated_steps:
+    - tool: Bash
+      pattern: "git add *"
+      verdict: allow
+      hints: { safety: normal, parallel: false, approval: auto }
+    - tool: Bash
+      pattern: "git push *"
+      verdict: warn_confirm
+      hints: { safety: low, parallel: false, approval: needs_approval }
+    - tool: Read
+      pattern: "*"
+      verdict: allow
+      hints: { safety: normal, parallel: true, approval: auto }
+```
+
+Hints are advisory — they inform model scheduling but do not enforce. Inspired by [ouroboros PR #353](https://github.com/Q00/ouroboros/pull/353) capability graph pattern.
+
 ## Code Harness Integration (AutoHarness)
 
 When a synthesized harness exists for an agent (`.codex/outputs/harnesses/{agent-name}-*.yaml`), action-validator can use it for enhanced validation:
 
+### Compatibility artifact protocol
+
+Sensitive-path compatibility note: when delegated work touches `.claude/outputs/`, `.claude/**`, or `templates/.claude/**`, keep `.codex/**` artifacts on the normal file-write path. On Claude Code v2.1.121+ with `bypassPermissions`, direct compatibility writes are allowed for `.claude/skills/`, `.claude/agents/`, and `.claude/commands/`; on v2.1.126+ broader protected paths are covered. Use `/tmp/<skill>-<timestamp>.md` only as a legacy fallback when the runtime is older or still prompts.
+
+
 | Mode | Source | Behavior |
 |------|--------|----------|
 | Advisory (default) | Prompt-based checks | Emit warnings only |

package/templates/.claude/skills/adaptive-harness/SKILL.md

@@ -185,6 +185,11 @@ Check `active_agents` list against files actually present in `.codex/agents/`. I
 
 Append a record to `.codex/outputs/harness-adaptations/YYYY-MM-DD.md`:
 
+### Compatibility artifact protocol
+
+Sensitive-path compatibility note: when delegated work touches `.claude/outputs/`, `.claude/**`, or `templates/.claude/**`, keep `.codex/**` artifacts on the normal file-write path. On Claude Code v2.1.121+ with `bypassPermissions`, direct compatibility writes are allowed for `.claude/skills/`, `.claude/agents/`, and `.claude/commands/`; on v2.1.126+ broader protected paths are covered. Use `/tmp/<skill>-<timestamp>.md` only as a legacy fallback when the runtime is older or still prompts.
+
+
 ```markdown
 ## Optimization Run — 2026-04-12T10:00:00Z
 

package/templates/.claude/skills/agora/SKILL.md

@@ -25,7 +25,7 @@ source:
 
 ## Sensitive-Path Delegation
 
-Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+Sensitive-path compatibility note: if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, keep `.codex/**` edits on the normal Codex path. On Claude Code v2.1.121+ with `bypassPermissions`, direct writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` are allowed; on v2.1.126+ that extends to broader protected paths. Only use `/tmp/{skill}-{timestamp}.md` as a legacy fallback when the target runtime is older or still prompts.
 
 ## Usage
 

package/templates/.claude/skills/dag-orchestration/SKILL.md

@@ -86,7 +86,7 @@ config:
 
 ## Sensitive-Path Delegation
 
-Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+Sensitive-path compatibility note: if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, keep `.codex/**` edits on the normal Codex path. On Claude Code v2.1.121+ with `bypassPermissions`, direct writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` are allowed; on v2.1.126+ that extends to broader protected paths. Only use `/tmp/{skill}-{timestamp}.md` as a legacy fallback when the target runtime is older or still prompts.
 
 ## Execution Rules
 

package/templates/.claude/skills/de-lead-routing/SKILL.md

@@ -221,7 +221,7 @@ Delegate to mgr-creator with context:
 
 ## Sensitive-Path Delegation
 
-Sensitive-path artifact protocol (mandatory): if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, include this protocol directly in the delegated prompt. The delegate must produce artifact bodies in `/tmp/{skill}-{timestamp}.md` first and must avoid direct Read, Bash, Write, or Edit targets under `.claude/**` in unattended flows.
+Sensitive-path compatibility note: if this skill delegates work that touches `.claude/**`, `.claude/outputs/**`, `templates/.claude/**`, or read-only measurements of those paths, keep `.codex/**` edits on the normal Codex path. On Claude Code v2.1.121+ with `bypassPermissions`, direct writes to `.claude/skills/`, `.claude/agents/`, and `.claude/commands/` are allowed; on v2.1.126+ that extends to broader protected paths. Only use `/tmp/{skill}-{timestamp}.md` as a legacy fallback when the target runtime is older or still prompts.
 
 ## Usage