oh-my-customcodex 0.4.17 → 0.5.1

package/README.md

@@ -13,7 +13,7 @@
 
 **[한국어 문서 (Korean)](./README_ko.md)**
 
-49 agents. 118 skills. 22 rules. One command.
+49 agents. 123 skills. 22 rules. One command.
 
 ```bash
 npm install -g oh-my-customcodex && cd your-project && omcustomcodex init
@@ -134,7 +134,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 
 ---
 
-### Skills (118)
+### Skills (123)
 
 | Category | Count | Includes |
 |----------|-------|----------|
@@ -147,7 +147,7 @@ Each agent declares its tools, model, memory scope, and limitations in YAML fron
 | Package | 3 | npm-publish, npm-version, npm-audit |
 | Optimization | 3 | optimize-analyze, optimize-bundle, optimize-report |
 | Security | 3 | adversarial-review, cve-triage, jinja2-prompts |
-| Other | 12 | codex-exec, claude-native, visual-ralph, visual-verdict, vercel-deploy, skills-sh-search, result-aggregation, writing-clearly-and-concisely, and more |
+| Other | 13 | codex-exec, claude-native, gitlab, visual-ralph, visual-verdict, vercel-deploy, skills-sh-search, result-aggregation, writing-clearly-and-concisely, and more |
 
 Skills use a 3-tier scope system: `core` (universal), `harness` (agent/skill maintenance), `package` (project-specific).
 
@@ -228,7 +228,7 @@ Key rules: R010 (orchestrator never writes files), R009 (parallel execution mand
 
 ---
 
-### Guides (47)
+### Guides (48)
 
 Reference documentation covering best practices, architecture decisions, and integration patterns. Located in `guides/` at project root, covering topics from agent design to CI/CD to observability.
 
@@ -287,8 +287,8 @@ your-project/
 │   ├── contexts/               # 4 shared context files
 │   └── ontology/               # Knowledge graph for RAG
 ├── .agents/
-│   └── skills/                 # 118 installed skill modules
-└── guides/                     # 47 reference documents
+│   └── skills/                 # 123 installed skill modules
+└── guides/                     # 48 reference documents
 ```
 
 ### Source Repository And Compatibility Surfaces
@@ -325,7 +325,7 @@ bun test             # Run tests
 bun run build        # Production build
 ```
 
-Requirements: Node.js >= 18.0.0, Codex CLI.
+Requirements: Node.js >= 18.0.0, Bun, Codex CLI. GitHub CLI (`gh`) and `jq` are recommended for release automation and local hook validation.
 
 ---
 

package/dist/cli/index.js

@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.4.17",
+    version: "0.5.1",
     requiresCC: ">=2.1.121",
     claudeCode: {
       minimumVersion: "2.1.121",

package/dist/index.js

@@ -2180,7 +2180,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.4.17",
+  version: "0.5.1",
   requiresCC: ">=2.1.121",
   claudeCode: {
     minimumVersion: "2.1.121",

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.4.17",
+  "version": "0.5.1",
   "requiresCC": ">=2.1.121",
   "claudeCode": {
     "minimumVersion": "2.1.121",

package/templates/.claude/agents/mgr-gitnerd.md

@@ -46,8 +46,12 @@ Types: feat, fix, docs, style, refactor, test, chore
 
 - NEVER force push to main/master
 - NEVER reset --hard without confirmation
+- NEVER run `git clean -fd`, broad `git restore`, or `git checkout -- .` without preserving diffs and confirming the exact scope
+- NEVER delete branches with `git branch -D` until merge state and remote backup are checked
 - NEVER skip pre-commit hooks without reason
 - ALWAYS create new commits (avoid --amend unless requested)
+- BEFORE release branch creation, check for a local `release` branch that blocks the `release/v*` namespace; rename or remove it only after proving it is merged/backed up
+- AFTER unexpected destructive git output, inspect `git reflog`, `git status`, and `git diff` before any repair attempt
 
 ## Push Rules (R016)
 

package/templates/.claude/agents/mgr-sauron.md

@@ -29,10 +29,11 @@ You are an automated verification specialist that executes the mandatory R017 ve
 5. Verify reference integrity (frontmatter, memory fields, skill refs)
 6. Verify philosophy compliance (R006-R011)
 7. Verify Claude-native compatibility
-8. Spec density analysis: detects agents with excessive inline implementation detail (R006 compliance)
-9. Structural linting: routing coverage (unreachable agents), orphan skill detection, circular dependency check, context:fork cap verification, R006 fork-list/frontmatter cross-validation
-10. Auto-fix simple issues (count mismatches, missing fields)
-11. Generate verification report
+8. Verify working-tree preservation: no verification step may reset, clean, restore, or delete branch state without explicit approval and recovery evidence
+9. Spec density analysis: detects agents with excessive inline implementation detail (R006 compliance)
+10. Structural linting: routing coverage (unreachable agents), orphan skill detection, circular dependency check, context:fork cap verification, R006 fork-list/frontmatter cross-validation
+11. Auto-fix simple issues (count mismatches, missing fields)
+12. Generate verification report
 
 ## Commands
 

package/templates/.claude/hooks/hooks.json

@@ -42,6 +42,16 @@
         ],
         "description": "Pause before git push to review changes"
       },
+      {
+        "matcher": "tool == \"Bash\" && tool_input.command matches \"git (reset --hard|clean -f|clean -d|restore|checkout --|branch -D|push --force|push -f)\"",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .codex/hooks/scripts/destructive-git-guard.sh"
+          }
+        ],
+        "description": "Warn on destructive git commands and print recovery guidance without blocking"
+      },
       {
         "matcher": "tool == \"Write\" && tool_input.file_path matches \"\\\\.(md|txt)$\" && !(tool_input.file_path matches \"README\\\\.md|CLAUDE\\\\.md|AGENT\\\\.md|SKILL\\\\.md\")",
         "hooks": [

package/templates/.claude/hooks/scripts/destructive-git-guard.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Advisory guard for destructive git commands.
+# Warns before commands that can discard worktree or branch state.
+# This hook is advisory only: it prints warnings to stderr, records a
+# PPID-scoped event, echoes the original hook input, and exits 0.
+
+input=$(cat)
+cmd=""
+
+if command -v jq >/dev/null 2>&1; then
+  cmd=$(echo "$input" | jq -r '.tool_input.command // ""' 2>/dev/null)
+elif command -v node >/dev/null 2>&1; then
+  cmd=$(
+    printf '%s' "$input" | node -e 'let s = ""; process.stdin.on("data", d => s += d); process.stdin.on("end", () => { try { const j = JSON.parse(s); process.stdout.write(j?.tool_input?.command || ""); } catch { process.exit(0); } });' 2>/dev/null
+  )
+fi
+
+warn() {
+  local pattern="$1"
+  local command="$2"
+  local violation_file="/tmp/.codex-destructive-git-violations-${PPID}"
+
+  echo "[Hook] WARNING: destructive git command detected: ${pattern}" >&2
+  echo "[Hook] Command: ${command}" >&2
+  echo "[Hook] Verify target, preserve important work, and get explicit approval before continuing." >&2
+  echo "[Hook] Recovery: inspect 'git status', 'git diff', and 'git reflog' before attempting repair." >&2
+
+  printf '%s\t%s\t%s\n' "$(date -u +%Y-%m-%dT%H:%M:%SZ)" "$pattern" "$command" >> "$violation_file"
+}
+
+if [ -n "$cmd" ]; then
+  case "$cmd" in
+    *"git reset --hard"*)
+      warn "git reset --hard" "$cmd"
+      ;;
+    *"git clean -fd"*|*"git clean -df"*|*"git clean -fxd"*|*"git clean -xdf"*)
+      warn "git clean -fd/-fdx" "$cmd"
+      ;;
+    *"git restore"*|*"git checkout -- ."*|*"git checkout -- *"*)
+      warn "git restore / git checkout --" "$cmd"
+      ;;
+    *"git branch -D"*)
+      warn "git branch -D" "$cmd"
+      echo "[Hook] Check whether the branch is merged before deleting it." >&2
+      ;;
+    *"git push --force"*|*"git push -f"*)
+      warn "git push --force" "$cmd"
+      ;;
+  esac
+fi
+
+echo "$input"
+exit 0

package/templates/.claude/rules/MUST-safety.md

@@ -15,6 +15,21 @@
 
 Verify target, assess impact scope, check recoverability, get user approval.
 
+## Destructive Git Commands
+
+Treat these commands as destructive even when they look like routine cleanup:
+
+| Command pattern | Risk | Required action |
+|-----------------|------|-----------------|
+| `git reset --hard` | Discards tracked worktree changes and can hide recent work behind reflog recovery | Preserve diffs first, verify target ref, and get explicit approval |
+| `git clean -fd` / `git clean -fdx` | Deletes untracked files, including generated plans and local-only artifacts | List targets with `git clean -ndx` first and get explicit approval |
+| `git restore .` / broad `git restore <path>` | Reverts tracked files without preserving intent | Inspect `git diff` and confirm the exact path scope |
+| `git checkout -- .` | Reverts tracked files using legacy checkout semantics | Prefer explicit path review and preserve diffs first |
+| `git branch -D <branch>` | Deletes branch refs even when unmerged | Check merge state and remote backup before deletion |
+| `git push --force` / `git push -f` | Rewrites remote history | Use only with explicit approval and a protected-branch check |
+
+Advisory hooks may warn on these patterns, but warnings do not replace the approval and preservation requirements.
+
 ## On Violation
 
 1. Stop all operations

package/templates/.claude/rules/SHOULD-memory-integration.md

@@ -5,9 +5,9 @@
 ## Architecture
 
 **Primary**: Native auto memory (`memory` field in agent frontmatter). No external dependencies.
-**Supplementary**: claude-mem MCP (optional, for cross-session search and temporal queries).
+**Supplementary**: AgentMemory-compatible MCP or `omx-memory` for cross-session searchable recall; legacy `claude-mem` is fallback only.
 
-Rule: If native auto memory can handle it, do NOT use claude-mem.
+Rule: If native auto memory can handle it, do NOT use a searchable MCP backend.
 
 ## Native Auto Memory
 
@@ -22,15 +22,23 @@ Agent frontmatter `memory: project|user|local` enables persistent memory:
 | `project` | `.codex/agent-memory/<name>/` | Yes |
 | `local` | `.codex/agent-memory-local/<name>/` | No |
 
-## When to Use claude-mem
+## When to Use Searchable MCP Memory
 
-| Scenario | Native | claude-mem |
+| Scenario | Native | AgentMemory-compatible / omx-memory |
 |----------|--------|------------|
 | Agent learns project patterns | Yes | |
 | Search across sessions | | Yes |
 | Temporal queries | | Yes |
 | Cross-agent sharing | | Yes |
 
+<!-- DETAIL: Backend Selection and Split-Brain Guard
+
+Prefer MCP tools named `memory_search`, `memory_add`, `observation_add`, and `memory_read`. Treat `chroma_query_documents`, `chroma_add_documents`, and `chroma_get_documents` as legacy `claude-mem` fallbacks.
+
+If both backend families are available, warn before writing. Dual-write is acceptable only during an explicit migration window; outside that window, choose one canonical searchable backend and record which one was used in the session summary.
+
+-->
+
 ## Best Practices
 
 - Consult memory before starting work
@@ -324,20 +332,21 @@ User signals session end
        2. Update native auto-memory (MEMORY.md)
        3. Return formatted summary to orchestrator
   → Orchestrator performs MCP saves directly:
-       1. claude-mem save (if available via ToolSearch)
+       1. searchable memory save (AgentMemory-compatible or omx-memory, if available via ToolSearch)
+       2. legacy claude-mem save only when it is the configured fallback
        (episodic-memory auto-indexes after session — no action needed)
   → Orchestrator confirms to user
 ```
 
 ### Responsibility Split
 
-MCP tools (claude-mem, episodic-memory) are **orchestrator-scoped** and not inherited by subagents. Therefore:
+MCP tools (searchable memory backends, episodic-memory) are **orchestrator-scoped** and not inherited by subagents. Therefore:
 
 | Responsibility | Owner | Reason |
 |----------------|-------|--------|
 | Session summary collection | sys-memory-keeper | Domain expertise in memory formatting |
 | Native auto-memory (MEMORY.md) | sys-memory-keeper | Has Write access to memory directory |
-| claude-mem MCP save | Orchestrator | MCP tools only available at orchestrator level |
+| Searchable memory MCP save | Orchestrator | MCP tools only available at orchestrator level |
 | episodic-memory | Automatic | Conversations are auto-indexed after session ends — no manual action needed |
 
 ### Dual-System Save
@@ -345,13 +354,14 @@ MCP tools (claude-mem, episodic-memory) are **orchestrator-scoped** and not inhe
 | System | Owner | Tool | Action | Required |
 |--------|-------|------|--------|----------|
 | Native auto-memory | sys-memory-keeper | Write | Update MEMORY.md with session learnings | Yes |
-| claude-mem | Orchestrator | `mcp__plugin_claude-mem_mcp-search__save_memory` | Save session summary with project, tasks, decisions | No (best-effort) |
+| AgentMemory-compatible / omx-memory | Orchestrator | `memory_add` or `observation_add` | Save session summary with project, tasks, decisions | No (best-effort) |
+| legacy claude-mem | Orchestrator | `chroma_add_documents` or compatible save wrapper | Fallback searchable save when no preferred backend exists | No (best-effort) |
 | episodic-memory | Automatic | (auto-indexed) | No action needed — conversations are indexed automatically after session ends | N/A |
 -->
 
 ### Session-End Self-Check (MANDATORY)
 
-(1) sys-memory-keeper updated MEMORY.md? (2) claude-mem save attempted? Both are required before confirming session-end to the user. See full self-check via Read tool.
+(1) sys-memory-keeper updated MEMORY.md? (2) searchable memory save attempted when a backend is available? Both are required before confirming session-end to the user. See full self-check via Read tool.
 
 <!-- DETAIL: Session-End Self-Check (MANDATORY)
 ```
@@ -362,7 +372,7 @@ MCP tools (claude-mem, episodic-memory) are **orchestrator-scoped** and not inhe
 ║     YES → Continue                                               ║
 ║     NO  → Delegate to sys-memory-keeper first                    ║
 ║                                                                   ║
-║  2. Did I attempt claude-mem save?                               ║
+║  2. Did I attempt searchable memory save when available?         ║
 ║     YES → Continue (even if it failed)                           ║
 ║     NO  → ToolSearch + save now                                  ║
 ║                                                                   ║
@@ -379,5 +389,5 @@ MCP tools (claude-mem, episodic-memory) are **orchestrator-scoped** and not inhe
 ### Failure Policy
 
 - MCP saves are **non-blocking**: memory failure MUST NOT prevent session from ending
-- If claude-mem unavailable: skip, log warning
+- If no searchable memory backend is available: skip, log warning
 - episodic-memory: no action needed (auto-indexed after session)

package/templates/.claude/skills/adversarial-review/SKILL.md

@@ -12,6 +12,16 @@ Review code from an attacker's perspective using STRIDE + OWASP frameworks.
 
 ## 4-Phase Review Process
 
+### Pre-flight: CRG Attack-Surface Probe
+If a code-review graph or CRG MCP server is available, use it before manual inspection:
+
+```text
+Preferred: query_graph({ target, focus: "trust-boundaries attack-surface data-flow" })
+Fallback: get_impact_radius({ target })
+```
+
+Use the result to seed trust-boundary, data-flow, and dependency-risk analysis. If CRG tools are unavailable, continue with local `rg`, route inspection, and dependency/file reads; CRG is advisory and must not block adversarial review.
+
 ### Phase 1: Trust Boundary Analysis
 Identify where trust transitions occur:
 - External input reaching internal logic without validation → **Tampering**

package/templates/.claude/skills/dev-review/SKILL.md

@@ -85,6 +85,15 @@ If any GATE: block and suggest alternative.
 If any WARN: show warning, ask user to confirm.
 If only PASS/INFO: proceed automatically.
 
+### Guard 5: Review Graph Context Probe
+**Level**: INFO
+**Check**: If a code-review graph or CRG MCP server is available, query impact radius before selecting the expert:
+```text
+Preferred: get_impact_radius({ target })
+Fallback: get_minimal_context({ target, purpose: "dev-review" })
+```
+**Action**: Attach the returned affected files, owners, and dependency edges to the review prompt. If the CRG tools are unavailable or time out, continue with `rg`, `git diff`, and local file reads; CRG is advisory and must not block review.
+
 ## Parameters
 
 | Name | Type | Required | Description |
@@ -105,12 +114,13 @@ If only PASS/INFO: proceed automatically.
 ```
 0. Run pre-flight guards (see ## Pre-flight Guards)
 1. Detect language (or use --lang)
-2. Select appropriate expert agent
-3. Load language-specific skill
-4. Analyze code against best practices
-5. Generate review report
+2. Include CRG impact context when available
+3. Select appropriate expert agent
+4. Load language-specific skill
+5. Analyze code against best practices
+6. Generate review report
 ```
-6. **Artifact persistence** (optional): Review agent saves findings to:
+7. **Artifact persistence** (optional): Review agent saves findings to:
    ```
    .codex/outputs/sessions/{YYYY-MM-DD}/dev-review-{HHmmss}.md