oh-my-customcodex 0.5.19 → 0.5.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/dist/cli/index.js +19 -14
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/hooks/hooks.json +10 -0
- package/templates/.claude/hooks/scripts/shell-reserved-var-advisor.sh +25 -0
- package/templates/.claude/rules/MUST-agent-design.md +1 -1
- package/templates/.claude/rules/MUST-agent-teams.md +12 -0
- package/templates/.claude/rules/MUST-completion-verification.md +46 -0
- package/templates/.claude/rules/MUST-parallel-execution.md +13 -0
- package/templates/.claude/rules/MUST-safety.md +17 -0
- package/templates/.claude/rules/SHOULD-interaction.md +3 -0
- package/templates/.claude/rules/SHOULD-memory-integration.md +14 -0
- package/templates/.claude/rules/SHOULD-verification-ladder.md +124 -0
- package/templates/.claude/rules/index.yaml +8 -0
- package/templates/.claude/skills/homework/SKILL.md +11 -0
- package/templates/guides/claude-code/15-version-compatibility.md +11 -0
- package/templates/manifest.json +3 -3
- package/templates/workflows/auto-dev.yaml +11 -0
package/README.md
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
|
|
14
14
|
**[한국어 문서 (Korean)](./README_ko.md)**
|
|
15
15
|
|
|
16
|
-
50 agents. 121 skills.
|
|
16
|
+
50 agents. 121 skills. 23 rules. One command.
|
|
17
17
|
|
|
18
18
|
```bash
|
|
19
19
|
npm install -g oh-my-customcodex && cd your-project && omcustomcodex init
|
|
@@ -217,15 +217,15 @@ All commands are invoked inside the oh-my-customcodex GPT Codex + OMX session.
|
|
|
217
217
|
|
|
218
218
|
---
|
|
219
219
|
|
|
220
|
-
### Rules (
|
|
220
|
+
### Rules (23)
|
|
221
221
|
|
|
222
222
|
| Priority | Count | Purpose |
|
|
223
223
|
|----------|-------|---------|
|
|
224
224
|
| **MUST** | 14 | Safety, permissions, agent design, identification, orchestration, verification, completion, enforcement |
|
|
225
|
-
| **SHOULD** |
|
|
225
|
+
| **SHOULD** | 7 | Interaction, error handling, memory, HUD, ecomode, ontology routing, verification ladder |
|
|
226
226
|
| **MAY** | 1 | Optimization |
|
|
227
227
|
|
|
228
|
-
Key rules: R010 (orchestrator never writes files), R009 (parallel execution mandatory), R017 (sauron verification before push), R020 (completion verification before declaring done), R021 (advisory-first enforcement model).
|
|
228
|
+
Key rules: R010 (orchestrator never writes files), R009 (parallel execution mandatory), R017 (sauron verification before push), R020 (completion verification before declaring done), R021 (advisory-first enforcement model), R023 (verification ladder).
|
|
229
229
|
|
|
230
230
|
---
|
|
231
231
|
|
|
@@ -281,7 +281,7 @@ your-project/
|
|
|
281
281
|
├── AGENTS.md # Entry point
|
|
282
282
|
├── .codex/
|
|
283
283
|
│ ├── agents/ # 50 agent definitions
|
|
284
|
-
│ ├── rules/ #
|
|
284
|
+
│ ├── rules/ # 23 governance rules (R000-R023)
|
|
285
285
|
│ ├── hooks/ # 15 lifecycle hook scripts
|
|
286
286
|
│ ├── schemas/ # Tool input validation schemas
|
|
287
287
|
│ ├── specs/ # Extracted canonical specs
|
package/dist/cli/index.js
CHANGED
|
@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
|
|
|
3091
3091
|
workspaces: [
|
|
3092
3092
|
"packages/*"
|
|
3093
3093
|
],
|
|
3094
|
-
version: "0.5.
|
|
3094
|
+
version: "0.5.21",
|
|
3095
3095
|
requiresCC: ">=2.1.121",
|
|
3096
3096
|
claudeCode: {
|
|
3097
3097
|
minimumVersion: "2.1.121",
|
|
@@ -26418,6 +26418,17 @@ function isCacheFresh(cache, now, cacheTtlMs) {
|
|
|
26418
26418
|
}
|
|
26419
26419
|
return now - checkedAt < cacheTtlMs;
|
|
26420
26420
|
}
|
|
26421
|
+
function readFreshPlausibleCachedVersion(cachePath, currentVersion, now, cacheTtlMs) {
|
|
26422
|
+
const cache = readCache(cachePath);
|
|
26423
|
+
if (!cache || !isCacheFresh(cache, now, cacheTtlMs)) {
|
|
26424
|
+
return null;
|
|
26425
|
+
}
|
|
26426
|
+
const cachedVersion = normalizeVersion(cache.latestVersion);
|
|
26427
|
+
if (!cachedVersion || !isVersionPlausible(currentVersion, cachedVersion)) {
|
|
26428
|
+
return null;
|
|
26429
|
+
}
|
|
26430
|
+
return cachedVersion;
|
|
26431
|
+
}
|
|
26421
26432
|
function fetchLatestVersionFromNpm(packageName = DEFAULT_PACKAGE_NAME) {
|
|
26422
26433
|
try {
|
|
26423
26434
|
const output = execSync2(`npm view ${packageName} version --json`, {
|
|
@@ -26534,7 +26545,8 @@ function executeSelfUpdate(options = {}) {
|
|
|
26534
26545
|
if (!options.silent) {
|
|
26535
26546
|
console.log(i18n.t("cli.selfUpdate.updatingGlobal", { version: latestVersion }));
|
|
26536
26547
|
}
|
|
26537
|
-
const
|
|
26548
|
+
const installPackage = options.installPackage || installGlobalPackage;
|
|
26549
|
+
const installed = installPackage(packageName, latestVersion, options.silent ?? false);
|
|
26538
26550
|
if (installed) {
|
|
26539
26551
|
if (!options.silent) {
|
|
26540
26552
|
console.log(i18n.t("cli.selfUpdate.updated", { version: latestVersion }));
|
|
@@ -26563,20 +26575,13 @@ function checkSelfUpdate(options) {
|
|
|
26563
26575
|
reason: "invalid-current-version"
|
|
26564
26576
|
};
|
|
26565
26577
|
}
|
|
26566
|
-
let latestVersion =
|
|
26567
|
-
|
|
26568
|
-
const cache = readCache(cachePath);
|
|
26569
|
-
if (cache && isCacheFresh(cache, now, cacheTtlMs)) {
|
|
26570
|
-
const cachedVersion = normalizeVersion(cache.latestVersion);
|
|
26571
|
-
if (isVersionPlausible(currentVersion, cachedVersion)) {
|
|
26572
|
-
latestVersion = cachedVersion;
|
|
26573
|
-
usedCache = true;
|
|
26574
|
-
}
|
|
26575
|
-
}
|
|
26578
|
+
let latestVersion = readFreshPlausibleCachedVersion(cachePath, currentVersion, now, cacheTtlMs);
|
|
26579
|
+
const usedCache = Boolean(latestVersion);
|
|
26576
26580
|
if (!latestVersion) {
|
|
26577
26581
|
const fetched = fetchLatestVersion(packageName);
|
|
26578
|
-
|
|
26579
|
-
|
|
26582
|
+
const fetchedVersion = fetched ? normalizeVersion(fetched) : "";
|
|
26583
|
+
if (fetchedVersion) {
|
|
26584
|
+
latestVersion = fetchedVersion;
|
|
26580
26585
|
writeCache(cachePath, latestVersion, now);
|
|
26581
26586
|
}
|
|
26582
26587
|
}
|
package/dist/index.js
CHANGED
package/package.json
CHANGED
|
@@ -102,6 +102,16 @@
|
|
|
102
102
|
],
|
|
103
103
|
"description": "Block Bash/Write/Edit writes into .claude/ sensitive paths before Claude Code permission prompts fire"
|
|
104
104
|
},
|
|
105
|
+
{
|
|
106
|
+
"matcher": "tool == \"Bash\" && tool_input.command matches \"(^|[[:space:];&|])(status|path|argv)[[:space:]]*=\"",
|
|
107
|
+
"hooks": [
|
|
108
|
+
{
|
|
109
|
+
"type": "command",
|
|
110
|
+
"command": "bash .codex/hooks/scripts/shell-reserved-var-advisor.sh"
|
|
111
|
+
}
|
|
112
|
+
],
|
|
113
|
+
"description": "Warn on zsh/bash reserved variable assignments such as status=, path=, or argv= before shell execution (R020/#1491)"
|
|
114
|
+
},
|
|
105
115
|
{
|
|
106
116
|
"matcher": "tool == \"Bash\"",
|
|
107
117
|
"hooks": [
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
# shell-reserved-var-advisor.sh — advisory guard for zsh/bash special variable assignments.
|
|
3
|
+
# Trigger: PreToolUse (Bash matcher)
|
|
4
|
+
|
|
5
|
+
set -euo pipefail
|
|
6
|
+
|
|
7
|
+
input=$(cat)
|
|
8
|
+
command=$(printf '%s' "$input" | jq -r '.tool_input.command // ""' 2>/dev/null || true)
|
|
9
|
+
|
|
10
|
+
if [ -z "$command" ]; then
|
|
11
|
+
printf '%s' "$input"
|
|
12
|
+
exit 0
|
|
13
|
+
fi
|
|
14
|
+
|
|
15
|
+
# zsh exposes several lowercase special parameters as read-only or semantically
|
|
16
|
+
# dangerous. `status=...` is the frequent footgun in polling snippets; `path`
|
|
17
|
+
# and `argv` are arrays/special parameters. Match assignment starts after common
|
|
18
|
+
# shell separators or whitespace, but do not match safe names like run_status=.
|
|
19
|
+
if printf '%s\n' "$command" | grep -Eq '(^|[[:space:];&|])(status|path|argv)[[:space:]]*='; then
|
|
20
|
+
echo '[Hook] WARNING: reserved shell variable assignment detected (R020/#1491).' >&2
|
|
21
|
+
echo '[Hook] Avoid zsh/bash special names: status, path, argv.' >&2
|
|
22
|
+
echo '[Hook] Use safe names such as run_status, cmd_path, or args before executing.' >&2
|
|
23
|
+
fi
|
|
24
|
+
|
|
25
|
+
printf '%s' "$input"
|
|
@@ -24,7 +24,6 @@ tools: [Read, Write, ...] # Allowed tools
|
|
|
24
24
|
| `opus` | claude-opus-4-6 | Complex reasoning, architecture |
|
|
25
25
|
| `opusplan` | claude-opus-4-6 + plan mode | Architecture planning with approval gates |
|
|
26
26
|
| `opus47` | claude-opus-4-7 | Latest Opus model, supports xhigh effort |
|
|
27
|
-
|
|
28
27
|
Extended context suffix: `[1m]` (e.g., `claude-opus-4-6[1m]`) — enables 1M token context window.
|
|
29
28
|
|
|
30
29
|
<!-- DETAIL: Fallback Models and Thinking Toggle (Claude Code v2.1.166+)
|
|
@@ -88,6 +87,7 @@ This Codex port ships `.claude` compatibility templates. When updating those tem
|
|
|
88
87
|
- v2.1.162: `claude agents --json` includes waiting/blocker metadata and explicit `--tools Grep/Glob` behavior is fixed; compatibility prompts may use those fields when diagnosing stuck Claude sessions.
|
|
89
88
|
- v2.1.163: managed `requiredMinimumVersion`/`requiredMaximumVersion`, `/plugin list`, Stop/SubagentStop `hookSpecificOutput.additionalContext`, and skill command literal `\$` escaping are available. Hook/skill template changes should preserve these affordances.
|
|
90
89
|
- v2.1.165: bug-fix/reliability release; no local template change required beyond compatibility confirmation. v2.1.166: fallbackModel availability failover and thinking-disable controls are Claude compatibility settings, not Codex/OMX routing. v2.1.167/v2.1.168: bug-fix-only compatibility confirmation.
|
|
90
|
+
- v2.1.170: Claude compatibility sessions gain access to the `fable` alias (`claude-fable-5`) and fix a VS Code integrated-terminal transcript persistence bug. Skills that rely on transcript replay (for example `homework`) should prefer v2.1.170+ in Claude-template sessions. No Codex runtime model-routing change.
|
|
91
91
|
-->
|
|
92
92
|
|
|
93
93
|
## Hook Event Types
|
|
@@ -8,6 +8,18 @@
|
|
|
8
8
|
|
|
9
9
|
Available when `OMCODEX_AGENT_TEAMS=1` or `TeamCreate` / `SendMessage` exists.
|
|
10
10
|
|
|
11
|
+
## Gate Transparency Scope
|
|
12
|
+
|
|
13
|
+
R018 gate-transparency announcements apply only when Agent Teams are enabled or callable; otherwise R009 parallel-execution announcements are sufficient.
|
|
14
|
+
|
|
15
|
+
<!--
|
|
16
|
+
DETAIL: Gate Transparency Scope
|
|
17
|
+
| Runtime state | Required |
|
|
18
|
+
|---------------|----------|
|
|
19
|
+
| Agent Teams enabled/callable | Announce the R018 gate result for qualifying 3+ agent dispatches |
|
|
20
|
+
| Agent Teams disabled/unavailable | Use R009 `[N]` dispatch format and state the fallback only if useful for clarity |
|
|
21
|
+
-->
|
|
22
|
+
|
|
11
23
|
## Decision Matrix
|
|
12
24
|
|
|
13
25
|
| Scenario | Preferred | Reason |
|
|
@@ -67,6 +67,17 @@ Parallel batches return results together, so a same-batch permanent dispatch pro
|
|
|
67
67
|
|
|
68
68
|
Example: do not diagnose `triage-dispatch.yml` from memory, create an issue, and delegate a fix in the same parallel call before reading the workflow. If the read later shows a different root cause, the issue, PR, and commit trail become correction debt even when the eventual code direction is acceptable.
|
|
69
69
|
|
|
70
|
+
### Proxy Signal vs Canonical Ground-Truth
|
|
71
|
+
|
|
72
|
+
When diagnosing pipeline or data state, verify the canonical store — the authoritative DB, registry, API, or system-of-record — before characterizing state from a secondary proxy such as a `.txt` artifact, filesystem mtime, cached file, or one ingestion path.
|
|
73
|
+
|
|
74
|
+
| Anti-pattern | Required |
|
|
75
|
+
|--------------|----------|
|
|
76
|
+
| Characterize pipeline health from a filesystem proxy | Query the canonical store first |
|
|
77
|
+
| Generalize one ingestion path's failure to the whole pipeline | Check the final landing store across all relevant paths before alarming or reprocessing |
|
|
78
|
+
|
|
79
|
+
A single path's failure does not prove the whole multi-path system is down.
|
|
80
|
+
|
|
70
81
|
## Degraded-Output Re-Verification Gate
|
|
71
82
|
|
|
72
83
|
When tool output shows provider instability, buffering, truncation, duplicated chunks, `529`, timeout recovery, or `(no result)` while a permanent action is being considered, treat the current read as degraded. Do not characterize corruption, missing files, stale state, release failure, or data loss from that single degraded read.
|
|
@@ -164,6 +175,17 @@ When a user sends a new instruction while work is in progress, completion status
|
|
|
164
175
|
3. If the new message adds a requirement, add it to the completion contract before closing.
|
|
165
176
|
4. If no conflict exists, continue but explicitly preserve the new requirement in the next verification pass.
|
|
166
177
|
|
|
178
|
+
### Interrupt ≠ Prior-Request Cancellation
|
|
179
|
+
|
|
180
|
+
If the first message after an interrupt is ambiguous, do not assume the prior request was cancelled. The user may be continuing a multi-message request, correcting input, or starting a new request. Keep the prior non-destructive context alive and ask once only when the new message cannot be classified as a clear instruction.
|
|
181
|
+
|
|
182
|
+
**Safety carve-out:** if the interrupted work is destructive or irreversible (`git reset --hard`, `git clean -fd`, broad `rm`, force push, tunnel/DNS/k8s/infra deletion, production state changes), halt first and require explicit re-authorization before resuming. Interrupts retain their emergency-stop value for risky work.
|
|
183
|
+
|
|
184
|
+
| Anti-pattern | Required |
|
|
185
|
+
|--------------|----------|
|
|
186
|
+
| Treat an ambiguous interrupt as cancellation and switch to unrelated work | Preserve context and clarify intent once |
|
|
187
|
+
| Continue destructive work after an ambiguous interrupt | Stop immediately; resume only after explicit re-authorization |
|
|
188
|
+
|
|
167
189
|
### Tool-Call Payload Completeness
|
|
168
190
|
|
|
169
191
|
도구 호출의 required 파라미터는 invoke 전에 확인한다(완료 선언 후가 아니라 호출 시점의 전제조건). announce(prefix)만 출력하고 payload의 required 필드를 누락하는 패턴은 R008 "Required-Parameter Completeness Check"가 canonical owner다. Reference: #1487 / upstream #1324.
|
|
@@ -212,6 +234,30 @@ Related memory records:
|
|
|
212
234
|
- `feedback_subagent_pre_existing_claims.md` — subagent false-positive pattern
|
|
213
235
|
-->
|
|
214
236
|
|
|
237
|
+
## CI Publish-Step Error vs Published-Artifact Ground Truth
|
|
238
|
+
|
|
239
|
+
A CI publish/deploy step that logs an error has not necessarily failed. The step may recover through a fallback or the error may be non-fatal. Before declaring a publish/release failed, re-running it, rolling it back, or changing release workflow logic, verify the published artifact directly.
|
|
240
|
+
|
|
241
|
+
| Publish target | Ground-truth check |
|
|
242
|
+
|----------------|--------------------|
|
|
243
|
+
| npm | `npm view <pkg> version` equals expected |
|
|
244
|
+
| GitHub Release | `gh release view <tag>` exists and is not draft |
|
|
245
|
+
| Docker/registry image | image tag or manifest exists |
|
|
246
|
+
| Run outcome | `gh run view <id> --json jobs` conclusions, not one step log line |
|
|
247
|
+
|
|
248
|
+
## State-Change Claim → Live System Verification
|
|
249
|
+
|
|
250
|
+
Before closing or marking-done a task that claims an infrastructure/resource state change, verify the actual live system state rather than only the command attempt.
|
|
251
|
+
|
|
252
|
+
| Claimed state change | Live ground-truth check |
|
|
253
|
+
|----------------------|-------------------------|
|
|
254
|
+
| Service stopped | `launchctl list`, `systemctl status`, or equivalent shows inactive/absent |
|
|
255
|
+
| k8s resource torn down | `kubectl get <resource>` returns NotFound |
|
|
256
|
+
| Container removed | `docker ps -a` does not list it |
|
|
257
|
+
| Process killed | `pgrep`/`ps` check returns empty |
|
|
258
|
+
|
|
259
|
+
"Issued the teardown" is not evidence that the resource is down.
|
|
260
|
+
|
|
215
261
|
## Integration
|
|
216
262
|
|
|
217
263
|
| Rule | Interaction |
|
|
@@ -210,6 +210,19 @@ When announcing a parallel dispatch in prose text (not the Agent tool call itsel
|
|
|
210
210
|
The list form mirrors the tool-call `[N]` prefix pattern and scales better to 3+ concurrent agents.
|
|
211
211
|
-->
|
|
212
212
|
|
|
213
|
+
<!--
|
|
214
|
+
DETAIL: Parallel Feature Integration Gate
|
|
215
|
+
|
|
216
|
+
## Parallel Feature Integration Gate
|
|
217
|
+
|
|
218
|
+
When parallel feature agents edit interdependent code, isolated passes are not enough: run aggregate build plus runtime/smoke verification on the merged worktree before declaring done.
|
|
219
|
+
|
|
220
|
+
| Anti-pattern | Required |
|
|
221
|
+
|--------------|----------|
|
|
222
|
+
| Accept each subagent's isolated pass as release-ready | Re-run aggregate verification on the merged worktree |
|
|
223
|
+
| Skip runtime smoke because every file-domain lane passed | Smoke the integrated feature path or device/browser/app surface |
|
|
224
|
+
-->
|
|
225
|
+
|
|
213
226
|
## Result Aggregation
|
|
214
227
|
|
|
215
228
|
```
|
|
@@ -17,6 +17,23 @@
|
|
|
17
17
|
- Do not rotate, delete, recreate, or replace credentials unless the user explicitly requested that exact credential action.
|
|
18
18
|
- Before irreversible action on shared infrastructure or credentials, reconfirm the target, namespace/account/project, requested scope, rollback path, and user authorization.
|
|
19
19
|
- Stop instead of chaining privileged actions when the next step would affect a different credential, tunnel, namespace, pod, cluster, account, or shared service than the user requested.
|
|
20
|
+
- When a credential/token is needed, ask for the specific value or file before running blind discovery scans (`env | grep`, repo-wide token greps, credential-store dumps). If a classifier blocks a credential action once while a standing user-deny is active, switch to a user-runs command and do not retry by another mechanism.
|
|
21
|
+
|
|
22
|
+
### Standing User-Deny + Classifier Block
|
|
23
|
+
|
|
24
|
+
When the user has a standing "do not touch X" constraint and a safety classifier blocks an action on X once, immediately switch to a user-runs command/instruction path. Do not retry the blocked edit, scan, or credential action via another mechanism.
|
|
25
|
+
|
|
26
|
+
### Infra-Diagnostic File Checks — Metadata, Not Contents
|
|
27
|
+
|
|
28
|
+
When diagnosing infrastructure or health issues, file checks must stay metadata-only: `ls -la` for existence, size, permissions, and mtime. Do not `cat .env`, inspect credential JSON keys, or read secret contents into the transcript just to confirm configuration exists.
|
|
29
|
+
|
|
30
|
+
| Anti-pattern | Required |
|
|
31
|
+
|--------------|----------|
|
|
32
|
+
| `cat .env` / inspect OAuth or credential keys during a health diagnosis | `ls -la .env` or request the exact value from the user if genuinely needed |
|
|
33
|
+
|
|
34
|
+
### Infra/Resource Deletion Blast Radius
|
|
35
|
+
|
|
36
|
+
Before deleting shared infrastructure resources (tunnels, DNS records, k8s resources, load balancers, security groups), enumerate every endpoint, route, selector, target, or rule served by that resource — not only the hostname or object the user named. Prefer reversible disable/detach/stop actions when they satisfy the task.
|
|
20
37
|
|
|
21
38
|
## Required Before Destructive Operations
|
|
22
39
|
|
|
@@ -26,6 +26,9 @@
|
|
|
26
26
|
| Clear | Execute immediately |
|
|
27
27
|
| Ambiguous | `[Confirm] Understood "{request}" as {interpretation}. Proceed?` |
|
|
28
28
|
| Risky | `[Warning] This action has {risk}. Continue? Yes: {action} / No: Cancel` |
|
|
29
|
+
| Interrupt (ambiguous first message) | Do not assume the prior request is cancelled. The first message after an interrupt may be continuation, correction, or a new request. If the in-progress action is risky/destructive, apply the Risky row first and halt before clarification. |
|
|
30
|
+
|
|
31
|
+
Request handling precedence: **Risky > Interrupt > Ambiguous > Clear**. Clear new instructions should still be executed directly; the interrupt row exists only for ambiguous first messages after an interruption.
|
|
29
32
|
|
|
30
33
|
## External Product UI Claims
|
|
31
34
|
|
|
@@ -22,6 +22,20 @@ Agent frontmatter `memory: project|user|local` enables persistent memory:
|
|
|
22
22
|
| `project` | `.codex/agent-memory/<name>/` | Yes |
|
|
23
23
|
| `local` | `.codex/agent-memory-local/<name>/` | No |
|
|
24
24
|
|
|
25
|
+
<!--
|
|
26
|
+
DETAIL: Project memory root guard
|
|
27
|
+
|
|
28
|
+
## Subagent `memory: project` Source-Tree Pollution Guard
|
|
29
|
+
|
|
30
|
+
A subagent working from a subdirectory must not create nested `.codex/agent-memory/` or `.claude/agent-memory/` directories inside source packages.
|
|
31
|
+
|
|
32
|
+
| Anti-pattern | Required |
|
|
33
|
+
|--------------|----------|
|
|
34
|
+
| Accept nested `src/**/.codex/agent-memory/` or `src/**/.claude/agent-memory/` created by a worker | Verify memory writes land at project-root `.codex/` (or template-root `.claude/` for compatibility) and remove nested memory directories before commit |
|
|
35
|
+
|
|
36
|
+
Before committing subagent work, check for nested memory pollution with a targeted search such as `find . \\( -path '*/src/*/.codex/agent-memory' -o -path '*/src/*/.claude/agent-memory' \\) -print`.
|
|
37
|
+
-->
|
|
38
|
+
|
|
25
39
|
## When to Use Searchable MCP Memory
|
|
26
40
|
|
|
27
41
|
| Scenario | Native | AgentMemory-compatible / omx-memory |
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
# [SHOULD] Verification Ladder Rules
|
|
2
|
+
|
|
3
|
+
> **Priority**: SHOULD | **ID**: R023
|
|
4
|
+
> **Codex port**: `.codex/**` is the active rule/runtime surface; `templates/.claude/**` mirrors compatibility guidance.
|
|
5
|
+
|
|
6
|
+
## Core Rule
|
|
7
|
+
|
|
8
|
+
검증은 비용/속도 ladder로 구성한다: **결정론적 검사 → cheap LLM → expensive LLM → human**. 가장 저렴한 tier가 먼저 통과해야 다음 tier로 진행한다. 더 낮은 tier에서 잡을 수 있는 문제를 더 비싼 tier에 보내지 않는다.
|
|
9
|
+
|
|
10
|
+
## Ladder Tiers
|
|
11
|
+
|
|
12
|
+
| Tier | 도구 | 비용 | 속도 | 적용 시점 |
|
|
13
|
+
|------|------|------|------|-----------|
|
|
14
|
+
| **1: Deterministic** | hooks, linters, type-check, JSON schema | $0 | <1s | Pre-write, write-time |
|
|
15
|
+
| **2: Cheap LLM** | haiku-based skills (`dev-review`, `action-validator`) | $ | <30s | Per-file review |
|
|
16
|
+
| **3: Expensive LLM** | sonnet/opus skills (`deep-verify`, `adversarial-review`, `multi-model-verification`, `evaluator-optimizer`) | $$$ | 1-5분 | Pre-commit, PR review |
|
|
17
|
+
| **4: Human** | maintainer review | time | hours-days | Final gate, contested decisions |
|
|
18
|
+
|
|
19
|
+
## Shift-left 원칙
|
|
20
|
+
|
|
21
|
+
결정론적 단계가 잡을 수 있는 문제는 LLM에 보내지 않는다. LLM 검증은 ambiguous/semantic 문제에 집중한다.
|
|
22
|
+
|
|
23
|
+
- **좋은 예**: JSON schema 오류 → Tier 1 hook이 차단 → LLM에 미전달
|
|
24
|
+
- **나쁜 예**: 탭/스페이스 혼용 오류 → sonnet으로 전달 → 불필요한 비용 발생
|
|
25
|
+
|
|
26
|
+
R013 (SHOULD-ecomode)의 "저렴한 검증 우선" 원칙과 정합: ecomode는 출력 토큰을 절약하고, R023은 검증 비용을 절약한다.
|
|
27
|
+
|
|
28
|
+
## 기존 자산 매핑
|
|
29
|
+
|
|
30
|
+
| Tier | 자산 | 역할 |
|
|
31
|
+
|------|------|------|
|
|
32
|
+
| **Tier 1** | `.codex/hooks/ (and mirrored templates/.claude/hooks/)` (PreToolUse hooks) | 도구 호출 전 결정론적 차단 |
|
|
33
|
+
| **Tier 1** | `mgr-sauron` (R017 구조 검증) | 에이전트/스킬/가이드 frontmatter 검증 |
|
|
34
|
+
| **Tier 1** | pre-commit configs, linters | 코드 품질 정적 검사 |
|
|
35
|
+
| **Tier 2** | `dev-review` | 파일 단위 haiku 코드 리뷰 |
|
|
36
|
+
| **Tier 2** | `action-validator` | CI/CD 액션 구문 검증 |
|
|
37
|
+
| **Tier 2** | `pre-generation-arch-check` | 생성 전 아키텍처 lite 점검 |
|
|
38
|
+
| **Tier 3** | `deep-verify` | 다단계 품질 검증 (sonnet) |
|
|
39
|
+
| **Tier 3** | `adversarial-review` | 공격자 시각 보안 리뷰 (opus) |
|
|
40
|
+
| **Tier 3** | `multi-model-verification` | 복수 모델 교차 검증 |
|
|
41
|
+
| **Tier 3** | `evaluator-optimizer` | 평가-개선 반복 루프 |
|
|
42
|
+
| **Tier 3** | `worker-reviewer-pipeline` | 구현-리뷰 파이프라인 |
|
|
43
|
+
| **Tier 4** | maintainer manual review | PR approval, final gate |
|
|
44
|
+
|
|
45
|
+
## R021과의 관계
|
|
46
|
+
|
|
47
|
+
R021 (MUST-enforcement-policy)과 R023은 **직교**한다. 두 규칙은 서로 다른 차원을 다룬다:
|
|
48
|
+
|
|
49
|
+
| 규칙 | 질문 | 차원 |
|
|
50
|
+
|------|------|------|
|
|
51
|
+
| **R021** | "어떻게 강제할 것인가?" | Hard block / Soft block / Advisory |
|
|
52
|
+
| **R023** | "어떤 비용으로 검증할 것인가?" | Deterministic / Cheap LLM / Expensive LLM |
|
|
53
|
+
|
|
54
|
+
같은 도구가 두 규칙에 동시에 속할 수 있다:
|
|
55
|
+
|
|
56
|
+
- `mgr-sauron`: R021 관점에서 Advisory (PostToolUse hook), R023 관점에서 Tier 1 (구조 검증)
|
|
57
|
+
- `deep-verify`: R021 관점에서 Prompt-based (blocking 없음), R023 관점에서 Tier 3 (expensive LLM)
|
|
58
|
+
- `.codex/hooks/ (and mirrored templates/.claude/hooks/)` stage-blocker: R021 관점에서 Hard Block, R023 관점에서 Tier 1
|
|
59
|
+
|
|
60
|
+
R021은 위반 시 어떻게 멈출지를, R023은 어떤 순서로 검증할지를 정의한다.
|
|
61
|
+
|
|
62
|
+
## Self-Check
|
|
63
|
+
|
|
64
|
+
새 검증 도구 추가 시:
|
|
65
|
+
|
|
66
|
+
- [ ] 어느 tier에 속하는지 명확한가?
|
|
67
|
+
- [ ] 같은 tier 내 중복 도구는 없는가?
|
|
68
|
+
- [ ] Tier 1에서 잡을 수 있는 문제를 다루는가? (상위 tier 대신 시프트 권고)
|
|
69
|
+
- [ ] Ladder 순서를 문서화했는가? (어떤 검사를 먼저 실행하는지)
|
|
70
|
+
|
|
71
|
+
## Safety-Signal Rule Authoring — Carve-Out Pre-Check (shift-left)
|
|
72
|
+
|
|
73
|
+
> Origin: #1353 (인터럽트 룰 #1341의 후속 회고에서 발견된 R001 carve-out 누락) — 인터럽트 룰(R003/R020)을 작성할 때 R001 파괴적-작업 carve-out을 1차 작성에서 빠뜨렸고, Tier 3 적대적 검증이 release-blocking으로 포착해 보정했다. Tier 3가 잡았으나, 같은 결함을 Tier 1(작성 시점 결정론적 점검)로 시프트하면 비용이 낮다.
|
|
74
|
+
|
|
75
|
+
런타임 안전-신호 동작을 정의하는 룰(인터럽트·취소·halt·중단·emergency-stop 등)을 추가/수정할 때, 작성 단계(Tier 1)에서 다음을 사전 점검한다 — Tier 3 적대적 검증에 의존하기 전에 (이 checklist 같은 메타-룰은 대상 아님):
|
|
76
|
+
|
|
77
|
+
- [ ] 이 룰이 R001 파괴적·비가역 작업(`git reset --hard`, `clean -fd`, `rm`, 터널/DNS/k8s/인프라 삭제) 컨텍스트에서도 안전한가? (fail-closed carve-out 필요 여부)
|
|
78
|
+
- [ ] "진행/계속(proceed)" 류 지시의 대상이 파괴적 작업의 계속으로 오독될 여지가 없는가?
|
|
79
|
+
- [ ] 안전-신호의 fail-safe 의미(emergency-halt)를 약화시키지 않는가? (stop-first ask-after 우선)
|
|
80
|
+
- [ ] 기존 안전 규칙(R001/R002)과의 우선순위가 명시되어 있는가?
|
|
81
|
+
|
|
82
|
+
하나라도 불확실하면 **먼저 carve-out을 명시(Tier 1 우선 해결)**하고, 그래도 불확실하면 Tier 3 적대적 검증(`adversarial-review`, `multi-model-verification`)을 통과시킨 뒤 release한다 (ladder 순서 유지). 이는 R023 shift-left 원칙(저렴한 tier 우선)을 룰 작성 자체에 적용한 것이며, R016 룰 작성 워크플로우의 Tier-1 품질 게이트로 동작한다 (R016은 위반 후 룰 업데이트 소유, R023 carve-out은 안전-신호 룰 작성 시 사전 점검 — 직교). Closes #1353.
|
|
83
|
+
|
|
84
|
+
## Integration
|
|
85
|
+
|
|
86
|
+
| 규칙 | 상호작용 |
|
|
87
|
+
|------|---------|
|
|
88
|
+
| R009 (Parallel Execution) | Tier 1-2 검사는 독립 파일에 대해 병렬 실행 가능 |
|
|
89
|
+
| R013 (Ecomode) | 컨텍스트 압박 시 Tier 3를 Tier 2로 다운그레이드 고려 |
|
|
90
|
+
| R017 (Sync Verification) | Phase 1-3 검증 단계는 R023 Tier 1-3에 대응 |
|
|
91
|
+
| R021 (Enforcement Policy) | 직교: R021은 blocking 방식, R023은 검증 비용 순서 |
|
|
92
|
+
|
|
93
|
+
## Workflow Prompt & Verifier Ground-Truth
|
|
94
|
+
|
|
95
|
+
> Origin: #1266 ③ (High) — a Workflow built the agent prompt as `await agent(prompt) + FACTS`, concatenating the guardrail fact-sheet onto the RETURN VALUE instead of the prompt. The writer never received the facts, hallucinated an in-cluster hostname (`secretary-mcp`), and the adversarial verifier couldn't catch it (the fact was in no source it had).
|
|
96
|
+
|
|
97
|
+
### Prompt Completion Before Call
|
|
98
|
+
|
|
99
|
+
Workflow/agent prompts MUST be fully assembled into the prompt string **before** the `agent()` / Agent tool call. Post-call concatenation onto the return value is a footgun — the agent never sees the appended content.
|
|
100
|
+
|
|
101
|
+
| Anti-pattern | Required |
|
|
102
|
+
|--------------|----------|
|
|
103
|
+
| `const r = await agent(prompt) + FACTS` | `const r = await agent(prompt + FACTS)` — assemble first |
|
|
104
|
+
|
|
105
|
+
### Workflow Script Sanity Check
|
|
106
|
+
|
|
107
|
+
Before invoking a Workflow script, deterministically verify:
|
|
108
|
+
|
|
109
|
+
| Check | Why |
|
|
110
|
+
|-------|-----|
|
|
111
|
+
| No unresolved placeholders (`{phase1_summary}`, `TODO`, `<...>`, `{{ }}`) remain in any agent prompt string | An unfilled placeholder reaches the agent verbatim → garbled task |
|
|
112
|
+
| Template-literal / string concatenation produces the intended prompt (assemble-before-call, see above) | Post-call concatenation (`agent(prompt) + FACTS`) silently drops content |
|
|
113
|
+
| Script parses — balanced braces/quotes, valid JS | A syntax error aborts the entire run after partial work |
|
|
114
|
+
|
|
115
|
+
#### Common Violation (#1271)
|
|
116
|
+
Session 106 follow-up to #1266 ③: a Workflow authoring error recurred — the guardrail fact-sheet was concatenated onto the agent's RETURN VALUE instead of the prompt string, and a placeholder/assembly slip went uncaught because no pre-run sanity check existed. This check is the deterministic Tier-1 guard that catches such slips before the expensive run.
|
|
117
|
+
|
|
118
|
+
Origin: #1271 (Workflow authoring error recurrence, session 106).
|
|
119
|
+
|
|
120
|
+
### Verifier Ground-Truth for Cross-Cutting Facts
|
|
121
|
+
|
|
122
|
+
Cross-cutting facts not verifiable from the primary source (external URLs, in-cluster DNS/hostnames, infra topology) MUST be supplied to the verifier as explicit ground-truth. Otherwise an adversarial verifier cannot distinguish a hallucinated value from a correct one — a verification blind spot.
|
|
123
|
+
|
|
124
|
+
Cross-reference: R009 (giant-prompt decomposition), `worker-reviewer-pipeline` skill.
|
|
@@ -124,6 +124,14 @@ rules:
|
|
|
124
124
|
priority: SHOULD
|
|
125
125
|
scope: all
|
|
126
126
|
|
|
127
|
+
# Verification Ladder - SHOULD
|
|
128
|
+
- id: R023
|
|
129
|
+
name: verification-ladder
|
|
130
|
+
title: Verification Ladder Rules
|
|
131
|
+
path: ./SHOULD-verification-ladder.md
|
|
132
|
+
priority: SHOULD
|
|
133
|
+
scope: all
|
|
134
|
+
|
|
127
135
|
# Agent Teams - MUST (Conditional)
|
|
128
136
|
- id: R018
|
|
129
137
|
name: agent-teams
|
|
@@ -161,6 +161,17 @@ Invoke the `omcustomcodex:feedback` skill with the drafted issue content. The us
|
|
|
161
161
|
|
|
162
162
|
If `--dry-run` is active, skip this phase and output the draft directly to the conversation instead.
|
|
163
163
|
|
|
164
|
+
## Cross-Project Import Compatibility
|
|
165
|
+
|
|
166
|
+
When `homework` is imported into another project, Phase 5 depends on `omcustomcodex:feedback` being available and model-invocable in that project.
|
|
167
|
+
|
|
168
|
+
| Condition | Behavior |
|
|
169
|
+
|-----------|----------|
|
|
170
|
+
| `omcustomcodex:feedback` model-invocable | Use the normal Phase 4A preview + confirmation gate |
|
|
171
|
+
| feedback skill missing or model invocation disabled | Fall back to manual submission: present the drafted findings to the user, write the dry-run artifact when possible, and ask the user to file/run the feedback workflow themselves |
|
|
172
|
+
|
|
173
|
+
Do not silently drop a retrospective because the imported feedback skill cannot be invoked.
|
|
174
|
+
|
|
164
175
|
### Phase 6: Output Summary
|
|
165
176
|
|
|
166
177
|
```
|
|
@@ -2,6 +2,17 @@
|
|
|
2
2
|
|
|
3
3
|
This guide records Claude Code release-note impact that affects the Claude compatibility template. The Codex-native runtime still uses `.codex/**` and OMX as the primary surface.
|
|
4
4
|
|
|
5
|
+
## v2.1.170
|
|
6
|
+
|
|
7
|
+
Published: 2026-06-10.
|
|
8
|
+
|
|
9
|
+
Source: upstream oh-my-customcode #1352/#1354, Codex port #1504.
|
|
10
|
+
|
|
11
|
+
| Change | Impact on oh-my-customcodex | Action |
|
|
12
|
+
|--------|------------------------------|--------|
|
|
13
|
+
| Claude Fable 5 is available through the `fable` alias (`claude-fable-5`) | Useful only for packaged Claude compatibility sessions needing mythos-class reasoning; Codex-native subagents continue to use the OMX model contract and `reasoning_effort`. | Document in R006 as Claude-compatibility metadata. Do not change Codex routing defaults. |
|
|
14
|
+
| VS Code integrated-terminal sessions save transcripts correctly and show them in `--resume` | Improves Claude-template workflows that depend on transcript replay, including imported `homework`/retrospective flows. | Prefer Claude Code v2.1.170+ when testing Claude compatibility transcript-dependent skills. No Codex runtime change. |
|
|
15
|
+
|
|
5
16
|
## v2.1.168
|
|
6
17
|
|
|
7
18
|
Published: 2026-06-07.
|
package/templates/manifest.json
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
{
|
|
2
|
-
"version": "0.5.
|
|
2
|
+
"version": "0.5.21",
|
|
3
3
|
"requiresCC": ">=2.1.121",
|
|
4
4
|
"claudeCode": {
|
|
5
5
|
"minimumVersion": "2.1.121",
|
|
6
6
|
"protectedPathBypassVersion": "2.1.126"
|
|
7
7
|
},
|
|
8
|
-
"lastUpdated": "2026-06-
|
|
8
|
+
"lastUpdated": "2026-06-11T00:00:00.000Z",
|
|
9
9
|
"components": [
|
|
10
10
|
{
|
|
11
11
|
"name": "rules",
|
|
12
12
|
"path": ".codex/rules",
|
|
13
13
|
"description": "Agent behavior rules and guidelines",
|
|
14
|
-
"files":
|
|
14
|
+
"files": 23
|
|
15
15
|
},
|
|
16
16
|
{
|
|
17
17
|
"name": "agents",
|
|
@@ -140,6 +140,10 @@ steps:
|
|
|
140
140
|
6. Halt if current failures exceed baseline; otherwise report pass/fail counts and delta.
|
|
141
141
|
7. Run `bun run build` when available.
|
|
142
142
|
|
|
143
|
+
Documentation/template validation:
|
|
144
|
+
- For local or CI docs validation, run `bun run .github/scripts/validate-docs.ts --programmatic-only` (or the repo's equivalent validate-docs command with `--programmatic-only`) before assuming a validation failure is an authentication failure.
|
|
145
|
+
- Treat interactive/auth-dependent validate-docs output as inconclusive until the programmatic-only path has been tried.
|
|
146
|
+
|
|
143
147
|
Halt on lint errors, typecheck errors, new test failures, build failure, or lockfile drift.
|
|
144
148
|
description: Auto-detected build + test verification with mandatory bun test baseline delta guard
|
|
145
149
|
|
|
@@ -155,6 +159,13 @@ steps:
|
|
|
155
159
|
|
|
156
160
|
Required version preflight for npm package releases:
|
|
157
161
|
- Determine NEW_VERSION before creating a release branch, PR, or tag.
|
|
162
|
+
- Version decision (semver) — PATCH-PREFERRED policy from v1.0.0 onward:
|
|
163
|
+
* No existing tags → v0.1.0.
|
|
164
|
+
* Previous tag exists → default to patch. When in doubt, patch; do not reflexively bump minor for rule/doc/skill/config/wiki/workflow edits.
|
|
165
|
+
* patch (DEFAULT): bugfixes, hardening, rule/doc/skill/config/wiki/workflow changes, compatibility notes, and release-process guardrails.
|
|
166
|
+
* minor: only a genuinely new user-facing capability, such as a new skill/agent/command adding visible surface, not a refinement of an existing one.
|
|
167
|
+
* major: breaking changes to user-facing contracts (CLI flags, public skill/command names, public API) or a deliberate milestone declaration such as v1.0.0.
|
|
168
|
+
* If a previous tag is ahead of the source version, use the next available skip-version.
|
|
158
169
|
- Update `package.json` and `templates/manifest.json` to NEW_VERSION in the same commit.
|
|
159
170
|
- Promote `CHANGELOG.md` before the release PR/tag: move non-empty `## [Unreleased]` entries into `## [NEW_VERSION] - YYYY-MM-DD`, then re-create an empty `## [Unreleased]` section above it.
|
|
160
171
|
- If `CHANGELOG.md` has no user/package-visible entry for NEW_VERSION, add a concise release summary before continuing instead of relying on GitHub auto-generated release notes.
|