ozm 2026.4.25.4__tar.gz

ozm-2026.4.25.4/PKG-INFO

@@ -0,0 +1,13 @@
+Metadata-Version: 2.4
+Name: ozm
+Version: 2026.4.25.4
+Summary: Content-aware script execution gate and git rule enforcer
+Author: Kamyar
+Author-email: claude@kamy.me
+Requires-Python: >=3.12
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Requires-Dist: click (>=8.0)
+Requires-Dist: pyyaml (>=6.0)

ozm-2026.4.25.4/pyproject.toml

@@ -0,0 +1,18 @@
+[tool.poetry]
+name = "ozm"
+version = "2026.4.25.4"
+description = "Content-aware script execution gate and git rule enforcer"
+authors = ["Kamyar <claude@kamy.me>"]
+packages = [{include = "ozm", from = "src"}]
+
+[tool.poetry.scripts]
+ozm = "ozm.cli:cli"
+
+[tool.poetry.dependencies]
+python = ">=3.12"
+click = ">=8.0"
+pyyaml = ">=6.0"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"

ozm-2026.4.25.4/src/ozm/approve.py

@@ -0,0 +1,197 @@
+#!/usr/bin/env python3
+"""OS-native approval dialog for script review."""
+
+import os
+import platform
+import subprocess
+from typing import NamedTuple
+
+ELECTRON_EDITORS = {"code", "cursor", "codium", "code-insiders"}
+
+ELECTRON_PROCESS_NAMES = {
+    "code": "Code",
+    "code-insiders": "Code - Insiders",
+    "cursor": "Cursor",
+    "codium": "VSCodium",
+}
+
+
+class ReviewSession(NamedTuple):
+    proc: subprocess.Popen
+    editor: str | None = None
+    filename: str | None = None
+
+
+class ApprovalResult(NamedTuple):
+    approved: bool | None
+    feedback: str | None = None
+
+
+def _extract_feedback(stdout: str) -> str | None:
+    for part in stdout.strip().split(", "):
+        if part.startswith("text returned:"):
+            text = part[len("text returned:"):]
+            return text if text.strip() else None
+    return None
+
+
+def request_approval(script: str, label: str) -> ApprovalResult:
+    """Ask the user to review and approve a script via OS-native UI."""
+    if platform.system() == "Darwin":
+        return _approve_macos(script, label)
+    return ApprovalResult(approved=None)
+
+
+def _count_lines(path: str) -> int:
+    with open(path) as f:
+        return sum(1 for _ in f)
+
+
+def _is_electron_editor(editor: str) -> bool:
+    return os.path.basename(editor) in ELECTRON_EDITORS
+
+
+def _open_for_review(path: str) -> ReviewSession:
+    editor = os.environ.get("VISUAL") or os.environ.get("EDITOR")
+
+    if editor and _is_electron_editor(editor):
+        basename = os.path.basename(editor)
+        proc = subprocess.Popen(
+            [editor, "--new-window", path],
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+        )
+        return ReviewSession(proc=proc, editor=basename, filename=os.path.basename(path))
+
+    if editor:
+        proc = subprocess.Popen(
+            [editor, path],
+            stdout=subprocess.DEVNULL,
+            stderr=subprocess.DEVNULL,
+        )
+        return ReviewSession(proc=proc)
+
+    proc = subprocess.Popen(
+        ["qlmanage", "-p", path],
+        stdout=subprocess.DEVNULL,
+        stderr=subprocess.DEVNULL,
+    )
+    return ReviewSession(proc=proc)
+
+
+def _close_review(session: ReviewSession) -> None:
+    if session.editor and session.filename:
+        process_name = ELECTRON_PROCESS_NAMES.get(session.editor)
+        if process_name:
+            _close_electron_window(process_name, session.filename)
+            return
+
+    session.proc.terminate()
+    try:
+        session.proc.wait(timeout=3)
+    except subprocess.TimeoutExpired:
+        session.proc.kill()
+
+
+def _close_electron_window(process_name: str, filename: str) -> None:
+    safe_name = filename.replace("\\", "\\\\").replace('"', '\\"')
+    script = (
+        f'tell application "System Events"\n'
+        f'  tell process "{process_name}"\n'
+        f'    set w to (first window whose name contains "{safe_name}")\n'
+        f'    click (first button of w whose subrole is "AXCloseButton")\n'
+        f'    delay 0.5\n'
+        f'    if (count of windows) is 0 then\n'
+        f'      keystroke "q" using command down\n'
+        f'    end if\n'
+        f'  end tell\n'
+        f'end tell'
+    )
+    try:
+        subprocess.run(["osascript", "-e", script], capture_output=True, timeout=5)
+    except (subprocess.TimeoutExpired, OSError):
+        pass
+
+
+def request_cmd_approval(command: str) -> ApprovalResult:
+    """Ask the user to approve an arbitrary command via OS-native dialog."""
+    if platform.system() == "Darwin":
+        return _approve_cmd_macos(command)
+    return ApprovalResult(approved=None)
+
+
+def _parse_dialog_result(result: subprocess.CompletedProcess) -> ApprovalResult:
+    if result.returncode == 0:
+        stdout = result.stdout
+        feedback = _extract_feedback(stdout)
+        if "button returned:Allow" in stdout:
+            return ApprovalResult(approved=True)
+        if "button returned:Deny" in stdout:
+            return ApprovalResult(approved=False, feedback=feedback)
+        return ApprovalResult(approved=False)
+
+    if "user canceled" in result.stderr.lower():
+        return ApprovalResult(approved=False)
+
+    return ApprovalResult(approved=None)
+
+
+def _approve_cmd_macos(command: str) -> ApprovalResult:
+    safe_cmd = command.replace("\\", "\\\\").replace('"', '\\"')
+    dialog_text = (
+        f"Command:\\n\\n{safe_cmd}\\n\\n"
+        f"Allow execution?"
+    )
+
+    try:
+        result = subprocess.run(
+            [
+                "osascript",
+                "-e",
+                f'display dialog "{dialog_text}" '
+                f'default answer "" '
+                f'buttons {{"Deny", "Allow"}} default button "Deny" '
+                f'with title "ozm" with icon caution',
+            ],
+            capture_output=True,
+            text=True,
+            timeout=300,
+        )
+    except (subprocess.TimeoutExpired, OSError):
+        return ApprovalResult(approved=None)
+
+    return _parse_dialog_result(result)
+
+
+def _approve_macos(script: str, label: str) -> ApprovalResult:
+    line_count = _count_lines(script)
+    session = _open_for_review(script)
+
+    safe_path = script.replace("\\", "\\\\").replace('"', '\\"')
+    dialog_text = (
+        f"[{label}] {safe_path}\\n\\n"
+        f"{line_count} lines\\n\\n"
+        f"The file has been opened for review.\\n"
+        f"Allow execution?"
+    )
+
+    try:
+        result = subprocess.run(
+            [
+                "osascript",
+                "-e",
+                f'display dialog "{dialog_text}" '
+                f'default answer "" '
+                f'buttons {{"Deny", "Allow"}} default button "Deny" '
+                f'with title "ozm" with icon caution',
+            ],
+            capture_output=True,
+            text=True,
+            timeout=300,
+        )
+    except (subprocess.TimeoutExpired, OSError):
+        _close_review(session)
+        return ApprovalResult(approved=None)
+
+    _close_review(session)
+    return _parse_dialog_result(result)

ozm-2026.4.25.4/src/ozm/cli.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+
+import click
+
+from ozm.run import reset_cmd, run_cmd, status_cmd
+from ozm.git import git_cmd
+from ozm.install import install_cmd
+from ozm.cmd import cmd_cmd
+
+
+@click.group()
+def cli():
+    """Content-aware script execution gate and git rule enforcer."""
+
+
+cli.add_command(run_cmd, "run")
+cli.add_command(status_cmd, "status")
+cli.add_command(reset_cmd, "reset")
+cli.add_command(git_cmd, "git")
+cli.add_command(install_cmd, "install")
+cli.add_command(cmd_cmd, "cmd")

ozm-2026.4.25.4/src/ozm/cmd.py

@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""Arbitrary command pass-through with approval dialog."""
+
+import hashlib
+import subprocess
+import sys
+
+import click
+
+from ozm.approve import request_cmd_approval
+from ozm.config import is_command_allowed, project_key
+from ozm.run import load_hashes, save_hashes
+
+CMD_PREFIX = "cmd:"
+
+
+def _cmd_hash(command: str) -> str:
+    return hashlib.sha256(command.encode()).hexdigest()
+
+
+@click.command(
+    "cmd",
+    context_settings={"ignore_unknown_options": True, "allow_extra_args": True},
+)
+@click.argument("command_and_args", nargs=-1, type=click.UNPROCESSED, required=True)
+def cmd_cmd(command_and_args: tuple[str, ...]) -> None:
+    """Run an arbitrary command after approval."""
+    if not command_and_args:
+        raise click.ClickException("Nothing to run.")
+
+    command = " ".join(command_and_args)
+
+    if is_command_allowed(command):
+        result = subprocess.run(command, shell=True)
+        sys.exit(result.returncode)
+
+    key = project_key(CMD_PREFIX + command)
+    current_hash = _cmd_hash(command)
+    hashes = load_hashes()
+
+    if hashes.get(key) == current_hash:
+        result = subprocess.run(command, shell=True)
+        sys.exit(result.returncode)
+
+    approval = request_cmd_approval(command)
+
+    if approval.approved is True:
+        hashes[key] = current_hash
+        save_hashes(hashes)
+        click.echo("ozm: approved cmd")
+        result = subprocess.run(command, shell=True)
+        sys.exit(result.returncode)
+
+    if approval.approved is False:
+        if approval.feedback:
+            click.echo(f"ozm: denied cmd — {approval.feedback}", err=True)
+        else:
+            click.echo("ozm: denied cmd", err=True)
+        sys.exit(1)
+
+    click.echo(f"ozm: {command}")
+    click.echo("No approval dialog available. Review the command above.")
+    sys.exit(1)

ozm-2026.4.25.4/src/ozm/config.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+"""Per-project configuration via .ozm.yaml."""
+
+import fnmatch
+import os
+
+import yaml
+
+
+CONFIG_FILE = ".ozm.yaml"
+
+
+def find_project_root() -> str:
+    """Walk up from cwd to find directory containing .ozm.yaml or .git, else cwd."""
+    d = os.getcwd()
+    while True:
+        if os.path.exists(os.path.join(d, CONFIG_FILE)) or os.path.exists(
+            os.path.join(d, ".git")
+        ):
+            return d
+        parent = os.path.dirname(d)
+        if parent == d:
+            return os.getcwd()
+        d = parent
+
+
+def load_project_config() -> dict:
+    """Load .ozm.yaml from the project root. Returns empty dict if missing."""
+    root = find_project_root()
+    path = os.path.join(root, CONFIG_FILE)
+    if not os.path.exists(path):
+        return {}
+    with open(path) as f:
+        data = yaml.safe_load(f)
+        return data if isinstance(data, dict) else {}
+
+
+def is_command_allowed(command: str) -> bool:
+    """Check if a command matches any pattern in the project's allowed_commands."""
+    config = load_project_config()
+    patterns = config.get("allowed_commands", [])
+    if not isinstance(patterns, list):
+        return False
+    first_word = command.split()[0] if command.strip() else ""
+    for pattern in patterns:
+        if not isinstance(pattern, str):
+            continue
+        if fnmatch.fnmatch(command, pattern) or fnmatch.fnmatch(first_word, pattern):
+            return True
+    return False
+
+
+def project_key(key: str) -> str:
+    """Prefix a hash key with the project root for project-scoped storage."""
+    root = find_project_root()
+    return f"{root}:{key}"

ozm-2026.4.25.4/src/ozm/git.py

@@ -0,0 +1,100 @@
+#!/usr/bin/env python3
+"""Git pass-through with rule enforcement on commit and push."""
+
+import subprocess
+import sys
+
+import click
+
+MAX_SUBJECT_LENGTH = 72
+MAX_MESSAGE_LENGTH = 500
+PROTECTED_BRANCHES = {"main", "master"}
+
+
+def get_current_branch() -> str | None:
+    result = subprocess.run(
+        ["git", "rev-parse", "--abbrev-ref", "HEAD"],
+        capture_output=True,
+        text=True,
+    )
+    return result.stdout.strip() if result.returncode == 0 else None
+
+
+def extract_message(args: list[str]) -> str | None:
+    for i, arg in enumerate(args):
+        if arg in ("-m", "--message") and i + 1 < len(args):
+            return args[i + 1]
+        if arg.startswith("-m") and len(arg) > 2:
+            return arg[2:]
+        if arg.startswith("--message="):
+            return arg.split("=", 1)[1]
+    return None
+
+
+def validate_message(message: str) -> list[str]:
+    errors = []
+    lines = message.splitlines()
+    subject = lines[0] if lines else ""
+
+    if len(subject) > MAX_SUBJECT_LENGTH:
+        errors.append(
+            f"Subject line is {len(subject)} chars (max {MAX_SUBJECT_LENGTH})"
+        )
+
+    if len(message) > MAX_MESSAGE_LENGTH:
+        errors.append(
+            f"Total message is {len(message)} chars (max {MAX_MESSAGE_LENGTH})"
+        )
+
+    return errors
+
+
+def _check_commit(args: list[str]) -> None:
+    message = extract_message(args)
+    if message:
+        errors = validate_message(message)
+        if errors:
+            click.echo("ozm: commit blocked:", err=True)
+            for e in errors:
+                click.echo(f"  - {e}", err=True)
+            sys.exit(1)
+
+
+def _check_push(args: list[str]) -> None:
+    force_flags = {"--force", "-f"}
+    if any(a in force_flags for a in args):
+        click.echo("ozm: force push is not allowed", err=True)
+        sys.exit(1)
+
+    branch = get_current_branch()
+    if branch in PROTECTED_BRANCHES:
+        click.echo(f"ozm: pushing to '{branch}' is not allowed", err=True)
+        sys.exit(1)
+
+    for arg in args:
+        if not arg.startswith("-") and arg in PROTECTED_BRANCHES:
+            click.echo(f"ozm: pushing to '{arg}' is not allowed", err=True)
+            sys.exit(1)
+
+
+@click.command(
+    "git",
+    context_settings={"ignore_unknown_options": True, "allow_extra_args": True},
+)
+@click.argument("args", nargs=-1, type=click.UNPROCESSED)
+def git_cmd(args: tuple[str, ...]) -> None:
+    """Git pass-through. Enforces rules on commit and push."""
+    if not args:
+        subprocess.run(["git"])
+        return
+
+    subcmd = args[0]
+    rest = list(args[1:])
+
+    if subcmd == "commit":
+        _check_commit(rest)
+    elif subcmd == "push":
+        _check_push(rest)
+
+    result = subprocess.run(["git", *args])
+    sys.exit(result.returncode)

ozm-2026.4.25.4/src/ozm/install.py

@@ -0,0 +1,154 @@
+#!/usr/bin/env python3
+"""Install ozm hooks and agent configuration."""
+
+import json
+import os
+import stat
+
+import click
+
+OZM_DIR = os.path.expanduser("~/.ozm")
+HOOKS_DIR = os.path.join(OZM_DIR, "hooks")
+ENFORCE_HOOK = os.path.join(HOOKS_DIR, "enforce.sh")
+
+HOOK_SCRIPT = r'''#!/usr/bin/env python3
+import json, sys, re
+
+try:
+    data = json.load(sys.stdin)
+except Exception:
+    sys.exit(0)
+
+command = data.get("tool_input", {}).get("command", "")
+if not command:
+    sys.exit(0)
+
+def deny(reason):
+    json.dump({"hookSpecificOutput": {
+        "hookEventName": "PreToolUse",
+        "permissionDecision": "deny",
+        "permissionDecisionReason": reason,
+    }}, sys.stdout)
+    sys.exit(0)
+
+SAFE = {"echo", "printf", "pwd", "date", "true", "false", "test"}
+
+stripped = re.sub(r"""(?:"(?:[^"\\]|\\.)*"|'[^']*')""", '""', command)
+parts = re.split(r"\s*(?:&&|\|\||;)\s*", stripped)
+for part in parts:
+    part = part.strip()
+    if not part:
+        continue
+    first_word = re.split(r"\s+", part)[0]
+    if first_word == "ozm":
+        continue
+    if first_word in SAFE:
+        continue
+    if first_word == "git":
+        deny("Use 'ozm git <subcommand>' instead of 'git' directly.")
+    deny(f"Use 'ozm cmd {part}' instead of running commands directly. For script files use 'ozm run <script>'.")
+'''
+
+CLAUDE_MD = """# ozm — script execution gate
+
+All script execution and git operations must go through `ozm`.
+
+## Rules
+
+- **Run scripts:** `ozm run <script> [args...]` — never `python`, `bash`, `./`, or `uv run` directly
+- **Run commands:** `ozm cmd <command> [args...]` — for arbitrary commands (e.g. `ozm cmd uv pip install -e .`)
+- **Commit:** `ozm git commit -m "short message"` — max 72 char subject, max 500 chars total
+- **Push:** `ozm git push` — no force push, no pushing to main/master
+- **Status:** `ozm status` — show tracked scripts
+- **Reset:** `ozm reset <script>` or `ozm reset --all`
+
+Keep commit messages short. No heredoc/EOF patterns. Simple `-m "message"` only.
+"""
+
+AGENTS_MD = """# ozm — script execution gate
+
+All script execution and git operations must go through `ozm`.
+
+## Rules
+
+- **Run scripts:** `ozm run <script> [args...]` — never `python`, `bash`, `./`, or `uv run` directly
+- **Run commands:** `ozm cmd <command> [args...]` — for arbitrary commands (e.g. `ozm cmd uv pip install -e .`)
+- **Commit:** `ozm git commit -m "short message"` — max 72 char subject, max 500 chars total
+- **Push:** `ozm git push` — no force push, no pushing to main/master
+
+Keep commit messages short. No heredoc/EOF patterns. Simple `-m "message"` only.
+"""
+
+CLAUDE_HOOKS_CONFIG = {
+    "hooks": {
+        "PreToolUse": [
+            {
+                "matcher": "Bash",
+                "hooks": [
+                    {
+                        "type": "command",
+                        "command": ENFORCE_HOOK,
+                    }
+                ],
+            }
+        ]
+    }
+}
+
+
+def _write_hook_script() -> None:
+    os.makedirs(HOOKS_DIR, exist_ok=True)
+    with open(ENFORCE_HOOK, "w") as f:
+        f.write(HOOK_SCRIPT)
+    st = os.stat(ENFORCE_HOOK)
+    os.chmod(ENFORCE_HOOK, st.st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
+    click.echo(f"  hook: {ENFORCE_HOOK}")
+
+
+def _write_file(path: str, content: str) -> None:
+    with open(path, "w") as f:
+        f.write(content)
+    click.echo(f"  wrote: {path}")
+
+
+def _configure_claude_code() -> None:
+    claude_dir = os.path.join(os.getcwd(), ".claude")
+    os.makedirs(claude_dir, exist_ok=True)
+    settings_path = os.path.join(claude_dir, "settings.json")
+
+    if os.path.exists(settings_path):
+        with open(settings_path) as f:
+            settings = json.load(f)
+    else:
+        settings = {}
+
+    settings.setdefault("hooks", {})
+    pre_hooks = settings["hooks"].setdefault("PreToolUse", [])
+
+    already = any(
+        h.get("matcher") == "Bash"
+        and any(
+            hk.get("command") == ENFORCE_HOOK
+            for hk in h.get("hooks", [])
+        )
+        for h in pre_hooks
+    )
+
+    if not already:
+        pre_hooks.append(CLAUDE_HOOKS_CONFIG["hooks"]["PreToolUse"][0])
+
+    with open(settings_path, "w") as f:
+        json.dump(settings, f, indent=2)
+        f.write("\n")
+    click.echo(f"  claude: {settings_path}")
+
+
+@click.command("install")
+def install_cmd() -> None:
+    """Install ozm hooks and agent configuration in the current project."""
+    click.echo("ozm: installing...")
+    _write_hook_script()
+    _configure_claude_code()
+    _write_file("CLAUDE.md", CLAUDE_MD)
+    _write_file("AGENTS.md", AGENTS_MD)
+    click.echo("ozm: done")

ozm-2026.4.25.4/src/ozm/run.py

@@ -0,0 +1,164 @@
+#!/usr/bin/env python3
+"""Hash-based script execution gate."""
+
+import hashlib
+import os
+import stat
+import subprocess
+import sys
+
+import click
+import yaml
+
+from ozm.approve import request_approval
+from ozm.config import project_key
+
+OZM_DIR = os.path.expanduser("~/.ozm")
+HASH_FILE = os.path.join(OZM_DIR, "hashes.yaml")
+
+
+def compute_hash(path: str) -> str:
+    with open(path, "rb") as f:
+        return hashlib.sha256(f.read()).hexdigest()
+
+
+def resolve_path(path: str) -> str:
+    return os.path.abspath(path)
+
+
+def load_hashes() -> dict[str, str]:
+    if os.path.exists(HASH_FILE):
+        with open(HASH_FILE) as f:
+            data = yaml.safe_load(f)
+            return data if data else {}
+    return {}
+
+
+def save_hashes(hashes: dict[str, str]) -> None:
+    os.makedirs(OZM_DIR, exist_ok=True)
+    with open(HASH_FILE, "w") as f:
+        yaml.dump(hashes, f, default_flow_style=False, sort_keys=True)
+
+
+def show_file(path: str) -> None:
+    with open(path) as f:
+        content = f.read()
+    lines = content.splitlines()
+    width = len(str(len(lines)))
+    click.echo(f"\n{'=' * 60}")
+    click.echo(f"  {path}")
+    click.echo(f"{'=' * 60}")
+    for i, line in enumerate(lines, 1):
+        click.echo(f"  {i:>{width}} | {line}")
+    click.echo(f"{'=' * 60}\n")
+
+
+def ensure_executable(path: str) -> None:
+    st = os.stat(path)
+    if not st.st_mode & stat.S_IXUSR:
+        os.chmod(path, st.st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
+
+
+@click.command(
+    "run",
+    context_settings={"ignore_unknown_options": True, "allow_extra_args": True},
+)
+@click.argument("script")
+@click.argument("args", nargs=-1, type=click.UNPROCESSED)
+def run_cmd(script: str, args: tuple[str, ...]) -> None:
+    """Run a script after content review (hash-gated)."""
+    if not os.path.exists(script):
+        raise click.ClickException(f"{script}: not found")
+
+    abs_path = resolve_path(script)
+    key = project_key(abs_path)
+    current_hash = compute_hash(script)
+    hashes = load_hashes()
+    stored_hash = hashes.get(key)
+
+    if stored_hash == current_hash:
+        ensure_executable(script)
+        result = subprocess.run([script, *args])
+        sys.exit(result.returncode)
+
+    label = "NEW" if stored_hash is None else "CHANGED"
+
+    approval = request_approval(script, label)
+
+    if approval.approved is True:
+        hashes[key] = current_hash
+        save_hashes(hashes)
+        click.echo(f"ozm: approved {script}")
+        ensure_executable(script)
+        result = subprocess.run([script, *args])
+        sys.exit(result.returncode)
+
+    if approval.approved is False:
+        if approval.feedback:
+            click.echo(f"ozm: denied {script} — {approval.feedback}", err=True)
+        else:
+            click.echo(f"ozm: denied {script}", err=True)
+        sys.exit(1)
+
+    click.echo(f"ozm: [{label}] {script}")
+    show_file(script)
+
+    hashes[key] = current_hash
+    save_hashes(hashes)
+
+    click.echo("Review the content above. Run the same command again to execute.")
+    sys.exit(1)
+
+
+@click.command("status")
+def status_cmd() -> None:
+    """Show tracked files and commands with their approval status."""
+    from ozm.config import find_project_root
+
+    root = find_project_root()
+    prefix = root + ":"
+    hashes = load_hashes()
+    entries = {k: v for k, v in hashes.items() if k.startswith(prefix)}
+    if not entries:
+        click.echo("No tracked entries.")
+        return
+    for key, stored_hash in sorted(entries.items()):
+        display = key[len(prefix):]
+        if "cmd:" in display:
+            label = "ok"
+        elif os.path.exists(display):
+            current = compute_hash(display)
+            label = "ok" if current == stored_hash else "CHANGED"
+        else:
+            label = "MISSING"
+        click.echo(f"  [{label:>7}] {display}")
+
+
+@click.command("reset")
+@click.argument("script", required=False)
+@click.option("--all", "reset_all", is_flag=True, help="Forget all approvals.")
+def reset_cmd(script: str | None, reset_all: bool) -> None:
+    """Forget approval for a script (or all scripts with --all)."""
+    from ozm.config import find_project_root
+
+    root = find_project_root()
+    prefix = root + ":"
+
+    if reset_all:
+        hashes = load_hashes()
+        hashes = {k: v for k, v in hashes.items() if not k.startswith(prefix)}
+        save_hashes(hashes)
+        click.echo("All approvals cleared for this project.")
+        return
+
+    if not script:
+        raise click.ClickException("Provide a script name, or use --all.")
+
+    abs_path = resolve_path(script)
+    key = project_key(abs_path)
+    hashes = load_hashes()
+    if key not in hashes:
+        raise click.ClickException(f"{script} is not tracked.")
+    del hashes[key]
+    save_hashes(hashes)
+    click.echo(f"Forgot approval for {script}")