@jmylchreest/aide-plugin 0.0.39 → 0.0.40

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jmylchreest/aide-plugin",
-  "version": "0.0.39",
+  "version": "0.0.40",
   "description": "aide plugin for OpenCode — multi-agent orchestration, memory, skills, and persistence",
   "type": "module",
   "main": "./src/opencode/index.ts",

package/skills/code-search/SKILL.md

@@ -86,6 +86,18 @@ Is the code indexed?
 → Returns: file count, symbol count, reference count
 ```
 
+### 6. Search Findings (`mcp__plugin_aide_aide__findings_search`)
+
+Search static analysis findings (complexity hotspots, secrets, code clones, coupling issues).
+
+**Example usage:**
+
+```
+Any complexity issues in src/auth?
+→ Uses findings_search tool with query "auth" or file filter
+→ Returns: findings with file, line, severity, description
+```
+
 ## Workflow
 
 1. **First, check if codebase is indexed:**

package/skills/git/SKILL.md

@@ -156,6 +156,16 @@ git worktree list | grep <worktree-path>
 git branch -a | grep <branch-name>
 ```
 
+## Change Context with Findings
+
+When reviewing diffs or preparing commits, use findings tools to understand the quality context of changed code:
+
+- `mcp__plugin_aide_aide__findings_search` — Search for known issues (complexity, secrets, clones) in changed files
+- `mcp__plugin_aide_aide__findings_list` — List all findings for a specific file to understand its health
+- `mcp__plugin_aide_aide__findings_stats` — Quick overview of finding counts across the project
+
+This helps surface pre-existing issues in files you're touching, and can inform whether a commit should also address nearby problems.
+
 ## Parallel Work Pattern
 
 For swarm mode or parallel features:

package/skills/memorise/SKILL.md

@@ -52,25 +52,31 @@ Use the `./.aide/bin/aide memory add` CLI command via Bash:
 ### Simple preference (global - injected at session start)
 
 ```bash
-./.aide/bin/aide memory add --category=learning --tags=preferences,colour,scope:global "User's favourite colour is blue"
+./.aide/bin/aide memory add --category=learning --tags=preferences,colour,scope:global,source:user "User's favourite colour is blue"
 ```
 
-### Technical learning (project-specific)
+### Technical learning (project-specific, verified)
 
 ```bash
-./.aide/bin/aide memory add --category=learning --tags=testing,vitest,project:myapp,session:abc12345 "Vitest requires .js extensions for ESM imports even for .ts files. Configure moduleResolution: NodeNext in tsconfig."
+./.aide/bin/aide memory add --category=learning --tags=testing,vitest,project:myapp,session:abc12345,source:discovered,verified:true "Vitest requires .js extensions for ESM imports even for .ts files. Configure moduleResolution: NodeNext in tsconfig."
 ```
 
 ### Session summary
 
 ```bash
-./.aide/bin/aide memory add --category=session --tags=auth,api,project:myapp,session:abc12345 "Implemented JWT auth with 15min access tokens, 7day refresh tokens in httpOnly cookies. Files: src/auth/jwt.ts, src/middleware/auth.ts, src/routes/auth.ts"
+./.aide/bin/aide memory add --category=session --tags=auth,api,project:myapp,session:abc12345,source:discovered "Implemented JWT auth with 15min access tokens, 7day refresh tokens in httpOnly cookies. Files: src/auth/jwt.ts, src/middleware/auth.ts, src/routes/auth.ts"
 ```
 
 ### Gotcha (global - applies everywhere)
 
 ```bash
-./.aide/bin/aide memory add --category=gotcha --tags=hooks,claude-code,scope:global "Hooks must not write to stderr - Claude Code interprets any stderr as error. Debug logging must go to files only."
+./.aide/bin/aide memory add --category=gotcha --tags=hooks,claude-code,scope:global,source:discovered,verified:true "Hooks must not write to stderr - Claude Code interprets any stderr as error. Debug logging must go to files only."
+```
+
+### Unverified external claim
+
+```bash
+./.aide/bin/aide memory add --category=learning --tags=api,stripe,project:myapp,source:user,verified:false "Stripe webhook signatures use HMAC-SHA256 with the whsec_ prefix."
 ```
 
 ## Instructions
@@ -78,18 +84,90 @@ Use the `./.aide/bin/aide memory add` CLI command via Bash:
 When the user invokes `/aide:memorise <something>`:
 
 1. Parse what they want to remember
-2. Determine the scope:
+2. **Verify factual claims before storing** (see [Verification Before Storage](#verification-before-storage-anti-poison) below)
+3. Determine the scope:
    - **User preference** (colour, style, etc.) → add `scope:global`
    - **Project-specific learning** → add `project:<project-name>,session:${CLAUDE_SESSION_ID:0:8}`
    - **Session summary** → add `project:<project-name>,session:${CLAUDE_SESSION_ID:0:8}`
-3. Choose appropriate category and descriptive tags
-4. Format the content concisely but completely
-5. Call `./.aide/bin/aide memory add` via Bash to store it
-6. **Verify success** - check exit code is 0 and output contains the memory ID
-7. Confirm what was stored
+4. Choose appropriate category and descriptive tags
+5. **Add provenance tags** (see [Provenance Tags](#provenance-tags) below)
+6. Format the content concisely but completely
+7. Call `./.aide/bin/aide memory add` via Bash to store it
+8. **Verify success** - check exit code is 0 and output contains the memory ID
+9. Confirm what was stored, including verification outcome
 
 Keep content concise - aim for 1-3 sentences unless it's a complex session summary.
 
+## Verification Before Storage (Anti-Poison)
+
+Memories persist across sessions and influence future behaviour. Storing incorrect information is **worse than storing nothing** — it creates compounding errors. Before storing any memory, verify its claims.
+
+### What to Verify
+
+| Claim Type                | Verification Method                                   | Example                                        |
+| ------------------------- | ----------------------------------------------------- | ---------------------------------------------- |
+| **File exists**           | Use Glob or Read to confirm                           | "Config is in src/config.ts"                   |
+| **Function/class exists** | Use Grep or code search                               | "Use `parseToken()` from auth.ts"              |
+| **Function signature**    | Read the file, check the actual signature             | "parseToken takes a string and returns Claims" |
+| **API behaviour**         | Check the implementation or tests                     | "The /users endpoint requires auth"            |
+| **Dependency/version**    | Check package.json, go.mod, etc.                      | "Project uses Vitest v2"                       |
+| **Build/test command**    | Confirm the script exists in package.json or Makefile | "Run `npm run test:e2e` for integration tests" |
+
+### What Does NOT Need Verification
+
+- **User preferences** — The user is the authority ("I prefer tabs over spaces")
+- **Session summaries** — Recap of what just happened in the current session
+- **Opinions/decisions** — Architectural choices made by the user ("We chose Postgres")
+- **External facts** — Things not checkable against the codebase ("React 19 uses...")
+
+### Verification Workflow
+
+```
+Is it a codebase claim (file, function, path, command, behaviour)?
+├── No → Store directly with source:user or source:stated
+└── Yes → Can you verify it right now?
+          ├── Yes → Verify it
+          │         ├── Correct → Store with verified:true
+          │         └── Wrong → Inform user, do NOT store. Offer corrected version.
+          └── No (e.g., external service, runtime behaviour)
+                    → Store with verified:false, note unverified
+```
+
+### Verification Rules
+
+1. **NEVER store a codebase claim without checking** — If the user says "the auth middleware is in src/middleware/auth.ts", confirm the file exists before memorising.
+2. **If verification fails, do NOT store** — Tell the user what you found instead and offer to store the corrected version.
+3. **If you cannot verify** (e.g., claim about runtime behaviour, external API), store it but tag with `verified:false`.
+4. **Err on the side of not storing** — A missing memory is recoverable; a wrong memory causes future errors.
+
+### Example: Verified vs Rejected
+
+**User says:** "Remember that the database schema is defined in db/schema.sql"
+
+**Verification steps:**
+
+1. Check: does `db/schema.sql` exist? → Use Glob to search
+2. If yes → Store with `verified:true`
+3. If no → "I checked and `db/schema.sql` doesn't exist. I found `database/migrations/` instead. Would you like me to store that instead?"
+
+## Provenance Tags
+
+Always include provenance tags to track the origin and verification status of memories:
+
+| Tag                 | Meaning                                  | When to Use                                      |
+| ------------------- | ---------------------------------------- | ------------------------------------------------ |
+| `source:user`       | User explicitly stated this              | User preferences, direct instructions            |
+| `source:discovered` | Agent discovered this by examining code  | File paths, function signatures, patterns found  |
+| `source:inferred`   | Agent inferred this from context         | Behaviour deduced from code, not directly stated |
+| `verified:true`     | Codebase claim was checked and confirmed | After successful verification                    |
+| `verified:false`    | Claim could not be verified against code | External facts, runtime behaviour                |
+
+### Provenance Rules
+
+- Every memory MUST have exactly one `source:` tag
+- Codebase claims MUST have a `verified:` tag
+- User preferences and opinions do NOT need `verified:` tags (user is authoritative)
+
 ## Failure Handling
 
 If `./.aide/bin/aide memory add` fails:

package/skills/patterns/SKILL.md

@@ -0,0 +1,177 @@
+---
+name: patterns
+description: Analyze codebase patterns, detect anti-patterns, and surface static analysis findings
+triggers:
+  - find patterns
+  - anti-patterns
+  - code smells
+  - complexity
+  - duplicated code
+  - clones
+  - secrets
+  - coupling
+  - findings
+  - static analysis
+  - code health
+---
+
+# Pattern Analysis
+
+**Recommended model tier:** balanced (sonnet) - this skill combines search with structured analysis
+
+Analyze codebase patterns using static analysis findings. Surface complexity hotspots, code
+duplication, coupling issues, and potential secrets. Use this skill to understand code health
+and identify areas that need attention.
+
+## Prerequisites
+
+Findings must be generated first by running analyzers via the CLI:
+
+```bash
+# Run all analyzers
+./.aide/bin/aide findings run --path .
+
+# Run specific analyzers
+./.aide/bin/aide findings run --path . --analyzer complexity
+./.aide/bin/aide findings run --path . --analyzer coupling
+./.aide/bin/aide findings run --path . --analyzer secrets
+./.aide/bin/aide findings run --path . --analyzer clones
+```
+
+**Binary location:** The aide binary is at `.aide/bin/aide`. If it's on your `$PATH`, you can use `aide` directly.
+
+## Available Tools
+
+### 1. Search Findings (`mcp__plugin_aide_aide__findings_search`)
+
+Full-text search across all findings. Supports Bleve query syntax for advanced searches.
+
+**Parameters:**
+- `query` (required) — Search term or Bleve query
+- `analyzer` (optional) — Filter to one analyzer: `complexity`, `coupling`, `secrets`, `clones`
+- `severity` (optional) — Filter by severity: `info`, `warning`, `critical`
+- `file` (optional) — Filter by file path substring
+- `limit` (optional) — Max results (default 20)
+
+**Example usage:**
+
+```
+Search for: "high complexity"
+-> findings_search query="complexity" severity="warning"
+-> Returns: functions with high cyclomatic complexity, with file:line
+```
+
+### 2. List Findings (`mcp__plugin_aide_aide__findings_list`)
+
+List findings with filters. Use when you want to browse rather than search.
+
+**Parameters:**
+- `analyzer` (optional) — Filter to one analyzer
+- `severity` (optional) — Filter by severity
+- `file` (optional) — Filter by file path substring
+- `limit` (optional) — Max results (default 20)
+- `offset` (optional) — Pagination offset
+
+**Example usage:**
+
+```
+List all critical findings
+-> findings_list severity="critical"
+-> Returns: all critical-severity findings across all analyzers
+```
+
+### 3. Findings Statistics (`mcp__plugin_aide_aide__findings_stats`)
+
+Get aggregate counts by analyzer and severity. Use as a starting point to understand overall
+code health before drilling into specifics.
+
+**Example usage:**
+
+```
+How healthy is the codebase?
+-> findings_stats
+-> Returns: counts per analyzer, counts per severity, total findings
+```
+
+## Workflow
+
+### Quick Health Check
+
+1. **Get overview** — Use `findings_stats` to see counts by analyzer and severity
+2. **Triage critical** — Use `findings_list severity="critical"` to review highest-priority items
+3. **Drill into areas** — Use `findings_search` with file or query filters for specific concerns
+
+### Complexity Analysis
+
+1. Run `findings_search analyzer="complexity" severity="critical"` to find the most complex functions
+2. Use `code_outline` on flagged files to understand structure
+3. Use `Read` with offset/limit to examine the specific functions
+4. Recommend decomposition strategies
+
+### Duplication Analysis
+
+1. Run `findings_list analyzer="clones"` to see detected code clones
+2. Each finding includes the clone pair — both file locations and line ranges
+3. Use `Read` to compare the duplicated sections
+4. Recommend extraction into shared functions or modules
+
+### Coupling Analysis
+
+1. Run `findings_search analyzer="coupling"` to see import fan-out/fan-in issues
+2. High fan-out means a file imports too many things (potential god module)
+3. High fan-in means many files depend on one (fragile dependency)
+4. Cycle findings indicate circular dependency chains
+
+### Secret Detection
+
+1. Run `findings_list analyzer="secrets" severity="critical"` for confirmed secrets
+2. Run `findings_list analyzer="secrets"` for all potential secrets (including unverified)
+3. Each finding includes the secret category (e.g., AWS, GitHub, generic API key)
+4. Snippets are redacted for safety — use `Read` to examine context around the finding
+
+## Anti-Pattern Identification
+
+Beyond the automated analyzers, look for these patterns using findings as starting points:
+
+| Finding | Likely Anti-Pattern | Action |
+|---------|-------------------|--------|
+| Complexity > 20 | God function | Decompose into smaller functions |
+| Fan-out > 15 | Kitchen sink module | Split responsibilities |
+| Fan-in > 20 | Fragile dependency | Consider interface/abstraction |
+| Multiple clones | Copy-paste programming | Extract shared utility |
+| Import cycle | Circular dependency | Restructure module boundaries |
+
+## Output Format
+
+```markdown
+## Code Health Report
+
+### Overview
+- Total findings: X (Y critical, Z warnings)
+- Top concern: [area/file with most issues]
+
+### Hotspots
+1. **`file:line`** - [description] (severity)
+   - Impact: [why this matters]
+   - Recommendation: [what to do]
+
+### Patterns Detected
+- [List of anti-patterns found with evidence]
+
+### Recommendations
+1. [Prioritized action items]
+```
+
+## Failure Handling
+
+1. **No findings data** — Tell user to run analyzers first: `./.aide/bin/aide findings run --path .`
+2. **Stale findings** — Findings reflect the state at last analyzer run; recommend re-running if code changed significantly
+3. **False positives** — Secret detection may flag test fixtures or example configs; note when findings appear to be in test/example code
+
+## Verification Criteria
+
+- [ ] Checked `findings_stats` for overall picture
+- [ ] Reviewed critical findings
+- [ ] Cross-referenced findings with actual code (used `Read` or `code_outline`)
+- [ ] Provided actionable recommendations with file:line references
+- [ ] Noted any false positives or findings that need manual verification

package/skills/plan-swarm/SKILL.md

@@ -113,6 +113,11 @@ Output a structured story list. Each story must be:
 
 4. **Instruct the user**: Run `/aide:swarm` to execute the plan
 
+**Note on task materialization:** The plan is stored as a decision, not as tasks. The `/aide:swarm` skill reads the plan and materializes tasks at execution time:
+
+- **Claude Code**: Each story agent creates native tasks (`TaskCreate`) with `blockedBy` dependency chaining for SDLC stages.
+- **OpenCode**: The orchestrator creates aide tasks (`task_create` MCP tool) for all SDLC stages upfront, and story agents claim them.
+
 ## Output Format
 
 The stored `swarm-plan` decision should be a JSON object:

package/skills/ralph/SKILL.md

@@ -34,6 +34,15 @@ You are now in **Ralph Wiggum mode** - an iterative development methodology that
 
 All state is managed through aide. Use MCP tools for reads, CLI for writes:
 
+### Task System Roles
+
+| System                      | Role                                                    | How                                                                   |
+| --------------------------- | ------------------------------------------------------- | --------------------------------------------------------------------- |
+| **aide tasks** (MCP or CLI) | Durable task backlog, claiming, persistence enforcement | `task_create`/`task_claim`/`task_complete` (MCP) or `aide task` (CLI) |
+| **Native todowrite**        | Personal progress tracking within current iteration     | `todowrite` tool — tracks sub-steps of current task                   |
+
+aide tasks are the source of truth for ralph — they survive session restarts and are checked by persistence hooks to block premature stopping. Use native `todowrite` for your own step-by-step checklist within each task iteration.
+
 ### Reads (MCP Tools)
 
 | Tool                                   | Purpose              |
@@ -43,14 +52,18 @@ All state is managed through aide. Use MCP tools for reads, CLI for writes:
 | `mcp__plugin_aide_aide__decision_get`  | Get decisions        |
 | `mcp__plugin_aide_aide__decision_list` | List all decisions   |
 | `mcp__plugin_aide_aide__memory_search` | Search discoveries   |
+| `task_list`                            | List aide tasks      |
+| `task_get`                             | Get task by ID       |
 
-### Writes (CLI via Bash)
+### Writes (CLI via Bash or MCP)
 
 ```bash
 # Phase tracking
 ./.aide/bin/aide state set ralph:phase planning   # or "building"
 
-# Task management (use Claude's native TaskCreate/TaskUpdate/TaskList)
+# Task management — use aide tasks (persistent, claimable)
+# Via MCP: task_create, task_claim, task_complete
+# Via CLI: ./.aide/bin/aide task create/claim/complete
 
 # Decisions
 ./.aide/bin/aide decision set <topic> "<decision>" --rationale="<why>"
@@ -168,12 +181,6 @@ Claim it:
 ./.aide/bin/aide task claim <task-id> --agent=ralph
 ```
 
-Claim it:
-
-```bash
-./.aide/bin/aide task claim <task-id> --agent=ralph
-```
-
 #### 3. Verify Gap Still Exists (Don't Assume!)
 
 Before implementing, RE-VERIFY:

package/skills/review/SKILL.md

@@ -88,6 +88,9 @@ Use these tools during review:
 - `mcp__plugin_aide_aide__code_symbols` - List all symbols in a file being reviewed
 - `mcp__plugin_aide_aide__code_references` - Find all callers/usages of a modified symbol
 - `mcp__plugin_aide_aide__memory_search` - Check for related past decisions or issues
+- `mcp__plugin_aide_aide__findings_search` - Search static analysis findings (complexity, secrets, clones) related to changed code
+- `mcp__plugin_aide_aide__findings_list` - List findings filtered by file, severity, or analyzer
+- `mcp__plugin_aide_aide__findings_stats` - Overview of finding counts by analyzer and severity
 
 ## Output Format
 

package/skills/swarm/SKILL.md

@@ -432,43 +432,90 @@ message_ack: message_id=42, agent_id="agent-auth"
 ./.aide/bin/aide memory add --category=discovery "User model needs email validation"
 ```
 
-**Memory** (shared discoveries):
+## OpenCode Mode
 
-```bash
-./.aide/bin/aide memory add --category=discovery "User model needs email validation"
-```
+OpenCode has native `todowrite`/`todoread` for per-agent progress tracking, and a `task` tool for spawning subagents. However, OpenCode's todos are **session-private** — they are NOT shared across agents. For multi-agent coordination, use **aide tasks** (MCP tools) as the shared task system.
 
-## OpenCode Mode
+### Task System Roles (OpenCode)
 
-OpenCode does not have native subagent support. For multi-agent swarms with OpenCode:
+| System                                                                          | Role                                                | Scope                      |
+| ------------------------------------------------------------------------------- | --------------------------------------------------- | -------------------------- |
+| **aide tasks** (MCP: `task_create`, `task_list`, `task_claim`, `task_complete`) | Shared coordination — all agents see the same board | Cross-session, persistent  |
+| **todowrite** (native)                                                          | Personal progress tracking within each agent        | Session-private, per-agent |
+| **aide messages** (MCP: `message_send`, `message_list`)                         | Real-time coordination, status broadcasts, blockers | Cross-session              |
 
-**Setup:**
+### Setup
 
 1. Create worktrees as normal (one per story)
 2. Launch separate OpenCode terminal sessions, one per story
 3. Each session works in its assigned worktree directory
 
-**Coordination:**
+### Orchestrator Workflow
 
-- **No TaskList** — OpenCode sessions don't share a task system
-- **Use aide messages** as the primary coordination mechanism:
-  - Each session uses `message_send` to report status, blockers, and completion
-  - Check `message_list` at each stage transition
-  - The orchestrator monitors all agents via `message_list` with their own agent_id
-- **Use aide state** for progress tracking:
-  ```bash
-  ./.aide/bin/aide state set "agent-auth:stage" "TEST"
-  ./.aide/bin/aide state set "agent-auth:status" "running"
-  ```
-- Monitor all agents: `mcp__plugin_aide_aide__state_list`
-
-**Orchestrator role (human or primary session):**
+The orchestrator (human or primary session):
 
 1. Decompose stories (use `/aide:plan-swarm` first)
 2. Create worktrees
-3. Launch terminal sessions with instructions
-4. Monitor via `message_list` and `state_list`
-5. When all sessions report `completion`, run `/aide:worktree-resolve`
+3. Create aide tasks for all SDLC stages upfront:
+   ```
+   task_create: title="[story-auth][DESIGN] Design auth module"
+   task_create: title="[story-auth][TEST] Write auth tests"
+   task_create: title="[story-auth][DEV] Implement auth"
+   task_create: title="[story-auth][VERIFY] Verify auth"
+   task_create: title="[story-auth][DOCS] Document auth"
+   ```
+4. Launch terminal sessions with instructions (include agent ID and story assignment)
+5. Monitor progress via `task_list` (MCP tool) or `./.aide/bin/aide task list` (CLI)
+6. When all tasks show `done`, run `/aide:worktree-resolve`
+
+### Story Agent Workflow (OpenCode)
+
+Each story agent follows the same SDLC pipeline. Use aide tasks for shared tracking and native `todowrite` for personal step-by-step progress:
+
+```
+## Per SDLC Stage:
+
+1. Claim the stage task:
+   task_claim: task_id=<id>, agent_id=agent-auth
+
+2. Use todowrite for personal tracking:
+   todowrite: [{"content": "Design interfaces for auth", "status": "in_progress", "priority": "high"}]
+
+3. Execute the stage (use appropriate /aide: skill)
+
+4. Complete the aide task:
+   task_complete: task_id=<id>, result="Designed JWT auth with refresh tokens"
+
+5. Send status message:
+   message_send: from="agent-auth", type="status", content="[DESIGN] complete"
+
+6. Check for messages from other agents:
+   message_list: agent_id="agent-auth"
+```
+
+**Note:** aide tasks do not have `blockedBy` dependency chaining like Claude Code native tasks. Stage ordering is enforced by the SDLC pipeline instructions — each agent processes stages sequentially (DESIGN → TEST → DEV → VERIFY → DOCS).
+
+### Coordination (OpenCode)
+
+```
+# Shared task board — all agents see the same tasks
+task_list                                          # View all tasks
+task_list: status="pending"                        # View unclaimed work
+
+# Messages — real-time coordination
+message_send: from="agent-auth", type="status", content="[DESIGN] complete, starting TEST"
+message_send: from="agent-auth", to="agent-payments", type="request", content="Need payment API schema"
+message_list: agent_id="agent-auth"
+message_ack: message_id=42, agent_id="agent-auth"
+
+# State — supplementary progress tracking
+./.aide/bin/aide state set "agent-auth:stage" "TEST"
+
+# Decisions and discoveries — shared knowledge
+mcp__plugin_aide_aide__decision_get with topic="auth-strategy"
+./.aide/bin/aide decision set "auth-strategy" "JWT with refresh tokens"
+./.aide/bin/aide memory add --category=discovery "User model needs email validation"
+```
 
 ## Completion (MANDATORY STEPS)
 
@@ -477,7 +524,11 @@ Swarm completion checklist - ALL REQUIRED:
 ### Step 1: Verify All Stories Complete
 
 ```
+# Claude Code:
 TaskList  # All story tasks must show [completed]
+
+# OpenCode:
+task_list  # All aide tasks must show [done]
 ```
 
 - Every story must have completed all 5 SDLC stages

package/src/core/persistence-logic.ts

@@ -74,17 +74,23 @@ export function buildReinforcement(
  * Returns null if stop is allowed, or { reason } if stop should be blocked.
  * When a persistence mode is active and todos exist, the reinforcement
  * message includes the specific incomplete tasks.
+ *
+ * When agentId is provided, only tasks claimed by that agent are considered
+ * for blocking. This prevents subagents from being blocked by tasks that
+ * belong to other agents. Global (unclaimed) tasks still count for all agents.
  */
 export function checkPersistence(
   binary: string,
   cwd: string,
+  agentId?: string,
 ): { reason: string } | null {
   const mode = getActiveMode(binary, cwd);
   if (!mode) return null;
 
-  // Get and increment iteration counter
+  // Get and increment iteration counter (guard against NaN from corrupted state)
   const iterStr = getState(binary, cwd, `${mode}_iterations`) || "0";
-  const iteration = parseInt(iterStr, 10) + 1;
+  const parsed = parseInt(iterStr, 10);
+  const iteration = (Number.isNaN(parsed) ? 0 : parsed) + 1;
   setState(binary, cwd, `${mode}_iterations`, String(iteration));
 
   if (iteration > MAX_PERSISTENCE_ITERATIONS) {
@@ -94,21 +100,37 @@ export function checkPersistence(
     return null;
   }
 
-  // Fetch todos and build a specific continuation message if incomplete tasks exist
+  // Fetch todos and build a specific continuation message if incomplete tasks exist.
+  // If all tasks are complete (or no tasks exist), auto-release: allow stop.
   let todoSummary: string | undefined;
+  let allTasksComplete = false;
   try {
     const todos = fetchTodosFromAide(binary, cwd);
-    const todoResult = checkTodos(todos);
+    const todoResult = checkTodos(todos, agentId);
     if (todoResult.hasIncomplete) {
       todoSummary = todoResult.message;
       debug(
         SOURCE,
         `Found ${todoResult.incompleteCount} incomplete todos for persistence reinforcement`,
       );
+    } else if (todoResult.totalCount > 0) {
+      // All tasks exist and are in terminal states — work is done
+      allTasksComplete = true;
+      debug(
+        SOURCE,
+        `All ${todoResult.totalCount} tasks complete — auto-releasing ${mode} mode`,
+      );
     }
   } catch (err) {
     debug(SOURCE, `Failed to fetch todos for persistence (non-fatal): ${err}`);
   }
 
+  // Auto-release: if tasks exist and all are complete, allow stop
+  if (allTasksComplete) {
+    setState(binary, cwd, "mode", "");
+    setState(binary, cwd, `${mode}_iterations`, "0");
+    return null;
+  }
+
   return { reason: buildReinforcement(mode, iteration, todoSummary) };
 }

package/src/core/todo-checker.ts

@@ -1,17 +1,18 @@
 /**
  * Todo continuation checker — platform-agnostic.
  *
- * Reads the agent's todo list and checks for incomplete items.
+ * Reads aide tasks (`aide task list`) and checks for incomplete items.
  * Used to enhance persistence-logic.ts with precise todo-aware blocking:
  * instead of a generic "verify your work is complete", we list the
- * specific incomplete todos.
+ * specific incomplete tasks.
  *
- * For Claude Code: reads todos from the transcript (TodoWrite tool outputs)
- *   or from aide task list.
- * For OpenCode: reads todos via client.session.todo() API.
+ * Only checks aide tasks (persistent, cross-session). Native todos
+ * (Claude Code TodoWrite, OpenCode todowrite) are session-scoped
+ * personal tracking and are intentionally not checked here — neither
+ * platform exposes an API for reading them from hooks.
  *
  * This module provides the platform-agnostic core. Platform hooks
- * call it with however they obtained the todo list.
+ * call it via persistence-logic.ts.
  */
 
 import { runAide } from "./aide-client.js";
@@ -19,10 +20,24 @@ import { debug } from "../lib/logger.js";
 
 const SOURCE = "todo-checker";
 
+/**
+ * Known terminal statuses — tasks in these states are considered "done".
+ * Any status NOT in this set is treated as incomplete (including unknown
+ * statuses from future aide versions), which is the safe default for
+ * persistence enforcement.
+ *
+ * Covers both aide backend statuses (done) and any legacy/alias statuses
+ * (completed, cancelled) for forward/backward compatibility.
+ */
+export const TERMINAL_STATUSES = new Set(["done", "completed", "cancelled"]);
+
 export interface TodoItem {
   id: string;
   content: string;
-  status: "pending" | "in_progress" | "completed" | "cancelled";
+  /** Raw status string from aide — may be any value, not just known ones. */
+  status: string;
+  /** Agent that claimed this task, if any. */
+  claimedBy?: string;
   priority?: string;
 }
 
@@ -41,8 +56,16 @@ export interface TodoCheckResult {
 
 /**
  * Check a list of todos for incomplete items and build a continuation message.
+ *
+ * When agentId is provided, only tasks relevant to this agent are considered:
+ * - Unclaimed tasks (pending, blocked) — everyone's responsibility
+ * - Tasks claimed by this agent — this agent's responsibility
+ * Tasks claimed by other agents are filtered out.
  */
-export function checkTodos(todos: TodoItem[]): TodoCheckResult {
+export function checkTodos(
+  todos: TodoItem[],
+  agentId?: string,
+): TodoCheckResult {
   if (!todos || todos.length === 0) {
     return {
       hasIncomplete: false,
@@ -53,29 +76,34 @@ export function checkTodos(todos: TodoItem[]): TodoCheckResult {
     };
   }
 
-  const incomplete = todos.filter(
-    (t) => t.status !== "completed" && t.status !== "cancelled",
-  );
+  // When scoped to a specific agent, filter out tasks claimed by other agents.
+  // Unclaimed tasks (no claimedBy) are considered everyone's responsibility.
+  const relevant = agentId
+    ? todos.filter((t) => !t.claimedBy || t.claimedBy === agentId)
+    : todos;
+
+  const incomplete = relevant.filter((t) => !TERMINAL_STATUSES.has(t.status));
 
   if (incomplete.length === 0) {
     return {
       hasIncomplete: false,
       incompleteCount: 0,
-      totalCount: todos.length,
+      totalCount: relevant.length,
       incompleteItems: [],
       message: "",
     };
   }
 
-  const completedCount = todos.length - incomplete.length;
+  const completedCount = relevant.length - incomplete.length;
   const lines: string[] = [
-    `**TODO CONTINUATION** — ${incomplete.length} of ${todos.length} tasks incomplete (${completedCount} done)`,
+    `**TODO CONTINUATION** — ${incomplete.length} of ${relevant.length} tasks incomplete (${completedCount} done)`,
     "",
     "Remaining tasks:",
   ];
 
   for (const item of incomplete) {
-    const statusIcon = item.status === "in_progress" ? ">" : " ";
+    const statusIcon =
+      item.status === "in_progress" || item.status === "claimed" ? ">" : " ";
     lines.push(`  [${statusIcon}] ${item.content}`);
   }
 
@@ -87,7 +115,7 @@ export function checkTodos(todos: TodoItem[]): TodoCheckResult {
   return {
     hasIncomplete: true,
     incompleteCount: incomplete.length,
-    totalCount: todos.length,
+    totalCount: relevant.length,
     incompleteItems: incomplete,
     message: lines.join("\n"),
   };
@@ -99,6 +127,12 @@ export function checkTodos(todos: TodoItem[]): TodoCheckResult {
  * Output format from `aide task list`:
  *   [status] id: content
  *   e.g.: [pending] abc123: Implement feature X
+ *         [claimed] task-def: Deploy service
+ *
+ * The regex accepts any alphanumeric/underscore status to handle
+ * current statuses (pending, claimed, done, blocked) and any future
+ * additions without code changes. Unknown statuses are treated as
+ * incomplete by checkTodos().
  */
 export function parseTodosFromAide(output: string): TodoItem[] {
   const todos: TodoItem[] = [];
@@ -106,13 +140,14 @@ export function parseTodosFromAide(output: string): TodoItem[] {
 
   for (const line of lines) {
     const match = line.match(
-      /\[(pending|in_progress|completed|cancelled)\]\s+(\S+):\s+(.+)/,
+      /\[(\w+)\]\s+(\S+):\s+(.+?)(?:\s+\(agent:(\S+)\))?$/,
     );
     if (match) {
       todos.push({
-        status: match[1] as TodoItem["status"],
+        status: match[1],
         id: match[2],
         content: match[3].trim(),
+        claimedBy: match[4] || undefined,
       });
     }
   }

package/src/core/types.ts

@@ -15,6 +15,27 @@ export interface AideConfig {
     /** Auto-export on session end (default: false) */
     autoExport?: boolean;
   };
+  findings?: {
+    /** Complexity analyser settings */
+    complexity?: {
+      /** Cyclomatic complexity threshold (default: 10) */
+      threshold?: number;
+    };
+    /** Import coupling analyser settings */
+    coupling?: {
+      /** Fan-out threshold — max outgoing imports (default: 15) */
+      fanOut?: number;
+      /** Fan-in threshold — max incoming imports (default: 20) */
+      fanIn?: number;
+    };
+    /** Code clone detection settings */
+    clones?: {
+      /** Sliding window size in tokens (default: 50) */
+      windowSize?: number;
+      /** Minimum clone size in lines (default: 6) */
+      minLines?: number;
+    };
+  };
 }
 
 export const DEFAULT_CONFIG: AideConfig = {};

package/src/opencode/hooks.ts

@@ -427,7 +427,11 @@ async function handleSessionIdle(
   // Check persistence: if ralph/autopilot mode is active, re-prompt the session
   if (state.binary) {
     try {
-      const persistResult = checkPersistence(state.binary, state.cwd);
+      const persistResult = checkPersistence(
+        state.binary,
+        state.cwd,
+        sessionId,
+      );
       if (persistResult) {
         const activeMode = getActiveMode(state.binary, state.cwd);
         debug(