aidevops 2.104.0 → 2.105.0

package/README.md

@@ -15,7 +15,7 @@
 
 The result: AI agents that work *with* your development process, not around it.
 
-**Built on proven patterns**: aidevops implements [industry-standard agent design patterns](#agent-design-patterns) validated across Claude Code, Manus, and Cursor - including multi-layer action spaces, context isolation, and iterative execution loops.
+**Built on proven patterns**: aidevops implements [industry-standard agent design patterns](#agent-design-patterns) - including multi-layer action spaces, context isolation, and iterative execution loops.
 
 **[aidevops](https://aidevops.sh)** knows what you need to know.
 
@@ -87,13 +87,14 @@ The result: AI agents that work *with* your development process, not around it.
 
 - `aidevops init` - Initialize in any project
 - `aidevops update` - Update framework
+- `aidevops secret` - Manage secrets (gopass encrypted, AI-safe)
 - `/onboarding` - Interactive setup wizard (in AI assistant)
 
 ### Agent Structure
 
 - Primary agents (Build+, SEO, Marketing, etc.) with @plan-plus subagent for planning-only mode
-- 614+ subagent markdown files organized by domain
-- 167 helper scripts in `.agents/scripts/`
+- 765+ subagent markdown files organized by domain
+- 172 helper scripts in `.agents/scripts/`
 - 28 slash commands for common workflows
 
 <!-- AI-CONTEXT-END -->
@@ -151,7 +152,9 @@ git clone https://github.com/marcusquinn/aidevops.git ~/Git/aidevops
 - Deploy agents to `~/.aidevops/agents/`
 - Install the `aidevops` CLI command
 - Configure your AI assistants automatically
+- Offer to install Oh My Zsh (optional, opt-in) for enhanced shell experience
 - Guide you through recommended tools (Tabby, Zed, Git CLIs)
+- Ensure all PATH and alias changes work in both bash and zsh
 
 **New users: Start [OpenCode](https://opencode.ai/) and type `/onboarding`** to configure your services interactively. OpenCode is the recommended tool for aidevops - all features, agents, and workflows are designed and tested for it first. The onboarding wizard will:
 - Explain what **[aidevops](https://aidevops.sh)** can do
@@ -291,38 +294,6 @@ opencode auth login
 - **Automatic token refresh** - No manual re-authentication needed
 - **Beta features enabled** - Extended thinking modes and latest features
 
-### Oh-My-OpenCode Plugin (Optional)
-
-The setup offers to install [oh-my-opencode](https://github.com/code-yeongyu/oh-my-opencode) - a complementary plugin that adds **coding productivity features**:
-
-| Feature | Description |
-|---------|-------------|
-| **Async Background Agents** | Run multiple agents in parallel (like Claude Code) |
-| **LSP Tools** | 11 tools: hover, goto definition, references, rename, code actions |
-| **AST-Grep** | Semantic code search and replace across 25 languages |
-| **Curated Agents** | OmO (Opus 4.5), Oracle (GPT 5.2), Librarian (Sonnet 4.5), Explore (Grok) |
-| **Claude Code Compatibility** | Full support for hooks, commands, skills from `.claude/` directories |
-| **21 Lifecycle Hooks** | Comment checker, todo enforcer, context window monitor, session recovery |
-
-**How they complement each other:**
-
-- **aidevops** provides DevOps infrastructure (30+ services: hosting, DNS, WordPress, SEO, code quality)
-- **oh-my-opencode** provides coding productivity (LSP, AST, background agents, hooks)
-
-**Usage after installation:**
-
-```bash
-# Trigger maximum performance mode
-> ultrawork implement the authentication system
-
-# Use curated agents
-> @oracle review this architecture
-> @librarian find examples of this pattern on GitHub
-> @explore search for authentication handling
-```
-
-See `.agents/tools/opencode/oh-my-opencode.md` for the full compatibility guide.
-
 ### GitHub AI Agent Integration
 
 Enable AI-powered issue resolution directly from GitHub. Comment `/oc fix this` on any issue and the AI creates a branch, implements the fix, and opens a PR.
@@ -361,7 +332,7 @@ The secure workflow is included at `.github/workflows/opencode-agent.yml`.
 
 See `.agents/tools/git/opencode-github-security.md` for the full security documentation.
 
-**Supported AI Assistants:** OpenCode is the recommended and primary-tested tool. All 18 assistants below have MCP configuration support, but only OpenCode receives continual testing and first-class integration. Other tools are supported as a courtesy for users evaluating aidevops capabilities.
+**Supported AI Assistant:** [OpenCode](https://opencode.ai/) is the only tested and supported AI coding tool for aidevops. All features, agents, and workflows are designed and tested for OpenCode first. The claude-code CLI is used as a companion tool called from within OpenCode.
 
 **Recommended:**
 
@@ -381,38 +352,11 @@ Your terminal tab/window title automatically shows `repo/branch` context when wo
 
 See `.agents/tools/terminal/terminal-title.md` for customization options.
 
-**Also Supported (community-tested):**
-
-**IDE-Based:**
-
-- **[Cursor](https://cursor.sh/)** - AI-first IDE with MCP support
-- **[Windsurf](https://codeium.com/windsurf)** - Codeium's AI IDE
-- **[Continue.dev](https://continue.dev/)** - VS Code/JetBrains extension
-- **[Cody](https://sourcegraph.com/cody)** - Sourcegraph's AI assistant
-
-**Claude Family:**
-
-- **[Claude Code](https://claude.ai/)** - CLI version with `claude mcp add`
-- **[Claude Desktop](https://claude.ai/)** - GUI with MCP config
-
-**Enterprise & Professional:**
-
-- **[Factory AI Droid](https://www.factory.ai/)** - Enterprise-grade agentic AI
-- **[Augment Code](https://www.augmentcode.com/)** - Deep codebase indexing
-- **[GitHub Copilot](https://github.com/features/copilot)** - Agent mode for MCP
-
-**Specialized:**
+**Companion tool:**
 
-- **[Kilo Code](https://kilocode.ai/)** - VS Code extension
-- **[Kiro](https://kiro.dev/)** - AWS's AI assistant
-- **[AntiGravity](https://antigravity.dev/)** - AI coding tool
-- **[Gemini CLI](https://ai.google.dev/)** - Google's CLI
+- **[claude-code CLI](https://claude.ai/)** - Called from within OpenCode for sub-tasks and headless dispatch
 
-**Terminal & CLI:**
-
-- **[Aider](https://aider.chat/)** - CLI pair programmer with native MCP
-- **[Warp AI](https://www.warp.dev/)** - Terminal with AI (no native MCP, use OpenCode/Claude in Warp)
-- **[Qwen](https://qwen.ai/)** - Alibaba's CLI (MCP support experimental)
+**Collaborator compatibility:** Projects initialized with `aidevops init` include pointer files (`.cursorrules`, `.windsurfrules`, etc.) that reference `AGENTS.md`, helping collaborators using other editors find project context. aidevops does not install into or configure those tools.
 
 ## **Core Capabilities**
 
@@ -468,10 +412,29 @@ aidevops skill add clawdhub:<slug> # Import a skill from ClawdHub
 aidevops skill list                # List imported skills
 aidevops skill check               # Check for upstream updates
 aidevops skill update [name]       # Update specific or all skills
+aidevops skill scan [name]         # Security scan skills (Cisco Skill Scanner)
 aidevops skill remove <name>       # Remove an imported skill
 ```
 
-Skills are registered in `~/.aidevops/agents/configs/skill-sources.json` with upstream tracking for update detection. Telemetry is disabled - no data is sent to third parties.
+Skills are registered in `~/.aidevops/agents/configs/skill-sources.json` with upstream tracking for update detection.
+
+**Security Scanning:**
+
+Imported skills are automatically security-scanned using [Cisco Skill Scanner](https://github.com/cisco-ai-defense/skill-scanner) when installed. Scanning runs on both initial import and updates -- pulling a new version of a skill triggers the same security checks as the first import. CRITICAL/HIGH findings block the operation; MEDIUM/LOW findings warn but allow. Telemetry is disabled - no data is sent to third parties.
+
+When a [VirusTotal](https://www.virustotal.com/) API key is configured (`aidevops secret set VIRUSTOTAL_MARCUSQUINN`), an advisory second layer scans file hashes against 70+ AV engines and checks domains/URLs referenced in skill content. VT scans are non-blocking -- the Cisco scanner remains the security gate.
+
+| Scenario | Security scan runs? | CRITICAL/HIGH blocks? |
+|----------|--------------------|-----------------------|
+| `aidevops skill add <source>` | Yes | Yes |
+| `aidevops skill update [name]` | Yes | Yes |
+| `aidevops skill add <source> --force` | Yes | Yes |
+| `aidevops skill add <source> --skip-security` | Yes (reports only) | No (warns) |
+| `aidevops skill scan [name]` | Yes (standalone) | Report only |
+
+The `--force` flag only controls file overwrite behavior (replacing an existing skill without prompting). To bypass security blocking, use `--skip-security` explicitly -- this separation ensures that routine updates and re-imports never silently skip security checks.
+
+Scan results are logged to [`.agents/SKILL-SCAN-RESULTS.md`](.agents/SKILL-SCAN-RESULTS.md) automatically on each batch scan and skill import, providing a transparent audit trail of security posture over time.
 
 **Browse community skills:** [skills.sh](https://skills.sh) | [ClawdHub](https://clawdhub.com) | **Specification:** [agentskills.io](https://agentskills.io)
 
@@ -485,11 +448,11 @@ Skills are registered in `~/.aidevops/agents/configs/skill-sources.json` with up
 
 ## **Agent Design Patterns**
 
-aidevops implements proven agent design patterns identified by [Lance Martin (LangChain)](https://x.com/RLanceMartin/status/2009683038272401719) and validated across successful agents like Claude Code, Manus, and Cursor.
+aidevops implements proven agent design patterns identified by [Lance Martin (LangChain)](https://x.com/RLanceMartin/status/2009683038272401719).
 
 | Pattern | Description | aidevops Implementation |
 |---------|-------------|------------------------|
-| **Give Agents a Computer** | Filesystem + shell for persistent context | `~/.aidevops/.agent-workspace/`, 167 helper scripts |
+| **Give Agents a Computer** | Filesystem + shell for persistent context | `~/.aidevops/.agent-workspace/`, 172 helper scripts |
 | **Multi-Layer Action Space** | Few tools, push actions to computer | Per-agent MCP filtering (~12-20 tools each) |
 | **Progressive Disclosure** | Load context on-demand | Subagent routing with content summaries, YAML frontmatter, read-on-demand |
 | **Offload Context** | Write results to filesystem | `.agent-workspace/work/[project]/` for persistence |
@@ -661,9 +624,63 @@ Test suites are JSON files with prompts and validation rules (`expect_contains`,
 
 **See:** `agent-testing.md` subagent for full documentation and example test suites.
 
-### Voice Integration
+### Voice Bridge - Talk to Your AI Agent
+
+Speak naturally to your AI coding agent and hear it respond. The voice bridge connects your microphone to OpenCode via a fast local pipeline -- ask questions, give instructions, execute tasks, all by voice.
+
+```text
+Mic → Silero VAD → Whisper MLX (1.4s) → OpenCode (4-6s) → Edge TTS (0.4s) → Speaker
+```
+
+**Round-trip: ~6-8 seconds** on Apple Silicon. The agent can edit files, run commands, create PRs, and confirm what it did -- all via voice.
+
+**Quick start:**
+
+```bash
+# Start a voice conversation (installs deps automatically)
+voice-helper.sh talk
+
+# Choose engines and voice
+voice-helper.sh talk whisper-mlx edge-tts en-GB-SoniaNeural
+voice-helper.sh talk whisper-mlx macos-say    # Offline mode
+
+# Utilities
+voice-helper.sh devices      # List audio input/output devices
+voice-helper.sh voices       # List available TTS voices
+voice-helper.sh benchmark    # Test STT/TTS/LLM speeds
+voice-helper.sh status       # Check component availability
+```
+
+**Features:**
+
+| Feature | Details |
+|---------|---------|
+| **Swappable STT** | whisper-mlx (fastest on Apple Silicon), faster-whisper (CPU) |
+| **Swappable TTS** | edge-tts (best quality), macos-say (offline), facebookMMS (local) |
+| **Voice exit** | Say "that's all", "goodbye", "all for now" to end naturally |
+| **STT correction** | LLM sanity-checks transcription errors before acting (e.g. "test.txte" → "test.txt") |
+| **Task execution** | Full tool access -- edit files, git operations, run commands |
+| **Session handback** | Conversation transcript output on exit for calling agent context |
+| **TUI compatible** | Graceful degradation when launched from AI tool's Bash (no tty) |
+
+**How it works:** The bridge uses `opencode run --attach` to connect to a running OpenCode server for low-latency responses (~4-6s vs ~30s cold start). It automatically starts `opencode serve` if not already running.
+
+**Requirements:** Apple Silicon Mac (for whisper-mlx), Python 3.10+, internet (for edge-tts). The voice helper installs Python dependencies automatically into the S2S venv.
+
+### Speech-to-Speech Pipeline (Advanced)
+
+For advanced use cases (custom LLMs, server/client deployment, multi-language, phone integration), the full [huggingface/speech-to-speech](https://github.com/huggingface/speech-to-speech) pipeline is also available:
+
+```bash
+speech-to-speech-helper.sh setup              # Install pipeline
+speech-to-speech-helper.sh start --local-mac  # Run on Apple Silicon
+speech-to-speech-helper.sh start --cuda       # Run on NVIDIA GPU
+speech-to-speech-helper.sh start --server     # Server mode (remote clients)
+```
+
+**Supported languages:** English, French, Spanish, Chinese, Japanese, Korean (auto-detect or fixed).
 
-Speech-to-speech AI conversations:
+**Additional voice methods:**
 
 | Method | Description |
 |--------|-------------|
@@ -671,6 +688,8 @@ Speech-to-speech AI conversations:
 | **iPhone Shortcut** | iOS: dictate → HTTP → speak response |
 | **Pipecat STS** | Full voice pipeline: Soniox STT → AI → Cartesia TTS |
 
+**See:** [speech-to-speech.md](.agents/tools/voice/speech-to-speech.md) for full component options, CLI parameters, and integration patterns (Twilio phone, video narration, voice-driven DevOps).
+
 ### Scheduled Agent Tasks
 
 Cron-based agent dispatch for automated workflows:
@@ -684,6 +703,23 @@ Cron-based agent dispatch for automated workflows:
 
 ## **Requirements**
 
+### **Recommended Hardware**
+
+aidevops itself is lightweight (shell scripts + markdown), but AI model workloads benefit from capable hardware:
+
+| Tier | Machine | CPU | RAM | GPU | Best For |
+|------|---------|-----|-----|-----|----------|
+| **Minimum** | Any modern laptop | 4+ cores | 8GB | None | Framework only, cloud AI APIs |
+| **Recommended** | Mac Studio / desktop | Apple M1+ or 8+ cores | 16GB+ | MPS (Apple) or NVIDIA 8GB+ | Local voice, browser automation, dev servers |
+| **Power User** | Workstation | 8+ cores | 32GB+ | NVIDIA 24GB+ VRAM | Full voice pipeline, local LLMs, parallel agents |
+| **Server** | Cloud GPU | Any | 16GB+ | A100 / H100 | Production voice, multi-user, batch processing |
+
+**Cloud GPU providers** for on-demand GPU access: [NVIDIA Cloud](https://www.nvidia.com/en-us/gpu-cloud/), [Vast.ai](https://vast.ai/), [RunPod](https://www.runpod.io/), [Lambda](https://lambdalabs.com/).
+
+**Note:** Most aidevops features (infrastructure management, SEO, code quality, Git workflows) require no GPU. GPU is only needed for local AI model inference (voice pipeline, vision models, local LLMs).
+
+### **Software Dependencies**
+
 ```bash
 # Install dependencies (auto-detected by setup.sh)
 brew install sshpass jq curl mkcert dnsmasq fd ripgrep  # macOS
@@ -767,6 +803,7 @@ The setup script offers to install these tools automatically.
 
 ### **Security & Code Quality**
 
+- **[gopass](https://github.com/gopasspw/gopass)**: GPG-encrypted secret management with AI-native wrapper (`aidevops secret`) - subprocess injection + output redaction keeps secrets out of AI context
 - **[Vaultwarden](https://github.com/dani-garcia/vaultwarden)**: Password and secrets management
 - **[SonarCloud](https://sonarcloud.io/)**: Security and quality analysis (A-grade ratings)
 - **[CodeFactor](https://www.codefactor.io/)**: Code quality metrics (A+ score)
@@ -775,6 +812,8 @@ The setup script offers to install these tools automatically.
 - **[Snyk](https://snyk.io/)**: Security vulnerability scanning
 - **[Socket](https://socket.dev/)**: Dependency security and supply chain protection
 - **[Sentry](https://sentry.io/)**: Error monitoring and performance tracking
+- **[Cisco Skill Scanner](https://github.com/cisco-ai-defense/skill-scanner)**: Security scanner for AI agent skills (prompt injection, exfiltration, malicious code)
+- **[VirusTotal](https://www.virustotal.com/)**: Advisory threat intelligence via VT API v3 -- file hash scanning (70+ AV engines), domain/URL reputation checks for imported skills
 - **[Secretlint](https://github.com/secretlint/secretlint)**: Detect exposed secrets in code
 - **[OSV Scanner](https://google.github.io/osv-scanner/)**: Google's vulnerability database scanner
 - **[Qlty](https://qlty.sh/)**: Universal code quality platform (70+ linters, auto-fixes)
@@ -827,6 +866,12 @@ See `.agents/tools/ocr/glm-ocr.md` for batch processing, PDF workflows, and Peek
 - **[Remotion](https://remotion.dev/)**: Programmatic video creation with React - create videos using code with 29 specialized rule files
 - **[Video Prompt Design](https://github.com/snubroot/Veo-3-Meta-Framework)**: Structured prompt engineering for AI video generation (Veo 3, 7-component framework, character consistency, audio design)
 
+### **Voice AI**
+
+- **Voice Bridge**: Talk to your AI coding agent via speech -- Silero VAD → Whisper MLX → OpenCode → Edge TTS (~6-8s round-trip)
+- **[Speech-to-Speech](https://github.com/huggingface/speech-to-speech)**: Open-source modular voice pipeline (VAD → STT → LLM → TTS) with local GPU and cloud GPU deployment
+- **[Pipecat](https://github.com/pipecat-ai/pipecat)**: Real-time voice agent framework with Soniox STT, Cartesia TTS, and multi-LLM support
+
 ### **Performance & Monitoring**
 
 - **[PageSpeed Insights](https://pagespeed.web.dev/)**: Website performance auditing
@@ -840,9 +885,9 @@ See `.agents/tools/ocr/glm-ocr.md` for batch processing, PDF workflows, and Peek
 
 ## **MCP Integrations**
 
-**Model Context Protocol servers for real-time AI assistant integration.** The framework configures these MCPs primarily for **[OpenCode](https://opencode.ai/)** (recommended). Configuration support is also available for 17 other AI assistants including Cursor, Claude Code/Desktop, Windsurf, Continue.dev, Cody, Zed, GitHub Copilot, Kilo Code, Kiro, AntiGravity, Gemini CLI, Droid, Warp AI, Aider, and Qwen.
+**Model Context Protocol servers for real-time AI assistant integration.** The framework configures these MCPs for **[OpenCode](https://opencode.ai/)** (TUI, Desktop, and Extension for Zed/VSCode/AntiGravity).
 
-### **All Supported MCPs (19 active)**
+### **All Supported MCPs (19 available)**
 
 MCP packages are installed globally via `bun install -g` for instant startup (no `npx` registry lookups). Run `setup.sh` or `aidevops update-tools` to update to latest versions.
 
@@ -860,11 +905,11 @@ MCP packages are installed globally via `bun install -g` for instant startup (no
 | [Grep by Vercel](https://grep.app/) | GitHub code search | Per-agent | No |
 | [LocalWP](https://localwp.com/) | WordPress database access | Per-agent | No (local) |
 | [macOS Automator](https://github.com/steipete/macos-automator-mcp) | macOS automation | Per-agent | No |
-| [Outscraper](https://outscraper.com/) | Google Maps & business data | Per-agent | Yes |
 | [Playwriter](https://github.com/nicholasgriffintn/playwriter) | Browser with extensions | Per-agent | No |
 | [QuickFile](https://github.com/marcusquinn/quickfile-mcp) | Accounting API | Per-agent | Yes |
 | [Repomix](https://github.com/yamadashy/repomix) | Codebase packing for AI context | Per-agent | No |
 | [Sentry](https://sentry.io/) | Error tracking | Per-agent | Yes |
+| [shadcn](https://ui.shadcn.com/) | UI component library | Per-agent | No |
 | [Socket](https://socket.dev/) | Dependency security | Per-agent | No |
 | [Unstract](https://github.com/Zipstack/unstract) | Document data extraction | Per-agent | Yes |
 
@@ -872,7 +917,7 @@ MCP packages are installed globally via `bun install -g` for instant startup (no
 - **Global** - Tools always available (loaded into every session)
 - **Per-agent** - Tools disabled globally, enabled per-agent via config (zero context overhead when unused)
 
-**Performance optimization:** MCP packages are installed globally via `bun install -g` for instant startup (~0.1s vs 2-3s with `npx`). The framework uses a three-tier loading strategy: 7 MCPs load eagerly at startup, 13 MCPs load on-demand when their subagent is invoked. This reduces OpenCode startup time by 12-24 seconds.
+**Performance optimization:** MCP packages are installed globally via `bun install -g` for instant startup (~0.1s vs 2-3s with `npx`). The framework uses a three-tier loading strategy: MCPs load eagerly at startup or on-demand when their subagent is invoked. This reduces OpenCode startup time significantly.
 
 ### **SEO Integrations (curl subagents - no MCP overhead)**
 
@@ -888,6 +933,7 @@ These use direct API calls via curl, avoiding MCP server startup entirely:
 | [WebPageTest](https://www.webpagetest.org/) | Real-world performance testing from 40+ global locations | Yes |
 | [Hostinger](https://developers.hostinger.com/) | Hosting management | Yes |
 | [NeuronWriter](https://neuronwriter.com/) | Content optimization & NLP analysis | Yes |
+| [Outscraper](https://outscraper.com/) | Google Maps & business data extraction | Yes |
 
 ### **By Category**
 
@@ -934,7 +980,7 @@ These use direct API calls via curl, avoiding MCP server startup entirely:
 
 **Data Extraction:**
 
-- [Outscraper](https://outscraper.com/) - Google Maps, business data, reviews extraction
+- [Outscraper](https://outscraper.com/) - Google Maps, business data, reviews extraction (curl subagent)
 - [curl-copy](.agents/tools/browser/curl-copy.md) - Authenticated scraping via DevTools "Copy as cURL" (no browser automation needed)
 
 **Performance & Security:**
@@ -1262,25 +1308,12 @@ Add to your AI assistant's MCP configuration:
 }
 ```
 
-**Claude Code**:
+**claude-code CLI**:
 
 ```bash
 claude mcp add-json auggie-mcp --scope user '{"type":"stdio","command":"auggie","args":["--mcp"]}'
 ```
 
-**Cursor**: Settings → Tools & MCP → New MCP Server:
-
-```json
-{
-  "mcpServers": {
-    "augment-context-engine": {
-      "command": "bash",
-      "args": ["-c", "auggie --mcp -m default -w \"${WORKSPACE_FOLDER_PATHS%%,*}\""]
-    }
-  }
-}
-```
-
 ### Verification
 
 Test with this prompt:
@@ -1300,7 +1333,7 @@ The AI should provide a semantic understanding of your project architecture.
 | **Architecture review** | Repomix (compress) | 80% token reduction, structure only |
 | **CI/CD integration** | Repomix GitHub Action | Automated context in releases |
 
-See `.agents/tools/context/augment-context-engine.md` for complete documentation including configurations for Zed, GitHub Copilot, Kilo Code, Kiro, AntiGravity, Gemini CLI, and Factory.AI Droid.
+See `.agents/tools/context/augment-context-engine.md` for complete documentation.
 
 ### osgrep - Local Alternative (Experimental)
 
@@ -1361,11 +1394,7 @@ See `.agents/tools/context/llm-tldr.md` for complete documentation.
 
 aidevops implements the [Agent Skills](https://agentskills.io/) standard for cross-tool compatibility. Skills are auto-discovered by compatible AI assistants.
 
-**Generated SKILL.md files** in `~/.aidevops/agents/` provide skill metadata for:
-- Cursor
-- Claude Code
-- VS Code (GitHub Copilot)
-- Other Agent Skills-compatible tools
+**Generated SKILL.md files** in `~/.aidevops/agents/` provide skill metadata following the [Agent Skills standard](https://agentskills.io/specification). These are discoverable by any compatible tool.
 
 ### Claude Code Plugin Marketplace
 
@@ -1376,7 +1405,7 @@ aidevops is registered as a **Claude Code plugin marketplace**. Install with two
 /plugin install aidevops@aidevops
 ```
 
-This installs the complete framework: 14 primary agents, 614+ subagents, and 163 helper scripts.
+This installs the complete framework: 15 primary agents, 765+ subagents, and 172 helper scripts.
 
 ### Importing External Skills
 
@@ -1404,7 +1433,7 @@ aidevops skill add owner/repo --dry-run             # Preview without changes
 **Supported formats:**
 - `SKILL.md` - [Agent Skills standard](https://agentskills.io/specification) (preferred)
 - `AGENTS.md` - Claude Code agents format
-- `.cursorrules` - Cursor rules (auto-converted)
+- `.cursorrules` - Cursor rules format (auto-converted)
 
 **Features:**
 - Auto-detection of skill format and category placement
@@ -1458,21 +1487,21 @@ Ordered as they appear in OpenCode Tab selector and other AI assistants (15 tota
 | Marketing | `marketing.md` | Marketing strategy and automation | augment |
 | Research | `research.md` | Research and analysis tasks | context7, augment |
 | Sales | `sales.md` | Sales operations and CRM | augment |
-| SEO | `seo.md` | SEO optimization, Search Console, keyword research | gsc, ahrefs, dataforseo, serper, context7, augment |
+| SEO | `seo.md` | SEO optimization, Search Console, keyword research | gsc, ahrefs, serper, context7, augment |
 | Video | `video.md` | AI video generation, prompt engineering, programmatic video | augment |
 | WordPress | `wordpress.md` | WordPress ecosystem (dev, admin, MainWP, LocalWP) | localwp, context7, augment |
 
 ### **Example Subagents with MCP Integration**
 
-These are examples of subagents that have supporting MCPs enabled. See `.agents/` for the full list of 614+ subagents organized by domain.
+These are examples of subagents that have supporting MCPs enabled. See `.agents/` for the full list of 765+ subagents organized by domain.
 
 | Agent | Purpose | MCPs Enabled |
 |-------|---------|--------------|
 | `@hostinger` | Hosting, WordPress, DNS, domains | hostinger-api |
 | `@hetzner` | Cloud servers, firewalls, volumes | hetzner-* (multi-account) |
 | `@wordpress` | Local dev, MainWP management | localwp, context7 |
-| `@seo` | Search Console, keyword research, domain intelligence | gsc, ahrefs, dataforseo, serper, context7 |
-| `@dataforseo` | SERP, keywords, backlinks, on-page analysis | dataforseo |
+| `@seo` | Search Console, keyword research, domain intelligence | gsc, ahrefs, serper, context7 |
+| `@dataforseo` | SERP, keywords, backlinks, on-page analysis | (curl subagent) |
 | `@domain-research` | DNS intelligence: rDNS, subdomains, CNAMEs (THC + Reconeer) | (API-based) |
 | `@serper` | Google Search API (web, images, news, places) | serper |
 | `@list-keys` | List all configured API keys and storage locations | (read-only) |
@@ -1498,28 +1527,16 @@ These are examples of subagents that have supporting MCPs enabled. See `.agents/
 .agents/scripts/generate-opencode-agents.sh  # Shows status after generation
 ```
 
-### **Setup for Other AI Assistants**
+### **Claude Marketplace**
 
-**Claude Code** (recommended):
+aidevops is available in the Claude marketplace:
 
 ```bash
 /plugin marketplace add marcusquinn/aidevops
 /plugin install aidevops-all@aidevops
 ```
 
-**Agent Skills-compatible tools** (Cursor, VS Code, etc.):
-Skills are auto-discovered from `~/.aidevops/agents/` via SKILL.md files after running `setup.sh`.
-
-**Manual configuration** (other tools):
-Add to your AI assistant's system prompt:
-
-```text
-Before any DevOps operations, read ~/git/aidevops/AGENTS.md for authoritative guidance.
-
-When working with specific services, read the corresponding .agents/[service].md file
-for focused guidance. Available services: hostinger, hetzner, wordpress, seo,
-code-quality, browser-automation, git-platforms.
-```
+**Agent Skills (SKILL.md):** Auto-discovered from `~/.aidevops/agents/` after running `setup.sh`. Compatible with any tool that supports the [Agent Skills standard](https://agentskills.io/specification).
 
 ### **Continuous Improvement with @agent-review**
 
@@ -1955,6 +1972,18 @@ Commands invoke the corresponding workflow subagent with appropriate context.
 
 ---
 
+### **Agent Lifecycle (Three Tiers)**
+
+User-created agents survive `aidevops update`. Agents progress through tiers as they mature:
+
+| Tier | Location | Purpose | Survives Update |
+|------|----------|---------|-----------------|
+| **Draft** | `~/.aidevops/agents/draft/` | R&D, experimental, auto-created by orchestration tasks | Yes |
+| **Custom** | `~/.aidevops/agents/custom/` | User's permanent private agents | Yes |
+| **Shared** | `.agents/` in repo | Open-source, distributed to all users | Managed by repo |
+
+**Promotion workflow:** Draft agents that prove useful can be promoted to custom (private) or shared (open-source via PR). Orchestration agents can create drafts in `draft/` for reusable parallel processing context.
+
 ### **Creating Custom Agents**
 
 Create a markdown file in `~/.config/opencode/agent/` (OpenCode) or reference in your AI's system prompt:
@@ -2099,7 +2128,7 @@ aidevops/
 ├── .agents/                        # Agents and documentation
 │   ├── AGENTS.md                  # User guide (deployed to ~/.aidevops/agents/)
 │   ├── *.md                       # 15 primary agents
-│   ├── scripts/                   # 146 helper scripts
+│   ├── scripts/                   # 172 helper scripts
 │   ├── tools/                     # Cross-domain utilities (video, browser, git, etc.)
 │   ├── services/                  # External service integrations
 │   └── workflows/                 # Development process guides

package/VERSION

@@ -1 +1 @@
-2.104.0
+2.105.0

package/aidevops.sh

@@ -3,7 +3,7 @@
 # AI DevOps Framework CLI
 # Usage: aidevops <command> [options]
 #
-# Version: 2.104.0
+# Version: 2.105.0
 
 set -euo pipefail
 
@@ -492,12 +492,8 @@ cmd_status() {
     
     local ai_configs=(
         "$HOME/.config/opencode/opencode.json:OpenCode"
-        "$HOME/.cursor/rules:Cursor"
-        "$HOME/.claude/commands:Claude Code"
-        "$HOME/.continue:Continue.dev"
+        "$HOME/.claude/commands:Claude Code CLI"
         "$HOME/CLAUDE.md:Claude Code memory"
-        "$HOME/GEMINI.md:Gemini CLI memory"
-        "$HOME/.cursorrules:Cursor rules"
     )
     
     for config in "${ai_configs[@]}"; do
@@ -724,10 +720,7 @@ cmd_uninstall() {
     
     local ai_agent_files=(
         "$HOME/.config/opencode/agent/AGENTS.md"
-        "$HOME/.cursor/rules/AGENTS.md"
         "$HOME/.claude/commands/AGENTS.md"
-        "$HOME/.continue/AGENTS.md"
-        "$HOME/.cody/AGENTS.md"
         "$HOME/.opencode/AGENTS.md"
     )
     
@@ -760,10 +753,6 @@ cmd_uninstall() {
     print_info "Removing AI memory files..."
     local memory_files=(
         "$HOME/CLAUDE.md"
-        "$HOME/GEMINI.md"
-        "$HOME/WINDSURF.md"
-        "$HOME/.qwen/QWEN.md"
-        "$HOME/.factory/DROID.md"
     )
     
     for file in "${memory_files[@]}"; do
@@ -1106,6 +1095,24 @@ EOF
         fi
     fi
     
+    # Generate collaborator pointer files (lightweight AGENTS.md references)
+    local pointer_content="Read AGENTS.md for all project context and instructions."
+    local pointer_files=(".cursorrules" ".windsurfrules" ".clinerules" ".github/copilot-instructions.md")
+    local pointer_created=0
+    for pf in "${pointer_files[@]}"; do
+        local pf_path="$project_root/$pf"
+        if [[ ! -f "$pf_path" ]]; then
+            mkdir -p "$(dirname "$pf_path")"
+            echo "$pointer_content" > "$pf_path"
+            ((pointer_created++))
+        fi
+    done
+    if [[ $pointer_created -gt 0 ]]; then
+        print_success "Created $pointer_created collaborator pointer file(s) (.cursorrules, etc.)"
+    else
+        print_info "Collaborator pointer files already exist"
+    fi
+    
     # Build features string for registration
     local features_list=""
     [[ "$enable_planning" == "true" ]] && features_list="${features_list}planning,"
@@ -1872,6 +1879,15 @@ cmd_skill() {
             print_info "Generating SKILL.md stubs for cross-tool discovery..."
             bash "$generate_script" "$@"
             ;;
+        scan)
+            local security_script="$AGENTS_DIR/scripts/security-helper.sh"
+            if [[ ! -f "$security_script" ]]; then
+                print_error "security-helper.sh not found"
+                print_info "Run 'aidevops update' to get the latest scripts"
+                return 1
+            fi
+            bash "$security_script" skill-scan "$@"
+            ;;
         clean)
             local generate_script="$AGENTS_DIR/scripts/generate-skills.sh"
             if [[ ! -f "$generate_script" ]]; then
@@ -1895,6 +1911,7 @@ cmd_skill() {
             echo "  check            Check for upstream updates"
             echo "  update [name]    Update specific or all skills"
             echo "  remove <name>    Remove an imported skill"
+            echo "  scan [name]      Security scan imported skills (Cisco Skill Scanner)"
             echo "  status           Show detailed skill status"
             echo "  generate         Generate SKILL.md stubs for cross-tool discovery"
             echo "  clean            Remove generated SKILL.md stubs"
@@ -1910,6 +1927,8 @@ cmd_skill() {
             echo "  aidevops skill add expo/skills --name expo-dev"
             echo "  aidevops skill check"
             echo "  aidevops skill update"
+            echo "  aidevops skill scan"
+            echo "  aidevops skill scan cloudflare-platform"
             echo "  aidevops skill generate --dry-run"
             echo ""
             echo "Imported skills are saved with a -skill suffix to distinguish"
@@ -1945,6 +1964,7 @@ cmd_help() {
     echo "  upgrade            Alias for update"
     echo "  update-tools       Check for outdated tools (--update to auto-update)"
     echo "  repos [cmd]        Manage registered projects (list/add/remove/clean)"
+    echo "  secret <cmd>       Manage secrets (set/list/run/init/import/status)"
     echo "  detect             Find and register aidevops projects"
     echo "  uninstall          Remove aidevops from your system"
     echo "  version            Show version information"
@@ -1964,6 +1984,14 @@ cmd_help() {
     echo "  aidevops update-tools -u     # Update all outdated tools"
     echo "  aidevops uninstall           # Remove aidevops"
     echo ""
+    echo "Secrets:"
+    echo "  aidevops secret set NAME     # Store a secret (hidden input)"
+    echo "  aidevops secret list         # List secret names (never values)"
+    echo "  aidevops secret run CMD      # Run with secrets injected + redacted"
+    echo "  aidevops secret init         # Initialize gopass encrypted store"
+    echo "  aidevops secret import       # Import from credentials.sh to gopass"
+    echo "  aidevops secret status       # Show backend status"
+    echo ""
     echo "Skills:"
     echo "  aidevops skill add <source>  # Import a skill from GitHub"
     echo "  aidevops skill list          # List imported skills"
@@ -2058,6 +2086,19 @@ main() {
         detect|scan)
             cmd_detect
             ;;
+        secret|secrets)
+            shift
+            local secret_helper="$AGENTS_DIR/scripts/secret-helper.sh"
+            if [[ ! -f "$secret_helper" ]]; then
+                secret_helper="$INSTALL_DIR/.agents/scripts/secret-helper.sh"
+            fi
+            if [[ -f "$secret_helper" ]]; then
+                bash "$secret_helper" "$@"
+            else
+                print_error "secret-helper.sh not found. Run: aidevops update"
+                exit 1
+            fi
+            ;;
         uninstall|remove)
             cmd_uninstall
             ;;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aidevops",
-  "version": "2.104.0",
+  "version": "2.105.0",
   "description": "AI DevOps Framework - AI-assisted development workflows, code quality, and deployment automation",
   "type": "module",
   "main": "index.js",