aidevops 2.106.0 → 2.108.0

package/README.md

@@ -92,10 +92,10 @@ The result: AI agents that work *with* your development process, not around it.
 
 ### Agent Structure
 
-- Primary agents (Build+, SEO, Marketing, etc.) with @plan-plus subagent for planning-only mode
-- 765+ subagent markdown files organized by domain
-- 172 helper scripts in `.agents/scripts/`
-- 28 slash commands for common workflows
+- 11 primary agents (Build+, SEO, Marketing, etc.) with specialist @subagents on demand
+- 735+ subagent markdown files organized by domain
+- 194 helper scripts in `.agents/scripts/`
+- 53 slash commands for common workflows
 
 <!-- AI-CONTEXT-END -->
 
@@ -257,26 +257,6 @@ See `.agents/tools/task-management/beads.md` for complete documentation and inst
 
 **Your AI assistant now has agentic access to 30+ service integrations.**
 
-### OpenCode Antigravity OAuth Plugin
-
-The setup automatically installs the [opencode-antigravity-auth](https://github.com/NoeFabris/opencode-antigravity-auth) plugin, enabling Google OAuth authentication for OpenCode. This gives you access to Antigravity rate limits and premium models.
-
-**After setup, authenticate:**
-
-```bash
-opencode auth login
-# Select: Google → OAuth with Google (Antigravity)
-# Press Enter to skip Project ID prompt
-```
-
-**Available models via Antigravity:**
-
-- `gemini-3-pro-high` / `gemini-3-pro-low` / `gemini-3-flash`
-- `claude-sonnet-4-5` / `claude-sonnet-4-5-thinking` / `claude-opus-4-5-thinking`
-- `gpt-oss-120b-medium`
-
-**Multi-account load balancing:** Add multiple Google accounts for automatic rate limit distribution and failover. See the [plugin documentation](https://github.com/NoeFabris/opencode-antigravity-auth) for model configuration.
-
 ### OpenCode Anthropic OAuth (Built-in)
 
 OpenCode v1.1.36+ includes Anthropic OAuth authentication natively. No external plugin is needed.
@@ -453,7 +433,7 @@ aidevops implements proven agent design patterns identified by [Lance Martin (La
 
 | Pattern | Description | aidevops Implementation |
 |---------|-------------|------------------------|
-| **Give Agents a Computer** | Filesystem + shell for persistent context | `~/.aidevops/.agent-workspace/`, 172 helper scripts |
+| **Give Agents a Computer** | Filesystem + shell for persistent context | `~/.aidevops/.agent-workspace/`, 194 helper scripts |
 | **Multi-Layer Action Space** | Few tools, push actions to computer | Per-agent MCP filtering (~12-20 tools each) |
 | **Progressive Disclosure** | Load context on-demand | Subagent routing with content summaries, YAML frontmatter, read-on-demand |
 | **Offload Context** | Write results to filesystem | `.agent-workspace/work/[project]/` for persistence |
@@ -465,6 +445,8 @@ aidevops implements proven agent design patterns identified by [Lance Martin (La
 | **Evolve Context** | Learn from sessions | `/remember`, `/recall` with SQLite FTS5 + opt-in semantic search |
 | **Pattern Tracking** | Learn what works/fails | `pattern-tracker-helper.sh`, `/patterns` command |
 | **Cost-Aware Routing** | Match model to task complexity | `model-routing.md` with 5-tier guidance, `/route` command |
+| **Model Comparison** | Compare models side-by-side | `/compare-models` (live data), `/compare-models-free` (offline) |
+| **Response Scoring** | Evaluate actual model outputs | `/score-responses` with structured criteria |
 
 **Key insight**: Context is a finite resource with diminishing returns. aidevops treats every token as precious - loading only what's needed, when it's needed.
 
@@ -886,7 +868,7 @@ See `.agents/tools/ocr/glm-ocr.md` for batch processing, PDF workflows, and Peek
 
 ## **MCP Integrations**
 
-**Model Context Protocol servers for real-time AI assistant integration.** The framework configures these MCPs for **[OpenCode](https://opencode.ai/)** (TUI, Desktop, and Extension for Zed/VSCode/AntiGravity).
+**Model Context Protocol servers for real-time AI assistant integration.** The framework configures these MCPs for **[OpenCode](https://opencode.ai/)** (TUI, Desktop, and Extension for Zed/VSCode).
 
 ### **All Supported MCPs (19 available)**
 
@@ -1406,7 +1388,7 @@ aidevops is registered as a **Claude Code plugin marketplace**. Install with two
 /plugin install aidevops@aidevops
 ```
 
-This installs the complete framework: 15 primary agents, 765+ subagents, and 172 helper scripts.
+This installs the complete framework: 11 primary agents, 735+ subagents, and 194 helper scripts.
 
 ### Importing External Skills
 
@@ -1472,29 +1454,27 @@ Call them in your AI assistant conversation with a simple @mention
 
 ### **Main Agents**
 
-Ordered as they appear in OpenCode Tab selector and other AI assistants (15 total):
-
-| Name | File | Purpose | MCPs Enabled |
-|------|------|---------|--------------|
-| @plan-plus | `plan-plus.md` | Planning-only subagent (Build+ handles planning by default) | context7, augment, repomix |
-| Build+ | `build-plus.md` | Enhanced Build with context tools | context7, augment, repomix |
-| Build-Agent | `build-agent.md` | Design and improve AI agents | context7, augment, repomix |
-| Build-MCP | `build-mcp.md` | Build MCP servers with TS+Bun+ElysiaJS | context7, augment, repomix |
-| Accounts | `accounts.md` | Financial operations | quickfile, augment |
-| AI-DevOps | `aidevops.md` | Framework operations, meta-agents, setup | context7, augment, repomix |
-| Content | `content.md` | Content creation, humanise AI text | augment |
-| Health | `health.md` | Health and wellness guidance | augment |
-| Legal | `legal.md` | Legal compliance and documentation | augment |
-| Marketing | `marketing.md` | Marketing strategy and automation | augment |
-| Research | `research.md` | Research and analysis tasks | context7, augment |
-| Sales | `sales.md` | Sales operations and CRM | augment |
-| SEO | `seo.md` | SEO optimization, Search Console, keyword research | gsc, ahrefs, serper, context7, augment |
-| Video | `video.md` | AI video generation, prompt engineering, programmatic video | augment |
-| WordPress | `wordpress.md` | WordPress ecosystem (dev, admin, MainWP, LocalWP) | localwp, context7, augment |
+Primary agents as registered in `subagent-index.toon` (11 total). MCPs are loaded on-demand per subagent, not per primary agent:
+
+| Name | File | Purpose | Model Tier |
+|------|------|---------|------------|
+| Build+ | `build-plus.md` | Enhanced Build with context tools (default agent) | opus |
+| Accounts | `accounts.md` | Financial operations | opus |
+| Content | `content.md` | Content creation workflows | opus |
+| Health | `health.md` | Health and wellness | opus |
+| Legal | `legal.md` | Legal compliance | opus |
+| Marketing | `marketing.md` | Marketing strategy and email campaigns | opus |
+| Research | `research.md` | Research and analysis tasks | gemini/grok |
+| Sales | `sales.md` | Sales operations and CRM pipeline | opus |
+| SEO | `seo.md` | SEO optimization and analysis | opus |
+| Social-Media | `social-media.md` | Social media management | opus |
+| Video | `video.md` | AI video generation and prompt engineering | opus |
+
+**Specialist subagents** (@plan-plus, @aidevops, @wordpress, Build-Agent, Build-MCP, etc.) live under `tools/` or as `mode: subagent` files and are invoked via @mention when domain expertise is needed. See `subagent-index.toon` for the full listing.
 
 ### **Example Subagents with MCP Integration**
 
-These are examples of subagents that have supporting MCPs enabled. See `.agents/` for the full list of 765+ subagents organized by domain.
+These are examples of subagents that have supporting MCPs enabled. See `.agents/` for the full list of 735+ subagents organized by domain.
 
 | Agent | Purpose | MCPs Enabled |
 |-------|---------|--------------|
@@ -1712,6 +1692,15 @@ Configure time tracking per-repo via `.aidevops.json`.
 | `/runners` | Batch dispatch tasks to parallel agents (task IDs, PR URLs, or descriptions) |
 | `/log-issue-aidevops` | Report issues with aidevops (gathers diagnostics, checks duplicates, creates GitHub issue) |
 
+**AI Model Comparison**:
+
+| Command | Purpose |
+|---------|---------|
+| `/compare-models` | Compare AI models by pricing, context, capabilities (with live web data) |
+| `/compare-models-free` | Compare AI models using offline embedded data only (no web fetches) |
+| `/score-responses` | Score and compare actual model responses with structured criteria |
+| `/route` | Suggest optimal model tier for a task description |
+
 ### Ralph Loop - Iterative AI Development
 
 The **Ralph Loop** (named after Ralph Wiggum's persistent optimism) enables autonomous iterative development. The AI keeps working on a task until it's complete, automatically resolving issues that arise.
@@ -2128,8 +2117,8 @@ aidevops/
 ├── AGENTS.md                      # AI agent guidance (dev)
 ├── .agents/                        # Agents and documentation
 │   ├── AGENTS.md                  # User guide (deployed to ~/.aidevops/agents/)
-│   ├── *.md                       # 15 primary agents
-│   ├── scripts/                   # 172 helper scripts
+│   ├── *.md                       # 11 primary agents
+│   ├── scripts/                   # 194 helper scripts
 │   ├── tools/                     # Cross-domain utilities (video, browser, git, etc.)
 │   ├── services/                  # External service integrations
 │   └── workflows/                 # Development process guides

package/VERSION

@@ -1 +1 @@
-2.106.0
+2.108.0

package/aidevops.sh

@@ -3,7 +3,7 @@
 # AI DevOps Framework CLI
 # Usage: aidevops <command> [options]
 #
-# Version: 2.106.0
+# Version: 2.108.0
 
 set -euo pipefail
 
@@ -597,6 +597,7 @@ cmd_update() {
             print_error "Failed to create temp file for setup script"
             return 1
         }
+        trap 'rm -f "${tmp_setup:-}"' RETURN
         if curl -fsSL "https://raw.githubusercontent.com/marcusquinn/aidevops/main/setup.sh" -o "$tmp_setup" 2>/dev/null && [[ -s "$tmp_setup" ]]; then
             chmod +x "$tmp_setup"
             bash "$tmp_setup"
@@ -851,6 +852,7 @@ cmd_init() {
     local enable_time_tracking=false
     local enable_database=false
     local enable_beads=false
+    local enable_sops=false
     
     case "$features" in
         all)
@@ -881,6 +883,9 @@ cmd_init() {
             enable_beads=true
             enable_planning=true  # beads requires planning
             ;;
+        sops)
+            enable_sops=true
+            ;;
         *)
             # Comma-separated list
             IFS=',' read -ra FEATURE_LIST <<< "$features"
@@ -898,6 +903,7 @@ cmd_init() {
                         enable_beads=true
                         enable_planning=true
                         ;;
+                    sops) enable_sops=true ;;
                 esac
             done
             ;;
@@ -933,13 +939,31 @@ cmd_init() {
     "seeds_path": "seeds",
     "auto_generate_migration": true
   },
-  "beads": {
-    "enabled": $enable_beads,
-    "sync_on_commit": false,
-    "auto_ready_check": true
-  }
+    "beads": {
+      "enabled": $enable_beads,
+      "sync_on_commit": false,
+      "auto_ready_check": true
+    },
+    "sops": {
+      "enabled": $enable_sops,
+      "backend": "age",
+      "patterns": ["*.secret.yaml", "*.secret.json", "configs/*.enc.json", "configs/*.enc.yaml"]
+    }
+  },
+  "plugins": []
 }
 EOF
+    # Note: plugins array is always present but empty by default.
+    # Users add plugins via: aidevops plugin add <repo-url> [--namespace <name>]
+    # Schema per plugin entry:
+    # {
+    #   "name": "pro",
+    #   "repo": "https://github.com/user/aidevops-pro.git",
+    #   "branch": "main",
+    #   "namespace": "pro",
+    #   "enabled": true
+    # }
+    # Plugins deploy to ~/.aidevops/agents/<namespace>/ (namespaced, no collisions)
     print_success "Created .aidevops.json"
     
     # Create .agents symlink (or migrate from legacy .agent)
@@ -1109,6 +1133,77 @@ EOF
         fi
     fi
     
+    # Initialize SOPS if enabled
+    if [[ "$enable_sops" == "true" ]]; then
+        print_info "Setting up SOPS encrypted config support..."
+        
+        # Check for sops and age
+        local sops_ready=true
+        if ! command -v sops &>/dev/null; then
+            print_warning "SOPS not installed"
+            echo "  Install with: brew install sops"
+            sops_ready=false
+        fi
+        if ! command -v age-keygen &>/dev/null; then
+            print_warning "age not installed (default SOPS backend)"
+            echo "  Install with: brew install age"
+            sops_ready=false
+        fi
+        
+        # Generate age key if none exists
+        local age_key_file="$HOME/.config/sops/age/keys.txt"
+        if [[ "$sops_ready" == "true" ]] && [[ ! -f "$age_key_file" ]]; then
+            print_info "Generating age key for SOPS..."
+            mkdir -p "$(dirname "$age_key_file")"
+            age-keygen -o "$age_key_file" 2>/dev/null
+            chmod 600 "$age_key_file"
+            print_success "Age key generated at $age_key_file"
+        fi
+        
+        # Create .sops.yaml if it doesn't exist
+        if [[ ! -f "$project_root/.sops.yaml" ]]; then
+            local age_pubkey=""
+            if [[ -f "$age_key_file" ]]; then
+                age_pubkey=$(grep -o 'age1[a-z0-9]*' "$age_key_file" | head -1)
+            fi
+            
+            if [[ -n "$age_pubkey" ]]; then
+                cat > "$project_root/.sops.yaml" << SOPSEOF
+# SOPS configuration - encrypts values in config files while keeping keys visible
+# See: .agents/tools/credentials/sops.md
+creation_rules:
+  - path_regex: '\.secret\.(yaml|yml|json)$'
+    age: >-
+      $age_pubkey
+  - path_regex: 'configs/.*\.enc\.(yaml|yml|json)$'
+    age: >-
+      $age_pubkey
+SOPSEOF
+                print_success "Created .sops.yaml with age key"
+            else
+                cat > "$project_root/.sops.yaml" << 'SOPSEOF'
+# SOPS configuration - encrypts values in config files while keeping keys visible
+# See: .agents/tools/credentials/sops.md
+#
+# Generate an age key first:
+#   age-keygen -o ~/.config/sops/age/keys.txt
+#
+# Then replace AGE_PUBLIC_KEY below with your public key:
+creation_rules:
+  - path_regex: '\.secret\.(yaml|yml|json)$'
+    age: >-
+      AGE_PUBLIC_KEY
+  - path_regex: 'configs/.*\.enc\.(yaml|yml|json)$'
+    age: >-
+      AGE_PUBLIC_KEY
+SOPSEOF
+                print_warning "Created .sops.yaml template (replace AGE_PUBLIC_KEY with your key)"
+            fi
+        else
+            print_info ".sops.yaml already exists"
+        fi
+    fi
+    
     # Add to .gitignore if needed
     local gitignore="$project_root/.gitignore"
     if [[ -f "$gitignore" ]]; then
@@ -1159,6 +1254,7 @@ EOF
     [[ "$enable_time_tracking" == "true" ]] && features_list="${features_list}time-tracking,"
     [[ "$enable_database" == "true" ]] && features_list="${features_list}database,"
     [[ "$enable_beads" == "true" ]] && features_list="${features_list}beads,"
+    [[ "$enable_sops" == "true" ]] && features_list="${features_list}sops,"
     features_list="${features_list%,}"  # Remove trailing comma
     
     # Register repo in repos.json
@@ -1174,6 +1270,7 @@ EOF
     [[ "$enable_time_tracking" == "true" ]] && echo "  ✓ Time tracking (estimates, actuals)"
     [[ "$enable_database" == "true" ]] && echo "  ✓ Database (schemas/, migrations/, seeds/)"
     [[ "$enable_beads" == "true" ]] && echo "  ✓ Beads (task graph visualization)"
+    [[ "$enable_sops" == "true" ]] && echo "  ✓ SOPS (encrypted config files with age backend)"
     echo ""
     echo "Next steps:"
     if [[ "$enable_beads" == "true" ]]; then
@@ -1388,6 +1485,7 @@ cmd_upgrade_planning() {
                 local temp_file="${todo_file}.merge"
                 local tasks_file
                 tasks_file=$(mktemp)
+                trap 'rm -f "${tasks_file:-}"' RETURN
                 printf '%s\n' "$existing_tasks" > "$tasks_file"
                 # Use while-read to avoid BSD awk "newline in string" warning with -v
                 local in_backlog=false
@@ -1452,6 +1550,7 @@ cmd_upgrade_planning() {
                 local temp_file="${plans_file}.merge"
                 local plans_content_file
                 plans_content_file=$(mktemp)
+                trap 'rm -f "${plans_content_file:-}"' RETURN
                 printf '%s\n' "$existing_plans" > "$plans_content_file"
                 # Use while-read to avoid BSD awk "newline in string" warning with -v
                 local in_active=false
@@ -1558,12 +1657,27 @@ cmd_features() {
     echo "                 - Ready task detection (/ready)"
     echo "                 - Bi-directional sync with TODO.md/PLANS.md"
     echo ""
+    echo "  sops           Encrypted config files with SOPS + age"
+    echo "                 - Value-level encryption (keys visible, values encrypted)"
+    echo "                 - .sops.yaml with age backend (simpler than GPG)"
+    echo "                 - Patterns: *.secret.yaml, configs/*.enc.json"
+    echo "                 - See: .agents/tools/credentials/sops.md"
+    echo ""
+    echo "Extensibility:"
+    echo ""
+    echo "  plugins        Third-party agent plugins (configured in .aidevops.json)"
+    echo "                 - Git repos deployed to ~/.aidevops/agents/<namespace>/"
+    echo "                 - Namespaced to avoid collisions with core agents"
+    echo "                 - Enable/disable per-plugin without removal"
+    echo "                 - See: .agents/aidevops/plugins.md"
+    echo ""
     echo "Usage:"
-    echo "  aidevops init                    # Enable all features"
+    echo "  aidevops init                    # Enable all features (except sops)"
     echo "  aidevops init planning           # Enable only planning"
+    echo "  aidevops init sops               # Enable SOPS encryption"
     echo "  aidevops init beads              # Enable beads (includes planning)"
     echo "  aidevops init database           # Enable only database"
-    echo "  aidevops init planning,database  # Enable multiple"
+    echo "  aidevops init planning,sops      # Enable multiple"
     echo ""
 }
 
@@ -1980,6 +2094,444 @@ cmd_skill() {
     esac
 }
 
+# Plugin management command
+cmd_plugin() {
+    local action="${1:-help}"
+    shift || true
+
+    local plugins_file="$CONFIG_DIR/plugins.json"
+    local agents_dir="$AGENTS_DIR"
+
+    # Reserved namespaces that plugins cannot use
+    local reserved_namespaces="custom draft scripts tools services workflows templates memory plugins seo wordpress aidevops"
+
+    # Ensure config dir exists
+    mkdir -p "$CONFIG_DIR"
+
+    # Initialize plugins.json if missing
+    if [[ ! -f "$plugins_file" ]]; then
+        echo '{"plugins":[]}' > "$plugins_file"
+    fi
+
+    #######################################
+    # Validate a namespace is safe to use
+    # Arguments: namespace
+    # Returns: 0 if valid, 1 if reserved/invalid
+    #######################################
+    validate_namespace() {
+        local ns="$1"
+        # Must be lowercase alphanumeric with hyphens
+        if [[ ! "$ns" =~ ^[a-z][a-z0-9-]*$ ]]; then
+            print_error "Invalid namespace '$ns': must be lowercase alphanumeric with hyphens, starting with a letter"
+            return 1
+        fi
+        # Must not be reserved
+        local reserved
+        for reserved in $reserved_namespaces; do
+            if [[ "$ns" == "$reserved" ]]; then
+                print_error "Namespace '$ns' is reserved. Choose a different name."
+                return 1
+            fi
+        done
+        return 0
+    }
+
+    #######################################
+    # Get a plugin field from plugins.json
+    # Arguments: plugin_name, field
+    #######################################
+    get_plugin_field() {
+        local name="$1"
+        local field="$2"
+        jq -r --arg n "$name" --arg f "$field" '.plugins[] | select(.name == $n) | .[$f] // empty' "$plugins_file" 2>/dev/null || echo ""
+    }
+
+    case "$action" in
+        add|a)
+            if [[ $# -lt 1 ]]; then
+                print_error "Repository URL required"
+                echo ""
+                echo "Usage: aidevops plugin add <repo-url> [options]"
+                echo ""
+                echo "Options:"
+                echo "  --namespace <name>   Namespace directory (default: derived from repo name)"
+                echo "  --branch <branch>    Branch to track (default: main)"
+                echo "  --name <name>        Human-readable name (default: derived from repo)"
+                echo ""
+                echo "Examples:"
+                echo "  aidevops plugin add https://github.com/marcusquinn/aidevops-pro.git --namespace pro"
+                echo "  aidevops plugin add https://github.com/marcusquinn/aidevops-anon.git --namespace anon"
+                return 1
+            fi
+
+            local repo_url="$1"
+            shift
+            local namespace="" branch="main" plugin_name=""
+
+            # Parse options
+            while [[ $# -gt 0 ]]; do
+                case "$1" in
+                    --namespace|--ns) namespace="$2"; shift 2 ;;
+                    --branch|-b) branch="$2"; shift 2 ;;
+                    --name|-n) plugin_name="$2"; shift 2 ;;
+                    *) print_error "Unknown option: $1"; return 1 ;;
+                esac
+            done
+
+            # Derive namespace from repo URL if not provided
+            if [[ -z "$namespace" ]]; then
+                namespace=$(basename "$repo_url" .git | sed 's/^aidevops-//')
+                namespace=$(echo "$namespace" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g')
+            fi
+
+            # Derive name from namespace if not provided
+            if [[ -z "$plugin_name" ]]; then
+                plugin_name="$namespace"
+            fi
+
+            # Validate namespace
+            if ! validate_namespace "$namespace"; then
+                return 1
+            fi
+
+            # Check if plugin already exists
+            local existing
+            existing=$(jq -r --arg n "$plugin_name" '.plugins[] | select(.name == $n) | .name' "$plugins_file" 2>/dev/null || echo "")
+            if [[ -n "$existing" ]]; then
+                print_error "Plugin '$plugin_name' already exists. Use 'aidevops plugin update $plugin_name' to update."
+                return 1
+            fi
+
+            # Check if namespace is already in use
+            if [[ -d "$agents_dir/$namespace" ]]; then
+                local ns_owner
+                ns_owner=$(jq -r --arg ns "$namespace" '.plugins[] | select(.namespace == $ns) | .name' "$plugins_file" 2>/dev/null || echo "")
+                if [[ -n "$ns_owner" ]]; then
+                    print_error "Namespace '$namespace' is already used by plugin '$ns_owner'"
+                else
+                    print_error "Directory '$agents_dir/$namespace/' already exists"
+                    echo "  Choose a different namespace with --namespace <name>"
+                fi
+                return 1
+            fi
+
+            print_info "Adding plugin '$plugin_name' from $repo_url..."
+            print_info "  Namespace: $namespace"
+            print_info "  Branch: $branch"
+
+            # Clone the repo
+            local clone_dir="$agents_dir/$namespace"
+            if ! git clone --branch "$branch" --depth 1 "$repo_url" "$clone_dir" 2>&1; then
+                print_error "Failed to clone repository"
+                rm -rf "$clone_dir" 2>/dev/null || true
+                return 1
+            fi
+
+            # Remove .git directory (we track via plugins.json, not nested git)
+            rm -rf "$clone_dir/.git"
+
+            # Add to plugins.json
+            local tmp_file="${plugins_file}.tmp"
+            jq --arg name "$plugin_name" \
+               --arg repo "$repo_url" \
+               --arg branch "$branch" \
+               --arg ns "$namespace" \
+               '.plugins += [{"name": $name, "repo": $repo, "branch": $branch, "namespace": $ns, "enabled": true}]' \
+               "$plugins_file" > "$tmp_file" && mv "$tmp_file" "$plugins_file"
+
+            print_success "Plugin '$plugin_name' installed to $clone_dir"
+            echo ""
+            echo "  Agents available at: ~/.aidevops/agents/$namespace/"
+            echo "  Update: aidevops plugin update $plugin_name"
+            echo "  Remove: aidevops plugin remove $plugin_name"
+            ;;
+
+        list|ls|l)
+            local count
+            count=$(jq '.plugins | length' "$plugins_file" 2>/dev/null || echo "0")
+
+            if [[ "$count" == "0" ]]; then
+                echo "No plugins installed."
+                echo ""
+                echo "Add a plugin: aidevops plugin add <repo-url> --namespace <name>"
+                return 0
+            fi
+
+            echo "Installed plugins ($count):"
+            echo ""
+            printf "  %-15s %-10s %-8s %s\n" "NAME" "NAMESPACE" "ENABLED" "REPO"
+            printf "  %-15s %-10s %-8s %s\n" "----" "---------" "-------" "----"
+
+            jq -r '.plugins[] | "  \(.name)\t\(.namespace)\t\(.enabled // true)\t\(.repo)"' "$plugins_file" 2>/dev/null | \
+                while IFS=$'\t' read -r name ns enabled repo; do
+                    local status_icon="yes"
+                    if [[ "$enabled" == "false" ]]; then
+                        status_icon="no"
+                    fi
+                    printf "  %-15s %-10s %-8s %s\n" "$name" "$ns" "$status_icon" "$repo"
+                done
+            ;;
+
+        update|u)
+            local target="${1:-}"
+
+            if [[ -n "$target" ]]; then
+                # Update specific plugin
+                local repo ns branch_name
+                repo=$(get_plugin_field "$target" "repo")
+                ns=$(get_plugin_field "$target" "namespace")
+                branch_name=$(get_plugin_field "$target" "branch")
+                branch_name="${branch_name:-main}"
+
+                if [[ -z "$repo" ]]; then
+                    print_error "Plugin '$target' not found"
+                    return 1
+                fi
+
+                print_info "Updating plugin '$target'..."
+                local clone_dir="$agents_dir/$ns"
+                rm -rf "$clone_dir"
+                if git clone --branch "$branch_name" --depth 1 "$repo" "$clone_dir" 2>&1; then
+                    rm -rf "$clone_dir/.git"
+                    print_success "Plugin '$target' updated"
+                else
+                    print_error "Failed to update plugin '$target'"
+                    return 1
+                fi
+            else
+                # Update all enabled plugins
+                local names
+                names=$(jq -r '.plugins[] | select(.enabled != false) | .name' "$plugins_file" 2>/dev/null || echo "")
+                if [[ -z "$names" ]]; then
+                    echo "No enabled plugins to update."
+                    return 0
+                fi
+
+                local failed=0
+                while IFS= read -r pname; do
+                    [[ -z "$pname" ]] && continue
+                    local prepo pns pbranch
+                    prepo=$(get_plugin_field "$pname" "repo")
+                    pns=$(get_plugin_field "$pname" "namespace")
+                    pbranch=$(get_plugin_field "$pname" "branch")
+                    pbranch="${pbranch:-main}"
+
+                    print_info "Updating '$pname'..."
+                    local pdir="$agents_dir/$pns"
+                    rm -rf "$pdir"
+                    if git clone --branch "$pbranch" --depth 1 "$prepo" "$pdir" 2>/dev/null; then
+                        rm -rf "$pdir/.git"
+                        print_success "  '$pname' updated"
+                    else
+                        print_error "  '$pname' failed to update"
+                        failed=$((failed + 1))
+                    fi
+                done <<< "$names"
+
+                if [[ "$failed" -gt 0 ]]; then
+                    print_warning "$failed plugin(s) failed to update"
+                    return 1
+                fi
+                print_success "All plugins updated"
+            fi
+            ;;
+
+        enable)
+            if [[ $# -lt 1 ]]; then
+                print_error "Plugin name required"
+                echo "Usage: aidevops plugin enable <name>"
+                return 1
+            fi
+            local target_name="$1"
+            local target_repo target_ns target_branch
+            target_repo=$(get_plugin_field "$target_name" "repo")
+            if [[ -z "$target_repo" ]]; then
+                print_error "Plugin '$target_name' not found"
+                return 1
+            fi
+
+            target_ns=$(get_plugin_field "$target_name" "namespace")
+            target_branch=$(get_plugin_field "$target_name" "branch")
+            target_branch="${target_branch:-main}"
+
+            # Update enabled flag
+            local tmp_file="${plugins_file}.tmp"
+            jq --arg n "$target_name" '(.plugins[] | select(.name == $n)).enabled = true' "$plugins_file" > "$tmp_file" && mv "$tmp_file" "$plugins_file"
+
+            # Deploy if not already present
+            if [[ ! -d "$agents_dir/$target_ns" ]]; then
+                print_info "Deploying plugin '$target_name'..."
+                if git clone --branch "$target_branch" --depth 1 "$target_repo" "$agents_dir/$target_ns" 2>/dev/null; then
+                    rm -rf "$agents_dir/$target_ns/.git"
+                fi
+            fi
+
+            print_success "Plugin '$target_name' enabled"
+            ;;
+
+        disable)
+            if [[ $# -lt 1 ]]; then
+                print_error "Plugin name required"
+                echo "Usage: aidevops plugin disable <name>"
+                return 1
+            fi
+            local target_name="$1"
+            local target_ns
+            target_ns=$(get_plugin_field "$target_name" "namespace")
+            if [[ -z "$target_ns" ]]; then
+                print_error "Plugin '$target_name' not found"
+                return 1
+            fi
+
+            # Update enabled flag
+            local tmp_file="${plugins_file}.tmp"
+            jq --arg n "$target_name" '(.plugins[] | select(.name == $n)).enabled = false' "$plugins_file" > "$tmp_file" && mv "$tmp_file" "$plugins_file"
+
+            # Remove deployed files
+            if [[ -d "$agents_dir/$target_ns" ]]; then
+                rm -rf "$agents_dir/$target_ns"
+            fi
+
+            print_success "Plugin '$target_name' disabled (config preserved)"
+            ;;
+
+        remove|rm)
+            if [[ $# -lt 1 ]]; then
+                print_error "Plugin name required"
+                echo "Usage: aidevops plugin remove <name>"
+                return 1
+            fi
+            local target_name="$1"
+            local target_ns
+            target_ns=$(get_plugin_field "$target_name" "namespace")
+            if [[ -z "$target_ns" ]]; then
+                print_error "Plugin '$target_name' not found"
+                return 1
+            fi
+
+            # Remove deployed files
+            if [[ -d "$agents_dir/$target_ns" ]]; then
+                rm -rf "$agents_dir/$target_ns"
+                print_info "Removed $agents_dir/$target_ns/"
+            fi
+
+            # Remove from plugins.json
+            local tmp_file="${plugins_file}.tmp"
+            jq --arg n "$target_name" '.plugins = [.plugins[] | select(.name != $n)]' "$plugins_file" > "$tmp_file" && mv "$tmp_file" "$plugins_file"
+
+            print_success "Plugin '$target_name' removed"
+            ;;
+
+        init)
+            local target_dir="${1:-.}"
+            local plugin_name="${2:-my-plugin}"
+            local namespace="${3:-$plugin_name}"
+
+            if [[ "$target_dir" != "." && -d "$target_dir" ]]; then
+                local existing_count
+                existing_count=$(find "$target_dir" -maxdepth 1 -type f | wc -l | tr -d ' ')
+                if [[ "$existing_count" -gt 0 ]]; then
+                    print_error "Directory '$target_dir' already has files. Use an empty directory."
+                    return 1
+                fi
+            fi
+
+            mkdir -p "$target_dir"
+
+            local template_dir="$agents_dir/templates/plugin-template"
+            if [[ ! -d "$template_dir" ]]; then
+                print_error "Plugin template not found at $template_dir"
+                print_info "Run 'aidevops update' to get the latest templates."
+                return 1
+            fi
+
+            # Copy template files with placeholder substitution
+            local plugin_name_upper
+            plugin_name_upper=$(echo "$plugin_name" | tr '[:lower:]' '[:upper:]' | tr '-' '_')
+
+            # AGENTS.md
+            sed -e "s|{{PLUGIN_NAME}}|$plugin_name|g" \
+                -e "s|{{PLUGIN_NAME_UPPER}}|$plugin_name_upper|g" \
+                -e "s|{{NAMESPACE}}|$namespace|g" \
+                -e "s|{{REPO_URL}}|https://github.com/user/aidevops-$namespace.git|g" \
+                "$template_dir/AGENTS.md" > "$target_dir/AGENTS.md"
+
+            # Main agent file
+            sed -e "s|{{PLUGIN_NAME}}|$plugin_name|g" \
+                -e "s|{{PLUGIN_DESCRIPTION}}|$plugin_name plugin for aidevops|g" \
+                -e "s|{{NAMESPACE}}|$namespace|g" \
+                "$template_dir/main-agent.md" > "$target_dir/$namespace.md"
+
+            # Example subagent directory
+            mkdir -p "$target_dir/$namespace"
+            sed -e "s|{{PLUGIN_NAME}}|$plugin_name|g" \
+                -e "s|{{NAMESPACE}}|$namespace|g" \
+                "$template_dir/example-subagent.md" > "$target_dir/$namespace/example.md"
+
+            # Scripts directory
+            mkdir -p "$target_dir/scripts"
+
+            print_success "Plugin scaffolded in $target_dir/"
+            echo ""
+            echo "Structure:"
+            echo "  $target_dir/"
+            echo "  ├── AGENTS.md              # Plugin documentation"
+            echo "  ├── $namespace.md           # Main agent"
+            echo "  ├── $namespace/"
+            echo "  │   └── example.md          # Example subagent"
+            echo "  └── scripts/                # Helper scripts (empty)"
+            echo ""
+            echo "Next steps:"
+            echo "  1. Edit $namespace.md with your agent instructions"
+            echo "  2. Add subagents to $namespace/"
+            echo "  3. Push to a git repo"
+            echo "  4. Install: aidevops plugin add <repo-url> --namespace $namespace"
+            ;;
+
+        help|--help|-h)
+            print_header "Plugin Management"
+            echo ""
+            echo "Manage third-party agent plugins that extend aidevops."
+            echo "Plugins deploy to ~/.aidevops/agents/<namespace>/ (isolated from core)."
+            echo ""
+            echo "Usage: aidevops plugin <command> [options]"
+            echo ""
+            echo "Commands:"
+            echo "  add <repo-url>     Install a plugin from a git repository"
+            echo "  list               List installed plugins"
+            echo "  update [name]      Update specific or all plugins"
+            echo "  enable <name>      Enable a disabled plugin (redeploys files)"
+            echo "  disable <name>     Disable a plugin (removes files, keeps config)"
+            echo "  remove <name>      Remove a plugin entirely"
+            echo "  init [dir] [name]  Scaffold a new plugin from template"
+            echo ""
+            echo "Options for 'add':"
+            echo "  --namespace <name>   Directory name under ~/.aidevops/agents/"
+            echo "  --branch <branch>    Branch to track (default: main)"
+            echo "  --name <name>        Human-readable plugin name"
+            echo ""
+            echo "Examples:"
+            echo "  aidevops plugin add https://github.com/marcusquinn/aidevops-pro.git --namespace pro"
+            echo "  aidevops plugin add https://github.com/marcusquinn/aidevops-anon.git --namespace anon"
+            echo "  aidevops plugin list"
+            echo "  aidevops plugin update"
+            echo "  aidevops plugin update pro"
+            echo "  aidevops plugin disable pro"
+            echo "  aidevops plugin enable pro"
+            echo "  aidevops plugin remove pro"
+            echo "  aidevops plugin init ./my-plugin my-plugin"
+            echo ""
+            echo "Plugin docs: ~/.aidevops/agents/aidevops/plugins.md"
+            ;;
+        *)
+            print_error "Unknown plugin command: $action"
+            echo "Run 'aidevops plugin help' for usage information."
+            return 1
+            ;;
+    esac
+    return 0
+}
+
 # Help command
 cmd_help() {
     local version
@@ -1994,6 +2546,7 @@ cmd_help() {
     echo "  upgrade-planning   Upgrade TODO.md/PLANS.md to latest templates"
     echo "  features           List available features for init"
     echo "  skill <cmd>        Manage agent skills (add/list/check/update/remove)"
+    echo "  plugin <cmd>       Manage plugins (add/list/update/enable/disable/remove)"
     echo "  status             Check installation status of all components"
     echo "  update             Update aidevops to the latest version (alias: upgrade)"
     echo "  upgrade            Alias for update"
@@ -2027,6 +2580,12 @@ cmd_help() {
     echo "  aidevops secret import       # Import from credentials.sh to gopass"
     echo "  aidevops secret status       # Show backend status"
     echo ""
+    echo "Plugins:"
+    echo "  aidevops plugin add <url>    # Install a plugin from git repo"
+    echo "  aidevops plugin list         # List installed plugins"
+    echo "  aidevops plugin update       # Update all plugins"
+    echo "  aidevops plugin remove <n>   # Remove a plugin"
+    echo ""
     echo "Skills:"
     echo "  aidevops skill add <source>  # Import a skill from GitHub"
     echo "  aidevops skill list          # List imported skills"
@@ -2118,6 +2677,10 @@ main() {
             shift
             cmd_skill "$@"
             ;;
+        plugin|plugins)
+            shift
+            cmd_plugin "$@"
+            ;;
         detect|scan)
             cmd_detect
             ;;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aidevops",
-  "version": "2.106.0",
+  "version": "2.108.0",
   "description": "AI DevOps Framework - AI-assisted development workflows, code quality, and deployment automation",
   "type": "module",
   "bin": {

package/setup.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 # AI Assistant Server Access Framework Setup Script
 # Helps developers set up the framework for their infrastructure
 #
-# Version: 2.106.0
+# Version: 2.108.0
 #
 # Quick Install:
 #   npm install -g aidevops && aidevops update          (recommended)
@@ -21,7 +21,7 @@ NC='\033[0m' # No Color
 # Global flags
 CLEAN_MODE=false
 INTERACTIVE_MODE=false
-NON_INTERACTIVE=false
+NON_INTERACTIVE="${AIDEVOPS_NON_INTERACTIVE:-false}"
 UPDATE_TOOLS_MODE=false
 REPO_URL="https://github.com/marcusquinn/aidevops.git"
 INSTALL_DIR="$HOME/Git/aidevops"
@@ -334,6 +334,7 @@ cleanup_deprecated_paths() {
         if jq -e '.plugin | index("oh-my-opencode")' "$opencode_config" >/dev/null 2>&1; then
             local tmp_file
             tmp_file=$(mktemp)
+            trap 'rm -f "${tmp_file:-}"' RETURN
             jq '.plugin = [.plugin[] | select(. != "oh-my-opencode")]' "$opencode_config" > "$tmp_file" && mv "$tmp_file" "$opencode_config"
             print_info "Removed oh-my-opencode from OpenCode plugin list"
         fi
@@ -514,6 +515,7 @@ cleanup_deprecated_mcps() {
     local cleaned=0
     local tmp_config
     tmp_config=$(mktemp)
+    trap 'rm -f "${tmp_config:-}"' RETURN
     
     cp "$opencode_config" "$tmp_config"
     
@@ -637,6 +639,7 @@ disable_ondemand_mcps() {
     local disabled=0
     local tmp_config
     tmp_config=$(mktemp)
+    trap 'rm -f "${tmp_config:-}"' RETURN
     
     cp "$opencode_config" "$tmp_config"
     
@@ -714,6 +717,7 @@ validate_opencode_config() {
         if jq -e ".[\"$key\"]" "$opencode_config" > /dev/null 2>&1; then
             local tmp_fix
             tmp_fix=$(mktemp)
+            trap 'rm -f "${tmp_fix:-}"' RETURN
             if jq "del(.[\"$key\"])" "$opencode_config" > "$tmp_fix" 2>/dev/null; then
                 create_backup_with_rotation "$opencode_config" "opencode"
                 mv "$tmp_fix" "$opencode_config"
@@ -2542,6 +2546,7 @@ deploy_aidevops_agents() {
     script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
     local source_dir="$script_dir/.agents"
     local target_dir="$HOME/.aidevops/agents"
+    local plugins_file="$HOME/.config/aidevops/plugins.json"
     
     # Validate source directory exists (catches curl install from wrong directory)
     if [[ ! -d "$source_dir" ]]; then
@@ -2554,6 +2559,14 @@ deploy_aidevops_agents() {
         return 1
     fi
     
+    # Collect plugin namespace directories to preserve during deployment
+    local -a plugin_namespaces=()
+    if [[ -f "$plugins_file" ]] && command -v jq &>/dev/null; then
+        while IFS= read -r ns; do
+            [[ -n "$ns" ]] && plugin_namespaces+=("$ns")
+        done < <(jq -r '.plugins[].namespace // empty' "$plugins_file" 2>/dev/null)
+    fi
+    
     # Create backup if target exists (with rotation)
     if [[ -d "$target_dir" ]]; then
         create_backup_with_rotation "$target_dir" "agents"
@@ -2562,14 +2575,21 @@ deploy_aidevops_agents() {
     # Create target directory and copy agents
     mkdir -p "$target_dir"
     
-    # If clean mode, remove stale files first (preserving user directories)
+    # If clean mode, remove stale files first (preserving user and plugin directories)
     if [[ "$CLEAN_MODE" == "true" ]]; then
-        print_info "Clean mode: removing stale files from $target_dir (preserving custom/, draft/)"
-        # Preserve user-managed directories before clean
+        # Build list of directories to preserve: custom, draft, plus plugin namespaces
         local -a preserved_dirs=("custom" "draft")
-        local tmp_preserve="$(mktemp -d)"
+        if [[ ${#plugin_namespaces[@]} -gt 0 ]]; then
+            for pns in "${plugin_namespaces[@]}"; do
+                preserved_dirs+=("$pns")
+            done
+        fi
+        print_info "Clean mode: removing stale files from $target_dir (preserving ${preserved_dirs[*]})"
+        local tmp_preserve
+        tmp_preserve="$(mktemp -d)"
+        trap 'rm -rf "${tmp_preserve:-}"' RETURN
         if [[ -z "$tmp_preserve" || ! -d "$tmp_preserve" ]]; then
-            print_error "Failed to create temp dir for preserving custom/draft agents"
+            print_error "Failed to create temp dir for preserving agents"
             return 1
         fi
         local preserve_failed=false
@@ -2581,7 +2601,7 @@ deploy_aidevops_agents() {
             fi
         done
         if [[ "$preserve_failed" == "true" ]]; then
-            print_error "Failed to preserve custom/draft agents; aborting clean"
+            print_error "Failed to preserve user/plugin agents; aborting clean"
             rm -rf "$tmp_preserve"
             return 1
         fi
@@ -2599,15 +2619,28 @@ deploy_aidevops_agents() {
     # - loop-state/ (local runtime state, not agents)
     # - custom/ (user's private agents, never overwritten)
     # - draft/ (user's experimental agents, never overwritten)
+    # - plugin namespace directories (managed separately)
     # Use rsync for selective exclusion
     local deploy_ok=false
     if command -v rsync &>/dev/null; then
-        if rsync -a --exclude='loop-state/' --exclude='custom/' --exclude='draft/' "$source_dir/" "$target_dir/"; then
+        local -a rsync_excludes=("--exclude=loop-state/" "--exclude=custom/" "--exclude=draft/")
+        if [[ ${#plugin_namespaces[@]} -gt 0 ]]; then
+            for pns in "${plugin_namespaces[@]}"; do
+                rsync_excludes+=("--exclude=${pns}/")
+            done
+        fi
+        if rsync -a "${rsync_excludes[@]}" "$source_dir/" "$target_dir/"; then
             deploy_ok=true
         fi
     else
         # Fallback: use tar with exclusions to match rsync behavior
-        if (cd "$source_dir" && tar cf - --exclude='loop-state' --exclude='custom' --exclude='draft' .) | (cd "$target_dir" && tar xf -); then
+        local -a tar_excludes=("--exclude=loop-state" "--exclude=custom" "--exclude=draft")
+        if [[ ${#plugin_namespaces[@]} -gt 0 ]]; then
+            for pns in "${plugin_namespaces[@]}"; do
+                tar_excludes+=("--exclude=$pns")
+            done
+        fi
+        if (cd "$source_dir" && tar cf - "${tar_excludes[@]}" .) | (cd "$target_dir" && tar xf -); then
             deploy_ok=true
         fi
     fi
@@ -2647,6 +2680,7 @@ deploy_aidevops_agents() {
                 # (awk -v doesn't handle multi-line content with special chars well)
                 local tmp_file
                 tmp_file=$(mktemp)
+                trap 'rm -f "${tmp_file:-}"' RETURN
                 local in_placeholder=false
                 while IFS= read -r line || [[ -n "$line" ]]; do
                     if [[ "$line" == *"OPENCODE-PLAN-REMINDER-INJECT-START"* ]]; then
@@ -2675,6 +2709,9 @@ deploy_aidevops_agents() {
                 print_warning "Mailbox migration had issues (non-critical, old files preserved)"
             fi
         fi
+        
+        # Deploy enabled plugins from plugins.json
+        deploy_plugins "$target_dir" "$plugins_file"
     else
         print_error "Failed to deploy agents"
         return 1
@@ -2683,6 +2720,93 @@ deploy_aidevops_agents() {
     return 0
 }
 
+# Deploy enabled plugins from plugins.json
+# Arguments: target_dir, plugins_file
+deploy_plugins() {
+    local target_dir="$1"
+    local plugins_file="$2"
+    
+    # Skip if no plugins.json or no jq
+    if [[ ! -f "$plugins_file" ]]; then
+        return 0
+    fi
+    if ! command -v jq &>/dev/null; then
+        print_warning "jq not found; skipping plugin deployment"
+        return 0
+    fi
+    
+    local plugin_count
+    plugin_count=$(jq '.plugins | length' "$plugins_file" 2>/dev/null || echo "0")
+    if [[ "$plugin_count" -eq 0 ]]; then
+        return 0
+    fi
+    
+    local enabled_count
+    enabled_count=$(jq '[.plugins[] | select(.enabled != false)] | length' "$plugins_file" 2>/dev/null || echo "0")
+    if [[ "$enabled_count" -eq 0 ]]; then
+        print_info "No enabled plugins to deploy ($plugin_count configured, all disabled)"
+        return 0
+    fi
+    
+    # Remove directories for disabled plugins (cleanup)
+    local disabled_ns
+    while IFS= read -r disabled_ns; do
+        [[ -z "$disabled_ns" ]] && continue
+        if [[ -d "$target_dir/$disabled_ns" ]]; then
+            rm -rf "$target_dir/$disabled_ns"
+            print_info "  Removed disabled plugin directory: $disabled_ns"
+        fi
+    done < <(jq -r '.plugins[] | select(.enabled == false) | .namespace // empty' "$plugins_file" 2>/dev/null)
+    
+    print_info "Deploying $enabled_count plugin(s)..."
+    
+    local deployed=0
+    local failed=0
+    local skipped=0
+    
+    # Process each enabled plugin
+    while IFS=$'\t' read -r pname prepo pns pbranch; do
+        [[ -z "$pname" ]] && continue
+        pbranch="${pbranch:-main}"
+        local clone_dir="$target_dir/$pns"
+        
+        if [[ -d "$clone_dir" ]]; then
+            # Plugin directory exists — skip re-clone during setup
+            # Users can force update via: aidevops plugin update [name]
+            skipped=$((skipped + 1))
+            continue
+        fi
+        
+        # Clone plugin repo
+        print_info "  Installing plugin '$pname' ($prepo)..."
+        if git clone --branch "$pbranch" --depth 1 "$prepo" "$clone_dir" 2>/dev/null; then
+            # Remove .git directory (tracked via plugins.json, not nested git)
+            rm -rf "$clone_dir/.git"
+            # Set permissions on any scripts
+            if [[ -d "$clone_dir/scripts" ]]; then
+                chmod +x "$clone_dir/scripts/"*.sh 2>/dev/null || true
+            fi
+            deployed=$((deployed + 1))
+        else
+            print_warning "  Failed to install plugin '$pname' (network or auth issue)"
+            failed=$((failed + 1))
+        fi
+    done < <(jq -r '.plugins[] | select(.enabled != false) | [.name, .repo, .namespace, (.branch // "main")] | @tsv' "$plugins_file" 2>/dev/null)
+    
+    # Summary
+    if [[ "$deployed" -gt 0 ]]; then
+        print_success "Deployed $deployed plugin(s)"
+    fi
+    if [[ "$skipped" -gt 0 ]]; then
+        print_info "$skipped plugin(s) already deployed (use 'aidevops plugin update' to refresh)"
+    fi
+    if [[ "$failed" -gt 0 ]]; then
+        print_warning "$failed plugin(s) failed to deploy (non-blocking)"
+    fi
+    
+    return 0
+}
+
 # Generate Agent Skills SKILL.md files for cross-tool compatibility
 generate_agent_skills() {
     print_info "Generating Agent Skills SKILL.md files..."
@@ -2987,6 +3111,7 @@ inject_agents_reference() {
                     # Prepend reference to existing file
                     local temp_file
                     temp_file=$(mktemp)
+                    trap 'rm -f "${temp_file:-}"' RETURN
                     echo "$reference_line" > "$temp_file"
                     echo "" >> "$temp_file"
                     cat "$agents_file" >> "$temp_file"
@@ -3316,6 +3441,7 @@ update_mcp_paths_in_opencode() {
 
     local tmp_config
     tmp_config=$(mktemp)
+    trap 'rm -f "${tmp_config:-}"' RETURN
     cp "$opencode_config" "$tmp_config"
 
     local updated=0
@@ -4139,7 +4265,7 @@ setup_safety_hooks() {
     return 0
 }
 
-# Setup OpenCode Plugins (Antigravity OAuth)
+# Setup OpenCode Plugins
 # Helper function to add/update a single plugin in OpenCode config
 add_opencode_plugin() {
     local plugin_name="$1"
@@ -4159,6 +4285,7 @@ add_opencode_plugin() {
             # Update existing plugin to latest version
             local temp_file
             temp_file=$(mktemp)
+            trap 'rm -f "${temp_file:-}"' RETURN
             jq --arg old "$plugin_name" --arg new "$plugin_spec" \
                 '.plugin = [.plugin[] | if startswith($old) then $new else . end]' \
                 "$opencode_config" > "$temp_file" && mv "$temp_file" "$opencode_config"
@@ -4167,6 +4294,7 @@ add_opencode_plugin() {
             # Add plugin to existing array
             local temp_file
             temp_file=$(mktemp)
+            trap 'rm -f "${temp_file:-}"' RETURN
             jq --arg p "$plugin_spec" '.plugin += [$p]' "$opencode_config" > "$temp_file" && mv "$temp_file" "$opencode_config"
             print_success "Added $plugin_name plugin to OpenCode config"
         fi
@@ -4174,6 +4302,7 @@ add_opencode_plugin() {
         # Create plugin array with the plugin
         local temp_file
         temp_file=$(mktemp)
+        trap 'rm -f "${temp_file:-}"' RETURN
         jq --arg p "$plugin_spec" '. + {plugin: [$p]}' "$opencode_config" > "$temp_file" && mv "$temp_file" "$opencode_config"
         print_success "Created plugin array with $plugin_name"
     fi
@@ -4210,21 +4339,11 @@ setup_opencode_plugins() {
         print_success "aidevops compaction plugin registered (preserves context across compaction)"
     fi
 
-    # Setup Antigravity OAuth plugin (Google OAuth)
-    print_info "Setting up Antigravity OAuth plugin..."
-    add_opencode_plugin "opencode-antigravity-auth" "opencode-antigravity-auth@latest" "$opencode_config"
-    
-    print_info "Antigravity OAuth plugin enables Google OAuth for OpenCode"
-    print_info "Models available: gemini-3-pro-high, claude-opus-4-5-thinking, etc."
-    print_info "See: https://github.com/NoeFabris/opencode-antigravity-auth"
-    echo ""
-    
     # Note: opencode-anthropic-auth is built into OpenCode v1.1.36+
     # Adding it as an external plugin causes TypeError due to double-loading.
     # Removed in v2.90.0 - see PR #230.
     
     print_info "After setup, authenticate with: opencode auth login"
-    print_info "  • For Google OAuth: Select 'Google' → 'OAuth with Google (Antigravity)'"
     print_info "  • For Claude OAuth: Select 'Anthropic' → 'Claude Pro/Max' (built-in)"
     
     return 0
@@ -4316,6 +4435,7 @@ setup_google_analytics_mcp() {
         if [[ "$enable_mcp" == "true" ]]; then
             local tmp_config
             tmp_config=$(mktemp)
+            trap 'rm -f "${tmp_config:-}"' RETURN
             if jq --arg creds "$creds_path" --arg proj "$project_id" \
                 '.mcp["google-analytics-mcp"].environment.GOOGLE_APPLICATION_CREDENTIALS = $creds |
                  .mcp["google-analytics-mcp"].environment.GOOGLE_PROJECT_ID = $proj |
@@ -4336,6 +4456,7 @@ setup_google_analytics_mcp() {
     # Add google-analytics-mcp to opencode.json
     local tmp_config
     tmp_config=$(mktemp)
+    trap 'rm -f "${tmp_config:-}"' RETURN
     
     if jq --arg creds "$creds_path" --arg proj "$project_id" --argjson enabled "$enable_mcp" \
         '.mcp["google-analytics-mcp"] = {
@@ -4448,7 +4569,7 @@ setup_quickfile_mcp() {
 
             local tmp_config
             tmp_config=$(mktemp)
-            trap 'rm -f "$tmp_config"' RETURN
+            trap 'rm -f "${tmp_config:-}"' RETURN
 
             if jq --arg np "$node_path" --arg dp "$quickfile_dir/dist/index.js" \
                 '.mcp.quickfile = {"type": "local", "command": [$np, $dp], "enabled": true}' \