aidevops 2.96.0 → 2.97.1

package/README.md

@@ -92,9 +92,9 @@ The result: AI agents that work *with* your development process, not around it.
 ### Agent Structure
 
 - Primary agents (Build+, SEO, Marketing, etc.) with @plan-plus subagent for planning-only mode
-- 566+ subagent markdown files organized by domain
-- 155 helper scripts in `.agent/scripts/`
-- 20 slash commands for common workflows
+- 572+ subagent markdown files organized by domain
+- 157 helper scripts in `.agent/scripts/`
+- 22 slash commands for common workflows
 
 <!-- AI-CONTEXT-END -->
 
@@ -480,7 +480,7 @@ aidevops implements proven agent design patterns identified by [Lance Martin (La
 
 | Pattern | Description | aidevops Implementation |
 |---------|-------------|------------------------|
-| **Give Agents a Computer** | Filesystem + shell for persistent context | `~/.aidevops/.agent-workspace/`, 155 helper scripts |
+| **Give Agents a Computer** | Filesystem + shell for persistent context | `~/.aidevops/.agent-workspace/`, 157 helper scripts |
 | **Multi-Layer Action Space** | Few tools, push actions to computer | Per-agent MCP filtering (~12-20 tools each) |
 | **Progressive Disclosure** | Load context on-demand | Subagent routing with content summaries, YAML frontmatter, read-on-demand |
 | **Offload Context** | Write results to filesystem | `.agent-workspace/work/[project]/` for persistence |
@@ -625,6 +625,10 @@ The setup script offers to install these tools automatically.
 - **[Codacy](https://www.codacy.com/)**: Multi-tool analysis (0 findings)
 - **[CodeRabbit](https://coderabbit.ai/)**: AI-powered code reviews
 - **[Snyk](https://snyk.io/)**: Security vulnerability scanning
+- **[Socket](https://socket.dev/)**: Dependency security and supply chain protection
+- **[Sentry](https://sentry.io/)**: Error monitoring and performance tracking
+- **[Secretlint](https://github.com/secretlint/secretlint)**: Detect exposed secrets in code
+- **[OSV Scanner](https://google.github.io/osv-scanner/)**: Google's vulnerability database scanner
 - **[Qlty](https://qlty.sh/)**: Universal code quality platform (70+ linters, auto-fixes)
 - **[Gemini Code Assist](https://cloud.google.com/gemini/docs/codeassist/overview)**: Google's AI-powered code completion and review
 
@@ -1159,7 +1163,7 @@ aidevops is registered as a **Claude Code plugin marketplace**. Install with two
 /plugin install aidevops@aidevops
 ```
 
-This installs the complete framework: 14 primary agents, 566+ subagents, and 155 helper scripts.
+This installs the complete framework: 14 primary agents, 572+ subagents, and 157 helper scripts.
 
 ### Importing External Skills
 
@@ -1247,7 +1251,7 @@ Ordered as they appear in OpenCode Tab selector and other AI assistants (15 tota
 
 ### **Example Subagents with MCP Integration**
 
-These are examples of subagents that have supporting MCPs enabled. See `.agent/` for the full list of 566+ subagents organized by domain.
+These are examples of subagents that have supporting MCPs enabled. See `.agent/` for the full list of 572+ subagents organized by domain.
 
 | Agent | Purpose | MCPs Enabled |
 |-------|---------|--------------|
@@ -1263,6 +1267,12 @@ These are examples of subagents that have supporting MCPs enabled. See `.agent/`
 | `@browser-automation` | Testing, scraping, DevTools | chrome-devtools, context7 |
 | `@performance` | Core Web Vitals, network analysis, accessibility | chrome-devtools |
 | `@git-platforms` | GitHub, GitLab, Gitea | gh_grep, context7 |
+| `@sentry` | Error monitoring, Next.js SDK setup | sentry |
+| `@socket` | Dependency security scanning | socket |
+| `@security-analysis` | AI-powered vulnerability detection (OSV, Ferret, git history) | osv-scanner, gemini-cli-security |
+| `@secretlint` | Detect exposed secrets in code | (Docker-based) |
+| `@snyk` | Security vulnerability scanning | (API-based) |
+| `@auditing` | Code auditing services and security analysis | (API-based) |
 | `@agent-review` | Session analysis, agent improvement (under build-agent/) | (read/write only) |
 
 ### **Setup for OpenCode**

package/VERSION

@@ -1 +1 @@
-2.96.0
+2.97.1

package/aidevops.sh

@@ -3,7 +3,7 @@
 # AI DevOps Framework CLI
 # Usage: aidevops <command> [options]
 #
-# Version: 2.96.0
+# Version: 2.97.1
 
 set -euo pipefail
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aidevops",
-  "version": "2.96.0",
+  "version": "2.97.1",
   "description": "AI DevOps Framework - AI-assisted development workflows, code quality, and deployment automation",
   "type": "module",
   "main": "index.js",
@@ -41,6 +41,7 @@
   },
   "devDependencies": {
     "@secretlint/secretlint-rule-preset-recommend": "^11.2.5",
+    "@secretlint/secretlint-rule-regexp": "^11.2.5",
     "@types/bun": "latest",
     "secretlint": "^11.2.5",
     "typescript": "^5.0.0"

package/setup.sh

@@ -3,7 +3,7 @@
 # AI Assistant Server Access Framework Setup Script
 # Helps developers set up the framework for their infrastructure
 #
-# Version: 2.96.0
+# Version: 2.97.1
 #
 # Quick Install (one-liner):
 #   bash <(curl -fsSL https://aidevops.dev/install)
@@ -301,6 +301,63 @@ cleanup_deprecated_mcps() {
     return 0
 }
 
+# Disable MCPs globally that should only be enabled on-demand via subagents
+# This reduces session startup context by disabling rarely-used MCPs
+# - playwriter: ~3K tokens - enable via @playwriter subagent
+# - augment-context-engine: ~1K tokens - enable via @augment-context-engine subagent
+# - gh_grep: ~600 tokens - replaced by @github-search subagent (uses rg/bash)
+# - google-analytics-mcp: ~800 tokens - enable via @google-analytics subagent
+# - context7: ~800 tokens - enable via @context7 subagent (for library docs lookup)
+disable_ondemand_mcps() {
+    local opencode_config="$HOME/.config/opencode/opencode.json"
+    
+    if [[ ! -f "$opencode_config" ]]; then
+        return 0
+    fi
+    
+    if ! command -v jq &> /dev/null; then
+        return 0
+    fi
+    
+    # MCPs to disable globally (enabled on-demand via subagents)
+    # Note: use exact MCP key names from opencode.json
+    local -a ondemand_mcps=(
+        "playwriter"
+        "augment-context-engine"
+        "gh_grep"
+        "google-analytics-mcp"
+        "context7"
+    )
+    
+    local disabled=0
+    local tmp_config
+    tmp_config=$(mktemp)
+    
+    cp "$opencode_config" "$tmp_config"
+    
+    for mcp in "${ondemand_mcps[@]}"; do
+        # Check if MCP exists and is currently enabled (or has no enabled field)
+        if jq -e ".mcp[\"$mcp\"]" "$tmp_config" > /dev/null 2>&1; then
+            local current_enabled
+            current_enabled=$(jq -r ".mcp[\"$mcp\"].enabled // \"true\"" "$tmp_config")
+            if [[ "$current_enabled" != "false" ]]; then
+                jq ".mcp[\"$mcp\"].enabled = false" "$tmp_config" > "${tmp_config}.new" && mv "${tmp_config}.new" "$tmp_config"
+                ((disabled++))
+            fi
+        fi
+    done
+    
+    if [[ $disabled -gt 0 ]]; then
+        create_backup_with_rotation "$opencode_config" "opencode"
+        mv "$tmp_config" "$opencode_config"
+        print_info "Disabled $disabled MCP(s) globally (use subagents to enable on-demand)"
+    else
+        rm -f "$tmp_config"
+    fi
+    
+    return 0
+}
+
 # Migrate old config-backups to new per-type backup structure
 # This runs once to clean up the legacy backup directory
 migrate_old_backups() {
@@ -3357,6 +3414,8 @@ main() {
     confirm_step "Setup AI orchestration frameworks info" && setup_ai_orchestration
     confirm_step "Setup OpenCode plugins" && setup_opencode_plugins
     confirm_step "Setup Oh-My-OpenCode" && setup_oh_my_opencode
+    # Run AFTER all MCP setup functions to ensure disabled state persists
+    confirm_step "Disable on-demand MCPs globally (playwriter, augment, gh_grep)" && disable_ondemand_mcps
 
     echo ""
     print_success "🎉 Setup complete!"