aidevops 3.11.16 → 3.12.0

package/VERSION

@@ -1 +1 @@
-3.11.16
+3.12.0

package/aidevops.sh

@@ -5,7 +5,7 @@
 # AI DevOps Framework CLI
 # Usage: aidevops <command> [options]
 #
-# Version: 3.11.16
+# Version: 3.12.0
 
 set -euo pipefail
 
@@ -480,6 +480,46 @@ _update_check_homebrew() {
 	return 0
 }
 
+# t2926 / GH#21102: Re-check setsid on every 'aidevops update' run.
+# setsid (from util-linux) is required to detach pulse workers into their own
+# process group — without it, every pulse restart sends SIGHUP to its PGID,
+# killing in-flight workers. This check runs even when setup.sh is skipped
+# (already up-to-date path), so Homebrew drift doesn't silently break workers.
+_update_check_setsid() {
+	command -v setsid >/dev/null 2>&1 && return 0
+
+	# setsid is missing. On macOS with Homebrew, auto-install util-linux.
+	# Use a boolean flag to avoid repeating the OS literal string.
+	local _on_mac=false
+	[[ "$(uname -s)" == Darwin* ]] && _on_mac=true
+	if $_on_mac && command -v brew >/dev/null 2>&1; then
+		print_info "setsid not found — installing util-linux for worker PGID isolation (GH#21102)"
+		if brew install util-linux 2>&1 | tail -3; then
+			local brew_prefix=""
+			brew_prefix="$(brew --prefix 2>/dev/null || true)"
+			local keg_setsid="${brew_prefix}/opt/util-linux/bin/setsid"
+			local link_target="${brew_prefix}/bin/setsid"
+			if [[ -x "$keg_setsid" && ! -e "$link_target" ]]; then
+				ln -s "$keg_setsid" "$link_target" && \
+					print_success "Symlinked setsid: $keg_setsid → $link_target"
+			fi
+			if command -v setsid >/dev/null 2>&1; then
+				print_success "setsid installed at $(command -v setsid) (worker PGID isolation enabled)"
+			else
+				print_error "util-linux installed but setsid still not in PATH — check brew --prefix"
+			fi
+		else
+			print_error "brew install util-linux failed — workers will share pulse PGID until resolved"
+		fi
+	elif $_on_mac; then
+		print_error "setsid not found — worker isolation broken; install Homebrew then run: brew install util-linux"
+	else
+		print_error "setsid not found — worker isolation broken; install util-linux via your distro package manager"
+	fi
+
+	return 0
+}
+
 # Verify supply chain signature after pulling framework updates.
 # Checks that the HEAD commit is signed by the trusted maintainer key.
 # Non-blocking: warns on failure, does not abort the update.
@@ -638,6 +678,8 @@ cmd_update() {
 	_update_check_planning
 	_update_check_tools
 	_update_sweep_opencode_symlinks
+	# t2926: Re-check setsid on every update (runs even when setup.sh is skipped).
+	_update_check_setsid
 
 	# t2898: When invoked interactively (terminal stdin AND not from the
 	# auto-update daemon itself, which sets AIDEVOPS_AUTO_UPDATE=1 in its
@@ -1456,10 +1498,13 @@ _help_commands() {
 	echo "  approve <cmd>      Cryptographic issue/PR approval (setup/issue/pr/verify/status)"
 	echo "  security [cmd]     Full security assessment (posture + hygiene + supply chain)"
 	echo "  contributions      External contributions inbox (bare: status | seed/scan/stop/restart/install/uninstall)"
+	echo "  inbox [cmd]        Capture transit zone (bare: status | provision/add/find/digest/help)"
+	echo "  email [cmd]        Email mailbox management (mailbox add/list/test/remove)"
 	echo "  ip-check <cmd>     IP reputation checks (check/batch/report/providers)"
 	echo "  review-gate <cmd>  Configure review_gate.rate_limit_behavior (list/set/unset)"
 	echo "  secret <cmd>       Manage secrets (set/list/run/init/import/status)"
 	echo "  config <cmd>       Feature toggles (list/get/set/reset/path/help)"
+	echo "  knowledge <cmd>    Knowledge plane management (init/status/provision)"
 	echo "  stats <cmd>        LLM usage analytics (summary/models/projects/costs/trend)"
 	echo "  tabby <cmd>        Manage Tabby terminal profiles (sync/status/zshrc/help)"
 	echo "  parent-status <N>  Show decomposition state of parent-task issue #N (alias: ps)"
@@ -1539,6 +1584,13 @@ _help_detailed_sections() {
 	echo "  aidevops config reset [key]  # Reset toggle(s) to defaults"
 	echo "  aidevops config path         # Show config file path"
 	echo ""
+	echo "Knowledge Plane:"
+	echo "  aidevops knowledge init repo           # Provision _knowledge/ in current repo"
+	echo "  aidevops knowledge init personal       # Provision at ~/.aidevops/.agent-workspace/knowledge/"
+	echo "  aidevops knowledge init off            # Disable knowledge plane"
+	echo "  aidevops knowledge status              # Show provisioning state"
+	echo "  aidevops knowledge provision [path]    # Re-provision (idempotent)"
+	echo ""
 	echo "LLM Stats:"
 	echo "  aidevops stats               # Show usage summary (last 30 days)"
 	echo "  aidevops stats summary       # Overall usage summary"
@@ -1745,6 +1797,50 @@ _cmd_security() {
 	return 0
 }
 
+# Route 'aidevops email [subcommand]' to email helpers
+_cmd_email() {
+	local sub="${1:-help}"
+	local _EPH="email-poll-helper.sh"
+	shift || true
+	case "$sub" in
+	mailbox)
+		local action="${1:-list}"
+		shift || true
+		local _EMR_HELPER="email-mailbox-register-helper.sh"
+		case "$action" in
+		add)      _dispatch_helper "$_EMR_HELPER" "$_EMR_HELPER" add "$@" ;;
+		list)     _dispatch_helper "$_EPH" "$_EPH" list "$@" ;;
+		test)     _dispatch_helper "$_EPH" "$_EPH" test "$@" ;;
+		remove)   _dispatch_helper "$_EMR_HELPER" "$_EMR_HELPER" remove "$@" ;;
+		*)
+			echo "Usage: aidevops email mailbox <add|list|test|remove>"
+			echo ""
+			echo "Mailbox subcommands:"
+			echo "  add           Interactive: prompt for provider, user, gopass path; test connection"
+			echo "  list          Table of mailboxes with last-polled-at and last-error"
+			echo "  test <id>     Dry-run fetch (1 message); does not commit state"
+			echo "  remove <id>   Un-register a mailbox"
+			;;
+		esac
+		;;
+	poll)
+		# Direct poll commands forwarded to email-poll-helper.sh
+		_dispatch_helper "$_EPH" "$_EPH" "$action" "$@" ;;
+	*)
+		echo "Usage: aidevops email <mailbox|poll> [subcommand]"
+		echo ""
+		echo "Email subcommands:"
+		echo "  mailbox add              Register a new IMAP mailbox (interactive)"
+		echo "  mailbox list             Show all mailboxes + polling status"
+		echo "  mailbox test <id>        Dry-run connection test"
+		echo "  mailbox remove <id>      Un-register a mailbox"
+		echo "  poll tick                Poll all mailboxes now (same as routine r044)"
+		echo "  poll backfill <id>       Backfill a mailbox from a given date"
+		;;
+	esac
+	return 0
+}
+
 # Route 'aidevops client-format [subcommand]' to appropriate helpers
 _cmd_client_format() {
 	case "${1:-status}" in
@@ -1835,10 +1931,22 @@ main() {
 		[[ $# -eq 0 ]] && set -- status
 		_dispatch_helper "contribution-watch-helper.sh" "contribution-watch-helper.sh" "$@"
 		;;
+	inbox)
+		# Bare `aidevops inbox` defaults to status (most common use).
+		[[ $# -eq 0 ]] && set -- status
+		_dispatch_helper "inbox-helper.sh" "inbox-helper.sh" "$@"
+		;;
+	case | cases)
+		# Bare `aidevops case` defaults to list (most common use).
+		[[ $# -eq 0 ]] && set -- list
+		_dispatch_helper "case-helper.sh" "case-helper.sh" "$@"
+		;;
+	email) _cmd_email "$@" ;;
 	stats | observability) _dispatch_helper "observability-helper.sh" "observability-helper.sh" "$@" ;;
 	tabby) _dispatch_helper "tabby-helper.sh" "tabby-helper.sh" "$@" ;;
 	init-routines) _dispatch_helper "init-routines-helper.sh" "init-routines-helper.sh" "$@" ;;
 	parent-status | ps) _dispatch_helper "parent-status-helper.sh" "parent-status-helper.sh" "$@" ;;
+	knowledge) _dispatch_helper "knowledge-helper.sh" "knowledge-helper.sh" "$@" ;;
 	config | configure) _dispatch_config "$@" ;;
 	uninstall | remove) cmd_uninstall ;;
 	version | v | -v | --version) cmd_version ;;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aidevops",
-  "version": "3.11.16",
+  "version": "3.12.0",
   "description": "AI DevOps Framework - AI-assisted development workflows, code quality, and deployment automation",
   "type": "module",
   "bin": {

package/setup-modules/schedulers.sh

@@ -703,6 +703,17 @@ _install_pulse_launchd() {
 		_interval_label="${_interval_sec}s"
 	fi
 
+	# One-time legacy cleanup: unload and remove the old-label plist if present.
+	# Users on stale installs may have com.aidevops.supervisor-pulse (legacy) and
+	# com.aidevops.aidevops-supervisor-pulse (current) both loaded, causing 2x
+	# dispatch.  Only targets the hardcoded legacy path; idempotent — no-op when
+	# the legacy file is absent.
+	local _legacy_plist="$HOME/Library/LaunchAgents/com.aidevops.supervisor-pulse.plist"
+	if [[ -f "$_legacy_plist" ]]; then
+		launchctl unload "$_legacy_plist" 2>/dev/null || true
+		rm -f "$_legacy_plist"
+	fi
+
 	# _launchd_install_if_changed handles unload-before-replace only when content
 	# has changed, and writes atomically via tmp+rename (see setup.sh).
 	# shell-portability: ignore next — _install_pulse_launchd is macOS-only (launchd)
@@ -1684,6 +1695,233 @@ setup_contribution_watch() {
 	return 0
 }
 
+# Install complexity scan via launchd (macOS).
+# Args: $1=label, $2=script path, $3=log dir
+# (t2903) Extracted from pulse dispatch preflight — independent schedule so
+# the 200-470s scan never starves dispatch or downstream scanners.
+_install_complexity_scan_launchd() {
+	local cs_label="$1"
+	local cs_script="$2"
+	local _cs_log_dir="$3"
+	local cs_plist="$HOME/Library/LaunchAgents/${cs_label}.plist"
+
+	local _xml_cs_script _xml_cs_home _xml_cs_log_dir
+	_xml_cs_script=$(_xml_escape "$cs_script")
+	_xml_cs_home=$(_xml_escape "$HOME")
+	_xml_cs_log_dir=$(_xml_escape "$_cs_log_dir")
+
+	local cs_plist_content
+	cs_plist_content=$(
+		cat <<CS_PLIST
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>${cs_label}</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>$(_xml_escape "$(_resolve_modern_bash)")</string>
+		<string>${_xml_cs_script}</string>
+		<string>run</string>
+	</array>
+	<key>StartInterval</key>
+	<integer>3600</integer>
+	<key>StandardOutPath</key>
+	<string>${_xml_cs_log_dir}/complexity-scan-runner.log</string>
+	<key>StandardErrorPath</key>
+	<string>${_xml_cs_log_dir}/complexity-scan-runner.log</string>
+	<key>EnvironmentVariables</key>
+	<dict>
+		<key>PATH</key>
+		<string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+		<key>HOME</key>
+		<string>${_xml_cs_home}</string>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProcessType</key>
+	<string>Background</string>
+	<key>LowPriorityBackgroundIO</key>
+	<true/>
+	<key>Nice</key>
+	<integer>10</integer>
+</dict>
+</plist>
+CS_PLIST
+	)
+
+	if _launchd_install_if_changed "$cs_label" "$cs_plist" "$cs_plist_content"; then
+		print_info "Complexity scan enabled (launchd, hourly run)"
+	else
+		print_warning "Failed to load complexity scan LaunchAgent"
+	fi
+	return 0
+}
+
+# Install complexity scan via systemd or cron (Linux).
+# Args: $1=script path, $2=log dir
+_install_complexity_scan_linux() {
+	local cs_script="$1"
+	local _cs_log_dir="$2"
+	local cs_systemd="aidevops-complexity-scan"
+	_install_scheduler_linux \
+		"$cs_systemd" \
+		"aidevops: complexity-scan" \
+		"$CRON_HOURLY" \
+		"\"${cs_script}\" run" \
+		"3600" \
+		"${_cs_log_dir}/complexity-scan-runner.log" \
+		"" \
+		"Complexity scan enabled (hourly run)" \
+		"Failed to install complexity scan scheduler" \
+		"true" \
+		"true"
+	return 0
+}
+
+# Setup complexity scan (t2903) — extracts the weekly complexity scan from
+# pulse dispatch preflight into its own launchd/cron schedule. The scan was
+# observed consuming 200-470s per pulse cycle (26%+ of the 1800s pulse stale
+# ceiling), starving downstream scanners. Promoting it to its own schedule
+# decouples it from dispatch entirely. The runner reuses run_weekly_complexity_scan
+# from pulse-simplification.sh, which has internal 15-min cadence gating
+# (COMPLEXITY_SCAN_INTERVAL=900) so hourly launchd ticks are always safe.
+setup_complexity_scan() {
+	local cs_script="$HOME/.aidevops/agents/scripts/complexity-scan-runner.sh"
+	local cs_label="sh.aidevops.complexity-scan"
+	if ! [[ -x "$cs_script" ]]; then
+		return 0
+	fi
+
+	# Reuse contribution-watch's log-dir resolver (same logic, same config key).
+	local _cs_log_dir
+	_cs_log_dir=$(_resolve_cw_log_dir) || return 1
+	mkdir -p "$_cs_log_dir"
+
+	# Install/update scheduled runner
+	if [[ "$(uname -s)" == "Darwin" ]]; then
+		_install_complexity_scan_launchd "$cs_label" "$cs_script" "$_cs_log_dir"
+	else
+		_install_complexity_scan_linux "$cs_script" "$_cs_log_dir"
+	fi
+	return 0
+}
+
+# Install pulse-merge-routine launchd plist (macOS).
+# Args: $1=label $2=script $3=log_dir
+_install_pulse_merge_routine_launchd() {
+	local pmr_label="$1"
+	local pmr_script="$2"
+	local _pmr_log_dir="$3"
+	local pmr_plist="$HOME/Library/LaunchAgents/${pmr_label}.plist"
+
+	local _xml_pmr_script _xml_pmr_home _xml_pmr_log_dir
+	_xml_pmr_script=$(_xml_escape "$pmr_script")
+	_xml_pmr_home=$(_xml_escape "$HOME")
+	_xml_pmr_log_dir=$(_xml_escape "$_pmr_log_dir")
+
+	local pmr_plist_content
+	pmr_plist_content=$(
+		cat <<PMR_PLIST
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>${pmr_label}</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>$(_xml_escape "$(_resolve_modern_bash)")</string>
+		<string>${_xml_pmr_script}</string>
+		<string>run</string>
+	</array>
+	<key>StartInterval</key>
+	<integer>120</integer>
+	<key>StandardOutPath</key>
+	<string>${_xml_pmr_log_dir}/pulse-merge-routine.log</string>
+	<key>StandardErrorPath</key>
+	<string>${_xml_pmr_log_dir}/pulse-merge-routine.log</string>
+	<key>EnvironmentVariables</key>
+	<dict>
+		<key>PATH</key>
+		<string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+		<key>HOME</key>
+		<string>${_xml_pmr_home}</string>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProcessType</key>
+	<string>Background</string>
+	<key>LowPriorityBackgroundIO</key>
+	<true/>
+	<key>Nice</key>
+	<integer>10</integer>
+</dict>
+</plist>
+PMR_PLIST
+	)
+
+	if _launchd_install_if_changed "$pmr_label" "$pmr_plist" "$pmr_plist_content"; then
+		print_info "Pulse merge routine enabled (launchd, every 2 min)"
+	else
+		print_warning "Failed to load pulse merge routine LaunchAgent"
+	fi
+	return 0
+}
+
+# Install pulse-merge-routine via systemd or cron (Linux).
+# Args: $1=script path, $2=log dir
+_install_pulse_merge_routine_linux() {
+	local pmr_script="$1"
+	local _pmr_log_dir="$2"
+	local pmr_systemd="aidevops-pulse-merge-routine"
+	_install_scheduler_linux \
+		"$pmr_systemd" \
+		"aidevops: pulse-merge-routine" \
+		"*/2 * * * *" \
+		"\"${pmr_script}\" run" \
+		"120" \
+		"${_pmr_log_dir}/pulse-merge-routine.log" \
+		"" \
+		"Pulse merge routine enabled (every 2 min)" \
+		"Failed to install pulse merge routine scheduler" \
+		"true" \
+		"true"
+	return 0
+}
+
+# Setup pulse merge routine (t2862, GH#20919) — runs merge_ready_prs_all_repos()
+# as a fast 120s standalone routine, decoupled from the monolithic pulse cycle.
+# The pulse cycle's preflight stack (60-470s) meant the merge pass ran only ~7
+# times/24h despite ~40+ cycles. This routine ensures green PRs merge within ~3
+# min of CI completion. The in-cycle merge call in pulse-wrapper.sh is kept as
+# defense-in-depth but short-circuits when this routine ran within the last 60s.
+setup_pulse_merge_routine() {
+	local pmr_script="$HOME/.aidevops/agents/scripts/pulse-merge-routine.sh"
+	local pmr_label="sh.aidevops.pulse-merge-routine"
+	if ! [[ -x "$pmr_script" ]]; then
+		return 0
+	fi
+
+	# Reuse contribution-watch's log-dir resolver (same logic, same config key).
+	local _pmr_log_dir
+	_pmr_log_dir=$(_resolve_cw_log_dir) || return 1
+	mkdir -p "$_pmr_log_dir"
+
+	# Install/update scheduled runner
+	if [[ "$(uname -s)" == "Darwin" ]]; then
+		_install_pulse_merge_routine_launchd "$pmr_label" "$pmr_script" "$_pmr_log_dir"
+	else
+		_install_pulse_merge_routine_linux "$pmr_script" "$_pmr_log_dir"
+	fi
+	return 0
+}
+
 # Setup draft responses — private repo + local draft storage for reviewing
 # AI-drafted replies to external contributions (t1555).
 # Respects config: aidevops config set orchestration.draft_responses false
@@ -2161,3 +2399,126 @@ setup_repo_aidevops_health() {
 	fi
 	return 0
 }
+
+# ============================================================================
+# Peer productivity monitor (t2932)
+# ============================================================================
+#
+# Adaptive cross-runner dispatch coordination: observes peer GitHub activity
+# every 30 min and updates ~/.config/aidevops/dispatch-override.conf to
+# `ignore` peers whose pulse is broken (claims issues but never PRs) and
+# back to `honour` when they recover. Self-healing across the ecosystem —
+# each runner observes peers independently, no central coordinator needed.
+# Manual entries in dispatch-override.conf above the auto-managed marker
+# always take precedence.
+
+# Install peer-productivity-monitor launchd plist (macOS).
+# Args: $1=label $2=script $3=log_dir
+_install_peer_productivity_monitor_launchd() {
+	local ppm_label="$1"
+	local ppm_script="$2"
+	local _ppm_log_dir="$3"
+	local ppm_plist="$HOME/Library/LaunchAgents/${ppm_label}.plist"
+
+	local _xml_ppm_script _xml_ppm_home _xml_ppm_log_dir
+	_xml_ppm_script=$(_xml_escape "$ppm_script")
+	_xml_ppm_home=$(_xml_escape "$HOME")
+	_xml_ppm_log_dir=$(_xml_escape "$_ppm_log_dir")
+
+	local ppm_plist_content
+	ppm_plist_content=$(
+		cat <<PPM_PLIST
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>${ppm_label}</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>$(_xml_escape "$(_resolve_modern_bash)")</string>
+		<string>${_xml_ppm_script}</string>
+		<string>observe</string>
+	</array>
+	<key>StartInterval</key>
+	<integer>1800</integer>
+	<key>StandardOutPath</key>
+	<string>${_xml_ppm_log_dir}/peer-productivity-launchd.log</string>
+	<key>StandardErrorPath</key>
+	<string>${_xml_ppm_log_dir}/peer-productivity-launchd.log</string>
+	<key>EnvironmentVariables</key>
+	<dict>
+		<key>PATH</key>
+		<string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+		<key>HOME</key>
+		<string>${_xml_ppm_home}</string>
+	</dict>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProcessType</key>
+	<string>Background</string>
+	<key>LowPriorityBackgroundIO</key>
+	<true/>
+	<key>Nice</key>
+	<integer>10</integer>
+</dict>
+</plist>
+PPM_PLIST
+	)
+
+	if _launchd_install_if_changed "$ppm_label" "$ppm_plist" "$ppm_plist_content"; then
+		print_info "Peer productivity monitor enabled (launchd, every 30 min)"
+	else
+		print_warning "Failed to load peer-productivity-monitor LaunchAgent"
+	fi
+	return 0
+}
+
+# Install peer-productivity-monitor via systemd or cron (Linux).
+# Args: $1=script path, $2=log dir
+_install_peer_productivity_monitor_linux() {
+	local ppm_script="$1"
+	local _ppm_log_dir="$2"
+	local ppm_systemd="aidevops-peer-productivity-monitor"
+	_install_scheduler_linux \
+		"$ppm_systemd" \
+		"aidevops: peer-productivity-monitor" \
+		"*/30 * * * *" \
+		"\"${ppm_script}\" observe" \
+		"1800" \
+		"${_ppm_log_dir}/peer-productivity-launchd.log" \
+		"" \
+		"Peer productivity monitor enabled (every 30 min)" \
+		"Failed to install peer-productivity-monitor scheduler" \
+		"true" \
+		"true"
+	return 0
+}
+
+# Setup peer-productivity-monitor (t2932) — observes peer GitHub activity
+# every 30 min and updates ~/.config/aidevops/dispatch-override.conf so the
+# local pulse competes with broken peers and collaborates with healthy ones.
+# Manual entries in dispatch-override.conf above the auto-managed marker
+# always take precedence.
+setup_peer_productivity_monitor() {
+	local ppm_script="$HOME/.aidevops/agents/scripts/peer-productivity-monitor.sh"
+	local ppm_label="sh.aidevops.peer-productivity-monitor"
+	if ! [[ -x "$ppm_script" ]]; then
+		return 0
+	fi
+
+	# Reuse contribution-watch's log-dir resolver (same logic, same config key).
+	local _ppm_log_dir
+	_ppm_log_dir=$(_resolve_cw_log_dir) || return 1
+	mkdir -p "$_ppm_log_dir"
+
+	# Install/update scheduled runner
+	if [[ "$(uname -s)" == "Darwin" ]]; then
+		_install_peer_productivity_monitor_launchd "$ppm_label" "$ppm_script" "$_ppm_log_dir"
+	else
+		_install_peer_productivity_monitor_linux "$ppm_script" "$_ppm_log_dir"
+	fi
+	return 0
+}

package/setup-modules/tool-install.sh

@@ -390,12 +390,14 @@ setup_shell_linting_tools() {
 
 setup_setsid_advisory() {
 	# setsid is required to detach pulse workers into their own process group
-	# (t2757, GH#20561). Without it, workers inherit pulse's PGID and are
-	# killed by any PG-scoped signal (launchd unload, restart chain).
+	# (t2757, GH#20561, GH#21102). Without it, workers inherit pulse's PGID and
+	# are killed by any PG-scoped signal (launchd unload, restart chain).
 	#
 	# Linux: setsid ships with util-linux (present on all mainstream distros).
-	# macOS: available from macOS 12+ at /usr/bin/setsid. Older versions need
-	#        util-linux via Homebrew (brew install util-linux).
+	# macOS: available from macOS 12+ at /usr/bin/setsid. Older macOS or systems
+	#        where /usr/bin/setsid is absent need util-linux via Homebrew.
+	#        util-linux is keg-only on Homebrew — binary is not linked into PATH
+	#        automatically, so we create a symlink after install.
 	if command -v setsid >/dev/null 2>&1; then
 		local setsid_path
 		setsid_path="$(command -v setsid)"
@@ -403,23 +405,51 @@ setup_setsid_advisory() {
 		return 0
 	fi
 
-	# setsid missing — emit an advisory; it's a quality-of-life improvement,
-	# not a hard requirement (pulse falls back to nohup-only).
-	print_warning "setsid not found — pulse workers will share the pulse process group"
-	echo "  Impact: a pulse restart or launchd unload may kill in-flight workers"
-	echo "  (GH#20561 / t2757: worker survived 3/4 dispatches without setsid isolation)"
-	echo ""
+	# setsid missing — on macOS with Homebrew, auto-install util-linux and
+	# symlink setsid into PATH (GH#21102 / t2926). On Linux and macOS without
+	# Homebrew, emit an actionable error with install instructions.
 	if [[ "$(uname)" == "Darwin" ]]; then
 		if command -v brew >/dev/null 2>&1; then
-			echo "  Install: brew install util-linux"
+			print_info "setsid not found — installing util-linux for worker PGID isolation (GH#21102)"
+			if brew install util-linux 2>&1 | tail -3; then
+				# util-linux is keg-only: binary lives under the keg, not in /opt/homebrew/bin.
+				# Symlink setsid into a standard PATH directory so 'command -v setsid' works.
+				local brew_prefix
+				brew_prefix="$(brew --prefix 2>/dev/null || echo "")"
+				local keg_setsid="${brew_prefix}/opt/util-linux/bin/setsid"
+				local link_target="${brew_prefix}/bin/setsid"
+				if [[ -x "$keg_setsid" && ! -e "$link_target" ]]; then
+					ln -s "$keg_setsid" "$link_target" && \
+						print_success "Symlinked setsid: $keg_setsid → $link_target"
+				fi
+				# Verify setsid is now reachable
+				if command -v setsid >/dev/null 2>&1; then
+					print_success "setsid installed at $(command -v setsid) (worker PGID isolation enabled)"
+				else
+					print_error "util-linux installed but setsid still not in PATH — check brew --prefix"
+				fi
+			else
+				print_error "brew install util-linux failed — workers will share pulse PGID until resolved"
+				echo "  Manual fix: brew install util-linux"
+			fi
 		else
-			echo "  Install Homebrew first, then: brew install util-linux"
+			print_error "setsid not found — worker isolation broken; install util-linux"
+			echo "  Impact: every pulse restart sends SIGHUP to workers in its PGID,"
+			echo "          killing in-flight workers before they can finish (GH#21102)"
+			echo "  Fix:    install Homebrew, then run: brew install util-linux"
 			echo "  Or upgrade to macOS 12+ where /usr/bin/setsid ships by default"
 		fi
 	else
-		echo "  Install: sudo apt install util-linux  # Debian/Ubuntu"
-		echo "           sudo dnf install util-linux  # Fedora/RHEL"
-		echo "           sudo pacman -S util-linux    # Arch"
+		# Linux: setsid should be present on all mainstream distros via util-linux.
+		# If it is missing, emit an error rather than a warning — workers will be
+		# killed on every pulse cycle restart without it.
+		print_error "setsid not found — worker isolation broken; install util-linux"
+		echo "  Impact: every pulse restart sends SIGHUP to workers in its PGID,"
+		echo "          killing in-flight workers before they can finish (GH#21102)"
+		echo "  Fix:    sudo apt install util-linux     # Debian/Ubuntu"
+		echo "          sudo dnf install util-linux     # Fedora/RHEL"
+		echo "          sudo pacman -S util-linux       # Arch"
+		echo "          sudo apk add util-linux         # Alpine"
 	fi
 	echo ""
 

package/setup.sh

@@ -12,7 +12,7 @@ shopt -s inherit_errexit 2>/dev/null || true
 # AI Assistant Server Access Framework Setup Script
 # Helps developers set up the framework for their infrastructure
 #
-# Version: 3.11.16
+# Version: 3.12.0
 #
 # Quick Install:
 #   npm install -g aidevops && aidevops update          (recommended)
@@ -243,7 +243,16 @@ _launchd_install_if_changed() {
 
 	# Atomic write: build at sibling tmp path, then rename into place.
 	# If printf is killed mid-write, the destination is untouched.
-	local tmp_plist="${plist_path}.tmp.$$"
+	# mktemp avoids predictable tmp names (defense-in-depth against symlink attacks).
+	local tmp_plist
+	tmp_plist=$(mktemp "${plist_path}.XXXXXX") || return 1
+	# Guard: refuse to write empty content — catching this before the write avoids
+	# creating a tmp file that the file-size check would also catch, but the
+	# content check is more direct and gives a clearer failure point.
+	if [[ -z "$new_content" ]]; then
+		rm -f "$tmp_plist"
+		return 1
+	fi
 	if ! printf '%s\n' "$new_content" >"$tmp_plist"; then
 		rm -f "$tmp_plist"
 		return 1
@@ -254,7 +263,10 @@ _launchd_install_if_changed() {
 		rm -f "$tmp_plist"
 		return 1
 	fi
-	mv -f "$tmp_plist" "$plist_path"
+	if ! mv -f "$tmp_plist" "$plist_path"; then
+		rm -f "$tmp_plist"
+		return 1
+	fi
 	launchctl load "$plist_path" 2>/dev/null || return 1
 	return 0
 }
@@ -959,6 +971,62 @@ _deploy_hotfix_config() {
 	return 0
 }
 
+# t2919: Early pulse plist install. The pulse launchd agent is critical
+# infrastructure — without it, every other pulse-driven feature (worker
+# dispatch, issue routing, cross-repo coordination) is dead. Previously,
+# setup_supervisor_pulse only ran inside _setup_post_setup_steps which
+# executes AFTER ~25 other migration/setup steps. When `aidevops update`
+# runs unattended and any earlier step times out (e.g. brew taps, MCP
+# installs, slow repo scans), the pulse plist never gets installed/refreshed
+# and the runner falls behind.
+#
+# Install immediately after deploy_aidevops_agents (so the scripts the plist
+# references already exist on disk). The late install in _setup_post_setup_steps
+# remains as the canonical regenerate-on-change path — _launchd_install_if_changed
+# compares content and skips reload when identical, so the second call is a
+# no-op when nothing changed. Failure here is non-fatal: the late path retries.
+_setup_install_pulse_plist_early() {
+	local _early_os
+	_early_os="$(uname -s)"
+	if _should_setup_noninteractive_supervisor_pulse; then
+		setup_supervisor_pulse "$_early_os" || print_warning "Early pulse plist install failed (will retry late)"
+	fi
+	return 0
+}
+
+# Provision knowledge planes for all repos in repos.json where knowledge != "off".
+# Idempotent: already-provisioned directories are not modified.
+# Called from the non-interactive setup path (update) and after interactive init.
+setup_knowledge_planes() {
+	local repos_file="$HOME/.config/aidevops/repos.json"
+	local helper
+	helper="${BASH_SOURCE[0]%/*}/.agents/scripts/knowledge-helper.sh"
+	if [[ ! -f "$helper" ]]; then
+		helper="$HOME/.aidevops/agents/scripts/knowledge-helper.sh"
+	fi
+	if [[ ! -f "$helper" ]]; then
+		print_warning "knowledge-helper.sh not found — skipping knowledge plane provisioning"
+		return 0
+	fi
+	if [[ ! -f "$repos_file" ]]; then
+		return 0
+	fi
+	if ! command -v jq &>/dev/null; then
+		print_warning "jq not installed — skipping knowledge plane provisioning"
+		return 0
+	fi
+	local repo_path mode
+	while IFS=$'\t' read -r repo_path mode; do
+		[[ -z "$repo_path" || "$mode" == "off" ]] && continue
+		if [[ ! -d "$repo_path" ]]; then
+			print_warning "knowledge-plane: repo path not found: $repo_path"
+			continue
+		fi
+		bash "$helper" provision "$repo_path" || print_warning "knowledge-plane: provision failed for $repo_path"
+	done < <(jq -r '.initialized_repos[] | select(.knowledge != null and .knowledge != "off") | [.path, .knowledge] | @tsv' "$repos_file" 2>/dev/null || true)
+	return 0
+}
+
 # Non-interactive path: deploy agents and run safe migrations only (no prompts).
 _setup_run_non_interactive() {
 	print_info "Non-interactive mode: deploying agents and running safe migrations only"
@@ -966,6 +1034,9 @@ _setup_run_non_interactive() {
 	check_requirements
 	# Run quality tool detection in non-interactive mode too (warn-only path).
 	check_quality_tools
+	# Check setsid availability; auto-install util-linux on macOS if missing
+	# (GH#21102 / t2926: missing setsid kills workers on every pulse restart).
+	setup_setsid_advisory
 	check_python_upgrade_available
 	set_permissions
 	migrate_old_backups
@@ -990,6 +1061,7 @@ _setup_run_non_interactive() {
 	setup_opencode_cli
 	validate_opencode_config
 	deploy_aidevops_agents
+	_setup_install_pulse_plist_early
 	_deploy_hotfix_config
 	sync_agent_sources
 	install_aidevops_cli
@@ -1052,6 +1124,8 @@ _setup_run_non_interactive() {
 	# copies doesn't burn CPU (t2885). Idempotent. macOS only — Linux
 	# indexers tracked separately.
 	setup_worktree_exclusions
+	# Provision knowledge planes for repos where knowledge != "off" (idempotent).
+	setup_knowledge_planes
 	return 0
 }
 
@@ -1159,6 +1233,72 @@ _setup_run_interactive() {
 }
 
 # Post-setup steps: schedulers, final instructions, optional tool update check.
+# Non-interactive scheduler installation. Extracted from
+# `_setup_post_setup_steps` (t2903) to keep the parent under the
+# function-complexity gate threshold. Each `_should_setup_noninteractive_*`
+# guard returns 0 when the corresponding scheduler is already installed
+# (regenerate on update) or first-time install is consented via config.
+_setup_noninteractive_schedulers() {
+	local os="$1"
+
+	# Auto-update handles non-interactive internally (systemd detection fixed in GH#17861)
+	setup_auto_update
+	if _should_setup_noninteractive_supervisor_pulse; then
+		setup_supervisor_pulse "$os"
+	fi
+	# Regenerate other schedulers if already installed (GH#17695 Finding B).
+	# Stats wrapper is a pulse dependency — also install on first run when
+	# the supervisor pulse is consented (t2418, GH#20016).
+	if _should_setup_noninteractive_stats_wrapper; then
+		setup_stats_wrapper "${PULSE_ENABLED:-}"
+	fi
+	if _should_setup_noninteractive_scheduler "Failure miner" "sh.aidevops.routine-gh-failure-miner" "aidevops: gh-failure-miner" "aidevops-gh-failure-miner"; then
+		setup_failure_miner "${PULSE_ENABLED:-}"
+	fi
+	if _should_setup_noninteractive_scheduler "Process guard" "sh.aidevops.process-guard" "aidevops: process-guard" "aidevops-process-guard"; then
+		setup_process_guard
+	fi
+	if _should_setup_noninteractive_scheduler "Memory pressure" "sh.aidevops.memory-pressure-monitor" "aidevops: memory-pressure-monitor" "aidevops-memory-pressure-monitor"; then
+		setup_memory_pressure_monitor
+	fi
+	if _should_setup_noninteractive_scheduler "Screen time" "sh.aidevops.screen-time-snapshot" "aidevops: screen-time-snapshot" "aidevops-screen-time-snapshot"; then
+		setup_screen_time_snapshot
+	fi
+	if _should_setup_noninteractive_scheduler "Contribution watch" "sh.aidevops.contribution-watch" "aidevops: contribution-watch" "aidevops-contribution-watch"; then
+		setup_contribution_watch
+	fi
+	# t2903 (#21049): complexity scan — extracted from pulse dispatch preflight
+	if _should_setup_noninteractive_scheduler "Complexity scan" "sh.aidevops.complexity-scan" "aidevops: complexity-scan" "aidevops-complexity-scan"; then
+		setup_complexity_scan
+	fi
+	# t2862 (GH#20919): pulse merge routine — fast 120s standalone merge pass
+	if _should_setup_noninteractive_scheduler "Pulse merge routine" "sh.aidevops.pulse-merge-routine" "aidevops: pulse-merge-routine" "aidevops-pulse-merge-routine"; then
+		setup_pulse_merge_routine
+	fi
+	# t2932 (GH#21125): peer productivity monitor — adaptive cross-runner
+	# dispatch coordination, runs every 30 min.
+	if _should_setup_noninteractive_scheduler "Peer productivity monitor" "sh.aidevops.peer-productivity-monitor" "aidevops: peer-productivity-monitor" "aidevops-peer-productivity-monitor"; then
+		setup_peer_productivity_monitor
+	fi
+	# Repo sync handles non-interactive mode internally (systemd detection fixed in GH#17861)
+	setup_repo_sync
+	# r914 repo-aidevops-health — daily drift keeper (t2366)
+	setup_repo_aidevops_health
+	if _should_setup_noninteractive_scheduler "Profile README" "sh.aidevops.profile-readme-update" "aidevops: profile-readme-update" "aidevops-profile-readme-update"; then
+		setup_profile_readme
+	fi
+	if _should_setup_noninteractive_scheduler "OAuth token refresh" "sh.aidevops.token-refresh" "aidevops: token-refresh" "aidevops-token-refresh"; then
+		setup_oauth_token_refresh
+	fi
+	# opencode DB maintenance (r913, t2183). Helper self-noops on missing
+	# DB — safe to install unconditionally in non-interactive mode too.
+	setup_opencode_db_maintenance
+	# Migrate cron entries to systemd after schedulers are installed (GH#17695 Finding D)
+	migrate_cron_to_systemd
+	setup_tabby
+	return 0
+}
+
 _setup_post_setup_steps() {
 	local os="$1"
 
@@ -1184,48 +1324,7 @@ _setup_post_setup_steps() {
 	# Exceptions: regenerate existing schedulers (GH#17381, GH#17695 Finding B)
 	# and allow first-time install when config consent is explicitly true (GH#17403).
 	if [[ "$NON_INTERACTIVE" == "true" ]]; then
-		# Auto-update handles non-interactive internally (systemd detection fixed in GH#17861)
-		setup_auto_update
-		if _should_setup_noninteractive_supervisor_pulse; then
-			setup_supervisor_pulse "$os"
-		fi
-		# Regenerate other schedulers if already installed (GH#17695 Finding B).
-		# Stats wrapper is a pulse dependency — also install on first run when
-		# the supervisor pulse is consented (t2418, GH#20016).
-		if _should_setup_noninteractive_stats_wrapper; then
-			setup_stats_wrapper "${PULSE_ENABLED:-}"
-		fi
-		if _should_setup_noninteractive_scheduler "Failure miner" "sh.aidevops.routine-gh-failure-miner" "aidevops: gh-failure-miner" "aidevops-gh-failure-miner"; then
-			setup_failure_miner "${PULSE_ENABLED:-}"
-		fi
-		if _should_setup_noninteractive_scheduler "Process guard" "sh.aidevops.process-guard" "aidevops: process-guard" "aidevops-process-guard"; then
-			setup_process_guard
-		fi
-		if _should_setup_noninteractive_scheduler "Memory pressure" "sh.aidevops.memory-pressure-monitor" "aidevops: memory-pressure-monitor" "aidevops-memory-pressure-monitor"; then
-			setup_memory_pressure_monitor
-		fi
-		if _should_setup_noninteractive_scheduler "Screen time" "sh.aidevops.screen-time-snapshot" "aidevops: screen-time-snapshot" "aidevops-screen-time-snapshot"; then
-			setup_screen_time_snapshot
-		fi
-		if _should_setup_noninteractive_scheduler "Contribution watch" "sh.aidevops.contribution-watch" "aidevops: contribution-watch" "aidevops-contribution-watch"; then
-			setup_contribution_watch
-		fi
-		# Repo sync handles non-interactive mode internally (systemd detection fixed in GH#17861)
-		setup_repo_sync
-		# r914 repo-aidevops-health — daily drift keeper (t2366)
-		setup_repo_aidevops_health
-		if _should_setup_noninteractive_scheduler "Profile README" "sh.aidevops.profile-readme-update" "aidevops: profile-readme-update" "aidevops-profile-readme-update"; then
-			setup_profile_readme
-		fi
-		if _should_setup_noninteractive_scheduler "OAuth token refresh" "sh.aidevops.token-refresh" "aidevops: token-refresh" "aidevops-token-refresh"; then
-			setup_oauth_token_refresh
-		fi
-		# opencode DB maintenance (r913, t2183). Helper self-noops on missing
-		# DB — safe to install unconditionally in non-interactive mode too.
-		setup_opencode_db_maintenance
-		# Migrate cron entries to systemd after schedulers are installed (GH#17695 Finding D)
-		migrate_cron_to_systemd
-		setup_tabby
+		_setup_noninteractive_schedulers "$os"
 		return 0
 	fi
 
@@ -1241,6 +1340,8 @@ _setup_post_setup_steps() {
 	setup_memory_pressure_monitor
 	setup_screen_time_snapshot
 	setup_contribution_watch
+	setup_complexity_scan
+	setup_pulse_merge_routine
 	setup_draft_responses
 	setup_profile_readme
 	setup_oauth_token_refresh