aidevops 3.13.54 → 3.13.55

package/VERSION

@@ -1 +1 @@
-3.13.54
+3.13.55

package/aidevops.sh

@@ -5,7 +5,7 @@
 # AI DevOps Framework CLI
 # Usage: aidevops <command> [options]
 #
-# Version: 3.13.54
+# Version: 3.13.55
 
 set -euo pipefail
 
@@ -1658,6 +1658,7 @@ _help_commands() {
 	echo "  repos [cmd]        Manage registered projects (list/add/remove/clean)"
 	echo "  model-accounts-pool OAuth account pool (list/check/diagnose/add/rotate/reset-cooldowns)"
 	echo "  client-format      Client request format alignment (extract/check/canary/monitor)"
+	echo "  opencode-db <cmd>  OpenCode SQLite maintenance (check/report/maintain/window/status/install)"
 	echo "  opencode-sandbox   Test OpenCode versions in isolation (install/run/check/clean)"
 	echo "  approve <cmd>      Cryptographic issue/PR approval (setup/issue/pr/verify/status)"
 	echo "  circuit-breaker    Supervisor circuit breaker (status/reset/check/trip) — alias: cb"
@@ -2208,6 +2209,7 @@ main() {
 	ip-check | ip_check) _dispatch_helper "ip-reputation-helper.sh" "ip-reputation-helper.sh" "$@" ;;
 	model-accounts-pool | map) _dispatch_helper "oauth-pool-helper.sh" "oauth-pool-helper.sh" "$@" ;;
 	client-format) _cmd_client_format "$@" ;;
+	opencode-db | oc-db) _dispatch_helper "opencode-db-maintenance-helper.sh" "opencode-db-maintenance-helper.sh" "$@" ;;
 	opencode-sandbox | oc-sandbox) _dispatch_helper "opencode-sandbox-helper.sh" "opencode-sandbox-helper.sh" "$@" ;;
 	review-gate | review_gate) _dispatch_helper "review-gate-config-helper.sh" "review-gate-config-helper.sh" "$@" ;;
 	secret | secrets) _dispatch_helper "secret-helper.sh" "secret-helper.sh" "$@" ;;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aidevops",
-  "version": "3.13.54",
+  "version": "3.13.55",
   "description": "AI DevOps Framework - AI-assisted development workflows, code quality, and deployment automation",
   "type": "module",
   "bin": {

package/setup-modules/agent-runtime.sh

@@ -249,3 +249,38 @@ deploy_agents_to_runtimes() {
 
 	return 0
 }
+
+# _deploy_agents_to_runtimes_bounded: time-bounded wrapper for deploy_agents_to_runtimes.
+#
+# deploy_agents_to_runtimes is a shell function (not an external script), so it
+# cannot be passed directly to the `timeout` binary. Instead we run it in a
+# background subshell and poll for completion with a configurable wall-clock
+# deadline. When the deadline expires the subshell is killed with SIGTERM then
+# SIGKILL and setup continues without this non-critical step.
+#
+# Configurable via AIDEVOPS_DEPLOY_RUNTIMES_TIMEOUT (default 120s).
+_deploy_agents_to_runtimes_bounded() {
+	local timeout_s="${AIDEVOPS_DEPLOY_RUNTIMES_TIMEOUT:-120}"
+	local _start_s=$SECONDS
+	local _pid=""
+	local _rc=0
+
+	deploy_agents_to_runtimes &
+	_pid=$!
+
+	while kill -0 "$_pid" 2>/dev/null; do
+		if (( SECONDS - _start_s >= timeout_s )); then
+			kill -TERM "$_pid" 2>/dev/null || true
+			sleep 2
+			kill -KILL "$_pid" 2>/dev/null || true
+			wait "$_pid" 2>/dev/null || true
+			print_warning "Runtime agent deployment exceeded ${timeout_s}s — skipping (non-critical)"
+			return 1
+		fi
+		sleep 1
+	done
+
+	wait "$_pid" 2>/dev/null
+	_rc=$?
+	return "$_rc"
+}

package/setup-modules/plugins.sh

@@ -224,29 +224,42 @@ generate_agent_skills() {
 	local success_msg="Agent Skills SKILL.md files generated"
 	local generate_rc=0
 
-	if [[ -f "$skills_script" ]]; then
-		if command -v timeout >/dev/null 2>&1; then
-			if timeout "$timeout_seconds" bash "$skills_script" 2>/dev/null; then
-				print_success "$success_msg"
-				return 0
-			fi
-			generate_rc=$?
-			if [[ "$generate_rc" -eq 124 ]]; then
-				print_warning "Agent Skills generation exceeded ${timeout_seconds}s — continuing without skill symlink refresh"
-				return 1
-			fi
+	if [[ ! -f "$skills_script" ]]; then
+		print_warning "Agent Skills generator not found at $skills_script"
+		return 1
+	fi
+
+	if command -v timeout >/dev/null 2>&1; then
+		timeout "$timeout_seconds" bash "$skills_script" 2>/dev/null
+		generate_rc=$?
+	else
+		# Portable fallback for macOS and other systems without GNU coreutils.
+		# Run the generator in the background; poll every 5s; kill on overrun.
+		bash "$skills_script" 2>/dev/null &
+		local _gen_pid=$!
+		local _elapsed=0
+		while kill -0 "$_gen_pid" 2>/dev/null && [[ "$_elapsed" -lt "$timeout_seconds" ]]; do
+			sleep 5
+			_elapsed=$((_elapsed + 5))
+		done
+		if kill -0 "$_gen_pid" 2>/dev/null; then
+			kill "$_gen_pid" 2>/dev/null
+			wait "$_gen_pid" 2>/dev/null || true
+			generate_rc=124
 		else
-			if bash "$skills_script" 2>/dev/null; then
-				print_success "$success_msg"
-				return 0
-			fi
+			wait "$_gen_pid" 2>/dev/null || true
 			generate_rc=$?
 		fi
+	fi
 
-		print_warning "Agent Skills generation encountered issues (non-critical)"
+	if [[ "$generate_rc" -eq 0 ]]; then
+		print_success "$success_msg"
+		return 0
+	elif [[ "$generate_rc" -eq 124 ]]; then
+		print_warning "Agent Skills generation exceeded ${timeout_seconds}s — continuing without skill symlink refresh"
 		return 1
 	else
-		print_warning "Agent Skills generator not found at $skills_script"
+		print_warning "Agent Skills generation encountered issues (non-critical)"
 		return 1
 	fi
 }

package/setup-modules/schedulers-platform.sh

@@ -306,9 +306,13 @@ setup_complexity_scan() {
 }
 
 # Install the dedicated merge-pass launchd plist (macOS).
-# Supersedes the t2862 sh.aidevops.pulse-merge-routine approach (t21247, GH#21247):
+# Uses the timeout-protected pulse-merge-routine.sh path (t3378). The older
+# t21247 pulse-wrapper.sh --merge-only path had no hard ceiling; a hung merge
+# pass could leave green PRs unmerged until manual intervention.
+# Supersedes the t2862 sh.aidevops.pulse-merge-routine label while keeping the
+# timeout-protected helper implementation:
 #   - Label: com.aidevops.aidevops-supervisor-merge
-#   - Script: pulse-wrapper.sh --merge-only (full bootstrap + merge only)
+#   - Script: pulse-merge-routine.sh run
 #   - Interval: 60s (down from 120s) — targets <=90s PR-green-to-merged latency
 #   - Log: pulse-merge.log (isolated from main pulse log)
 #
@@ -348,7 +352,7 @@ _install_pulse_merge_routine_launchd() {
 	<array>
 		<string>${_xml_bash_bin}</string>
 		<string>${_xml_pmr_script}</string>
-		<string>--merge-only</string>
+		<string>run</string>
 	</array>
 	<key>StartInterval</key>
 	<integer>60</integer>
@@ -382,7 +386,7 @@ PMR_PLIST
 	)
 
 	if _launchd_install_if_changed "$pmr_label" "$pmr_plist" "$pmr_plist_content"; then
-		print_info "Pulse merge pass enabled (launchd, every 60s via --merge-only)"
+		print_info "Pulse merge pass enabled (launchd, every 60s via pulse-merge-routine.sh)"
 	else
 		print_warning "Failed to load pulse merge pass LaunchAgent"
 	fi
@@ -390,8 +394,8 @@ PMR_PLIST
 }
 
 # Install the dedicated merge-pass scheduler via systemd or cron (Linux).
-# Supersedes the t2862 aidevops-pulse-merge-routine approach (t21247, GH#21247):
-#   - Command: pulse-wrapper.sh --merge-only
+# Uses timeout-protected pulse-merge-routine.sh (t3378).
+#   - Command: pulse-merge-routine.sh run
 #   - Interval: every 60s (cron * * * * *, systemd OnUnitActiveSec=60)
 #   - Log: pulse-merge.log
 # Args: $1=wrapper_script $2=log_dir
@@ -413,13 +417,13 @@ _install_pulse_merge_routine_linux() {
 
 	_install_scheduler_linux \
 		"$pmr_systemd" \
-		"aidevops: pulse-merge (--merge-only)" \
+		"aidevops: pulse-merge-routine" \
 		"* * * * *" \
-		"\"${pmr_script}\" --merge-only" \
+		"\"${pmr_script}\" run" \
 		"60" \
 		"${_pmr_log_dir}/pulse-merge.log" \
 		"" \
-		"Pulse merge pass enabled (every 60s via --merge-only)" \
+		"Pulse merge pass enabled (every 60s via pulse-merge-routine.sh)" \
 		"Failed to install pulse merge pass scheduler" \
 		"true" \
 		"true"
@@ -428,18 +432,17 @@ _install_pulse_merge_routine_linux() {
 
 # Setup the dedicated merge-pass scheduler (t21247, GH#21247).
 #
-# Supersedes t2862/GH#20919 (pulse-merge-routine.sh, 120s interval). The new
-# approach runs pulse-wrapper.sh --merge-only every 60s so green PRs merge
+# Supersedes t2862/GH#20919's legacy label/120s interval. The current
+# approach runs pulse-merge-routine.sh every 60s so green PRs merge
 # within <=90s of CI completion regardless of dispatch-cycle length (~23 min
-# average). The full pulse bootstrap ensures all PULSE_* config and repo state
-# are available; the separate lockdir (pulse-merge-instance.lock) prevents
-# overlap with the main dispatch cycle lock.
+# average). The routine has its own hard timeout and lockdir so a hung merge
+# pass cannot starve the backlog.
 #
-# Requires: pulse-wrapper.sh must be installed and executable.
+# Requires: pulse-merge-routine.sh must be installed and executable.
 # The in-cycle merge pass in pulse-wrapper.sh is kept as defense-in-depth —
 # it short-circuits when a merge pass ran within the last 60s.
 setup_pulse_merge_routine() {
-	local pmr_wrapper="$HOME/.aidevops/agents/scripts/pulse-wrapper.sh"
+	local pmr_wrapper="$HOME/.aidevops/agents/scripts/pulse-merge-routine.sh"
 	local pmr_label="com.aidevops.aidevops-supervisor-merge"
 	if ! [[ -x "$pmr_wrapper" ]]; then
 		return 0

package/setup.sh

@@ -12,7 +12,7 @@ shopt -s inherit_errexit 2>/dev/null || true
 # AI Assistant Server Access Framework Setup Script
 # Helps developers set up the framework for their infrastructure
 #
-# Version: 3.13.54
+# Version: 3.13.55
 #
 # Quick Install:
 #   npm install -g aidevops && aidevops update          (recommended)
@@ -1318,7 +1318,10 @@ _setup_run_non_interactive() {
 	wait "$_pid_scan" 2>/dev/null || print_warning "Skill security scan encountered issues (non-critical)"
 
 	_time_step "inject_agents_reference" inject_agents_reference
-	_time_step "deploy_agents_to_runtimes" deploy_agents_to_runtimes
+	# Use the bounded wrapper so a slow file-system traversal across many agent
+	# files does not consume the remaining postflight budget and trip the outer
+	# timeout (GH#22087). AIDEVOPS_DEPLOY_RUNTIMES_TIMEOUT controls the deadline.
+	_time_step "deploy_agents_to_runtimes" _deploy_agents_to_runtimes_bounded
 	_time_step "update_opencode_config" update_opencode_config
 	_time_step "update_claude_config" update_claude_config
 	_time_step "update_codex_config" update_codex_config