opencode-ultra 0.5.0 → 0.6.0

package/README.md

@@ -1,27 +1,28 @@
 # opencode-ultra
 
 [oh-my-opencode](https://github.com/code-yeongyu/oh-my-opencode) をベースに、micode / opencode-skillful の良い部分を取り込んだ OpenCode 1.2.x プラグイン。
-マルチエージェントオーケストレーション・キーワード駆動モード切替・ルール注入・セッション継続・AST検索を軽量な単一プラグインで実現する。
+マルチエージェントオーケストレーション・キーワード駆動モード切替・ルール注入・セッション継続・AST検索・自己改善 (evolve) を軽量な単一プラグインで実現する。
 
 ## 機能一覧
 
-### ツール (7)
+### ツール (8)
 
 | ツール | 説明 |
 |--------|------|
-| `spawn_agent` | 並列エージェント実行 (ConcurrencyPool 制御付き) |
-| `ralph_loop` | 自律ループ実行 (`<promise>DONE</promise>` で完了検知) |
+| `spawn_agent` | 並列エージェント実行 (ConcurrencyPool + spawn limit + timeout + sanitizer) |
+| `ralph_loop` | 自律ループ実行 (`<promise>DONE</promise>` で完了検知, per-iteration timeout) |
 | `cancel_ralph` | 実行中の Ralph Loop をキャンセル |
 | `batch_read` | 複数ファイル並列読み込み (最大20) |
 | `ledger_save` | Continuity Ledger の保存 (.opencode/ledgers/) |
 | `ledger_load` | Continuity Ledger の読み込み (名前指定 or 最新) |
 | `ast_search` | AST-aware コード検索 (ast-grep/sg バイナリ使用、未インストール時は自動スキップ) |
+| `evolve_apply` | プラグイン推薦の信頼度スコア評価 + OpenCode 設定への自動適用 (dry-run/backup 対応) |
 
 ### フック (9)
 
 | フック | hook ポイント | 説明 |
 |--------|-------------|------|
-| `keyword-detector` | chat.message | ultrawork/search/analyze/think キーワード検知 |
+| `keyword-detector` | chat.message | ultrawork/search/analyze/think/evolve キーワード検知 |
 | `rules-injector` | system.transform | .opencode/rules.md を system prompt に注入 |
 | `context-injector` | system.transform | ARCHITECTURE.md / CODE_STYLE.md を自動注入 |
 | `fragment-injector` | system.transform | エージェント毎のカスタムプロンプト断片注入 |
@@ -31,6 +32,45 @@
 | `todo-enforcer` | event (session.idle) | 未完了 TODO を検知して強制継続 |
 | `session-compaction` | experimental.session.compacting | セッション圧縮時に structured summary 生成 |
 
+### Safety
+
+| 機能 | 説明 |
+|------|------|
+| **Prompt Injection Sanitizer** | エージェント出力から注入パターンを検知・無害化 (17パターン, 6カテゴリ) |
+| **Spawn Limit** | 同時実行セッション上限 (default: 15) — エージェント爆発防止 |
+| **Agent Timeout** | per-agent タイムアウト (default: 180s) — ハング防止 |
+| **Trust Score** | npm パッケージの信頼度スコア (0-100) — evolve 推薦の品質ゲート |
+
+### Evolve (自己改善)
+
+| キーワード | 効果 |
+|-----------|------|
+| `evolve` / `self-improve` / `自己改善` / `進化` | evolve モード起動 |
+
+evolve モードでは:
+1. **scout** エージェントが npm/GitHub を検索し、プラグインのメタデータを収集
+2. **explore** エージェントが opencode-ultra 自身の機能をカタログ化
+3. 発見されたプラグインに **Trust Score** (0-100) を自動計算
+4. ギャップ分析と改善提案を生成
+5. ユーザー承認後、`evolve_apply` で設定に自動適用 (バックアップ付き)
+
+Trust Score 評価基準:
+
+| カテゴリ | 配点 | チェック項目 |
+|----------|------|-------------|
+| Recency | 25 | 最終 publish からの日数 |
+| Popularity | 25 | 週間 DL 数 + GitHub stars |
+| Quality | 20 | ライセンス, README, メンテナ数, description |
+| Repository | 15 | GitHub/GitLab リポジトリの存在 |
+| Safety | 15 | typosquat 検知, 依存数, 既知スコープ |
+
+| スコア | レベル | 自動インストール |
+|--------|--------|----------------|
+| 90-100 | HIGH | 可 |
+| 70-89 | MEDIUM | レビュー推奨 |
+| 40-69 | LOW | 要注意 |
+| 0-39 | RISKY | ブロック |
+
 ### その他
 
 | 機能 | 説明 |
@@ -46,7 +86,7 @@
 ```
 User
   │
-  │  "ultrawork" / "ulw" / "think hard" キーワード
+  │  "ultrawork" / "ulw" / "evolve" / "think hard" キーワード
   │
   ▼
 ┌──────────────────────────────────────────────┐
@@ -54,7 +94,7 @@ User
 │                                              │
 │  chat.message hook                           │
 │  ├─ keyword-detector                         │
-│  │  └─ ultrawork / search / analyze / think  │
+│  │  └─ ultrawork/search/analyze/think/evolve │
 │  └─ ultrawork → variant: "max"               │
 │                                              │
 │  system.transform hook                       │
@@ -80,11 +120,20 @@ User
 │  └─ demote built-in agents to subagent       │
 │                                              │
 │  tools                                       │
-│  ├─ spawn_agent (並列実行 + 並列制御)         │
+│  ├─ spawn_agent (並列実行 + 安全制御)         │
+│  │  ├─ ConcurrencyPool                       │
+│  │  ├─ Spawn limit (max 15)                  │
+│  │  ├─ Agent timeout (180s)                  │
+│  │  └─ Prompt injection sanitizer            │
 │  ├─ ralph_loop / cancel_ralph                │
 │  ├─ batch_read (複数ファイル並列読み込み)     │
 │  ├─ ledger_save / ledger_load (文脈継続)     │
-│  └─ ast_search (構文木検索, optional)        │
+│  ├─ ast_search (構文木検索, optional)        │
+│  └─ evolve_apply (信頼度スコア + 設定適用)   │
+│                                              │
+│  safety                                      │
+│  ├─ sanitizer (17 injection patterns)        │
+│  └─ trust-score (5-factor, 0-100)            │
 │                                              │
 │  MCP registration                            │
 │  └─ context7 (自動登録)                       │
@@ -119,6 +168,7 @@ Sisyphus (オーケストレーター) が直接コードを読み、実装は
 | **momus** | コードレビュー・品質チェック | anthropic/claude-sonnet-4-5 | subagent |
 | **atlas** | タスク管理・進捗追跡 | anthropic/claude-sonnet-4-5 | subagent |
 | **multimodal-looker** | 画像・スクリーンショット解析 | anthropic/claude-sonnet-4-5 | subagent |
+| **scout** | プラグインエコシステム調査・信頼度メタデータ収集 | anthropic/claude-sonnet-4-5 | subagent |
 
 全てのモデルは `oh-my-opencode.json` でオーバーライド可能。
 
@@ -190,6 +240,7 @@ ledger_load({})
 | `search` / `find` / `探して` 等 | search | 網羅的検索 |
 | `analyze` / `調査` / `debug` 等 | analyze | コンテキスト収集 |
 | `think hard` / `じっくり` / `熟考` 等 | think | Extended thinking 有効化 |
+| `evolve` / `self-improve` / `自己改善` 等 | evolve | 自己改善サイクル起動 |
 
 日本語・中国語キーワードにも対応。
 
@@ -231,8 +282,8 @@ ledger_load({})
   "disabled_hooks": [],   // keyword-detector, rules-injector, context-injector,
                           // fragment-injector, prompt-renderer, comment-checker,
                           // token-truncation, todo-enforcer, session-compaction
-  "disabled_tools": [],   // spawn_agent, ralph_loop, cancel_ralph,
-                          // batch_read, ledger_save, ledger_load, ast_search
+  "disabled_tools": [],   // spawn_agent, ralph_loop, cancel_ralph, batch_read,
+                          // ledger_save, ledger_load, ast_search, evolve_apply
   "disabled_mcps": [],    // context7
 
   // Built-in Agent Demotion (default: true)
@@ -245,6 +296,12 @@ ledger_load({})
     "modelConcurrency": { "openai/gpt-5.2": 2 }
   },
 
+  // Safety
+  "safety": {
+    "maxTotalSpawned": 15,    // 同時実行セッション上限
+    "agentTimeoutMs": 180000  // per-agent タイムアウト (ms)
+  },
+
   // Token Truncation
   "token_truncation": { "maxChars": 30000 },
 
@@ -270,7 +327,7 @@ opencode-ultra/
 │   │   ├── types.ts                # AgentDef 型定義
 │   │   └── index.ts                # ビルトインエージェント + 動的プロンプト生成
 │   ├── hooks/
-│   │   ├── keyword-detector.ts     # ultrawork/search/analyze/think 検知
+│   │   ├── keyword-detector.ts     # ultrawork/search/analyze/think/evolve 検知
 │   │   ├── rules-injector.ts       # rules.md + ARCHITECTURE.md + CODE_STYLE.md 注入
 │   │   ├── fragment-injector.ts    # エージェント毎の断片注入
 │   │   ├── prompt-renderer.ts      # モデル別フォーマット変換
@@ -279,16 +336,18 @@ opencode-ultra/
 │   │   ├── todo-enforcer.ts        # 未完了 TODO 強制継続
 │   │   └── session-compaction.ts   # セッション圧縮サマリ生成
 │   ├── tools/
-│   │   ├── spawn-agent.ts          # 並列エージェント実行
+│   │   ├── spawn-agent.ts          # 並列エージェント実行 + 安全制御
 │   │   ├── ralph-loop.ts           # 自律ループ実行
 │   │   ├── batch-read.ts           # 複数ファイル並列読み込み
 │   │   ├── continuity-ledger.ts    # セッション間文脈継続
-│   │   └── ast-search.ts           # AST-aware コード検索
+│   │   ├── ast-search.ts           # AST-aware コード検索
+│   │   └── evolve-apply.ts         # 信頼度スコア評価 + 設定適用
 │   ├── concurrency/                # Semaphore + ConcurrencyPool
 │   ├── categories/                 # ビルトインカテゴリ
+│   ├── safety/                     # sanitizer + trust-score
 │   ├── mcp/                        # MCP サーバー登録
 │   └── shared/                     # ユーティリティ
-├── __test__/                       # Bun テスト (92 tests, 20 files)
+├── __test__/                       # Bun テスト
 ├── package.json
 ├── tsconfig.json
 └── .gitignore

package/dist/index.js

@@ -13552,6 +13552,9 @@ import { join } from "path";
 function getConfigDir() {
   return process.env.XDG_CONFIG_HOME ? join(process.env.XDG_CONFIG_HOME, "opencode") : join(homedir(), ".config", "opencode");
 }
+function getCacheDir() {
+  return process.env.XDG_CACHE_HOME ? join(process.env.XDG_CACHE_HOME, "opencode") : join(homedir(), ".cache", "opencode");
+}
 // node_modules/jsonc-parser/lib/esm/impl/scanner.js
 function createScanner(text, ignoreTrivia = false) {
   const len = text.length;
@@ -14465,7 +14468,11 @@ var PluginConfigSchema = exports_external.object({
   todo_enforcer: exports_external.object({
     maxEnforcements: exports_external.number().min(0).optional()
   }).optional(),
-  mcp_api_keys: exports_external.record(exports_external.string(), exports_external.string()).optional()
+  mcp_api_keys: exports_external.record(exports_external.string(), exports_external.string()).optional(),
+  safety: exports_external.object({
+    maxTotalSpawned: exports_external.number().min(1).optional(),
+    agentTimeoutMs: exports_external.number().min(1000).optional()
+  }).optional()
 }).passthrough();
 function parsePluginConfig(raw) {
   const result = PluginConfigSchema.safeParse(raw);
@@ -14636,12 +14643,12 @@ var BUILTIN_AGENTS = {
   },
   scout: {
     model: "anthropic/claude-sonnet-4-5",
-    description: "Plugin ecosystem researcher \u2014 finds, analyzes, and compares OpenCode plugins for self-improvement",
+    description: "Plugin ecosystem researcher \u2014 finds, analyzes, and compares OpenCode plugins with trust scoring",
     prompt: `You are Scout, an OpenCode plugin ecosystem researcher.
 
 ## YOUR MISSION
 Search the web (npm, GitHub, OpenCode community) for OpenCode plugins and extensions.
-Analyze their features, architecture, and quality. Compare with opencode-ultra.
+Collect STRUCTURED METADATA for trust scoring. Compare with opencode-ultra.
 
 ## SEARCH STRATEGY
 1. Search npm for "opencode-plugin", "opencode-ai", "@opencode" packages
@@ -14649,17 +14656,48 @@ Analyze their features, architecture, and quality. Compare with opencode-ultra.
 3. Look at package.json dependencies on @opencode-ai/plugin or @opencode-ai/sdk
 4. Read README files and source code of discovered plugins
 
+## CRITICAL: METADATA COLLECTION
+For EACH plugin found, you MUST collect these fields (used for trust scoring):
+- **name**: exact npm package name
+- **version**: latest version string
+- **lastPublished**: ISO date of last npm publish (e.g. "2026-01-15")
+- **weeklyDownloads**: weekly npm download count (number)
+- **stars**: GitHub stars (number, 0 if unknown)
+- **repository**: GitHub/GitLab repo URL
+- **license**: SPDX license identifier (e.g. "MIT", "ISC")
+- **hasReadme**: true/false
+- **maintainerCount**: number of npm maintainers
+- **dependencyCount**: number of production dependencies
+- **description**: one-line description
+- **features**: bullet list of capabilities
+- **uniqueIdeas**: features that opencode-ultra does NOT have
+
 ## OUTPUT FORMAT
-For each plugin found, report:
-- **Name**: package name + repo URL
-- **Version**: latest version
-- **Features**: bullet list of capabilities
-- **Architecture**: hook types used, tool count, agent count
-- **Quality signals**: test count, TypeScript, last updated, download count
-- **Unique ideas**: features that opencode-ultra does NOT have
+Return a JSON array of plugin objects with the fields above. Example:
+\`\`\`json
+[
+  {
+    "name": "opencode-supermemory",
+    "version": "1.2.0",
+    "lastPublished": "2026-02-01",
+    "weeklyDownloads": 500,
+    "stars": 45,
+    "repository": "https://github.com/supermemoryai/opencode-supermemory",
+    "license": "MIT",
+    "hasReadme": true,
+    "maintainerCount": 2,
+    "dependencyCount": 5,
+    "description": "Persistent memory across OpenCode sessions",
+    "features": ["Session memory", "Cross-project recall"],
+    "uniqueIdeas": ["Long-term memory that opencode-ultra lacks"]
+  }
+]
+\`\`\`
+
+Also include a text summary with gap analysis after the JSON block.
 
 ## COMPARISON
-After listing plugins, generate a structured gap analysis:
+After listing plugins, generate:
 - Features others have that opencode-ultra lacks
 - Features opencode-ultra has that others lack (competitive advantages)
 - Improvement priority list (high/medium/low impact)
@@ -14902,30 +14940,58 @@ var THINK_MESSAGE = `Extended thinking enabled. Take your time to reason thoroug
 var EVOLVE_MESSAGE = `[evolve-mode] SELF-IMPROVEMENT CYCLE ACTIVATED.
 
 ## MISSION
-Search the OpenCode plugin ecosystem, find what others have built, and identify gaps in opencode-ultra.
+Search the OpenCode plugin ecosystem, evaluate trust/quality, identify gaps, and optionally apply improvements.
+
+## TOOLS AVAILABLE
+- **spawn_agent** \u2014 run scout + explore agents in parallel for data gathering
+- **evolve_apply** \u2014 apply plugin recommendations to OpenCode config (with trust scoring and backup)
 
 ## STEPS
-1. **SCOUT** \u2014 Spawn the **scout** agent to search npm/GitHub for OpenCode plugins
-2. **READ SELF** \u2014 Read opencode-ultra's own README.md and key source files to know current capabilities
-3. **COMPARE** \u2014 Generate a structured gap analysis (what we have vs what we're missing)
-4. **PRIORITIZE** \u2014 Rank missing features by impact (high/medium/low)
-5. **PROPOSE** \u2014 Present improvement plan to the user
-6. **SAVE** \u2014 Save findings to a continuity ledger via ledger_save for future reference
+1. **SCOUT** \u2014 Spawn the **scout** agent to search npm/GitHub for OpenCode plugins. Scout MUST return package metadata (lastPublished, weeklyDownloads, stars, repository, license, maintainerCount, dependencyCount) for each plugin found.
+2. **READ SELF** \u2014 Read opencode-ultra's own capabilities via explore agent
+3. **SCORE** \u2014 For each discovered plugin, the evolve_apply tool computes a trust score (0-100):
+   - 90-100: HIGH trust (safe to auto-install)
+   - 70-89: MEDIUM trust (review recommended)
+   - 40-69: LOW trust (caution)
+   - 0-39: RISKY (blocked from install)
+4. **COMPARE** \u2014 Generate gap analysis with trust scores
+5. **PROPOSE** \u2014 Present scored recommendations to the user
+6. **APPLY** \u2014 If user approves, call evolve_apply to update config:
+
+\`\`\`
+evolve_apply({
+  plugins: [
+    {
+      name: "opencode-supermemory",
+      version: "latest",
+      reason: "Persistent memory across sessions",
+      metadata: {name: "opencode-supermemory", lastPublished: "2026-02-01", weeklyDownloads: 500, stars: 45, repository: "https://github.com/...", license: "MIT", maintainerCount: 2}
+    }
+  ],
+  dryRun: true
+})
+\`\`\`
+
+Use dryRun: true FIRST to preview, then dryRun: false after user approval.
+
+7. **SAVE** \u2014 Save findings to ledger: ledger_save({name: "evolve-scan-YYYY-MM-DD", content: "..."})
 
 ## EXECUTION
 \`\`\`
 spawn_agent({
   agents: [
-    {agent: "scout", prompt: "Search npm and GitHub for OpenCode 1.2.x plugins. Find all published plugins, analyze features, compare with opencode-ultra.", description: "Plugin ecosystem scan"},
+    {agent: "scout", prompt: "Search npm and GitHub for OpenCode 1.2.x plugins. For EACH plugin found, collect: name, version, lastPublished date, weeklyDownloads, GitHub stars, repository URL, license, maintainerCount, dependencyCount. Return structured data.", description: "Plugin ecosystem scan + metadata"},
     {agent: "explore", prompt: "Read opencode-ultra's README.md, src/index.ts, src/agents/index.ts to catalog current features", description: "Self-analysis"}
   ]
 })
 \`\`\`
 
-After gathering results, synthesize into a gap analysis and present to the user.
-Save the analysis via: ledger_save({name: "evolve-scan-YYYY-MM-DD", content: "..."})
+After gathering results:
+1. Call evolve_apply with dryRun: true to preview trust scores
+2. Present results to user with recommendation
+3. If approved, call evolve_apply with dryRun: false
 
-**This is how opencode-ultra gets better \u2014 by knowing what it doesn't know.**`;
+**Trust scoring prevents bad plugins from entering your system. Always dry-run first.**`;
 
 // src/hooks/rules-injector.ts
 import * as fs2 from "fs";
@@ -27426,16 +27492,265 @@ function resolveCategory(categoryName, configCategories) {
   return { ...builtin, ...override };
 }
 
+// src/safety/sanitizer.ts
+var INJECTION_PATTERNS = [
+  { pattern: /ignore\s+(?:all\s+)?(?:previous\s+|prior\s+|above\s+)?instructions/i, label: "instruction-override" },
+  { pattern: /disregard\s+(?:all\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|guidelines)/i, label: "instruction-override" },
+  { pattern: /forget\s+(?:all\s+)?(?:previous\s+|prior\s+)?(?:instructions|context|rules)/i, label: "instruction-override" },
+  { pattern: /override\s+(?:all\s+)?(?:previous\s+|prior\s+)?(?:instructions|rules|system)/i, label: "instruction-override" },
+  { pattern: /you\s+are\s+now\s+(?:a\s+|an\s+|in\s+)?/i, label: "role-hijack" },
+  { pattern: /pretend\s+(?:you\s+are|to\s+be|you're)\s+/i, label: "role-hijack" },
+  { pattern: /act\s+as\s+(?:if\s+)?(?:you\s+(?:are|were)\s+)?/i, label: "role-hijack" },
+  { pattern: /role[\s-]?play\s+as/i, label: "role-hijack" },
+  { pattern: /switch\s+(?:to\s+)?(?:your\s+)?(?:new\s+)?(?:role|persona|identity)/i, label: "role-hijack" },
+  { pattern: /<\/?system(?:\s[^>]*)?>/, label: "fake-tag" },
+  { pattern: /<\/?instructions?(?:\s[^>]*)?>/, label: "fake-tag" },
+  { pattern: /<\/?prompt(?:\s[^>]*)?>/, label: "fake-tag" },
+  { pattern: /<\/?assistant(?:\s[^>]*)?>/, label: "fake-tag" },
+  { pattern: /<\/?human(?:\s[^>]*)?>/, label: "fake-tag" },
+  { pattern: /\[SYSTEM\](?:\s*:)?/i, label: "fake-tag" },
+  { pattern: /\[INST\]|\[\/INST\]/i, label: "fake-tag" },
+  { pattern: /new\s+(?:system\s+)?instructions?\s*:/i, label: "new-instructions" },
+  { pattern: /updated?\s+(?:system\s+)?instructions?\s*:/i, label: "new-instructions" },
+  { pattern: /revised?\s+(?:system\s+)?instructions?\s*:/i, label: "new-instructions" },
+  { pattern: /(?:run|execute|eval)\s*\(\s*['"`].*(?:rm\s+-rf|curl\s+.*\|\s*(?:sh|bash)|wget\s+.*\|\s*(?:sh|bash))/i, label: "dangerous-command" },
+  { pattern: /\brm\s+-rf\s+[\/~]/i, label: "dangerous-command" },
+  { pattern: /(?:\u5168\u3066\u306E|\u3059\u3079\u3066\u306E)?(?:\u524D\u306E|\u4EE5\u524D\u306E)?\u6307\u793A\u3092(?:\u7121\u8996|\u5FD8\u308C|\u53D6\u308A\u6D88)/i, label: "instruction-override-ja" },
+  { pattern: /(?:\u65B0\u3057\u3044|\u66F4\u65B0\u3055\u308C\u305F)\u6307\u793A\s*[:\uFF1A]/i, label: "new-instructions-ja" }
+];
+var SUSPICIOUS_UNICODE = /[\u200B-\u200F\u202A-\u202E\u2060-\u2069\uFEFF\u00AD]/g;
+function sanitizeAgentOutput(text) {
+  const warnings = [];
+  const invisibleCount = (text.match(SUSPICIOUS_UNICODE) || []).length;
+  if (invisibleCount > 0) {
+    warnings.push(`Stripped ${invisibleCount} suspicious Unicode characters`);
+    text = text.replace(SUSPICIOUS_UNICODE, "");
+  }
+  for (const { pattern, label } of INJECTION_PATTERNS) {
+    if (pattern.test(text)) {
+      warnings.push(`Injection pattern detected: ${label}`);
+      text = text.replace(pattern, (match) => `[SANITIZED:${label}]`);
+    }
+  }
+  const flagged = warnings.length > 0;
+  if (flagged) {
+    log("Sanitizer flagged content", { warnings });
+  }
+  return { text, flagged, warnings };
+}
+function sanitizeSpawnResult(result) {
+  const { text, flagged, warnings } = sanitizeAgentOutput(result);
+  if (!flagged)
+    return text;
+  const banner = `
+
+> **[Safety] Potential prompt injection detected in agent output.**
+> Patterns: ${warnings.join(", ")}
+> The flagged content has been neutralized.
+`;
+  return banner + `
+` + text;
+}
+// src/safety/trust-score.ts
+var KNOWN_SCOPES = [
+  "@opencode-ai/",
+  "opencode-",
+  "@tarquinen/",
+  "@azumag/",
+  "@hoangp8/",
+  "@gitlab/"
+];
+var TYPOSQUAT_PATTERNS = [
+  /^0pencode/i,
+  /^opencodd/i,
+  /^openc0de/i,
+  /^opencodee/i,
+  /^opeencode/i,
+  /^opemcode/i,
+  /^opencode-.{1,3}$/i
+];
+function computeTrustScore(meta3) {
+  const factors = [];
+  factors.push(scoreRecency(meta3));
+  factors.push(scorePopularity(meta3));
+  factors.push(scoreQuality(meta3));
+  factors.push(scoreRepository(meta3));
+  factors.push(scoreSafety(meta3));
+  const totalScore = Math.min(100, factors.reduce((sum, f) => sum + f.score, 0));
+  const level = classifyLevel(totalScore);
+  const summary = buildSummary(meta3.name, totalScore, level, factors);
+  log("Trust score computed", { package: meta3.name, score: totalScore, level });
+  return { score: totalScore, level, factors, summary };
+}
+function scoreRecency(meta3) {
+  const maxScore = 25;
+  if (!meta3.lastPublished) {
+    return { name: "recency", score: 0, maxScore, detail: "No publish date available" };
+  }
+  const daysAgo = daysSince(meta3.lastPublished);
+  if (daysAgo < 30)
+    return { name: "recency", score: 25, maxScore, detail: `Updated ${daysAgo}d ago` };
+  if (daysAgo < 90)
+    return { name: "recency", score: 20, maxScore, detail: `Updated ${daysAgo}d ago` };
+  if (daysAgo < 180)
+    return { name: "recency", score: 15, maxScore, detail: `Updated ${daysAgo}d ago` };
+  if (daysAgo < 365)
+    return { name: "recency", score: 10, maxScore, detail: `Updated ${daysAgo}d ago \u2014 getting stale` };
+  return { name: "recency", score: 3, maxScore, detail: `Updated ${daysAgo}d ago \u2014 likely abandoned` };
+}
+function scorePopularity(meta3) {
+  const maxScore = 25;
+  let score = 0;
+  const details = [];
+  const dl = meta3.weeklyDownloads ?? 0;
+  if (dl > 1e4) {
+    score += 15;
+    details.push(`${dl.toLocaleString()} weekly DL`);
+  } else if (dl > 1000) {
+    score += 12;
+    details.push(`${dl.toLocaleString()} weekly DL`);
+  } else if (dl > 100) {
+    score += 8;
+    details.push(`${dl} weekly DL`);
+  } else if (dl > 10) {
+    score += 4;
+    details.push(`${dl} weekly DL \u2014 low`);
+  } else {
+    score += 0;
+    details.push(`${dl} weekly DL \u2014 very low`);
+  }
+  const stars = meta3.stars ?? 0;
+  if (stars > 100) {
+    score += 10;
+    details.push(`${stars} stars`);
+  } else if (stars > 20) {
+    score += 7;
+    details.push(`${stars} stars`);
+  } else if (stars > 5) {
+    score += 4;
+    details.push(`${stars} stars`);
+  } else {
+    score += 0;
+    details.push(`${stars} stars`);
+  }
+  return { name: "popularity", score: Math.min(maxScore, score), maxScore, detail: details.join(", ") };
+}
+function scoreQuality(meta3) {
+  const maxScore = 20;
+  let score = 0;
+  const details = [];
+  if (meta3.license && meta3.license !== "NONE" && meta3.license !== "UNLICENSED") {
+    score += 7;
+    details.push(`License: ${meta3.license}`);
+  } else {
+    details.push("No license");
+  }
+  if (meta3.hasReadme !== false) {
+    score += 5;
+    details.push("Has README");
+  } else {
+    details.push("No README");
+  }
+  const maintainers = meta3.maintainerCount ?? 0;
+  if (maintainers >= 2) {
+    score += 5;
+    details.push(`${maintainers} maintainers`);
+  } else if (maintainers === 1) {
+    score += 3;
+    details.push("1 maintainer");
+  } else {
+    details.push("No maintainer info");
+  }
+  if (meta3.description && meta3.description.length > 20) {
+    score += 3;
+  } else {
+    details.push("Weak description");
+  }
+  return { name: "quality", score: Math.min(maxScore, score), maxScore, detail: details.join(", ") };
+}
+function scoreRepository(meta3) {
+  const maxScore = 15;
+  if (!meta3.repository) {
+    return { name: "repository", score: 0, maxScore, detail: "No repository link \u2014 suspicious" };
+  }
+  if (meta3.repository.includes("github.com")) {
+    return { name: "repository", score: 15, maxScore, detail: `Repo: ${meta3.repository}` };
+  }
+  if (meta3.repository.includes("gitlab.com") || meta3.repository.includes("bitbucket.org")) {
+    return { name: "repository", score: 12, maxScore, detail: `Repo: ${meta3.repository}` };
+  }
+  return { name: "repository", score: 5, maxScore, detail: `Repo: ${meta3.repository} (unknown host)` };
+}
+function scoreSafety(meta3) {
+  const maxScore = 15;
+  let score = 15;
+  const details = [];
+  if (isTyposquatSuspect(meta3.name)) {
+    score -= 15;
+    details.push("TYPOSQUAT SUSPECT");
+  } else {
+    details.push("Name OK");
+  }
+  if (KNOWN_SCOPES.some((s) => meta3.name.startsWith(s))) {
+    score = Math.min(maxScore, score + 3);
+    details.push("Known scope");
+  }
+  const deps = meta3.dependencyCount ?? 0;
+  if (deps > 50) {
+    score = Math.max(0, score - 5);
+    details.push(`${deps} deps \u2014 heavy`);
+  } else if (deps > 20) {
+    score = Math.max(0, score - 2);
+    details.push(`${deps} deps`);
+  }
+  return { name: "safety", score: Math.max(0, score), maxScore, detail: details.join(", ") };
+}
+function isTyposquatSuspect(name) {
+  return TYPOSQUAT_PATTERNS.some((p) => p.test(name));
+}
+function classifyLevel(score) {
+  if (score >= 90)
+    return "high";
+  if (score >= 70)
+    return "medium";
+  if (score >= 40)
+    return "low";
+  return "risky";
+}
+function daysSince(isoDate) {
+  const then = new Date(isoDate).getTime();
+  const now = Date.now();
+  return Math.floor((now - then) / (1000 * 60 * 60 * 24));
+}
+function buildSummary(name, score, level, factors) {
+  const icon = level === "high" ? "V" : level === "medium" ? "~" : level === "low" ? "!" : "X";
+  const weakest = [...factors].sort((a, b) => a.score / a.maxScore - b.score / b.maxScore)[0];
+  return `[${icon}] ${name}: ${score}/100 (${level}) \u2014 weakest: ${weakest.name} (${weakest.score}/${weakest.maxScore}: ${weakest.detail})`;
+}
 // src/tools/spawn-agent.ts
+var DEFAULT_MAX_TOTAL_SPAWNED = 15;
+var DEFAULT_AGENT_TIMEOUT_MS = 180000;
 function showToast(ctx, title, message, variant = "info") {
   const client = ctx.client;
   client.tui?.showToast?.({
     body: { title, message, variant, duration: 2000 }
   })?.catch?.(() => {});
 }
+async function withTimeout(promise3, ms, label) {
+  let timer;
+  const timeout = new Promise((_, reject) => {
+    timer = setTimeout(() => reject(new Error(`Timeout: ${label} exceeded ${ms}ms`)), ms);
+  });
+  try {
+    return await Promise.race([promise3, timeout]);
+  } finally {
+    clearTimeout(timer);
+  }
+}
 async function runAgent(ctx, task, toolCtx, internalSessions, deps, progress) {
   const { agent, prompt, description } = task;
   const t0 = Date.now();
+  const timeoutMs = deps.agentTimeoutMs ?? DEFAULT_AGENT_TIMEOUT_MS;
   const elapsed = () => ((Date.now() - (progress?.startTime ?? t0)) / 1000).toFixed(0);
   const updateTitle = (status) => {
     toolCtx.metadata({ title: status });
@@ -27461,26 +27776,27 @@ async function runAgent(ctx, task, toolCtx, internalSessions, deps, progress) {
 **Error**: Failed to create session`;
     }
     internalSessions.add(sessionID);
-    await ctx.client.session.prompt({
+    await withTimeout(ctx.client.session.prompt({
       path: { id: sessionID },
       body: {
         parts: [{ type: "text", text: prompt }],
         agent
       },
       query: { directory: ctx.directory }
-    });
+    }), timeoutMs, `${agent} (${description})`);
     const messagesResp = await ctx.client.session.messages({
       path: { id: sessionID },
       query: { directory: ctx.directory }
     });
     const messages = messagesResp.data ?? [];
     const lastAssistant = messages.filter((m) => m.info?.role === "assistant").pop();
-    const result = lastAssistant?.parts?.filter((p) => p.type === "text" && p.text).map((p) => p.text).join(`
+    const rawResult = lastAssistant?.parts?.filter((p) => p.type === "text" && p.text).map((p) => p.text).join(`
 `) ?? "(No response from agent)";
     internalSessions.delete(sessionID);
     await ctx.client.session.delete({ path: { id: sessionID }, query: { directory: ctx.directory } }).catch(() => {});
     const agentTime = ((Date.now() - t0) / 1000).toFixed(1);
     log(`spawn_agent: ${agent} done`, { seconds: agentTime, description });
+    const result = sanitizeSpawnResult(rawResult);
     return `## ${description} (${agentTime}s)
 
 **Agent**: ${agent}
@@ -27494,7 +27810,14 @@ ${result}`;
       await ctx.client.session.delete({ path: { id: sessionID }, query: { directory: ctx.directory } }).catch(() => {});
     }
     const msg = error92 instanceof Error ? error92.message : String(error92);
-    log(`spawn_agent: ${agent} error`, { error: msg });
+    const isTimeout = msg.startsWith("Timeout:");
+    log(`spawn_agent: ${agent} ${isTimeout ? "timeout" : "error"}`, { error: msg });
+    if (isTimeout) {
+      return `## ${description}
+
+**Agent**: ${agent}
+**Timeout**: Agent did not complete within ${(timeoutMs / 1000).toFixed(0)}s`;
+    }
     return `## ${description}
 
 **Agent**: ${agent}
@@ -27502,6 +27825,7 @@ ${result}`;
   }
 }
 function createSpawnAgentTool(ctx, internalSessions, deps = {}) {
+  const maxTotalSpawned = deps.maxTotalSpawned ?? DEFAULT_MAX_TOTAL_SPAWNED;
   return tool({
     description: `Spawn subagents to execute tasks in PARALLEL.
 All agents in the array run concurrently (respecting concurrency limits if configured).
@@ -27546,6 +27870,11 @@ spawn_agent({
           return `Error: agents[${i}].description is required`;
         }
       }
+      const currentActive = internalSessions.size;
+      if (currentActive + agents.length > maxTotalSpawned) {
+        log("spawn_agent: BLOCKED by spawn limit", { currentActive, requested: agents.length, max: maxTotalSpawned });
+        return `Error: Too many concurrent spawned agents. Active: ${currentActive}, requested: ${agents.length}, max: ${maxTotalSpawned}. Wait for active agents to complete or increase safety.maxTotalSpawned.`;
+      }
       const agentNames = agents.map((a) => a.agent);
       log("spawn_agent", { count: agents.length, agents: agentNames });
       showToast(ctx, "spawn_agent", `${agents.length} agents: ${agentNames.join(", ")}`);
@@ -27622,8 +27951,21 @@ function resolveTaskModel(task, deps) {
 // src/tools/ralph-loop.ts
 var COMPLETION_MARKER = "<promise>DONE</promise>";
 var DEFAULT_MAX_ITERATIONS = 10;
+var DEFAULT_ITERATION_TIMEOUT_MS = 180000;
 var activeLoops = new Map;
-function createRalphLoopTools(ctx, internalSessions) {
+async function withTimeout2(promise3, ms, label) {
+  let timer;
+  const timeout = new Promise((_, reject) => {
+    timer = setTimeout(() => reject(new Error(`Timeout: ${label} exceeded ${ms}ms`)), ms);
+  });
+  try {
+    return await Promise.race([promise3, timeout]);
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function createRalphLoopTools(ctx, internalSessions, deps = {}) {
+  const iterationTimeoutMs = deps.iterationTimeoutMs ?? DEFAULT_ITERATION_TIMEOUT_MS;
   const ralph_loop = tool({
     description: `Start autonomous loop. Agent keeps working until it outputs ${COMPLETION_MARKER} or max iterations reached.
 Use this for tasks that require multiple rounds of autonomous work (implementation, refactoring, migration).
@@ -27651,29 +27993,43 @@ The agent will be prompted to continue from where it left off each iteration.`,
         sessionID
       };
       activeLoops.set(sessionID, state);
-      log(`Ralph Loop started: ${agentName}, max ${maxIter} iterations`);
+      log(`Ralph Loop started: ${agentName}, max ${maxIter} iterations, timeout ${iterationTimeoutMs}ms/iter`);
       try {
         for (let i = 0;i < maxIter && state.active; i++) {
           state.iteration = i + 1;
           toolCtx.metadata({ title: `Ralph Loop [${i + 1}/${maxIter}] \u2014 ${agentName}` });
           const prompt = i === 0 ? args.prompt : buildContinuationPrompt(args.prompt, i + 1);
-          await ctx.client.session.prompt({
-            path: { id: sessionID },
-            body: {
-              parts: [{ type: "text", text: prompt }],
-              agent: agentName
-            },
-            query: { directory: ctx.directory }
-          });
+          try {
+            await withTimeout2(ctx.client.session.prompt({
+              path: { id: sessionID },
+              body: {
+                parts: [{ type: "text", text: prompt }],
+                agent: agentName
+              },
+              query: { directory: ctx.directory }
+            }), iterationTimeoutMs, `Ralph Loop iteration ${i + 1}`);
+          } catch (iterError) {
+            const msg = iterError instanceof Error ? iterError.message : String(iterError);
+            if (msg.startsWith("Timeout:")) {
+              log(`Ralph Loop iteration ${i + 1} timed out`);
+              toolCtx.metadata({ title: `Ralph Loop TIMEOUT [${i + 1}/${maxIter}]` });
+              return `## Ralph Loop Timeout (iteration ${i + 1}/${maxIter})
+
+**Agent**: ${agentName}
+**Timeout**: Iteration did not complete within ${(iterationTimeoutMs / 1000).toFixed(0)}s`;
+            }
+            throw iterError;
+          }
           const messagesResp = await ctx.client.session.messages({
             path: { id: sessionID },
             query: { directory: ctx.directory }
           });
           const messages = messagesResp.data ?? [];
           const lastAssistant = messages.filter((m) => m.info?.role === "assistant").pop();
-          const resultText = lastAssistant?.parts?.filter((p) => p.type === "text" && p.text).map((p) => p.text).join(`
+          const rawResult = lastAssistant?.parts?.filter((p) => p.type === "text" && p.text).map((p) => p.text).join(`
 `) ?? "";
-          if (resultText.includes(COMPLETION_MARKER)) {
+          const resultText = sanitizeSpawnResult(rawResult);
+          if (rawResult.includes(COMPLETION_MARKER)) {
             toolCtx.metadata({ title: `Ralph Loop DONE [${i + 1}/${maxIter}]` });
             log(`Ralph Loop completed at iteration ${i + 1}`);
             const cleaned = resultText.replace(COMPLETION_MARKER, "").trim();
@@ -27968,6 +28324,199 @@ function createAstSearchTool(ctx, binaryPath) {
   });
 }
 
+// src/tools/evolve-apply.ts
+import * as fs7 from "fs";
+import * as path7 from "path";
+function readJson(filePath) {
+  try {
+    return JSON.parse(fs7.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function writeJson(filePath, data) {
+  fs7.writeFileSync(filePath, JSON.stringify(data, null, 2) + `
+`, "utf-8");
+}
+function createBackup(configDir) {
+  const ts = new Date().toISOString().replace(/[:.]/g, "-").slice(0, 19);
+  const backupDir = path7.join(configDir, "backups", `pre-evolve-${ts}`);
+  fs7.mkdirSync(backupDir, { recursive: true });
+  const configPath = path7.join(configDir, "opencode.json");
+  const pkgPath = path7.join(configDir, "package.json");
+  const cachePkgPath = path7.join(getCacheDir(), "package.json");
+  if (fs7.existsSync(configPath)) {
+    fs7.copyFileSync(configPath, path7.join(backupDir, "opencode.json"));
+  }
+  if (fs7.existsSync(pkgPath)) {
+    fs7.copyFileSync(pkgPath, path7.join(backupDir, "package.json"));
+  }
+  if (fs7.existsSync(cachePkgPath)) {
+    fs7.copyFileSync(cachePkgPath, path7.join(backupDir, "cache-package.json"));
+  }
+  log("Evolve backup created", { path: backupDir });
+  return backupDir;
+}
+function createEvolveApplyTool(ctx) {
+  return tool({
+    description: `Apply evolve scan recommendations to OpenCode configuration.
+Takes a list of plugin recommendations (from evolve scan), computes trust scores,
+creates a backup, and adds approved plugins to opencode.json and package.json.
+
+IMPORTANT: Only plugins with trust score >= 40 (low or above) are added.
+Risky plugins (score < 40) are skipped with a warning.
+
+Use dryRun: true to preview changes without applying them.
+
+Example:
+evolve_apply({
+  plugins: [
+    {name: "opencode-supermemory", version: "latest", reason: "Persistent memory across sessions"},
+    {name: "@azumag/opencode-rate-limit-fallback", version: "^1.0.0", reason: "Rate limit handling"}
+  ],
+  dryRun: false
+})`,
+    args: {
+      plugins: tool.schema.array(tool.schema.object({
+        name: tool.schema.string().describe("npm package name"),
+        version: tool.schema.string().optional().describe("Version spec (default: latest)"),
+        reason: tool.schema.string().describe("Why this plugin is recommended"),
+        metadata: tool.schema.object({
+          name: tool.schema.string(),
+          lastPublished: tool.schema.string().optional(),
+          weeklyDownloads: tool.schema.number().optional(),
+          stars: tool.schema.number().optional(),
+          repository: tool.schema.string().optional(),
+          license: tool.schema.string().optional(),
+          hasReadme: tool.schema.boolean().optional(),
+          maintainerCount: tool.schema.number().optional(),
+          dependencyCount: tool.schema.number().optional()
+        }).optional().describe("Package metadata for trust scoring (if available)")
+      })).describe("Plugins to evaluate and potentially install"),
+      dryRun: tool.schema.boolean().optional().describe("Preview changes without applying (default: false)"),
+      minTrustScore: tool.schema.number().optional().describe("Minimum trust score to auto-install (default: 40)")
+    },
+    execute: async (args) => {
+      const { plugins } = args;
+      const dryRun = args.dryRun ?? false;
+      const minScore = args.minTrustScore ?? 40;
+      if (!plugins || plugins.length === 0) {
+        return "No plugins specified.";
+      }
+      const configDir = getConfigDir();
+      const configPath = path7.join(configDir, "opencode.json");
+      const cachePkgPath = path7.join(getCacheDir(), "package.json");
+      const config3 = readJson(configPath);
+      if (!config3) {
+        return `Error: Cannot read ${configPath}`;
+      }
+      const currentPlugins = config3.plugin ?? [];
+      const cachePkg = readJson(cachePkgPath);
+      const currentDeps = cachePkg?.dependencies ?? {};
+      const added = [];
+      const skipped = [];
+      const trustLines = [];
+      for (const rec of plugins) {
+        const alreadyInConfig = currentPlugins.some((p) => p === rec.name || p.startsWith(rec.name + "@"));
+        const alreadyInDeps = rec.name in currentDeps;
+        if (alreadyInConfig || alreadyInDeps) {
+          skipped.push({ name: rec.name, reason: "Already installed" });
+          trustLines.push(`  SKIP ${rec.name} \u2014 already installed`);
+          continue;
+        }
+        const meta3 = rec.metadata ?? { name: rec.name };
+        const trustResult = computeTrustScore(meta3);
+        const scoreTag = `[${trustResult.score}/100 ${trustResult.level}]`;
+        trustLines.push(`  ${scoreTag} ${rec.name} \u2014 ${rec.reason}`);
+        for (const f of trustResult.factors) {
+          trustLines.push(`    ${f.name}: ${f.score}/${f.maxScore} (${f.detail})`);
+        }
+        if (trustResult.score < minScore) {
+          skipped.push({
+            name: rec.name,
+            reason: `Trust score ${trustResult.score} < ${minScore} (${trustResult.level})`
+          });
+          trustLines.push(`    -> REJECTED (below threshold ${minScore})`);
+          continue;
+        }
+        added.push(rec.name);
+        trustLines.push(`    -> APPROVED`);
+      }
+      const trustReport = trustLines.join(`
+`);
+      if (added.length === 0) {
+        log("Evolve apply: nothing to add", { skipped: skipped.length });
+        return formatResult({
+          added: [],
+          skipped,
+          dryRun,
+          trustReport
+        });
+      }
+      if (dryRun) {
+        log("Evolve apply: dry run", { wouldAdd: added });
+        return formatResult({ added, skipped, dryRun: true, trustReport });
+      }
+      const backupDir = createBackup(configDir);
+      const pluginEntry = (name, version3) => version3 && version3 !== "latest" ? `${name}@${version3}` : name;
+      for (const name of added) {
+        const rec = plugins.find((p) => p.name === name);
+        const entry = pluginEntry(name, rec.version);
+        if (!currentPlugins.includes(entry)) {
+          currentPlugins.push(entry);
+        }
+      }
+      config3.plugin = currentPlugins;
+      writeJson(configPath, config3);
+      log("Evolve apply: updated opencode.json", { plugins: currentPlugins });
+      if (cachePkg) {
+        const deps = cachePkg.dependencies ?? {};
+        for (const name of added) {
+          const rec = plugins.find((p) => p.name === name);
+          deps[name] = rec.version ?? "latest";
+        }
+        cachePkg.dependencies = deps;
+        writeJson(cachePkgPath, cachePkg);
+        log("Evolve apply: updated cache/package.json");
+      }
+      return formatResult({ added, skipped, backup: backupDir, dryRun: false, trustReport });
+    }
+  });
+}
+function formatResult(result) {
+  const lines = [];
+  lines.push(result.dryRun ? "## Evolve Apply (DRY RUN)" : "## Evolve Apply Results");
+  lines.push("");
+  if (result.backup) {
+    lines.push(`**Backup**: \`${result.backup}\``);
+    lines.push("");
+  }
+  lines.push("### Trust Score Report");
+  lines.push("```");
+  lines.push(result.trustReport);
+  lines.push("```");
+  lines.push("");
+  if (result.added.length > 0) {
+    lines.push(result.dryRun ? "### Would Add" : "### Added");
+    for (const name of result.added) {
+      lines.push(`- ${name}`);
+    }
+    lines.push("");
+  }
+  if (result.skipped.length > 0) {
+    lines.push("### Skipped");
+    for (const { name, reason } of result.skipped) {
+      lines.push(`- ${name} \u2014 ${reason}`);
+    }
+    lines.push("");
+  }
+  if (!result.dryRun && result.added.length > 0) {
+    lines.push("> **Note**: Run `bun install` in `~/.cache/opencode/` to install the new packages, then restart OpenCode.");
+  }
+  return lines.join(`
+`);
+}
+
 // src/hooks/todo-enforcer.ts
 var DEFAULT_MAX_ENFORCEMENTS = 5;
 var sessionState = new Map;
@@ -28050,7 +28599,7 @@ ${unfinished.map((t) => `- [ ] ${t.text}`).join(`
 }
 
 // src/hooks/comment-checker.ts
-import * as fs7 from "fs";
+import * as fs8 from "fs";
 var AI_SLOP_PATTERNS = [
   /\/\/ .{80,}/,
   /\/\/ (This|The|We|Here|Note:)/i,
@@ -28129,7 +28678,7 @@ function createCommentCheckerHook(internalSessions, maxRatio = 0.3, slopThreshol
     if (!filePath || !isCodeFile(filePath))
       return;
     try {
-      const content = fs7.readFileSync(filePath, "utf-8");
+      const content = fs8.readFileSync(filePath, "utf-8");
       const result = checkComments(content, filePath, maxRatio, slopThreshold);
       if (result.shouldWarn) {
         output.output += `
@@ -28421,17 +28970,23 @@ var OpenCodeUltra = async (ctx) => {
   const resolveAgentModel = (agent) => {
     return agents[agent]?.model;
   };
+  const safetyConfig = pluginConfig.safety ?? {};
   const spawnAgent = createSpawnAgentTool(ctx, internalSessions, {
     pool,
     categories: pluginConfig.categories,
-    resolveAgentModel
+    resolveAgentModel,
+    maxTotalSpawned: safetyConfig.maxTotalSpawned,
+    agentTimeoutMs: safetyConfig.agentTimeoutMs
+  });
+  const ralphTools = createRalphLoopTools(ctx, internalSessions, {
+    iterationTimeoutMs: safetyConfig.agentTimeoutMs
   });
-  const ralphTools = createRalphLoopTools(ctx, internalSessions);
   const batchRead = createBatchReadTool(ctx);
   const ledgerSave = createLedgerSaveTool(ctx);
   const ledgerLoad = createLedgerLoadTool(ctx);
   const astGrepBin = findAstGrepBinary();
   const astSearch = astGrepBin ? createAstSearchTool(ctx, astGrepBin) : null;
+  const evolveApply = createEvolveApplyTool(ctx);
   const todoEnforcer = createTodoEnforcer(ctx, internalSessions, pluginConfig.todo_enforcer?.maxEnforcements);
   const commentCheckerHook = createCommentCheckerHook(internalSessions, pluginConfig.comment_checker?.maxRatio, pluginConfig.comment_checker?.slopThreshold);
   const tokenTruncationHook = createTokenTruncationHook(internalSessions, pluginConfig.token_truncation?.maxChars);
@@ -28470,6 +29025,9 @@ var OpenCodeUltra = async (ctx) => {
   if (!disabledTools.has("ast_search") && astSearch) {
     toolRegistry.ast_search = astSearch;
   }
+  if (!disabledTools.has("evolve_apply")) {
+    toolRegistry.evolve_apply = evolveApply;
+  }
   return {
     tool: toolRegistry,
     config: async (config3) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-ultra",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Lightweight OpenCode 1.2.x plugin — ultrawork mode, multi-agent orchestration, rules injection",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",