marcusquinn · marcusquinn · Jan 13, 2026 · Jan 13, 2026 · Jan 13, 2026 · gemini-code-assist
diff --git a/.agent/scripts/secretlint-helper.sh b/.agent/scripts/secretlint-helper.sh
@@ -92,6 +92,67 @@ check_secretlint_installed() {
     fi
 }
 
+# Check if required rule presets are installed
+# Returns: 0=all rules installed, 1=missing rules, 2=no config
+check_rules_installed() {
+    local config_file="${1:-$SECRETLINT_CONFIG_FILE}"
+
+    if [[ ! -f "$config_file" ]]; then
+        return 2
+    fi
+
+    # Extract rule IDs from config
+    local missing_rules=()
+
+    # Check for preset-recommend (most common)
+    if grep -q "secretlint-rule-preset-recommend" "$config_file"; then
+        if ! npm list @secretlint/secretlint-rule-preset-recommend &>/dev/null; then
+            if ! npm list -g @secretlint/secretlint-rule-preset-recommend &>/dev/null; then
+                missing_rules+=("@secretlint/secretlint-rule-preset-recommend")
+            fi
+        fi
+    fi
+
+    # Check for pattern rule
+    if grep -q "secretlint-rule-pattern" "$config_file"; then
+        if ! npm list @secretlint/secretlint-rule-pattern &>/dev/null; then
+            if ! npm list -g @secretlint/secretlint-rule-pattern &>/dev/null; then
+                missing_rules+=("@secretlint/secretlint-rule-pattern")
+            fi
+        fi
+    fi
+
+    if [[ ${#missing_rules[@]} -gt 0 ]]; then
+        print_error "Missing required secretlint rules:"
+        for rule in "${missing_rules[@]}"; do
+            echo "  - $rule"
+        done
+        print_info "Install with: npm install --save-dev ${missing_rules[*]}"
+        return 1
+    fi
+
+    return 0
+}
+
+# Validate secretlint installation (binary + rules)
+validate_secretlint_setup() {
+    local has_issues=0
+
+    # Check binary
+    if ! check_secretlint_installed; then
+        has_issues=1
+    fi
+
+    # Check rules - exit code 1 means missing rules, exit code 2 means no config (ok)
+    check_rules_installed
+    local rules_exit=$?
+    if [[ $rules_exit -eq 1 ]]; then
+        has_issues=1
+    fi
+
+    return $has_issues
+}
+
 # Check if Docker is available
 check_docker_available() {
     if command -v docker &> /dev/null; then
@@ -406,6 +467,12 @@ run_secretlint_scan() {
         init_secretlint_config
     fi
 
+    # Validate that required rules are installed
+    if ! check_rules_installed "$SECRETLINT_CONFIG_FILE"; then
+        print_error "Secretlint rules not properly installed. Run: $0 install"
+        return 2
+    fi
+
     # Build command array for safe execution
     local -a cmd_array
     read -ra cmd_array <<< "$cmd"
@@ -436,6 +503,10 @@ run_secretlint_scan() {
     elif [[ $exit_code -eq 1 ]]; then
         print_error "Secrets detected! Please review and remove/rotate exposed credentials."
         print_info "Tip: Use 'secretlint-disable-line' comments to ignore false positives"
+    elif [[ $exit_code -eq 2 ]]; then
+        print_error "Scan failed - configuration or installation error"
+        print_info "Run: $0 status (to diagnose)"
+        print_info "Run: $0 install (to fix installation)"
     else
         print_error "Scan failed with error code: $exit_code"
     fi
@@ -584,6 +655,17 @@ show_status() {
     fi
     echo ""
 
+    # Validate rule installation
+    print_info "Rule Installation:"
+    if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then
+        if check_rules_installed "$SECRETLINT_CONFIG_FILE"; then
+            print_success "All configured rules are installed"
+        fi
+    else
+        print_warning "No config file - cannot validate rules"
+    fi
+    echo ""
+
     # Show available rules in preset
     print_info "Recommended Rules (preset-recommend):"
     echo "  - AWS credentials (Access Key, Secret Key, Account ID)"

diff --git a/.agent/tools/code-review/secretlint.md b/.agent/tools/code-review/secretlint.md
@@ -513,6 +513,21 @@ Secretlint integrates with the framework's quality pipeline:
 
 ### Common Issues
 
+**"Failed to load rule module: @secretlint/secretlint-rule-preset-recommend is not found"**
+
+This error means secretlint is installed but the required rule preset is missing. The config file references rules that aren't installed.
+
+```bash
+# Fix: Install the preset alongside secretlint
+npm install --save-dev secretlint @secretlint/secretlint-rule-preset-recommend
+
+# Or globally
+npm install -g secretlint @secretlint/secretlint-rule-preset-recommend
+
+# Verify installation
+./.agent/scripts/secretlint-helper.sh status
+```
+
 **"No configuration file found"**
 
 ```bash
@@ -524,10 +539,27 @@ Secretlint integrates with the framework's quality pipeline:
 ```bash
 # Use npx
 npx secretlint "**/*"
-# Or install globally
+# Or install globally (include the preset!)
 npm install -g secretlint @secretlint/secretlint-rule-preset-recommend
 ```
 
+**Scan fails with exit code 2**
+
+Exit code 2 indicates a configuration or installation error (not secrets found). Check:
+
+```bash
+# Diagnose the issue
+./.agent/scripts/secretlint-helper.sh status
+
+# Common fixes:
+# 1. Missing rules - reinstall
+./.agent/scripts/secretlint-helper.sh install
+
+# 2. Invalid config - reinitialize
+rm .secretlintrc.json
+./.agent/scripts/secretlint-helper.sh init
+```
+
 **Performance issues with large repos**
 
 ```bash

diff --git a/.markdownlint.json b/.markdownlint.json
@@ -24,7 +24,8 @@
       "sub",
       "sup",
       "div",
-      "span"
+      "span",
+      "system-reminder"
     ]
   },
   "MD034": false,

diff --git a/.opencode/MCP-TESTING-GUIDE.md b/.opencode/MCP-TESTING-GUIDE.md
@@ -173,7 +173,7 @@ ws.onmessage = (e) => console.log(JSON.parse(e.data))
 
 ### Config File Location
 
-```
+```text
 .opencode/server/mcp-test-config.json
 ```
 
@@ -287,7 +287,7 @@ const data = await response.json()
 
 ## Files Reference
 
-```
+```text
 .opencode/
 ├── server/
 │   ├── api-gateway.ts          # Main API gateway

diff --git a/package.json b/package.json
@@ -33,7 +33,7 @@
   "author": "AI DevOps Framework",
   "license": "MIT",
   "dependencies": {
-    "dspyground": "^0.1.0",
+    "dspyground": "^0.2.0",
     "elysia": "^1.1.0"
   },
   "devDependencies": {

diff --git a/templates/home/.agent/README.md b/templates/home/.agent/README.md
@@ -6,7 +6,7 @@ The aidevops framework now uses `~/.aidevops/` for all working files.
 
 ## New Structure
 
-```
+```text
 ~/.aidevops/
 ├── agents/                    # Agent files (deployed from repo)
 ├── .agent-workspace/          # Your working files

diff --git a/templates/home/git/.agent/README.md b/templates/home/git/.agent/README.md
@@ -1,26 +1,31 @@
 # AI Assistant Directory - Home Level
 
-**🔒 SECURITY NOTICE: This directory contains minimal configuration only. All detailed instructions are maintained in the authoritative repository.**
+**SECURITY NOTICE: This directory contains minimal configuration only. All detailed instructions are maintained in the authoritative repository.**
+
+## Authoritative Source
 
-## 📍 **Authoritative Source**
 All AI assistant working directories and instructions are maintained at:
 **Repository**: `~/git/aidevops/.agent/`
 **Documentation**: `~/git/aidevops/AGENTS.md`
 
-## 🎯 **Purpose**
+## Purpose
+
 This directory exists to:
+
 1. **Provide minimal local configuration** for AI assistants
 2. **Reference the authoritative repository** for all operations
 3. **Maintain security** by avoiding detailed instructions in user space
 
-## 📁 **Working Directory Redirection**
+## Working Directory Redirection
+
 **DO NOT use this directory for AI operations.** Instead use:
 
 - **Temporary files**: `~/git/aidevops/.agent/tmp/`
 - **Persistent memory**: `~/git/aidevops/.agent/memory/`
 - **Development tools**: `~/git/aidevops/.agent/scripts/`
 
-## 🔗 **Access Authoritative Tools**
+## Access Authoritative Tools
+
 ```bash
 # Navigate to authoritative AI tools
 cd ~/git/aidevops/.agent/
@@ -33,7 +38,8 @@ ls ~/git/aidevops/.agent/tmp/
 ls ~/git/aidevops/.agent/memory/
 ```
 
-## ⚠️ **Security Warning**
+## Security Warning
+
 **This directory should remain minimal.** All AI assistant operations should use the authoritative repository's .agent/ directory to prevent security vulnerabilities and maintain centralized control.
 
 ---

diff --git a/tests/toon-test-documents/sample.md b/tests/toon-test-documents/sample.md
@@ -23,6 +23,8 @@ This is a **test document** to demonstrate the Pandoc conversion capabilities of
 
 ### Code Example
 
-    bash .agent/scripts/pandoc-helper.sh convert document.docx
+```bash
+bash .agent/scripts/pandoc-helper.sh convert document.docx
+```
 
 For more information, visit the [AI DevOps repository](https://github.com/marcusquinn/aidevops).
diff --git a/todo/PLANS.md b/todo/PLANS.md
@@ -682,7 +682,7 @@ Integrate Beads task management concepts and bi-directional sync into aidevops T
 
 **Sync architecture:**
 
-```
+```text
 TODO.md ←→ beads-sync-helper.sh ←→ .beads/beads.db
 PLANS.md ←→ (command-led sync) ←→ .beads/issues.jsonl
 ```
-Original file line number
+Diff line change
@@ Expand Up / @@ -24,7 +24,8 @@ @@
           "sub",
           "sup",
           "div",
-          "span"
+          "span",
+          "system-reminder"
         ]
       },
       "MD034": false,
@@ Expand Down @@