more concepts

unsure
feat(app): add session spinner concept lab
2026-05-15 16:53:18 +00:00 · 2026-03-26 12:24:19 +00:00 · 2026-03-25 14:19:03 +00:00 · 2026-03-25 14:18:29 +00:00
2589 changed files with 150110 additions and 475068 deletions
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -1,5 +1,6 @@
 name: Bug report
 description: Report an issue that should be fixed
+labels: ["bug"]
 body:
  - type: textarea
    id: description
--- a/.github/ISSUE_TEMPLATE/feature-request.yml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yml
@@ -1,5 +1,6 @@
 name: 🚀 Feature Request
 description: Suggest an idea, feature, or enhancement
+labels: [discussion]
 title: "[FEATURE]:"

 body:
--- a/.github/ISSUE_TEMPLATE/question.yml
+++ b/.github/ISSUE_TEMPLATE/question.yml
@@ -1,5 +1,6 @@
 name: Question
 description: Ask a question
+labels: ["question"]
 body:
  - type: textarea
    id: question
--- a/.github/TEAM_MEMBERS
+++ b/.github/TEAM_MEMBERS
@@ -11,6 +11,5 @@ MrMushrooooom
 nexxeln
 R44VC0RP
 rekram1-node
+RhysSullivan
 thdxr
-simonklee
-vimtor
--- a/.github/VOUCHED.td
+++ b/.github/VOUCHED.td
@@ -0,0 +1,27 @@
+# Vouched contributors for this project.
+#
+# See https://github.com/mitchellh/vouch for details.
+#
+# Syntax:
+#   - One handle per line (without @), sorted alphabetically.
+#   - Optional platform prefix: platform:username (e.g., github:user).
+#   - Denounce with minus prefix: -username or -platform:username.
+#   - Optional details after a space following the handle.
+adamdotdevin
+-agusbasari29 AI PR slop
+ariane-emory
+-atharvau AI review spamming literally every PR
+-danieljoshuanazareth
+-danieljoshuanazareth
+edemaine
+-florianleibert
+fwang
+iamdavidhill
+jayair
+kitlangton
+kommander
+-opencode2026
+r44vc0rp
+rekram1-node
+-spider-yamet clawdbot/llm psychosis, spam pinging the team
+thdxr
--- a/.github/actions/setup-bun/action.yml
+++ b/.github/actions/setup-bun/action.yml
@@ -1,10 +1,5 @@
 name: "Setup Bun"
 description: "Setup Bun with caching and install dependencies"
-inputs:
-  install-flags:
-    description: "Additional flags to pass to 'bun install'"
-    required: false
-    default: ""
 runs:
  using: "composite"
  steps:
@@ -23,7 +18,7 @@ runs:
        fi

    - name: Setup Bun
-      uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+      uses: oven-sh/setup-bun@v2
      with:
        bun-version-file: ${{ !steps.bun-url.outputs.url && 'package.json' || '' }}
        bun-download-url: ${{ steps.bun-url.outputs.url }}
@@ -33,9 +28,8 @@ runs:
      shell: bash
      run: echo "dir=$(bun pm cache)" >> "$GITHUB_OUTPUT"

-    - name: Restore Bun dependencies
-      id: bun-cache
-      uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+    - name: Cache Bun dependencies
+      uses: actions/cache@v4
      with:
        path: ${{ steps.cache.outputs.dir }}
        key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
@@ -52,15 +46,8 @@ runs:
        # e.g. ./patches/ for standard-openapi
        # https://github.com/oven-sh/bun/issues/28147
        if [ "$RUNNER_OS" = "Windows" ]; then
-          bun install --linker hoisted ${{ inputs.install-flags }}
+          bun install --linker hoisted
        else
-          bun install ${{ inputs.install-flags }}
+          bun install
        fi
      shell: bash
-
-    - name: Save Bun dependencies
-      if: steps.bun-cache.outputs.cache-hit != 'true' && github.event_name != 'pull_request' && github.event_name != 'pull_request_target'
-      uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-      with:
-        path: ${{ steps.cache.outputs.dir }}
-        key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
--- a/.github/actions/setup-git-committer/action.yml
+++ b/.github/actions/setup-git-committer/action.yml
@@ -19,7 +19,7 @@ runs:
  steps:
    - name: Create app token
      id: apptoken
-      uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2.2.2
+      uses: actions/create-github-app-token@v2
      with:
        app-id: ${{ inputs.opencode-app-id }}
        private-key: ${{ inputs.opencode-app-secret }}
--- a/.github/workflows/beta.yml
+++ b/.github/workflows/beta.yml
@@ -13,7 +13,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

--- a/.github/workflows/close-issues.yml
+++ b/.github/workflows/close-issues.yml
@@ -12,9 +12,9 @@ jobs:
      contents: read
      issues: write
    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4

-      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest

--- a/.github/workflows/close-prs.yml
+++ b/.github/workflows/close-prs.yml
@@ -1,50 +0,0 @@
-name: close-prs
-
-on:
-  schedule:
-    - cron: "0 22 * * *" # Daily at 10:00 PM UTC
-  workflow_dispatch:
-    inputs:
-      dry-run:
-        description: "Log matching PRs without closing them"
-        type: boolean
-        default: true
-      max-close:
-        description: "Maximum matching PRs to close"
-        type: string
-        required: false
-        default: "50"
-
-jobs:
-  close:
-    runs-on: ubuntu-latest
-    timeout-minutes: 240
-    permissions:
-      contents: read
-      issues: write
-      pull-requests: write
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
-        with:
-          bun-version: latest
-
-      - name: Close old PRs without enough positive reactions
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        run: |
-          max_close="${{ inputs['max-close'] }}"
-          if [ -z "$max_close" ]; then
-            max_close="50"
-          fi
-
-          args=("--threshold" "2" "--age-months" "1" "--sleep-ms" "20000" "--max-close" "$max_close")
-
-          if [ "${{ github.event_name }}" = "schedule" ]; then
-            args+=("--execute")
-          elif [ "${{ inputs['dry-run'] }}" = "false" ]; then
-            args+=("--execute")
-          fi
-
-          bun script/github/close-prs.ts "${args[@]}"
--- a/.github/workflows/close-stale-prs.yml
+++ b/.github/workflows/close-stale-prs.yml
@@ -0,0 +1,235 @@
+name: close-stale-prs
+
+on:
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: "Log actions without closing PRs"
+        type: boolean
+        default: false
+  schedule:
+    - cron: "0 6 * * *"
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  close-stale-prs:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Close inactive PRs
+        uses: actions/github-script@v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const DAYS_INACTIVE = 60
+            const MAX_RETRIES = 3
+
+            // Adaptive delay: fast for small batches, slower for large to respect
+            // GitHub's 80 content-generating requests/minute limit
+            const SMALL_BATCH_THRESHOLD = 10
+            const SMALL_BATCH_DELAY_MS = 1000  // 1s for daily operations (≤10 PRs)
+            const LARGE_BATCH_DELAY_MS = 2000  // 2s for backlog (>10 PRs) = ~30 ops/min, well under 80 limit
+
+            const startTime = Date.now()
+            const cutoff = new Date(Date.now() - DAYS_INACTIVE * 24 * 60 * 60 * 1000)
+            const { owner, repo } = context.repo
+            const dryRun = context.payload.inputs?.dryRun === "true"
+
+            core.info(`Dry run mode: ${dryRun}`)
+            core.info(`Cutoff date: ${cutoff.toISOString()}`)
+
+            function sleep(ms) {
+              return new Promise(resolve => setTimeout(resolve, ms))
+            }
+
+            async function withRetry(fn, description = 'API call') {
+              let lastError
+              for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+                try {
+                  const result = await fn()
+                  return result
+                } catch (error) {
+                  lastError = error
+                  const isRateLimited = error.status === 403 &&
+                    (error.message?.includes('rate limit') || error.message?.includes('secondary'))
+
+                  if (!isRateLimited) {
+                    throw error
+                  }
+
+                  // Parse retry-after header, default to 60 seconds
+                  const retryAfter = error.response?.headers?.['retry-after']
+                    ? parseInt(error.response.headers['retry-after'])
+                    : 60
+
+                  // Exponential backoff: retryAfter * 2^attempt
+                  const backoffMs = retryAfter * 1000 * Math.pow(2, attempt)
+
+                  core.warning(`${description}: Rate limited (attempt ${attempt + 1}/${MAX_RETRIES}). Waiting ${backoffMs / 1000}s before retry...`)
+
+                  await sleep(backoffMs)
+                }
+              }
+              core.error(`${description}: Max retries (${MAX_RETRIES}) exceeded`)
+              throw lastError
+            }
+
+            const query = `
+              query($owner: String!, $repo: String!, $cursor: String) {
+                repository(owner: $owner, name: $repo) {
+                  pullRequests(first: 100, states: OPEN, after: $cursor) {
+                    pageInfo {
+                      hasNextPage
+                      endCursor
+                    }
+                    nodes {
+                      number
+                      title
+                      author {
+                        login
+                      }
+                      createdAt
+                      commits(last: 1) {
+                        nodes {
+                          commit {
+                            committedDate
+                          }
+                        }
+                      }
+                      comments(last: 1) {
+                        nodes {
+                          createdAt
+                        }
+                      }
+                      reviews(last: 1) {
+                        nodes {
+                          createdAt
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            `
+
+            const allPrs = []
+            let cursor = null
+            let hasNextPage = true
+            let pageCount = 0
+
+            while (hasNextPage) {
+              pageCount++
+              core.info(`Fetching page ${pageCount} of open PRs...`)
+
+              const result = await withRetry(
+                () => github.graphql(query, { owner, repo, cursor }),
+                `GraphQL page ${pageCount}`
+              )
+
+              allPrs.push(...result.repository.pullRequests.nodes)
+              hasNextPage = result.repository.pullRequests.pageInfo.hasNextPage
+              cursor = result.repository.pullRequests.pageInfo.endCursor
+
+              core.info(`Page ${pageCount}: fetched ${result.repository.pullRequests.nodes.length} PRs (total: ${allPrs.length})`)
+
+              // Delay between pagination requests (use small batch delay for reads)
+              if (hasNextPage) {
+                await sleep(SMALL_BATCH_DELAY_MS)
+              }
+            }
+
+            core.info(`Found ${allPrs.length} open pull requests`)
+
+            const stalePrs = allPrs.filter((pr) => {
+              const dates = [
+                new Date(pr.createdAt),
+                pr.commits.nodes[0] ? new Date(pr.commits.nodes[0].commit.committedDate) : null,
+                pr.comments.nodes[0] ? new Date(pr.comments.nodes[0].createdAt) : null,
+                pr.reviews.nodes[0] ? new Date(pr.reviews.nodes[0].createdAt) : null,
+              ].filter((d) => d !== null)
+
+              const lastActivity = dates.sort((a, b) => b.getTime() - a.getTime())[0]
+
+              if (!lastActivity || lastActivity > cutoff) {
+                core.info(`PR #${pr.number} is fresh (last activity: ${lastActivity?.toISOString() || "unknown"})`)
+                return false
+              }
+
+              core.info(`PR #${pr.number} is STALE (last activity: ${lastActivity.toISOString()})`)
+              return true
+            })
+
+            if (!stalePrs.length) {
+              core.info("No stale pull requests found.")
+              return
+            }
+
+            core.info(`Found ${stalePrs.length} stale pull requests`)
+
+            // ============================================
+            // Close stale PRs
+            // ============================================
+            const requestDelayMs = stalePrs.length > SMALL_BATCH_THRESHOLD
+              ? LARGE_BATCH_DELAY_MS
+              : SMALL_BATCH_DELAY_MS
+
+            core.info(`Using ${requestDelayMs}ms delay between operations (${stalePrs.length > SMALL_BATCH_THRESHOLD ? 'large' : 'small'} batch mode)`)
+
+            let closedCount = 0
+            let skippedCount = 0
+
+            for (const pr of stalePrs) {
+              const issue_number = pr.number
+              const closeComment = `Closing this pull request because it has had no updates for more than ${DAYS_INACTIVE} days. If you plan to continue working on it, feel free to reopen or open a new PR.`
+
+              if (dryRun) {
+                core.info(`[dry-run] Would close PR #${issue_number} from ${pr.author?.login || 'unknown'}: ${pr.title}`)
+                continue
+              }
+
+              try {
+                // Add comment
+                await withRetry(
+                  () => github.rest.issues.createComment({
+                    owner,
+                    repo,
+                    issue_number,
+                    body: closeComment,
+                  }),
+                  `Comment on PR #${issue_number}`
+                )
+
+                // Close PR
+                await withRetry(
+                  () => github.rest.pulls.update({
+                    owner,
+                    repo,
+                    pull_number: issue_number,
+                    state: "closed",
+                  }),
+                  `Close PR #${issue_number}`
+                )
+
+                closedCount++
+                core.info(`Closed PR #${issue_number} from ${pr.author?.login || 'unknown'}: ${pr.title}`)
+
+                // Delay before processing next PR
+                await sleep(requestDelayMs)
+              } catch (error) {
+                skippedCount++
+                core.error(`Failed to close PR #${issue_number}: ${error.message}`)
+              }
+            }
+
+            const elapsed = Math.round((Date.now() - startTime) / 1000)
+            core.info(`\n========== Summary ==========`)
+            core.info(`Total open PRs found: ${allPrs.length}`)
+            core.info(`Stale PRs identified: ${stalePrs.length}`)
+            core.info(`PRs closed: ${closedCount}`)
+            core.info(`PRs skipped (errors): ${skippedCount}`)
+            core.info(`Elapsed time: ${elapsed}s`)
+            core.info(`=============================`)
--- a/.github/workflows/compliance-close.yml
+++ b/.github/workflows/compliance-close.yml
@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Close non-compliant issues and PRs after 2 hours
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@v7
        with:
          script: |
            const { data: items } = await github.rest.issues.listForRepo({
--- a/.github/workflows/containers.yml
+++ b/.github/workflows/containers.yml
@@ -21,18 +21,18 @@ jobs:
      REGISTRY: ghcr.io/${{ github.repository_owner }}
      TAG: "24.04"
    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4

      - uses: ./.github/actions/setup-bun

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@v3

      - name: Login to GHCR
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
--- a/.github/workflows/daily-issues-recap.yml
+++ b/.github/workflows/daily-issues-recap.yml
@@ -0,0 +1,170 @@
+name: daily-issues-recap
+
+on:
+  schedule:
+    # Run at 6 PM EST (23:00 UTC, or 22:00 UTC during daylight saving)
+    - cron: "0 23 * * *"
+  workflow_dispatch: # Allow manual trigger for testing
+
+jobs:
+  daily-recap:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    permissions:
+      contents: read
+      issues: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: ./.github/actions/setup-bun
+
+      - name: Install opencode
+        run: curl -fsSL https://opencode.ai/install | bash
+
+      - name: Generate daily issues recap
+        id: recap
+        env:
+          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENCODE_PERMISSION: |
+            {
+              "bash": {
+                "*": "deny",
+                "gh issue*": "allow",
+                "gh search*": "allow"
+              },
+              "webfetch": "deny",
+              "edit": "deny",
+              "write": "deny"
+            }
+        run: |
+          # Get today's date range
+          TODAY=$(date -u +%Y-%m-%d)
+
+          opencode run -m opencode/claude-sonnet-4-5 "Generate a daily issues recap for the OpenCode repository.
+
+          TODAY'S DATE: ${TODAY}
+
+          STEP 1: Gather today's issues
+          Search for all OPEN issues created today (${TODAY}) using:
+          gh issue list --repo ${{ github.repository }} --state open --search \"created:${TODAY}\" --json number,title,body,labels,state,comments,createdAt,author --limit 500
+
+          IMPORTANT: EXCLUDE all issues authored by Anomaly team members. Filter out issues where the author login matches ANY of these:
+          adamdotdevin, Brendonovich, fwang, Hona, iamdavidhill, jayair, kitlangton, kommander, MrMushrooooom, R44VC0RP, rekram1-node, thdxr
+          This recap is specifically for COMMUNITY (external) issues only.
+
+          STEP 2: Analyze and categorize
+          For each issue created today, categorize it:
+
+          **Severity Assessment:**
+          - CRITICAL: Crashes, data loss, security issues, blocks major functionality
+          - HIGH: Significant bugs affecting many users, important features broken
+          - MEDIUM: Bugs with workarounds, minor features broken
+          - LOW: Minor issues, cosmetic, nice-to-haves
+
+          **Activity Assessment:**
+          - Note issues with high comment counts or engagement
+          - Note issues from repeat reporters (check if author has filed before)
+
+          STEP 3: Cross-reference with existing issues
+          For issues that seem like feature requests or recurring bugs:
+          - Search for similar older issues to identify patterns
+          - Note if this is a frequently requested feature
+          - Identify any issues that are duplicates of long-standing requests
+
+          STEP 4: Generate the recap
+          Create a structured recap with these sections:
+
+          ===DISCORD_START===
+          **Daily Issues Recap - ${TODAY}**
+
+          **Summary Stats**
+          - Total issues opened today: [count]
+          - By category: [bugs/features/questions]
+
+          **Critical/High Priority Issues**
+          [List any CRITICAL or HIGH severity issues with brief descriptions and issue numbers]
+
+          **Most Active/Discussed**
+          [Issues with significant engagement or from active community members]
+
+          **Trending Topics**
+          [Patterns noticed - e.g., 'Multiple reports about X', 'Continued interest in Y feature']
+
+          **Duplicates & Related**
+          [Issues that relate to existing open issues]
+          ===DISCORD_END===
+
+          STEP 5: Format for Discord
+          Format the recap as a Discord-compatible message:
+          - Use Discord markdown (**, __, etc.)
+          - BE EXTREMELY CONCISE - this is an EOD summary, not a detailed report
+          - Use hyperlinked issue numbers with suppressed embeds: [#1234](<https://github.com/${{ github.repository }}/issues/1234>)
+          - Group related issues on single lines where possible
+          - Add emoji sparingly for critical items only
+          - HARD LIMIT: Keep under 1800 characters total
+          - Skip sections that have nothing notable (e.g., if no critical issues, omit that section)
+          - Prioritize signal over completeness - only surface what matters
+
+          OUTPUT: Output ONLY the content between ===DISCORD_START=== and ===DISCORD_END=== markers. Include the markers so I can extract it." > /tmp/recap_raw.txt
+
+          # Extract only the Discord message between markers
+          sed -n '/===DISCORD_START===/,/===DISCORD_END===/p' /tmp/recap_raw.txt | grep -v '===DISCORD' > /tmp/recap.txt
+
+          echo "recap_file=/tmp/recap.txt" >> $GITHUB_OUTPUT
+
+      - name: Post to Discord
+        env:
+          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_ISSUES_WEBHOOK_URL }}
+        run: |
+          if [ -z "$DISCORD_WEBHOOK_URL" ]; then
+            echo "Warning: DISCORD_ISSUES_WEBHOOK_URL secret not set, skipping Discord post"
+            cat /tmp/recap.txt
+            exit 0
+          fi
+
+          # Read the recap
+          RECAP_RAW=$(cat /tmp/recap.txt)
+          RECAP_LENGTH=${#RECAP_RAW}
+
+          echo "Recap length: ${RECAP_LENGTH} chars"
+
+          # Function to post a message to Discord
+          post_to_discord() {
+            local msg="$1"
+            local content=$(echo "$msg" | jq -Rs '.')
+            curl -s -H "Content-Type: application/json" \
+                 -X POST \
+                 -d "{\"content\": ${content}}" \
+                 "$DISCORD_WEBHOOK_URL"
+            sleep 1
+          }
+
+          # If under limit, send as single message
+          if [ "$RECAP_LENGTH" -le 1950 ]; then
+            post_to_discord "$RECAP_RAW"
+          else
+            echo "Splitting into multiple messages..."
+            remaining="$RECAP_RAW"
+            while [ ${#remaining} -gt 0 ]; do
+              if [ ${#remaining} -le 1950 ]; then
+                post_to_discord "$remaining"
+                break
+              else
+                chunk="${remaining:0:1900}"
+                last_newline=$(echo "$chunk" | grep -bo $'\n' | tail -1 | cut -d: -f1)
+                if [ -n "$last_newline" ] && [ "$last_newline" -gt 500 ]; then
+                  chunk="${remaining:0:$last_newline}"
+                  remaining="${remaining:$((last_newline+1))}"
+                else
+                  chunk="${remaining:0:1900}"
+                  remaining="${remaining:1900}"
+                fi
+                post_to_discord "$chunk"
+              fi
+            done
+          fi
+
+          echo "Posted daily recap to Discord"
--- a/.github/workflows/daily-pr-recap.yml
+++ b/.github/workflows/daily-pr-recap.yml
@@ -0,0 +1,173 @@
+name: daily-pr-recap
+
+on:
+  schedule:
+    # Run at 5pm EST (22:00 UTC, or 21:00 UTC during daylight saving)
+    - cron: "0 22 * * *"
+  workflow_dispatch: # Allow manual trigger for testing
+
+jobs:
+  pr-recap:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    permissions:
+      contents: read
+      pull-requests: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: ./.github/actions/setup-bun
+
+      - name: Install opencode
+        run: curl -fsSL https://opencode.ai/install | bash
+
+      - name: Generate daily PR recap
+        id: recap
+        env:
+          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OPENCODE_PERMISSION: |
+            {
+              "bash": {
+                "*": "deny",
+                "gh pr*": "allow",
+                "gh search*": "allow"
+              },
+              "webfetch": "deny",
+              "edit": "deny",
+              "write": "deny"
+            }
+        run: |
+          TODAY=$(date -u +%Y-%m-%d)
+
+          opencode run -m opencode/claude-sonnet-4-5 "Generate a daily PR activity recap for the OpenCode repository.
+
+          TODAY'S DATE: ${TODAY}
+
+          STEP 1: Gather PR data
+          Run these commands to gather PR information. ONLY include OPEN PRs created or updated TODAY (${TODAY}):
+
+          # Open PRs created today
+          gh pr list --repo ${{ github.repository }} --state open --search \"created:${TODAY}\" --json number,title,author,labels,createdAt,updatedAt,reviewDecision,isDraft,additions,deletions --limit 100
+
+          # Open PRs with activity today (updated today)
+          gh pr list --repo ${{ github.repository }} --state open --search \"updated:${TODAY}\" --json number,title,author,labels,createdAt,updatedAt,reviewDecision,isDraft,additions,deletions --limit 100
+
+          IMPORTANT: EXCLUDE all PRs authored by Anomaly team members. Filter out PRs where the author login matches ANY of these:
+          adamdotdevin, Brendonovich, fwang, Hona, iamdavidhill, jayair, kitlangton, kommander, MrMushrooooom, R44VC0RP, rekram1-node, thdxr
+          This recap is specifically for COMMUNITY (external) contributions only.
+
+
+
+          STEP 2: For high-activity PRs, check comment counts
+          For promising PRs, run:
+          gh pr view [NUMBER] --repo ${{ github.repository }} --json comments --jq '[.comments[] | select(.author.login != \"copilot-pull-request-reviewer\" and .author.login != \"github-actions\")] | length'
+
+          IMPORTANT: When counting comments/activity, EXCLUDE these bot accounts:
+          - copilot-pull-request-reviewer
+          - github-actions
+
+          STEP 3: Identify what matters (ONLY from today's PRs)
+
+          **Bug Fixes From Today:**
+          - PRs with 'fix' or 'bug' in title created/updated today
+          - Small bug fixes (< 100 lines changed) that are easy to review
+          - Bug fixes from community contributors
+
+          **High Activity Today:**
+          - PRs with significant human comments today (excluding bots listed above)
+          - PRs with back-and-forth discussion today
+
+          **Quick Wins:**
+          - Small PRs (< 50 lines) that are approved or nearly approved
+          - PRs that just need a final review
+
+          STEP 4: Generate the recap
+          Create a structured recap:
+
+          ===DISCORD_START===
+          **Daily PR Recap - ${TODAY}**
+
+          **New PRs Today**
+          [PRs opened today - group by type: bug fixes, features, etc.]
+
+          **Active PRs Today**
+          [PRs with activity/updates today - significant discussion]
+
+          **Quick Wins**
+          [Small PRs ready to merge]
+          ===DISCORD_END===
+
+          STEP 5: Format for Discord
+          - Use Discord markdown (**, __, etc.)
+          - BE EXTREMELY CONCISE - surface what we might miss
+          - Use hyperlinked PR numbers with suppressed embeds: [#1234](<https://github.com/${{ github.repository }}/pull/1234>)
+          - Include PR author: [#1234](<url>) (@author)
+          - For bug fixes, add brief description of what it fixes
+          - Show line count for quick wins: \"(+15/-3 lines)\"
+          - HARD LIMIT: Keep under 1800 characters total
+          - Skip empty sections
+          - Focus on PRs that need human eyes
+
+          OUTPUT: Output ONLY the content between ===DISCORD_START=== and ===DISCORD_END=== markers. Include the markers so I can extract it." > /tmp/pr_recap_raw.txt
+
+          # Extract only the Discord message between markers
+          sed -n '/===DISCORD_START===/,/===DISCORD_END===/p' /tmp/pr_recap_raw.txt | grep -v '===DISCORD' > /tmp/pr_recap.txt
+
+          echo "recap_file=/tmp/pr_recap.txt" >> $GITHUB_OUTPUT
+
+      - name: Post to Discord
+        env:
+          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_ISSUES_WEBHOOK_URL }}
+        run: |
+          if [ -z "$DISCORD_WEBHOOK_URL" ]; then
+            echo "Warning: DISCORD_ISSUES_WEBHOOK_URL secret not set, skipping Discord post"
+            cat /tmp/pr_recap.txt
+            exit 0
+          fi
+
+          # Read the recap
+          RECAP_RAW=$(cat /tmp/pr_recap.txt)
+          RECAP_LENGTH=${#RECAP_RAW}
+
+          echo "Recap length: ${RECAP_LENGTH} chars"
+
+          # Function to post a message to Discord
+          post_to_discord() {
+            local msg="$1"
+            local content=$(echo "$msg" | jq -Rs '.')
+            curl -s -H "Content-Type: application/json" \
+                 -X POST \
+                 -d "{\"content\": ${content}}" \
+                 "$DISCORD_WEBHOOK_URL"
+            sleep 1
+          }
+
+          # If under limit, send as single message
+          if [ "$RECAP_LENGTH" -le 1950 ]; then
+            post_to_discord "$RECAP_RAW"
+          else
+            echo "Splitting into multiple messages..."
+            remaining="$RECAP_RAW"
+            while [ ${#remaining} -gt 0 ]; do
+              if [ ${#remaining} -le 1950 ]; then
+                post_to_discord "$remaining"
+                break
+              else
+                chunk="${remaining:0:1900}"
+                last_newline=$(echo "$chunk" | grep -bo $'\n' | tail -1 | cut -d: -f1)
+                if [ -n "$last_newline" ] && [ "$last_newline" -gt 500 ]; then
+                  chunk="${remaining:0:$last_newline}"
+                  remaining="${remaining:$((last_newline+1))}"
+                else
+                  chunk="${remaining:0:1900}"
+                  remaining="${remaining:1900}"
+                fi
+                post_to_discord "$chunk"
+              fi
+            done
+          fi
+
+          echo "Posted daily PR recap to Discord"
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -13,11 +13,11 @@ jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3

      - uses: ./.github/actions/setup-bun

-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
          node-version: "24"

@@ -36,10 +36,3 @@ jobs:
          PLANETSCALE_SERVICE_TOKEN_NAME: ${{ secrets.PLANETSCALE_SERVICE_TOKEN_NAME }}
          PLANETSCALE_SERVICE_TOKEN: ${{ secrets.PLANETSCALE_SERVICE_TOKEN }}
          STRIPE_SECRET_KEY: ${{ github.ref_name == 'production' && secrets.STRIPE_SECRET_KEY_PROD || secrets.STRIPE_SECRET_KEY_DEV }}
-          HONEYCOMB_API_KEY: ${{ secrets.HONEYCOMB_API_KEY }}
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
-          SENTRY_PROJECT: ${{ vars.WEB_SENTRY_PROJECT }}
-          SENTRY_RELEASE: web@${{ github.sha }}
-          VITE_SENTRY_DSN: ${{ vars.WEB_SENTRY_DSN }}
-          VITE_SENTRY_RELEASE: web@${{ github.sha }}
--- a/.github/workflows/docs-locale-sync.yml
+++ b/.github/workflows/docs-locale-sync.yml
@@ -9,14 +9,13 @@ on:

 jobs:
  sync-locales:
-    if: false
-    #if: github.actor != 'opencode-agent[bot]'
+    if: github.actor != 'opencode-agent[bot]'
    runs-on: blacksmith-4vcpu-ubuntu-2404
    permissions:
      contents: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          fetch-depth: 0
@@ -35,7 +34,7 @@ jobs:
      - name: Compute changed English docs
        id: changes
        run: |
-          FILES=$(git diff --name-only "${{ github.event.before }}" "${{ github.sha }}" -- ':(glob)packages/web/src/content/docs/*.mdx' || true)
+          FILES=$(git diff --name-only "${{ github.event.before }}" "${{ github.sha }}" -- 'packages/web/src/content/docs/*.mdx' || true)
          if [ -z "$FILES" ]; then
            echo "has_changes=false" >> "$GITHUB_OUTPUT"
            echo "No English docs changed in push range"
--- a/.github/workflows/docs-update.yml
+++ b/.github/workflows/docs-update.yml
@@ -18,7 +18,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Fetch full history to access commits

@@ -43,7 +43,7 @@ jobs:

      - name: Run opencode
        if: steps.commits.outputs.has_commits == 'true'
-        uses: sst/opencode/github@2c14fc5586fe0b88e5c04732d2e846769cc35671 # latest
+        uses: sst/opencode/github@latest
        env:
          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
        with:
--- a/.github/workflows/duplicate-issues.yml
+++ b/.github/workflows/duplicate-issues.yml
@@ -13,7 +13,7 @@ jobs:
      issues: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 1

@@ -125,7 +125,7 @@ jobs:
      issues: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 1

--- a/.github/workflows/generate.yml
+++ b/.github/workflows/generate.yml
@@ -13,7 +13,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4

      - name: Setup Bun
        uses: ./.github/actions/setup-bun
--- a/.github/workflows/nix-eval.yml
+++ b/.github/workflows/nix-eval.yml
@@ -20,10 +20,10 @@ jobs:
    timeout-minutes: 15
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6

      - name: Setup Nix
-        uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34
+        uses: nixbuild/nix-quick-install-action@v34

      - name: Evaluate flake outputs (all systems)
        run: |
--- a/.github/workflows/nix-hashes.yml
+++ b/.github/workflows/nix-hashes.yml
@@ -17,10 +17,6 @@ on:
      - "patches/**"
      - ".github/workflows/nix-hashes.yml"

-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
  # Native runners required: bun install cross-compilation flags (--os/--cpu)
  # do not produce byte-identical node_modules as native installs.
@@ -41,10 +37,10 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6

      - name: Setup Nix
-        uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34
+        uses: nixbuild/nix-quick-install-action@v34

      - name: Compute node_modules hash
        id: hash
@@ -72,7 +68,7 @@ jobs:
          echo "Computed hash for ${SYSTEM}: $HASH"

      - name: Upload hash
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: hash-${{ matrix.system }}
          path: hash.txt
@@ -85,7 +81,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          fetch-depth: 0
@@ -102,7 +98,7 @@ jobs:
          git pull --rebase --autostash origin "$GITHUB_REF_NAME"

      - name: Download hash artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@v4
        with:
          path: hashes
          pattern: hash-*
--- a/.github/workflows/notify-discord.yml
+++ b/.github/workflows/notify-discord.yml
@@ -9,6 +9,6 @@ jobs:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
      - name: Send nicely-formatted embed to Discord
-        uses: SethCohen/github-releases-to-discord@24d166886aee4646d448c8a389ff9e1ebcab3682 # v1.20.0
+        uses: SethCohen/github-releases-to-discord@v1
        with:
          webhook_url: ${{ secrets.DISCORD_WEBHOOK }}
--- a/.github/workflows/opencode.yml
+++ b/.github/workflows/opencode.yml
@@ -21,12 +21,12 @@ jobs:
      issues: read
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4

      - uses: ./.github/actions/setup-bun

      - name: Run opencode
-        uses: anomalyco/opencode/github@2c14fc5586fe0b88e5c04732d2e846769cc35671 # latest
+        uses: anomalyco/opencode/github@latest
        env:
          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
          OPENCODE_PERMISSION: '{"bash": "deny"}'
--- a/.github/workflows/pr-management.yml
+++ b/.github/workflows/pr-management.yml
@@ -12,7 +12,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 1

@@ -78,7 +78,7 @@ jobs:
      issues: write
    steps:
      - name: Add Contributor Label
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@v8
        with:
          script: |
            const isPR = !!context.payload.pull_request;
--- a/.github/workflows/pr-standards.yml
+++ b/.github/workflows/pr-standards.yml
@@ -12,7 +12,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Check PR standards
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@v7
        with:
          script: |
            const pr = context.payload.pull_request;
@@ -159,7 +159,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Check PR template compliance
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@v7
        with:
          script: |
            const pr = context.payload.pull_request;
--- a/.github/workflows/publish-github-action.yml
+++ b/.github/workflows/publish-github-action.yml
@@ -16,7 +16,7 @@ jobs:
  publish:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

--- a/.github/workflows/publish-vscode.yml
+++ b/.github/workflows/publish-vscode.yml
@@ -15,7 +15,7 @@ jobs:
  publish:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -35,7 +35,7 @@ jobs:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    if: github.repository == 'anomalyco/opencode'
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

@@ -72,7 +72,7 @@ jobs:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    if: github.repository == 'anomalyco/opencode'
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3
        with:
          fetch-tags: true

@@ -88,47 +88,129 @@ jobs:
      - name: Build
        id: build
        run: |
-          ./packages/opencode/script/build.ts ${{ (github.ref_name == 'beta' && '--sourcemaps') || '' }}
+          ./packages/opencode/script/build.ts
        env:
          OPENCODE_VERSION: ${{ needs.version.outputs.version }}
          OPENCODE_RELEASE: ${{ needs.version.outputs.release }}
          GH_REPO: ${{ needs.version.outputs.repo }}
          GH_TOKEN: ${{ steps.committer.outputs.token }}

-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@v4
        with:
          name: opencode-cli
-          path: |
-            packages/opencode/dist/opencode-darwin*
-            packages/opencode/dist/opencode-linux*
-
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: opencode-cli-windows
-          path: packages/opencode/dist/opencode-windows*
+          path: packages/opencode/dist
    outputs:
      version: ${{ needs.version.outputs.version }}

-  sign-cli-windows:
+  build-tauri:
    needs:
      - build-cli
      - version
-    runs-on: blacksmith-4vcpu-windows-2025
-    if: github.repository == 'anomalyco/opencode'
-    env:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_TRUSTED_SIGNING_ACCOUNT_NAME: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-      AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE }}
-      AZURE_TRUSTED_SIGNING_ENDPOINT: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
+    continue-on-error: false
+    strategy:
+      fail-fast: false
+      matrix:
+        settings:
+          - host: macos-latest
+            target: x86_64-apple-darwin
+          - host: macos-latest
+            target: aarch64-apple-darwin
+          # github-hosted: blacksmith lacks ARM64 MSVC cross-compilation toolchain
+          - host: windows-2025
+            target: aarch64-pc-windows-msvc
+          - host: blacksmith-4vcpu-windows-2025
+            target: x86_64-pc-windows-msvc
+          - host: blacksmith-4vcpu-ubuntu-2404
+            target: x86_64-unknown-linux-gnu
+          - host: blacksmith-8vcpu-ubuntu-2404-arm
+            target: aarch64-unknown-linux-gnu
+    runs-on: ${{ matrix.settings.host }}
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
-
-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+      - uses: actions/checkout@v3
        with:
-          name: opencode-cli-windows
-          path: packages/opencode/dist
+          fetch-tags: true
+
+      - uses: apple-actions/import-codesign-certs@v2
+        if: ${{ runner.os == 'macOS' }}
+        with:
+          keychain: build
+          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
+          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+
+      - name: Verify Certificate
+        if: ${{ runner.os == 'macOS' }}
+        run: |
+          CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
+          CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
+          echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
+          echo "Certificate imported."
+
+      - name: Setup Apple API Key
+        if: ${{ runner.os == 'macOS' }}
+        run: |
+          echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8
+
+      - uses: ./.github/actions/setup-bun
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "24"
+
+      - name: Cache apt packages
+        if: contains(matrix.settings.host, 'ubuntu')
+        uses: actions/cache@v4
+        with:
+          path: ~/apt-cache
+          key: ${{ runner.os }}-${{ matrix.settings.target }}-apt-${{ hashFiles('.github/workflows/publish.yml') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.settings.target }}-apt-
+
+      - name: install dependencies (ubuntu only)
+        if: contains(matrix.settings.host, 'ubuntu')
+        run: |
+          mkdir -p ~/apt-cache && chmod -R a+rw ~/apt-cache
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
+          sudo chmod -R a+rw ~/apt-cache
+
+      - name: install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.settings.target }}
+
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: packages/desktop/src-tauri
+          shared-key: ${{ matrix.settings.target }}
+
+      - name: Prepare
+        run: |
+          cd packages/desktop
+          bun ./scripts/prepare.ts
+        env:
+          OPENCODE_VERSION: ${{ needs.version.outputs.version }}
+          GITHUB_TOKEN: ${{ steps.committer.outputs.token }}
+          RUST_TARGET: ${{ matrix.settings.target }}
+          GH_TOKEN: ${{ github.token }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+
+      - name: Resolve tauri portable SHA
+        if: contains(matrix.settings.host, 'ubuntu')
+        run: echo "TAURI_PORTABLE_SHA=$(git ls-remote https://github.com/tauri-apps/tauri.git refs/heads/feat/truly-portable-appimage | cut -f1)" >> "$GITHUB_ENV"
+
+      # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released
+      - name: Install tauri-cli from portable appimage branch
+        uses: taiki-e/cache-cargo-install-action@v3
+        if: contains(matrix.settings.host, 'ubuntu')
+        with:
+          tool: tauri-cli
+          git: https://github.com/tauri-apps/tauri
+          # branch: feat/truly-portable-appimage
+          rev: ${{ env.TAURI_PORTABLE_SHA }}
+
+      - name: Show tauri-cli version
+        if: contains(matrix.settings.host, 'ubuntu')
+        run: cargo tauri --version

      - name: Setup git committer
        id: committer
@@ -137,103 +219,48 @@ jobs:
          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}

-      - name: Azure login
-        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+      - name: Build and upload artifacts
+        uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a
+        timeout-minutes: 60
        with:
-          client-id: ${{ env.AZURE_CLIENT_ID }}
-          tenant-id: ${{ env.AZURE_TENANT_ID }}
-          subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
-
-      - uses: azure/artifact-signing-action@b443cf8ea4124818d2ea9f043cba29fc3ec47b16 # v1.2.0
-        with:
-          endpoint: ${{ env.AZURE_TRUSTED_SIGNING_ENDPOINT }}
-          signing-account-name: ${{ env.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-          certificate-profile-name: ${{ env.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE }}
-          files: |
-            ${{ github.workspace }}\packages\opencode\dist\opencode-windows-arm64\bin\opencode.exe
-            ${{ github.workspace }}\packages\opencode\dist\opencode-windows-x64\bin\opencode.exe
-            ${{ github.workspace }}\packages\opencode\dist\opencode-windows-x64-baseline\bin\opencode.exe
-          exclude-environment-credential: true
-          exclude-workload-identity-credential: true
-          exclude-managed-identity-credential: true
-          exclude-shared-token-cache-credential: true
-          exclude-visual-studio-credential: true
-          exclude-visual-studio-code-credential: true
-          exclude-azure-cli-credential: false
-          exclude-azure-powershell-credential: true
-          exclude-azure-developer-cli-credential: true
-          exclude-interactive-browser-credential: true
-
-      - name: Verify Windows CLI signatures
-        shell: pwsh
-        run: |
-          $files = @(
-            "${{ github.workspace }}\packages\opencode\dist\opencode-windows-arm64\bin\opencode.exe",
-            "${{ github.workspace }}\packages\opencode\dist\opencode-windows-x64\bin\opencode.exe",
-            "${{ github.workspace }}\packages\opencode\dist\opencode-windows-x64-baseline\bin\opencode.exe"
-          )
-
-          foreach ($file in $files) {
-            $sig = Get-AuthenticodeSignature $file
-            if ($sig.Status -ne "Valid") {
-              throw "Invalid signature for ${file}: $($sig.Status)"
-            }
-          }
-
-      - name: Repack Windows CLI archives
-        working-directory: packages/opencode/dist
-        shell: pwsh
-        run: |
-          Compress-Archive -Path "opencode-windows-arm64\bin\*" -DestinationPath "opencode-windows-arm64.zip" -Force
-          Compress-Archive -Path "opencode-windows-x64\bin\*" -DestinationPath "opencode-windows-x64.zip" -Force
-          Compress-Archive -Path "opencode-windows-x64-baseline\bin\*" -DestinationPath "opencode-windows-x64-baseline.zip" -Force
-
-      - name: Upload signed Windows CLI release assets
-        if: needs.version.outputs.release != ''
-        shell: pwsh
+          projectPath: packages/desktop
+          uploadWorkflowArtifacts: true
+          tauriScript: ${{ (contains(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }}
+          args: --target ${{ matrix.settings.target }} --config ${{ (github.ref_name == 'beta' && './src-tauri/tauri.beta.conf.json') || './src-tauri/tauri.prod.conf.json' }} --verbose
+          updaterJsonPreferNsis: true
+          releaseId: ${{ needs.version.outputs.release }}
+          tagName: ${{ needs.version.outputs.tag }}
+          releaseDraft: true
+          releaseAssetNamePattern: opencode-desktop-[platform]-[arch][ext]
+          repo: ${{ (github.ref_name == 'beta' && 'opencode-beta') || '' }}
+          releaseCommitish: ${{ github.sha }}
        env:
-          GH_TOKEN: ${{ steps.committer.outputs.token }}
-        run: |
-          gh release upload "v${{ needs.version.outputs.version }}" `
-            "${{ github.workspace }}\packages\opencode\dist\opencode-windows-arm64.zip" `
-            "${{ github.workspace }}\packages\opencode\dist\opencode-windows-x64.zip" `
-            "${{ github.workspace }}\packages\opencode\dist\opencode-windows-x64-baseline.zip" `
-            --clobber `
-            --repo "${{ needs.version.outputs.repo }}"
-
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: opencode-cli-signed-windows
-          path: |
-            packages/opencode/dist/opencode-windows-arm64
-            packages/opencode/dist/opencode-windows-x64
-            packages/opencode/dist/opencode-windows-x64-baseline
+          GITHUB_TOKEN: ${{ steps.committer.outputs.token }}
+          TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+          APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
+          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
+          APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8

  build-electron:
    needs:
      - build-cli
      - version
-    if: github.repository == 'anomalyco/opencode'
    continue-on-error: false
-    env:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_TRUSTED_SIGNING_ACCOUNT_NAME: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-      AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE }}
-      AZURE_TRUSTED_SIGNING_ENDPOINT: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
    strategy:
      fail-fast: false
      matrix:
        settings:
-          - host: macos-26-intel
+          - host: macos-latest
            target: x86_64-apple-darwin
            platform_flag: --mac --x64
-            bun_install_flags: --os=darwin --cpu=x64
-          - host: macos-26
+          - host: macos-latest
            target: aarch64-apple-darwin
            platform_flag: --mac --arm64
-            bun_install_flags: --os=darwin --cpu=arm64
          # github-hosted: blacksmith lacks ARM64 MSVC cross-compilation toolchain
          - host: "windows-2025"
            target: aarch64-pc-windows-msvc
@@ -244,14 +271,15 @@ jobs:
          - host: "blacksmith-4vcpu-ubuntu-2404"
            target: x86_64-unknown-linux-gnu
            platform_flag: --linux
-          - host: "blacksmith-4vcpu-ubuntu-2404-arm"
+          - host: "blacksmith-4vcpu-ubuntu-2404"
            target: aarch64-unknown-linux-gnu
-            platform_flag: --linux --arm64
+            platform_flag: --linux
    runs-on: ${{ matrix.settings.host }}
+    # if: github.ref_name == 'beta'
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3

-      - uses: apple-actions/import-codesign-certs@8f3fb608891dd2244cdab3d69cd68c0d37a7fe93 # v2.0.0
+      - uses: apple-actions/import-codesign-certs@v2
        if: runner.os == 'macOS'
        with:
          keychain: build
@@ -263,24 +291,14 @@ jobs:
        run: echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8

      - uses: ./.github/actions/setup-bun
-        with:
-          install-flags: ${{ matrix.settings.bun_install_flags }}

-      - name: Azure login
-        if: runner.os == 'Windows'
-        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
-        with:
-          client-id: ${{ env.AZURE_CLIENT_ID }}
-          tenant-id: ${{ env.AZURE_TENANT_ID }}
-          subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
-
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
          node-version: "24"

      - name: Cache apt packages
        if: contains(matrix.settings.host, 'ubuntu')
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: ~/apt-cache
          key: ${{ runner.os }}-${{ matrix.settings.target }}-apt-electron-${{ hashFiles('.github/workflows/publish.yml') }}
@@ -304,32 +322,24 @@ jobs:

      - name: Prepare
        run: bun ./scripts/prepare.ts
-        working-directory: packages/desktop
+        working-directory: packages/desktop-electron
        env:
          OPENCODE_VERSION: ${{ needs.version.outputs.version }}
          OPENCODE_CHANNEL: ${{ (github.ref_name == 'beta' && 'beta') || 'prod' }}
-          OPENCODE_CLI_ARTIFACT: ${{ (runner.os == 'Windows' && 'opencode-cli-windows') || 'opencode-cli' }}
          RUST_TARGET: ${{ matrix.settings.target }}
          GH_TOKEN: ${{ github.token }}
          GITHUB_RUN_ID: ${{ github.run_id }}

      - name: Build
        run: bun run build
-        working-directory: packages/desktop
+        working-directory: packages/desktop-electron
        env:
          OPENCODE_CHANNEL: ${{ (github.ref_name == 'beta' && 'beta') || 'prod' }}
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: ${{ vars.SENTRY_ORG }}
-          SENTRY_PROJECT: ${{ vars.WEB_SENTRY_PROJECT }}
-          SENTRY_RELEASE: desktop@${{ needs.version.outputs.version }}
-          VITE_SENTRY_DSN: ${{ vars.WEB_SENTRY_DSN }}
-          VITE_SENTRY_ENVIRONMENT: ${{ (github.ref_name == 'beta' && 'beta') || 'production' }}
-          VITE_SENTRY_RELEASE: desktop@${{ needs.version.outputs.version }}

      - name: Package and publish
        if: needs.version.outputs.release
        run: npx electron-builder ${{ matrix.settings.platform_flag }} --publish always --config electron-builder.config.ts
-        working-directory: packages/desktop
+        working-directory: packages/desktop-electron
        timeout-minutes: 60
        env:
          OPENCODE_CHANNEL: ${{ (github.ref_name == 'beta' && 'beta') || 'prod' }}
@@ -343,114 +353,52 @@ jobs:
      - name: Package (no publish)
        if: ${{ !needs.version.outputs.release }}
        run: npx electron-builder ${{ matrix.settings.platform_flag }} --publish never --config electron-builder.config.ts
-        working-directory: packages/desktop
+        working-directory: packages/desktop-electron
        timeout-minutes: 60
        env:
          OPENCODE_CHANNEL: ${{ (github.ref_name == 'beta' && 'beta') || 'prod' }}

-      - name: Create and upload macOS .app.tar.gz
-        if: runner.os == 'macOS' && needs.version.outputs.release
-        working-directory: packages/desktop/dist
-        env:
-          GH_TOKEN: ${{ steps.committer.outputs.token }}
-        run: |
-          if [[ "${{ matrix.settings.target }}" == "x86_64-apple-darwin" ]]; then
-            APP_DIR="mac"
-            OUT_NAME="opencode-desktop-mac-x64.app.tar.gz"
-          elif [[ "${{ matrix.settings.target }}" == "aarch64-apple-darwin" ]]; then
-            APP_DIR="mac-arm64"
-            OUT_NAME="opencode-desktop-mac-arm64.app.tar.gz"
-          else
-            echo "Unknown macOS target: ${{ matrix.settings.target }}"
-            exit 1
-          fi
-          APP_PATH=$(find "$APP_DIR" -maxdepth 1 -name "*.app" -type d | head -1)
-          if [ -z "$APP_PATH" ]; then
-            echo "No .app bundle found in $APP_DIR"
-            exit 1
-          fi
-          tar -czf "$OUT_NAME" -C "$(dirname "$APP_PATH")" "$(basename "$APP_PATH")"
-          gh release upload "v${{ needs.version.outputs.version }}" "$OUT_NAME" --clobber --repo "${{ needs.version.outputs.repo }}"
-
-      - name: Verify signed Windows Electron artifacts
-        if: runner.os == 'Windows'
-        shell: pwsh
-        run: |
-          $files = @()
-          $files += Get-ChildItem "${{ github.workspace }}\packages\desktop\dist\*.exe" | Select-Object -ExpandProperty FullName
-          $files += Get-ChildItem "${{ github.workspace }}\packages\desktop\dist\*unpacked\*.exe" | Select-Object -ExpandProperty FullName
-          $files += Get-ChildItem "${{ github.workspace }}\packages\desktop\dist\*unpacked\resources\opencode-cli.exe" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty FullName
-
-          foreach ($file in $files | Select-Object -Unique) {
-            $sig = Get-AuthenticodeSignature $file
-            if ($sig.Status -ne "Valid") {
-              throw "Invalid signature for ${file}: $($sig.Status)"
-            }
-          }
-
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@v4
        with:
-          name: opencode-desktop-${{ matrix.settings.target }}
-          path: packages/desktop/dist/*
+          name: opencode-electron-${{ matrix.settings.target }}
+          path: packages/desktop-electron/dist/*

-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@v4
        if: needs.version.outputs.release
        with:
          name: latest-yml-${{ matrix.settings.target }}
-          path: packages/desktop/dist/latest*.yml
+          path: packages/desktop-electron/dist/latest*.yml

  publish:
    needs:
      - version
      - build-cli
-      - sign-cli-windows
+      - build-tauri
      - build-electron
-    if: always() && !failure() && !cancelled()
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      - uses: actions/checkout@v3

      - uses: ./.github/actions/setup-bun

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@v3

-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
          node-version: "24"
          registry-url: "https://registry.npmjs.org"

-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: opencode-cli
-          path: packages/opencode/dist
-
-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: opencode-cli-windows
-          path: packages/opencode/dist
-
-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: opencode-cli-signed-windows
-          path: packages/opencode/dist
-
-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        if: needs.version.outputs.release
-        with:
-          pattern: latest-yml-*
-          path: /tmp/latest-yml
-
      - name: Setup git committer
        id: committer
        uses: ./.github/actions/setup-git-committer
@@ -458,8 +406,19 @@ jobs:
          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}

+      - uses: actions/download-artifact@v4
+        with:
+          name: opencode-cli
+          path: packages/opencode/dist
+
+      - uses: actions/download-artifact@v4
+        if: needs.version.outputs.release
+        with:
+          pattern: latest-yml-*
+          path: /tmp/latest-yml
+
      - name: Cache apt packages (AUR)
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: /var/cache/apt/archives
          key: ${{ runner.os }}-apt-aur-${{ hashFiles('.github/workflows/publish.yml') }}
@@ -486,5 +445,3 @@ jobs:
          GH_REPO: ${{ needs.version.outputs.repo }}
          NPM_CONFIG_PROVENANCE: false
          LATEST_YML_DIR: /tmp/latest-yml
-          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
-          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
--- a/.github/workflows/release-github-action.yml
+++ b/.github/workflows/release-github-action.yml
@@ -16,7 +16,7 @@ jobs:
  release:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

--- a/.github/workflows/review.yml
+++ b/.github/workflows/review.yml
@@ -25,7 +25,7 @@ jobs:
          fi

      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 1

@@ -45,13 +45,13 @@ jobs:

      - name: Check PR guidelines compliance
        env:
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          OPENCODE_PERMISSION: '{ "bash": {  "*": "deny", "gh*": "allow", "gh pr review*": "deny" } }'
          PR_TITLE: ${{ steps.pr-details.outputs.title }}
        run: |
          PR_BODY=$(jq -r .body pr_data.json)
-          opencode run -m opencode/gpt-5.5 --variant medium "A new pull request has been created: '${PR_TITLE}'
+          opencode run -m anthropic/claude-opus-4-5 "A new pull request has been created: '${PR_TITLE}'

          <pr-number>
          ${{ steps.pr-number.outputs.number }}
--- a/.github/workflows/sign-cli.yml
+++ b/.github/workflows/sign-cli.yml
@@ -0,0 +1,54 @@
+name: sign-cli
+
+on:
+  push:
+    branches:
+      - brendan/desktop-signpath
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  actions: read
+
+jobs:
+  sign-cli:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    if: github.repository == 'anomalyco/opencode'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-tags: true
+
+      - uses: ./.github/actions/setup-bun
+
+      - name: Build
+        run: |
+          ./packages/opencode/script/build.ts
+
+      - name: Upload unsigned Windows CLI
+        id: upload_unsigned_windows_cli
+        uses: actions/upload-artifact@v4
+        with:
+          name: unsigned-opencode-windows-cli
+          path: packages/opencode/dist/opencode-windows-x64/bin/opencode.exe
+          if-no-files-found: error
+
+      - name: Submit SignPath signing request
+        id: submit_signpath_signing_request
+        uses: signpath/github-action-submit-signing-request@v1
+        with:
+          api-token: ${{ secrets.SIGNPATH_API_KEY }}
+          organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
+          project-slug: ${{ secrets.SIGNPATH_PROJECT_SLUG }}
+          signing-policy-slug: ${{ secrets.SIGNPATH_SIGNING_POLICY_SLUG }}
+          artifact-configuration-slug: ${{ secrets.SIGNPATH_ARTIFACT_CONFIGURATION_SLUG }}
+          github-artifact-id: ${{ steps.upload_unsigned_windows_cli.outputs.artifact-id }}
+          wait-for-completion: true
+          output-artifact-directory: signed-opencode-cli
+
+      - name: Upload signed Windows CLI
+        uses: actions/upload-artifact@v4
+        with:
+          name: signed-opencode-windows-cli
+          path: signed-opencode-cli/*.exe
+          if-no-files-found: error
--- a/.github/workflows/stats.yml
+++ b/.github/workflows/stats.yml
@@ -16,7 +16,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4

      - name: Setup Bun
        uses: ./.github/actions/setup-bun
--- a/.github/workflows/storybook.yml
+++ b/.github/workflows/storybook.yml
@@ -29,7 +29,7 @@ jobs:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4

      - name: Setup Bun
        uses: ./.github/actions/setup-bun
--- a/.github/workflows/sync-zed-extension.yml
+++ b/.github/workflows/sync-zed-extension.yml
@@ -10,7 +10,7 @@ jobs:
    name: Release Zed Extension
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,10 +15,6 @@ concurrency:

 permissions:
  contents: read
-  checks: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

 jobs:
  unit:
@@ -37,15 +33,10 @@ jobs:
        shell: bash
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: "24"
-
      - name: Setup Bun
        uses: ./.github/actions/setup-bun

@@ -54,44 +45,8 @@ jobs:
          git config --global user.email "bot@opencode.ai"
          git config --global user.name "opencode"

-      - name: Cache Turbo
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: node_modules/.cache/turbo
-          key: turbo-${{ runner.os }}-${{ hashFiles('turbo.json', '**/package.json') }}-${{ github.sha }}
-          restore-keys: |
-            turbo-${{ runner.os }}-${{ hashFiles('turbo.json', '**/package.json') }}-
-            turbo-${{ runner.os }}-
-
      - name: Run unit tests
-        run: bun turbo test:ci
-        env:
-          OPENCODE_EXPERIMENTAL_DISABLE_FILEWATCHER: ${{ runner.os == 'Windows' && 'true' || 'false' }}
-
-      - name: Run HttpApi exerciser gates
-        if: runner.os == 'Linux'
-        working-directory: packages/opencode
-        run: bun run test:httpapi
-
-      - name: Publish unit reports
-        if: always()
-        uses: mikepenz/action-junit-report@bccf2e31636835cf0874589931c4116687171386 # v6.4.0
-        with:
-          report_paths: packages/*/.artifacts/unit/junit.xml
-          check_name: "unit results (${{ matrix.settings.name }})"
-          detailed_summary: true
-          include_time_in_summary: true
-          fail_on_failure: false
-
-      - name: Upload unit artifacts
-        if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: unit-${{ matrix.settings.name }}-${{ github.run_attempt }}
-          include-hidden-files: true
-          if-no-files-found: ignore
-          retention-days: 7
-          path: packages/*/.artifacts/unit/junit.xml
+        run: bun turbo test

  e2e:
    name: e2e (${{ matrix.settings.name }})
@@ -111,27 +66,22 @@ jobs:
        shell: bash
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: "24"
-
      - name: Setup Bun
        uses: ./.github/actions/setup-bun

      - name: Read Playwright version
        id: playwright-version
        run: |
-          version=$(node -e 'console.log(require("./package.json").workspaces.catalog["@playwright/test"])')
+          version=$(node -e 'console.log(require("./packages/app/package.json").devDependencies["@playwright/test"])')
          echo "version=$version" >> "$GITHUB_OUTPUT"

      - name: Cache Playwright browsers
        id: playwright-cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: ${{ github.workspace }}/.playwright-browsers
          key: ${{ runner.os }}-${{ runner.arch }}-playwright-${{ steps.playwright-version.outputs.version }}-chromium
@@ -150,17 +100,15 @@ jobs:
        run: bun --cwd packages/app test:e2e:local
        env:
          CI: true
-          PLAYWRIGHT_JUNIT_OUTPUT: e2e/junit-${{ matrix.settings.name }}.xml
        timeout-minutes: 30

      - name: Upload Playwright artifacts
-        if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        if: failure()
+        uses: actions/upload-artifact@v4
        with:
          name: playwright-${{ matrix.settings.name }}-${{ github.run_attempt }}
          if-no-files-found: ignore
          retention-days: 7
          path: |
-            packages/app/e2e/junit-*.xml
            packages/app/e2e/test-results
            packages/app/e2e/playwright-report
--- a/.github/workflows/triage.yml
+++ b/.github/workflows/triage.yml
@@ -12,7 +12,7 @@ jobs:
      issues: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4
        with:
          fetch-depth: 1

--- a/.github/workflows/typecheck.yml
+++ b/.github/workflows/typecheck.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: blacksmith-4vcpu-ubuntu-2404
    steps:
      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        uses: actions/checkout@v4

      - name: Setup Bun
        uses: ./.github/actions/setup-bun
--- a/.github/workflows/vouch-check-issue.yml
+++ b/.github/workflows/vouch-check-issue.yml
@@ -0,0 +1,116 @@
+name: vouch-check-issue
+
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if issue author is denounced
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const author = context.payload.issue.user.login;
+            const issueNumber = context.payload.issue.number;
+
+            // Skip bots
+            if (author.endsWith('[bot]')) {
+              core.info(`Skipping bot: ${author}`);
+              return;
+            }
+
+            // Read the VOUCHED.td file via API (no checkout needed)
+            let content;
+            try {
+              const response = await github.rest.repos.getContent({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                path: '.github/VOUCHED.td',
+              });
+              content = Buffer.from(response.data.content, 'base64').toString('utf-8');
+            } catch (error) {
+              if (error.status === 404) {
+                core.info('No .github/VOUCHED.td file found, skipping check.');
+                return;
+              }
+              throw error;
+            }
+
+            // Parse the .td file for vouched and denounced users
+            const vouched = new Set();
+            const denounced = new Map();
+            for (const line of content.split('\n')) {
+              const trimmed = line.trim();
+              if (!trimmed || trimmed.startsWith('#')) continue;
+
+              const isDenounced = trimmed.startsWith('-');
+              const rest = isDenounced ? trimmed.slice(1).trim() : trimmed;
+              if (!rest) continue;
+
+              const spaceIdx = rest.indexOf(' ');
+              const handle = spaceIdx === -1 ? rest : rest.slice(0, spaceIdx);
+              const reason = spaceIdx === -1 ? null : rest.slice(spaceIdx + 1).trim();
+
+              // Handle platform:username or bare username
+              // Only match bare usernames or github: prefix (skip other platforms)
+              const colonIdx = handle.indexOf(':');
+              if (colonIdx !== -1) {
+                const platform = handle.slice(0, colonIdx).toLowerCase();
+                if (platform !== 'github') continue;
+              }
+              const username = colonIdx === -1 ? handle : handle.slice(colonIdx + 1);
+              if (!username) continue;
+
+              if (isDenounced) {
+                denounced.set(username.toLowerCase(), reason);
+                continue;
+              }
+
+              vouched.add(username.toLowerCase());
+            }
+
+            // Check if the author is denounced
+            const reason = denounced.get(author.toLowerCase());
+            if (reason !== undefined) {
+              // Author is denounced — close the issue
+              const body = 'This issue has been automatically closed.';
+
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+                body,
+              });
+
+              await github.rest.issues.update({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+                state: 'closed',
+                state_reason: 'not_planned',
+              });
+
+              core.info(`Closed issue #${issueNumber} from denounced user ${author}`);
+              return;
+            }
+
+            // Author is positively vouched — add label
+            if (!vouched.has(author.toLowerCase())) {
+              core.info(`User ${author} is not denounced or vouched. Allowing issue.`);
+              return;
+            }
+
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issueNumber,
+              labels: ['Vouched'],
+            });
+
+            core.info(`Added vouched label to issue #${issueNumber} from ${author}`);
--- a/.github/workflows/vouch-check-pr.yml
+++ b/.github/workflows/vouch-check-pr.yml
@@ -0,0 +1,114 @@
+name: vouch-check-pr
+
+on:
+  pull_request_target:
+    types: [opened]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if PR author is denounced
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const author = context.payload.pull_request.user.login;
+            const prNumber = context.payload.pull_request.number;
+
+            // Skip bots
+            if (author.endsWith('[bot]')) {
+              core.info(`Skipping bot: ${author}`);
+              return;
+            }
+
+            // Read the VOUCHED.td file via API (no checkout needed)
+            let content;
+            try {
+              const response = await github.rest.repos.getContent({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                path: '.github/VOUCHED.td',
+              });
+              content = Buffer.from(response.data.content, 'base64').toString('utf-8');
+            } catch (error) {
+              if (error.status === 404) {
+                core.info('No .github/VOUCHED.td file found, skipping check.');
+                return;
+              }
+              throw error;
+            }
+
+            // Parse the .td file for vouched and denounced users
+            const vouched = new Set();
+            const denounced = new Map();
+            for (const line of content.split('\n')) {
+              const trimmed = line.trim();
+              if (!trimmed || trimmed.startsWith('#')) continue;
+
+              const isDenounced = trimmed.startsWith('-');
+              const rest = isDenounced ? trimmed.slice(1).trim() : trimmed;
+              if (!rest) continue;
+
+              const spaceIdx = rest.indexOf(' ');
+              const handle = spaceIdx === -1 ? rest : rest.slice(0, spaceIdx);
+              const reason = spaceIdx === -1 ? null : rest.slice(spaceIdx + 1).trim();
+
+              // Handle platform:username or bare username
+              // Only match bare usernames or github: prefix (skip other platforms)
+              const colonIdx = handle.indexOf(':');
+              if (colonIdx !== -1) {
+                const platform = handle.slice(0, colonIdx).toLowerCase();
+                if (platform !== 'github') continue;
+              }
+              const username = colonIdx === -1 ? handle : handle.slice(colonIdx + 1);
+              if (!username) continue;
+
+              if (isDenounced) {
+                denounced.set(username.toLowerCase(), reason);
+                continue;
+              }
+
+              vouched.add(username.toLowerCase());
+            }
+
+            // Check if the author is denounced
+            const reason = denounced.get(author.toLowerCase());
+            if (reason !== undefined) {
+              // Author is denounced — close the PR
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                body: 'This pull request has been automatically closed.',
+              });
+
+              await github.rest.pulls.update({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: prNumber,
+                state: 'closed',
+              });
+
+              core.info(`Closed PR #${prNumber} from denounced user ${author}`);
+              return;
+            }
+
+            // Author is positively vouched — add label
+            if (!vouched.has(author.toLowerCase())) {
+              core.info(`User ${author} is not denounced or vouched. Allowing PR.`);
+              return;
+            }
+
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+              labels: ['Vouched'],
+            });
+
+            core.info(`Added vouched label to PR #${prNumber} from ${author}`);
--- a/.github/workflows/vouch-manage-by-issue.yml
+++ b/.github/workflows/vouch-manage-by-issue.yml
@@ -0,0 +1,38 @@
+name: vouch-manage-by-issue
+
+on:
+  issue_comment:
+    types: [created]
+
+concurrency:
+  group: vouch-manage
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: read
+
+jobs:
+  manage:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Setup git committer
+        id: committer
+        uses: ./.github/actions/setup-git-committer
+        with:
+          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
+          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}
+
+      - uses: mitchellh/vouch/action/manage-by-issue@main
+        with:
+          issue-id: ${{ github.event.issue.number }}
+          comment-id: ${{ github.event.comment.id }}
+          roles: admin,maintain,write
+        env:
+          GITHUB_TOKEN: ${{ steps.committer.outputs.token }}
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@ node_modules
 .worktrees
 .sst
 .env
-.env.local
 .idea
 .vscode
 .codex
@@ -26,7 +25,6 @@ target

 # Local dev files
 opencode-dev
-UPCOMING_CHANGELOG.md
 logs/
 *.bun-build
 tsconfig.tsbuildinfo
--- a/.gitleaksignore
+++ b/.gitleaksignore
@@ -1,5 +0,0 @@
-# Fake secret-looking strings used by HTTP recorder redaction tests.
-afa57acfda894e0ebf3c637dd710310b705c0a2f:packages/http-recorder/test/record-replay.test.ts:generic-api-key:69
-afa57acfda894e0ebf3c637dd710310b705c0a2f:packages/http-recorder/test/record-replay.test.ts:generic-api-key:92
-afa57acfda894e0ebf3c637dd710310b705c0a2f:packages/http-recorder/test/record-replay.test.ts:generic-api-key:146
-afa57acfda894e0ebf3c637dd710310b705c0a2f:packages/http-recorder/test/record-replay.test.ts:gcp-api-key:71
--- a/.opencode/.gitignore
+++ b/.opencode/.gitignore
@@ -3,5 +3,4 @@ plans
 package.json
 bun.lock
 .gitignore
-package-lock.json
-references/
+package-lock.json
--- a/.opencode/agent/docs.md
+++ b/.opencode/agent/docs.md
@@ -0,0 +1,34 @@
+---
+description: ALWAYS use this when writing docs
+color: "#38A3EE"
+---
+
+You are an expert technical documentation writer
+
+You are not verbose
+
+Use a relaxed and friendly tone
+
+The title of the page should be a word or a 2-3 word phrase
+
+The description should be one short line, should not start with "The", should
+avoid repeating the title of the page, should be 5-10 words long
+
+Chunks of text should not be more than 2 sentences long
+
+Each section is separated by a divider of 3 dashes
+
+The section titles are short with only the first letter of the word capitalized
+
+The section titles are in the imperative mood
+
+The section titles should not repeat the term used in the page title, for
+example, if the page title is "Models", avoid using a section title like "Add
+new models". This might be unavoidable in some cases, but try to avoid it.
+
+Check out the /packages/web/src/content/docs/docs/index.mdx as an example.
+
+For JS or TS code snippets remove trailing semicolons and any trailing commas
+that might not be needed.
+
+If you are making a commit prefix the commit message with `docs:`
--- a/.opencode/agent/translator.md
+++ b/.opencode/agent/translator.md
@@ -0,0 +1,900 @@
+---
+description: Translate content for a specified locale while preserving technical terms
+mode: subagent
+model: opencode/gpt-5.4
+---
+
+You are a professional translator and localization specialist.
+
+Translate the user's content into the requested target locale (language + region, e.g. fr-FR, de-DE).
+
+Requirements:
+
+- Preserve meaning, intent, tone, and formatting (including Markdown/MDX structure).
+- Preserve all technical terms and artifacts exactly: product/company names, API names, identifiers, code, commands/flags, file paths, URLs, versions, error messages, config keys/values, and anything inside inline code or code blocks.
+- Also preserve every term listed in the Do-Not-Translate glossary below.
+- Also apply locale-specific guidance from `.opencode/glossary/<locale>.md` when available (for example, `zh-cn.md`).
+- Do not modify fenced code blocks.
+- Output ONLY the translation (no commentary).
+
+If the target locale is missing, ask the user to provide it.
+If no locale-specific glossary exists, use the global glossary only.
+
+---
+
+# Locale-Specific Glossaries
+
+When a locale glossary exists, use it to:
+
+- Apply preferred wording for recurring UI/docs terms in that locale
+- Preserve locale-specific do-not-translate terms and casing decisions
+- Prefer natural phrasing over literal translation when the locale file calls it out
+- If the repo uses a locale alias slug, apply that file too (for example, `pt-BR` maps to `br.md` in this repo)
+
+Locale guidance does not override code/command preservation rules or the global Do-Not-Translate glossary below.
+
+---
+
+# Do-Not-Translate Terms (OpenCode Docs)
+
+Generated from: `packages/web/src/content/docs/*.mdx` (default English docs)
+Generated on: 2026-02-10
+
+Use this as a translation QA checklist / glossary. Preserve listed terms exactly (spelling, casing, punctuation).
+
+General rules (verbatim, even if not listed below):
+
+- Anything inside inline code (single backticks) or fenced code blocks (triple backticks)
+- MDX/JS code in docs: `import ... from "..."`, component tags, identifiers
+- CLI commands, flags, config keys/values, file paths, URLs/domains, and env vars
+
+## Proper nouns and product names
+
+Additional (not reliably captured via link text):
+
+```text
+Astro
+Bun
+Chocolatey
+Cursor
+Docker
+Git
+GitHub Actions
+GitLab CI
+GNOME Terminal
+Homebrew
+Mise
+Neovim
+Node.js
+npm
+Obsidian
+opencode
+opencode-ai
+Paru
+pnpm
+ripgrep
+Scoop
+SST
+Starlight
+Visual Studio Code
+VS Code
+VSCodium
+Windsurf
+Windows Terminal
+Yarn
+Zellij
+Zed
+anomalyco
+```
+
+Extracted from link labels in the English docs (review and prune as desired):
+
+```text
+@openspoon/subtask2
+302.AI console
+ACP progress report
+Agent Client Protocol
+Agent Skills
+Agentic
+AGENTS.md
+AI SDK
+Alacritty
+Anthropic
+Anthropic's Data Policies
+Atom One
+Avante.nvim
+Ayu
+Azure AI Foundry
+Azure portal
+Baseten
+built-in GITHUB_TOKEN
+Bun.$
+Catppuccin
+Cerebras console
+ChatGPT Plus or Pro
+Cloudflare dashboard
+CodeCompanion.nvim
+CodeNomad
+Configuring Adapters: Environment Variables
+Context7 MCP server
+Cortecs console
+Deep Infra dashboard
+DeepSeek console
+Duo Agent Platform
+Everforest
+Fireworks AI console
+Firmware dashboard
+Ghostty
+GitLab CLI agents docs
+GitLab docs
+GitLab User Settings > Access Tokens
+Granular Rules (Object Syntax)
+Grep by Vercel
+Groq console
+Gruvbox
+Helicone
+Helicone documentation
+Helicone Header Directory
+Helicone's Model Directory
+Hugging Face Inference Providers
+Hugging Face settings
+install WSL
+IO.NET console
+JetBrains IDE
+Kanagawa
+Kitty
+MiniMax API Console
+Models.dev
+Moonshot AI console
+Nebius Token Factory console
+Nord
+OAuth
+Ollama integration docs
+OpenAI's Data Policies
+OpenChamber
+OpenCode
+OpenCode config
+OpenCode Config
+OpenCode TUI with the opencode theme
+OpenCode Web - Active Session
+OpenCode Web - New Session
+OpenCode Web - See Servers
+OpenCode Zen
+OpenCode-Obsidian
+OpenRouter dashboard
+OpenWork
+OVHcloud panel
+Pro+ subscription
+SAP BTP Cockpit
+Scaleway Console IAM settings
+Scaleway Generative APIs
+SDK documentation
+Sentry MCP server
+shell API
+Together AI console
+Tokyonight
+Unified Billing
+Venice AI console
+Vercel dashboard
+WezTerm
+Windows Subsystem for Linux (WSL)
+WSL
+WSL (Windows Subsystem for Linux)
+WSL extension
+xAI console
+Z.AI API console
+Zed
+ZenMux dashboard
+Zod
+```
+
+## Acronyms and initialisms
+
+```text
+ACP
+AGENTS
+AI
+AI21
+ANSI
+API
+AST
+AWS
+BTP
+CD
+CDN
+CI
+CLI
+CMD
+CORS
+DEBUG
+EKS
+ERROR
+FAQ
+GLM
+GNOME
+GPT
+HTML
+HTTP
+HTTPS
+IAM
+ID
+IDE
+INFO
+IO
+IP
+IRSA
+JS
+JSON
+JSONC
+K2
+LLM
+LM
+LSP
+M2
+MCP
+MR
+NET
+NPM
+NTLM
+OIDC
+OS
+PAT
+PATH
+PHP
+PR
+PTY
+README
+RFC
+RPC
+SAP
+SDK
+SKILL
+SSE
+SSO
+TS
+TTY
+TUI
+UI
+URL
+US
+UX
+VCS
+VPC
+VPN
+VS
+WARN
+WSL
+X11
+YAML
+```
+
+## Code identifiers used in prose (CamelCase, mixedCase)
+
+```text
+apiKey
+AppleScript
+AssistantMessage
+baseURL
+BurntSushi
+ChatGPT
+ClangFormat
+CodeCompanion
+CodeNomad
+DeepSeek
+DefaultV2
+FileContent
+FileDiff
+FileNode
+fineGrained
+FormatterStatus
+GitHub
+GitLab
+iTerm2
+JavaScript
+JetBrains
+macOS
+mDNS
+MiniMax
+NeuralNomadsAI
+NickvanDyke
+NoeFabris
+OpenAI
+OpenAPI
+OpenChamber
+OpenCode
+OpenRouter
+OpenTUI
+OpenWork
+ownUserPermissions
+PowerShell
+ProviderAuthAuthorization
+ProviderAuthMethod
+ProviderInitError
+SessionStatus
+TabItem
+tokenType
+ToolIDs
+ToolList
+TypeScript
+typesUrl
+UserMessage
+VcsInfo
+WebView2
+WezTerm
+xAI
+ZenMux
+```
+
+## OpenCode CLI commands (as shown in docs)
+
+```text
+opencode
+opencode [project]
+opencode /path/to/project
+opencode acp
+opencode agent [command]
+opencode agent create
+opencode agent list
+opencode attach [url]
+opencode attach http://10.20.30.40:4096
+opencode attach http://localhost:4096
+opencode auth [command]
+opencode auth list
+opencode auth login
+opencode auth logout
+opencode auth ls
+opencode export [sessionID]
+opencode github [command]
+opencode github install
+opencode github run
+opencode import <file>
+opencode import https://opncd.ai/s/abc123
+opencode import session.json
+opencode mcp [command]
+opencode mcp add
+opencode mcp auth [name]
+opencode mcp auth list
+opencode mcp auth ls
+opencode mcp auth my-oauth-server
+opencode mcp auth sentry
+opencode mcp debug <name>
+opencode mcp debug my-oauth-server
+opencode mcp list
+opencode mcp logout [name]
+opencode mcp logout my-oauth-server
+opencode mcp ls
+opencode models --refresh
+opencode models [provider]
+opencode models anthropic
+opencode run [message..]
+opencode run Explain the use of context in Go
+opencode serve
+opencode serve --cors http://localhost:5173 --cors https://app.example.com
+opencode serve --hostname 0.0.0.0 --port 4096
+opencode serve [--port <number>] [--hostname <string>] [--cors <origin>]
+opencode session [command]
+opencode session list
+opencode session delete <sessionID>
+opencode stats
+opencode uninstall
+opencode upgrade
+opencode upgrade [target]
+opencode upgrade v0.1.48
+opencode web
+opencode web --cors https://example.com
+opencode web --hostname 0.0.0.0
+opencode web --mdns
+opencode web --mdns --mdns-domain myproject.local
+opencode web --port 4096
+opencode web --port 4096 --hostname 0.0.0.0
+opencode.server.close()
+```
+
+## Slash commands and routes
+
+```text
+/agent
+/auth/:id
+/clear
+/command
+/config
+/config/providers
+/connect
+/continue
+/doc
+/editor
+/event
+/experimental/tool?provider=<p>&model=<m>
+/experimental/tool/ids
+/export
+/file?path=<path>
+/file/content?path=<p>
+/file/status
+/find?pattern=<pat>
+/find/file
+/find/file?query=<q>
+/find/symbol?query=<q>
+/formatter
+/global/event
+/global/health
+/help
+/init
+/instance/dispose
+/log
+/lsp
+/mcp
+/mnt/
+/mnt/c/
+/mnt/d/
+/models
+/oc
+/opencode
+/path
+/project
+/project/current
+/provider
+/provider/{id}/oauth/authorize
+/provider/{id}/oauth/callback
+/provider/auth
+/q
+/quit
+/redo
+/resume
+/session
+/session/:id
+/session/:id/abort
+/session/:id/children
+/session/:id/command
+/session/:id/diff
+/session/:id/fork
+/session/:id/init
+/session/:id/message
+/session/:id/message/:messageID
+/session/:id/permissions/:permissionID
+/session/:id/prompt_async
+/session/:id/revert
+/session/:id/share
+/session/:id/shell
+/session/:id/summarize
+/session/:id/todo
+/session/:id/unrevert
+/session/status
+/share
+/summarize
+/theme
+/tui
+/tui/append-prompt
+/tui/clear-prompt
+/tui/control/next
+/tui/control/response
+/tui/execute-command
+/tui/open-help
+/tui/open-models
+/tui/open-sessions
+/tui/open-themes
+/tui/show-toast
+/tui/submit-prompt
+/undo
+/Users/username
+/Users/username/projects/*
+/vcs
+```
+
+## CLI flags and short options
+
+```text
+--agent
+--attach
+--command
+--continue
+--cors
+--cwd
+--days
+--dir
+--dry-run
+--event
+--file
+--force
+--fork
+--format
+--help
+--hostname
+--hostname 0.0.0.0
+--keep-config
+--keep-data
+--log-level
+--max-count
+--mdns
+--mdns-domain
+--method
+--model
+--models
+--port
+--print-logs
+--project
+--prompt
+--refresh
+--session
+--share
+--title
+--token
+--tools
+--verbose
+--version
+--wait
+
+-c
+-d
+-f
+-h
+-m
+-n
+-s
+-v
+```
+
+## Environment variables
+
+```text
+AI_API_URL
+AI_FLOW_CONTEXT
+AI_FLOW_EVENT
+AI_FLOW_INPUT
+AICORE_DEPLOYMENT_ID
+AICORE_RESOURCE_GROUP
+AICORE_SERVICE_KEY
+ANTHROPIC_API_KEY
+AWS_ACCESS_KEY_ID
+AWS_BEARER_TOKEN_BEDROCK
+AWS_PROFILE
+AWS_REGION
+AWS_ROLE_ARN
+AWS_SECRET_ACCESS_KEY
+AWS_WEB_IDENTITY_TOKEN_FILE
+AZURE_COGNITIVE_SERVICES_RESOURCE_NAME
+AZURE_RESOURCE_NAME
+CI_PROJECT_DIR
+CI_SERVER_FQDN
+CI_WORKLOAD_REF
+CLOUDFLARE_ACCOUNT_ID
+CLOUDFLARE_API_TOKEN
+CLOUDFLARE_GATEWAY_ID
+CONTEXT7_API_KEY
+GITHUB_TOKEN
+GITLAB_AI_GATEWAY_URL
+GITLAB_HOST
+GITLAB_INSTANCE_URL
+GITLAB_OAUTH_CLIENT_ID
+GITLAB_TOKEN
+GITLAB_TOKEN_OPENCODE
+GOOGLE_APPLICATION_CREDENTIALS
+GOOGLE_CLOUD_PROJECT
+HTTP_PROXY
+HTTPS_PROXY
+K2_
+MY_API_KEY
+MY_ENV_VAR
+MY_MCP_CLIENT_ID
+MY_MCP_CLIENT_SECRET
+NO_PROXY
+NODE_ENV
+NODE_EXTRA_CA_CERTS
+NPM_AUTH_TOKEN
+OC_ALLOW_WAYLAND
+OPENCODE_API_KEY
+OPENCODE_AUTH_JSON
+OPENCODE_AUTO_SHARE
+OPENCODE_CLIENT
+OPENCODE_CONFIG
+OPENCODE_CONFIG_CONTENT
+OPENCODE_CONFIG_DIR
+OPENCODE_DISABLE_AUTOCOMPACT
+OPENCODE_DISABLE_AUTOUPDATE
+OPENCODE_DISABLE_CLAUDE_CODE
+OPENCODE_DISABLE_CLAUDE_CODE_PROMPT
+OPENCODE_DISABLE_CLAUDE_CODE_SKILLS
+OPENCODE_DISABLE_DEFAULT_PLUGINS
+OPENCODE_DISABLE_FILETIME_CHECK
+OPENCODE_DISABLE_LSP_DOWNLOAD
+OPENCODE_DISABLE_MODELS_FETCH
+OPENCODE_DISABLE_PRUNE
+OPENCODE_DISABLE_TERMINAL_TITLE
+OPENCODE_ENABLE_EXA
+OPENCODE_ENABLE_EXPERIMENTAL_MODELS
+OPENCODE_EXPERIMENTAL
+OPENCODE_EXPERIMENTAL_BASH_DEFAULT_TIMEOUT_MS
+OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT
+OPENCODE_EXPERIMENTAL_DISABLE_FILEWATCHER
+OPENCODE_EXPERIMENTAL_EXA
+OPENCODE_EXPERIMENTAL_FILEWATCHER
+OPENCODE_EXPERIMENTAL_ICON_DISCOVERY
+OPENCODE_EXPERIMENTAL_LSP_TOOL
+OPENCODE_EXPERIMENTAL_LSP_TY
+OPENCODE_EXPERIMENTAL_MARKDOWN
+OPENCODE_EXPERIMENTAL_OUTPUT_TOKEN_MAX
+OPENCODE_EXPERIMENTAL_OXFMT
+OPENCODE_EXPERIMENTAL_PLAN_MODE
+OPENCODE_ENABLE_QUESTION_TOOL
+OPENCODE_FAKE_VCS
+OPENCODE_GIT_BASH_PATH
+OPENCODE_MODEL
+OPENCODE_MODELS_URL
+OPENCODE_PERMISSION
+OPENCODE_PORT
+OPENCODE_SERVER_PASSWORD
+OPENCODE_SERVER_USERNAME
+PROJECT_ROOT
+RESOURCE_NAME
+RUST_LOG
+VARIABLE_NAME
+VERTEX_LOCATION
+XDG_CONFIG_HOME
+```
+
+## Package/module identifiers
+
+```text
+../../../config.mjs
+@astrojs/starlight/components
+@opencode-ai/plugin
+@opencode-ai/sdk
+path
+shescape
+zod
+
+@
+@ai-sdk/anthropic
+@ai-sdk/cerebras
+@ai-sdk/google
+@ai-sdk/openai
+@ai-sdk/openai-compatible
+@File#L37-42
+@modelcontextprotocol/server-everything
+@opencode
+```
+
+## GitHub owner/repo slugs referenced in docs
+
+```text
+24601/opencode-zellij-namer
+angristan/opencode-wakatime
+anomalyco/opencode
+apps/opencode-agent
+athal7/opencode-devcontainers
+awesome-opencode/awesome-opencode
+backnotprop/plannotator
+ben-vargas/ai-sdk-provider-opencode-sdk
+btriapitsyn/openchamber
+BurntSushi/ripgrep
+Cluster444/agentic
+code-yeongyu/oh-my-opencode
+darrenhinde/opencode-agents
+different-ai/opencode-scheduler
+different-ai/openwork
+features/copilot
+folke/tokyonight.nvim
+franlol/opencode-md-table-formatter
+ggml-org/llama.cpp
+ghoulr/opencode-websearch-cited.git
+H2Shami/opencode-helicone-session
+hosenur/portal
+jamesmurdza/daytona
+jenslys/opencode-gemini-auth
+JRedeker/opencode-morph-fast-apply
+JRedeker/opencode-shell-strategy
+kdcokenny/ocx
+kdcokenny/opencode-background-agents
+kdcokenny/opencode-notify
+kdcokenny/opencode-workspace
+kdcokenny/opencode-worktree
+login/device
+mohak34/opencode-notifier
+morhetz/gruvbox
+mtymek/opencode-obsidian
+NeuralNomadsAI/CodeNomad
+nick-vi/opencode-type-inject
+NickvanDyke/opencode.nvim
+NoeFabris/opencode-antigravity-auth
+nordtheme/nord
+numman-ali/opencode-openai-codex-auth
+olimorris/codecompanion.nvim
+panta82/opencode-notificator
+rebelot/kanagawa.nvim
+remorses/kimaki
+sainnhe/everforest
+shekohex/opencode-google-antigravity-auth
+shekohex/opencode-pty.git
+spoons-and-mirrors/subtask2
+sudo-tee/opencode.nvim
+supermemoryai/opencode-supermemory
+Tarquinen/opencode-dynamic-context-pruning
+Th3Whit3Wolf/one-nvim
+upstash/context7
+vtemian/micode
+vtemian/octto
+yetone/avante.nvim
+zenobi-us/opencode-plugin-template
+zenobi-us/opencode-skillful
+```
+
+## Paths, filenames, globs, and URLs
+
+```text
+./.opencode/themes/*.json
+./<project-slug>/storage/
+./config/#custom-directory
+./global/storage/
+.agents/skills/*/SKILL.md
+.agents/skills/<name>/SKILL.md
+.clang-format
+.claude
+.claude/skills
+.claude/skills/*/SKILL.md
+.claude/skills/<name>/SKILL.md
+.env
+.github/workflows/opencode.yml
+.gitignore
+.gitlab-ci.yml
+.ignore
+.NET SDK
+.npmrc
+.ocamlformat
+.opencode
+.opencode/
+.opencode/agents/
+.opencode/commands/
+.opencode/commands/test.md
+.opencode/modes/
+.opencode/plans/*.md
+.opencode/plugins/
+.opencode/skills/<name>/SKILL.md
+.opencode/skills/git-release/SKILL.md
+.opencode/tools/
+.well-known/opencode
+{ type: "raw" \| "patch", content: string }
+{file:path/to/file}
+**/*.js
+%USERPROFILE%/intelephense/license.txt
+%USERPROFILE%\.cache\opencode
+%USERPROFILE%\.config\opencode\opencode.jsonc
+%USERPROFILE%\.config\opencode\plugins
+%USERPROFILE%\.local\share\opencode
+%USERPROFILE%\.local\share\opencode\log
+<project-root>/.opencode/themes/*.json
+<providerId>/<modelId>
+<your-project>/.opencode/plugins/
+~
+~/...
+~/.agents/skills/*/SKILL.md
+~/.agents/skills/<name>/SKILL.md
+~/.aws/credentials
+~/.bashrc
+~/.cache/opencode
+~/.cache/opencode/node_modules/
+~/.claude/CLAUDE.md
+~/.claude/skills/
+~/.claude/skills/*/SKILL.md
+~/.claude/skills/<name>/SKILL.md
+~/.config/opencode
+~/.config/opencode/AGENTS.md
+~/.config/opencode/agents/
+~/.config/opencode/commands/
+~/.config/opencode/modes/
+~/.config/opencode/opencode.json
+~/.config/opencode/opencode.jsonc
+~/.config/opencode/plugins/
+~/.config/opencode/skills/*/SKILL.md
+~/.config/opencode/skills/<name>/SKILL.md
+~/.config/opencode/themes/*.json
+~/.config/opencode/tools/
+~/.config/zed/settings.json
+~/.local/share
+~/.local/share/opencode/
+~/.local/share/opencode/auth.json
+~/.local/share/opencode/log/
+~/.local/share/opencode/mcp-auth.json
+~/.local/share/opencode/opencode.jsonc
+~/.npmrc
+~/.zshrc
+~/code/
+~/Library/Application Support
+~/projects/*
+~/projects/personal/
+${config.github}/blob/dev/packages/sdk/js/src/gen/types.gen.ts
+$HOME/intelephense/license.txt
+$HOME/projects/*
+$XDG_CONFIG_HOME/opencode/themes/*.json
+agent/
+agents/
+build/
+commands/
+dist/
+http://<wsl-ip>:4096
+http://127.0.0.1:8080/callback
+http://localhost:<port>
+http://localhost:4096
+http://localhost:4096/doc
+https://app.example.com
+https://AZURE_COGNITIVE_SERVICES_RESOURCE_NAME.cognitiveservices.azure.com/
+https://opencode.ai/zen/v1/chat/completions
+https://opencode.ai/zen/v1/messages
+https://opencode.ai/zen/v1/models/gemini-3-flash
+https://opencode.ai/zen/v1/models/gemini-3-pro
+https://opencode.ai/zen/v1/responses
+https://RESOURCE_NAME.openai.azure.com/
+laravel/pint
+log/
+model: "anthropic/claude-sonnet-4-5"
+modes/
+node_modules/
+openai/gpt-4.1
+opencode.ai/config.json
+opencode/<model-id>
+opencode/gpt-5.1-codex
+opencode/gpt-5.2-codex
+opencode/kimi-k2
+openrouter/google/gemini-2.5-flash
+opncd.ai/s/<share-id>
+packages/*/AGENTS.md
+plugins/
+project/
+provider_id/model_id
+provider/model
+provider/model-id
+rm -rf ~/.cache/opencode
+skills/
+skills/*/SKILL.md
+src/**/*.ts
+themes/
+tools/
+```
+
+## Keybind strings
+
+```text
+alt+b
+Alt+Ctrl+K
+alt+d
+alt+f
+Cmd+Esc
+Cmd+Option+K
+Cmd+Shift+Esc
+Cmd+Shift+G
+Cmd+Shift+P
+ctrl+a
+ctrl+b
+ctrl+d
+ctrl+e
+Ctrl+Esc
+ctrl+f
+ctrl+g
+ctrl+k
+Ctrl+Shift+Esc
+Ctrl+Shift+P
+ctrl+t
+ctrl+u
+ctrl+w
+ctrl+x
+DELETE
+Shift+Enter
+WIN+R
+```
+
+## Model ID strings referenced
+
+```text
+{env:OPENCODE_MODEL}
+anthropic/claude-3-5-sonnet-20241022
+anthropic/claude-haiku-4-20250514
+anthropic/claude-haiku-4-5
+anthropic/claude-sonnet-4-20250514
+anthropic/claude-sonnet-4-5
+gitlab/duo-chat-haiku-4-5
+lmstudio/google/gemma-3n-e4b
+openai/gpt-4.1
+openai/gpt-5
+opencode/gpt-5.1-codex
+opencode/gpt-5.2-codex
+opencode/kimi-k2
+openrouter/google/gemini-2.5-flash
+```
--- a/.opencode/agent/triage.md
+++ b/.opencode/agent/triage.md
@@ -1,7 +1,7 @@
 ---
 mode: primary
 hidden: true
-model: opencode/gpt-5.4-nano
+model: opencode/minimax-m2.5
 color: "#44BA81"
 tools:
  "*": false
@@ -14,30 +14,127 @@ Use your github-triage tool to triage issues.

 This file is the source of truth for ownership/routing rules.

-Assign issues by choosing the team with the strongest overlap. The github-triage tool will assign a random member from that team.
+## Labels

-Do not add labels to issues. Only assign an owner.
+### windows

-When calling github-triage, pass one of these team values: tui, desktop_web, core, inference, windows.
+Use for any issue that mentions Windows (the OS). Be sure they are saying that they are on Windows.

-## Teams
+- Use if they mention WSL too

-### TUI
+#### perf

-Terminal UI issues, including rendering, keybindings, scrolling, terminal compatibility, SSH behavior, crashes in the TUI, and low-level TUI performance.
+Performance-related issues:

-### Desktop / Web
+- Slow performance
+- High RAM usage
+- High CPU usage

-Desktop application and browser-based app issues, including `opencode web`, desktop-specific UI behavior, packaging, and web view problems.
+**Only** add if it's likely a RAM or CPU issue. **Do not** add for LLM slowness.

-### Core
+#### desktop

-Core opencode server and harness issues, including sqlite, snapshots, memory, API behavior, agent context construction, tool execution, provider integrations, model behavior, documentation, and larger architectural features.
+Desktop app issues:

-### Inference
+- `opencode web` command
+- The desktop app itself

-OpenCode Zen, OpenCode Go, and billing issues.
+**Only** add if it's specifically about the Desktop application or `opencode web` view. **Do not** add for terminal, TUI, or general opencode issues.

-### Windows
+#### nix

-Windows-specific issues, including native Windows behavior, WSL interactions, path handling, shell compatibility, and installation or runtime problems that only happen on Windows.
+**Only** add if the issue explicitly mentions nix.
+
+If the issue does not mention nix, do not add nix.
+
+If the issue mentions nix, assign to `rekram1-node`.
+
+#### zen
+
+**Only** add if the issue mentions "zen" or "opencode zen" or "opencode black".
+
+If the issue doesn't have "zen" or "opencode black" in it then don't add zen label
+
+#### core
+
+Use for core server issues in `packages/opencode/`, excluding `packages/opencode/src/cli/cmd/tui/`.
+
+Examples:
+
+- LSP server behavior
+- Harness behavior (agent + tools)
+- Feature requests for server behavior
+- Agent context construction
+- API endpoints
+- Provider integration issues
+- New, broken, or poor-quality models
+
+#### acp
+
+If the issue mentions acp support, assign acp label.
+
+#### docs
+
+Add if the issue requests better documentation or docs updates.
+
+#### opentui
+
+TUI issues potentially caused by our underlying TUI library:
+
+- Keybindings not working
+- Scroll speed issues (too fast/slow/laggy)
+- Screen flickering
+- Crashes with opentui in the log
+
+**Do not** add for general TUI bugs.
+
+When assigning to people here are the following rules:
+
+Desktop / Web:
+Use for desktop-labeled issues only.
+
+- adamdotdevin
+- iamdavidhill
+- Brendonovich
+- nexxeln
+
+Zen:
+ONLY assign if the issue will have the "zen" label.
+
+- fwang
+- MrMushrooooom
+
+TUI (`packages/opencode/src/cli/cmd/tui/...`):
+
+- thdxr for TUI UX/UI product decisions and interaction flow
+- kommander for OpenTUI engine issues: rendering artifacts, keybind handling, terminal compatibility, SSH behavior, and low-level perf bottlenecks
+- rekram1-node for TUI bugs that are not clearly OpenTUI engine issues
+
+Core (`packages/opencode/...`, excluding TUI subtree):
+
+- thdxr for sqlite/snapshot/memory bugs and larger architectural core features
+- jlongster for opencode server + API feature work (tool currently remaps jlongster -> thdxr until assignable)
+- rekram1-node for harness issues, provider issues, and other bug-squashing
+
+For core bugs that do not clearly map, either thdxr or rekram1-node is acceptable.
+
+Docs:
+
+- R44VC0RP
+
+Windows:
+
+- Hona (assign any issue that mentions Windows or is likely Windows-specific)
+
+Determinism rules:
+
+- If title + body does not contain "zen", do not add the "zen" label
+- If "nix" label is added but title + body does not mention nix/nixos, the tool will drop "nix"
+- If title + body mentions nix/nixos, assign to `rekram1-node`
+- If "desktop" label is added, the tool will override assignee and randomly pick one Desktop / Web owner
+
+In all other cases, choose the team/section with the most overlap with the issue and assign a member from that team at random.
+
+ACP:
+
+- rekram1-node (assign any acp issues to rekram1-node)
--- a/.opencode/command/changelog.md
+++ b/.opencode/command/changelog.md
@@ -1,49 +1,21 @@
 ---
-model: opencode/gpt-5.4
+model: opencode/kimi-k2.5
 ---

-Create `UPCOMING_CHANGELOG.md` from the structured changelog input below.
-If `UPCOMING_CHANGELOG.md` already exists, ignore its current contents completely.
-Do not preserve, merge, or reuse text from the existing file.
+create UPCOMING_CHANGELOG.md

-The input already contains the exact commit range since the last non-draft release.
-The commits are already filtered to the release-relevant packages and grouped into
-the release sections. Do not fetch GitHub releases, PRs, or build your own commit list.
-The input may also include a `## Community Contributors Input` section.
+it should have sections

-Before writing any entry you keep, inspect the real diff with
-`git show --stat --format='' <hash>` or `git show --format='' <hash>` so you can
-understand the actual code changes and not just the commit message (they may be misleading).
-Do not use `git log` or author metadata when deciding attribution.
+```
+# TUI

-Rules:
+# Desktop

- Write the final file with release sections in this order:
-  `## Core`, `## TUI`, `## Desktop`, `## SDK`, `## Extensions`
- Only include sections that have at least one notable entry
- Within each release section, keep bug fixes grouped under `### Bugfixes`
- Keep other notable entries under `### Improvements` when a section has bug fixes too
- Omit empty subsections
- Keep one bullet per commit you keep
- Skip commits that are entirely internal, CI, tests, refactors, or otherwise not user-facing
- Start each bullet with a capital letter
- Prefer what changed for users over what code changed internally
- Do not copy raw commit prefixes like `fix:` or `feat:` or trailing PR numbers like `(#123)`
- Community attribution is deterministic: only preserve an existing `(@username)` suffix from the changelog input
- If an input bullet has no `(@username)` suffix, do not add one
- Never add a new `(@username)` suffix from `git show`, commit authors, names, or email addresses
- If no notable entries remain and there is no contributor block, write exactly `No notable changes.`
- If no notable entries remain but there is a contributor block, omit all release sections and return only the contributor block
- If the input contains `## Community Contributors Input`, append the block below that heading to the end of the final file verbatim
- Do not add, remove, rewrite, or reorder contributor names or commit titles in that block
- Do not derive the thank-you section from the main summary bullets
- Do not include the heading `## Community Contributors Input` in the final file
- Focus on writing the least words to get your point across - users will skim read the changelog, so we should be precise
+# Core

-**Importantly, the changelog is for users (who are at least slightly technical), they may use the TUI, Desktop, SDK, Plugins and so forth. Be thorough in understanding flow on effects may not be immediately apparent. e.g. a package upgrade looks internal but may patch a bug. Or a refactor may also stabilise some race condition that fixes bugs for users. The PR title/body + commit message will give you the authors context, usually containing the outcome not just technical detail**
+# Misc
+```

-<changelog_input>
+go through each PR merged since the last tag

-!`bun script/raw-changelog.ts $ARGUMENTS`
-
-</changelog_input>
+for each PR spawn a subagent to summarize what the PR was about. focus on user facing changes. if it was entirely internal or code related you can ignore it. also skip docs updates. each subagent should append its summary to UPCOMING_CHANGELOG.md into the appropriate section.
--- a/.opencode/command/translate.md
+++ b/.opencode/command/translate.md
@@ -1,14 +0,0 @@
---
-description: translate English to other languages
-model: opencode/claude-opus-4-7
---
-
-run git diff and translate changed english doc and UI copy files to other international languages. Translate all languages in parallel to save time.
-
-Requirements:
-
- Preserve meaning, intent, tone, and formatting (including Markdown/MDX structure).
- Preserve all technical terms and artifacts exactly: product/company names, API names, identifiers, code, commands/flags, file paths, URLs, versions, error messages, config keys/values, and anything inside inline code or code blocks.
- Also preserve every term listed in the Do-Not-Translate glossary below.
- Also apply locale-specific guidance from `.opencode/glossary/<locale>.md` when available (for example, `zh-cn.md`).
- Do not modify fenced code blocks.
--- a/.opencode/opencode.jsonc
+++ b/.opencode/opencode.jsonc
@@ -1,7 +1,15 @@
 {
  "$schema": "https://opencode.ai/config.json",
-  "provider": {},
-  "permission": {},
+  "provider": {
+    "opencode": {
+      "options": {},
+    },
+  },
+  "permission": {
+    "edit": {
+      "packages/opencode/migration/*": "deny",
+    },
+  },
  "mcp": {},
  "tools": {
    "github-triage": false,
--- a/.opencode/plugins/smoke-theme.json
+++ b/.opencode/plugins/smoke-theme.json
@@ -1,223 +0,0 @@
-{
-  "$schema": "https://opencode.ai/theme.json",
-  "defs": {
-    "nord0": "#2E3440",
-    "nord1": "#3B4252",
-    "nord2": "#434C5E",
-    "nord3": "#4C566A",
-    "nord4": "#D8DEE9",
-    "nord5": "#E5E9F0",
-    "nord6": "#ECEFF4",
-    "nord7": "#8FBCBB",
-    "nord8": "#88C0D0",
-    "nord9": "#81A1C1",
-    "nord10": "#5E81AC",
-    "nord11": "#BF616A",
-    "nord12": "#D08770",
-    "nord13": "#EBCB8B",
-    "nord14": "#A3BE8C",
-    "nord15": "#B48EAD"
-  },
-  "theme": {
-    "primary": {
-      "dark": "nord10",
-      "light": "nord9"
-    },
-    "secondary": {
-      "dark": "nord9",
-      "light": "nord9"
-    },
-    "accent": {
-      "dark": "nord7",
-      "light": "nord7"
-    },
-    "error": {
-      "dark": "nord11",
-      "light": "nord11"
-    },
-    "warning": {
-      "dark": "nord12",
-      "light": "nord12"
-    },
-    "success": {
-      "dark": "nord14",
-      "light": "nord14"
-    },
-    "info": {
-      "dark": "nord8",
-      "light": "nord10"
-    },
-    "text": {
-      "dark": "nord6",
-      "light": "nord0"
-    },
-    "textMuted": {
-      "dark": "#8B95A7",
-      "light": "nord1"
-    },
-    "background": {
-      "dark": "nord0",
-      "light": "nord6"
-    },
-    "backgroundPanel": {
-      "dark": "nord1",
-      "light": "nord5"
-    },
-    "backgroundElement": {
-      "dark": "nord2",
-      "light": "nord4"
-    },
-    "border": {
-      "dark": "nord2",
-      "light": "nord3"
-    },
-    "borderActive": {
-      "dark": "nord3",
-      "light": "nord2"
-    },
-    "borderSubtle": {
-      "dark": "nord2",
-      "light": "nord3"
-    },
-    "diffAdded": {
-      "dark": "nord14",
-      "light": "nord14"
-    },
-    "diffRemoved": {
-      "dark": "nord11",
-      "light": "nord11"
-    },
-    "diffContext": {
-      "dark": "#8B95A7",
-      "light": "nord3"
-    },
-    "diffHunkHeader": {
-      "dark": "#8B95A7",
-      "light": "nord3"
-    },
-    "diffHighlightAdded": {
-      "dark": "nord14",
-      "light": "nord14"
-    },
-    "diffHighlightRemoved": {
-      "dark": "nord11",
-      "light": "nord11"
-    },
-    "diffAddedBg": {
-      "dark": "#36413C",
-      "light": "#E6EBE7"
-    },
-    "diffRemovedBg": {
-      "dark": "#43393D",
-      "light": "#ECE6E8"
-    },
-    "diffContextBg": {
-      "dark": "nord1",
-      "light": "nord5"
-    },
-    "diffLineNumber": {
-      "dark": "nord2",
-      "light": "nord4"
-    },
-    "diffAddedLineNumberBg": {
-      "dark": "#303A35",
-      "light": "#DDE4DF"
-    },
-    "diffRemovedLineNumberBg": {
-      "dark": "#3C3336",
-      "light": "#E4DDE0"
-    },
-    "markdownText": {
-      "dark": "nord4",
-      "light": "nord0"
-    },
-    "markdownHeading": {
-      "dark": "nord8",
-      "light": "nord10"
-    },
-    "markdownLink": {
-      "dark": "nord9",
-      "light": "nord9"
-    },
-    "markdownLinkText": {
-      "dark": "nord7",
-      "light": "nord7"
-    },
-    "markdownCode": {
-      "dark": "nord14",
-      "light": "nord14"
-    },
-    "markdownBlockQuote": {
-      "dark": "#8B95A7",
-      "light": "nord3"
-    },
-    "markdownEmph": {
-      "dark": "nord12",
-      "light": "nord12"
-    },
-    "markdownStrong": {
-      "dark": "nord13",
-      "light": "nord13"
-    },
-    "markdownHorizontalRule": {
-      "dark": "#8B95A7",
-      "light": "nord3"
-    },
-    "markdownListItem": {
-      "dark": "nord8",
-      "light": "nord10"
-    },
-    "markdownListEnumeration": {
-      "dark": "nord7",
-      "light": "nord7"
-    },
-    "markdownImage": {
-      "dark": "nord9",
-      "light": "nord9"
-    },
-    "markdownImageText": {
-      "dark": "nord7",
-      "light": "nord7"
-    },
-    "markdownCodeBlock": {
-      "dark": "nord4",
-      "light": "nord0"
-    },
-    "syntaxComment": {
-      "dark": "#8B95A7",
-      "light": "nord3"
-    },
-    "syntaxKeyword": {
-      "dark": "nord9",
-      "light": "nord9"
-    },
-    "syntaxFunction": {
-      "dark": "nord8",
-      "light": "nord8"
-    },
-    "syntaxVariable": {
-      "dark": "nord7",
-      "light": "nord7"
-    },
-    "syntaxString": {
-      "dark": "nord14",
-      "light": "nord14"
-    },
-    "syntaxNumber": {
-      "dark": "nord15",
-      "light": "nord15"
-    },
-    "syntaxType": {
-      "dark": "nord7",
-      "light": "nord7"
-    },
-    "syntaxOperator": {
-      "dark": "nord9",
-      "light": "nord9"
-    },
-    "syntaxPunctuation": {
-      "dark": "nord4",
-      "light": "nord0"
-    }
-  }
-}
--- a/.opencode/plugins/tui-smoke.tsx
+++ b/.opencode/plugins/tui-smoke.tsx
--- a/.opencode/skills/effect/SKILL.md
+++ b/.opencode/skills/effect/SKILL.md
@@ -1,38 +0,0 @@
---
-name: effect
-description: Work with Effect v4 / effect-smol TypeScript code in this repo
---
-
-# Effect
-
-This codebase uses Effect for typed, composable TypeScript services, schemas, and workflows.
-
-## Source Of Truth
-
-Use the current Effect v4 / effect-smol source, not memory or older Effect v2/v3 examples.
-
-1. If `.opencode/references/effect-smol` is missing, clone `https://github.com/Effect-TS/effect-smol` there. Do this in the project, not in the skill folder.
-2. Search `.opencode/references/effect-smol` for exact APIs, examples, tests, and naming patterns before answering or implementing Effect-specific code.
-3. Also inspect existing repo code for local house style before introducing new patterns.
-4. Prefer answers and implementations backed by specific source files or nearby repo examples.
-
-## Guidelines
-
- Prefer current Effect v4 APIs and project-local patterns over old blog posts, examples, or package-memory guesses.
- Use `Effect.gen(function* () { ... })` for multi-step workflows.
- Use `Effect.fn("Name")` or `Effect.fnUntraced(...)` for named effects when adding reusable service methods or important workflows.
- Prefer Effect `Schema` for API and domain data shapes. Use branded schemas for IDs and `Schema.TaggedErrorClass` for typed domain errors when modeling new error surfaces.
- Keep HTTP handlers thin: decode input, read request context, call services, and map transport errors. Put business rules in services.
- In Effect service code, prefer Effect-aware platform abstractions and dependencies over ad hoc promises where the surrounding code already does so.
- Keep layer composition explicit. Avoid broad hidden provisioning that makes missing dependencies hard to see.
- In tests, prefer the repo's existing Effect test helpers and live tests for filesystem, git, child process, locks, or timing behavior.
- Do not introduce `any`, non-null assertions, unchecked casts, or older Effect APIs just to satisfy types.
- Do not answer from memory. Verify against `.opencode/references/effect-smol` or nearby code first.
-
-## Testing Patterns
-
- Use `testEffect(...)` from `packages/opencode/test/lib/effect.ts` for tests that exercise Effect services, layers, runtime context, scoped resources, or platform integrations.
- Use `it.live(...)` for filesystem, git repositories, HTTP servers, sockets, child processes, locks, real time, and other live platform behavior.
- Run tests from package directories such as `packages/opencode`; never run package tests from the repo root.
- Prefer explicit test layers over ad hoc managed runtimes. Keep dependency provisioning visible in the test file.
- Use scoped fixtures and finalizers for resources that must be cleaned up, including temporary directories, flags, databases, fibers, servers, and global state.
--- a/.opencode/skills/improve-codebase-architecture/DEEPENING.md
+++ b/.opencode/skills/improve-codebase-architecture/DEEPENING.md
@@ -1,37 +0,0 @@
-# Deepening
-
-How to deepen a cluster of shallow modules safely, given its dependencies. Assumes the vocabulary in [LANGUAGE.md](LANGUAGE.md) — **module**, **interface**, **seam**, **adapter**.
-
-## Dependency categories
-
-When assessing a candidate for deepening, classify its dependencies. The category determines how the deepened module is tested across its seam.
-
-### 1. In-process
-
-Pure computation, in-memory state, no I/O. Always deepenable — merge the modules and test through the new interface directly. No adapter needed.
-
-### 2. Local-substitutable
-
-Dependencies that have local test stand-ins (PGLite for Postgres, in-memory filesystem). Deepenable if the stand-in exists. The deepened module is tested with the stand-in running in the test suite. The seam is internal; no port at the module's external interface.
-
-### 3. Remote but owned (Ports & Adapters)
-
-Your own services across a network boundary (microservices, internal APIs). Define a **port** (interface) at the seam. The deep module owns the logic; the transport is injected as an **adapter**. Tests use an in-memory adapter. Production uses an HTTP/gRPC/queue adapter.
-
-Recommendation shape: _"Define a port at the seam, implement an HTTP adapter for production and an in-memory adapter for testing, so the logic sits in one deep module even though it's deployed across a network."_
-
-### 4. True external (Mock)
-
-Third-party services (Stripe, Twilio, etc.) you don't control. The deepened module takes the external dependency as an injected port; tests provide a mock adapter.
-
-## Seam discipline
-
- **One adapter means a hypothetical seam. Two adapters means a real one.** Don't introduce a port unless at least two adapters are justified (typically production + test). A single-adapter seam is just indirection.
- **Internal seams vs external seams.** A deep module can have internal seams (private to its implementation, used by its own tests) as well as the external seam at its interface. Don't expose internal seams through the interface just because tests use them.
-
-## Testing strategy: replace, don't layer
-
- Old unit tests on shallow modules become waste once tests at the deepened module's interface exist — delete them.
- Write new tests at the deepened module's interface. The **interface is the test surface**.
- Tests assert on observable outcomes through the interface, not internal state.
- Tests should survive internal refactors — they describe behaviour, not implementation. If a test has to change when the implementation changes, it's testing past the interface.
--- a/.opencode/skills/improve-codebase-architecture/INTERFACE-DESIGN.md
+++ b/.opencode/skills/improve-codebase-architecture/INTERFACE-DESIGN.md
@@ -1,44 +0,0 @@
-# Interface Design
-
-When the user wants to explore alternative interfaces for a chosen deepening candidate, use this parallel sub-agent pattern. Based on "Design It Twice" (Ousterhout) — your first idea is unlikely to be the best.
-
-Uses the vocabulary in [LANGUAGE.md](LANGUAGE.md) — **module**, **interface**, **seam**, **adapter**, **leverage**.
-
-## Process
-
-### 1. Frame the problem space
-
-Before spawning sub-agents, write a user-facing explanation of the problem space for the chosen candidate:
-
- The constraints any new interface would need to satisfy
- The dependencies it would rely on, and which category they fall into (see [DEEPENING.md](DEEPENING.md))
- A rough illustrative code sketch to ground the constraints — not a proposal, just a way to make the constraints concrete
-
-Show this to the user, then immediately proceed to Step 2. The user reads and thinks while the sub-agents work in parallel.
-
-### 2. Spawn sub-agents
-
-Spawn 3+ sub-agents in parallel using the Agent tool. Each must produce a **radically different** interface for the deepened module.
-
-Prompt each sub-agent with a separate technical brief (file paths, coupling details, dependency category from [DEEPENING.md](DEEPENING.md), what sits behind the seam). The brief is independent of the user-facing problem-space explanation in Step 1. Give each agent a different design constraint:
-
- Agent 1: "Minimize the interface — aim for 1–3 entry points max. Maximise leverage per entry point."
- Agent 2: "Maximise flexibility — support many use cases and extension."
- Agent 3: "Optimise for the most common caller — make the default case trivial."
- Agent 4 (if applicable): "Design around ports & adapters for cross-seam dependencies."
-
-Include both [LANGUAGE.md](LANGUAGE.md) vocabulary and CONTEXT.md vocabulary in the brief so each sub-agent names things consistently with the architecture language and the project's domain language.
-
-Each sub-agent outputs:
-
-1. Interface (types, methods, params — plus invariants, ordering, error modes)
-2. Usage example showing how callers use it
-3. What the implementation hides behind the seam
-4. Dependency strategy and adapters (see [DEEPENING.md](DEEPENING.md))
-5. Trade-offs — where leverage is high, where it's thin
-
-### 3. Present and compare
-
-Present designs sequentially so the user can absorb each one, then compare them in prose. Contrast by **depth** (leverage at the interface), **locality** (where change concentrates), and **seam placement**.
-
-After comparing, give your own recommendation: which design you think is strongest and why. If elements from different designs would combine well, propose a hybrid. Be opinionated — the user wants a strong read, not a menu.
--- a/.opencode/skills/improve-codebase-architecture/LANGUAGE.md
+++ b/.opencode/skills/improve-codebase-architecture/LANGUAGE.md
@@ -1,53 +0,0 @@
-# Language
-
-Shared vocabulary for every suggestion this skill makes. Use these terms exactly — don't substitute "component," "service," "API," or "boundary." Consistent language is the whole point.
-
-## Terms
-
-**Module**
-Anything with an interface and an implementation. Deliberately scale-agnostic — applies equally to a function, class, package, or tier-spanning slice.
-_Avoid_: unit, component, service.
-
-**Interface**
-Everything a caller must know to use the module correctly. Includes the type signature, but also invariants, ordering constraints, error modes, required configuration, and performance characteristics.
-_Avoid_: API, signature (too narrow — those refer only to the type-level surface).
-
-**Implementation**
-What's inside a module — its body of code. Distinct from **Adapter**: a thing can be a small adapter with a large implementation (a Postgres repo) or a large adapter with a small implementation (an in-memory fake). Reach for "adapter" when the seam is the topic; "implementation" otherwise.
-
-**Depth**
-Leverage at the interface — the amount of behaviour a caller (or test) can exercise per unit of interface they have to learn. A module is **deep** when a large amount of behaviour sits behind a small interface. A module is **shallow** when the interface is nearly as complex as the implementation.
-
-**Seam** _(from Michael Feathers)_
-A place where you can alter behaviour without editing in that place. The _location_ at which a module's interface lives. Choosing where to put the seam is its own design decision, distinct from what goes behind it.
-_Avoid_: boundary (overloaded with DDD's bounded context).
-
-**Adapter**
-A concrete thing that satisfies an interface at a seam. Describes _role_ (what slot it fills), not substance (what's inside).
-
-**Leverage**
-What callers get from depth. More capability per unit of interface they have to learn. One implementation pays back across N call sites and M tests.
-
-**Locality**
-What maintainers get from depth. Change, bugs, knowledge, and verification concentrate at one place rather than spreading across callers. Fix once, fixed everywhere.
-
-## Principles
-
- **Depth is a property of the interface, not the implementation.** A deep module can be internally composed of small, mockable, swappable parts — they just aren't part of the interface. A module can have **internal seams** (private to its implementation, used by its own tests) as well as the **external seam** at its interface.
- **The deletion test.** Imagine deleting the module. If complexity vanishes, the module wasn't hiding anything (it was a pass-through). If complexity reappears across N callers, the module was earning its keep.
- **The interface is the test surface.** Callers and tests cross the same seam. If you want to test _past_ the interface, the module is probably the wrong shape.
- **One adapter means a hypothetical seam. Two adapters means a real one.** Don't introduce a seam unless something actually varies across it.
-
-## Relationships
-
- A **Module** has exactly one **Interface** (the surface it presents to callers and tests).
- **Depth** is a property of a **Module**, measured against its **Interface**.
- A **Seam** is where a **Module**'s **Interface** lives.
- An **Adapter** sits at a **Seam** and satisfies the **Interface**.
- **Depth** produces **Leverage** for callers and **Locality** for maintainers.
-
-## Rejected framings
-
- **Depth as ratio of implementation-lines to interface-lines** (Ousterhout): rewards padding the implementation. We use depth-as-leverage instead.
- **"Interface" as the TypeScript `interface` keyword or a class's public methods**: too narrow — interface here includes every fact a caller must know.
- **"Boundary"**: overloaded with DDD's bounded context. Say **seam** or **interface**.
--- a/.opencode/skills/improve-codebase-architecture/SKILL.md
+++ b/.opencode/skills/improve-codebase-architecture/SKILL.md
@@ -1,71 +0,0 @@
---
-name: improve-codebase-architecture
-description: Find deepening opportunities in a codebase, informed by the domain language in CONTEXT.md and the decisions in docs/adr/. Use when the user wants to improve architecture, find refactoring opportunities, consolidate tightly-coupled modules, or make a codebase more testable and AI-navigable.
---
-
-# Improve Codebase Architecture
-
-Surface architectural friction and propose **deepening opportunities** — refactors that turn shallow modules into deep ones. The aim is testability and AI-navigability.
-
-## Glossary
-
-Use these terms exactly in every suggestion. Consistent language is the point — don't drift into "component," "service," "API," or "boundary." Full definitions in [LANGUAGE.md](LANGUAGE.md).
-
- **Module** — anything with an interface and an implementation (function, class, package, slice).
- **Interface** — everything a caller must know to use the module: types, invariants, error modes, ordering, config. Not just the type signature.
- **Implementation** — the code inside.
- **Depth** — leverage at the interface: a lot of behaviour behind a small interface. **Deep** = high leverage. **Shallow** = interface nearly as complex as the implementation.
- **Seam** — where an interface lives; a place behaviour can be altered without editing in place. (Use this, not "boundary.")
- **Adapter** — a concrete thing satisfying an interface at a seam.
- **Leverage** — what callers get from depth.
- **Locality** — what maintainers get from depth: change, bugs, knowledge concentrated in one place.
-
-Key principles (see [LANGUAGE.md](LANGUAGE.md) for the full list):
-
- **Deletion test**: imagine deleting the module. If complexity vanishes, it was a pass-through. If complexity reappears across N callers, it was earning its keep.
- **The interface is the test surface.**
- **One adapter = hypothetical seam. Two adapters = real seam.**
-
-This skill is _informed_ by the project's domain model. The domain language gives names to good seams; ADRs record decisions the skill should not re-litigate.
-
-## Process
-
-### 1. Explore
-
-Read the project's domain glossary and any ADRs in the area you're touching first.
-
-Then use the Agent tool with `subagent_type=Explore` to walk the codebase. Don't follow rigid heuristics — explore organically and note where you experience friction:
-
- Where does understanding one concept require bouncing between many small modules?
- Where are modules **shallow** — interface nearly as complex as the implementation?
- Where have pure functions been extracted just for testability, but the real bugs hide in how they're called (no **locality**)?
- Where do tightly-coupled modules leak across their seams?
- Which parts of the codebase are untested, or hard to test through their current interface?
-
-Apply the **deletion test** to anything you suspect is shallow: would deleting it concentrate complexity, or just move it? A "yes, concentrates" is the signal you want.
-
-### 2. Present candidates
-
-Present a numbered list of deepening opportunities. For each candidate:
-
- **Files** — which files/modules are involved
- **Problem** — why the current architecture is causing friction
- **Solution** — plain English description of what would change
- **Benefits** — explained in terms of locality and leverage, and also in how tests would improve
-
-**Use CONTEXT.md vocabulary for the domain, and [LANGUAGE.md](LANGUAGE.md) vocabulary for the architecture.** If `CONTEXT.md` defines "Order," talk about "the Order intake module" — not "the FooBarHandler," and not "the Order service."
-
-**ADR conflicts**: if a candidate contradicts an existing ADR, only surface it when the friction is real enough to warrant revisiting the ADR. Mark it clearly (e.g. _"contradicts ADR-0007 — but worth reopening because…"_). Don't list every theoretical refactor an ADR forbids.
-
-Do NOT propose interfaces yet. Ask the user: "Which of these would you like to explore?"
-
-### 3. Grilling loop
-
-Once the user picks a candidate, drop into a grilling conversation. Walk the design tree with them — constraints, dependencies, the shape of the deepened module, what sits behind the seam, what tests survive.
-
-Side effects happen inline as decisions crystallize:
-
- **Naming a deepened module after a concept not in `CONTEXT.md`?** Add the term to `CONTEXT.md` — same discipline as `/grill-with-docs` (see [CONTEXT-FORMAT.md](../grill-with-docs/CONTEXT-FORMAT.md)). Create the file lazily if it doesn't exist.
- **Sharpening a fuzzy term during the conversation?** Update `CONTEXT.md` right there.
- **User rejects the candidate with a load-bearing reason?** Offer an ADR, framed as: _"Want me to record this as an ADR so future architecture reviews don't re-suggest it?"_ Only offer when the reason would actually be needed by a future explorer to avoid re-suggesting the same thing — skip ephemeral reasons ("not worth it right now") and self-evident ones. See [ADR-FORMAT.md](../grill-with-docs/ADR-FORMAT.md).
- **Want to explore alternative interfaces for the deepened module?** See [INTERFACE-DESIGN.md](INTERFACE-DESIGN.md).
--- a/.opencode/themes/.gitignore
+++ b/.opencode/themes/.gitignore
@@ -1 +0,0 @@
-smoke-theme.json
--- a/.opencode/themes/mytheme.json
+++ b/.opencode/themes/mytheme.json
@@ -116,8 +116,8 @@
      "light": "nord5"
    },
    "diffLineNumber": {
-      "dark": "#abafb7",
-      "light": "textMuted"
+      "dark": "nord2",
+      "light": "nord4"
    },
    "diffAddedLineNumberBg": {
      "dark": "#3B4252",
--- a/.opencode/tool/github-pr-search.ts
+++ b/.opencode/tool/github-pr-search.ts
@@ -7,7 +7,7 @@ async function githubFetch(endpoint: string, options: RequestInit = {}) {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
-      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
+      ...options.headers,
    },
  })
  if (!response.ok) {
--- a/.opencode/tool/github-triage.ts
+++ b/.opencode/tool/github-triage.ts
@@ -1,14 +1,16 @@
 /// <reference path="../env.d.ts" />
 import { tool } from "@opencode-ai/plugin"
-
 const TEAM = {
-  tui: ["kommander", "simonklee"],
-  desktop_web: ["Hona", "Brendonovich"],
-  core: ["jlongster", "rekram1-node", "nexxeln", "kitlangton"],
-  inference: ["fwang", "MrMushrooooom"],
+  desktop: ["adamdotdevin", "iamdavidhill", "Brendonovich", "nexxeln"],
+  zen: ["fwang", "MrMushrooooom"],
+  tui: ["thdxr", "kommander", "rekram1-node"],
+  core: ["thdxr", "rekram1-node", "jlongster"],
+  docs: ["R44VC0RP"],
  windows: ["Hona"],
 } as const

+const ASSIGNEES = [...new Set(Object.values(TEAM).flat())]
+
 function pick<T>(items: readonly T[]) {
  return items[Math.floor(Math.random() * items.length)]!
 }
@@ -26,7 +28,7 @@ async function githubFetch(endpoint: string, options: RequestInit = {}) {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
-      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
+      ...options.headers,
    },
  })
  if (!response.ok) {
@@ -36,25 +38,79 @@ async function githubFetch(endpoint: string, options: RequestInit = {}) {
 }

 export default tool({
-  description: `Use this tool to assign a GitHub issue.
+  description: `Use this tool to assign and/or label a GitHub issue.

-Provide the team that should own the issue. This tool picks a random assignee from that team and does not apply labels.`,
+Choose labels and assignee using the current triage policy and ownership rules.
+Pick the most fitting labels for the issue and assign one owner.
+
+If unsure, choose the team/section with the most overlap with the issue and assign a member from that team at random.`,
  args: {
-    team: tool.schema
-      .enum(Object.keys(TEAM) as [keyof typeof TEAM, ...(keyof typeof TEAM)[]])
-      .describe("The owning team"),
+    assignee: tool.schema
+      .enum(ASSIGNEES as [string, ...string[]])
+      .describe("The username of the assignee")
+      .default("rekram1-node"),
+    labels: tool.schema
+      .array(tool.schema.enum(["nix", "opentui", "perf", "web", "desktop", "zen", "docs", "windows", "core"]))
+      .describe("The labels(s) to add to the issue")
+      .default([]),
  },
  async execute(args) {
    const issue = getIssueNumber()
    const owner = "anomalyco"
    const repo = "opencode"
-    const assignee = pick(TEAM[args.team])
+
+    const results: string[] = []
+    let labels = [...new Set(args.labels.map((x) => (x === "desktop" ? "web" : x)))]
+    const web = labels.includes("web")
+    const text = `${process.env.ISSUE_TITLE ?? ""}\n${process.env.ISSUE_BODY ?? ""}`.toLowerCase()
+    const zen = /\bzen\b/.test(text) || text.includes("opencode black")
+    const nix = /\bnix(os)?\b/.test(text)
+
+    if (labels.includes("nix") && !nix) {
+      labels = labels.filter((x) => x !== "nix")
+      results.push("Dropped label: nix (issue does not mention nix)")
+    }
+
+    const assignee = nix ? "rekram1-node" : web ? pick(TEAM.desktop) : args.assignee
+
+    if (labels.includes("zen") && !zen) {
+      throw new Error("Only add the zen label when issue title/body contains 'zen'")
+    }
+
+    if (web && !nix && !(TEAM.desktop as readonly string[]).includes(assignee)) {
+      throw new Error("Web issues must be assigned to adamdotdevin, iamdavidhill, Brendonovich, or nexxeln")
+    }
+
+    if ((TEAM.zen as readonly string[]).includes(assignee) && !labels.includes("zen")) {
+      throw new Error("Only zen issues should be assigned to fwang or MrMushrooooom")
+    }
+
+    if (assignee === "Hona" && !labels.includes("windows")) {
+      throw new Error("Only windows issues should be assigned to Hona")
+    }
+
+    if (assignee === "R44VC0RP" && !labels.includes("docs")) {
+      throw new Error("Only docs issues should be assigned to R44VC0RP")
+    }
+
+    if (assignee === "kommander" && !labels.includes("opentui")) {
+      throw new Error("Only opentui issues should be assigned to kommander")
+    }

    await githubFetch(`/repos/${owner}/${repo}/issues/${issue}/assignees`, {
      method: "POST",
      body: JSON.stringify({ assignees: [assignee] }),
    })
+    results.push(`Assigned @${assignee} to issue #${issue}`)

-    return `Assigned @${assignee} from ${args.team} to issue #${issue}`
+    if (labels.length > 0) {
+      await githubFetch(`/repos/${owner}/${repo}/issues/${issue}/labels`, {
+        method: "POST",
+        body: JSON.stringify({ labels }),
+      })
+      results.push(`Added labels: ${labels.join(", ")}`)
+    }
+
+    return results.join("\n")
  },
 })
--- a/.opencode/tui.json
+++ b/.opencode/tui.json
@@ -1,19 +0,0 @@
-{
-  "$schema": "https://opencode.ai/tui.json",
-  "plugin": [
-    [
-      "./plugins/tui-smoke.tsx",
-      {
-        "enabled": false,
-        "label": "workspace",
-        "keybinds": {
-          "smoke_modal": "ctrl+alt+m",
-          "smoke_screen": "ctrl+alt+o",
-          "smoke_screen_home": "escape,ctrl+shift+h",
-          "smoke_screen_modal": "ctrl+alt+m",
-          "smoke_dialog_close": "escape,q"
-        }
-      }
-    ]
-  ]
-}
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -1,51 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/nicolo-ribaudo/oxc-project.github.io/refs/heads/json-schema/src/public/.oxlintrc.schema.json",
-  "options": {
-    "typeAware": true
-  },
-  "categories": {
-    "suspicious": "warn"
-  },
-  "rules": {
-    "typescript/no-base-to-string": "warn",
-    // Effect uses `function*` with Effect.gen/Effect.fnUntraced that don't always yield
-    "require-yield": "off",
-    // SolidJS uses `let ref: T | undefined` for JSX ref bindings assigned at runtime
-    "no-unassigned-vars": "off",
-    // SolidJS tracks reactive deps by reading properties inside createEffect
-    "no-unused-expressions": "off",
-    // Intentional control char matching (ANSI escapes, null byte sanitization)
-    "no-control-regex": "off",
-    // SST and plugin tools require triple-slash references
-    "triple-slash-reference": "off",
-
-    // Suspicious category: suppress noisy rules
-    // Effect's nested function* closures inherently shadow outer scope
-    "no-shadow": "off",
-    // Namespace-heavy codebase makes this too noisy
-    "unicorn/consistent-function-scoping": "off",
-    // Opinionated — .sort()/.reverse() mutation is fine in this codebase
-    "unicorn/no-array-sort": "off",
-    "unicorn/no-array-reverse": "off",
-    // Not relevant — this isn't a DOM event handler codebase
-    "unicorn/prefer-add-event-listener": "off",
-    // Bundler handles module resolution
-    "unicorn/require-module-specifiers": "off",
-    // postMessage target origin not relevant for this codebase
-    "unicorn/require-post-message-target-origin": "off",
-    // Side-effectful constructors are intentional in some places
-    "no-new": "off",
-
-    // Type-aware: catch unhandled promises
-    "typescript/no-floating-promises": "warn",
-    // Warn when spreading non-plain objects (Headers, class instances, etc.)
-    "typescript/no-misused-spread": "warn"
-  },
-  "options": {
-    "typeAware": true
-  },
-  "options": {
-    "typeAware": true
-  },
-  "ignorePatterns": ["**/node_modules", "**/dist", "**/.build", "**/.sst", "**/*.d.ts", "**/sdk.gen.ts"]
-}
--- a/.signpath/policies/opencode/test-signing.yml
+++ b/.signpath/policies/opencode/test-signing.yml
@@ -0,0 +1,5 @@
+github-policies:
+  runners:
+    allowed_groups:
+      - "GitHub Actions"
+      - "blacksmith runners 01kbd5v56sg8tz7rea39b7ygpt"
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -9,13 +9,37 @@
 ### General Principles

 - Keep things in one function unless composable or reusable
- Do not extract single-use helpers preemptively. Inline the logic at the call site unless the helper is reused, hides a genuinely complex boundary, or has a clear independent name that improves the caller.
 - Avoid `try`/`catch` where possible
 - Avoid using the `any` type
+- Prefer single word variable names where possible
 - Use Bun APIs when possible, like `Bun.file()`
 - Rely on type inference when possible; avoid explicit type annotations or interfaces unless necessary for exports or clarity
 - Prefer functional array methods (flatMap, filter, map) over for loops; use type guards on filter to maintain type inference downstream
- In `src/config`, follow the existing self-export pattern at the top of the file (for example `export * as ConfigAgent from "./agent"`) when adding a new config module.
+
+### Naming
+
+Prefer single word names for variables and functions. Only use multiple words if necessary.
+
+### Naming Enforcement (Read This)
+
+THIS RULE IS MANDATORY FOR AGENT WRITTEN CODE.
+
+- Use single word names by default for new locals, params, and helper functions.
+- Multi-word names are allowed only when a single word would be unclear or ambiguous.
+- Do not introduce new camelCase compounds when a short single-word alternative is clear.
+- Before finishing edits, review touched lines and shorten newly introduced identifiers where possible.
+- Good short names to prefer: `pid`, `cfg`, `err`, `opts`, `dir`, `root`, `child`, `state`, `timeout`.
+- Examples to avoid unless truly required: `inputPID`, `existingClient`, `connectTimeout`, `workerPath`.
+
+```ts
+// Good
+const foo = 1
+function journal(dir: string) {}
+
+// Bad
+const fooBar = 1
+function prepareJournal(dir: string) {}
+```

 Reduce total variable count by inlining when a value is only used once.

@@ -73,29 +97,6 @@ function foo() {
 }
 ```

-### Complex Logic
-
-When a function has several validation branches or supporting details, make the main function read as the happy path and move supporting details into small helpers below it.
-
-```ts
-// Good
-export function loadThing(input: unknown) {
-  const config = requireConfig(input)
-  const metadata = readMetadata(input)
-  return createThing({ config, metadata })
-}
-
-function requireConfig(input: unknown) {
-  ...
-}
-```
-
- Keep helpers close to the code they support, below the main export when that improves readability.
- Do not over-abstract simple expressions into many single-use helpers; extract only when it names a real concept like `requireConfig` or `readMetadata`.
- Do not return `Effect` from helpers unless they actually perform effectful work. Synchronous parsing, validation, and option building should stay synchronous.
- Prefer Effect schema helpers such as `Schema.UnknownFromJsonString` and `Schema.decodeUnknownOption` over manual `JSON.parse` wrapped in `Effect.try` when parsing untrusted JSON strings.
- Add comments for non-obvious constraints and surprising behavior, not for obvious assignments or control flow.
-
 ### Schema Definitions (Drizzle)

 Use snake_case for field names so column names don't need to be redefined as strings.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -73,7 +73,7 @@ Replace `<platform>` with your platform (e.g., `darwin-arm64`, `linux-x64`).
  - `packages/opencode`: OpenCode core business logic & server.
  - `packages/opencode/src/cli/cmd/tui/`: The TUI code, written in SolidJS with [opentui](https://github.com/sst/opentui)
  - `packages/app`: The shared web UI components, written in SolidJS
-  - `packages/desktop`: The native desktop app, built with Electron (wraps `packages/app`)
+  - `packages/desktop`: The native desktop app, built with Tauri (wraps `packages/app`)
  - `packages/plugin`: Source for `@opencode-ai/plugin`

 ### Understanding bun dev vs opencode
@@ -123,21 +123,33 @@ This starts a local dev server at http://localhost:5173 (or similar port shown i

 ### Running the Desktop App

-The desktop app is an Electron application that wraps the web UI.
+The desktop app is a native Tauri application that wraps the web UI.

-To run the desktop app in development:
+To run the native desktop app:
+
+```bash
+bun run --cwd packages/desktop tauri dev
+```
+
+This starts the web dev server on http://localhost:1420 and opens the native window.
+
+If you only want the web dev server (no native shell):

 ```bash
 bun run --cwd packages/desktop dev
 ```

-To create a production build and package the app:
+To create a production `dist/` and build the native app bundle:

 ```bash
-bun run --cwd packages/desktop build
-bun run --cwd packages/desktop package
+bun run --cwd packages/desktop tauri build
 ```

+This runs `bun run --cwd packages/desktop build` automatically via Tauri’s `beforeBuildCommand`.
+
+> [!NOTE]
+> Running the desktop app requires additional Tauri dependencies (Rust toolchain, platform-specific libraries). See the [Tauri prerequisites](https://v2.tauri.app/start/prerequisites/) for setup instructions.
+
 > [!NOTE]
 > If you make changes to the API or SDK (e.g. `packages/opencode/src/server/server.ts`), run `./script/generate.ts` to regenerate the SDK and related files.

--- a/README.ar.md
+++ b/README.ar.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # او github:anomalyco/opencode لاحدث

 يتوفر OpenCode ايضا كتطبيق سطح مكتب. قم بالتنزيل مباشرة من [صفحة الاصدارات](https://github.com/anomalyco/opencode/releases) او من [opencode.ai/download](https://opencode.ai/download).

-| المنصة                | التنزيل                            |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb` او `.rpm` او AppImage       |
+| المنصة                | التنزيل                               |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb` او `.rpm` او AppImage          |

 ```bash
 # macOS (Homebrew)
--- a/README.bn.md
+++ b/README.bn.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # or github:anomalyco/opencode for latest dev

 OpenCode ডেস্কটপ অ্যাপ্লিকেশন হিসেবেও উপলব্ধ। সরাসরি [রিলিজ পেজ](https://github.com/anomalyco/opencode/releases) অথবা [opencode.ai/download](https://opencode.ai/download) থেকে ডাউনলোড করুন।

-| প্ল্যাটফর্ম           | ডাউনলোড                            |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, or `.AppImage`     |
+| প্ল্যাটফর্ম           | ডাউনলোড                               |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, or AppImage           |

 ```bash
 # macOS (Homebrew)
--- a/README.br.md
+++ b/README.br.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # ou github:anomalyco/opencode para a branch

 O OpenCode também está disponível como aplicativo desktop. Baixe diretamente pela [página de releases](https://github.com/anomalyco/opencode/releases) ou em [opencode.ai/download](https://opencode.ai/download).

-| Plataforma            | Download                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` ou AppImage         |
+| Plataforma            | Download                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` ou AppImage            |

 ```bash
 # macOS (Homebrew)
--- a/README.bs.md
+++ b/README.bs.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # ili github:anomalyco/opencode za najnoviji

 OpenCode je dostupan i kao desktop aplikacija. Preuzmi je direktno sa [stranice izdanja](https://github.com/anomalyco/opencode/releases) ili sa [opencode.ai/download](https://opencode.ai/download).

-| Platforma             | Preuzimanje                        |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, ili AppImage       |
+| Platforma             | Preuzimanje                           |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, ili AppImage          |

 ```bash
 # macOS (Homebrew)
--- a/README.da.md
+++ b/README.da.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # eller github:anomalyco/opencode for nyeste

 OpenCode findes også som desktop-app. Download direkte fra [releases-siden](https://github.com/anomalyco/opencode/releases) eller [opencode.ai/download](https://opencode.ai/download).

-| Platform              | Download                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, eller AppImage     |
+| Platform              | Download                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, eller AppImage        |

 ```bash
 # macOS (Homebrew)
--- a/README.de.md
+++ b/README.de.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # oder github:anomalyco/opencode für den neu

 OpenCode ist auch als Desktop-Anwendung verfügbar. Lade sie direkt von der [Releases-Seite](https://github.com/anomalyco/opencode/releases) oder [opencode.ai/download](https://opencode.ai/download) herunter.

-| Plattform             | Download                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` oder AppImage       |
+| Plattform             | Download                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` oder AppImage          |

 ```bash
 # macOS (Homebrew)
--- a/README.es.md
+++ b/README.es.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # o github:anomalyco/opencode para la rama de

 OpenCode también está disponible como aplicación de escritorio. Descárgala directamente desde la [página de releases](https://github.com/anomalyco/opencode/releases) o desde [opencode.ai/download](https://opencode.ai/download).

-| Plataforma            | Descarga                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, o AppImage         |
+| Plataforma            | Descarga                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, o AppImage            |

 ```bash
 # macOS (Homebrew)
--- a/README.fr.md
+++ b/README.fr.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # ou github:anomalyco/opencode pour la branch

 OpenCode est aussi disponible en application de bureau. Téléchargez-la directement depuis la [page des releases](https://github.com/anomalyco/opencode/releases) ou [opencode.ai/download](https://opencode.ai/download).

-| Plateforme            | Téléchargement                     |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, ou AppImage        |
+| Plateforme            | Téléchargement                        |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, ou AppImage           |

 ```bash
 # macOS (Homebrew)
--- a/README.gr.md
+++ b/README.gr.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # ή github:anomalyco/opencode με βάση

 Το OpenCode είναι επίσης διαθέσιμο ως εφαρμογή. Κατέβασε το απευθείας από τη [σελίδα εκδόσεων](https://github.com/anomalyco/opencode/releases) ή το [opencode.ai/download](https://opencode.ai/download).

-| Πλατφόρμα             | Λήψη                               |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, ή AppImage         |
+| Πλατφόρμα             | Λήψη                                  |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, ή AppImage            |

 ```bash
 # macOS (Homebrew)
--- a/README.it.md
+++ b/README.it.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # oppure github:anomalyco/opencode per l’ul

 OpenCode è disponibile anche come applicazione desktop. Puoi scaricarla direttamente dalla [pagina delle release](https://github.com/anomalyco/opencode/releases) oppure da [opencode.ai/download](https://opencode.ai/download).

-| Piattaforma           | Download                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, oppure AppImage    |
+| Piattaforma           | Download                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, oppure AppImage       |

 ```bash
 # macOS (Homebrew)
--- a/README.ja.md
+++ b/README.ja.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # または github:anomalyco/opencode で最

 OpenCode はデスクトップアプリとしても利用できます。[releases page](https://github.com/anomalyco/opencode/releases) から直接ダウンロードするか、[opencode.ai/download](https://opencode.ai/download) を利用してください。

-| プラットフォーム      | ダウンロード                       |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`、`.rpm`、または AppImage    |
+| プラットフォーム      | ダウンロード                          |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`、`.rpm`、または AppImage       |

 ```bash
 # macOS (Homebrew)
--- a/README.ko.md
+++ b/README.ko.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # 또는 github:anomalyco/opencode 로 최신

 OpenCode 는 데스크톱 앱으로도 제공됩니다. [releases page](https://github.com/anomalyco/opencode/releases) 에서 직접 다운로드하거나 [opencode.ai/download](https://opencode.ai/download) 를 이용하세요.

-| 플랫폼                | 다운로드                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, 또는 AppImage      |
+| 플랫폼                | 다운로드                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, 또는 AppImage         |

 ```bash
 # macOS (Homebrew)
--- a/README.md
+++ b/README.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # or github:anomalyco/opencode for latest dev

 OpenCode is also available as a desktop application. Download directly from the [releases page](https://github.com/anomalyco/opencode/releases) or [opencode.ai/download](https://opencode.ai/download).

-| Platform              | Download                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, or `.AppImage`     |
+| Platform              | Download                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, or AppImage           |

 ```bash
 # macOS (Homebrew)
@@ -132,7 +132,7 @@ It's very similar to Claude Code in terms of capability. Here are the key differ

 - 100% open source
 - Not coupled to any provider. Although we recommend the models we provide through [OpenCode Zen](https://opencode.ai/zen), OpenCode can be used with Claude, OpenAI, Google, or even local models. As models evolve, the gaps between them will close and pricing will drop, so being provider-agnostic is important.
- Built-in opt-in LSP support
+- Out-of-the-box LSP support
 - A focus on TUI. OpenCode is built by neovim users and the creators of [terminal.shop](https://terminal.shop); we are going to push the limits of what's possible in the terminal.
 - A client/server architecture. This, for example, can allow OpenCode to run on your computer while you drive it remotely from a mobile app, meaning that the TUI frontend is just one of the possible clients.

--- a/README.no.md
+++ b/README.no.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # eller github:anomalyco/opencode for nyeste

 OpenCode er også tilgjengelig som en desktop-app. Last ned direkte fra [releases-siden](https://github.com/anomalyco/opencode/releases) eller [opencode.ai/download](https://opencode.ai/download).

-| Plattform             | Nedlasting                         |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` eller AppImage      |
+| Plattform             | Nedlasting                            |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` eller AppImage         |

 ```bash
 # macOS (Homebrew)
--- a/README.pl.md
+++ b/README.pl.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # lub github:anomalyco/opencode dla najnowsze

 OpenCode jest także dostępny jako aplikacja desktopowa. Pobierz ją bezpośrednio ze strony [releases](https://github.com/anomalyco/opencode/releases) lub z [opencode.ai/download](https://opencode.ai/download).

-| Platforma             | Pobieranie                         |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` lub AppImage        |
+| Platforma             | Pobieranie                            |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` lub AppImage           |

 ```bash
 # macOS (Homebrew)
--- a/README.ru.md
+++ b/README.ru.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # или github:anomalyco/opencode для с

 OpenCode также доступен как десктопное приложение. Скачайте его со [страницы релизов](https://github.com/anomalyco/opencode/releases) или с [opencode.ai/download](https://opencode.ai/download).

-| Платформа             | Загрузка                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` или AppImage        |
+| Платформа             | Загрузка                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` или AppImage           |

 ```bash
 # macOS (Homebrew)
--- a/README.th.md
+++ b/README.th.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # หรือ github:anomalyco/opencode ส

 OpenCode มีให้ใช้งานเป็นแอปพลิเคชันเดสก์ท็อป ดาวน์โหลดโดยตรงจาก [หน้ารุ่น](https://github.com/anomalyco/opencode/releases) หรือ [opencode.ai/download](https://opencode.ai/download)

-| แพลตฟอร์ม             | ดาวน์โหลด                          |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, หรือ AppImage      |
+| แพลตฟอร์ม             | ดาวน์โหลด                             |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, หรือ AppImage         |

 ```bash
 # macOS (Homebrew)
--- a/README.tr.md
+++ b/README.tr.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # veya en güncel geliştirme dalı için git

 OpenCode ayrıca masaüstü uygulaması olarak da mevcuttur. Doğrudan [sürüm sayfasından](https://github.com/anomalyco/opencode/releases) veya [opencode.ai/download](https://opencode.ai/download) adresinden indirebilirsiniz.

-| Platform              | İndirme                            |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` veya AppImage       |
+| Platform              | İndirme                               |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` veya AppImage          |

 ```bash
 # macOS (Homebrew)
--- a/README.uk.md
+++ b/README.uk.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # або github:anomalyco/opencode для н

 OpenCode також доступний як десктопний застосунок. Завантажуйте напряму зі [сторінки релізів](https://github.com/anomalyco/opencode/releases) або [opencode.ai/download](https://opencode.ai/download).

-| Платформа             | Завантаження                       |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm` або AppImage        |
+| Платформа             | Завантаження                          |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm` або AppImage           |

 ```bash
 # macOS (Homebrew)
--- a/README.vi.md
+++ b/README.vi.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # hoặc github:anomalyco/opencode cho nhánh

 OpenCode cũng có sẵn dưới dạng ứng dụng desktop. Tải trực tiếp từ [trang releases](https://github.com/anomalyco/opencode/releases) hoặc [opencode.ai/download](https://opencode.ai/download).

-| Nền tảng              | Tải xuống                          |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, hoặc AppImage      |
+| Nền tảng              | Tải xuống                             |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, hoặc AppImage         |

 ```bash
 # macOS (Homebrew)
--- a/README.zh.md
+++ b/README.zh.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # 或用 github:anomalyco/opencode 获取最

 OpenCode 也提供桌面版应用。可直接从 [发布页 (releases page)](https://github.com/anomalyco/opencode/releases) 或 [opencode.ai/download](https://opencode.ai/download) 下载。

-| 平台                  | 下载文件                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`、`.rpm` 或 AppImage         |
+| 平台                  | 下载文件                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`、`.rpm` 或 AppImage            |

 ```bash
 # macOS (Homebrew Cask)
--- a/README.zht.md
+++ b/README.zht.md
@@ -68,12 +68,12 @@ nix run nixpkgs#opencode           # 或使用 github:anomalyco/opencode 以取

 OpenCode 也提供桌面版應用程式。您可以直接從 [發佈頁面 (releases page)](https://github.com/anomalyco/opencode/releases) 或 [opencode.ai/download](https://opencode.ai/download) 下載。

-| 平台                  | 下載連結                           |
-| --------------------- | ---------------------------------- |
-| macOS (Apple Silicon) | `opencode-desktop-mac-arm64.dmg`   |
-| macOS (Intel)         | `opencode-desktop-mac-x64.dmg`     |
-| Windows               | `opencode-desktop-windows-x64.exe` |
-| Linux                 | `.deb`, `.rpm`, 或 AppImage        |
+| 平台                  | 下載連結                              |
+| --------------------- | ------------------------------------- |
+| macOS (Apple Silicon) | `opencode-desktop-darwin-aarch64.dmg` |
+| macOS (Intel)         | `opencode-desktop-darwin-x64.dmg`     |
+| Windows               | `opencode-desktop-windows-x64.exe`    |
+| Linux                 | `.deb`, `.rpm`, 或 AppImage           |

 ```bash
 # macOS (Homebrew Cask)
--- a/bun.lock
+++ b/bun.lock
--- a/bunfig.toml
+++ b/bunfig.toml
@@ -1,8 +1,6 @@
 [install]
 exact = true
-# Only install newly resolved package versions published at least 3 days ago.
-minimumReleaseAge = 259200
-minimumReleaseAgeExcludes = ["@opentui/core", "@opentui/core-darwin-arm64", "@opentui/core-darwin-x64", "@opentui/core-linux-arm64", "@opentui/core-linux-x64", "@opentui/core-win32-arm64", "@opentui/core-win32-x64", "@opentui/keymap", "@opentui/solid"]

 [test]
 root = "./do-not-run-tests-from-root"
+
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1776683584,
-        "narHash": "sha256-NuTLMrr10Tng72hurYG8jYQ4XKK8wnpJmOGcPiis96g=",
+        "lastModified": 1773909469,
+        "narHash": "sha256-vglVrLfHjFIzIdV9A27Ugul6rh3I1qHbbitGW7dk420=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9dd5558b06dbdacbf635a3dd36dce1b1a7ee3a89",
+        "rev": "7149c06513f335be57f26fcbbbe34afda923882b",
        "type": "github"
      },
      "original": {
--- a/github/index.ts
+++ b/github/index.ts
@@ -281,7 +281,7 @@ async function assertOpencodeConnected() {
      })
      connected = true
      break
-    } catch {}
+    } catch (e) {}
    await sleep(300)
  } while (retry++ < 30)

@@ -496,6 +496,7 @@ async function subscribeSessionEvents() {

  const TOOL: Record<string, [string, string]> = {
    todowrite: ["Todo", "\x1b[33m\x1b[1m"],
+    todoread: ["Todo", "\x1b[33m\x1b[1m"],
    bash: ["Bash", "\x1b[31m\x1b[1m"],
    edit: ["Edit", "\x1b[32m\x1b[1m"],
    glob: ["Glob", "\x1b[34m\x1b[1m"],
@@ -513,7 +514,7 @@ async function subscribeSessionEvents() {
  const decoder = new TextDecoder()

  let text = ""
-  void (async () => {
+  ;(async () => {
    while (true) {
      try {
        const { done, value } = await reader.read()
@@ -542,7 +543,7 @@ async function subscribeSessionEvents() {
                    ? JSON.stringify(part.state.input)
                    : "Unknown"
                console.log()
-                console.log(`${color}|`, `\x1b[0m\x1b[2m ${tool.padEnd(7, " ")}`, "", `\x1b[0m${title}`)
+                console.log(color + `|`, "\x1b[0m\x1b[2m" + ` ${tool.padEnd(7, " ")}`, "", "\x1b[0m" + title)
              }

              if (part.type === "text") {
@@ -561,7 +562,7 @@ async function subscribeSessionEvents() {
              if (evt.properties.info.id !== session.id) continue
              session = evt.properties.info
            }
-          } catch {
+          } catch (e) {
            // Ignore parse errors
          }
        }
@@ -576,7 +577,7 @@ async function subscribeSessionEvents() {
 async function summarize(response: string) {
  try {
    return await chat(`Summarize the following in less than 40 characters:\n\n${response}`)
-  } catch {
+  } catch (e) {
    if (isScheduleEvent()) {
      return "Scheduled task changes"
    }
@@ -776,7 +777,7 @@ async function assertPermissions() {
    console.log(`  permission: ${permission}`)
  } catch (error) {
    console.error(`Failed to check permissions: ${error}`)
-    throw new Error(`Failed to check permissions for user ${actor}: ${error}`, { cause: error })
+    throw new Error(`Failed to check permissions for user ${actor}: ${error}`)
  }

  if (!["admin", "write"].includes(permission)) throw new Error(`User ${actor} does not have write permissions`)
--- a/infra/app.ts
+++ b/infra/app.ts
@@ -30,7 +30,6 @@ export const api = new sst.cloudflare.Worker("Api", {
  transform: {
    worker: (args) => {
      args.logpush = true
-      if ($app.stage === "vimtor") return
      args.bindings = $resolve(args.bindings).apply((bindings) => [
        ...bindings,
        {
--- a/infra/console.ts
+++ b/infra/console.ts
@@ -1,6 +1,5 @@
 import { domain } from "./stage"
 import { EMAILOCTOPUS_API_KEY } from "./app"
-import { SECRET } from "./secret"

 ////////////////
 // DATABASE
@@ -110,33 +109,6 @@ const zenLiteCouponFirstMonth50 = new stripe.Coupon("ZenLiteCouponFirstMonth50",
  appliesToProducts: [zenLiteProduct.id],
  duration: "once",
 })
-const zenLiteCouponFirstMonth100 = new stripe.Coupon("ZenLiteCouponFirstMonth100", {
-  name: "First month 100% off",
-  percentOff: 100,
-  appliesToProducts: [zenLiteProduct.id],
-  duration: "once",
-})
-const zenLiteCouponThreeMonths100 = new stripe.Coupon("ZenLiteCoupon3Months100", {
-  name: "3 months 100% off",
-  percentOff: 100,
-  appliesToProducts: [zenLiteProduct.id],
-  duration: "repeating",
-  durationInMonths: 3,
-})
-const zenLiteCouponSixMonths100 = new stripe.Coupon("ZenLiteCoupon6Months100", {
-  name: "6 months 100% off",
-  percentOff: 100,
-  appliesToProducts: [zenLiteProduct.id],
-  duration: "repeating",
-  durationInMonths: 6,
-})
-const zenLiteCouponTwelveMonths100 = new stripe.Coupon("ZenLiteCoupon12Months100", {
-  name: "12 months 100% off",
-  percentOff: 100,
-  appliesToProducts: [zenLiteProduct.id],
-  duration: "repeating",
-  durationInMonths: 12,
-})
 const zenLitePrice = new stripe.Price("ZenLitePrice", {
  product: zenLiteProduct.id,
  currency: "usd",
@@ -152,10 +124,6 @@ const ZEN_LITE_PRICE = new sst.Linkable("ZEN_LITE_PRICE", {
    price: zenLitePrice.id,
    priceInr: 92900,
    firstMonth50Coupon: zenLiteCouponFirstMonth50.id,
-    firstMonth100Coupon: zenLiteCouponFirstMonth100.id,
-    threeMonths100Coupon: zenLiteCouponThreeMonths100.id,
-    sixMonths100Coupon: zenLiteCouponSixMonths100.id,
-    twelveMonths100Coupon: zenLiteCouponTwelveMonths100.id,
  },
 })

@@ -222,7 +190,6 @@ const AUTH_API_URL = new sst.Linkable("AUTH_API_URL", {
 const STRIPE_WEBHOOK_SECRET = new sst.Linkable("STRIPE_WEBHOOK_SECRET", {
  properties: { value: stripeWebhook.secret },
 })
-
 const gatewayKv = new sst.cloudflare.Kv("GatewayKv")

 ////////////////
@@ -232,7 +199,6 @@ const gatewayKv = new sst.cloudflare.Kv("GatewayKv")
 const bucket = new sst.cloudflare.Bucket("ZenData")
 const bucketNew = new sst.cloudflare.Bucket("ZenDataNew")

-const DISCORD_INCIDENT_WEBHOOK_URL = new sst.Secret("DISCORD_INCIDENT_WEBHOOK_URL")
 const AWS_SES_ACCESS_KEY_ID = new sst.Secret("AWS_SES_ACCESS_KEY_ID")
 const AWS_SES_SECRET_ACCESS_KEY = new sst.Secret("AWS_SES_SECRET_ACCESS_KEY")

@@ -254,8 +220,6 @@ new sst.cloudflare.x.SolidStart("Console", {
    database,
    AUTH_API_URL,
    STRIPE_WEBHOOK_SECRET,
-    DISCORD_INCIDENT_WEBHOOK_URL,
-    SECRET.HoneycombWebhookSecret,
    STRIPE_SECRET_KEY,
    EMAILOCTOPUS_API_KEY,
    AWS_SES_ACCESS_KEY_ID,
@@ -293,13 +257,3 @@ new sst.cloudflare.x.SolidStart("Console", {
    },
  },
 })
-
-////////////////
-// HELPERS
-////////////////
-
-export const stat = new sst.cloudflare.Worker("Stat", {
-  handler: "packages/console/function/src/stat.ts",
-  link: [database],
-  url: true,
-})
--- a/infra/enterprise.ts
+++ b/infra/enterprise.ts
@@ -1,9 +1,9 @@
 import { SECRET } from "./secret"
-import { shortDomain } from "./stage"
+import { domain, shortDomain } from "./stage"

 const storage = new sst.cloudflare.Bucket("EnterpriseStorage")

-new sst.cloudflare.x.SolidStart("Teams", {
+const teams = new sst.cloudflare.x.SolidStart("Teams", {
  domain: shortDomain,
  path: "packages/enterprise",
  buildCommand: "bun run build:cloudflare",
--- a/infra/monitoring.ts
+++ b/infra/monitoring.ts
@@ -1,263 +0,0 @@
-import { SECRET } from "./secret"
-import { domain } from "./stage"
-
-const description = "Managed by SST (Don't edit in Honeycomb UI)"
-
-const webhookRecipient = new honeycomb.WebhookRecipient("DiscordAlerts", {
-  name: $app.stage === "production" ? "Discord Alerts" : `Discord Alerts (${$app.stage})`,
-  url: `https://${domain}/honeycomb/webhook`,
-  secret: SECRET.HoneycombWebhookSecret.result,
-  templates: [
-    {
-      type: "trigger",
-      body: `{
-        "url": {{ .Result.URL | quote }},
-        "type": {{ .Vars.type | quote }},
-        "name": {{ .Name | quote }},
-        "status": {{ .Alert.Status | quote }},
-        "isTest": {{ .Alert.IsTest }},
-        "groups": {{ .Result.GroupsTriggered | toJson }}
-      }`,
-    },
-  ],
-  variables: [
-    {
-      name: "type",
-    },
-  ],
-})
-
-// Honeycomb can keep stale query-local calculated fields when the name is unchanged,
-// so tie the field name to the expression while avoiding deploy-to-deploy churn.
-// https://github.com/honeycombio/terraform-provider-honeycombio/issues/852
-const calculatedField = (field: { name: string; expression: string }) => ({
-  ...field,
-  name: `${field.name}_${(
-    Array.from(field.expression).reduce((result, char) => Math.imul(31, result) + char.charCodeAt(0), 0) >>> 0
-  ).toString(36)}`,
-})
-
-const modelHttpErrorsQuery = (product: "go" | "zen") => {
-  const filters = [
-    { column: "model", op: "exists" },
-    { column: "event_type", op: "=", value: "completions" },
-    { column: "user_agent", op: "contains", value: "opencode" },
-    { column: "isGoTier", op: "=", value: product === "go" ? "true" : "false" },
-  ]
-  const failedHttpStatus = calculatedField({
-    name: "is_failed_http_status",
-    expression:
-      product === "go"
-        ? `IF(AND(GTE($status, "400"), NOT(EQUALS($status, "401")), NOT(EQUALS($status, "429"))), 1, 0)`
-        : `IF(AND(EQUALS($status, "429"), $isFreeTier), 0, AND(GTE($status, "400"), NOT(EQUALS($status, "401"))), 1, 0)`,
-  })
-
-  return honeycomb.getQuerySpecificationOutput({
-    breakdowns: ["model"],
-    calculatedFields: [failedHttpStatus],
-    calculations: [
-      { op: "COUNT", name: "TOTAL", filterCombination: "AND", filters },
-      {
-        op: "SUM",
-        name: "FAILED",
-        column: failedHttpStatus.name,
-        filterCombination: "AND",
-        filters,
-      },
-    ],
-    formulas: [{ name: "ERROR", expression: "IF(GTE($TOTAL, 100), DIV($FAILED, $TOTAL), 0)" }],
-    timeRange: 900,
-  }).json
-}
-
-const providerHttpErrorsQuery = () => {
-  const filters = [
-    { column: "provider", op: "exists" },
-    { column: "provider", op: "!=", value: "fireworks-go-glm-5.1" },
-    { column: "user_agent", op: "contains", value: "opencode" },
-  ]
-  const successHttpStatus = calculatedField({
-    name: "is_success_http_status",
-    expression: `IF(AND(GTE($status, "200"), LT($status, "400")), 1, 0)`,
-  })
-  const failedProviderHttpStatus = calculatedField({
-    name: "is_failed_provider_http_status",
-    expression: `IF(GT($llm.error.code, "400"), 1, 0)`,
-  })
-
-  return honeycomb.getQuerySpecificationOutput({
-    breakdowns: ["provider"],
-    calculatedFields: [successHttpStatus, failedProviderHttpStatus],
-    calculations: [
-      {
-        op: "SUM",
-        name: "SUCCESS",
-        column: successHttpStatus.name,
-        filterCombination: "AND",
-        filters: [...filters, { column: "event_type", op: "=", value: "completions" }],
-      },
-      {
-        op: "SUM",
-        name: "FAILED",
-        column: failedProviderHttpStatus.name,
-        filterCombination: "AND",
-        filters: [...filters, { column: "event_type", op: "=", value: "llm.error" }],
-      },
-    ],
-    formulas: [
-      { name: "ERROR", expression: "IF(GTE(SUM($SUCCESS, $FAILED), 50), DIV($FAILED, SUM($SUCCESS, $FAILED)), 0)" },
-    ],
-    timeRange: 900,
-  }).json
-}
-
-const modelLowTpsQuery = (product: "go" | "zen") => {
-  const filters = [
-    { column: "model", op: "exists" },
-    { column: "event_type", op: "=", value: "completions" },
-    { column: "user_agent", op: "contains", value: "opencode" },
-    { column: "isGoTier", op: "=", value: product === "go" ? "true" : "false" },
-    { column: "status", op: ">=", value: "200" },
-    { column: "status", op: "<", value: "400" },
-    { column: "tps.output", op: "exists" },
-  ]
-
-  return honeycomb.getQuerySpecificationOutput({
-    breakdowns: ["model"],
-    calculations: [
-      { op: "COUNT", name: "TOTAL", filterCombination: "AND", filters },
-      {
-        op: "P50",
-        name: "TPS",
-        column: "tps.output",
-        filterCombination: "AND",
-        filters,
-      },
-    ],
-    formulas: [{ name: "LOW_TPS", expression: "IF(GTE($TOTAL, 100), $TPS, 999)" }],
-    timeRange: 1800,
-  }).json
-}
-
-new honeycomb.Trigger("IncreasedModelHttpErrorsGo", {
-  name: "Increased Model HTTP Errors [Go]",
-  description,
-  queryJson: modelHttpErrorsQuery("go"),
-  alertType: "on_change",
-  frequency: 300,
-  thresholds: [{ op: ">=", value: 0.7, exceededLimit: 1 }],
-  recipients: [
-    {
-      id: webhookRecipient.id,
-      notificationDetails: [
-        {
-          variables: [{ name: "type", value: "model_http_errors" }],
-        },
-      ],
-    },
-  ],
-})
-
-new honeycomb.Trigger("IncreasedModelHttpErrorsZen", {
-  name: "Increased Model HTTP Errors [Zen]",
-  description,
-  queryJson: modelHttpErrorsQuery("zen"),
-  alertType: "on_change",
-  frequency: 300,
-  thresholds: [{ op: ">=", value: 0.7, exceededLimit: 1 }],
-  recipients: [
-    {
-      id: webhookRecipient.id,
-      notificationDetails: [
-        {
-          variables: [{ name: "type", value: "model_http_errors" }],
-        },
-      ],
-    },
-  ],
-})
-
-new honeycomb.Trigger("LowModelTpsGo", {
-  name: "Low Model TPS [Go]",
-  description,
-  queryJson: modelLowTpsQuery("go"),
-  alertType: "on_change",
-  frequency: 600,
-  thresholds: [{ op: "<=", value: 10, exceededLimit: 1 }],
-  recipients: [
-    {
-      id: webhookRecipient.id,
-      notificationDetails: [
-        {
-          variables: [{ name: "type", value: "model_low_tps" }],
-        },
-      ],
-    },
-  ],
-})
-
-new honeycomb.Trigger("LowModelTpsZen", {
-  name: "Low Model TPS [Zen]",
-  description,
-  queryJson: modelLowTpsQuery("zen"),
-  alertType: "on_change",
-  frequency: 600,
-  thresholds: [{ op: "<=", value: 10, exceededLimit: 1 }],
-  recipients: [
-    {
-      id: webhookRecipient.id,
-      notificationDetails: [
-        {
-          variables: [{ name: "type", value: "model_low_tps" }],
-        },
-      ],
-    },
-  ],
-})
-
-new honeycomb.Trigger("IncreasedProviderHttpErrors", {
-  name: "Increased Provider HTTP Errors",
-  description,
-  queryJson: providerHttpErrorsQuery(),
-  alertType: "on_change",
-  frequency: 300,
-  thresholds: [{ op: ">=", value: 0.7, exceededLimit: 1 }],
-  recipients: [
-    {
-      id: webhookRecipient.id,
-      notificationDetails: [
-        {
-          variables: [{ name: "type", value: "provider_http_errors" }],
-        },
-      ],
-    },
-  ],
-})
-
-new honeycomb.Trigger("IncreasedFreeTierRequests", {
-  name: "Increased Free Tier Requests",
-  description,
-  queryJson: honeycomb.getQuerySpecificationOutput({
-    calculations: [{ op: "COUNT" }],
-    filters: [
-      { column: "event_type", op: "=", value: "completions" },
-      { column: "user_agent", op: "contains", value: "opencode" },
-      { column: "isFreeTier", op: "=", value: "true" },
-    ],
-    timeRange: 3600,
-  }).json,
-  alertType: "on_change",
-  frequency: 900,
-  thresholds: [{ op: ">=", value: 50, exceededLimit: 1 }],
-  baselineDetails: [{ type: "percentage", offsetMinutes: 1440 }],
-  recipients: [
-    {
-      id: webhookRecipient.id,
-      notificationDetails: [
-        {
-          variables: [{ name: "type", value: "custom" }],
-        },
-      ],
-    },
-  ],
-})
--- a/infra/secret.ts
+++ b/infra/secret.ts
@@ -1,11 +1,4 @@
-sst.Linkable.wrap(random.RandomPassword, (resource) => ({
-  properties: {
-    value: resource.result,
-  },
-}))
-
 export const SECRET = {
  R2AccessKey: new sst.Secret("R2AccessKey", "unknown"),
  R2SecretKey: new sst.Secret("R2SecretKey", "unknown"),
-  HoneycombWebhookSecret: new random.RandomPassword("HoneycombWebhookSecret", { length: 24 }),
 }
--- a/nix/hashes.json
+++ b/nix/hashes.json
@@ -1,8 +1,8 @@
 {
  "nodeModules": {
-    "x86_64-linux": "sha256-Hw7sVV9rTm6qBMtdwfLIV2QvxvLQY5qrywXzuyYbhcs=",
-    "aarch64-linux": "sha256-++oXnY7YqrYt0Qv7ZISmoHliARM9qEP8FacqLxGZH1c=",
-    "aarch64-darwin": "sha256-kZVa0R1YbuvtTzpETqK6ddj4ISje5jBFHBdlynkhW7Q=",
-    "x86_64-darwin": "sha256-94eagNDa8GGJxF8BsMX2BF5Pa+QTl48lXL1+6HgEn0I="
+    "x86_64-linux": "sha256-MmN2+NfHeLPDClpLPOlCAZTmwI94M6XgNAqXrW5Ls4I=",
+    "aarch64-linux": "sha256-whVIlmDvoMmEMUY2Yxx2vAmFDuKQic6ChY1V+9gLd84=",
+    "aarch64-darwin": "sha256-TulGiC24w3usk26hKr3PyccatvIfmAlHgEJaOTUf3pQ=",
+    "x86_64-darwin": "sha256-T8NWm0bBybJKThRdp/jQdxilv1Ec9SF1iVT3udSoZOg="
  }
 }
--- a/nix/node_modules.nix
+++ b/nix/node_modules.nix
@@ -20,7 +20,7 @@ let
 in
 stdenvNoCC.mkDerivation {
  pname = "opencode-node_modules";
-  version = "${packageJson.version}+${lib.replaceString "-" "." rev}";
+  version = "${packageJson.version}-${rev}";

  src = lib.fileset.toSource {
    root = ../.;
@@ -54,7 +54,6 @@ stdenvNoCC.mkDerivation {
      --filter '!./' \
      --filter './packages/opencode' \
      --filter './packages/desktop' \
-      --filter './packages/app' \
      --frozen-lockfile \
      --ignore-scripts \
      --no-progress
--- a/nix/opencode.nix
+++ b/nix/opencode.nix
@@ -3,7 +3,6 @@
  stdenvNoCC,
  callPackage,
  bun,
-  nodejs,
  sysctl,
  makeBinaryWrapper,
  models-dev,
@@ -20,7 +19,6 @@ stdenvNoCC.mkDerivation (finalAttrs: {

  nativeBuildInputs = [
    bun
-    nodejs # for patchShebangs node_modules
    installShellFiles
    makeBinaryWrapper
    models-dev
@@ -31,8 +29,6 @@ stdenvNoCC.mkDerivation (finalAttrs: {
    runHook preConfigure

    cp -R ${finalAttrs.node_modules}/. .
-    patchShebangs node_modules
-    patchShebangs packages/*/node_modules

    runHook postConfigure
  '';
@@ -64,7 +60,7 @@ stdenvNoCC.mkDerivation (finalAttrs: {
          [
            ripgrep
          ]
-          # bun runs sysctl to detect if running on rosetta2
+          # bun runs sysctl to detect if dunning on rosetta2
          ++ lib.optional stdenvNoCC.hostPlatform.isDarwin sysctl
        )
      }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
David Hill	5c2960a0d8	more concepts	2026-03-26 12:24:19 +00:00
David Hill	431aca1df9	unsure	2026-03-25 14:19:03 +00:00
David Hill	c25077c2e5	feat(app): add session spinner concept lab Let the desktop app preview and tune alternate loading treatments for session titles so spinner ideas can be explored in context before replacing the default UI.	2026-03-25 14:18:29 +00:00